disable by default

Author: dblythy

resources/buildConfigDefinitions.js

@@ -55,6 +55,9 @@ function getENVPrefix(iface) {
   if (iface.id.name === 'IdempotencyOptions') {
     return 'PARSE_SERVER_EXPERIMENTAL_IDEMPOTENCY_';
   }
+  if (iface.id.name === 'DashboardOptions') {
+    return 'PARSE_SERVER_DASHBOARD_OPTIONS_';
+  }
 }
 
 function processProperty(property, iface) {
@@ -180,6 +183,13 @@ function parseDefaultValue(elt, value, t) {
       });
       literalValue = t.objectExpression(props);
     }
+    if (type == 'DashboardOptions') {
+      const object = parsers.objectParser(value);
+      const props = Object.keys(object).map((key) => {
+        return t.objectProperty(key, object[value]);
+      });
+      literalValue = t.objectExpression(props);
+    }
     if (type == 'ProtectedFields') {
       const prop = t.objectProperty(
         t.stringLiteral('_User'), t.objectPattern([

spec/CloudCode.spec.js

@@ -50,7 +50,12 @@ describe('Cloud Code', () => {
   };
   it('can load cloud code file from dashboard', async done => {
     const cloudDir = './spec/cloud/cloudCodeAbsoluteFile.js';
-    await reconfigureServer({ cloud: cloudDir });
+    await reconfigureServer({
+      cloud: cloudDir,
+      dashboardOptions: {
+        cloudFileView: true,
+      },
+    });
     const options = Object.assign({}, masterKeyOptions, {
       method: 'GET',
       url: Parse.serverURL + '/releases/latest',
@@ -75,7 +80,12 @@ describe('Cloud Code', () => {
 
   it('can load multiple cloud code files from dashboard', async done => {
     const cloudDir = './spec/cloud/cloudCodeRequireFiles.js';
-    await reconfigureServer({ cloud: cloudDir });
+    await reconfigureServer({
+      cloud: cloudDir,
+      dashboardOptions: {
+        cloudFileView: true,
+      },
+    });
     const options = Object.assign({}, masterKeyOptions, {
       method: 'GET',
       url: Parse.serverURL + '/releases/latest',
@@ -95,9 +105,126 @@ describe('Cloud Code', () => {
     });
   });
 
+  it('can server info for for file options', async () => {
+    const cloudDir = './spec/cloud/cloudCodeRequireFiles.js';
+    await reconfigureServer({
+      cloud: cloudDir,
+    });
+    const options = Object.assign({}, masterKeyOptions, {
+      method: 'GET',
+      url: Parse.serverURL + '/serverInfo',
+    });
+    let { data } = await request(options);
+    expect(data).not.toBe(null);
+    expect(data.features).not.toBe(null);
+    expect(data.features.cloudCode).not.toBe(null);
+    expect(data.features.cloudCode.viewCode).toBe(false);
+    expect(data.features.cloudCode.editCode).toBe(false);
+
+    await reconfigureServer({
+      cloud: cloudDir,
+      dashboardOptions: {
+        cloudFileView: true,
+      },
+    });
+    data = (await request(options)).data;
+    expect(data).not.toBe(null);
+    expect(data.features).not.toBe(null);
+    expect(data.features.cloudCode).not.toBe(null);
+    expect(data.features.cloudCode.viewCode).toBe(true);
+    expect(data.features.cloudCode.editCode).toBe(false);
+    await reconfigureServer({
+      cloud: cloudDir,
+      dashboardOptions: {
+        cloudFileView: true,
+        cloudFileEdit: true,
+      },
+    });
+    data = (await request(options)).data;
+    expect(data).not.toBe(null);
+    expect(data.features).not.toBe(null);
+    expect(data.features.cloudCode).not.toBe(null);
+    expect(data.features.cloudCode.viewCode).toBe(true);
+    expect(data.features.cloudCode.editCode).toBe(true);
+  });
+
+  it('cannot view or edit cloud files by default', async () => {
+    const options = Object.assign({}, masterKeyOptions, {
+      method: 'GET',
+      url: Parse.serverURL + '/releases/latest',
+    });
+    try {
+      await request(options);
+      fail('should not have been able to get cloud files');
+    } catch (e) {
+      expect(e.text).toBe('{"code":101,"error":"Dashboard file viewing is not active."}');
+    }
+    try {
+      options.url = Parse.serverURL + '/scripts/spec/cloud/cloudCodeRequireFiles.js';
+      await request(options);
+      fail('should not have been able to get cloud files');
+    } catch (e) {
+      expect(e.text).toBe('{"code":101,"error":"Dashboard file viewing is not active."}');
+    }
+    try {
+      options.method = 'POST';
+      options.url = Parse.serverURL + '/scripts/spec/cloud/cloudCodeRequireFiles.js';
+      options.body = {
+        data: 'new file text',
+      };
+      await request(options);
+      fail('should not have been able to get cloud files');
+    } catch (e) {
+      expect(e.text).toBe('{"code":101,"error":"Dashboard file editing is not active."}');
+    }
+  });
+
+  it('can view cloud code file from dashboard', async () => {
+    const cloudDir = './spec/cloud/cloudCodeRequireFiles.js';
+    await reconfigureServer({
+      cloud: cloudDir,
+      dashboardOptions: {
+        cloudFileView: true,
+      },
+    });
+    const options = Object.assign({}, masterKeyOptions, {
+      method: 'GET',
+      url: Parse.serverURL + '/releases/latest',
+    });
+    let res = await request(options);
+    expect(Array.isArray(res.data)).toBe(true);
+    const first = res.data[0];
+    expect(first.userFiles).toBeDefined();
+    expect(first.checksums).toBeDefined();
+    expect(first.userFiles).toContain(cloudDir);
+    expect(first.checksums).toContain(cloudDir);
+    options.url = Parse.serverURL + '/scripts/spec/cloud/cloudCodeRequireFiles.js';
+    res = await request(options);
+    let response = res.data;
+    expect(response).toContain(`require('./cloudCodeAbsoluteFile.js`);
+    response = response + '\nconst additionalData;\n';
+    options.method = 'POST';
+    options.url = Parse.serverURL + '/scripts/spec/cloud/cloudCodeRequireFiles.js';
+    options.body = {
+      data: response,
+    };
+    try {
+      await request(options);
+      fail('should have failed to save');
+    } catch (e) {
+      expect(e.text).toBe('{"code":101,"error":"Dashboard file editing is not active."}');
+    }
+  });
+
   it('can edit cloud code file from dashboard', async done => {
     const cloudDir = './spec/cloud/cloudCodeRequireFiles.js';
-    await reconfigureServer({ cloud: cloudDir });
+    await reconfigureServer({
+      cloud: cloudDir,
+      dashboardOptions: {
+        cloudFileView: true,
+        cloudFileEdit: true,
+      },
+    });
     const options = Object.assign({}, masterKeyOptions, {
       method: 'GET',
       url: Parse.serverURL + '/releases/latest',

