joe/kami-parse-server
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4,566 Commits 2 Branches 18 Tags
5fa58fe77411fbad046d42ee3552d8aabc31735a
Commit Graph

1696 Commits

Author SHA1 Message Date
Diamond Lewis
5fa58fe774 ci: Fix CI not testing with Postgres 16 and flaky test (#9210) 2024-07-17 17:51:13 +02:00
Manuel
77206d8044 fix: Parse Server databaseOptions nested keys incorrectly identified as invalid (#9213) 2024-07-17 17:48:33 +02:00
Manuel
7778471999 feat: Add Node 22 support (#9187) 2024-07-09 12:58:51 +02:00
Diamond Lewis
cf4c8807b9 feat: Add support for dot notation on array fields of Parse Object (#9115) 2024-07-08 23:29:58 +02:00
Diamond Lewis
ef1634bf1f feat: Upgrade to @parse/push-adapter 6.4.0 (#9182) 2024-07-08 22:23:57 +02:00
Manuel
284da09f45 fix: Invalid push notification tokens are not cleaned up from database for FCM API v2 (#9173) 2024-07-01 21:37:29 +02:00
Manuel
2edf1e4c03 fix: SQL injection when using Parse Server with PostgreSQL; fixes security vulnerability [GHSA-c2hr-cqg6-8j6r](https://github.com/parse-community/parse-server/security/advisories/GHSA-c2hr-cqg6-8j6r) (#9167) 2024-06-30 03:34:08 +02:00
Rahul Lanjewar
11d3e484df fix: Live query throws error when constraint notEqualTo is set to null (#8835) 2024-06-11 21:31:10 +02:00
Vivek Joshi
0a054e6b54 fix: Parse Server option extendSessionOnUse not working for session lengths < 24 hours (#9113) 2024-05-27 16:33:11 +02:00
Chris
9d0bd2badd fix: Facebook Limited Login not working due to incorrect domain in JWT validation (#9122) 2024-05-16 13:54:41 +02:00
Doug Drechsel
eba9dfff7b ci: Add test support for external database adapter (#8883) 2024-05-15 00:48:20 +02:00
Diamond Lewis
5b0efb22ef fix: Parse.Cloud.startJob and Parse.Push.send not returning status ID when setting Parse Server option directAccess: true (#8766) 2024-04-14 21:42:20 +02:00
Vivek Joshi
8758e6abb9 feat: Prevent Parse Server start in case of unknown option in server configuration (#8987) 2024-04-07 15:28:15 +02:00
Daniel
c277739623 fix: Rate limiting can fail when using Parse Server option rateLimit.redisUrl with clusters (#8632) 2024-03-24 02:17:21 +01:00
Daniel
b07ec15382 feat: Add server security check status security.enableCheck to Features Router (#8679) 2024-03-24 01:50:38 +01:00
Diamond Lewis
5f81efb429 feat: Add silent log level for Cloud Code (#8803) 2024-03-21 16:19:29 +01:00
Antoine Cormouls
907ad4267c fix: Required option not handled correctly for special fields (File, GeoPoint, Polygon) on GraphQL API mutations (#8915) 2024-03-20 23:32:56 +01:00
Antoine Cormouls
6d4663b47e refactor: Dry handleAuthData for safer code maintenance in the future (#9025) 2024-03-19 22:41:21 +01:00
Manuel
9f6e3429d3 fix: Server crashes on invalid Cloud Function or Cloud Job name; fixes security vulnerability [GHSA-6hh7-46r2-vf29](https://github.com/parse-community/parse-server/security/advisories/GHSA-6hh7-46r2-vf29) (#9024) 2024-03-19 17:42:00 +01:00
Daniel
ad4aa83983 feat: Upgrade to Parse JS SDK 5 (#9022) 2024-03-17 04:08:52 +01:00
Daniel
720d24e185 fix: CacheAdapter does not connect when using a CacheAdapter with a JSON config (#8633) 2024-03-15 17:46:06 +01:00
Daniel
2760381183 fix: Parse Server option fileExtensions default value rejects file extensions that are less than 3 or more than 4 characters long (#8699) 2024-03-10 15:11:27 +01:00
Onur
29624e0fae feat: Deprecation DEPPS5: Config option allowClientClassCreation defaults to false (#8849) 
BREAKING CHANGE: The Parse Server option `allowClientClassCreation` defaults to `false`.
 2024-03-05 20:05:54 +01:00
Oussama Meglali
2170962a50 feat: Add support for MongoDB query comment (#8928) 2024-03-03 02:27:57 +01:00
Onur
105ae7c8a5 feat: Switch GraphQL server from Yoga v2 to Apollo v4 (#8959) 2024-03-02 02:06:47 +01:00
EhsanParsania
a7b5b38418 fix: Deny request if master key is not set in Parse Server option masterKeyIps regardless of ACL and CLP (#8957) 
BREAKING CHANGE: A request using the master key will now be rejected as unauthorized if the IP from which the request originates is not set in the Parse Server option `masterKeyIps`, even if the request does not require the master key permission, for example for a public object in a public class class.
 2024-03-01 18:37:07 +01:00
Manuel
cbefe770a7 fix: Improve PostgreSQL injection detection; fixes security vulnerability [GHSA-6927-3vr9-fxf2](https://github.com/parse-community/parse-server/security/advisories/GHSA-6927-3vr9-fxf2) which affects Parse Server deployments using a Postgres database (#8961) 2024-03-01 16:52:05 +01:00
Manuel
f5d6fc98e7 refactor: Upgrade ldapjs from 2.3.3 to 3.0.7 (#8947) 2024-02-26 21:05:10 +01:00
Onur
70c280ca57 feat: Node process exits with error code 1 on uncaught exception to allow custom uncaught exception handling (#8894) 
BREAKING CHANGE: Node process now exits with code 1 on uncaught exceptions, enabling custom handlers that were blocked by Parse Server's default behavior of re-throwing errors. This change may lead to automatic process restarts by the environment, unlike before.
