joe/kami-parse-server
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
3a5c38d2e4e268ba21e623b2ba27ee64558e1a6f
kami-parse-server/src/Config.js

378 lines
12 KiB
JavaScript
Raw Normal View History

Initial release, parse-server, 2.0.0
2016-01-28 10:58:12 -08:00
// A Config object provides information about how a specific app is
// configured.
// mount is the URL for the root of the API; includes http, domain, etc.
Adds Hooks API Adds Parse.Hooks.js in src/cloud-code/Parse.Hooks.js Moves Cloud code related functions in src/cloud-code
2016-02-05 14:38:09 -05:00
Adding Caching Adapter, allows caching of _Role and _User queries (fixes #168) (#1664) * Adding Caching Adapter, allows caching of _Role and _User queries.
2016-05-18 12:12:30 +12:00
import AppCache from './cache';
Adds schema caching capabilities (5s by default) (#2286) * Adds schema caching capabilities (off by default) * Use InMemoryCacheAdapter * Uses proper adapter to generate a cache * Fix bugs when running disabled cache * nits * nits * Use options object instead of boolean * Imrpove concurrency of loadSchema * Adds testing with SCHEMA_CACHE_ON * Use CacheController instead of generator - Makes caching SchemaCache use a generated prefix - Makes clearing the SchemaCache clear only the cached schema keys - Enable cache by default (ttl 5s)
2016-07-23 06:23:59 +02:00
import SchemaCache from './Controllers/SchemaCache';
import DatabaseController from './Controllers/DatabaseController';
Security: limit Masterkey remote access (#4017) * update choose_password to have the confirmation * add comment mark * First version, no test * throw error right away instead of just use masterKey false * fix the logic * move it up before the masterKey check * adding some test * typo * remove the choose_password * newline * add cli options * remove trailing space * handle in case the server is behind proxy * add getting the first ip in the ip list of xff * sanity check the ip in config if it is a valid ip address * split ip extraction to another function * trailing spaces
2017-07-23 18:26:30 +02:00
import net from 'net';
Add idempotency (#6748) * added idempotency router and middleware * added idempotency rules for routes classes, functions, jobs, installaions, users * fixed typo * ignore requests without header * removed unused var * enabled feature only for MongoDB * changed code comment * fixed inconsistend storage adapter specification * Trigger notification * Travis CI trigger * Travis CI trigger * Travis CI trigger * rebuilt option definitions * fixed incorrect import path * added new request ID header to allowed headers * fixed typescript typos * add new system class to spec helper * fixed typescript typos * re-added postgres conn parameter * removed postgres conn parameter * fixed incorrect schema for index creation * temporarily disabling index creation to fix postgres issue * temporarily disabling index creation to fix postgres issue * temporarily disabling index creation to fix postgres issue * temporarily disabling index creation to fix postgres issue * temporarily disabling index creation to fix postgres issue * temporarily disabling index creation to fix postgres issue * temporarily disabling index creation to fix postgres issue * trying to fix postgres issue * fixed incorrect auth when writing to _Idempotency * trying to fix postgres issue * Travis CI trigger * added test cases * removed number grouping * fixed test description * trying to fix postgres issue * added Github readme docs * added change log * refactored tests; fixed some typos * fixed test case * fixed default TTL value * Travis CI Trigger * Travis CI Trigger * Travis CI Trigger * added test case to increase coverage * Trigger Travis CI * changed configuration syntax to use regex; added test cases * removed unused vars * removed IdempotencyRouter * Trigger Travis CI * updated docs * updated docs * updated docs * updated docs * update docs * Trigger Travis CI * fixed coverage * removed code comments
2020-07-15 20:10:33 +02:00
import { IdempotencyOptions } from './Options/Definitions';
cache as ES6
2016-02-24 15:55:11 -05:00
Adds ability to override mount with publicServerURL for production uses
2016-03-30 19:50:08 -04:00
function removeTrailingSlash(str) {
if (!str) {
return str;
}
Use Prettier JS (#5017) * Adds prettier * Run lint before tests
2018-09-01 13:58:06 -04:00
if (str.endsWith('/')) {
Add lint rule space-infix-ops (#3237) Disallows: 1+1. Must be 1 + 1.
