feat: add options.useMasterKey param for most RestAPI wrappers (#367)

also split utils.js to av.js/init.js/utils.js

Author: leeyeh

src/av.js

@@ -23,7 +23,7 @@ module.exports = function(AV) {
      */
     run: function(name, data, options) {
       var request = AVRequest('functions', name, null, 'POST',
-                                   AV._encode(data, null, true), options && options.sessionToken);
+                                   AV._encode(data, null, true), options);
 
       return request.then(function(resp) {
         return AV._decode(null, resp).result;
@@ -43,8 +43,7 @@ module.exports = function(AV) {
         return Promise.reject(new Error('Can\'t pass Array as the param of rpc function in JavaScript SDK.'));
       }
 
-      return AVRequest('call', name, null, 'POST', AV._encodeObjectOrArray(data),
-                       options && options.sessionToken).then(function(resp) {
+      return AVRequest('call', name, null, 'POST', AV._encodeObjectOrArray(data), options).then(function(resp) {
         return AV._decode('', resp).result;
       });
     },

src/cloudfunction.js

@@ -579,7 +579,7 @@ module.exports = function(AV) {
       if (!this.id) {
         return Promise.reject(new Error('The file id is not eixsts.'));
       }
-      var request = AVRequest("files", null, this.id, 'DELETE', options && options.sessionToken);
+      var request = AVRequest("files", null, this.id, 'DELETE', null, options);
       return request;
     },
 

src/file.js

@@ -6,7 +6,7 @@
  * The LeanCloud JavaScript SDK is freely distributable under the MIT license.
  */
 
-const AV = module.exports = require('./av');
+const AV = require('./av');
 
 AV._ = require('underscore');
 AV.version = require('./version');
@@ -15,11 +15,7 @@ AV.localStorage = require('./localstorage');
 AV.Cache = require('./cache');
 AV.Error = require('./error');
 
-// All internal configuration items
-AV._config = AV._config || {};
-
-require('./utils').init(AV);
-
+require('./init');
 require('./event')(AV);
 require('./geopoint')(AV);
 require('./acl')(AV);
@@ -36,9 +32,12 @@ require('./status')(AV);
 require('./search')(AV);
 require('./insight')(AV);
 
+module.exports = AV;
+
 /**
  * Options to controll the authentication for an operation
  * @typedef {Object} AuthOptions
- * @property {String} sessionToken Specify a user to excute the operation as.
- * @property {Boolean} useMasterKey Indicates whether masterKey is used for this operation. Only valid when masterKey is set.
+ * @property {String} [sessionToken] Specify a user to excute the operation as.
+ * @property {AV.User} [user] Specify a user to excute the operation as. The user must have _sessionToken. This option will be ignored if sessionToken option provided.
+ * @property {Boolean} [useMasterKey] Indicates whether masterKey is used for this operation. Only valid when masterKey is set.
  */

src/index.js

@@ -0,0 +1,80 @@
+const AV = require('./av');
+const request = require('./request');
+
+/**
+ * Call this method first to set up authentication tokens for AV.
+ * This method is for AV's own private use.
+ * @param {String} applicationId Your AV Application ID.
+ * @param {String} applicationKey Your AV Application Key
+ */
+const initialize = (appId, appKey, masterKey) => {
+  if (AV.applicationId && appId !== AV.applicationId && appKey !== AV.applicationKey && masterKey !== AV.masterKey) {
+    console.warn('LeanCloud SDK is already initialized, please do not reinitialize it.');
+  }
+  AV.applicationId = appId;
+  AV.applicationKey = appKey;
+  AV.masterKey = masterKey;
+  AV._useMasterKey = false;
+};
+
+const masterKeyWarn = () => {
+  console.warn('MasterKey is not supposed to be used in browser.');
+};
+
+/**
+  * Call this method first to set up your authentication tokens for AV.
+  * You can get your app keys from the LeanCloud dashboard on http://leancloud.cn .
+  * @function AV.init
+  * @param {Object} options
+  * @param {String} options.appId application id
+  * @param {String} options.appKey application key
+  * @param {String} options.masterKey application master key
+*/
+
+AV.init = (...args) => {
+  switch (args.length) {
+    case 1:
+      const options = args[0];
+      if (typeof options === 'object') {
+        if (!AV._config.isNode && options.masterKey) {
+          masterKeyWarn();
+        }
+        initialize(options.appId, options.appKey, options.masterKey);
+        request.setServerUrlByRegion(options.region);
+        AV._config.disableCurrentUser = options.disableCurrentUser;
+      } else {
+        throw new Error('AV.init(): Parameter is not correct.');
+      }
+    break;
+    // 兼容旧版本的初始化方法
+    case 2:
+    case 3:
+      console.warn('Please use AV.init() to replace AV.initialize(), ' +
+       'AV.init() need an Object param, like { appId: \'YOUR_APP_ID\', appKey: \'YOUR_APP_KEY\' } . ' +
+       'Docs: https://leancloud.cn/docs/sdk_setup-js.html');
+      if (!AV._config.isNode && args.length === 3) {
+        masterKeyWarn();
+      }
+      initialize(...args);
+      request.setServerUrlByRegion('cn');
+    break;
+  }
+};
+
+// If we're running in node.js, allow using the master key.
+if (AV._config.isNode) {
+  AV.Cloud = AV.Cloud || {};
+  /**
+   * Switches the LeanCloud SDK to using the Master key.  The Master key grants
+   * priveleged access to the data in LeanCloud and can be used to bypass ACLs and
+   * other restrictions that are applied to the client SDKs.
+   * <p><strong><em>Available in Cloud Code and Node.js only.</em></strong>
+   * </p>
+   */
+  AV.Cloud.useMasterKey = function() {
+    AV._useMasterKey = true;
+  };
+}
+
+// 兼容老版本的初始化方法
+AV.initialize = AV.init;

