joe/kami-parse-server
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4,942 Commits 2 Branches 18 Tags
abfa94cd6de2c4e76337931c8ea8311c4ccf2a1a
Commit Graph

1420 Commits

Author SHA1 Message Date
Manuel
fe02d3e8aa refactor: Server crash when uploading file without extension; fixes security vulnerability [GHSA-792q-q67h-w579](https://github.com/parse-community/parse-server/security/advisories/GHSA-792q-q67h-w579) (#8779) 2023-10-21 01:03:02 +02:00
Doug Drechsel
93af48a8b4 ci: Add ability to exclude tests via ID in testExclusionList.json (#8774) 2023-10-18 22:39:41 +02:00
Rikard Teodorsson
7d32d8934f fix: Context not passed to Cloud Code Trigger beforeFind when using Parse.Query.include (#8765) 2023-10-14 02:57:47 +02:00
Wes
77bbfb3f18 feat: Allow setting createdAt and updatedAt during Parse.Object creation with maintenance key (#8696) 2023-09-29 22:17:48 +02:00
Marc Derhammer
3d6d50e0af fix: Parse Server option fileUpload.fileExtensions fails to determine file extension if filename contains multiple dots (#8754) 2023-09-23 22:43:34 +02:00
Diamond Lewis
a9c34ef1e2 feat: Add context to Cloud Code Triggers beforeLogin and afterLogin (#8724) 2023-09-20 10:47:35 +02:00
Manuel
977edeaf28 test: Add tests for isGet parameter in Cloud Code trigger beforeFind (#8738) 2023-09-06 02:42:50 +02:00
Manuel
5954f0ffa0 refactor: Parse Pointer allows to access internal Parse Server classes and circumvent beforeFind query trigger (#8735) 2023-09-04 16:01:02 +02:00
Bartosz Marganiec
6a4a00ca7a fix: Parse Server option fileUpload.fileExtensions does not work with an array of extensions (#8688) 2023-07-18 00:34:46 +02:00
Daniel
c9b59719ec refactor: Change response types of TOTP adapter to match existing adapters (#8661) 2023-07-06 17:22:18 +02:00
Daniel
a9d376b61f feat: Add property Parse.Server.version to determine current version of Parse Server in Cloud Code (#8670) 2023-07-05 22:11:35 +02:00
Daniel
4e2000bc56 fix: Server does not start via CLI when auth option is set (#8666) 2023-07-04 13:16:55 +02:00
Corey
3f03bd3c6f refactor: Remove duplicate user index creation (#8662) 2023-06-30 01:15:58 +02:00
Manuel
31805c96ec refactor: Remote code execution via MongoDB BSON parser through prototype pollution; fixes security vulnerability [GHSA-462x-c3jw-7vr6](https://github.com/parse-community/parse-server/security/advisories/GHSA-462x-c3jw-7vr6) (#8676) 2023-06-28 23:38:14 +02:00
Daniel
cc079a40f6 feat: Add TOTP authentication adapter (#8457) 2023-06-23 17:57:57 +02:00
Daniel
068fb9e777 refactor: Add option to convert Parse.Object to instance in Cloud Function payload (#8646) 2023-06-23 16:29:54 +02:00
Daniel
44acd6d9ed feat: Add conditional email verification via dynamic Parse Server options verifyUserEmails, sendUserEmailVerification that now accept functions (#8425) 2023-06-20 12:10:25 +02:00
Manuel Trezza
24c0b03f5e Squashed commit of the following: 
commit 150627328f
Author: semantic-release-bot <semantic-release-bot@martynus.net>
Date:   Sat May 20 23:24:03 2023 +0000

    chore(release): 6.2.0 [skip ci]

    # [6.2.0](https://github.com/parse-community/parse-server/compare/6.1.0...6.2.0) (2023-05-20)

    ### Features

    * Add new Parse Server option `fileUpload.fileExtensions` to restrict file upload by file extension; this fixes a security vulnerability in which a phishing attack could be performed using an uploaded HTML file; by default the new option only allows file extensions matching the regex pattern `^[^hH][^tT][^mM][^lL]?$`, which excludes HTML files; if your app currently depends on uploading files with HTML file extensions then this may be a breaking change and you could allow HTML file upload by setting the option to `['.*']` ([#8538](https://github.com/parse-community/parse-server/issues/8538)) ([a318e7b](a318e7bbaf))

commit a318e7bbaf
Author: Manuel <5673677+mtrezza@users.noreply.github.com>
Date:   Sun May 21 01:23:00 2023 +0200

    feat: Add new Parse Server option `fileUpload.fileExtensions` to restrict file upload by file extension; this fixes a security vulnerability in which a phishing attack could be performed using an uploaded HTML file; by default the new option only allows file extensions matching the regex pattern `^[^hH][^tT][^mM][^lL]?$`, which excludes HTML files; if your app currently depends on uploading files with HTML file extensions then this may be a breaking change and you could allow HTML file upload by setting the option to `['.*']` (#8538)

commit 832702dffd
Author: semantic-release-bot <semantic-release-bot@martynus.net>
Date:   Mon May 1 21:50:23 2023 +0000

    chore(release): 6.1.0 [skip ci]