2017-01-11 12:31:40 -08:00
str = str.substr(0, str.length - 1);
Adds ability to override mount with publicServerURL for production uses
2016-03-30 19:50:08 -04:00
}
return str;
}
Refactors FilesController in FilesRouter and FilesController
2016-02-20 12:25:43 -05:00
export class Config {
Refactors configuration management (#4271) * Adds flow types / Configuration interfaces * Lets call it options * Use a single interface to generate the configurations * Translates options to definitions only if comments are set * improves logic * Moves objects around * Fixes issue affecting logging of circular objects * fixes undefined env * Moves all defaults to defaults * Adds back CLI defaults * Restored defaults in commander.js * Merge provided defaults and platform defaults * Addresses visual nits * Improves Config.js code * Adds ability to pass the default value in trailing comments * Load platform defaults from the definitions file * proper default values on various options * Adds ParseServer.start and server.start(options) as quick startup methods * Moves creating liveQueryServer http into ParseServer.js * removes dead code * Adds tests to guarantee we can start a LQ Server from main module * Fixes incorrect code regading liveQuery init port * Start a http server for LQ if port is specified * ensure we dont fail if config.port is not set * Specify port * ignore other path skipped in tests * Adds test for custom middleware setting * Refactors new Config into Config.get - Hides AppCache from ParseServer.js, use Config.put which validates * Extracts controller creation into Controllers/index.js - This makes the ParseServer init way simpler * Move serverURL inference into ParseServer * review nits
2017-10-23 08:43:05 -04:00
static get(applicationId: string, mount: string) {
Enable prefer-const lint rule (#3202)
2016-12-07 15:17:05 -08:00
const cacheInfo = AppCache.get(applicationId);
Cleanup, remove unusued methods and unify cache.js.
2016-02-26 20:55:17 -08:00
if (!cacheInfo) {
Refactors FilesController in FilesRouter and FilesController
2016-02-20 12:25:43 -05:00
return;
}
Refactors configuration management (#4271) * Adds flow types / Configuration interfaces * Lets call it options * Use a single interface to generate the configurations * Translates options to definitions only if comments are set * improves logic * Moves objects around * Fixes issue affecting logging of circular objects * fixes undefined env * Moves all defaults to defaults * Adds back CLI defaults * Restored defaults in commander.js * Merge provided defaults and platform defaults * Addresses visual nits * Improves Config.js code * Adds ability to pass the default value in trailing comments * Load platform defaults from the definitions file * proper default values on various options * Adds ParseServer.start and server.start(options) as quick startup methods * Moves creating liveQueryServer http into ParseServer.js * removes dead code * Adds tests to guarantee we can start a LQ Server from main module * Fixes incorrect code regading liveQuery init port * Start a http server for LQ if port is specified * ensure we dont fail if config.port is not set * Specify port * ignore other path skipped in tests * Adds test for custom middleware setting * Refactors new Config into Config.get - Hides AppCache from ParseServer.js, use Config.put which validates * Extracts controller creation into Controllers/index.js - This makes the ParseServer init way simpler * Move serverURL inference into ParseServer * review nits
2017-10-23 08:43:05 -04:00
const config = new Config();
config.applicationId = applicationId;
Use Prettier JS (#5017) * Adds prettier * Run lint before tests
2018-09-01 13:58:06 -04:00
Object.keys(cacheInfo).forEach(key => {
Refactors configuration management (#4271) * Adds flow types / Configuration interfaces * Lets call it options * Use a single interface to generate the configurations * Translates options to definitions only if comments are set * improves logic * Moves objects around * Fixes issue affecting logging of circular objects * fixes undefined env * Moves all defaults to defaults * Adds back CLI defaults * Restored defaults in commander.js * Merge provided defaults and platform defaults * Addresses visual nits * Improves Config.js code * Adds ability to pass the default value in trailing comments * Load platform defaults from the definitions file * proper default values on various options * Adds ParseServer.start and server.start(options) as quick startup methods * Moves creating liveQueryServer http into ParseServer.js * removes dead code * Adds tests to guarantee we can start a LQ Server from main module * Fixes incorrect code regading liveQuery init port * Start a http server for LQ if port is specified * ensure we dont fail if config.port is not set * Specify port * ignore other path skipped in tests * Adds test for custom middleware setting * Refactors new Config into Config.get - Hides AppCache from ParseServer.js, use Config.put which validates * Extracts controller creation into Controllers/index.js - This makes the ParseServer init way simpler * Move serverURL inference into ParseServer * review nits
2017-10-23 08:43:05 -04:00
if (key == 'databaseController') {
Use Prettier JS (#5017) * Adds prettier * Run lint before tests
2018-09-01 13:58:06 -04:00
const schemaCache = new SchemaCache(
cacheInfo.cacheController,
