joe/kami-parse-server
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Add Parse Server option allowPublicExplain to allow Parse.Query.explain without master key (#9890)

Browse Source
This commit is contained in:
Lucas Coratger
2025-11-08 17:02:13 +01:00
committed by GitHub
parent 15c8b1abed
commit 4456b02280
12 changed files with 180 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
src/Options/Definitions.js
View File

@@ -1137,6 +1137,13 @@ module.exports.LogClientEvent = {
},
};
module.exports.DatabaseOptions = {
allowPublicExplain: {
env: 'PARSE_SERVER_DATABASE_ALLOW_PUBLIC_EXPLAIN',
help:
'Set to `true` to allow `Parse.Query.explain` without master key.<br><br>\u26A0\uFE0F Enabling this option may expose sensitive query performance data to unauthorized users and could potentially be exploited for malicious purposes.',
action: parsers.booleanParser,
default: true,
},
appName: {
env: 'PARSE_SERVER_DATABASE_APP_NAME',
help:

1
src/Options/docs.js
View File

@@ -257,6 +257,7 @@
/**
* @interface DatabaseOptions
* @property {Boolean} allowPublicExplain Set to `true` to allow `Parse.Query.explain` without master key.<br><br>⚠️ Enabling this option may expose sensitive query performance data to unauthorized users and could potentially be exploited for malicious purposes.
* @property {String} appName The MongoDB driver option to specify the name of the application that created this MongoClient instance.
* @property {String} authMechanism The MongoDB driver option to specify the authentication mechanism that MongoDB will use to authenticate the connection.
* @property {Any} authMechanismProperties The MongoDB driver option to specify properties for the specified authMechanism as a comma-separated list of colon-separated key-value pairs.

3
src/Options/index.js
View File

@@ -751,6 +751,9 @@ export interface DatabaseOptions {
createIndexRoleName: ?boolean;
/* Set to `true` to disable validation of index fields. When disabled, indexes can be created even if the fields do not exist in the schema. This can be useful when creating indexes on fields that will be added later. */
disableIndexFieldValidation: ?boolean;
/* Set to `true` to allow `Parse.Query.explain` without master key.<br><br>⚠️ Enabling this option may expose sensitive query performance data to unauthorized users and could potentially be exploited for malicious purposes.
:DEFAULT: true */
allowPublicExplain: ?boolean;
/* An array of MongoDB client event configurations to enable logging of specific events. */
logClientEvents: ?(LogClientEvent[]);
}