Parse Server can be configured using the following options. You may pass these as parameters when running a standalone parse-server, or by loading a configuration file in JSON format using parse-server path/to/configuration.json. If you're using Parse Server on Express, you may also pass these to the ParseServer object as options.
For the full list of available options, run parse-server --help or take a look at Parse Server Configurations.
appId: A unique identifier for your app.databaseURI: Connection string URI for your MongoDB.cloud: Path to your app’s Cloud Code.masterKey: A key that overrides all permissions. Keep this secret.serverURL: URL to your Parse Server (don't forget to specify http:// or https://). This URL will be used when making requests to Parse Server from Cloud Code.port: The default port is 1337, specify this parameter to use a different port.push: An object containing push configuration. See Pushauth: Configure support for 3rd party authentication.
For the full list of available options, run parse-server --help or refer to Parse Server Options for a complete list of configuration options.
The Parse Server object was built to be passed directly into app.use, which will mount the Parse API at a specified path in your Express app:
const express = require('express');
const ParseServer = require('parse-server').ParseServer;
const app = express();
const api = new ParseServer({ ... });
// Serve the Parse API at /parse URL prefix
app.use('/parse', api);
var port = 1337;
app.listen(port, function() {
console.log('parse-server-example running on port ' + port + '.');
});And with that, you will have a Parse Server running on port 1337, serving the Parse API at /parse.
Verifying user email addresses and enabling password reset via email requires an email adapter. As part of the parse-server package we provide an adapter for sending email through Mailgun. To use it, sign up for Mailgun, and add this to your initialization code:
const api = ParseServer({
...otherOptions,
verifyUserEmails: true,
emailVerifyTokenValidityDuration: 2 * 60 * 60, // in seconds (2 hours = 7200 seconds)
preventLoginWithUnverifiedEmail: false, // defaults to false
publicServerURL: 'https://example.com/parse',
appName: 'Parse App',
emailAdapter: {
module: '@parse/simple-mailgun-adapter',
options: {
fromAddress: '[email protected]',
domain: 'example.com',
apiKey: 'key-mykey',
}
},
});You can also use email adapters contributed by the community such as:
- parse-server-mailgun-adapter-template
- parse-smtp-template (Multi Language and Multi Template)
- parse-server-postmark-adapter
- parse-server-sendgrid-adapter
- parse-server-mandrill-adapter
- parse-server-simple-ses-adapter
- parse-server-sendinblue-adapter
- parse-server-mailjet-adapter
- simple-parse-smtp-adapter
- parse-server-generic-email-adapter
The Parse Server Configuration Options relating to email verifcation are:
verifyUserEmails: Whether the Parse Server should send an email on user signup.emailVerifyTokenValidityDuration: How long the email verify tokens should be valid for.emailVerifyTokenReuseIfValid: Whether an existing token should be resent if the token is still valid.preventLoginWithUnverifiedEmail: Whether the Parse Server should prevent login until the user verifies their email.publicServerURL: The public URL of your app. This will appear in the link that is used to verify email addresses and reset passwords.appName: Your apps name. This will appear in the subject and body of the emails that are sent.emailAdapter: The email adapter.
Note:
- If
verifyUserEmailsistrueand ifemailVerifyTokenValidityDurationisundefinedthen the email verify token never expires. Otherwise, the email verify token expires afteremailVerifyTokenValidityDuration.
Account lockouts prevent login requests after a defined number of failed password attempts. The account lock prevents logging in for a period of time even if the correct password is entered.
If the account lockout policy is set and there are more than threshold number of failed login attempts then the login api call returns error code Parse.Error.OBJECT_NOT_FOUND with error message Your account is locked due to multiple failed login attempts. Please try again after <duration> minute(s).
After duration minutes of no login attempts, the application will allow the user to try login again.
*accountLockout: Object that contains account lockout rules.
*accountLockout.duration: Determines the number of minutes that a locked-out account remains locked out before automatically becoming unlocked. Set it to a value greater than 0 and less than 100000.
*accountLockout.threshold: Determines the number of failed sign-in attempts that will cause a user account to be locked. Set it to an integer value greater than 0 and less than 1000.
const api = ParseServer({
...otherOptions,
accountLockout: {
duration: 5,
threshold: 3
}
});Password policy is a good way to enforce that users' passwords are secure. Two optional settings can be used to enforce strong passwords. Either one or both can be specified.
If both are specified, both checks must pass to accept the password
passwordPolicy.validatorPattern: a RegExp object or a regex string representing the pattern to enforcepasswordPolicy.validatorCallback: a callback function to be invoked to validate the password
The full range of options for Password Policy are:
*passwordPolicy is an object that contains the following rules:
*passwordPolicy.validationError: optional error message to be sent instead of the default "Password does not meet the Password Policy requirements" message.
*passwordPolicy.doNotAllowUsername: optional setting to disallow username in passwords.
*passwordPolicy.maxPasswordAge: optional setting in days for password expiry. Login fails if user does not reset the password within this period after signup/last reset.
*passwordPolicy.maxPasswordHistory: optional setting to prevent reuse of previous n passwords. Maximum value that can be specified is 20. Not specifying it or specifying 0 will not enforce history.
*passwordPolicy.resetTokenValidityDuration: optional setting to set a validity duration for password reset links (in seconds).
*passwordPolicy.resetTokenReuseIfValid: optional setting to resend the current token if it's still valid.
const validatePassword = password => {
if (!password) {
return false;
}
if (password.includes('pass')) {
return false;
}
return true;
}
const api = ParseServer({
...otherOptions,
passwordPolicy: {
validatorPattern: /^(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9])(?=.{8,})/, // enforce password with at least 8 char with at least 1 lower case, 1 upper case and 1 digit
validatorCallback: (password) => { return validatePassword(password) },
validationError: 'Password must contain at least 1 digit.',
doNotAllowUsername: true,
maxPasswordAge: 90,
maxPasswordHistory: 5,
resetTokenValidityDuration: 24*60*60,
resetTokenReuseIfValid: true
}
});It’s possible to change the default pages of the app and redirect the user to another path or domain.
const api = ParseServer({
...otherOptions,
customPages: {
passwordResetSuccess: "http://yourapp.com/passwordResetSuccess",
verifyEmailSuccess: "http://yourapp.com/verifyEmailSuccess",
parseFrameURL: "http://yourapp.com/parseFrameURL",
linkSendSuccess: "http://yourapp.com/linkSendSuccess",
linkSendFail: "http://yourapp.com/linkSendFail",
invalidLink: "http://yourapp.com/invalidLink",
invalidVerificationLink: "http://yourapp.com/invalidVerificationLink",
choosePassword: "http://yourapp.com/choosePassword"
}
})When deploying to be production, make sure:
allowClientClassCreationis set tofalsemountPlaygroundis not set totruemasterKeyis set to a long and complex stringreadOnlyMasterKeyif set, is set to a long and complex string- That you have authentication required on your database, and, if you are using mongo, disable unauthenticated access to port 27017
- You have restricted
countandaddFieldoperations via Class Level Permissions - You enforce ACL and data validation using cloud code
You may configure the Parse Server using environment variables:
PORT
PARSE_SERVER_APPLICATION_ID
PARSE_SERVER_MASTER_KEY
PARSE_SERVER_DATABASE_URI
PARSE_SERVER_URL
PARSE_SERVER_CLOUDThe default port is 1337, to use a different port set the PORT environment variable:
$ PORT=8080 parse-server --appId APPLICATION_ID --masterKey MASTER_KEYFor the full list of configurable environment variables, run parse-server --help or take a look at Parse Server Configuration.