Refactors configuration management (#4271) * Adds flow types / Configuration interfaces * Lets call it options * Use a single interface to generate the configurations * Translates options to definitions only if comments are set * improves logic * Moves objects around * Fixes issue affecting logging of circular objects * fixes undefined env * Moves all defaults to defaults * Adds back CLI defaults * Restored defaults in commander.js * Merge provided defaults and platform defaults * Addresses visual nits * Improves Config.js code * Adds ability to pass the default value in trailing comments * Load platform defaults from the definitions file * proper default values on various options * Adds ParseServer.start and server.start(options) as quick startup methods * Moves creating liveQueryServer http into ParseServer.js * removes dead code * Adds tests to guarantee we can start a LQ Server from main module * Fixes incorrect code regading liveQuery init port * Start a http server for LQ if port is specified * ensure we dont fail if config.port is not set * Specify port * ignore other path skipped in tests * Adds test for custom middleware setting * Refactors new Config into Config.get - Hides AppCache from ParseServer.js, use Config.put which validates * Extracts controller creation into Controllers/index.js - This makes the ParseServer init way simpler * Move serverURL inference into ParseServer * review nits
2017-10-23 08:43:05 -04:00
cacheInfo.schemaCacheTTL,
Use Prettier JS (#5017) * Adds prettier * Run lint before tests
2018-09-01 13:58:06 -04:00
cacheInfo.enableSingleSchemaCache
);
fix(prettier): Properly handle lint-stage files (#6970) Now handles top level files and recursive files in folders. Set max line length to be 100
2020-10-25 15:06:58 -05:00
config.database = new DatabaseController(cacheInfo.databaseController.adapter, schemaCache);
Refactors configuration management (#4271) * Adds flow types / Configuration interfaces * Lets call it options * Use a single interface to generate the configurations * Translates options to definitions only if comments are set * improves logic * Moves objects around * Fixes issue affecting logging of circular objects * fixes undefined env * Moves all defaults to defaults * Adds back CLI defaults * Restored defaults in commander.js * Merge provided defaults and platform defaults * Addresses visual nits * Improves Config.js code * Adds ability to pass the default value in trailing comments * Load platform defaults from the definitions file * proper default values on various options * Adds ParseServer.start and server.start(options) as quick startup methods * Moves creating liveQueryServer http into ParseServer.js * removes dead code * Adds tests to guarantee we can start a LQ Server from main module * Fixes incorrect code regading liveQuery init port * Start a http server for LQ if port is specified * ensure we dont fail if config.port is not set * Specify port * ignore other path skipped in tests * Adds test for custom middleware setting * Refactors new Config into Config.get - Hides AppCache from ParseServer.js, use Config.put which validates * Extracts controller creation into Controllers/index.js - This makes the ParseServer init way simpler * Move serverURL inference into ParseServer * review nits
2017-10-23 08:43:05 -04:00
} else {
config[key] = cacheInfo[key];
}
});
config.mount = removeTrailingSlash(mount);
fix(prettier): Properly handle lint-stage files (#6970) Now handles top level files and recursive files in folders. Set max line length to be 100
2020-10-25 15:06:58 -05:00
config.generateSessionExpiresAt = config.generateSessionExpiresAt.bind(config);
Use Prettier JS (#5017) * Adds prettier * Run lint before tests
2018-09-01 13:58:06 -04:00
config.generateEmailVerifyTokenExpiresAt = config.generateEmailVerifyTokenExpiresAt.bind(
config
);
Refactors configuration management (#4271) * Adds flow types / Configuration interfaces * Lets call it options * Use a single interface to generate the configurations * Translates options to definitions only if comments are set * improves logic * Moves objects around * Fixes issue affecting logging of circular objects * fixes undefined env * Moves all defaults to defaults * Adds back CLI defaults * Restored defaults in commander.js * Merge provided defaults and platform defaults * Addresses visual nits * Improves Config.js code * Adds ability to pass the default value in trailing comments * Load platform defaults from the definitions file * proper default values on various options * Adds ParseServer.start and server.start(options) as quick startup methods * Moves creating liveQueryServer http into ParseServer.js * removes dead code * Adds tests to guarantee we can start a LQ Server from main module * Fixes incorrect code regading liveQuery init port * Start a http server for LQ if port is specified * ensure we dont fail if config.port is not set * Specify port * ignore other path skipped in tests * Adds test for custom middleware setting * Refactors new Config into Config.get - Hides AppCache from ParseServer.js, use Config.put which validates * Extracts controller creation into Controllers/index.js - This makes the ParseServer init way simpler * Move serverURL inference into ParseServer * review nits
2017-10-23 08:43:05 -04:00
return config;
}
Moved getting the url for every file from RestQuery into FilesController.
