joe/kami-parse-server
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Add Parse Server option enableSanitizedErrorResponse to remove detailed error messages from responses sent to clients (#9944)

Browse Source
This commit is contained in:
Lucas Coratger
2025-11-28 19:48:35 +01:00
committed by GitHub
parent 73e78127c2
commit 47521974ae
24 changed files with 121 additions and 49 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
src/GraphQL/loaders/schemaMutations.js
View File

@@ -31,12 +31,13 @@ const load = parseGraphQLSchema => {
const { name, schemaFields } = deepcopy(args);
const { config, auth } = context;
enforceMasterKeyAccess(auth);
enforceMasterKeyAccess(auth, config);
if (auth.isReadOnly) {
throw createSanitizedError(
Parse.Error.OPERATION_FORBIDDEN,
"read-only masterKey isn't allowed to create a schema.",
config
);
}
@@ -80,12 +81,13 @@ const load = parseGraphQLSchema => {
const { name, schemaFields } = deepcopy(args);
const { config, auth } = context;
enforceMasterKeyAccess(auth);
enforceMasterKeyAccess(auth, config);
if (auth.isReadOnly) {
throw createSanitizedError(
Parse.Error.OPERATION_FORBIDDEN,
"read-only masterKey isn't allowed to update a schema."
"read-only masterKey isn't allowed to update a schema.",
config
);
}
@@ -131,12 +133,13 @@ const load = parseGraphQLSchema => {
const { name } = deepcopy(args);
const { config, auth } = context;
enforceMasterKeyAccess(auth);
enforceMasterKeyAccess(auth, config);
if (auth.isReadOnly) {
throw createSanitizedError(
Parse.Error.OPERATION_FORBIDDEN,
"read-only masterKey isn't allowed to delete a schema.",
config
);
}

4
src/GraphQL/loaders/schemaQueries.js
View File

@@ -31,7 +31,7 @@ const load = parseGraphQLSchema => {
const { name } = deepcopy(args);
const { config, auth } = context;
enforceMasterKeyAccess(auth);
enforceMasterKeyAccess(auth, config);
const schema = await config.database.loadSchema({ clearCache: true });
const parseClass = await getClass(name, schema);
@@ -57,7 +57,7 @@ const load = parseGraphQLSchema => {
try {
const { config, auth } = context;
enforceMasterKeyAccess(auth);
enforceMasterKeyAccess(auth, config);
const schema = await config.database.loadSchema({ clearCache: true });
return (await schema.getAllClasses(true)).map(parseClass => ({

4
src/GraphQL/loaders/usersQueries.js
View File

@@ -9,7 +9,7 @@ import { createSanitizedError } from '../../Error';
const getUserFromSessionToken = async (context, queryInfo, keysPrefix, userId) => {
const { info, config } = context;
if (!info || !info.sessionToken) {
throw createSanitizedError(Parse.Error.INVALID_SESSION_TOKEN, 'Invalid session token');
throw createSanitizedError(Parse.Error.INVALID_SESSION_TOKEN, 'Invalid session token', config);
}
const sessionToken = info.sessionToken;
const selectedFields = getFieldNames(queryInfo)
@@ -63,7 +63,7 @@ const getUserFromSessionToken = async (context, queryInfo, keysPrefix, userId) =
info.context
);
if (!response.results || response.results.length == 0) {
throw createSanitizedError(Parse.Error.INVALID_SESSION_TOKEN, 'Invalid session token');
throw createSanitizedError(Parse.Error.INVALID_SESSION_TOKEN, 'Invalid session token', config);
} else {
const user = response.results[0];
return {

3
src/GraphQL/parseGraphQLUtils.js
View File

@@ -2,11 +2,12 @@ import Parse from 'parse/node';
import { GraphQLError } from 'graphql';
import { createSanitizedError } from '../Error';
export function enforceMasterKeyAccess(auth) {
export function enforceMasterKeyAccess(auth, config) {
if (!auth.isMaster) {
throw createSanitizedError(
Parse.Error.OPERATION_FORBIDDEN,
'unauthorized: master key is required',
config
);
}
}