MCPcopy Index your code
hub / github.com/parse-community/parse-server / handleMe

Method handleMe

src/Routers/UsersRouter.js:191–235  ·  view source on GitHub ↗
(req)

Source from the content-addressed store, hash-verified

189 }
190
191 async handleMe(req) {
192 if (!req.info || !req.info.sessionToken) {
193 throw createSanitizedError(Parse.Error.INVALID_SESSION_TOKEN, 'Invalid session token', req.config);
194 }
195 const sessionToken = req.info.sessionToken;
196 // Query the session with master key to validate the session token,
197 // but do NOT include 'user' to avoid leaking user data via master context
198 const sessionResponse = await rest.find(
199 req.config,
200 Auth.master(req.config),
201 '_Session',
202 { sessionToken },
203 {},
204 req.info.clientSDK,
205 req.info.context
206 );
207 if (
208 !sessionResponse.results ||
209 sessionResponse.results.length == 0 ||
210 !sessionResponse.results[0].user
211 ) {
212 throw createSanitizedError(Parse.Error.INVALID_SESSION_TOKEN, 'Invalid session token', req.config);
213 }
214 const userId = sessionResponse.results[0].user.objectId;
215 // Re-fetch the user with the caller's auth context so that
216 // protectedFields, CLP, and auth adapter afterFind apply correctly
217 const userResponse = await rest.get(
218 req.config,
219 req.auth,
220 '_User',
221 userId,
222 {},
223 req.info.clientSDK,
224 req.info.context
225 );
226 if (!userResponse.results || userResponse.results.length == 0) {
227 throw createSanitizedError(Parse.Error.INVALID_SESSION_TOKEN, 'Invalid session token', req.config);
228 }
229 const user = userResponse.results[0];
230 // Send token back on the login, because SDKs expect that.
231 user.sessionToken = sessionToken;
232 // Remove hidden properties.
233 UsersRouter.removeHiddenProperties(user);
234 return { response: user };
235 }
236
237 async handleLogIn(req) {
238 const user = await this._authenticateUserFromRequest(req);

Callers 1

mountRoutesMethod · 0.95

Calls 4

createSanitizedErrorFunction · 0.90
findMethod · 0.65
getMethod · 0.45

Tested by

no test coverage detected