Search code examples
iosparse-platformparse-server

Can the environmental keys that Parse Server is Using be verified inside the client app?

I was wondering if/how can the Parse-Server environmental variables be verified inside a client IOS App.

For those of us that are yet uncomfortable with backend systems, it would be useful to be able to validate via the client side during testing that the backend Parse-Server is actually using the correct Environmental Keys.

Solution

  • If you are testing the keys to setup parse-server such as appId, clientKey, masterKey, you can implement a verify cloud code.

    Once you use appId (or you have set clientKey), you can call this function. Otherwise, you will get errors. You cannot use MasterKey in client-sdk. If you still want to test it, you can implement a rest api with masterKey on your client. But masterKey should not appear in client side, you should avoid user trigger this, or someone may get your masterKey. 

    Parse.Cloud.define("verify", function(request, response) {
    if(request.master==true){
        response.success(true);
    }else{
        response.error(new Error('MasterKey not matched'));
    }
});

    Edited

    By implement a globalConfig obj, verify it as you wish.

    Here is a sample.

    globalConfig.js

    var globalConfig = {};

globalConfig.verify = function(key) {
    return globalConfig.keys.testKey==key;
}

module.exports = globalConfig;

    index.js (partial)

    var globalConfig = require('./globalConfig.js');
var initObj = {
  databaseURI: databaseUri || 'mongodb://localhost:27017/dev',
  cloud: process.env.CLOUD_CODE_MAIN || __dirname + '/cloud/main.js',
  appId: process.env.APP_ID || 'myAppId',
  masterKey: process.env.MASTER_KEY || '', //Add your master key here. Keep it secret!
  serverURL: process.env.SERVER_URL || 'http://localhost:1337/parse',  // Don't forget to change to https if needed
  liveQuery: {
    classNames: ["Posts", "Comments"] // List of classes to support for query subscriptions
  },
  testKey: "this is test"
}
var api = new ParseServer(initObj);
globalConfig.keys = initObj;

    and then you can use globalConfig.verify() to check your keys

    a cloud code example

    var globalConfig = require('../globalConfig.js');
Parse.Cloud.define('verify', function(req, res) {
  res.success(globalConfig.verify(req.params.testKey));
});

    or you can use express post

    app.post('/test', function(req, res) {
    //verify and response
})