2016-02-09 19:31:23 -08:00
Refactors configuration management (#4271) * Adds flow types / Configuration interfaces * Lets call it options * Use a single interface to generate the configurations * Translates options to definitions only if comments are set * improves logic * Moves objects around * Fixes issue affecting logging of circular objects * fixes undefined env * Moves all defaults to defaults * Adds back CLI defaults * Restored defaults in commander.js * Merge provided defaults and platform defaults * Addresses visual nits * Improves Config.js code * Adds ability to pass the default value in trailing comments * Load platform defaults from the definitions file * proper default values on various options * Adds ParseServer.start and server.start(options) as quick startup methods * Moves creating liveQueryServer http into ParseServer.js * removes dead code * Adds tests to guarantee we can start a LQ Server from main module * Fixes incorrect code regading liveQuery init port * Start a http server for LQ if port is specified * ensure we dont fail if config.port is not set * Specify port * ignore other path skipped in tests * Adds test for custom middleware setting * Refactors new Config into Config.get - Hides AppCache from ParseServer.js, use Config.put which validates * Extracts controller creation into Controllers/index.js - This makes the ParseServer init way simpler * Move serverURL inference into ParseServer * review nits
2017-10-23 08:43:05 -04:00
static put(serverConfiguration) {
Config.validate(serverConfiguration);
AppCache.put(serverConfiguration.appId, serverConfiguration);
Config.setupPasswordValidator(serverConfiguration.passwordPolicy);
return serverConfiguration;
Refactors FilesController in FilesRouter and FilesController
2016-02-20 12:25:43 -05:00
}
Add LiveQuery
2016-03-10 14:27:00 -08:00
Unique indexes (#1971) * Add unique indexing * Add unique indexing for username/email * WIP * Finish unique indexes * Notes on how to upgrade to 2.3.0 safely * index on unique-indexes: c454180 Revert "Log objects rather than JSON stringified objects (#1922)" * reconfigure username/email tests * Start dealing with test shittyness * Remove tests for files that we are removing * most tests passing * fix failing test * Make specific server config for tests async * Fix more tests * fix more tests * Fix another test * fix more tests * Fix email validation * move some stuff around * Destroy server to ensure all connections are gone * Fix broken cloud code * Save callback to variable * no need to delete non existant cloud * undo * Fix all tests where connections are left open after server closes. * Fix issues caused by missing gridstore adapter * Update guide for 2.3.0 and fix final tests * use strict * don't use features that won't work in node 4 * Fix syntax error * Fix typos * Add duplicate finding command * Update 2.3.0.md
2016-06-10 20:27:21 -07:00
static validate({
verifyUserEmails,
Stop requiring verifyUserEmails for password reset functionality (#2166)
2016-06-28 19:25:44 -07:00
userController,
Unique indexes (#1971) * Add unique indexing * Add unique indexing for username/email * WIP * Finish unique indexes * Notes on how to upgrade to 2.3.0 safely * index on unique-indexes: c454180 Revert "Log objects rather than JSON stringified objects (#1922)" * reconfigure username/email tests * Start dealing with test shittyness * Remove tests for files that we are removing * most tests passing * fix failing test * Make specific server config for tests async * Fix more tests * fix more tests * Fix another test * fix more tests * Fix email validation * move some stuff around * Destroy server to ensure all connections are gone * Fix broken cloud code * Save callback to variable * no need to delete non existant cloud * undo * Fix all tests where connections are left open after server closes. * Fix issues caused by missing gridstore adapter * Update guide for 2.3.0 and fix final tests * use strict * don't use features that won't work in node 4 * Fix syntax error * Fix typos * Add duplicate finding command * Update 2.3.0.md
2016-06-10 20:27:21 -07:00
appName,
publicServerURL,
revokeSessionOnPasswordReset,
expireInactiveSessions,
sessionLength,
Add maxLimit server configuration (#4048) * Add maxLimit server configuration * Fix maxlimit validation logic to correctly handle maxLimit:0 case
2017-10-02 06:23:09 -07:00
maxLimit,
Adds ability to set an account lockout policy (#2601) * Adds ability to set account lockout policy * change fit to it in tests
2016-09-02 17:00:47 -07:00
emailVerifyTokenValidityDuration,
