MCPcopy Index your code
hub / github.com/parse-community/parse-server / enforceRouteAllowList

Function enforceRouteAllowList

src/middlewares.js:534–570  ·  view source on GitHub ↗
(req, res, next)

Source from the content-addressed store, hash-verified

532}
533
534export function enforceRouteAllowList(req, res, next) {
535 const config = req.config;
536 if (!config || config.routeAllowList === undefined || config.routeAllowList === null) {
537 return next();
538 }
539 if (req.auth && (req.auth.isMaster || req.auth.isMaintenance)) {
540 return next();
541 }
542 let path = req.originalUrl;
543 if (config.mount) {
544 const mountPath = new URL(config.mount).pathname;
545 if (path.startsWith(mountPath)) {
546 path = path.substring(mountPath.length);
547 }
548 }
549 if (path.startsWith('/')) {
550 path = path.substring(1);
551 }
552 if (path.endsWith('/')) {
553 path = path.substring(0, path.length - 1);
554 }
555 const queryIndex = path.indexOf('?');
556 if (queryIndex !== -1) {
557 path = path.substring(0, queryIndex);
558 }
559 const regexes = config._routeAllowListRegex || [];
560 for (const regex of regexes) {
561 if (regex.test(path)) {
562 return next();
563 }
564 }
565 throw createSanitizedError(
566 Parse.Error.OPERATION_FORBIDDEN,
567 `Route not allowed by routeAllowList: ${req.method} ${path}`,
568 config
569 );
570}
571
572export function handleParseErrors(err, req, res, next) {
573 const log = (req.config && req.config.loggerController) || defaultLogger;

Callers

nothing calls this directly

Calls 2

createSanitizedErrorFunction · 0.90
nextFunction · 0.85

Tested by

no test coverage detected