Skip to content

Commit 643bdc8

Browse files
drew-grossdrew-gross
committed
Move query validation out of mongo adapter
1 parent 15fc186 commit 643bdc8

File tree

3 files changed

+32
-34
lines changed

3 files changed

+32
-34
lines changed

src/Adapters/Storage/Mongo/MongoStorageAdapter.js

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -185,7 +185,6 @@ export class MongoStorageAdapter {
185185
deleteObjectsByQuery(className, query, validate, schema) {
186186
return this.adaptiveCollection(className)
187187
.then(collection => {
188-
transform.validateQuery(query);
189188
let mongoWhere = transform.transformWhere(className, query, schema);
190189
return collection.deleteMany(mongoWhere)
191190
})

src/Adapters/Storage/Mongo/MongoTransform.js

Lines changed: 0 additions & 31 deletions
Original file line numberDiff line numberDiff line change
@@ -211,39 +211,9 @@ function transformQueryKeyValue(className, key, value, schema) {
211211
}
212212
}
213213

214-
const validateQuery = query => {
215-
if (query.ACL) {
216-
throw new Parse.Error(Parse.Error.INVALID_QUERY, 'Cannot query on ACL.');
217-
}
218-
219-
if (query.$or) {
220-
if (query.$or instanceof Array) {
221-
query.$or.forEach(validateQuery);
222-
} else {
223-
throw new Parse.Error(Parse.Error.INVALID_QUERY, 'Bad $or format - use an array value.');
224-
}
225-
}
226-
227-
if (query.$and) {
228-
if (query.$and instanceof Array) {
229-
query.$and.forEach(validateQuery);
230-
} else {
231-
throw new Parse.Error(Parse.Error.INVALID_QUERY, 'Bad $and format - use an array value.');
232-
}
233-
}
234-
235-
Object.keys(query).forEach(key => {
236-
if (!specialQuerykeys.includes(key) && !key.match(/^[a-zA-Z][a-zA-Z0-9_\.]*$/)) {
237-
throw new Parse.Error(Parse.Error.INVALID_KEY_NAME, `Invalid key name: ${key}`);
238-
}
239-
});
240-
}
241-
242214
// Main exposed method to help run queries.
243215
// restWhere is the "where" clause in REST API form.
244216
// Returns the mongo form of the query.
245-
// Throws a Parse.Error if the input query is invalid.
246-
const specialQuerykeys = ['$and', '$or', '_rperm', '_wperm', '_perishable_token', '_email_verify_token'];
247217
function transformWhere(className, restWhere, schema) {
248218
let mongoWhere = {};
249219
for (let restKey in restWhere) {
@@ -1048,7 +1018,6 @@ var FileCoder = {
10481018

10491019
module.exports = {
10501020
transformKey,
1051-
validateQuery,
10521021
parseObjectToMongoObjectForCreate,
10531022
transformUpdate,
10541023
transformWhere,

src/Controllers/DatabaseController.js

Lines changed: 32 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -24,6 +24,35 @@ function addReadACL(query, acl) {
2424
return newQuery;
2525
}
2626

27+
const specialQuerykeys = ['$and', '$or', '_rperm', '_wperm', '_perishable_token', '_email_verify_token'];
28+
const validateQuery = query => {
29+
if (query.ACL) {
30+
throw new Parse.Error(Parse.Error.INVALID_QUERY, 'Cannot query on ACL.');
31+
}
32+
33+
if (query.$or) {
34+
if (query.$or instanceof Array) {
35+
query.$or.forEach(validateQuery);
36+
} else {
37+
throw new Parse.Error(Parse.Error.INVALID_QUERY, 'Bad $or format - use an array value.');
38+
}
39+
}
40+
41+
if (query.$and) {
42+
if (query.$and instanceof Array) {
43+
query.$and.forEach(validateQuery);
44+
} else {
45+
throw new Parse.Error(Parse.Error.INVALID_QUERY, 'Bad $and format - use an array value.');
46+
}
47+
}
48+
49+
Object.keys(query).forEach(key => {
50+
if (!specialQuerykeys.includes(key) && !key.match(/^[a-zA-Z][a-zA-Z0-9_\.]*$/)) {
51+
throw new Parse.Error(Parse.Error.INVALID_KEY_NAME, `Invalid key name: ${key}`);
52+
}
53+
});
54+
}
55+
2756
function DatabaseController(adapter, { skipValidation } = {}) {
2857
this.adapter = adapter;
2958

@@ -174,6 +203,7 @@ DatabaseController.prototype.update = function(className, query, update, {
174203
if (acl) {
175204
query = addWriteACL(query, acl);
176205
}
206+
validateQuery(query);
177207
return schemaController.getOneSchema(className)
178208
.catch(error => {
179209
// If the schema doesn't exist, pretend it exists with no fields. This behaviour
@@ -184,7 +214,6 @@ DatabaseController.prototype.update = function(className, query, update, {
184214
throw error;
185215
})
186216
.then(parseFormatSchema => {
187-
this.transform.validateQuery(query);
188217
var mongoWhere = this.transform.transformWhere(className, query, parseFormatSchema);
189218
mongoUpdate = this.transform.transformUpdate(
190219
schemaController,
@@ -329,6 +358,7 @@ DatabaseController.prototype.destroy = function(className, query, { acl } = {})
329358
if (acl) {
330359
query = addWriteACL(query, acl);
331360
}
361+
validateQuery(query);
332362
return schemaController.getOneSchema(className)
333363
.catch(error => {
334364
// If the schema doesn't exist, pretend it exists with no fields. This behaviour
@@ -669,7 +699,7 @@ DatabaseController.prototype.find = function(className, query, {
669699
if (!isMaster) {
670700
query = addReadACL(query, aclGroup);
671701
}
672-
this.transform.validateQuery(query);
702+
validateQuery(query);
673703
let mongoWhere = this.transform.transformWhere(className, query, schema);
674704
if (count) {
675705
delete mongoOptions.limit;

0 commit comments

Comments
 (0)