Adding support for optional Password Policy (#3032) * adds resetTokenValidityDuration setting * adds a validator to validate password that can be used to enforce strong passwords * adds unit tests for passwordPolicy.validator * adds unit tests to to fail reset password function if password is not in a valid format * updates README.md for passwordPolicy * prevents duplicate check for password validator in updateUserPassword * adds optional setting to disallow username in password * updates test cases to use fdescribe instead of describe * updates test cases to use request-promise instead of request * adds ability to use a RegExp or Callback function or both for a passwordPolicy.validator * expect username parameter in redirect to password_reset_success * adds support for _perishable_token_expires_at in postgres
2016-11-17 22:07:51 +05:30
accountLockout,
Security: limit Masterkey remote access (#4017) * update choose_password to have the confirmation * add comment mark * First version, no test * throw error right away instead of just use masterKey false * fix the logic * move it up before the masterKey check * adding some test * typo * remove the choose_password * newline * add cli options * remove trailing space * handle in case the server is behind proxy * add getting the first ip in the ip list of xff * sanity check the ip in config if it is a valid ip address * split ip extraction to another function * trailing spaces
2017-07-23 18:26:30 +02:00
passwordPolicy,
Adds support for read-only masterKey (#4297) * Adds support for read-only masterKey * Adds tests to make sure all endpoints are properly protected * Updates readme * nits
2017-10-26 15:35:07 -04:00
masterKeyIps,
masterKey,
readOnlyMasterKey,
feat: add allowHeaders to Options (#6044) * feat: add allowHeaders to Options This allows developers to use custom headers in their API requests, and they will be accepted by their mounted app. * refactor: convert allowCrossDomain to generator to add appId in scope This is necessary as the middleware may run in OPTIONS request that do not contain the appId within the header. * chore: update Definitions and docs * fix: update test to use new allowCrossDomain params * chore: add tests for allowCustomDomain middleware re: allowHeadrs
2019-09-12 22:03:57 +01:00
allowHeaders,
Add idempotency (#6748) * added idempotency router and middleware * added idempotency rules for routes classes, functions, jobs, installaions, users * fixed typo * ignore requests without header * removed unused var * enabled feature only for MongoDB * changed code comment * fixed inconsistend storage adapter specification * Trigger notification * Travis CI trigger * Travis CI trigger * Travis CI trigger * rebuilt option definitions * fixed incorrect import path * added new request ID header to allowed headers * fixed typescript typos * add new system class to spec helper * fixed typescript typos * re-added postgres conn parameter * removed postgres conn parameter * fixed incorrect schema for index creation * temporarily disabling index creation to fix postgres issue * temporarily disabling index creation to fix postgres issue * temporarily disabling index creation to fix postgres issue * temporarily disabling index creation to fix postgres issue * temporarily disabling index creation to fix postgres issue * temporarily disabling index creation to fix postgres issue * temporarily disabling index creation to fix postgres issue * trying to fix postgres issue * fixed incorrect auth when writing to _Idempotency * trying to fix postgres issue * Travis CI trigger * added test cases * removed number grouping * fixed test description * trying to fix postgres issue * added Github readme docs * added change log * refactored tests; fixed some typos * fixed test case * fixed default TTL value * Travis CI Trigger * Travis CI Trigger * Travis CI Trigger * added test case to increase coverage * Trigger Travis CI * changed configuration syntax to use regex; added test cases * removed unused vars * removed IdempotencyRouter * Trigger Travis CI * updated docs * updated docs * updated docs * updated docs * update docs * Trigger Travis CI * fixed coverage * removed code comments
2020-07-15 20:10:33 +02:00
idempotencyOptions,
Feature: Reuse tokens if they haven't expired (#7017) * Reuse tokens if they haven't expired * Fix failing tests * Update UserController.js * Update tests * Tests for invalid config * restart tests
2020-11-26 04:30:52 +11:00
emailVerifyTokenReuseIfValid,
Unique indexes (#1971) * Add unique indexing * Add unique indexing for username/email * WIP * Finish unique indexes * Notes on how to upgrade to 2.3.0 safely * index on unique-indexes: c454180 Revert "Log objects rather than JSON stringified objects (#1922)" * reconfigure username/email tests * Start dealing with test shittyness * Remove tests for files that we are removing * most tests passing * fix failing test * Make specific server config for tests async * Fix more tests * fix more tests * Fix another test * fix more tests * Fix email validation * move some stuff around * Destroy server to ensure all connections are gone * Fix broken cloud code * Save callback to variable * no need to delete non existant cloud * undo * Fix all tests where connections are left open after server closes. * Fix issues caused by missing gridstore adapter * Update guide for 2.3.0 and fix final tests * use strict * don't use features that won't work in node 4 * Fix syntax error * Fix typos * Add duplicate finding command * Update 2.3.0.md
