(req, res, next)
| 532 | } |
| 533 | |
| 534 | export function enforceRouteAllowList(req, res, next) { |
| 535 | const config = req.config; |
| 536 | if (!config || config.routeAllowList === undefined || config.routeAllowList === null) { |
| 537 | return next(); |
| 538 | } |
| 539 | if (req.auth && (req.auth.isMaster || req.auth.isMaintenance)) { |
| 540 | return next(); |
| 541 | } |
| 542 | let path = req.originalUrl; |
| 543 | if (config.mount) { |
| 544 | const mountPath = new URL(config.mount).pathname; |
| 545 | if (path.startsWith(mountPath)) { |
| 546 | path = path.substring(mountPath.length); |
| 547 | } |
| 548 | } |
| 549 | if (path.startsWith('/')) { |
| 550 | path = path.substring(1); |
| 551 | } |
| 552 | if (path.endsWith('/')) { |
| 553 | path = path.substring(0, path.length - 1); |
| 554 | } |
| 555 | const queryIndex = path.indexOf('?'); |
| 556 | if (queryIndex !== -1) { |
| 557 | path = path.substring(0, queryIndex); |
| 558 | } |
| 559 | const regexes = config._routeAllowListRegex || []; |
| 560 | for (const regex of regexes) { |
| 561 | if (regex.test(path)) { |
| 562 | return next(); |
| 563 | } |
| 564 | } |
| 565 | throw createSanitizedError( |
| 566 | Parse.Error.OPERATION_FORBIDDEN, |
| 567 | `Route not allowed by routeAllowList: ${req.method} ${path}`, |
| 568 | config |
| 569 | ); |
| 570 | } |
| 571 | |
| 572 | export function handleParseErrors(err, req, res, next) { |
| 573 | const log = (req.config && req.config.loggerController) || defaultLogger; |
nothing calls this directly
no test coverage detected