src/init.js

@@ -27,10 +27,11 @@ module.exports = function(AV) {
      *                   }
      *                  </pre></code>
      *               sql 指定任务执行的 SQL 语句， saveAs（可选） 指定将结果保存在哪张表里，limit 最大 1000。
+     * @param {AuthOptions} [options]
      * @return {Promise} A promise that will be resolved with the result
      * of the function.
      */
-    startJob: function(jobConfig) {
+    startJob: function(jobConfig, options) {
       if(!jobConfig || !jobConfig.sql) {
         throw new Error('Please provide the sql to run the job.');
       }
@@ -39,7 +40,7 @@ module.exports = function(AV) {
         appId: AV.applicationId
       };
       var request = AVRequest("bigquery", 'jobs', null, 'POST',
-                                   AV._encode(data, null, true));
+                                   AV._encode(data, null, true), options);
 
       return request.then(function(resp) {
         return AV._decode(null, resp).id;
@@ -106,18 +107,19 @@ module.exports = function(AV) {
      * results 数组表示任务结果数组，previewCount 表示可以返回的结果总数，任务的开始和截止时间
      * startTime、endTime 等信息。
      *
+     * @param {AuthOptions} [options]
      * @return {Promise} A promise that will be resolved with the result
      * of the function.
      *
      */
-    find: function() {
+    find: function(options) {
       var params = {
         skip: this._skip,
         limit: this._limit
       };
 
       var request = AVRequest("bigquery", 'jobs', this.id, "GET",
-                                   params);
+                                   params, options);
       var self = this;
       return request.then(function(response) {
         if(response.error) {

src/insight.js

@@ -113,7 +113,7 @@ module.exports = function(AV) {
             path: `/1.1/classes/${object.className}/${object.id}`,
           };
         }),
-      }, options && options.sessionToken)
+      }, options)
     ).then(function(response) {
       _.forEach(objects, function(object, i) {
         if (response[i].success) {
@@ -815,14 +815,14 @@ module.exports = function(AV) {
      * @return {Promise} A promise that is fulfilled when the fetch
      *     completes.
      */
-    fetch: function(fetchOptions = {}, options = {}) {
+    fetch: function(fetchOptions = {}, options) {
       if (_.isArray(fetchOptions.include)) {
         fetchOptions.include = fetchOptions.include.join(',');
       }
 
       var self = this;
       var request = AVRequest('classes', this.className, this.id, 'GET',
-                                fetchOptions, options.sessionToken);
+                                fetchOptions, options);
       return request.then(function(response) {
         self._finishFetch(self.parse(response), true);
         return self;
@@ -937,7 +937,7 @@ module.exports = function(AV) {
         }
         //hook makeRequest in options.
         var makeRequest = options._makeRequest || AVRequest;
-        var request = makeRequest(route, className, model.id, method, json, options.sessionToken);
+        var request = makeRequest(route, className, model.id, method, json, options);
 
         request = request.then(function(resp) {
           var serverAttrs = model.parse(resp);
@@ -987,7 +987,7 @@ module.exports = function(AV) {
       }
 
       var request =
-          AVRequest('classes', this.className, this.id, 'DELETE', null, options.sessionToken);
+          AVRequest('classes', this.className, this.id, 'DELETE', null, options);
       return request.then(function() {
         if (options.wait) {
           triggerDestroy();
@@ -1241,7 +1241,7 @@ module.exports = function(AV) {
           }
       });
       var request =
-          AVRequest('classes', className, id, 'DELETE', null, options.sessionToken);
+          AVRequest('classes', className, id, 'DELETE', null, options);
       return request;
    };
 