2016-06-10 20:27:21 -07:00
}) {
Adds support for read-only masterKey (#4297) * Adds support for read-only masterKey * Adds tests to make sure all endpoints are properly protected * Updates readme * nits
2017-10-26 15:35:07 -04:00
if (masterKey === readOnlyMasterKey) {
throw new Error('masterKey and readOnlyMasterKey should be different');
}
Stop requiring verifyUserEmails for password reset functionality (#2166)
2016-06-28 19:25:44 -07:00
const emailAdapter = userController.adapter;
if (verifyUserEmails) {
Use Prettier JS (#5017) * Adds prettier * Run lint before tests
2018-09-01 13:58:06 -04:00
this.validateEmailConfiguration({
emailAdapter,
appName,
publicServerURL,
emailVerifyTokenValidityDuration,
Feature: Reuse tokens if they haven't expired (#7017) * Reuse tokens if they haven't expired * Fix failing tests * Update UserController.js * Update tests * Tests for invalid config * restart tests
2020-11-26 04:30:52 +11:00
emailVerifyTokenReuseIfValid,
Use Prettier JS (#5017) * Adds prettier * Run lint before tests
2018-09-01 13:58:06 -04:00
});
Stop requiring verifyUserEmails for password reset functionality (#2166)
2016-06-28 19:25:44 -07:00
}
Add revokeSessionOnPasswordReset option. Closes #1584 (#1597) * Add revokeSessionOnPasswordReset option * Fix nits
2016-04-22 15:21:50 -07:00
Adds ability to set an account lockout policy (#2601) * Adds ability to set account lockout policy * change fit to it in tests
2016-09-02 17:00:47 -07:00
this.validateAccountLockoutPolicy(accountLockout);
Adding support for optional Password Policy (#3032) * adds resetTokenValidityDuration setting * adds a validator to validate password that can be used to enforce strong passwords * adds unit tests for passwordPolicy.validator * adds unit tests to to fail reset password function if password is not in a valid format * updates README.md for passwordPolicy * prevents duplicate check for password validator in updateUserPassword * adds optional setting to disallow username in password * updates test cases to use fdescribe instead of describe * updates test cases to use request-promise instead of request * adds ability to use a RegExp or Callback function or both for a passwordPolicy.validator * expect username parameter in redirect to password_reset_success * adds support for _perishable_token_expires_at in postgres
2016-11-17 22:07:51 +05:30
this.validatePasswordPolicy(passwordPolicy);
Unique indexes (#1971) * Add unique indexing * Add unique indexing for username/email * WIP * Finish unique indexes * Notes on how to upgrade to 2.3.0 safely * index on unique-indexes: c454180 Revert "Log objects rather than JSON stringified objects (#1922)" * reconfigure username/email tests * Start dealing with test shittyness * Remove tests for files that we are removing * most tests passing * fix failing test * Make specific server config for tests async * Fix more tests * fix more tests * Fix another test * fix more tests * Fix email validation * move some stuff around * Destroy server to ensure all connections are gone * Fix broken cloud code * Save callback to variable * no need to delete non existant cloud * undo * Fix all tests where connections are left open after server closes. * Fix issues caused by missing gridstore adapter * Update guide for 2.3.0 and fix final tests * use strict * don't use features that won't work in node 4 * Fix syntax error * Fix typos * Add duplicate finding command * Update 2.3.0.md
2016-06-10 20:27:21 -07:00
if (typeof revokeSessionOnPasswordReset !== 'boolean') {
Add revokeSessionOnPasswordReset option. Closes #1584 (#1597) * Add revokeSessionOnPasswordReset option * Fix nits
2016-04-22 15:21:50 -07:00
throw 'revokeSessionOnPasswordReset must be a boolean value';
}
Unique indexes (#1971) * Add unique indexing * Add unique indexing for username/email * WIP * Finish unique indexes * Notes on how to upgrade to 2.3.0 safely * index on unique-indexes: c454180 Revert "Log objects rather than JSON stringified objects (#1922)" * reconfigure username/email tests * Start dealing with test shittyness * Remove tests for files that we are removing * most tests passing * fix failing test * Make specific server config for tests async * Fix more tests * fix more tests * Fix another test * fix more tests * Fix email validation * move some stuff around * Destroy server to ensure all connections are gone * Fix broken cloud code * Save callback to variable * no need to delete non existant cloud * undo * Fix all tests where connections are left open after server closes. * Fix issues caused by missing gridstore adapter * Update guide for 2.3.0 and fix final tests * use strict * don't use features that won't work in node 4 * Fix syntax error * Fix typos * Add duplicate finding command * Update 2.3.0.md
2016-06-10 20:27:21 -07:00
