| 92 | // Unlike POST/DELETE routes, GET file routes skip handleParseHeaders (which |
| 93 | // normally sets req.info) because those requests may not carry Parse headers. |
| 94 | const initInfo = (req, res, next) => { |
| 95 | if (!req.info) { |
| 96 | const sessionToken = req.get('X-Parse-Session-Token'); |
| 97 | req.info = { |
| 98 | sessionToken, |
| 99 | installationId: req.get('X-Parse-Installation-Id'), |
| 100 | }; |
| 101 | // If no session token and no auth yet (public access), set a minimal |
| 102 | // auth object so handleParseSession skips session resolution. |
| 103 | if (!sessionToken && !req.auth) { |
| 104 | req.auth = { isMaster: false }; |
| 105 | } |
| 106 | } |
| 107 | next(); |
| 108 | }; |
| 109 | // Metadata route must come before the catch-all GET route |
| 110 | router.get('/files/:appId/metadata/*filepath', initInfo, Middlewares.handleParseSession, this.metadataHandler); |
| 111 | router.get('/files/:appId/*filepath', initInfo, Middlewares.handleParseSession, this.getHandler); |