joe/kami-parse-server
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
5,115 Commits 2 Branches 18 Tags
97de70a01782b99ebba99211ecb2cfd1979fa010
Commit Graph

323 Commits

Author SHA1 Message Date
Palixir
ed98c15f90 feat: Add event information to verifyUserEmails, preventLoginWithUnverifiedEmail to identify invoking signup / login action and auth provider (#9963) 2026-02-06 03:48:35 +00:00
Manuel
e29910764d fix: Default HTML pages for password reset, email verification not found (#10034) 2026-02-06 01:42:54 +00:00
Copilot
8eeab8dc57 feat: Add support for custom HTTP status code and headers to Cloud Function response with Express-style syntax (#9980) 2025-12-14 15:24:51 +01:00
Manuel
8f877d42c0 feat: Deprecation DEPPS11: Replace PublicAPIRouter with PagesRouter (#9974) 
BREAKING CHANGE: This release replaces `PublicAPIRouter` with `PagesRouter` (Deprecation DEPPS11).
 2025-12-12 20:55:39 +01:00
Manuel
a2d3dbe972 feat: Deprecation DEPPS10: Encode Parse.Object in Cloud Function and remove option encodeParseObjectInCloudFunction (#9973) 
BREAKING CHANGE: This release encodes `Parse.Object` in Cloud Function and removes option `encodeParseObjectInCloudFunction` (Deprecation DEPPS10).
 2025-12-12 20:46:35 +01:00
Lucas Coratger
47521974ae feat: Add Parse Server option enableSanitizedErrorResponse to remove detailed error messages from responses sent to clients (#9944) 2025-11-28 19:48:35 +01:00
Lucas Coratger
50edb5ab4b fix: Server internal error details leaking in error messages returned to clients (#9937) 2025-11-23 13:51:42 +01:00
Lucas Coratger
69a925879e refactor: Add lint rules for no unused vars and unused import (#9940) 2025-11-22 22:12:34 +01:00
Lucas Coratger
94cee5bfaf feat: Add beforePasswordResetRequest hook (#9906) 2025-11-19 14:57:28 +01:00
Daniel
460a65cf61 feat: Allow option publicServerURL to be set dynamically as asynchronous function (#9803) 2025-11-07 19:18:58 +01:00
Manuel
97763863b7 fix: Uploading a file by providing an origin URL allows for Server-Side Request Forgery (SSRF); fixes vulnerability [GHSA-x4qj-2f4q-r4rx](https://github.com/parse-community/parse-server/security/advisories/GHSA-x4qj-2f4q-r4rx) (#9903) 2025-11-05 14:39:52 +01:00
Antoine Cormouls
64f104e5c5 feat: Add request context middleware for config and dependency injection in hooks (#8480) 2025-10-14 20:16:31 +02:00
Thomas Foricher
e98733cbac perf: Remove saving Parse Cloud Job request parameters in internal collection _JobStatus (#8343) 2025-05-14 21:24:56 +02:00
Diamond Lewis
9de6999e25 perf: Add details to error message in Parse.Query.aggregate (#9689) 2025-04-07 21:54:18 +02:00
Daniel
b2beaa86ff feat: Add Cloud Code triggers Parse.Cloud.beforeFind(Parse.File)and Parse.Cloud.afterFind(Parse.File) (#8700) 2025-03-27 18:22:14 +01:00
Colin Ulin
e0480dfa8d feat: Upgrade to express 5.0.1 (#9530) 
BREAKING CHANGE: This upgrades the internally used Express framework from version 4 to 5, which may be a breaking change. If Parse Server is set up to be mounted on an Express application, we recommend to also use version 5 of the Express framework to avoid any compatibility issues. Note that even if there are no issues after upgrading, future releases of Parse Server may introduce issues if Parse Server internally relies on Express 5-specific features which are unsupported by the Express version on which it is mounted. See the Express [migration guide](https://expressjs.com/en/guide/migrating-5.html) and [release announcement](https://expressjs.com/2024/10/15/v5-release.html#breaking-changes) for more info.
