Skip to content

Commit

Permalink
Merge branch 'alpha' into alpha
Browse files Browse the repository at this point in the history
  • Loading branch information
mtrezza authored Jan 8, 2022
2 parents cda5373 + a5ffb95 commit e6850eb
Show file tree
Hide file tree
Showing 9 changed files with 74 additions and 36 deletions.
18 changes: 18 additions & 0 deletions spec/AuthenticationAdapters.spec.js
Original file line number Diff line number Diff line change
Expand Up @@ -1707,6 +1707,24 @@ describe('Apple Game Center Auth adapter', () => {
expect(e.message).toBe('Apple Game Center - invalid publicKeyUrl: invalid.com');
}
});

it('validateAuthData invalid public key http url', async () => {
const authData = {
id: 'G:1965586982',
publicKeyUrl: 'http://static.gc.apple.com/public-key/gc-prod-4.cer',
timestamp: 1565257031287,
signature: '1234',
salt: 'DzqqrQ==',
bundleId: 'cloud.xtralife.gamecenterauth',
};

try {
await gcenter.validateAuthData(authData);
fail();
} catch (e) {
expect(e.message).toBe('Apple Game Center - invalid publicKeyUrl: http://static.gc.apple.com/public-key/gc-prod-4.cer');
}
});
});

describe('phant auth adapter', () => {
Expand Down
22 changes: 22 additions & 0 deletions spec/batch.spec.js
Original file line number Diff line number Diff line change
Expand Up @@ -111,6 +111,28 @@ describe('batch', () => {
expect(internalURL).toEqual('/classes/Object');
});

it('should return the proper url with bad url provided', () => {
const originalURL = '/parse/batch';
const internalURL = batch.makeBatchRoutingPathFunction(
originalURL,
'badurl.com',
publicServerURL
)('/parse/classes/Object');

expect(internalURL).toEqual('/classes/Object');
});

it('should return the proper url with bad public url provided', () => {
const originalURL = '/parse/batch';
const internalURL = batch.makeBatchRoutingPathFunction(
originalURL,
serverURLNaked,
'badurl.com'
)('/parse/classes/Object');

expect(internalURL).toEqual('/classes/Object');
});

it('should handle a batch request without transaction', async () => {
spyOn(databaseAdapter, 'createObject').and.callThrough();

Expand Down
19 changes: 11 additions & 8 deletions src/Adapters/Auth/gcenter.js
Original file line number Diff line number Diff line change
Expand Up @@ -14,20 +14,23 @@ const authData = {
const { Parse } = require('parse/node');
const crypto = require('crypto');
const https = require('https');
const url = require('url');

const cache = {}; // (publicKey -> cert) cache

function verifyPublicKeyUrl(publicKeyUrl) {
const parsedUrl = url.parse(publicKeyUrl);
if (parsedUrl.protocol !== 'https:') {
try {
const parsedUrl = new URL(publicKeyUrl);
if (parsedUrl.protocol !== 'https:') {
return false;
}
const hostnameParts = parsedUrl.hostname.split('.');
const length = hostnameParts.length;
const domainParts = hostnameParts.slice(length - 2, length);
const domain = domainParts.join('.');
return domain === 'apple.com';
} catch(error) {
return false;
}
const hostnameParts = parsedUrl.hostname.split('.');
const length = hostnameParts.length;
const domainParts = hostnameParts.slice(length - 2, length);
const domain = domainParts.join('.');
return domain === 'apple.com';
}

function convertX509CertToPEM(X509Cert) {
Expand Down
3 changes: 1 addition & 2 deletions src/Adapters/Auth/oauth2.js
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,6 @@
*/

const Parse = require('parse/node').Parse;
const url = require('url');
const querystring = require('querystring');
const httpsRequest = require('./httpsRequest');

Expand Down Expand Up @@ -112,7 +111,7 @@ function requestTokenInfo(options, access_token) {
if (!options || !options.tokenIntrospectionEndpointUrl) {
throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, MISSING_URL);
}
const parsedUrl = url.parse(options.tokenIntrospectionEndpointUrl);
const parsedUrl = new URL(options.tokenIntrospectionEndpointUrl);
const postData = querystring.stringify({
token: access_token,
});
Expand Down
10 changes: 4 additions & 6 deletions src/Adapters/Storage/Postgres/PostgresConfigParser.js
Original file line number Diff line number Diff line change
@@ -1,18 +1,16 @@
const url = require('url');
const fs = require('fs');
function getDatabaseOptionsFromURI(uri) {
const databaseOptions = {};

const parsedURI = url.parse(uri);
const queryParams = parseQueryParams(parsedURI.query);
const authParts = parsedURI.auth ? parsedURI.auth.split(':') : [];
const parsedURI = new URL(uri);
const queryParams = parseQueryParams(parsedURI.searchParams.toString());

