BREAKING CHANGE: Fields in the internal scope of Parse Server (prefixed with underscore `_`) are only returned using the new `maintenanceKey`; previously the `masterKey` allowed reading of internal fields; see [access scopes](https://github.com/parse-community/parse-server#access-scopes) for a comparison of the keys' access permissions (#8212)
BREAKING CHANGE: The mechanism to determine the client IP address has been rewritten; to correctly determine the IP address it is now required to set the Parse Server option `trustProxy` accordingly if Parse Server runs behind a proxy server, see the express framework's [trust proxy](https://expressjs.com/en/guide/behind-proxies.html) setting (#8372)
BREAKING CHANGE: The Node Package Manager lock file `package-lock.json` is upgraded to version 2; while it is backwards with version 1 for the npm installer, consider this if you run any non-npm analysis tools that use the lock file (#8285)
BREAKING CHANGE: This release introduces the asynchronous initialization of Parse Server to prevent mounting Parse Server before being ready to receive request; it changes how Parse Server is imported, initialized and started; it also removes the callback `serverStartComplete`; see the [Parse Server 6 migration guide](https://github.com/parse-community/parse-server/blob/alpha/6.0.0.md) for more details (#8232)
BREAKING CHANGE: The Parse Server option `enforcePrivateUsers` is set to `true` by default; in previous releases this option defaults to `false`; this change improves the default security configuration of Parse Server (#8283)
BREAKING CHANGE: This release restricts the use of `masterKey` to localhost by default; if you are using Parse Dashboard on a different server to connect to Parse Server you need to add the IP address of the server that hosts Parse Dashboard to this option (#8281)
BREAKING CHANGE: Config option `directAccess` defaults to true; set this to `false` in environments where multiple Parse Server instances run behind a load balancer and Parse requests within the current Node.js environment should be routed via the load balancer and distributed as HTTP requests among all instances via the `serverURL`.
* enabled direct access by default
* removed obsolete direct access option test case
* quick fix test
* Set RESTController during tests
* Properly handle RESTController
* Documentation
* revert changes
* rerun tests
* remove extra parse instance
* Revert "remove extra parse instance"
This reverts commit 21422f45f1548ebddddd1c4ccbc03a94b4994429.
* Ensure restcontroller is set
* Fix test
* improved option docs
* renamed direct access env var
* added deprecations to README
* added deprecation definition
* fixed docs typo
* improve promise rejection warning test
* added renaming of env var to deprecation warning
Co-authored-by: Diamond Lewis <findlewis@gmail.com>
* added localized pages; added refactored page templates; adapted test cases; introduced localization test cases
* added changelog entry
* fixed test description typo
* fixed bug in PromiseRouter where headers are not added for text reponse
* added page parameters in page headers for programmatic use
* refactored tests for PublicAPIRouter
* added mustache lib for template rendering
* fixed fs.promises module reference
* fixed template placeholder typo
* changed redirect response to provide headers instead of query parameters
* fix lint
* fixed syntax errors and typos in html templates
* removed obsolete URI encoding
* added locale inferring from request body and header
* added end-to-end localizaton test
* added server option validation; refactored pages server option
* fixed invalid redirect URL for no locale matching file
* added end-to-end localizaton tests
* adapted tests to new response content
* re-added PublicAPIRouter; added PagesRouter as experimental feature
* refactored PagesRouter test structure
* added configuration option for custom path to pages
* added configuration option for custom endpoint to pages
* fixed lint
* added tests
* added a distinct page for invalid password reset link
* renamed generic page invalidLink to expiredVerificationLink
* improved HTML files documentation
* improved HTML files documentation
* changed changelog entry for experimental feature
* improved file naming to make it more descriptive
* fixed file naming and env parameter naming
* added readme entry
* fixed readme TOC - hasn't been updated in a while
* added localization with JSON resource
* added JSON localization to feature pages (password reset, email verification)
* updated readme
* updated readme
* optimized JSON localization for feature pages; added e2e test case
* fixed readme typo
* minor refactoring of existing tests
* fixed bug where Object type was not recognized as config key type
* added feature config placeholders
* prettier
* added passing locale to page config placeholder callback
* refactored passing locale to placeholder to pass test
* added config placeholder feature to README
* fixed typo in README
* added fileUpload definition default value
* added undefined and null as invalid
* removed explicit default value reference
* improved test grouping in describes
* add fileKey encryption to GridFSBucketStorageAdapter
* remove fileAdapter options from test spec
* ensure promise doesn't fall through in getFileData
* switch secretKey to fileKey
* add fileKey rotation for GridFSBucketAdapter
* improve catching decryption errors in testcases
* add testcase for rotating key from oldKey to noKey leaving all files decrypted
* removed fileKey from legacy test links. From the looks of the tests and the fileKey was appended to links. This key is now an encryption key
* clean up code
* make more consistant with FSAdapter
* use encryptionKey instead of fileKey
* Update ParseFile.spec.js
revert
* Optimize query, fixes some null returns, fix stitched GraphQLUpload
* Fix authData key selection
* Prefer Iso string since other GraphQL solutions use this format
* fix tests
Co-authored-by: Antonio Davi Macedo Coelho de Castro <adavimacedo@gmail.com>