 2025-03-03 22:11:42 +01:00
Daniel
d21dd97336 fix: Remove username from email verification and password reset process (#8488) 
BREAKING CHANGE: This removes the username from the email verification and password reset process to prevent storing personally identifiable information (PII) in server and infrastructure logs. Customized HTML pages or emails related to email verification and password reset may need to be adapted accordingly. See the new templates that come bundled with Parse Server and the [migration guide](https://github.com/parse-community/parse-server/blob/alpha/8.0.0.md) for more details.
 2025-03-02 02:32:43 +01:00
Daniel
7f666292e8 feat: Deprecate PublicAPIRouter in favor of PagesRouter (#9526) 2025-01-12 01:59:40 +01:00
Antoine Cormouls
3a9442a42f refactor: Upgrade to mime 4.0.4 (#9363) 2024-10-23 20:03:48 +02:00
Mohammad Ali
5f66c6a075 fix: Parse.Query.distinct fails due to invalid aggregate stage 'hint' (#9295) 2024-10-22 20:51:58 +02:00
Manuel
dfd5a8edbf ci: Add lint rule for mandatory curly braces (#9348) 2024-10-16 19:57:42 +02:00
Manuel
13ee52f0d1 fix: Custom object ID allows to acquire role privileges ([GHSA-8xq9-g7ch-35hg](https://github.com/parse-community/parse-server/security/advisories/GHSA-8xq9-g7ch-35hg)) (#9317) 2024-10-03 21:17:14 +02:00
Vahid Sane
1a2da4055a feat: Add support for asynchronous invocation of FilesAdapter.getFileLocation (#9271) 2024-08-27 17:09:19 +02:00
Diamond Lewis
90a1e4a200 feat: Add Cloud Code triggers Parse.Cloud.beforeSave and Parse.Cloud.afterSave for Parse Config (#9232) 2024-07-20 20:35:41 +02:00
Diamond Lewis
35cadf9b83 feat: Add atomic operations for Cloud Config parameters (#9219) 2024-07-18 02:52:39 +02:00
Daniel
b07ec15382 feat: Add server security check status security.enableCheck to Features Router (#8679) 2024-03-24 01:50:38 +01:00
Diamond Lewis
5f81efb429 feat: Add silent log level for Cloud Code (#8803) 2024-03-21 16:19:29 +01:00
Oussama Meglali
2170962a50 feat: Add support for MongoDB query comment (#8928) 2024-03-03 02:27:57 +01:00
Manuel
633a9d25e4 feat: Add password validation via POST request for user with unverified email using master key and option ignoreEmailVerification (#8895) 2024-01-17 17:43:04 +01:00
Ziv Chen
66e36039d8 fix: Server crashes when receiving an array of Parse.Pointer in the request body (#8784) 2024-01-15 16:02:57 +01:00
Manuel
0023ce448a fix: Parse Server option emailVerifyTokenReuseIfValid: true generates new token on every email verification request (#8885) 2024-01-14 01:37:20 +01:00
Manuel
8adcbee112 feat: Add installationId, ip, resendRequest to arguments passed to verifyUserEmails on verification email request (#8873) 
BREAKING CHANGE: The `Parse.User` passed as argument if `verifyUserEmails` is set to a function is renamed from `user` to `object` for consistency with invocations of `verifyUserEmails` on signup or login; the user object is not a plain JavaScript object anymore but an instance of `Parse.User`
 2024-01-06 16:41:13 +01:00
Manuel
972f630016 feat: Add Parse.User as function parameter to Parse Server options verifyUserEmails, preventLoginWithUnverifiedEmail on login (#8850) 2023-12-28 00:34:58 +01:00
Manuel
8e7a6b1480 fix: Conditional email verification not working in some cases if verifyUserEmails, preventLoginWithUnverifiedEmail set to functions (#8838) 2023-12-26 21:01:27 +01:00
Manuel
