Merge remote-tracking branch 'upstream/master'

Author: codegefluester

.gitignore

@@ -28,3 +28,6 @@ node_modules
 
 # Emacs
 *~
+
+# WebStorm/IntelliJ
+.idea

.travis.yml

@@ -0,0 +1,11 @@
+branches:
+  only:
+    - master
+language: node_js
+node_js:
+  - "4.1"
+  - "4.2"
+env:
+  - MONGODB_VERSION=2.6.11
+  - MONGODB_VERSION=3.0.8
+after_success: ./node_modules/.bin/codecov

Auth.js

@@ -64,6 +64,7 @@ var getAuthForSessionToken = function(config, sessionToken) {
     var obj = results[0]['user'];
     delete obj.password;
     obj['className'] = '_User';
+    obj['sessionToken'] = sessionToken;
     var userObject = Parse.Object.fromJSON(obj);
     cache.setUser(sessionToken, userObject);
     return new Auth(config, false, userObject);

CONTRIBUTING.md

@@ -0,0 +1,17 @@
+### Contributing to Parse Server
+
+#### Pull Requests Welcome!
+
+We really want Parse to be yours, to see it grow and thrive in the open source community.  
+
+##### Please Do's
+
+* Please write tests to cover new methods.
+* Please run the tests and make sure you didn't break anything.
+
+##### Code of Conduct
+
+This project adheres to the [Open Code of Conduct][code-of-conduct]. By participating, you are expected to honor this code.
+[code-of-conduct]: http://todogroup.org/opencodeofconduct/#Parse Server/[email protected]
+
+

DatabaseAdapter.js

@@ -20,6 +20,7 @@ var adapter = ExportAdapter;
 var cache = require('./cache');
 var dbConnections = {};
 var databaseURI = 'mongodb://localhost:27017/parse';
+var appDatabaseURIs = {};
 
 function setAdapter(databaseAdapter) {
   adapter = databaseAdapter;
@@ -29,11 +30,17 @@ function setDatabaseURI(uri) {
   databaseURI = uri;
 }
 
+function setAppDatabaseURI(appId, uri) {
+  appDatabaseURIs[appId] = uri;
+}
+
 function getDatabaseConnection(appId) {
   if (dbConnections[appId]) {
     return dbConnections[appId];
   }
-  dbConnections[appId] = new adapter(databaseURI, {
+
+  var dbURI = (appDatabaseURIs[appId] ? appDatabaseURIs[appId] : databaseURI);
+  dbConnections[appId] = new adapter(dbURI, {
     collectionPrefix: cache.apps[appId]['collectionPrefix']
   });
   dbConnections[appId].connect();
@@ -44,5 +51,6 @@ module.exports = {
   dbConnections: dbConnections,
   getDatabaseConnection: getDatabaseConnection,
   setAdapter: setAdapter,
-  setDatabaseURI: setDatabaseURI
+  setDatabaseURI: setDatabaseURI,
+  setAppDatabaseURI: setAppDatabaseURI
 };

ExportAdapter.js

@@ -34,8 +34,21 @@ ExportAdapter.prototype.connect = function() {
     return this.connectionPromise;
   }
 
+  //http://regexr.com/3cncm
+  if (!this.mongoURI.match(/^mongodb:\/\/((.+):(.+)@)?([^:@]+):{0,1}([^:]+)\/(.+?)$/gm)) {
+    throw new Error("Invalid mongoURI: " + this.mongoURI)
+  }
+  var usernameStart = this.mongoURI.indexOf('://') + 3;
+  var lastAtIndex = this.mongoURI.lastIndexOf('@');
+  var encodedMongoURI = this.mongoURI;
+  var split = null;
+  if (lastAtIndex > 0) {
+    split = this.mongoURI.slice(usernameStart, lastAtIndex).split(':');
+    encodedMongoURI = this.mongoURI.slice(0, usernameStart) + encodeURIComponent(split[0]) + ':' + encodeURIComponent(split[1]) + this.mongoURI.slice(lastAtIndex);
+  }
+
   this.connectionPromise = Promise.resolve().then(() => {
-    return MongoClient.connect(this.mongoURI);
+    return MongoClient.connect(encodedMongoURI, {uri_decode_auth:true});
   }).then((db) => {
     this.db = db;
   });
@@ -232,7 +245,7 @@ ExportAdapter.prototype.handleRelationUpdates = function(className,
     }
 
     if (op.__op == 'Batch') {
-      for (x of op.ops) {
+      for (var x of op.ops) {
         process(x, key);
       }
     }

FilesAdapter.js

@@ -5,6 +5,7 @@
 // Adapter classes must implement the following functions:
 // * create(config, filename, data)
 // * get(config, filename)
+// * location(config, req, filename)
 //
 // Default is GridStoreAdapter, which requires mongo
 // and for the API server to be using the ExportAdapter

