src/Routers/SessionsRouter.js


import ClassesRouter from './ClassesRouter';
import Parse         from 'parse/node';
import rest          from '../rest';
import Auth          from '../Auth';
import RestWrite     from '../RestWrite';
import { newToken }  from '../cryptoUtils';

export class SessionsRouter extends ClassesRouter {
  handleFind(req) {
    req.params.className = '_Session';
    return super.handleFind(req);
  }

  handleGet(req) {
    req.params.className = '_Session';
    return super.handleGet(req);
  }

  handleCreate(req) {
    req.params.className = '_Session';
    return super.handleCreate(req);
  }

  handleUpdate(req) {
    req.params.className = '_Session';
    return super.handleUpdate(req);
  }

  handleDelete(req) {
    req.params.className = '_Session';
    return super.handleDelete(req);
  }

  handleMe(req) {
    // TODO: Verify correct behavior
    if (!req.info || !req.info.sessionToken) {
      throw new Parse.Error(Parse.Error.INVALID_SESSION_TOKEN,
        'Session token required.');
    }
    return rest.find(req.config, Auth.master(req.config), '_Session', { sessionToken: req.info.sessionToken }, undefined, req.info.clientSDK)
      .then((response) => {
        if (!response.results || response.results.length == 0) {
          throw new Parse.Error(Parse.Error.INVALID_SESSION_TOKEN,
            'Session token not found.');
        }
        return {
          response: response.results[0]
        };
      });
  }

  handleUpdateToRevocableSession(req) {
    const config = req.config;
    const masterAuth = Auth.master(config)
    const user = req.auth.user;
    // Issue #2720
    // Calling without a session token would result in a not found user
    if (!user) {
      throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'invalid session');
    }
    const expiresAt = config.generateSessionExpiresAt();
    const sessionData = {
      sessionToken: 'r:' + newToken(),
      user: {
        __type: 'Pointer',
        className: '_User',
        objectId: user.id
      },
      createdWith: {
        'action': 'upgrade',
      },
      restricted: false,
      installationId: req.auth.installationId,
      expiresAt: Parse._encode(expiresAt)
    };
    const create = new RestWrite(config, masterAuth, '_Session', null, sessionData);
    return create.execute().then(() => {
      // delete the session token, use the db to skip beforeSave
      return config.database.update('_User', {
        objectId: user.id
      }, {
        sessionToken: {__op: 'Delete'}
      });
    }).then(() => {
      return Promise.resolve({ response: sessionData });
    });
  }

  mountRoutes() {
    this.route('GET','/sessions/me', req => { return this.handleMe(req); });
    this.route('GET', '/sessions', req => { return this.handleFind(req); });
    this.route('GET', '/sessions/:objectId', req => { return this.handleGet(req); });
    this.route('POST', '/sessions', req => { return this.handleCreate(req); });
    this.route('PUT', '/sessions/:objectId', req => { return this.handleUpdate(req); });
    this.route('DELETE', '/sessions/:objectId', req => { return this.handleDelete(req); });
    this.route('POST', '/upgradeToRevocableSession', req => { return this.handleUpdateToRevocableSession(req); })
  }
}

export default SessionsRouter;
Refactor and deduplicate logic in SessionsRouter. 2016-02-11 20:40:15 -08:00
			`import ClassesRouter from './ClassesRouter';`
Adds liniting into the workflow (#3082) * initial linting of src * fix indent to 2 spaces * Removes unnecessary rules * ignore spec folder for now * Spec linting * Fix spec indent * nits * nits * no no-empty rule 2016-11-24 15:47:41 -05:00			`import Parse from 'parse/node';`
No need to transform post-transform keys in mongo adapter 2016-04-25 20:42:19 -07:00			`import rest from '../rest';`
			`import Auth from '../Auth';`
Adds endpoint for non-revocable session token upgrade (#2646) 2016-09-09 14:48:06 -04:00			`import RestWrite from '../RestWrite';`
			`import { newToken } from '../cryptoUtils';`
Refactor and deduplicate logic in SessionsRouter. 2016-02-11 20:40:15 -08:00
			`export class SessionsRouter extends ClassesRouter {`
			`handleFind(req) {`
			`req.params.className = '_Session';`
			`return super.handleFind(req);`
			`}`

			`handleGet(req) {`
			`req.params.className = '_Session';`
			`return super.handleGet(req);`
			`}`

			`handleCreate(req) {`
			`req.params.className = '_Session';`
			`return super.handleCreate(req);`
			`}`

			`handleUpdate(req) {`
			`req.params.className = '_Session';`
			`return super.handleUpdate(req);`
			`}`

			`handleDelete(req) {`
			`req.params.className = '_Session';`
			`return super.handleDelete(req);`
			`}`