spec/GridFSBucketStorageAdapter.spec.js

@@ -44,9 +44,7 @@ describe_only_db('mongo')('GridFSBucket and GridStore interop', () => {
     await expectMissingFile(encryptedAdapter, 'myFileName');
     const originalString = 'abcdefghi';
     await encryptedAdapter.createFile('myFileName', originalString);
-    const unencryptedResult = await unencryptedAdapter.getFileData(
-      'myFileName'
-    );
+    const unencryptedResult = await unencryptedAdapter.getFileData('myFileName');
     expect(unencryptedResult.toString('utf8')).not.toBe(originalString);
     const encryptedResult = await encryptedAdapter.getFileData('myFileName');
     expect(encryptedResult.toString('utf8')).toBe(originalString);
@@ -71,10 +69,7 @@ describe_only_db('mongo')('GridFSBucket and GridStore interop', () => {
     const unencryptedResult2 = await unencryptedAdapter.getFileData(fileName2);
     expect(unencryptedResult2.toString('utf8')).toBe(data2);
     //Check if encrypted adapter can read data and make sure it's not the same as unEncrypted adapter
-    const {
-      rotated,
-      notRotated,
-    } = await encryptedAdapter.rotateEncryptionKey();
+    const { rotated, notRotated } = await encryptedAdapter.rotateEncryptionKey();
     expect(rotated.length).toEqual(2);
     expect(
       rotated.filter(function (value) {
@@ -101,30 +96,18 @@ describe_only_db('mongo')('GridFSBucket and GridStore interop', () => {
 
