UNPKG

rxdb-server

Version:

RxDB Server Plugin

rxdb.info/rx-server.html

pubkey/rxdb-server

157 lines (154 loc) 5.08 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.docContainsServerOnlyFields = docContainsServerOnlyFields; exports.doesContainRegexQuerySelector = doesContainRegexQuerySelector; exports.getAuthDataByRequest = getAuthDataByRequest; exports.getDocAllowedMatcher = getDocAllowedMatcher; exports.mergeServerDocumentFieldsMonad = mergeServerDocumentFieldsMonad; exports.removeServerOnlyFieldsMonad = removeServerOnlyFieldsMonad; exports.setCors = setCors; exports.stripServerOnlyFieldsMonad = stripServerOnlyFieldsMonad; var _core = require("rxdb/plugins/core"); function setCors(server, path, cors) { var useCors = cors; if (!useCors) { useCors = server.cors; } if (useCors) { server.adapter.setCors(server.serverApp, path, useCors); } } var AUTH_PER_REQUEST = new WeakMap(); async function getAuthDataByRequest(server, request, response) { return (0, _core.getFromMapOrCreate)(AUTH_PER_REQUEST, request, async () => { try { var headers = server.adapter.getRequestHeaders(request); var authData = await server.authHandler(headers); return authData; } catch (err) { server.adapter.closeConnection(response, 401, 'Unauthorized'); return false; } }); } ; var defaultMatchingQuery = { selector: {}, skip: 0, sort: [] }; function getDocAllowedMatcher(endpoint, authData) { var useQuery = endpoint.queryModifier ? endpoint.queryModifier(authData, (0, _core.normalizeMangoQuery)(endpoint.collection.schema.jsonSchema, {})) : defaultMatchingQuery; var docDataMatcher = (0, _core.getQueryMatcher)(endpoint.collection.schema.jsonSchema, useQuery); return docDataMatcher; } function docContainsServerOnlyFields(serverOnlyFields, doc) { var has = serverOnlyFields.find(field => { return typeof doc[field] !== 'undefined'; }); return has; } /** * Returns a function that strips the given server-only fields from a client * document. This is used when accepting a NEW document from a client write to * make sure that server-only fields cannot be populated by the client. * * Unlike {@link removeServerOnlyFieldsMonad} this does not assign undefined to * RxDB internal meta fields (`_meta`, `_rev`, `_attachments`) so the result can * be safely passed to `RxCollection.insert()`. */ function stripServerOnlyFieldsMonad(serverOnlyFields) { if (serverOnlyFields.length === 0) { return docData => docData; } return docData => { var ret = (0, _core.flatClone)(docData); for (var i = 0; i < serverOnlyFields.length; i++) { delete ret[serverOnlyFields[i]]; } return ret; }; } function removeServerOnlyFieldsMonad(serverOnlyFields) { var serverOnlyFieldsStencil = { _meta: undefined, _rev: undefined, _attachments: undefined }; serverOnlyFields.forEach(field => serverOnlyFieldsStencil[field] = undefined); return docData => { if (!docData) { return docData; } return Object.assign({}, docData, serverOnlyFieldsStencil); }; } function mergeServerDocumentFieldsMonad(serverOnlyFields) { var useFields = serverOnlyFields.slice(0); // useFields.push('_rev'); // useFields.push('_meta'); // useFields.push('_attachments'); useFields = (0, _core.uniqueArray)(useFields); return (clientDoc, serverDoc) => { if (!clientDoc) { return clientDoc; } var ret = (0, _core.flatClone)(clientDoc); if (!serverDoc) { // No prior server-side state exists for this document (new // insert). The client must not be able to populate server-only // fields on creation, so strip them from the merged document. useFields.forEach(field => delete ret[field]); return ret; } useFields.forEach(field => { /** * If the field exists on the serverDoc, copy its value so that * the server-side value always wins over anything the client * sent. If it does not exist on the serverDoc, delete it from * the merged document so the key is truly absent — using `null` * here would make the merged row differ from the stored master * state during the isEqual check inside masterWrite and * produce a false conflict that silently reverts the write. */ if (field in serverDoc) { ret[field] = serverDoc[field]; } else { delete ret[field]; } }); return ret; }; } /** * $regex queries are dangerous because they can dos-attack the server. * * @param selector */ function doesContainRegexQuerySelector(selector) { if (!selector) { return false; } if (Array.isArray(selector)) { var found = !!selector.find(item => doesContainRegexQuerySelector(item)); return found; } if (typeof selector !== 'object') { return false; } var entries = Object.entries(selector); for (var [key, value] of entries) { if (key === '$regex') { return true; } else { var has = doesContainRegexQuerySelector(value); if (has) { return true; } } } return false; } //# sourceMappingURL=helper.js.map