How to use the useMasterKey with Node.js in parse?

Question

Hi enveryone I have my app made in parse.com But I want to use the master key because I have user the have roles of administrador.

First I try with JS SDk, but they tell me, I have to use Cloud Code.

Well I try with Express and Cloud Code, but when I try to use Parse.Cloud.useMasterkey(), the console say:

Deploy failed with error:Uncaught Parse.initialize() was passed a Master Key, which is only allowed from within Node.js.

Soy my questions is how can I use Node.js with parse? or there is away of use MasterKey without Node??

Cheers :)

Well this is my code, the Administrador User want to add new employees, but only he can do it, so in the data browser the user is master key

exports.create = function(req, res){

   Parse.Cloud.useMasterKey();

   var nombre = req.body.nombre;
   var apellido = req.body.apellido;
   var email = req.body.email;
   var telefono =req.body.telefono;
   var celular = req.body.celular;
   var username = req.body.username;
   var password = req.body.pwd;

   //set data in empleado and users
   empleado.set("nombre", nombre);
   empleado.set("apellido", apellido);
   empleado.set("email", email);
   empleado.set("telefono", parseInt(telefono));
   empleado.set("celular", parseInt(celular));
   user.set("username", username);
   user.set("password", password);
   user.set("email", email);

  /* //crear a pointer in Users tables with information of employee 
   user.set("informacionAdicional", empleado);
   user.save();*/

   empleado.save(null,{
    success: function(empleado){
        console.log('Se han guardado los datos del empleado');},
        error: function (error){
             alert("Error"+ error.code + "" + error.message);}
     });


};

Answer 1

You should not use the master key from a web, That would be insecure. What you need to do is to assign the right permissions to you data table.

First, read up on data security: https://parse.com/docs/data#security

What you should do is to add the correct write rights to the class you are trying to create. In this case this might be the Employee class. Make sure that only the admin user can write to this table. Maybe you can add an Administrators role and add write permissions to this role.

Using the javascript SDK the users first need to authenticate. The the user will be able to add users if the authenticated users is a part of the Administrators role.

You don't need to use the master key and you should never do that on the client side. That would be insecure. If you expose the master key on the client side anyone could read the key and get full access to the database.

Here comes some instructions on a complete implementation.

First in the html make sure you have this:

<script src="//www.parsecdn.com/js/parse-1.3.5.min.js"></script>

Then you need to initialize parse and define a function to create a user like:

Parse.initialize("your application id goes here", "your javascript key goes here");

var createEmployee = function(employeeData){

    var Employee = Parse.Object.extend("Employee");
    var employee = new Employee();

    employee.set("name", employeeData.name);

    //Set more properties of the user/employee


    employee.save(null, {
      success: function(gameScore) {
        // Execute any logic that should take place after the object is saved.
        alert('New employee created with objectId: ' + employee.id);
      },
      error: function(gameScore, error) {
        // Execute any logic that should take place if the save fails.
        // error is a Parse.Error with an error code and message.
        alert('Failed to create new object, with error code: ' + error.message);
      }
    });

};

Then when you need to create an employee call the function like:

createEmployee({ name: "Some name" });