forked from parse-community/parse-server
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathusersQueries.js
More file actions
99 lines (90 loc) · 2.58 KB
/
usersQueries.js
File metadata and controls
99 lines (90 loc) · 2.58 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
import { GraphQLNonNull } from 'graphql';
import getFieldNames from 'graphql-list-fields';
import Parse from 'parse/node';
import rest from '../../rest';
import { extractKeysAndInclude } from './parseClassTypes';
import { Auth } from '../../Auth';
import { createSanitizedError } from '../../Error';
const getUserFromSessionToken = async (context, queryInfo, keysPrefix, userId) => {
const { info, config } = context;
if (!info || !info.sessionToken) {
throw createSanitizedError(Parse.Error.INVALID_SESSION_TOKEN, 'Invalid session token', config);
}
const sessionToken = info.sessionToken;
const selectedFields = getFieldNames(queryInfo)
.filter(field => field.startsWith(keysPrefix))
.map(field => field.replace(keysPrefix, ''));
const keysAndInclude = extractKeysAndInclude(selectedFields);
const { keys } = keysAndInclude;
let { include } = keysAndInclude;
if (userId && !keys && !include) {
return {
sessionToken,
};
} else if (keys && !include) {
include = 'user';
}
if (userId) {
// We need to re create the auth context
// to avoid security breach if userId is provided
context.auth = new Auth({
config,
isMaster: context.auth.isMaster,
user: { id: userId },
});
}
const options = {};
if (keys) {
options.keys = keys
.split(',')
.map(key => `${key}`)
.join(',');
}
if (include) {
options.include = include
.split(',')
.map(included => `${included}`)
.join(',');
}
const response = await rest.find(
config,
context.auth,
'_User',
// Get the user it self from auth object
{ objectId: context.auth.user.id },
options,
info.clientVersion,
info.context
);
if (!response.results || response.results.length == 0) {
throw createSanitizedError(Parse.Error.INVALID_SESSION_TOKEN, 'Invalid session token', config);
} else {
const user = response.results[0];
return {
sessionToken,
user,
};
}
};
const load = parseGraphQLSchema => {
if (parseGraphQLSchema.isUsersClassDisabled) {
return;
}
parseGraphQLSchema.addGraphQLQuery(
'viewer',
{
description: 'The viewer query can be used to return the current user data.',
type: new GraphQLNonNull(parseGraphQLSchema.viewerType),
async resolve(_source, _args, context, queryInfo) {
try {
return await getUserFromSessionToken(context, queryInfo, 'user.', false);
} catch (e) {
parseGraphQLSchema.handleError(e);
}
},
},
true,
true
);
};
export { load, getUserFromSessionToken };