fe02d3e8aa refactor: Server crash when uploading file without extension; fixes security vulnerability [GHSA-792q-q67h-w579](https://github.com/parse-community/parse-server/security/advisories/GHSA-792q-q67h-w579) (#8779) 2023-10-21 01:03:02 +02:00
Marc Derhammer
3d6d50e0af fix: Parse Server option fileUpload.fileExtensions fails to determine file extension if filename contains multiple dots (#8754) 2023-09-23 22:43:34 +02:00
Diamond Lewis
a9c34ef1e2 feat: Add context to Cloud Code Triggers beforeLogin and afterLogin (#8724) 2023-09-20 10:47:35 +02:00
Bartosz Marganiec
6a4a00ca7a fix: Parse Server option fileUpload.fileExtensions does not work with an array of extensions (#8688) 2023-07-18 00:34:46 +02:00
Manuel
31805c96ec refactor: Remote code execution via MongoDB BSON parser through prototype pollution; fixes security vulnerability [GHSA-462x-c3jw-7vr6](https://github.com/parse-community/parse-server/security/advisories/GHSA-462x-c3jw-7vr6) (#8676) 2023-06-28 23:38:14 +02:00
Daniel
cc079a40f6 feat: Add TOTP authentication adapter (#8457) 2023-06-23 17:57:57 +02:00
Daniel
068fb9e777 refactor: Add option to convert Parse.Object to instance in Cloud Function payload (#8646) 2023-06-23 16:29:54 +02:00
Daniel
44acd6d9ed feat: Add conditional email verification via dynamic Parse Server options verifyUserEmails, sendUserEmailVerification that now accept functions (#8425) 2023-06-20 12:10:25 +02:00
Daniel
28aeda3f16 feat: Allow Parse.Object pointers in Cloud Code arguments (#8490) 2023-05-25 22:02:33 +02:00
Manuel
a27482c57e refactor: Add new Parse Server option fileUpload.fileExtensions to restrict file upload by file extension (#8539) 2023-05-21 01:31:52 +02:00
alljinx
2caea310be feat: Add option to change the log level of logs emitted by Cloud Functions (#8530) 2023-05-09 15:03:00 +02:00
Daniel
ce34747e8a fix: Parameters missing in afterFind trigger of authentication adapters (#8458) 2023-03-06 03:18:00 +01:00
Daniel
c793bb88e7 feat: Add afterFind trigger to authentication adapters (#8444) 2023-03-06 01:35:15 +01:00
Daniel
e5d610e5e4 feat: Add Parse Server option resetPasswordSuccessOnInvalidEmail to choose success or error response on password reset with invalid email (#7551) 2023-02-24 20:30:48 +01:00
Daniel
f3bcc9365c feat: Access the internal scope of Parse Server using the new maintenanceKey; the internal scope contains unofficial and undocumented fields (prefixed with underscore _) which are used internally by Parse Server; you may want to manipulate these fields for out-of-band changes such as data migration or correction tasks; changes within the internal scope of Parse Server may happen at any time without notice or changelog entry, it is therefore recommended to look at the source code of Parse Server to understand the effects of manipulating internal fields before using the key; it is discouraged to use the maintenanceKey for routine operations in a production environment; see [access scopes](https://github.com/parse-community/parse-server#access-scopes) (#8212) 
BREAKING CHANGE: Fields in the internal scope of Parse Server (prefixed with underscore `_`) are only returned using the new `maintenanceKey`; previously the `masterKey` allowed reading of internal fields; see [access scopes](https://github.com/parse-community/parse-server#access-scopes) for a comparison of the keys' access permissions (#8212)
 2023-01-08 22:02:12 +01:00
Daniel
6c79f6a69e feat: Add request rate limiter based on IP address (#8174) 2023-01-06 13:39:02 +01:00