Adds support for read-only masterKey (#4297)

* Adds support for read-only masterKey * Adds tests to make sure all endpoints are properly protected * Updates readme * nits
2017-10-26 15:35:07 -04:00
parent 87b79cedfa
commit 1dd58b7527
13 changed files with 195 additions and 7 deletions
--- a/src/middlewares.js
+++ b/src/middlewares.js
@@ -126,6 +126,13 @@ export function handleParseHeaders(req, res, next) {
    return;
  }

+  var isReadOnlyMaster = (info.masterKey === req.config.readOnlyMasterKey);
+  if (typeof req.config.readOnlyMasterKey != 'undefined' && req.config.readOnlyMasterKey && isReadOnlyMaster) {
+    req.auth = new auth.Auth({ config: req.config, installationId: info.installationId, isMaster: true, isReadOnly: true });
+    next();
+    return;
+  }
+
  // Client keys are not required in parse-server, but if any have been configured in the server, validate them
  //  to preserve original behavior.
  const keys = ["clientKey", "javascriptKey", "dotNetKey", "restAPIKey"];