if (publicServerURL) {
fix(prettier): Properly handle lint-stage files (#6970) Now handles top level files and recursive files in folders. Set max line length to be 100
2020-10-25 15:06:58 -05:00
if (!publicServerURL.startsWith('http://') && !publicServerURL.startsWith('https://')) {
Use Prettier JS (#5017) * Adds prettier * Run lint before tests
2018-09-01 13:58:06 -04:00
throw 'publicServerURL should be a valid HTTPS URL starting with https://';
Adds ability to override mount with publicServerURL for production uses
2016-03-30 19:50:08 -04:00
}
}
Unique indexes (#1971) * Add unique indexing * Add unique indexing for username/email * WIP * Finish unique indexes * Notes on how to upgrade to 2.3.0 safely * index on unique-indexes: c454180 Revert "Log objects rather than JSON stringified objects (#1922)" * reconfigure username/email tests * Start dealing with test shittyness * Remove tests for files that we are removing * most tests passing * fix failing test * Make specific server config for tests async * Fix more tests * fix more tests * Fix another test * fix more tests * Fix email validation * move some stuff around * Destroy server to ensure all connections are gone * Fix broken cloud code * Save callback to variable * no need to delete non existant cloud * undo * Fix all tests where connections are left open after server closes. * Fix issues caused by missing gridstore adapter * Update guide for 2.3.0 and fix final tests * use strict * don't use features that won't work in node 4 * Fix syntax error * Fix typos * Add duplicate finding command * Update 2.3.0.md
2016-06-10 20:27:21 -07:00
this.validateSessionConfiguration(sessionLength, expireInactiveSessions);
Security: limit Masterkey remote access (#4017) * update choose_password to have the confirmation * add comment mark * First version, no test * throw error right away instead of just use masterKey false * fix the logic * move it up before the masterKey check * adding some test * typo * remove the choose_password * newline * add cli options * remove trailing space * handle in case the server is behind proxy * add getting the first ip in the ip list of xff * sanity check the ip in config if it is a valid ip address * split ip extraction to another function * trailing spaces
2017-07-23 18:26:30 +02:00
this.validateMasterKeyIps(masterKeyIps);
Add maxLimit server configuration (#4048) * Add maxLimit server configuration * Fix maxlimit validation logic to correctly handle maxLimit:0 case
2017-10-02 06:23:09 -07:00
this.validateMaxLimit(maxLimit);
feat: add allowHeaders to Options (#6044) * feat: add allowHeaders to Options This allows developers to use custom headers in their API requests, and they will be accepted by their mounted app. * refactor: convert allowCrossDomain to generator to add appId in scope This is necessary as the middleware may run in OPTIONS request that do not contain the appId within the header. * chore: update Definitions and docs * fix: update test to use new allowCrossDomain params * chore: add tests for allowCustomDomain middleware re: allowHeadrs
2019-09-12 22:03:57 +01:00
this.validateAllowHeaders(allowHeaders);
Add idempotency (#6748) * added idempotency router and middleware * added idempotency rules for routes classes, functions, jobs, installaions, users * fixed typo * ignore requests without header * removed unused var * enabled feature only for MongoDB * changed code comment * fixed inconsistend storage adapter specification * Trigger notification * Travis CI trigger * Travis CI trigger * Travis CI trigger * rebuilt option definitions * fixed incorrect import path * added new request ID header to allowed headers * fixed typescript typos * add new system class to spec helper * fixed typescript typos * re-added postgres conn parameter * removed postgres conn parameter * fixed incorrect schema for index creation * temporarily disabling index creation to fix postgres issue * temporarily disabling index creation to fix postgres issue * temporarily disabling index creation to fix postgres issue * temporarily disabling index creation to fix postgres issue * temporarily disabling index creation to fix postgres issue * temporarily disabling index creation to fix postgres issue * temporarily disabling index creation to fix postgres issue * trying to fix postgres issue * fixed incorrect auth when writing to _Idempotency * trying to fix postgres issue * Travis CI trigger * added test cases * removed number grouping * fixed test description * trying to fix postgres issue * added Github readme docs * added change log * refactored tests; fixed some typos * fixed test case * fixed default TTL value * Travis CI Trigger * Travis CI Trigger * Travis CI Trigger * added test case to increase coverage * Trigger Travis CI * changed configuration syntax to use regex; added test cases * removed unused vars * removed IdempotencyRouter * Trigger Travis CI * updated docs * updated docs * updated docs * updated docs * update docs * Trigger Travis CI * fixed coverage * removed code comments
