Search code examples
node.jsexpressparse-server

Using parse-server for users and auth and call other internal REST web service

We're planning on hosting parse-server internally to service content for a new mobile app we're building.

Also we have some internal REST services that I'd want our mobile clients to use in addition to what we're building in parse. I'd like to leverage the parse server users, authentication and session management to front a call to these internal REST services.

I find that the cloud code functions are quite limited as they only accept a POST and I'd like a more RESTful api for the clients to use that maps 1-1 to the internal services so I can just pass the request along. I've create an express middleware function running alongside parse server that just takes an incoming request, changes the base url, adds a new header (auth related) and routes/proxies that request off to the internal webservice.

Firstly would it be possible to get a parse client api to call this other express endpoint? Secondly, on the server side what would be the best way to authenticate this call.

I've create a simple node.js test file where I sign into the parse server with the javascript/node api and then set the user session-token in a header in a rest client to call this new endpoint but looking for feedback or a better approach.

var express = require('express');
var request = require('request');
var ParseServer = require('parse-server').ParseServer;
...

var api = new ParseServer({
    ...
});

app.use('/parse', api);

// Middleware function to auth request against parse and forward to other  web service
app.use('/api/', function (req, res, next) {

    var currentToken = req.headers['x-parse-session-token'];

    //TODO, validate user token.. HOW BEST?

    if (currentToken) {
        // Query Parse for some user related data to add to request
        // Modify request and forward to other web service
        var newUrl = apiServerHost + req.baseUrl;

        req.pipe(request(newUrl)).pipe(res);

    } else {
        res.send('Unknown parse user');
    }
});
...
Solution

  • So. I just created an express middleware function that checks for the x-parse-session-token header, then calls /parse/users/me.

    app.use(function (req, res, next) {
  unirest.get(env.getParseURL() + '/users/me')
  .headers({
    'X-Parse-Application-Id': env.getApplicationId() ,
    'X-Parse-REST-API-Key': env.getRestApiKey(),
    'X-Parse-Session-Token': req.header("x-parse-session-token") })
  .send({})
  .end(function(userData){

    If the response is 200 and contains a user (use Parse.Object.fromJSON) in the body of the reply then the session is valid so I forward the request onto the other internal services after adding some internal auth headers.