BREAKING CHANGE: A request using the master key will now be rejected as unauthorized if the IP from which the request originates is not set in the Parse Server option `masterKeyIps`, even if the request does not require the master key permission, for example for a public object in a public class class.
BREAKING CHANGE: `Parse.Session.current()` no longer throws an error if the session token is expired, but instead returns the session token with its expiration date to allow checking its validity
BREAKING CHANGE: Fields in the internal scope of Parse Server (prefixed with underscore `_`) are only returned using the new `maintenanceKey`; previously the `masterKey` allowed reading of internal fields; see [access scopes](https://github.com/parse-community/parse-server#access-scopes) for a comparison of the keys' access permissions (#8212)
BREAKING CHANGE: The mechanism to determine the client IP address has been rewritten; to correctly determine the IP address it is now required to set the Parse Server option `trustProxy` accordingly if Parse Server runs behind a proxy server, see the express framework's [trust proxy](https://expressjs.com/en/guide/behind-proxies.html) setting (#8372)
BREAKING CHANGE: This release introduces the asynchronous initialization of Parse Server to prevent mounting Parse Server before being ready to receive request; it changes how Parse Server is imported, initialized and started; it also removes the callback `serverStartComplete`; see the [Parse Server 6 migration guide](https://github.com/parse-community/parse-server/blob/alpha/6.0.0.md) for more details (#8232)
BREAKING CHANGE: This release restricts the use of `masterKey` to localhost by default; if you are using Parse Dashboard on a different server to connect to Parse Server you need to add the IP address of the server that hosts Parse Dashboard to this option (#8281)
* failing testcase
* add header
* switch to X-Parse-Cloud-Context header
* add back blank line that lint removed
* test replacing context header with body context. Add support for setting body with json string
* add back blank line
* cover error when _context body is wrong
* Update middlewares.js
* revert accidental status change
* make sure context always decodes to an object else throw error
* improve context object check
Co-authored-by: Antonio Davi Macedo Coelho de Castro <adavimacedo@gmail.com>
* Optimize query, fixes some null returns, fix stitched GraphQLUpload
* Fix authData key selection
* Prefer Iso string since other GraphQL solutions use this format
* fix tests
Co-authored-by: Antonio Davi Macedo Coelho de Castro <adavimacedo@gmail.com>
* added hint to aggregate
* added support for hint in query
* added else clause to aggregate
* fixed tests
* updated tests
* Add tests and clean up
* added beforeSaveFile and afterSaveFile triggers
* Add support for explain
* added some validation
* added support for metadata and tags
* tests?
* trying tests
* added tests
* fixed failing tests
* added some docs for fileObject
* updated hooks to use Parse.File
* added test for already saved file being returned in hook
* added beforeDeleteFile and afterDeleteFile hooks
* removed contentLength because it's already in the header
* added fileSize param to FileTriggerRequest
* added support for client side metadata and tags
* removed fit test
* removed unused import
* added loging to file triggers
* updated error message
* updated error message
* fixed tests
* fixed typos
* Update package.json
* fixed failing test
* fixed error message
* fixed failing tests (hopefully)
* TESTS!!!
* Update FilesAdapter.js
fixed comment
* added test for changing file name
* updated comments
Co-authored-by: Diamond Lewis <findlewis@gmail.com>
* Fix session token issue
* verify email problem
* Fix password reset problem
* Change test file name
* Split tests
* Refetch user
* Replaces lets to consts
* Refactor unit test
What you have is just finee, but wanted
to show you what I meant with my comment
Use jasmine's this to set stuff in beforeEach's
Not that all functions need to be `function ()` instead of
`() =>` so `this` is preserved.
see: https://jasmine.github.io/tutorials/your_first_suite#section-The_%3Ccode%3Ethis%3C/code%3E_keyword
Co-authored-by: Antonio Davi Macedo Coelho de Castro <adavimacedo@gmail.com>
* Suppress Test Logs
This will reduce some of the noise in the tests logs.
* replace deprecated buffer
* remove deprecation warnings
* fix geopoint
* Fix GraphQL
* postgres warnings
* feat: add allowHeaders to Options
This allows developers to use custom headers in their API requests, and they will be accepted by their mounted app.
* refactor: convert allowCrossDomain to generator to add appId in scope
This is necessary as the middleware may run in OPTIONS request that do not contain the appId within the header.
* chore: update Definitions and docs
* fix: update test to use new allowCrossDomain params
* chore: add tests for allowCustomDomain middleware re: allowHeadrs
* Propagate error to express handler in all situations
* Call the default error handler if `enableExpressErrorHandler` is truthy
* Updating options interface and definitions
* Testing express error handler
* Test spec fixes
* Fix test
* Adds flow types / Configuration interfaces
* Lets call it options
* Use a single interface to generate the configurations
* Translates options to definitions only if comments are set
* improves logic
* Moves objects around
* Fixes issue affecting logging of circular objects
* fixes undefined env
* Moves all defaults to defaults
* Adds back CLI defaults
* Restored defaults in commander.js
* Merge provided defaults and platform defaults
* Addresses visual nits
* Improves Config.js code
* Adds ability to pass the default value in trailing comments
* Load platform defaults from the definitions file
* proper default values on various options
* Adds ParseServer.start and server.start(options) as quick startup methods
* Moves creating liveQueryServer http into ParseServer.js
* removes dead code
* Adds tests to guarantee we can start a LQ Server from main module
* Fixes incorrect code regading liveQuery init port
* Start a http server for LQ if port is specified
* ensure we dont fail if config.port is not set
* Specify port
* ignore other path skipped in tests
* Adds test for custom middleware setting
* Refactors new Config into Config.get
- Hides AppCache from ParseServer.js, use Config.put which validates
* Extracts controller creation into Controllers/index.js
- This makes the ParseServer init way simpler
* Move serverURL inference into ParseServer
* review nits
* add the client ip to the request config object
* add the config ip to the trigger request object
* add the config ip to the functions request object
* add tests
* remove log
* remove log
* update choose_password to have the confirmation
* add comment mark
* First version, no test
* throw error right away instead of just use masterKey false
* fix the logic
* move it up before the masterKey check
* adding some test
* typo
* remove the choose_password
* newline
* add cli options
* remove trailing space
* handle in case the server is behind proxy
* add getting the first ip in the ip list of xff
* sanity check the ip in config if it is a valid ip address
* split ip extraction to another function
* trailing spaces
The problem this pr is trying to solve:
When an error occurs on the server, a message should
be returned to the client, and a message should be logged.
Currently, on the server, the log is just [object, object]
This pr will stop calling the default express error handler
which causes two problems: 1. it writes to console instead of log file
2. the output is completely useless! :)
Instead, we'll log the error ourselves using the ParseServer's logger.
fixes: #661
