From 12c752a272a7cf94429e85fc158bd4d99c33f1b8 Mon Sep 17 00:00:00 2001
From: Eduard Urbach <e.urbach@gmail.com>
Date: Mon, 18 Nov 2019 14:26:53 +0900
Subject: [PATCH] Use a central list of private types

---
 arn/Private.go             | 22 ++++++++++++++++++++++
 graphql/graphql.go         | 12 ++----------
 pages/database/download.go | 16 +---------------
 pages/database/types.go    |  2 +-
 4 files changed, 26 insertions(+), 26 deletions(-)
 create mode 100644 arn/Private.go

diff --git a/arn/Private.go b/arn/Private.go
new file mode 100644
index 00000000..d46393eb
--- /dev/null
+++ b/arn/Private.go
@@ -0,0 +1,22 @@
+package arn
+
+var (
+	privateCollections = map[string]bool{
+		"Analytics":         true,
+		"Crash":             true,
+		"ClientErrorReport": true,
+		"EditLogEntry":      true,
+		"EmailToUser":       true,
+		"FacebookToUser":    true,
+		"PayPalPayment":     true,
+		"Purchase":          true,
+		"Session":           true,
+		"TwitterToUser":     true,
+	}
+)
+
+// IsPrivateType tells you whether the given type is private.
+// Private types contains user-sensitive or security related data.
+func IsPrivateType(typeName string) bool {
+	return privateCollections[typeName]
+}
diff --git a/graphql/graphql.go b/graphql/graphql.go
index 7456fbe1..a204cffd 100644
--- a/graphql/graphql.go
+++ b/graphql/graphql.go
@@ -10,14 +10,7 @@ import (
 )
 
 var (
-	empty              = struct{}{}
-	privateCollections = map[string]struct{}{
-		"PayPalPayment": empty,
-		"Purchase":      empty,
-		"EmailToUser":   empty,
-		"Session":       empty,
-		"EditLogEntry":  empty,
-	}
+	empty = struct{}{}
 )
 
 func Install(app *aero.Application) {
@@ -27,9 +20,8 @@ func Install(app *aero.Application) {
 	api.AddRootResolver(func(name string, arguments graphql.Map) (interface{}, error, bool) {
 		typeName := strings.TrimPrefix(name, "all")
 		typeName = strings.TrimPrefix(typeName, "like")
-		_, private := privateCollections[typeName]
 
-		if private {
+		if arn.IsPrivateType(typeName) {
 			return nil, fmt.Errorf("Type '%s' is private", typeName), true
 		}
 
diff --git a/pages/database/download.go b/pages/database/download.go
index 79f4c14d..b9357ee7 100644
--- a/pages/database/download.go
+++ b/pages/database/download.go
@@ -13,20 +13,6 @@ import (
 	"github.com/mohae/deepcopy"
 )
 
-// privateTypes are types that are not available for download.
-var privateTypes = []string{
-	"Analytics",
-	"Crash",
-	"ClientErrorReport",
-	"EditLogEntry",
-	"EmailToUser",
-	"FacebookToUser",
-	"PayPalPayment",
-	"Purchase",
-	"Session",
-	"TwitterToUser",
-}
-
 // Download downloads a snapshot of a database collection.
 func Download(ctx aero.Context) error {
 	typ := ctx.Get("type")
@@ -35,7 +21,7 @@ func Download(ctx aero.Context) error {
 		return ctx.Error(http.StatusNotFound, "Type doesn't exist")
 	}
 
-	if arn.Contains(privateTypes, typ) {
+	if arn.IsPrivateType(typ) {
 		return ctx.Error(http.StatusUnauthorized, "Type is private and can not be downloaded")
 	}
 
diff --git a/pages/database/types.go b/pages/database/types.go
index 0c169273..064804a5 100644
--- a/pages/database/types.go
+++ b/pages/database/types.go
@@ -13,7 +13,7 @@ func Types(ctx aero.Context) error {
 	types := make([]string, 0, len(typeMap))
 
 	for typeName := range typeMap {
-		if arn.Contains(privateTypes, typeName) {
+		if arn.IsPrivateType(typeName) {
 			continue
 		}