Hi, I want to raise a discussion around a topic that I’ve thought about for a while but never discussed with others using Parse.
We’ve got a fairly large application powered by Parse, ~100 classes with roughly ~300m objects in total. We’ve got a couple of clients calling this application, 2 web apps (React) and 2 native apps (React Native). A couple of years ago we realized that mutating objects on each client had a couple of issues.
- If you want to mutate multiple objects from multiple classes you’re more exposed to network errors that could result in an inconsistent state.
- It’s hard to keep track of all the different mutations that are spread among the clients.
- An authenticated user could in theory corrupt their data by just making requests towards the API, which is far from ideal.
For these reasons we moved all our mutations to be encapsulated in Cloud Functions instead. Since we didn’t want the clients to be able to perform unintended mutations we have basically all our CLPs set to read only (we still perform queries in the clients).
This however causes a quite heavy use of “useMasterKey” for mutations. We still authenticate each cloud function based on roles and object ownership etc, but this increases the risk of unintentionally exposing objects that the calling user shouldn’t have access to. This really comes down to the fact that instead of just using the CLP we have to maintain the security for each Cloud Function which is more prone to dev errors.
A solution to this would be to basically disable all mutations that doesn’t originate from Cloud Functions so we can updated our CLPs to include write permissions which would enable us to use “sessionToken” instead of “useMasterKey”.
What’s your thoughts on this? Does it sound crazy or have to also felt the need to channel all your mutations via Cloud Functions?
All the best,