feat: Prevent Parse Server start in case of unknown option in server configuration (#8987)
This commit is contained in:
Vivek Joshi
GitHub
@@ -54,6 +54,7 @@ module.exports.ParseServerOptions = {
|
||||
env: 'PARSE_SERVER_ACCOUNT_LOCKOUT',
|
||||
help: 'The account lockout policy for failed login attempts.',
|
||||
action: parsers.objectParser,
|
||||
type: 'AccountLockoutOptions',
|
||||
},
|
||||
allowClientClassCreation: {
|
||||
env: 'PARSE_SERVER_ALLOW_CLIENT_CLASS_CREATION',
|
||||
@@ -157,6 +158,7 @@ module.exports.ParseServerOptions = {
|
||||
env: 'PARSE_SERVER_CUSTOM_PAGES',
|
||||
help: 'custom pages for password validation and reset',
|
||||
action: parsers.objectParser,
|
||||
type: 'CustomPagesOptions',
|
||||
default: {},
|
||||
},
|
||||
databaseAdapter: {
|
||||
@@ -169,6 +171,7 @@ module.exports.ParseServerOptions = {
|
||||
env: 'PARSE_SERVER_DATABASE_OPTIONS',
|
||||
help: 'Options to pass to the database client',
|
||||
action: parsers.objectParser,
|
||||
type: 'DatabaseOptions',
|
||||
},
|
||||
databaseURI: {
|
||||
env: 'PARSE_SERVER_DATABASE_URI',
|
||||
@@ -273,6 +276,7 @@ module.exports.ParseServerOptions = {
|
||||
env: 'PARSE_SERVER_FILE_UPLOAD_OPTIONS',
|
||||
help: 'Options for file uploads',
|
||||
action: parsers.objectParser,
|
||||
type: 'FileUploadOptions',
|
||||
default: {},
|
||||
},
|
||||
graphQLPath: {
|
||||
@@ -294,6 +298,7 @@ module.exports.ParseServerOptions = {
|
||||
help:
|
||||
'Options for request idempotency to deduplicate identical requests that may be caused by network issues. Caution, this is an experimental feature that may not be appropriate for production.',
|
||||
action: parsers.objectParser,
|
||||
type: 'IdempotencyOptions',
|
||||
default: {},
|
||||
},
|
||||
javascriptKey: {
|
||||
@@ -309,11 +314,13 @@ module.exports.ParseServerOptions = {
|
||||
env: 'PARSE_SERVER_LIVE_QUERY',
|
||||
help: "parse-server's LiveQuery configuration object",
|
||||
action: parsers.objectParser,
|
||||
type: 'LiveQueryOptions',
|
||||
},
|
||||
liveQueryServerOptions: {
|
||||
env: 'PARSE_SERVER_LIVE_QUERY_SERVER_OPTIONS',
|
||||
help: 'Live query server configuration options (will start the liveQuery server)',
|
||||
action: parsers.objectParser,
|
||||
type: 'LiveQueryServerOptions',
|
||||
},
|
||||
loggerAdapter: {
|
||||
env: 'PARSE_SERVER_LOGGER_ADAPTER',
|
||||
@@ -328,6 +335,7 @@ module.exports.ParseServerOptions = {
|
||||
env: 'PARSE_SERVER_LOG_LEVELS',
|
||||
help: '(Optional) Overrides the log levels used internally by Parse Server to log events.',
|
||||
action: parsers.objectParser,
|
||||
type: 'LogLevels',
|
||||
default: {},
|
||||
},
|
||||
logsFolder: {
|
||||
@@ -408,12 +416,14 @@ module.exports.ParseServerOptions = {
|
||||
help:
|
||||
'The options for pages such as password reset and email verification. Caution, this is an experimental feature that may not be appropriate for production.',
|
||||
action: parsers.objectParser,
|
||||
type: 'PagesOptions',
|
||||
default: {},
|
||||
},
|
||||
passwordPolicy: {
|
||||
env: 'PARSE_SERVER_PASSWORD_POLICY',
|
||||
help: 'The password policy for enforcing password related rules.',
|
||||
action: parsers.objectParser,
|
||||
type: 'PasswordPolicyOptions',
|
||||
},
|
||||
playgroundPath: {
|
||||
env: 'PARSE_SERVER_PLAYGROUND_PATH',
|
||||
@@ -471,6 +481,7 @@ module.exports.ParseServerOptions = {
|
||||
help:
|
||||
"Options to limit repeated requests to Parse Server APIs. This can be used to protect sensitive endpoints such as `/requestPasswordReset` from brute-force attacks or Parse Server as a whole from denial-of-service (DoS) attacks.<br><br>\u2139\uFE0F Mind the following limitations:<br>- rate limits applied per IP address; this limits protection against distributed denial-of-service (DDoS) attacks where many requests are coming from various IP addresses<br>- if multiple Parse Server instances are behind a load balancer or ran in a cluster, each instance will calculate it's own request rates, independent from other instances; this limits the applicability of this feature when using a load balancer and another rate limiting solution that takes requests across all instances into account may be more suitable<br>- this feature provides basic protection against denial-of-service attacks, but a more sophisticated solution works earlier in the request flow and prevents a malicious requests to even reach a server instance; it's therefore recommended to implement a solution according to architecture and user case.",
|
||||
action: parsers.arrayParser,
|
||||
type: 'RateLimitOptions[]',
|
||||
default: [],
|
||||
},
|
||||
readOnlyMasterKey: {
|
||||
@@ -516,11 +527,13 @@ module.exports.ParseServerOptions = {
|
||||
env: 'PARSE_SERVER_SCHEMA',
|
||||
help: 'Defined schema',
|
||||
action: parsers.objectParser,
|
||||
type: 'SchemaOptions',
|
||||
},
|
||||
security: {
|
||||
env: 'PARSE_SERVER_SECURITY',
|
||||
help: 'The security options to identify and report weak security settings.',
|
||||
action: parsers.objectParser,
|
||||
type: 'SecurityOptions',
|
||||
default: {},
|
||||
},
|
||||
sendUserEmailVerification: {
|
||||
@@ -665,12 +678,14 @@ module.exports.PagesOptions = {
|
||||
env: 'PARSE_SERVER_PAGES_CUSTOM_ROUTES',
|
||||
help: 'The custom routes.',
|
||||
action: parsers.arrayParser,
|
||||
type: 'PagesRoute[]',
|
||||
default: [],
|
||||
},
|
||||
customUrls: {
|
||||
env: 'PARSE_SERVER_PAGES_CUSTOM_URLS',
|
||||
help: 'The URLs to the custom pages.',
|
||||
action: parsers.objectParser,
|
||||
type: 'PagesCustomUrlsOptions',
|
||||
default: {},
|
||||
},
|
||||
enableLocalization: {
|
||||
|
||||
Reference in New Issue
Block a user