joe/kami-parse-server
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4,951 Commits 2 Branches 18 Tags
a3ac82fc549e6ee346ab67fcf95eda2116a7a388
Commit Graph

530 Commits

Author SHA1 Message Date
Antoine Cormouls
1b2347524c feat: Disable index-field validation to create index for fields that don't yet exist (#8137) 2025-10-10 00:03:52 +02:00
Manuel
847a274cdb fix: MongoDB aggregation pipeline with $dateSubtract from $$NOW returns no results (#9822) 2025-07-13 02:44:08 +02:00
Rahul Lanjewar
0db3a6ff27 fix: Parse.Query.containedIn and matchesQuery do not work with nested objects (#9738) 2025-05-03 12:52:31 +02:00
Daniel
12b5d781dc feat: Add default ACL (#8701) 2025-03-24 15:15:27 +01:00
Manuel
5ef0440c8e fix: Authentication provider credentials are usable across Parse Server apps; fixes security vulnerability [GHSA-837q-jhwx-cmpv](https://github.com/parse-community/parse-server/security/advisories/GHSA-837q-jhwx-cmpv) (#9667) 2025-03-21 10:49:09 +01:00
Mohammad Ali
bbc6bd4b3f fix: LiveQueryServer crashes using cacheAdapter on disconnect from Redis 4 server (#9616) 2025-02-24 02:48:10 +01:00
Daniel
889dbb5aee refactor: Upgrade to eslint 9.19.0 (#9580) 2025-02-01 15:32:43 +01:00
Daniel
ff7f671c79 fix: Push adapter not loading on some versions of Node 22 (#9524) 2025-01-11 19:01:28 +01:00
Antoine Cormouls
7d8603f1c2 refactor: Upgrade to mongodb 6.10.0 (#9362) 2024-10-23 21:27:42 +02:00
Manuel
dfd5a8edbf ci: Add lint rule for mandatory curly braces (#9348) 2024-10-16 19:57:42 +02:00
Vahid Sane
1a2da4055a feat: Add support for asynchronous invocation of FilesAdapter.getFileLocation (#9271) 2024-08-27 17:09:19 +02:00
Diamond Lewis
cf4c8807b9 feat: Add support for dot notation on array fields of Parse Object (#9115) 2024-07-08 23:29:58 +02:00
Diamond Lewis
ef1634bf1f feat: Upgrade to @parse/push-adapter 6.4.0 (#9182) 2024-07-08 22:23:57 +02:00
Manuel
2edf1e4c03 fix: SQL injection when using Parse Server with PostgreSQL; fixes security vulnerability [GHSA-c2hr-cqg6-8j6r](https://github.com/parse-community/parse-server/security/advisories/GHSA-c2hr-cqg6-8j6r) (#9167) 2024-06-30 03:34:08 +02:00
Chris
9d0bd2badd fix: Facebook Limited Login not working due to incorrect domain in JWT validation (#9122) 2024-05-16 13:54:41 +02:00
Oussama Meglali
2170962a50 feat: Add support for MongoDB query comment (#8928) 2024-03-03 02:27:57 +01:00
Manuel
cbefe770a7 fix: Improve PostgreSQL injection detection; fixes security vulnerability [GHSA-6927-3vr9-fxf2](https://github.com/parse-community/parse-server/security/advisories/GHSA-6927-3vr9-fxf2) which affects Parse Server deployments using a Postgres database (#8961) 2024-03-01 16:52:05 +01:00
Manuel
f5d6fc98e7 refactor: Upgrade ldapjs from 2.3.3 to 3.0.7 (#8947) 2024-02-26 21:05:10 +01:00
Lucas Coratger
3de8494a22 feat: Add support for MongoDB 7 (#8761) 
BREAKING CHANGE: `Parse.Query` no longer supports the BSON type `code`; although this feature was never officially documented, its removal is announced as a breaking change to protect deployments where it might be in use.
 2023-12-10 02:42:40 +01:00
Manuel
f630a45aa5 feat: Add $setOnInsert operator to Parse.Server.database.update (#8791) 2023-10-25 19:13:27 +02:00
Cory Imdieke
2b3d4e5d3c fix: Redis 4 does not reconnect after unhandled error (#8706) 2023-08-30 02:52:13 +02:00
Daniel
c9b59719ec refactor: Change response types of TOTP adapter to match existing adapters (#8661) 2023-07-06 17:22:18 +02:00
Daniel
cc079a40f6 feat: Add TOTP authentication adapter (#8457) 2023-06-23 17:57:57 +02:00
Corey
3710da7379 refactor: Replace deprecated substr with substring (#8644) 2023-06-20 12:07:10 +02:00
Daniel
967700bdbc fix: LiveQuery server is not shut down properly when handleShutdown is called (#8491) 2023-06-08 11:04:49 +02:00
Manuel
6722110f20 revert: fix: Inaccurate table total row count for PostgreSQL 
This reverts commit 0823a02fbf.
