BVB Source Codes

parse-server Show rest.js Source code

Return Download parse-server: download rest.js Source code - Download parse-server Source code - Type:.js
  1. // This file contains helpers for running operations in REST format.
  2. // The goal is that handlers that explicitly handle an express route
  3. // should just be shallow wrappers around things in this file, but
  4. // these functions should not explicitly depend on the request
  5. // object.
  6. // This means that one of these handlers can support multiple
  7. // routes. That's useful for the routes that do really similar
  8. // things.
  9.  
  10. var Parse = require('parse/node').Parse;
  11. import Auth from './Auth';
  12.  
  13. var RestQuery = require('./RestQuery');
  14. var RestWrite = require('./RestWrite');
  15. var triggers = require('./triggers');
  16.  
  17. function checkTriggers(className, config, types) {
  18.   return types.some((triggerType) => {
  19.     return triggers.getTrigger(className, triggers.Types[triggerType], config.applicationId);
  20.   });
  21. }
  22.  
  23. function checkLiveQuery(className, config) {
  24.   return config.liveQueryController && config.liveQueryController.hasLiveQuery(className)
  25. }
  26.  
  27. // Returns a promise for an object with optional keys 'results' and 'count'.
  28. function find(config, auth, className, restWhere, restOptions, clientSDK) {
  29.   enforceRoleSecurity('find', className, auth);
  30.   return triggers.maybeRunQueryTrigger(triggers.Types.beforeFind, className, restWhere, restOptions, config, auth).then((result) => {
  31.     restWhere = result.restWhere || restWhere;
  32.     restOptions = result.restOptions || restOptions;
  33.     const query = new RestQuery(config, auth, className, restWhere, restOptions, clientSDK);
  34.     return query.execute();
  35.   });
  36. }
  37.  
  38. // get is just like find but only queries an objectId.
  39. const get = (config, auth, className, objectId, restOptions, clientSDK) => {
  40.   enforceRoleSecurity('get', className, auth);
  41.   const query = new RestQuery(config, auth, className, { objectId }, restOptions, clientSDK);
  42.   return query.execute();
  43. }
  44.  
  45. // Returns a promise that doesn't resolve to any useful value.
  46. function del(config, auth, className, objectId) {
  47.   if (typeof objectId !== 'string') {
  48.     throw new Parse.Error(Parse.Error.INVALID_JSON,
  49.                           'bad objectId');
  50.   }
  51.  
  52.   if (className === '_User' && !auth.couldUpdateUserId(objectId)) {
  53.     throw new Parse.Error(Parse.Error.SESSION_MISSING,
  54.                           'insufficient auth to delete user');
  55.   }
  56.  
  57.   enforceRoleSecurity('delete', className, auth);
  58.  
  59.   var inflatedObject;
  60.  
  61.   return Promise.resolve().then(() => {
  62.     const hasTriggers = checkTriggers(className, config, ['beforeDelete', 'afterDelete']);
  63.     const hasLiveQuery = checkLiveQuery(className, config);
  64.     if (hasTriggers || hasLiveQuery || className == '_Session') {
  65.       return find(config, Auth.master(config), className, {objectId: objectId})
  66.       .then((response) => {
  67.         if (response && response.results && response.results.length) {
  68.           response.results[0].className = className;
  69.  
  70.           var cacheAdapter = config.cacheController;
  71.           cacheAdapter.user.del(response.results[0].sessionToken);
  72.           inflatedObject = Parse.Object.fromJSON(response.results[0]);
  73.           // Notify LiveQuery server if possible
  74.           config.liveQueryController.onAfterDelete(inflatedObject.className, inflatedObject);
  75.           return triggers.maybeRunTrigger(triggers.Types.beforeDelete, auth, inflatedObject, null,  config);
  76.         }
  77.         throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND,
  78.                               'Object not found for delete.');
  79.       });
  80.     }
  81.     return Promise.resolve({});
