Use a central list of private types

2019-11-18 14:26:53 +09:00 · 2019-11-18 14:26:53 +09:00 · 12c752a272
commit 12c752a272
parent 597f46f372
4 changed files with 26 additions and 26 deletions
--- a/arn/Private.go
+++ b/arn/Private.go
@ -0,0 +1,22 @@
+package arn
+
+var (
+	privateCollections = map[string]bool{
+		"Analytics":         true,
+		"Crash":             true,
+		"ClientErrorReport": true,
+		"EditLogEntry":      true,
+		"EmailToUser":       true,
+		"FacebookToUser":    true,
+		"PayPalPayment":     true,
+		"Purchase":          true,
+		"Session":           true,
+		"TwitterToUser":     true,
+	}
+)
+
+// IsPrivateType tells you whether the given type is private.
+// Private types contains user-sensitive or security related data.
+func IsPrivateType(typeName string) bool {
+	return privateCollections[typeName]
+}
--- a/graphql/graphql.go
+++ b/graphql/graphql.go
@ -10,14 +10,7 @@ import (
 )

 var (
-	empty              = struct{}{}
-	privateCollections = map[string]struct{}{
-		"PayPalPayment": empty,
-		"Purchase":      empty,
-		"EmailToUser":   empty,
-		"Session":       empty,
-		"EditLogEntry":  empty,
-	}
+	empty = struct{}{}
 )

 func Install(app *aero.Application) {
@ -27,9 +20,8 @@ func Install(app *aero.Application) {
 	api.AddRootResolver(func(name string, arguments graphql.Map) (interface{}, error, bool) {
 		typeName := strings.TrimPrefix(name, "all")
 		typeName = strings.TrimPrefix(typeName, "like")
-		_, private := privateCollections[typeName]

-		if private {
+		if arn.IsPrivateType(typeName) {
 			return nil, fmt.Errorf("Type '%s' is private", typeName), true
 		}

--- a/pages/database/download.go
+++ b/pages/database/download.go
@ -13,20 +13,6 @@ import (
 	"github.com/mohae/deepcopy"
 )

-// privateTypes are types that are not available for download.
-var privateTypes = []string{
-	"Analytics",
-	"Crash",
-	"ClientErrorReport",
-	"EditLogEntry",
-	"EmailToUser",
-	"FacebookToUser",
-	"PayPalPayment",
-	"Purchase",
-	"Session",
-	"TwitterToUser",
-}
-
 // Download downloads a snapshot of a database collection.
 func Download(ctx aero.Context) error {
 	typ := ctx.Get("type")
@ -35,7 +21,7 @@ func Download(ctx aero.Context) error {
 		return ctx.Error(http.StatusNotFound, "Type doesn't exist")
 	}

-	if arn.Contains(privateTypes, typ) {
+	if arn.IsPrivateType(typ) {
 		return ctx.Error(http.StatusUnauthorized, "Type is private and can not be downloaded")
 	}

--- a/pages/database/types.go
+++ b/pages/database/types.go
@ -13,7 +13,7 @@ func Types(ctx aero.Context) error {
 	types := make([]string, 0, len(typeMap))

 	for typeName := range typeMap {
-		if arn.Contains(privateTypes, typeName) {
+		if arn.IsPrivateType(typeName) {
 			continue
 		}