 2024-02-16 00:18:29 +01:00
Onur
0cf58eb8d6 feat: Deprecation DEPPS6: Authentication adapters disabled by default (#8858) 
BREAKING CHANGE: Authentication adapters are disabled by default; to use an authentication adapter it needs to be explicitly enabled in the Parse Server authentication adapter option `auth.<provider>.enabled: true`
 2024-02-15 01:28:09 +01:00
Onur
e29845f8da feat: Deprecation DEPPS8: Parse Server option allowExpiredAuthDataToken defaults to false (#8860) 
BREAKING CHANGE: Parse Server option `allowExpiredAuthDataToken` defaults to `false`; a 3rd party authentication token will be validated every time the user tries to log in and the login will fail if the token has expired; the effect of this change may differ for different authentication adapters, depending on the token lifetime and the token refresh logic of the adapter
 2024-02-15 01:07:35 +01:00
Onur
38983e8e9b feat: Deprecation DEPPS9: LiveQuery fields option is renamed to keys (#8852) 
BREAKING CHANGE: LiveQuery `fields` option is renamed to `keys`
 2024-02-15 00:31:15 +01:00
Onur
4e6a375b51 feat: Deprecation DEPPS7: Remove deprecated Cloud Code file trigger syntax (#8855) 
BREAKING CHANGE: Cloud Code file trigger syntax has been aligned with object trigger syntax, for example `Parse.Cloud.beforeDeleteFile'` has been changed to `Parse.Cloud.beforeDelete(Parse.File, (request) => {})'`
 2024-02-14 22:54:30 +01:00
Antoine Cormouls
1aba6382c8 fix: GraphQL file upload fails in case of use of pointer or relation (#8721) 2024-02-14 21:44:42 +01:00
Manuel
633a9d25e4 feat: Add password validation via POST request for user with unverified email using master key and option ignoreEmailVerification (#8895) 2024-01-17 17:43:04 +01:00
Ziv Chen
66e36039d8 fix: Server crashes when receiving an array of Parse.Pointer in the request body (#8784) 2024-01-15 16:02:57 +01:00
Manuel
1eb95aeb41 fix: Incomplete user object in verifyEmail function if both username and email are changed (#8889) 2024-01-15 15:44:49 +01:00
Manuel
e315c137bf fix: Username is undefined in email verification link on email change (#8887) 2024-01-15 00:47:03 +01:00
Manuel
0023ce448a fix: Parse Server option emailVerifyTokenReuseIfValid: true generates new token on every email verification request (#8885) 2024-01-14 01:37:20 +01:00
Manuel
8adcbee112 feat: Add installationId, ip, resendRequest to arguments passed to verifyUserEmails on verification email request (#8873) 
BREAKING CHANGE: The `Parse.User` passed as argument if `verifyUserEmails` is set to a function is renamed from `user` to `object` for consistency with invocations of `verifyUserEmails` on signup or login; the user object is not a plain JavaScript object anymore but an instance of `Parse.User`
 2024-01-06 16:41:13 +01:00
Manuel
972f630016 feat: Add Parse.User as function parameter to Parse Server options verifyUserEmails, preventLoginWithUnverifiedEmail on login (#8850) 2023-12-28 00:34:58 +01:00
Manuel
8e7a6b1480 fix: Conditional email verification not working in some cases if verifyUserEmails, preventLoginWithUnverifiedEmail set to functions (#8838) 2023-12-26 21:01:27 +01:00
Diamond Lewis
f9dde4a9f8 feat: Allow Parse.Session.current on expired session token instead of throwing error (#8722) 
BREAKING CHANGE: `Parse.Session.current()` no longer throws an error if the session token is expired, but instead returns the session token with its expiration date to allow checking its validity
 2023-12-25 20:40:49 +01:00
Manuel
a22dbe16d5 feat: Add installationId to arguments for verifyUserEmails, preventLoginWithUnverifiedEmail (#8836) 2023-12-17 01:50:19 +01:00
Lucas Coratger
3de8494a22 feat: Add support for MongoDB 7 (#8761) 
BREAKING CHANGE: `Parse.Query` no longer supports the BSON type `code`; although this feature was never officially documented, its removal is announced as a breaking change to protect deployments where it might be in use.
 2023-12-10 02:42:40 +01:00
Antoine Cormouls
b87daba067 perf: Improved IP validation performance for masterKeyIPs, maintenanceKeyIPs (#8510) 2023-11-19 23:13:16 +01:00
Manuel
759731926f docs: Improve docs for Parse Server options masterKeyIps, maintenanceKeyIps (#8814) 2023-11-18 15:41:16 +01:00
Mattia Faraci
09fbeebba8 feat: Add compatibility for MongoDB Atlas Serverless and AWS Amazon DocumentDB with collation options enableCollationCaseComparison, transformEmailToLowercase, transformUsernameToLowercase (#8805) 2023-11-13 23:32:47 +01:00
Manuel
f630a45aa5 feat: Add $setOnInsert operator to Parse.Server.database.update (#8791) 2023-10-25 19:13:27 +02:00
Manuel
fe02d3e8aa refactor: Server crash when uploading file without extension; fixes security vulnerability [GHSA-792q-q67h-w579](https://github.com/parse-community/parse-server/security/advisories/GHSA-792q-q67h-w579) (#8779) 2023-10-21 01:03:02 +02:00