Support direct access server option (#5550)

* Support direct access config test options * add test * fix test * fix definitions * improve docs * Update .travis.yml * Revert "Update .travis.yml" This reverts commit 407f1384953b64bad9e63068db8564c3584ca3a4.
2019-05-10 14:34:19 -05:00
parent f15360cb12
commit b4d915bbbb
7 changed files with 34 additions and 7 deletions
--- a/.eslintignore
+++ b/.eslintignore
@@ -1,3 +1,3 @@
 lib
 coverage
-
+out
--- a/README.md
+++ b/README.md
@@ -245,6 +245,7 @@ The client keys used with Parse are no longer necessary with Parse Server. If yo
 * `auth` - Used to configure support for [3rd party authentication](http://docs.parseplatform.org/parse-server/guide/#oauth-and-3rd-party-authentication).
 * `facebookAppIds` - An array of valid Facebook application IDs that users may authenticate with.
 * `mountPath` - Mount path for the server. Defaults to `/parse`.
+* `directAccess` - Replace HTTP Interface when using JS SDK in current node runtime. Defaults to false. Caution, this is an experimental feature that may not be appropriate for production.
 * `filesAdapter` - The default behavior (GridStore) can be changed by creating an adapter class (see [`FilesAdapter.js`](https://github.com/parse-community/parse-server/blob/master/src/Adapters/Files/FilesAdapter.js)).
 * `maxUploadSize` - Max file size for uploads. Defaults to 20 MB.
 * `loggerAdapter` - The default behavior/transport (File) can be changed by creating an adapter class (see [`LoggerAdapter.js`](https://github.com/parse-community/parse-server/blob/master/src/Adapters/Logger/LoggerAdapter.js)).
--- a/spec/index.spec.js
+++ b/spec/index.spec.js
@@ -498,6 +498,16 @@ describe('server', () => {
      .catch(done.fail);
  });

+  it('should allow direct access', async () => {
+    const RESTController = Parse.CoreManager.getRESTController();
+    const spy = spyOn(Parse.CoreManager, 'setRESTController').and.callThrough();
+    await reconfigureServer({
+      directAccess: true,
+    });
+    expect(spy).toHaveBeenCalledTimes(1);
+    Parse.CoreManager.setRESTController(RESTController);
+  });
+
  it('should load a middleware from string', done => {
    reconfigureServer({
      middleware: 'spec/support/CustomMiddleware',
--- a/src/Options/Definitions.js
+++ b/src/Options/Definitions.js
@@ -148,16 +148,16 @@ module.exports.ParseServerOptions = {
  userSensitiveFields: {
    env: 'PARSE_SERVER_USER_SENSITIVE_FIELDS',
    help:
-      'Personally identifiable information fields in the user table the should be removed for non-authorized users. **Deprecated** @see protectedFields',
+      'Personally identifiable information fields in the user table the should be removed for non-authorized users. Deprecated @see protectedFields',
    action: parsers.arrayParser,
    default: ['email'],
  },
  protectedFields: {
    env: 'PARSE_SERVER_PROTECTED_FIELDS',
    help:
-      'Personally identifiable information fields in the user table the should be removed for non-authorized users.',
+      'Protected fields that should be treated with extra security when fetching details.',
    action: parsers.objectParser,
-    default: { _User: { '*': ['email'] } },
+    default: [],
  },
  enableAnonymousUsers: {
    env: 'PARSE_SERVER_ENABLE_ANON_USERS',
@@ -280,6 +280,13 @@ module.exports.ParseServerOptions = {
    action: parsers.numberParser('cacheMaxSize'),
    default: 10000,
  },
+  directAccess: {
+    env: 'PARSE_SERVER_ENABLE_EXPERIMENTAL_DIRECT_ACCESS',
+    help:
+      'Replace HTTP Interface when using JS SDK in current node runtime, defaults to false. Caution, this is an experimental feature that may not be appropriate for production.',
+    action: parsers.booleanParser,
+    default: false,
+  },
  enableSingleSchemaCache: {
    env: 'PARSE_SERVER_ENABLE_SINGLE_SCHEMA_CACHE',
    help:
--- a/src/Options/docs.js
+++ b/src/Options/docs.js
@@ -28,7 +28,8 @@
 * @property {String} webhookKey Key sent with outgoing webhook calls
 * @property {String} fileKey Key for your files
 * @property {Boolean} preserveFileName Enable (or disable) the addition of a unique hash to the file names
- * @property {String[]} userSensitiveFields Personally identifiable information fields in the user table the should be removed for non-authorized users.