@@ -1514,7 +1514,7 @@ module.exports = function(AV) {
               };
             })
 
-          }, options && options.sessionToken).then(function(response) {
+          }, options).then(function(response) {
             var error;
             AV._arrayEach(batch, function(object, i) {
               if (response[i].success) {

src/object.js

@@ -21,10 +21,10 @@ module.exports = function(AV) {
    * @param {String} [data.cql] A CQL statement over AV.Installation that is used to match
    *         a set of installations to push to.
    * @param {Date} data.data The data to send as part of the push
-   *   <ol>
+   * @param {AuthOptions} [options]
    * @return {Promise}
    */
-  AV.Push.send = function(data) {
+  AV.Push.send = function(data, options) {
     if (data.where) {
       data.where = data.where.toJSON().where;
     }
@@ -45,7 +45,7 @@ module.exports = function(AV) {
       throw new Error("Both expiration_time and expiration_time_interval can't be set");
     }
 
-    var request = AVRequest('push', null, null, 'POST', data);
+    var request = AVRequest('push', null, null, 'POST', data, options);
     return request;
   };
 };

src/push.js

@@ -135,7 +135,7 @@ module.exports = function(AV) {
       options = pvalues;
     }
 
-    var request = AVRequest('cloudQuery', null, null, 'GET', params, options && options.sessionToken);
+    var request = AVRequest('cloudQuery', null, null, 'GET', params, options);
     return request.then(function(response) {
       //query to process results.
       var query = new AV.Query(response.className);
@@ -235,7 +235,7 @@ module.exports = function(AV) {
     },
     _createRequest: function(params, options){
       return AVRequest('classes', this.className, null, "GET",
-                                   params || this.toJSON(), options && options.sessionToken);
+                                   params || this.toJSON(), options);
     },
 
     /**

src/query.js

@@ -6,6 +6,9 @@ const Cache = require('./cache');
 const AVError = require('./error');
 const AV = require('./av');
 const _ = require('underscore');
+const {
+  getSessionToken,
+} = require('./utils');
 
 let getServerURLPromise;
 
@@ -97,13 +100,18 @@ const ajax = (method, resourceUrl, data, headers = {}, onprogress) => {
   });
 };
 
-const setHeaders = (sessionToken) => {
+const setHeaders = (authOptions = {}) => {
   const headers = {
     'X-LC-Id': AV.applicationId,
     'Content-Type': 'application/json;charset=UTF-8',
   };
-  if (AV.masterKey && AV._useMasterKey) {
-    headers['X-LC-Sign'] = sign(AV.masterKey, true);
+  if (AV._useMasterKey || authOptions.useMasterKey) {
+    if (AV.masterKey) {
+      headers['X-LC-Sign'] = sign(AV.masterKey, true);
+    } else {
+      console.warn('masterKey is not set, fall back to use appKey');
+      headers['X-LC-Sign'] = sign(AV.applicationKey);
+    }
   } else {
     headers['X-LC-Sign'] = sign(AV.applicationKey);
   }
@@ -119,19 +127,18 @@ const setHeaders = (sessionToken) => {
 
   return Promise.resolve().then(() => {
     // Pass the session token
+    const sessionToken = getSessionToken(authOptions);
     if (sessionToken) {
       headers['X-LC-Session'] = sessionToken;
-      return headers;
     } else if (!AV._config.disableCurrentUser) {
       return AV.User.currentAsync().then((currentUser) => {
         if (currentUser && currentUser._sessionToken) {
           headers['X-LC-Session'] = currentUser._sessionToken;
         }
         return headers;
       });
-    } else {
-      return headers;
     }
+    return headers;
   });
 };
 
@@ -282,7 +289,7 @@ const setServerUrlByRegion = (region = 'cn') => {
  * dataObject is the payload as an object, or null if there is none.
  * @ignore
  */
-const AVRequest = (route, className, objectId, method, dataObject = {}, sessionToken) => {
+const AVRequest = (route, className, objectId, method, dataObject = {}, authOptions) => {
   if (!AV.applicationId) {
     throw new Error('You must specify your applicationId using AV.init()');
   }
@@ -298,7 +305,7 @@ const AVRequest = (route, className, objectId, method, dataObject = {}, sessionT
   }
   return getServerURLPromise.then(() => {
     const apiURL = createApiUrl(route, className, objectId, method, dataObject);
-    return setHeaders(sessionToken).then(
+    return setHeaders(authOptions).then(
       headers => ajax(method, apiURL, dataObject, headers)
         .then(
           null,