    # [6.1.0](https://github.com/parse-community/parse-server/compare/6.0.0...6.1.0) (2023-05-01)

    ### Bug Fixes

    * LiveQuery can return incorrectly formatted date ([#8456](https://github.com/parse-community/parse-server/issues/8456)) ([4ce135a](4ce135a4fe))
    * Nested date is incorrectly decoded as empty object `{}` when fetching a Parse Object ([#8446](https://github.com/parse-community/parse-server/issues/8446)) ([22d2446](22d2446dfe))
    * Parameters missing in `afterFind` trigger of authentication adapters ([#8458](https://github.com/parse-community/parse-server/issues/8458)) ([ce34747](ce34747e8a))
    * Rate limiting across multiple servers via Redis not working ([#8469](https://github.com/parse-community/parse-server/issues/8469)) ([d9e347d](d9e347d741))
    * Security upgrade jsonwebtoken to 9.0.0 ([#8420](https://github.com/parse-community/parse-server/issues/8420)) ([f5bfe45](f5bfe4571e))

    ### Features

    * Add `afterFind` trigger to authentication adapters ([#8444](https://github.com/parse-community/parse-server/issues/8444)) ([c793bb8](c793bb88e7))
    * Add option `schemaCacheTtl` for schema cache pulling as alternative to `enableSchemaHooks` ([#8436](https://github.com/parse-community/parse-server/issues/8436)) ([b3b76de](b3b76de71b))
    * Add Parse Server option `resetPasswordSuccessOnInvalidEmail` to choose success or error response on password reset with invalid email ([#7551](https://github.com/parse-community/parse-server/issues/7551)) ([e5d610e](e5d610e5e4))
    * Add rate limiting across multiple servers via Redis ([#8394](https://github.com/parse-community/parse-server/issues/8394)) ([34833e4](34833e42ee))
    * Allow multiple origins for header `Access-Control-Allow-Origin` ([#8517](https://github.com/parse-community/parse-server/issues/8517)) ([4f15539](4f15539ac2))
    * Deprecate LiveQuery `fields` option in favor of `keys` for semantic consistency ([#8388](https://github.com/parse-community/parse-server/issues/8388)) ([a49e323](a49e323d5a))
    * Export `AuthAdapter` to make it available for extension with custom authentication adapters ([#8443](https://github.com/parse-community/parse-server/issues/8443)) ([40c1961](40c196153b))

commit 18b63d1da7
Merge: f7eee19d f59d46c9
Author: Manuel <5673677+mtrezza@users.noreply.github.com>
Date:   Mon May 1 23:49:22 2023 +0200

