User authentication / security, transfer

Hi everyone!
I’m new here at Moralis and I got some doubts, hope you can help me.

Context:
We are developing a NFT game, I’m working on server side with Moralis server, so, I implemented some cloud functions, and I’m having problems with them.

  • How can I authenticate the user who make the request? I’m using masterKey to access to User Data on class _User, because with req.user used directly, I can’t read his data. Besides that, it’s better to implement a class “UserInfo” to set all not sensitive data?

  • Could payments/transfer request be implemented on server side ? How?

Hi,

On first question, you can use logger.info(JSON.stringify(request)) to see what data you have there.
In a cloud function you can use master key to read the data for any user, but in front end you can read only the data for current user.
You could add new columns to User class, too. The User class has automatically an ACL set for each row so that only current user can read the data.

You can implement transfer on server side, by using a private key, but it is not recommended because you’ll have to save there the private key.

1 Like