(req)
| 10 | } |
| 11 | |
| 12 | async handleMe(req) { |
| 13 | if (!req.info || !req.info.sessionToken) { |
| 14 | throw new Parse.Error(Parse.Error.INVALID_SESSION_TOKEN, 'Session token required.'); |
| 15 | } |
| 16 | const sessionToken = req.info.sessionToken; |
| 17 | // Query with master key to validate the session token and get the session objectId |
| 18 | const sessionResponse = await rest.find( |
| 19 | req.config, |
| 20 | Auth.master(req.config), |
| 21 | '_Session', |
| 22 | { sessionToken }, |
| 23 | {}, |
| 24 | req.info.clientSDK, |
| 25 | req.info.context |
| 26 | ); |
| 27 | if ( |
| 28 | !sessionResponse.results || |
| 29 | sessionResponse.results.length == 0 || |
| 30 | !sessionResponse.results[0].user |
| 31 | ) { |
| 32 | throw new Parse.Error(Parse.Error.INVALID_SESSION_TOKEN, 'Session token not found.'); |
| 33 | } |
| 34 | const sessionObjectId = sessionResponse.results[0].objectId; |
| 35 | const userId = sessionResponse.results[0].user.objectId; |
| 36 | // Re-fetch the session with the caller's auth context so that |
| 37 | // protectedFields and CLP apply correctly; if the caller used master key, |
| 38 | // protectedFields are bypassed, matching the behavior of GET /sessions/:id |
| 39 | const refetchAuth = |
| 40 | req.auth?.isMaster || req.auth?.isMaintenance |
| 41 | ? req.auth |
| 42 | : new Auth.Auth({ |
| 43 | config: req.config, |
| 44 | isMaster: false, |
| 45 | user: Parse.Object.fromJSON({ className: '_User', objectId: userId }), |
| 46 | installationId: req.info.installationId, |
| 47 | }); |
| 48 | const response = await rest.get( |
| 49 | req.config, |
| 50 | refetchAuth, |
| 51 | '_Session', |
| 52 | sessionObjectId, |
| 53 | {}, |
| 54 | req.info.clientSDK, |
| 55 | req.info.context |
| 56 | ); |
| 57 | if (!response.results || response.results.length == 0) { |
| 58 | throw new Parse.Error(Parse.Error.INVALID_SESSION_TOKEN, 'Session token not found.'); |
| 59 | } |
| 60 | return { |
| 61 | response: response.results[0], |
| 62 | }; |
| 63 | } |
| 64 | |
| 65 | async handleUpdateToRevocableSession(req) { |
| 66 | const config = req.config; |
no test coverage detected