    build: Release (#8526)
 2023-06-10 23:11:12 +02:00
Daniel
03fba97e05 feat: Add zones for rate limiting by ip, user, session, global (#8508) 2023-06-09 13:27:56 +02:00
Daniel
967700bdbc fix: LiveQuery server is not shut down properly when handleShutdown is called (#8491) 2023-06-08 11:04:49 +02:00
Corey
656d673cf5 feat: Add support for $eq query constraint in LiveQuery (#8614) 2023-06-08 04:04:58 +02:00
Daniel
82da30842a feat: Add new Parse Server option preventSignupWithUnverifiedEmail to prevent returning a user without session token on sign-up with unverified email address (#8451) 2023-06-07 21:51:53 +02:00
Corey
5eb690c1c5 refactor: Incorrect spelling in hooks error message (#8585) 2023-05-28 12:58:16 +02:00
Daniel
c2e4f8369b refactor: Upgrade lru-cache from 7.12.0 to 9.1.1 (#8559) 2023-05-25 23:59:42 +02:00
Daniel
28aeda3f16 feat: Allow Parse.Object pointers in Cloud Code arguments (#8490) 2023-05-25 22:02:33 +02:00
Daniel
a005874776 refactor: Upgrade commander from 5.1.0 to 10.0.1 (#8557) 2023-05-22 17:11:50 +02:00
Manuel
a27482c57e refactor: Add new Parse Server option fileUpload.fileExtensions to restrict file upload by file extension (#8539) 2023-05-21 01:31:52 +02:00
Daniel
d4cda4b26c fix: GridFS file storage doesn't work with certain enableSchemaHooks settings (#8467) 2023-05-19 08:41:48 +02:00
Daniel
6f885d36b9 feat: extendSessionOnUse to automatically renew Parse Sessions (#8505) 2023-05-17 19:49:25 +02:00
Diamond Lewis
afd0515e20 fix: Cloud Code Trigger afterSave executes even if not set (#8520) 2023-05-12 02:39:54 +02:00
alljinx
2caea310be feat: Add option to change the log level of logs emitted by Cloud Functions (#8530) 2023-05-09 15:03:00 +02:00
Marc Derhammer
4f15539ac2 feat: Allow multiple origins for header Access-Control-Allow-Origin (#8517) 2023-05-01 22:25:22 +02:00
Daniel
65e5879e42 ci: Fix flaky tests (#8468) 2023-03-10 23:54:05 +01:00
Daniel
34833e42ee feat: Add rate limiting across multiple servers via Redis (#8394) 2023-03-06 17:43:15 +01:00
Daniel
4ce135a4fe fix: LiveQuery can return incorrectly formatted date (#8456) 2023-03-06 11:26:06 +01:00
Daniel
ce34747e8a fix: Parameters missing in afterFind trigger of authentication adapters (#8458) 2023-03-06 03:18:00 +01:00
Daniel
c793bb88e7 feat: Add afterFind trigger to authentication adapters (#8444) 2023-03-06 01:35:15 +01:00
Corey
87cab09b6a refactor: Upgrade pg-promise to 11.3.0 and pg-monitor to 2.0.0 (#8453) 2023-03-06 00:16:04 +01:00
Daniel
22d2446dfe fix: Nested date is incorrectly decoded as empty object {} when fetching a Parse Object (#8446) 2023-03-05 01:22:19 +01:00
Daniel
b3b76de71b feat: Add option schemaCacheTtl for schema cache pulling as alternative to enableSchemaHooks (#8436) 2023-02-27 01:55:47 +01:00
Daniel
e5d610e5e4 feat: Add Parse Server option resetPasswordSuccessOnInvalidEmail to choose success or error response on password reset with invalid email (#7551) 2023-02-24 20:30:48 +01:00
Daniel
a49e323d5a feat: Deprecate LiveQuery fields option in favor of keys for semantic consistency (#8388) 2023-02-17 13:24:33 +01:00
Daniel
f5bfe4571e fix: Security upgrade jsonwebtoken to 9.0.0 (#8420) 2023-02-07 12:45:30 +01:00
Daniel
9092874a9a feat: Upgrade to Parse JavaScript SDK 4 (#8332) 2023-01-26 10:49:03 +01:00
Daniel
c114dc8831 fix: Rate limiter may reject requests that contain a session token (#8399) 2023-01-25 14:35:39 +01:00
Daniel
fc92faac75 feat: Add ParseQuery.watch to trigger LiveQuery only on update of specific fields (#8028) 2023-01-16 12:32:22 +01:00
Daniel
f3bcc9365c feat: Access the internal scope of Parse Server using the new maintenanceKey; the internal scope contains unofficial and undocumented fields (prefixed with underscore _) which are used internally by Parse Server; you may want to manipulate these fields for out-of-band changes such as data migration or correction tasks; changes within the internal scope of Parse Server may happen at any time without notice or changelog entry, it is therefore recommended to look at the source code of Parse Server to understand the effects of manipulating internal fields before using the key; it is discouraged to use the maintenanceKey for routine operations in a production environment; see [access scopes](https://github.com/parse-community/parse-server#access-scopes) (#8212) 
BREAKING CHANGE: Fields in the internal scope of Parse Server (prefixed with underscore `_`) are only returned using the new `maintenanceKey`; previously the `masterKey` allowed reading of internal fields; see [access scopes](https://github.com/parse-community/parse-server#access-scopes) for a comparison of the keys' access permissions (#8212)
 2023-01-08 22:02:12 +01:00
Daniel
ffa4974158 feat: Adapt verifyServerUrl for new asynchronous Parse Server start-up states (#8366) 
BREAKING CHANGE: The method `ParseServer.verifyServerUrl` now returns a promise instead of a callback.
 2023-01-08 18:23:01 +01:00
Daniel
6c79f6a69e feat: Add request rate limiter based on IP address (#8174) 2023-01-06 13:39:02 +01:00
Daniel
d0d30c4f13 feat: Remove deprecation DEPPS1: Native MongoDB syntax in aggregation pipeline (#8362) 
BREAKING CHANGE: The MongoDB aggregation pipeline requires native MongoDB syntax instead of the custom Parse Server syntax; for example pipeline stage names require a leading dollar sign like `$match` and the MongoDB document ID is referenced using `_id` instead of `objectId` (#8362)
 2023-01-05 15:53:43 +01:00