CODEWITHSUNDEEP
parse-server
Jake T.
Jake T.

Reputation: 4378

Parse-Server capture bad session token requests

Is there any way to capture bad session token requests on a remote parse-server app?

Unfortunately, verbose logs for bad session tokens only display a very not verbose error message that an invalid session token was used, whereas all other requests will display the full headers used to make a request. I need to get to those headers so I can identify the x-parse-session-token being sent.

I've discovered I can add some middleware doing something like this:

var myMiddleware = function (req, res, next) {
  // extract request headers
  next()
}

app.use(myMiddleware)

But I wouldn't yet know if the session token was valid or not at that point, and I don't think it'd be efficient to set up a whole extra middleware checking the validity of every session token that gets passed in.

Any tips on how I could get access to these x-parse-session-token headers for requests that are failing due to bad session tokens would be greatly appreciated.

Upvotes: 0

Views: 467

Answers (1)

flovilmart
flovilmart

Reputation: 1769

One hacky way would be to override in your middleware the req.json call.

const myMiddleware = function (req, res, next) {
  const json = res.json;
  res.json = function(object) {
    if (object.code == Parse.Error.INVALID_SESSION_TOKEN) {
      // get the session token
      const token = req.headers['x-parse-session-token'];
      // Invalid token, do something
    }
    // Forward the response
    json.call(res, object);
  }
  next()
}

server = new ParseServer({
   applicationId: YOUR_APP_ID,
   /* more options */
   middleware: myMiddleware
});

// continue initialization here

This should do the trick what do you think?

Upvotes: 1

Related Questions