   it('should rotate key of all old encrypted GridFS files to encrypted files', async () => {
     const oldEncryptionKey = 'oldKeyThatILoved';
-    const oldEncryptedAdapter = new GridFSBucketAdapter(
-      databaseURI,
-      {},
-      oldEncryptionKey
-    );
-    const encryptedAdapter = new GridFSBucketAdapter(
-      databaseURI,
-      {},
-      'newKeyThatILove'
-    );
+    const oldEncryptedAdapter = new GridFSBucketAdapter(databaseURI, {}, oldEncryptionKey);
+    const encryptedAdapter = new GridFSBucketAdapter(databaseURI, {}, 'newKeyThatILove');
     const fileName1 = 'file1.txt';
     const data1 = 'hello world';
     const fileName2 = 'file2.txt';
     const data2 = 'hello new world';
     //Store unecrypted files
     await oldEncryptedAdapter.createFile(fileName1, data1);
-    const oldEncryptedResult1 = await oldEncryptedAdapter.getFileData(
-      fileName1
-    );
+    const oldEncryptedResult1 = await oldEncryptedAdapter.getFileData(fileName1);
     expect(oldEncryptedResult1.toString('utf8')).toBe(data1);
     await oldEncryptedAdapter.createFile(fileName2, data2);
-    const oldEncryptedResult2 = await oldEncryptedAdapter.getFileData(
-      fileName2
-    );
+    const oldEncryptedResult2 = await oldEncryptedAdapter.getFileData(fileName2);
     expect(oldEncryptedResult2.toString('utf8')).toBe(data2);
     //Check if encrypted adapter can read data and make sure it's not the same as unEncrypted adapter
     const { rotated, notRotated } = await encryptedAdapter.rotateEncryptionKey({
@@ -170,32 +153,21 @@ describe_only_db('mongo')('GridFSBucket and GridStore interop', () => {
 
   it('should rotate key of all old encrypted GridFS files to unencrypted files', async () => {
     const oldEncryptionKey = 'oldKeyThatILoved';
-    const oldEncryptedAdapter = new GridFSBucketAdapter(
-      databaseURI,
-      {},
-      oldEncryptionKey
-    );
+    const oldEncryptedAdapter = new GridFSBucketAdapter(databaseURI, {}, oldEncryptionKey);
     const unEncryptedAdapter = new GridFSBucketAdapter(databaseURI);
     const fileName1 = 'file1.txt';
     const data1 = 'hello world';
     const fileName2 = 'file2.txt';
     const data2 = 'hello new world';
     //Store unecrypted files
     await oldEncryptedAdapter.createFile(fileName1, data1);
-    const oldEncryptedResult1 = await oldEncryptedAdapter.getFileData(
-      fileName1
-    );
+    const oldEncryptedResult1 = await oldEncryptedAdapter.getFileData(fileName1);
     expect(oldEncryptedResult1.toString('utf8')).toBe(data1);
     await oldEncryptedAdapter.createFile(fileName2, data2);
-    const oldEncryptedResult2 = await oldEncryptedAdapter.getFileData(
-      fileName2
-    );
+    const oldEncryptedResult2 = await oldEncryptedAdapter.getFileData(fileName2);
     expect(oldEncryptedResult2.toString('utf8')).toBe(data2);
     //Check if unEncrypted adapter can read data and make sure it's not the same as oldEncrypted adapter
-    const {
-      rotated,
-      notRotated,
-    } = await unEncryptedAdapter.rotateEncryptionKey({
+    const { rotated, notRotated } = await unEncryptedAdapter.rotateEncryptionKey({
       oldKey: oldEncryptionKey,
     });
     expect(rotated.length).toEqual(2);
@@ -238,31 +210,19 @@ describe_only_db('mongo')('GridFSBucket and GridStore interop', () => {
 
   it('should only encrypt specified fileNames', async () => {
     const oldEncryptionKey = 'oldKeyThatILoved';
-    const oldEncryptedAdapter = new GridFSBucketAdapter(
-      databaseURI,
-      {},
-      oldEncryptionKey
-    );
-    const encryptedAdapter = new GridFSBucketAdapter(
-      databaseURI,
-      {},
-      'newKeyThatILove'
-    );
+    const oldEncryptedAdapter = new GridFSBucketAdapter(databaseURI, {}, oldEncryptionKey);
+    const encryptedAdapter = new GridFSBucketAdapter(databaseURI, {}, 'newKeyThatILove');
     const unEncryptedAdapter = new GridFSBucketAdapter(databaseURI);
     const fileName1 = 'file1.txt';
     const data1 = 'hello world';
     const fileName2 = 'file2.txt';
     const data2 = 'hello new world';
     //Store unecrypted files
     await oldEncryptedAdapter.createFile(fileName1, data1);
-    const oldEncryptedResult1 = await oldEncryptedAdapter.getFileData(
-      fileName1
-    );
+    const oldEncryptedResult1 = await oldEncryptedAdapter.getFileData(fileName1);
     expect(oldEncryptedResult1.toString('utf8')).toBe(data1);
     await oldEncryptedAdapter.createFile(fileName2, data2);
-    const oldEncryptedResult2 = await oldEncryptedAdapter.getFileData(
-      fileName2
-    );
+    const oldEncryptedResult2 = await oldEncryptedAdapter.getFileData(fileName2);
     expect(oldEncryptedResult2.toString('utf8')).toBe(data2);
     //Inject unecrypted file to see if causes an issue
     const fileName3 = 'file3.txt';
@@ -318,31 +278,19 @@ describe_only_db('mongo')('GridFSBucket and GridStore interop', () => {
 
