lift query key validation out of transformWhere

2016-05-18 16:26:59 -07:00
parent 559205bc64
commit ea09213511
2 changed files with 15 additions and 1 deletions
--- a/src/Adapters/Storage/Mongo/MongoStorageAdapter.js
+++ b/src/Adapters/Storage/Mongo/MongoStorageAdapter.js
@@ -25,6 +25,7 @@ const storageAdapterAllCollections = mongoAdapter => {
  });
 }
 const specialQuerykeys = ['$and', '$or', '_rperm', '_wperm', '_perishable_token', '_email_verify_token'];
 export class MongoStorageAdapter {
  // Private
  _uri: string;
@@ -187,7 +188,10 @@ export class MongoStorageAdapter {
      if (query.ACL) {
        throw new Parse.Error(Parse.Error.INVALID_QUERY, 'Cannot query on ACL.');
      }
-      let mongoWhere = transform.transformWhere(className, query, { validate }, schema);
+      if (validate && Object.keys(query).some(restKey => !specialQuerykeys.includes(restKey) && !restKey.match(/^[a-zA-Z][a-zA-Z0-9_\.]*$/))) {
        throw new Parse.Error(Parse.Error.INVALID_KEY_NAME, `Invalid key name: ${restKey}`);
      }
      let mongoWhere = transform.transformWhere(className, query, schema);
      return collection.deleteMany(mongoWhere)
    })
    .then(({ result }) => {
--- a/src/Adapters/Storage/Mongo/MongoTransform.js
+++ b/src/Adapters/Storage/Mongo/MongoTransform.js
@@ -172,6 +172,11 @@ function transformQueryKeyValue(className, key, value, schema) {
    }
    if (value.some(subQuery => subQuery.ACL)) {
      throw new Parse.Error(Parse.Error.INVALID_QUERY, 'Cannot query on ACL.');
      Object.keys(subQuery).forEach(restKey => {
        if (!specialQuerykeys.includes(restKey) && !restKey.match(/^[a-zA-Z][a-zA-Z0-9_\.]*$/)) {
          throw new Parse.Error(Parse.Error.INVALID_KEY_NAME, `Invalid key name: ${restKey}`);
        }
      });
    }
    return {key: '$or', value: value.map(subQuery => transformWhere(className, subQuery, {}, schema))};
  case '$and':
@@ -180,6 +185,11 @@ function transformQueryKeyValue(className, key, value, schema) {
    }
    if (value.some(subQuery => subQuery.ACL)) {
      throw new Parse.Error(Parse.Error.INVALID_QUERY, 'Cannot query on ACL.');
      Object.keys(subQuery).forEach(restKey => {
        if (!specialQuerykeys.includes(restKey) && !restKey.match(/^[a-zA-Z][a-zA-Z0-9_\.]*$/)) {
          throw new Parse.Error(Parse.Error.INVALID_KEY_NAME, `Invalid key name: ${restKey}`);
        }
      });
    }
    return {key: '$and', value: value.map(subQuery => transformWhere(className, subQuery, {}, schema))};
  default: