* Add tests. Fail request if any of the 4 optional keys does not match * Only require one key to be supplied in the request, except when no keys are configured * Use const over let, var
This commit is contained in:
Steven Shipton
committed by
Florent Vilmart
Florent Vilmart
parent
278027a955
commit
e788d49af0
@@ -120,20 +120,15 @@ export function handleParseHeaders(req, res, next) {
|
||||
|
||||
// Client keys are not required in parse-server, but if any have been configured in the server, validate them
|
||||
// to preserve original behavior.
|
||||
let keys = ["clientKey", "javascriptKey", "dotNetKey", "restAPIKey"];
|
||||
const keys = ["clientKey", "javascriptKey", "dotNetKey", "restAPIKey"];
|
||||
const oneKeyConfigured = keys.some(function(key) {
|
||||
return req.config[key];
|
||||
});
|
||||
const oneKeyMatches = keys.some(function(key){
|
||||
return req.config[key] && info[key] == req.config[key];
|
||||
});
|
||||
|
||||
// We do it with mismatching keys to support no-keys config
|
||||
var keyMismatch = keys.reduce(function(mismatch, key){
|
||||
|
||||
// check if set in the config and compare
|
||||
if (req.config[key] && info[key] !== req.config[key]) {
|
||||
mismatch++;
|
||||
}
|
||||
return mismatch;
|
||||
}, 0);
|
||||
|
||||
// All keys mismatch
|
||||
if (keyMismatch == keys.length) {
|
||||
if (oneKeyConfigured && !oneKeyMatches) {
|
||||
return invalidRequest(req, res);
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user