MCPcopy Index your code
hub / github.com/parse-community/parse-server / createHandler

Method createHandler

src/Routers/FilesRouter.js:370–502  ·  view source on GitHub ↗
(req, res, next)

Source from the content-addressed store, hash-verified

368 }
369
370 async createHandler(req, res, next) {
371 if (req.auth.isReadOnly) {
372 const error = createSanitizedHttpError(403, "read-only masterKey isn't allowed to create a file.", req.config);
373 res.status(error.status);
374 res.end(`{"error":"${error.message}"}`);
375 return;
376 }
377 const config = req.config;
378 const isMaster = req.auth.isMaster;
379 const isMaintenance = req.auth.isMaintenance;
380 if (!isMaster && !isMaintenance) {
381 const user = req.auth.user;
382 const isLinked = user && Parse.AnonymousUtils.isLinked(user);
383 if (!config.fileUpload.enableForAnonymousUser && isLinked) {
384 next(
385 new Parse.Error(Parse.Error.FILE_SAVE_ERROR, 'File upload by anonymous user is disabled.')
386 );
387 return;
388 }
389 if (!config.fileUpload.enableForAuthenticatedUser && !isLinked && user) {
390 next(
391 new Parse.Error(
392 Parse.Error.FILE_SAVE_ERROR,
393 'File upload by authenticated user is disabled.'
394 )
395 );
396 return;
397 }
398 if (!config.fileUpload.enableForPublic && !user) {
399 next(new Parse.Error(Parse.Error.FILE_SAVE_ERROR, 'File upload by public is disabled.'));
400 return;
401 }
402 }
403 const filesController = config.filesController;
404 const { filename } = req.params;
405 const contentType = req.get('Content-type');
406
407 const error = filesController.validateFilename(filename);
408 if (error) {
409 next(error);
410 return;
411 }
412
413 const fileExtensions = config.fileUpload?.fileExtensions;
414 if (!isMaster && fileExtensions) {
415 const isValidExtension = extension => {
416 return fileExtensions.some(ext => {
417 if (ext === '*') {
418 return true;
419 }
420 const regex = new RegExp(ext);
421 if (regex.test(extension)) {
422 return true;
423 }
424 });
425 };
426 let extension = contentType;
427 if (filename && filename.includes('.')) {

Callers

nothing calls this directly

Calls 7

_handleBufferedUploadMethod · 0.95
_handleStreamUploadMethod · 0.95
createSanitizedHttpErrorFunction · 0.90
nextFunction · 0.85
validateDirectoryMethod · 0.80
getMethod · 0.45
validateFilenameMethod · 0.45

Tested by

no test coverage detected