  82.   }).then(() => {
  83.     if (!auth.isMaster) {
  84.       return auth.getUserRoles();
  85.     } else {
  86.       return;
  87.     }
  88.   }).then(() => {
  89.     var options = {};
  90.     if (!auth.isMaster) {
  91.       options.acl = ['*'];
  92.       if (auth.user) {
  93.         options.acl.push(auth.user.id);
  94.         options.acl = options.acl.concat(auth.userRoles);
  95.       }
  96.     }
  97.  
  98.     return config.database.destroy(className, {
  99.       objectId: objectId
  100.     }, options);
  101.   }).then(() => {
  102.     return triggers.maybeRunTrigger(triggers.Types.afterDelete, auth, inflatedObject, null, config);
  103.   });
  104. }
  105.  
  106. // Returns a promise for a {response, status, location} object.
  107. function create(config, auth, className, restObject, clientSDK) {
  108.   enforceRoleSecurity('create', className, auth);
  109.   var write = new RestWrite(config, auth, className, null, restObject, null, clientSDK);
  110.   return write.execute();
  111. }
  112.  
  113. // Returns a promise that contains the fields of the update that the
  114. // REST API is supposed to return.
  115. // Usually, this is just updatedAt.
  116. function update(config, auth, className, restWhere, restObject, clientSDK) {
  117.   enforceRoleSecurity('update', className, auth);
  118.  
  119.   return Promise.resolve().then(() => {
  120.     const hasTriggers = checkTriggers(className, config, ['beforeSave', 'afterSave']);
  121.     const hasLiveQuery = checkLiveQuery(className, config);
  122.     if (hasTriggers || hasLiveQuery) {
  123.       return find(config, Auth.master(config), className, restWhere);
  124.     }
  125.     return Promise.resolve({});
  126.   }).then((response) => {
  127.     var originalRestObject;
  128.     if (response && response.results && response.results.length) {
  129.       originalRestObject = response.results[0];
  130.     }
  131.  
  132.     var write = new RestWrite(config, auth, className, restWhere, restObject, originalRestObject, clientSDK);
  133.     return write.execute();
  134.   });
  135. }
  136.  
  137. // Disallowing access to the _Role collection except by master key
  138. function enforceRoleSecurity(method, className, auth) {
  139.   if (className === '_Installation' && !auth.isMaster) {
  140.     if (method === 'delete' || method === 'find') {
  141.       const error = `Clients aren't allowed to perform the ${method} operation on the installation collection.`
  142.      throw new Parse.Error(Parse.Error.OPERATION_FORBIDDEN, error);
  143.    }
  144.  }
  145. }
  146.  
  147. module.exports = {
  148.  create,
  149.  del,
  150.  find,
  151.  get,
  152.  update
  153. };
  154.  
downloadrest.js Source code - Download parse-server Source code
Related Source Codes/Software:
react-boilerplate - 2017-06-07
webtorrent - Streaming torrent client for the web ... 2017-06-06
machine-learning-for-software-engineers - A complete daily plan for studying to become a mac... 2017-06-06
upterm - A terminal emulator for the 21st century. 2017-06-06
lottie-android - Render After Effects animations natively on Androi... 2017-06-07
AsyncDisplayKit - Smooth asynchronous user interfaces for iOS apps. ... 2017-06-07
ionicons - The premium icon font for Ionic ... 2017-06-07
storybook - 2017-06-07
prettier - Prettier is an opinionated JavaScript formatter. ... 2017-06-08
CRYENGINE - CRYENGINE is a powerful real-time game development... 2017-06-11
postal - 2017-06-11
reactide - Reactide is the first dedicated IDE for React web ... 2017-06-11
rkt - rkt is a pod-native container engine for Linux. It... 2017-06-11
uWebSockets - Tiny WebSockets https://for... 2017-06-11
realworld - TodoMVC for the RealWorld - Exemplary fullstack Me... 2017-06-11
goreplay - GoReplay is an open-source tool for capturing and ... 2017-06-10
pyenv - Simple Python version management 2017-06-10
redux-saga - An alternative side effect model for Redux apps ... 2017-06-10
angular-starter - 2017-06-10

 Back to top