Merge pull request #72 from sdjcw/0.x

fix: 云函数的 user 对象固定从 header 中获取

Author: sdjcw

.travis.yml

@@ -1,3 +1,4 @@
 language: node_js
 node_js:
   - "0.12"
+  - "4"

lib/av-extra.js

@@ -294,8 +294,7 @@ AV.Object.prototype.disableAfterHook = function() {
 };
 
 var signDisableHook = function(hookName, ts) {
-  var masterKey = process.env.LC_APP_MASTER_KEY;
-  var sign = crypto.createHmac('sha1', masterKey)
+  var sign = crypto.createHmac('sha1', AV.masterKey)
     .update(hookName + ':' + ts)
     .digest('hex');
   return ts + ',' + sign;

lib/leanengine.js

@@ -195,7 +195,8 @@ Cloud.use('/__engine/1/ping', function(req, res) {
 
     // parseUserInfo
     Cloud.use(route, function(req, res, next) {
-      if (req.AV.sessionToken && req.AV.sessionToken !== '') {
+      var functionType = getFunctionType(req);
+      if (functionType === 'cloudFunction' && req.AV.sessionToken && req.AV.sessionToken !== '') {
         AV.User.become(req.AV.sessionToken, {
           success: function(user) {
             req.AV.user = user;
@@ -205,7 +206,7 @@ Cloud.use('/__engine/1/ping', function(req, res) {
             next(err);
           }
         });
-      } else if (req.body.user) {
+      } else if (functionType === 'hook' && req.body.user) {
         var userObj = new AV.User();
         userObj._finishFetch(req.body.user, true);
         AV.User._saveCurrentUser(userObj);
@@ -235,14 +236,15 @@ Cloud.use('/__engine/1/ping', function(req, res) {
       var meta = {
         remoteAddress: req.headers['x-real-ip'] || req.headers['x-forwarded-for'] || req.connection.remoteAddress,
       };
+      var functionType = getFunctionType(req);
       var split = req.url.split('/');
-      if (split.length == 2) { // cloud function
+      if (functionType === 'cloudFunction') {
         call(split[1], req.body, req.AV.user, meta, {
           decodeAVObject: urlEndpoint == 'call'
         }, function(err, data) {
           cb(err, data);
         });
-      } else if (split.length == 3) { // class hook
+      } else if (functionType === 'hook') {
         var userObj = new AV.User();
         if (split[1] === 'onVerified') {
           userObj._finishFetch(req.body.object, true);
@@ -276,6 +278,15 @@ Cloud.use('/__engine/1/ping', function(req, res) {
   });
 });
 
+var getFunctionType = function(req) {
+  var split = req.url.split('/');
+  if (split.length == 2) {
+    return 'cloudFunction';
+  } else if (split.length == 3) {
+    return 'hook';
+  }
+}
+
 var resp = function(res, data) {
   res.setHeader('Content-Type', 'application/json; charset=UTF-8');
   res.statusCode = 200;

test/av-extra_test.js

@@ -58,7 +58,7 @@ describe('av-extra', function() {
   });
 
   it('signDisableHook', function() {
-    AV.__get__('signDisableHook')('__before_for_TestClass', 1453711871302).should.equal('1453711871302,177cbac6495f52e462aae2d054529e08a1725276');
+    AV.__get__('signDisableHook')('__before_for_TestClass', 1453711871302).should.equal('1453711871302,a9611dbc226eed1a5f4aa0e4fa20e2d014aeaeb8');
   });
 
 });

test/function_test.js

@@ -108,10 +108,15 @@ AV.Cloud.define('testAVObjectsArrayParams', function(request, response) {
 });
 
 AV.Cloud.define('testUser', function(request, response) {
-  assert.equal(request.user.className, '_User');
-  assert.equal(request.user.id, '54fd6a03e4b06c41e00b1f40');
-  assert.equal(request.user.get('username'), 'admin');
-  assert.equal(request.user, AV.User.current());
+  if (request.params.expectedUserId) {
+    assert.equal(request.user.className, '_User');
+    assert.equal(request.user.id, '54fd6a03e4b06c41e00b1f40');
+    assert.equal(request.user.id, request.params.expectedUserId);
+    assert.equal(request.user.get('username'), 'admin');
+    assert.equal(request.user, AV.User.current());
+  } else {
+    assert.equal(request.user, undefined);
+  }
   response.success("ok");
 });
 
@@ -160,7 +165,7 @@ AV.Cloud.define('testRun_promise', function(request, response) {
 });
 
 AV.Cloud.define('testRunWithUser', function(request, response) {
-  AV.Cloud.run('testUser', {}, {
+  AV.Cloud.run('testUser', {expectedUserId: '54fd6a03e4b06c41e00b1f40'}, {
     success: function(data) {
       assert.equal('ok', data);
       response.success();
@@ -268,6 +273,7 @@ describe('functions', function() {
 
   // 测试返回包含 AVObject 的复杂对象
   it('return_complexObject', function(done) {
+    this.timeout(20000);
     request(AV.Cloud)
       .post('/1.1/call/complexObject')
       .set('X-AVOSCloud-Application-Id', appId)
@@ -325,6 +331,7 @@ describe('functions', function() {
 
   // 返回单个 AVObject
   it('return_bareAVObject', function(done) {
+    this.timeout(20000);
     request(AV.Cloud)
       .post('/1.1/call/bareAVObject')
       .set('X-AVOSCloud-Application-Id', appId)
@@ -339,6 +346,7 @@ describe('functions', function() {
 
   // 返回 AVObject 数组
   it('return_AVObjectsArray', function(done) {
+    this.timeout(20000);
     request(AV.Cloud)
       .post('/1.1/call/AVObjects')
       .set('X-AVOSCloud-Application-Id', appId)
@@ -483,6 +491,9 @@ describe('functions', function() {
       .set('X-AVOSCloud-Application-Id', appId)
       .set('X-AVOSCloud-Application-Key', appKey)
       .set('x-avoscloud-session-token', sessionToken_admin)
+      .send({
+         expectedUserId: '54fd6a03e4b06c41e00b1f40'
+      })
       .expect(200, done);
   });
 
@@ -500,6 +511,20 @@ describe('functions', function() {
       });
   });
 
+  it('testUser_invalid_body_user', function(done) {
+    request(AV.Cloud)
+      .post('/1/functions/testUser')
+      .set('X-AVOSCloud-Application-Id', appId)
+      .set('X-AVOSCloud-Application-Key', appKey)
+      .send({
+        "user": {
+          "username": "admin",
+          "objectId": "52aebbdee4b0c8b6fa455aa7"
+        }
+      })
+      .expect(200, done);
+  });
+
   // 测试调用 run 方法时，传递 user 对象的有效性
   it('testRunWithUser', function(done) {
     request(AV.Cloud)