databaseOptions.host = parsedURI.hostname || 'localhost';
databaseOptions.port = parsedURI.port ? parseInt(parsedURI.port) : 5432;
databaseOptions.database = parsedURI.pathname ? parsedURI.pathname.substr(1) : undefined;

databaseOptions.user = authParts.length > 0 ? authParts[0] : '';
databaseOptions.password = authParts.length > 1 ? authParts[1] : '';
databaseOptions.user = parsedURI.username;
databaseOptions.password = parsedURI.password;

if (queryParams.ssl && queryParams.ssl.toLowerCase() === 'true') {
databaseOptions.ssl = true;
Expand Down
12 changes: 6 additions & 6 deletions src/Controllers/LoggerController.js
Original file line number Diff line number Diff line change
@@ -1,7 +1,6 @@
import { Parse } from 'parse/node';
import AdaptableController from './AdaptableController';
import { LoggerAdapter } from '../Adapters/Logger/LoggerAdapter';
import url from 'url';

const MILLISECONDS_IN_A_DAY = 24 * 60 * 60 * 1000;
const LOG_STRING_TRUNCATE_LENGTH = 1000;
Expand Down Expand Up @@ -38,15 +37,16 @@ export class LoggerController extends AdaptableController {
});
}

maskSensitiveUrl(urlString) {
const urlObj = url.parse(urlString, true);
const query = urlObj.query;
maskSensitiveUrl(path) {
const urlString = 'http://localhost' + path; // prepend dummy string to make a real URL
const urlObj = new URL(urlString);
const query = urlObj.searchParams;
let sanitizedQuery = '?';

for (const key in query) {
for (const [key, value] of query) {
if (key !== 'password') {
// normal value
sanitizedQuery += key + '=' + query[key] + '&';
sanitizedQuery += key + '=' + value + '&';
} else {
// password value, redact it
sanitizedQuery += key + '=' + '********' + '&';
Expand Down
3 changes: 1 addition & 2 deletions src/Controllers/index.js
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ import authDataManager from '../Adapters/Auth';
import { ParseServerOptions } from '../Options';
import { loadAdapter } from '../Adapters/AdapterLoader';
import defaults from '../defaults';
import url from 'url';
// Controllers
import { LoggerController } from './LoggerController';
import { FilesController } from './FilesController';
Expand Down Expand Up @@ -220,7 +219,7 @@ export function getAuthDataManager(options: ParseServerOptions) {
export function getDatabaseAdapter(databaseURI, collectionPrefix, databaseOptions) {
let protocol;
try {
const parsedURI = url.parse(databaseURI);
const parsedURI = new URL(databaseURI);
protocol = parsedURI.protocol ? parsedURI.protocol.toLowerCase() : null;
} catch (e) {
/* */
Expand Down
7 changes: 3 additions & 4 deletions src/ParseServerRESTController.js
Original file line number Diff line number Diff line change
@@ -1,7 +1,6 @@
const Config = require('./Config');
const Auth = require('./Auth');
const RESTController = require('parse/lib/node/RESTController');
const URL = require('url');
const Parse = require('parse/node');

function getSessionToken(options) {
Expand Down Expand Up @@ -38,9 +37,9 @@ function ParseServerRESTController(applicationId, router) {
if (!config) {
config = Config.get(applicationId);
}
const serverURL = URL.parse(config.serverURL);
if (path.indexOf(serverURL.path) === 0) {
path = path.slice(serverURL.path.length, path.length);
const serverURL = new URL(config.serverURL);
if (path.indexOf(serverURL.pathname) === 0) {
path = path.slice(serverURL.pathname.length, path.length);
}

if (path[0] !== '/') {
Expand Down
16 changes: 8 additions & 8 deletions src/batch.js
Original file line number Diff line number Diff line change
@@ -1,5 +1,4 @@
const Parse = require('parse/node').Parse;
const url = require('url');
const path = require('path');
// These methods handle batch requests.
const batchPath = '/batch';
Expand All @@ -11,11 +10,12 @@ function mountOnto(router) {
});
}

function parseURL(URL) {
if (typeof URL === 'string') {
return url.parse(URL);
function parseURL(urlString) {
try {
return new URL(urlString);
} catch(error) {
return undefined;
}
return undefined;
}

function makeBatchRoutingPathFunction(originalUrl, serverURL, publicServerURL) {
Expand All @@ -33,9 +33,9 @@ function makeBatchRoutingPathFunction(originalUrl, serverURL, publicServerURL) {
return path.posix.join('/', requestPath.slice(apiPrefix.length));
};

if (serverURL && publicServerURL && serverURL.path != publicServerURL.path) {
const localPath = serverURL.path;
const publicPath = publicServerURL.path;
if (serverURL && publicServerURL && serverURL.pathname != publicServerURL.pathname) {
const localPath = serverURL.pathname;
const publicPath = publicServerURL.pathname;

// Override the api prefix
apiPrefix = localPath;
Expand Down

0 comments on commit e6850eb

Please sign in to comment.