Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
answer[key] = arr.map(transformInteriorAtom);
break;
case '$regex':
var s = constraint[key];
if (typeof s !== 'string') {
throw new Parse.Error(Parse.Error.INVALID_JSON, 'bad regex: ' + s);
}
answer[key] = s;
break;
case '$options':
var options = constraint[key];
if (!answer['$regex'] || (typeof options !== 'string')
|| !options.match(/^[imxs]+$/)) {
throw new Parse.Error(Parse.Error.INVALID_QUERY,
'got a bad $options');
}
answer[key] = options;
break;
case '$nearSphere':
var point = constraint[key];
answer[key] = [point.longitude, point.latitude];
break;
case '$maxDistance':
answer[key] = constraint[key];
break;
// The SDKs don't seem to use these but they are documented in the
// REST API docs.
}
}
//all volatileClasses are masterKey only
if (classesWithMasterOnlyAccess.indexOf(className) >= 0 && !auth.isMaster) {
const error = `Clients aren't allowed to perform the ${method} operation on the ${className} collection.`;
throw new Parse.Error(Parse.Error.OPERATION_FORBIDDEN, error);
}
// readOnly masterKey is not allowed
if (
auth.isReadOnly &&
(method === 'delete' || method === 'create' || method === 'update')
) {
const error = `read-only masterKey isn't allowed to perform the ${method} operation.`;
throw new Parse.Error(Parse.Error.OPERATION_FORBIDDEN, error);
}
}
function transformTopLevelAtom(atom) {
switch(typeof atom) {
case 'string':
case 'number':
case 'boolean':
return atom;
case 'undefined':
return atom;
case 'symbol':
case 'function':
throw new Parse.Error(Parse.Error.INVALID_JSON, `cannot transform value: ${atom}`);
case 'object':
if (atom instanceof Date) {
// Technically dates are not rest format, but, it seems pretty
// clear what they should be transformed to, so let's just do it.
return atom;
}
if (atom === null) {
return atom;
}
// TODO: check validity harder for the __type-defined types
if (atom.__type == 'Pointer') {
return `${atom.className}$${atom.objectId}`;
}
if (DateCoder.isValidJSON(atom)) {
answer[key] = {
$polygon: points,
};
} else if (centerSphere !== undefined) {
if (!(centerSphere instanceof Array) || centerSphere.length < 2) {
throw new Parse.Error(
Parse.Error.INVALID_JSON,
'bad $geoWithin value; $centerSphere should be an array of Parse.GeoPoint and distance'
);
}
// Get point, convert to geo point if necessary and validate
let point = centerSphere[0];
if (point instanceof Array && point.length === 2) {
point = new Parse.GeoPoint(point[1], point[0]);
} else if (!GeoPointCoder.isValidJSON(point)) {
throw new Parse.Error(
Parse.Error.INVALID_JSON,
'bad $geoWithin value; $centerSphere geo point invalid'
);
}
Parse.GeoPoint._validate(point.latitude, point.longitude);
// Get distance and validate
const distance = centerSphere[1];
if (isNaN(distance) || distance < 0) {
throw new Parse.Error(
Parse.Error.INVALID_JSON,
'bad $geoWithin value; $centerSphere distance invalid'
);
}
answer[key] = {
$centerSphere: [[point.longitude, point.latitude], distance],
};
}
// The SDKs don't seem to use these but they are documented in the
// REST API docs.
case '$maxDistanceInRadians':
answer['$maxDistance'] = constraint[key];
break;
case '$maxDistanceInMiles':
answer['$maxDistance'] = constraint[key] / 3959;
break;
case '$maxDistanceInKilometers':
answer['$maxDistance'] = constraint[key] / 6371;
break;
case '$select':
case '$dontSelect':
throw new Parse.Error(
Parse.Error.COMMAND_UNAVAILABLE,
'the ' + key + ' constraint is not supported yet'
);
case '$within':
var box = constraint[key]['$box'];
if (!box || box.length != 2) {
throw new Parse.Error(
Parse.Error.INVALID_JSON,
'malformatted $within arg'
);
}
answer[key] = {
$box: [
[box[0].longitude, box[0].latitude],
[box[1].longitude, box[1].latitude],
static getExpirationInterval(body = {}) {
const hasExpirationInterval = Object.prototype.hasOwnProperty.call(
body,
'expiration_interval'
);
if (!hasExpirationInterval) {
return;
}
var expirationIntervalParam = body['expiration_interval'];
if (
typeof expirationIntervalParam !== 'number' ||
expirationIntervalParam <= 0
) {
throw new Parse.Error(
Parse.Error.PUSH_MISCONFIGURED,
`expiration_interval must be a number greater than 0`
);
}
return expirationIntervalParam;
}
function classNameMismatchResponse(bodyClass, pathClass) {
throw new Parse.Error(
Parse.Error.INVALID_CLASS_NAME,
`Class name mismatch between ${bodyClass} and ${pathClass}.`
);
}
} else if (typeof targetClass !== 'string') {
return invalidJsonError;
} else if (!classNameIsValid(targetClass)) {
return new Parse.Error(
Parse.Error.INVALID_CLASS_NAME,
invalidClassNameMessage(targetClass)
);
} else {
return undefined;
}
}
if (typeof type !== 'string') {
return invalidJsonError;
}
if (validNonRelationOrPointerTypes.indexOf(type) < 0) {
return new Parse.Error(
Parse.Error.INCORRECT_TYPE,
`invalid field type: ${type}`
);
}
return undefined;
};
this.dynamo.put(params, (err, data) => {
if (err) {
if (err.name == 'ConditionalCheckFailedException') {
reject(new Parse.Error(Parse.Error.DUPLICATE_VALUE, 'Class already exists.'));
} else {
reject(err);
}
} else {
resolve({ ok : 1, n : 1, ops : [ object ], insertedId : id });
}
});
}
static getQueryCondition(req) {
const body = req.body || {};
const hasWhere = typeof body.where !== 'undefined';
const hasChannels = typeof body.channels !== 'undefined';
let where;
if (hasWhere && hasChannels) {
throw new Parse.Error(
Parse.Error.PUSH_MISCONFIGURED,
'Channels and query can not be set at the same time.'
);
} else if (hasWhere) {
where = body.where;
} else if (hasChannels) {
where = {
channels: {
$in: body.channels,
},
};
} else {
throw new Parse.Error(
Parse.Error.PUSH_MISCONFIGURED,
'Sending a push requires either "channels" or a "where" query.'
);