   it("should return fileNames of those it can't encrypt with the new key", async () => {
     const oldEncryptionKey = 'oldKeyThatILoved';
-    const oldEncryptedAdapter = new GridFSBucketAdapter(
-      databaseURI,
-      {},
-      oldEncryptionKey
-    );
-    const encryptedAdapter = new GridFSBucketAdapter(
-      databaseURI,
-      {},
-      'newKeyThatILove'
-    );
+    const oldEncryptedAdapter = new GridFSBucketAdapter(databaseURI, {}, oldEncryptionKey);
+    const encryptedAdapter = new GridFSBucketAdapter(databaseURI, {}, 'newKeyThatILove');
     const unEncryptedAdapter = new GridFSBucketAdapter(databaseURI);
     const fileName1 = 'file1.txt';
     const data1 = 'hello world';
     const fileName2 = 'file2.txt';
     const data2 = 'hello new world';
     //Store unecrypted files
     await oldEncryptedAdapter.createFile(fileName1, data1);
-    const oldEncryptedResult1 = await oldEncryptedAdapter.getFileData(
-      fileName1
-    );
+    const oldEncryptedResult1 = await oldEncryptedAdapter.getFileData(fileName1);
     expect(oldEncryptedResult1.toString('utf8')).toBe(data1);
     await oldEncryptedAdapter.createFile(fileName2, data2);
-    const oldEncryptedResult2 = await oldEncryptedAdapter.getFileData(
-      fileName2
-    );
+    const oldEncryptedResult2 = await oldEncryptedAdapter.getFileData(fileName2);
     expect(oldEncryptedResult2.toString('utf8')).toBe(data2);
     //Inject unecrypted file to see if causes an issue
     const fileName3 = 'file3.txt';

src/Options/Definitions.js

@@ -93,6 +93,13 @@ module.exports.ParseServerOptions = {
     action: parsers.objectParser,
     default: {},
   },
+  dashboardOptions: {
+    env: 'PARSE_SERVER_DASHBOARD_OPTIONS',
+    help:
+      'Options for Parse dashboard. Caution, do not use cloudFileEdit on a multi-instance production server.',
+    action: parsers.objectParser,
+    default: {},
+  },
   databaseAdapter: {
     env: 'PARSE_SERVER_DATABASE_ADAPTER',
     help: 'Adapter module for the database',
@@ -545,3 +552,18 @@ module.exports.IdempotencyOptions = {
     default: 300,
   },
 };
+module.exports.DashboardOptions = {
+  cloudFileEdit: {
+    env: 'PARSE_SERVER_DASHBOARD_OPTIONS_CLOUD_FILE_EDIT',
+    help:
+      'Whether the Parse Dashboard can edit cloud files. If set to true, dashboard can view and edit cloud code files. Do not user on multi-instance servers otherwise your cloud files will be inconsistent.',
+    action: parsers.booleanParser,
+    default: false,
+  },
+  cloudFileView: {
+    env: 'PARSE_SERVER_DASHBOARD_OPTIONS_CLOUD_FILE_VIEW',
+    help: 'Whether the Parse Dashboard can view cloud files.',
+    action: parsers.booleanParser,
+    default: false,
+  },
+};

src/Options/docs.js

@@ -17,6 +17,7 @@
  * @property {Number|Boolean} cluster Run with cluster, optionally set the number of processes default to os.cpus().length
  * @property {String} collectionPrefix A collection prefix for the classes
  * @property {CustomPagesOptions} customPages custom pages for password validation and reset
+ * @property {DashboardOptions} dashboardOptions Options for Parse dashboard. Caution, do not use cloudFileEdit on a multi-instance production server.
  * @property {Adapter<StorageAdapter>} databaseAdapter Adapter module for the database
  * @property {Any} databaseOptions Options to pass to the mongodb client
  * @property {String} databaseURI The full URI to your database. Supported databases are mongodb or postgres.
@@ -118,3 +119,9 @@
  * @property {String[]} paths An array of paths for which the feature should be enabled. The mount path must not be included, for example instead of `/parse/functions/myFunction` specifiy `functions/myFunction`. The entries are interpreted as regular expression, for example `functions/.*` matches all functions, `jobs/.*` matches all jobs, `classes/.*` matches all classes, `.*` matches all paths.
  * @property {Number} ttl The duration in seconds after which a request record is discarded from the database, defaults to 300s.
  */
+
+/**
+ * @interface DashboardOptions
+ * @property {Boolean} cloudFileEdit Whether the Parse Dashboard can edit cloud files. If set to true, dashboard can view and edit cloud code files. Do not user on multi-instance servers otherwise your cloud files will be inconsistent.
+ * @property {Boolean} cloudFileView Whether the Parse Dashboard can view cloud files.
+ */