Use a central list of private types
This commit is contained in:
parent
597f46f372
commit
12c752a272
GPG Key ID:
C874F672B1AF20C0
22
arn/Private.go
Normal file
22
arn/Private.go
Normal file
@ -0,0 +1,22 @@
|
|||||||
|
package arn
|
||||||
|
|
||||||
|
var (
|
||||||
|
privateCollections = map[string]bool{
|
||||||
|
"Analytics": true,
|
||||||
|
"Crash": true,
|
||||||
|
"ClientErrorReport": true,
|
||||||
|
"EditLogEntry": true,
|
||||||
|
"EmailToUser": true,
|
||||||
|
"FacebookToUser": true,
|
||||||
|
"PayPalPayment": true,
|
||||||
|
"Purchase": true,
|
||||||
|
"Session": true,
|
||||||
|
"TwitterToUser": true,
|
||||||
|
}
|
||||||
|
)
|
||||||
|
|
||||||
|
// IsPrivateType tells you whether the given type is private.
|
||||||
|
// Private types contains user-sensitive or security related data.
|
||||||
|
func IsPrivateType(typeName string) bool {
|
||||||
|
return privateCollections[typeName]
|
||||||
|
}
|
||||||
@ -11,13 +11,6 @@ import (
|
|||||||
|
|
||||||
var (
|
var (
|
||||||
empty = struct{}{}
|
empty = struct{}{}
|
||||||
privateCollections = map[string]struct{}{
|
|
||||||
"PayPalPayment": empty,
|
|
||||||
"Purchase": empty,
|
|
||||||
"EmailToUser": empty,
|
|
||||||
"Session": empty,
|
|
||||||
"EditLogEntry": empty,
|
|
||||||
}
|
|
||||||
)
|
)
|
||||||
|
|
||||||
func Install(app *aero.Application) {
|
func Install(app *aero.Application) {
|
||||||
@ -27,9 +20,8 @@ func Install(app *aero.Application) {
|
|||||||
api.AddRootResolver(func(name string, arguments graphql.Map) (interface{}, error, bool) {
|
api.AddRootResolver(func(name string, arguments graphql.Map) (interface{}, error, bool) {
|
||||||
typeName := strings.TrimPrefix(name, "all")
|
typeName := strings.TrimPrefix(name, "all")
|
||||||
typeName = strings.TrimPrefix(typeName, "like")
|
typeName = strings.TrimPrefix(typeName, "like")
|
||||||
_, private := privateCollections[typeName]
|
|
||||||
|
|
||||||
if private {
|
if arn.IsPrivateType(typeName) {
|
||||||
return nil, fmt.Errorf("Type '%s' is private", typeName), true
|
return nil, fmt.Errorf("Type '%s' is private", typeName), true
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -13,20 +13,6 @@ import (
|
|||||||
"github.com/mohae/deepcopy"
|
"github.com/mohae/deepcopy"
|
||||||
)
|
)
|
||||||
|
|
||||||
// privateTypes are types that are not available for download.
|
|
||||||
var privateTypes = []string{
|
|
||||||
"Analytics",
|
|
||||||
"Crash",
|
|
||||||
"ClientErrorReport",
|
|
||||||
"EditLogEntry",
|
|
||||||
"EmailToUser",
|
|
||||||
"FacebookToUser",
|
|
||||||
"PayPalPayment",
|
|
||||||
"Purchase",
|
|
||||||
"Session",
|
|
||||||
"TwitterToUser",
|
|
||||||
}
|
|
||||||
|
|
||||||
// Download downloads a snapshot of a database collection.
|
// Download downloads a snapshot of a database collection.
|
||||||
func Download(ctx aero.Context) error {
|
func Download(ctx aero.Context) error {
|
||||||
typ := ctx.Get("type")
|
typ := ctx.Get("type")
|
||||||
@ -35,7 +21,7 @@ func Download(ctx aero.Context) error {
|
|||||||
return ctx.Error(http.StatusNotFound, "Type doesn't exist")
|
return ctx.Error(http.StatusNotFound, "Type doesn't exist")
|
||||||
}
|
}
|
||||||
|
|
||||||
if arn.Contains(privateTypes, typ) {
|
if arn.IsPrivateType(typ) {
|
||||||
return ctx.Error(http.StatusUnauthorized, "Type is private and can not be downloaded")
|
return ctx.Error(http.StatusUnauthorized, "Type is private and can not be downloaded")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -13,7 +13,7 @@ func Types(ctx aero.Context) error {
|
|||||||
types := make([]string, 0, len(typeMap))
|
types := make([]string, 0, len(typeMap))
|
||||||
|
|
||||||
for typeName := range typeMap {
|
for typeName := range typeMap {
|
||||||
if arn.Contains(privateTypes, typeName) {
|
if arn.IsPrivateType(typeName) {
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user