GridStoreAdapter.js

@@ -4,6 +4,7 @@
 // Requires the database adapter to be based on mongoclient
 
 var GridStore = require('mongodb').GridStore;
+var path = require('path');
 
 // For a given config object, filename, and data, store a file
 // Returns a promise
@@ -32,7 +33,16 @@ function get(config, filename) {
   });
 }
 
+// Generates and returns the location of a file stored in GridStore for the
+// given request and filename
+function location(config, req, filename) {
+  return (req.protocol + '://' + req.get('host') +
+    path.dirname(req.originalUrl) + '/' + req.config.applicationId +
+    '/' + encodeURIComponent(filename));
+}
+
 module.exports = {
   create: create,
-  get: get
+  get: get,
+  location: location
 };

README.md

@@ -1,5 +1,9 @@
 ## parse-server
 
+[![Build Status](https://img.shields.io/travis/ParsePlatform/parse-server/master.svg?style=flat)](https://travis-ci.org/ParsePlatform/parse-server)
+[![Coverage Status](https://img.shields.io/codecov/c/github/ParsePlatform/parse-server/master.svg)](https://codecov.io/github/ParsePlatform/parse-server?branch=master)
+[![npm version](https://img.shields.io/npm/v/parse-server.svg?style=flat)](https://www.npmjs.com/package/parse-server)
+
 A Parse.com API compatible router package for Express
 
 Read the announcement blog post here:  http://blog.parse.com/announcements/introducing-parse-server-and-the-database-migration-tool/

RestQuery.js

@@ -434,7 +434,7 @@ function includePath(config, auth, response, path) {
 function findPointers(object, path) {
   if (object instanceof Array) {
     var answer = [];
-    for (x of object) {
+    for (var x of object) {
       answer = answer.concat(findPointers(x, path));
     }
     return answer;

RestWrite.js

@@ -2,13 +2,14 @@
 // that writes to the database.
 // This could be either a "create" or an "update".
 
+var crypto = require('crypto');
 var deepcopy = require('deepcopy');
 var rack = require('hat').rack();
 
 var Auth = require('./Auth');
 var cache = require('./cache');
 var Config = require('./Config');
-var crypto = require('./crypto');
+var passwordCrypto = require('./password');
 var facebook = require('./facebook');
 var Parse = require('parse/node');
 var triggers = require('./triggers');
@@ -228,6 +229,7 @@ RestWrite.prototype.handleFacebookAuthData = function() {
         this.className,
         {'authData.facebook.id': facebookData.id}, {});
     }).then((results) => {
+      this.storage['authProvider'] = "facebook";
       if (results.length > 0) {
         if (!this.query) {
           // We're signing up, but this user already exists. Short-circuit
@@ -236,6 +238,7 @@ RestWrite.prototype.handleFacebookAuthData = function() {
             response: results[0],
             location: this.location()
           };
+          this.data.objectId = results[0].objectId;
           return;
         }
 
@@ -248,6 +251,8 @@ RestWrite.prototype.handleFacebookAuthData = function() {
         // We're trying to create a duplicate FB auth. Forbid it
         throw new Parse.Error(Parse.Error.ACCOUNT_ALREADY_LINKED,
                               'this auth is already used');
+      } else {
+        this.data.username = rack();
       }
 
       // This FB auth does not already exist, so transform it to a
@@ -261,7 +266,7 @@ RestWrite.prototype.handleFacebookAuthData = function() {
 
 // The non-third-party parts of User transformation
 RestWrite.prototype.transformUser = function() {
-  if (this.response || this.className !== '_User') {
+  if (this.className !== '_User') {
     return;
   }
 
@@ -271,7 +276,8 @@ RestWrite.prototype.transformUser = function() {
     var token = 'r:' + rack();
     this.storage['token'] = token;
     promise = promise.then(() => {
-      // TODO: Proper createdWith options, pass installationId
+      var expiresAt = new Date();
+      expiresAt.setFullYear(expiresAt.getFullYear() + 1);
       var sessionData = {
         sessionToken: token,
         user: {
@@ -281,10 +287,15 @@ RestWrite.prototype.transformUser = function() {
         },
         createdWith: {
           'action': 'login',
-          'authProvider': 'password'
+          'authProvider': this.storage['authProvider'] || 'password'
         },
-        restricted: false
+        restricted: false,
+        installationId: this.data.installationId,
+        expiresAt: Parse._encode(expiresAt)
       };
+      if (this.response && this.response.response) {
+        this.response.response.sessionToken = token;
+      }
       var create = new RestWrite(this.config, Auth.master(this.config),
                                  '_Session', null, sessionData);
       return create.execute();
@@ -299,7 +310,7 @@ RestWrite.prototype.transformUser = function() {
     if (this.query) {
       this.storage['clearSessions'] = true;
     }
-    return crypto.hash(this.data.password).then((hashedPassword) => {
+    return passwordCrypto.hash(this.data.password).then((hashedPassword) => {
       this.data._hashed_password = hashedPassword;
       delete this.data.password;
     });
@@ -361,7 +372,7 @@ RestWrite.prototype.handleFollowup = function() {
     };
     delete this.storage['clearSessions'];
     return this.config.database.destroy('_Session', sessionQuery)
-    .then(this.handleFollowup);
+    .then(this.handleFollowup.bind(this));
   }
 };
 