			`handleMe(req) {`
			`// TODO: Verify correct behavior`
			`if (!req.info \|\| !req.info.sessionToken) {`
			`throw new Parse.Error(Parse.Error.INVALID_SESSION_TOKEN,`
			`'Session token required.');`
			`}`
Exposes clientSDK into RestQuery, RestWrite and rest 2016-07-12 10:06:13 -04:00			`return rest.find(req.config, Auth.master(req.config), '_Session', { sessionToken: req.info.sessionToken }, undefined, req.info.clientSDK)`
Refactor and deduplicate logic in SessionsRouter. 2016-02-11 20:40:15 -08:00			`.then((response) => {`
			`if (!response.results \|\| response.results.length == 0) {`
			`throw new Parse.Error(Parse.Error.INVALID_SESSION_TOKEN,`
			`'Session token not found.');`
			`}`
			`return {`
			`response: response.results[0]`
			`};`
			`});`
			`}`

Adds endpoint for non-revocable session token upgrade (#2646) 2016-09-09 14:48:06 -04:00			`handleUpdateToRevocableSession(req) {`
			`const config = req.config;`
			`const masterAuth = Auth.master(config)`
			`const user = req.auth.user;`
handling matching api.parse.com when calling upgradeToRevocableSession without a sessionToken (#2721) 2016-09-17 15:52:52 -04:00			`// Issue #2720`
			`// Calling without a session token would result in a not found user`
			`if (!user) {`
			`throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'invalid session');`
			`}`
Adds endpoint for non-revocable session token upgrade (#2646) 2016-09-09 14:48:06 -04:00			`const expiresAt = config.generateSessionExpiresAt();`
			`const sessionData = {`
			`sessionToken: 'r:' + newToken(),`
			`user: {`
			`__type: 'Pointer',`
			`className: '_User',`
			`objectId: user.id`
			`},`
			`createdWith: {`
			`'action': 'upgrade',`
			`},`
			`restricted: false,`
			`installationId: req.auth.installationId,`
			`expiresAt: Parse._encode(expiresAt)`
			`};`
			`const create = new RestWrite(config, masterAuth, '_Session', null, sessionData);`
Adds liniting into the workflow (#3082) * initial linting of src * fix indent to 2 spaces * Removes unnecessary rules * ignore spec folder for now * Spec linting * Fix spec indent * nits * nits * no no-empty rule 2016-11-24 15:47:41 -05:00			`return create.execute().then(() => {`
Adds endpoint for non-revocable session token upgrade (#2646) 2016-09-09 14:48:06 -04:00			`// delete the session token, use the db to skip beforeSave`
			`return config.database.update('_User', {`
			`objectId: user.id`
			`}, {`
			`sessionToken: {__op: 'Delete'}`
			`});`
Adds liniting into the workflow (#3082) * initial linting of src * fix indent to 2 spaces * Removes unnecessary rules * ignore spec folder for now * Spec linting * Fix spec indent * nits * nits * no no-empty rule 2016-11-24 15:47:41 -05:00			`}).then(() => {`
Adds endpoint for non-revocable session token upgrade (#2646) 2016-09-09 14:48:06 -04:00			`return Promise.resolve({ response: sessionData });`
			`});`
			`}`

Refactors routers 2016-02-19 23:47:44 -05:00			`mountRoutes() {`
Reverts calling next() after handling response (#2634) * Revert "Makes sure routes don't overlap and yield a header set error" * removes next() calls in PromiseRouter * Reverts calling next() after response * Adds fail calls when next() calls traverse tests 2016-09-09 17:28:41 -04:00			`this.route('GET','/sessions/me', req => { return this.handleMe(req); });`
Refactors routers 2016-02-19 23:47:44 -05:00			`this.route('GET', '/sessions', req => { return this.handleFind(req); });`
			`this.route('GET', '/sessions/:objectId', req => { return this.handleGet(req); });`
			`this.route('POST', '/sessions', req => { return this.handleCreate(req); });`
			`this.route('PUT', '/sessions/:objectId', req => { return this.handleUpdate(req); });`
			`this.route('DELETE', '/sessions/:objectId', req => { return this.handleDelete(req); });`
Adds liniting into the workflow (#3082) * initial linting of src * fix indent to 2 spaces * Removes unnecessary rules * ignore spec folder for now * Spec linting * Fix spec indent * nits * nits * no no-empty rule 2016-11-24 15:47:41 -05:00			`this.route('POST', '/upgradeToRevocableSession', req => { return this.handleUpdateToRevocableSession(req); })`
Refactor and deduplicate logic in SessionsRouter. 2016-02-11 20:40:15 -08:00			`}`
			`}`

			`export default SessionsRouter;`