 2023-05-28 21:44:42 +02:00
patelmilanun
0823a02fbf fix: Inaccurate table total row count for PostgreSQL (#8511) 2023-05-28 13:32:02 +02:00
Daniel
c2e4f8369b refactor: Upgrade lru-cache from 7.12.0 to 9.1.1 (#8559) 2023-05-25 23:59:42 +02:00
Daniel
d4cda4b26c fix: GridFS file storage doesn't work with certain enableSchemaHooks settings (#8467) 2023-05-19 08:41:48 +02:00
Lucas Coratger
9e43bc2fa0 docs: Change API docs template to jsdoc-clean-theme (#8519) 2023-04-29 16:53:54 +02:00
Daniel
ce34747e8a fix: Parameters missing in afterFind trigger of authentication adapters (#8458) 2023-03-06 03:18:00 +01:00
Daniel
c793bb88e7 feat: Add afterFind trigger to authentication adapters (#8444) 2023-03-06 01:35:15 +01:00
Corey
87cab09b6a refactor: Upgrade pg-promise to 11.3.0 and pg-monitor to 2.0.0 (#8453) 2023-03-06 00:16:04 +01:00
Daniel
22d2446dfe fix: Nested date is incorrectly decoded as empty object {} when fetching a Parse Object (#8446) 2023-03-05 01:22:19 +01:00
Daniel
40c196153b feat: Export AuthAdapter to make it available for extension with custom authentication adapters (#8443) 2023-03-03 17:51:45 +01:00
Daniel
b3b76de71b feat: Add option schemaCacheTtl for schema cache pulling as alternative to enableSchemaHooks (#8436) 2023-02-27 01:55:47 +01:00
Daniel
f5bfe4571e fix: Security upgrade jsonwebtoken to 9.0.0 (#8420) 2023-02-07 12:45:30 +01:00
Daniel
d0d30c4f13 feat: Remove deprecation DEPPS1: Native MongoDB syntax in aggregation pipeline (#8362) 
BREAKING CHANGE: The MongoDB aggregation pipeline requires native MongoDB syntax instead of the custom Parse Server syntax; for example pipeline stage names require a leading dollar sign like `$match` and the MongoDB document ID is referenced using `_id` instead of `objectId` (#8362)
 2023-01-05 15:53:43 +01:00
Daniel
1412666f75 fix: Nested objects are encoded incorrectly for MongoDB (#8209) 
BREAKING CHANGE: Nested objects are now properly stored in the database using JSON serialization; previously, due to a bug only top-level objects were serialized, but nested objects were saved as raw JSON; for example, a nested `Date` object was saved as a JSON object like `{ "__type": "Date", "iso": "2020-01-01T00:00:00.000Z" }` instead of its serialized representation `2020-01-01T00:00:00.000Z` (#8209)
 2022-12-20 16:57:29 +01:00
alljinx
8f3b694e39 feat: Add option to change the log level of the logs emitted by triggers (#8328) 2022-12-07 22:55:45 +01:00
Daniel
b2761fb378 feat: Upgrade Redis 3 to 4 for LiveQuery (#8333) 2022-11-26 17:45:30 +01:00
dblythy
7d622f06a4 feat: Upgrade Redis 3 to 4 (#8293) 
BREAKING CHANGE: This release upgrades to Redis 4; if you are using the Redis cache adapter with Parse Server then this is a breaking change as the Redis client options have changed; see the [Redis migration guide](https://github.com/redis/node-redis/blob/redis%404.0.0/docs/v3-to-v4.md) for more details (#8293)
 2022-11-11 01:16:50 +01:00
dblythy
5bbf9cade9 feat: Improve authentication adapter interface to support multi-factor authentication (MFA), authentication challenges, and provide a more powerful interface for writing custom authentication adapters (#8156) 2022-11-10 17:35:39 +01:00
Antoine Cormouls
e90a5183ec refactor: replace deprecated LRU cache methods (#8266) 2022-11-01 21:33:14 +01:00
Manuel
c03908f74e fix: server crashes when receiving file download request with invalid byte range; this fixes a security vulnerability that allows an attacker to impact the availability of the server instance; the fix improves parsing of the range parameter to properly handle invalid range requests ([GHSA-h423-w6qv-2wj3](https://github.com/parse-community/parse-server/security/advisories/GHSA-h423-w6qv-2wj3)) [skip release] (#8238) 2022-10-15 01:06:45 +02:00
Manuel
8c8ec71573 fix: authentication adapter app ID validation may be circumvented; this fixes a vulnerability that affects configurations which allow users to authenticate using the Parse Server authentication adapter for *Facebook* or *Spotify* and where the server-side authentication adapter configuration appIds is set as a string (e.g. abc) instead of an array of strings (e.g. ["abc"]) ([GHSA-r657-33vp-gp22](https://github.com/parse-community/parse-server/security/advisories/GHSA-r657-33vp-gp22)) [skip release] (#8187) 2022-09-20 23:05:44 +02:00
dblythy
e424137406 fix: query aggregation pipeline cannot handle value of type Date when directAccess: true (#8167) 2022-09-17 16:19:28 +02:00
Jong Eun Lee
7f5a15d5df fix: graphQL query ignores condition equalTo with value false (#8032) 2022-07-03 12:13:10 +02:00
Manuel
75af9a26cc fix: certificate in Apple Game Center auth adapter not validated [skip release] (#8058) 2022-06-17 20:22:35 +02:00
Antoine Cormouls
72fac8a5fc refactor: lru-cache maxAge to ttl (#8039) 2022-06-13 15:29:50 +02:00