@@ -403,6 +414,8 @@ RestWrite.prototype.handleSession = function() {
 
   if (!this.query && !this.auth.isMaster) {
     var token = 'r:' + rack();
+    var expiresAt = new Date();
+    expiresAt.setFullYear(expiresAt.getFullYear() + 1);
     var sessionData = {
       sessionToken: token,
       user: {
@@ -414,7 +427,7 @@ RestWrite.prototype.handleSession = function() {
         'action': 'create'
       },
       restricted: true,
-      expiresAt: 0
+      expiresAt: Parse._encode(expiresAt)
     };
     for (var key in this.data) {
       if (key == 'objectId') {
@@ -701,15 +714,18 @@ RestWrite.prototype.objectId = function() {
   return this.data.objectId || this.query.objectId;
 };
 
-// Returns a string that's usable as an object id.
-// Probably unique. Good enough? Probably!
+// Returns a unique string that's usable as an object id.
 function newObjectId() {
   var chars = ('ABCDEFGHIJKLMNOPQRSTUVWXYZ' +
                'abcdefghijklmnopqrstuvwxyz' +
                '0123456789');
   var objectId = '';
-  for (var i = 0; i < 10; ++i) {
-    objectId += chars[Math.floor(Math.random() * chars.length)];
+  var bytes = crypto.randomBytes(10);
+  for (var i = 0; i < bytes.length; ++i) {
+    // Note: there is a slight modulo bias, because chars length
+    // of 62 doesn't divide the number of all bytes (256) evenly.
+    // It is acceptable for our purposes.
+    objectId += chars[bytes.readUInt8(i) % chars.length];
   }
   return objectId;
 }

S3Adapter.js

@@ -0,0 +1,77 @@
+// S3Adapter
+//
+// Stores Parse files in AWS S3.
+
+var AWS = require('aws-sdk');
+var path = require('path');
+
+var DEFAULT_REGION = "us-east-1";
+var DEFAULT_BUCKET = "parse-files";
+
+// Creates an S3 session.
+// Providing AWS access and secret keys is mandatory
+// Region and bucket will use sane defaults if omitted
+function S3Adapter(accessKey, secretKey, options) {
+  options = options || {};
+
+  this.region = options.region || DEFAULT_REGION;
+  this.bucket = options.bucket || DEFAULT_BUCKET;
+  this.bucketPrefix = options.bucketPrefix || "";
+  this.directAccess = options.directAccess || false;
+
+  s3Options = {
+    accessKeyId: accessKey,
+    secretAccessKey: secretKey,
+    params: {Bucket: this.bucket}
+  };
+  AWS.config.region = this.region;
+  this.s3 = new AWS.S3(s3Options);
+}
+
+// For a given config object, filename, and data, store a file in S3
+// Returns a promise containing the S3 object creation response
+S3Adapter.prototype.create = function(config, filename, data) {
+  var params = {
+    Key: this.bucketPrefix + filename,
+    Body: data,
+  };
+  if (this.directAccess) {
+    params.ACL = "public-read"
+  }
+
+  return new Promise((resolve, reject) => {
+    this.s3.upload(params, (err, data) => {
+      if (err !== null) return reject(err);
+      resolve(data);
+    });
+  });
+}
+
+// Search for and return a file if found by filename
+// Returns a promise that succeeds with the buffer result from S3
+S3Adapter.prototype.get = function(config, filename) {
+  var params = {Key: this.bucketPrefix + filename};
+
+  return new Promise((resolve, reject) => {
+    this.s3.getObject(params, (err, data) => {
+      if (err !== null) return reject(err);
+      resolve(data.Body);
+    });
+  });
+}
+
+// Generates and returns the location of a file stored in S3 for the given request and
+// filename
+// The location is the direct S3 link if the option is set, otherwise we serve
+// the file through parse-server
+S3Adapter.prototype.location = function(config, req, filename) {
+  if (this.directAccess) {
+    return ('https://' + this.bucket + '.s3.amazonaws.com' + '/' +
+      this.bucketPrefix + filename);
+  }
+  return (req.protocol + '://' + req.get('host') +
+    path.dirname(req.originalUrl) + '/' + req.config.applicationId +
+    '/' + encodeURIComponent(filename));
+}
+
+module.exports = S3Adapter;

Schema.js

@@ -212,6 +212,9 @@ Schema.prototype.validateObject = function(className, object) {
   var geocount = 0;
   var promise = this.validateClassName(className);
   for (var key in object) {
+    if (object[key] === undefined) {
+      continue;
+    }
     var expected = getType(object[key]);
     if (expected === 'geopoint') {
       geocount++;