+ * @property {String[]} userSensitiveFields Personally identifiable information fields in the user table the should be removed for non-authorized users. Deprecated @see protectedFields
+ * @property {Any} protectedFields Protected fields that should be treated with extra security when fetching details.
 * @property {Boolean} enableAnonymousUsers Enable (or disable) anon users, defaults to true
 * @property {Boolean} allowClientClassCreation Enable (or disable) client class creation, defaults to true
 * @property {Any} auth Configuration for your authentication providers, as stringified JSON. See http://docs.parseplatform.org/parse-server/guide/#oauth-and-3rd-party-authentication
@@ -50,6 +51,7 @@
 * @property {Number} schemaCacheTTL The TTL for caching the schema for optimizing read/write operations. You should put a long TTL when your DB is in production. default to 5000; set 0 to disable.
 * @property {Number} cacheTTL Sets the TTL for the in memory cache (in ms), defaults to 5000 (5 seconds)
 * @property {Number} cacheMaxSize Sets the maximum size for the in memory cache, defaults to 10000
+ * @property {Boolean} directAccess Replace HTTP Interface when using JS SDK in current node runtime, defaults to false. Caution, this is an experimental feature that may not be appropriate for production.
 * @property {Boolean} enableSingleSchemaCache Use a single schema cache shared across requests. Reduces number of queries made to _SCHEMA, defaults to false, i.e. unique schema cache per request.
 * @property {Boolean} enableExpressErrorHandler Enables the default express error handler for all errors
 * @property {Number} objectIdSize Sets the number of characters in generated object id's, default 10
--- a/src/Options/index.js
+++ b/src/Options/index.js
@@ -145,6 +145,10 @@ export interface ParseServerOptions {
  /* Sets the maximum size for the in memory cache, defaults to 10000
  :DEFAULT: 10000 */
  cacheMaxSize: ?number;
+  /* Replace HTTP Interface when using JS SDK in current node runtime, defaults to false. Caution, this is an experimental feature that may not be appropriate for production.
+  :ENV: PARSE_SERVER_ENABLE_EXPERIMENTAL_DIRECT_ACCESS
+  :DEFAULT: false */
+  directAccess: ?boolean;
  /* Use a single schema cache shared across requests. Reduces number of queries made to _SCHEMA, defaults to false, i.e. unique schema cache per request.
  :DEFAULT: false */
  enableSingleSchemaCache: ?boolean;
--- a/src/ParseServer.js
+++ b/src/ParseServer.js
@@ -136,7 +136,7 @@ class ParseServer {
   * @static
   * Create an express app for the parse server
   * @param {Object} options let you specify the maxUploadSize when creating the express app  */
-  static app({ maxUploadSize = '20mb', appId }) {
+  static app({ maxUploadSize = '20mb', appId, directAccess }) {
    // This app serves the Parse API directly.
    // It's the equivalent of https://api.parse.com/1 in the hosted Parse API.
    var api = express();
@@ -193,7 +193,10 @@ class ParseServer {
        ParseServer.verifyServerUrl();
      });
    }
-    if (process.env.PARSE_SERVER_ENABLE_EXPERIMENTAL_DIRECT_ACCESS === '1') {
+    if (
+      process.env.PARSE_SERVER_ENABLE_EXPERIMENTAL_DIRECT_ACCESS === '1' ||
+      directAccess
+    ) {
      Parse.CoreManager.setRESTController(
        ParseServerRESTController(appId, appRouter)
      );