({ config, keyValue, maintenanceKeyValue, installationId, clientIp })
| 446 | } |
| 447 | |
| 448 | async function resolveKeyAuth({ config, keyValue, maintenanceKeyValue, installationId, clientIp }) { |
| 449 | if (maintenanceKeyValue && maintenanceKeyValue === config.maintenanceKey) { |
| 450 | if (checkIp(clientIp, config.maintenanceKeyIps || [], config.maintenanceKeyIpsStore)) { |
| 451 | return new auth.Auth({ config, installationId, isMaintenance: true }); |
| 452 | } |
| 453 | const log = config.loggerController || defaultLogger; |
| 454 | log.error( |
| 455 | `Request using maintenance key rejected as the request IP address '${clientIp}' is not set in Parse Server option 'maintenanceKeyIps'.` |
| 456 | ); |
| 457 | const error = new Error(); |
| 458 | error.status = 403; |
| 459 | error.message = 'unauthorized'; |
| 460 | throw error; |
| 461 | } |
| 462 | const masterKey = await config.loadMasterKey(); |
| 463 | if (keyValue === masterKey) { |
| 464 | if (checkIp(clientIp, config.masterKeyIps || [], config.masterKeyIpsStore)) { |
| 465 | return new auth.Auth({ config, installationId, isMaster: true }); |
| 466 | } |
| 467 | const log = config.loggerController || defaultLogger; |
| 468 | log.error( |
| 469 | `Request using master key rejected as the request IP address '${clientIp}' is not set in Parse Server option 'masterKeyIps'.` |
| 470 | ); |
| 471 | const error = new Error(); |
| 472 | error.status = 403; |
| 473 | error.message = 'unauthorized'; |
| 474 | throw error; |
| 475 | } |
| 476 | if ( |
| 477 | keyValue && |
| 478 | typeof config.readOnlyMasterKey !== 'undefined' && |
| 479 | config.readOnlyMasterKey && |
| 480 | keyValue === config.readOnlyMasterKey |
| 481 | ) { |
| 482 | if (checkIp(clientIp, config.readOnlyMasterKeyIps || [], config.readOnlyMasterKeyIpsStore)) { |
| 483 | return new auth.Auth({ config, installationId, isMaster: true, isReadOnly: true }); |
| 484 | } |
| 485 | const log = config.loggerController || defaultLogger; |
| 486 | log.error( |
| 487 | `Request using read-only master key rejected as the request IP address '${clientIp}' is not set in Parse Server option 'readOnlyMasterKeyIps'.` |
| 488 | ); |
| 489 | const error = new Error(); |
| 490 | error.status = 403; |
| 491 | error.message = 'unauthorized'; |
| 492 | throw error; |
| 493 | } |
| 494 | return null; |
| 495 | } |
| 496 | |
| 497 | export function handleParseAuth(appId) { |
| 498 | return async (req, res, next) => { |
no test coverage detected