2020-07-15 20:10:33 +02:00
this.validateIdempotencyOptions(idempotencyOptions);
}
static validateIdempotencyOptions(idempotencyOptions) {
GraphQL: Optimize queries, fixes some null returns (on object), fix stitched GraphQLUpload (#6709) * Optimize query, fixes some null returns, fix stitched GraphQLUpload * Fix authData key selection * Prefer Iso string since other GraphQL solutions use this format * fix tests Co-authored-by: Antonio Davi Macedo Coelho de Castro <adavimacedo@gmail.com>
2020-10-02 00:19:26 +02:00
if (!idempotencyOptions) {
return;
}
Add idempotency (#6748) * added idempotency router and middleware * added idempotency rules for routes classes, functions, jobs, installaions, users * fixed typo * ignore requests without header * removed unused var * enabled feature only for MongoDB * changed code comment * fixed inconsistend storage adapter specification * Trigger notification * Travis CI trigger * Travis CI trigger * Travis CI trigger * rebuilt option definitions * fixed incorrect import path * added new request ID header to allowed headers * fixed typescript typos * add new system class to spec helper * fixed typescript typos * re-added postgres conn parameter * removed postgres conn parameter * fixed incorrect schema for index creation * temporarily disabling index creation to fix postgres issue * temporarily disabling index creation to fix postgres issue * temporarily disabling index creation to fix postgres issue * temporarily disabling index creation to fix postgres issue * temporarily disabling index creation to fix postgres issue * temporarily disabling index creation to fix postgres issue * temporarily disabling index creation to fix postgres issue * trying to fix postgres issue * fixed incorrect auth when writing to _Idempotency * trying to fix postgres issue * Travis CI trigger * added test cases * removed number grouping * fixed test description * trying to fix postgres issue * added Github readme docs * added change log * refactored tests; fixed some typos * fixed test case * fixed default TTL value * Travis CI Trigger * Travis CI Trigger * Travis CI Trigger * added test case to increase coverage * Trigger Travis CI * changed configuration syntax to use regex; added test cases * removed unused vars * removed IdempotencyRouter * Trigger Travis CI * updated docs * updated docs * updated docs * updated docs * update docs * Trigger Travis CI * fixed coverage * removed code comments
2020-07-15 20:10:33 +02:00
if (idempotencyOptions.ttl === undefined) {
idempotencyOptions.ttl = IdempotencyOptions.ttl.default;
} else if (!isNaN(idempotencyOptions.ttl) && idempotencyOptions.ttl <= 0) {
throw 'idempotency TTL value must be greater than 0 seconds';
} else if (isNaN(idempotencyOptions.ttl)) {
throw 'idempotency TTL value must be a number';
}
if (!idempotencyOptions.paths) {
idempotencyOptions.paths = IdempotencyOptions.paths.default;
} else if (!(idempotencyOptions.paths instanceof Array)) {
throw 'idempotency paths must be of an array of strings';
}
Improves validation of email parameters in Configuration
2016-02-28 00:15:59 -05:00
}
Add LiveQuery
2016-03-10 14:27:00 -08:00
Adds ability to set an account lockout policy (#2601) * Adds ability to set account lockout policy * change fit to it in tests
2016-09-02 17:00:47 -07:00
static validateAccountLockoutPolicy(accountLockout) {
if (accountLockout) {
Use Prettier JS (#5017) * Adds prettier * Run lint before tests
2018-09-01 13:58:06 -04:00
if (
typeof accountLockout.duration !== 'number' ||
accountLockout.duration <= 0 ||
accountLockout.duration > 99999
) {
Adds ability to set an account lockout policy (#2601) * Adds ability to set account lockout policy * change fit to it in tests
2016-09-02 17:00:47 -07:00
throw 'Account lockout duration should be greater than 0 and less than 100000';
}
Use Prettier JS (#5017) * Adds prettier * Run lint before tests
2018-09-01 13:58:06 -04:00
if (
!Number.isInteger(accountLockout.threshold) ||
accountLockout.threshold < 1 ||
accountLockout.threshold > 999
) {
Adds ability to set an account lockout policy (#2601) * Adds ability to set account lockout policy * change fit to it in tests
2016-09-02 17:00:47 -07:00
throw 'Account lockout threshold should be an integer greater than 0 and less than 1000';
}
}
}
Adding support for optional Password Policy (#3032) * adds resetTokenValidityDuration setting * adds a validator to validate password that can be used to enforce strong passwords * adds unit tests for passwordPolicy.validator * adds unit tests to to fail reset password function if password is not in a valid format * updates README.md for passwordPolicy * prevents duplicate check for password validator in updateUserPassword * adds optional setting to disallow username in password * updates test cases to use fdescribe instead of describe * updates test cases to use request-promise instead of request * adds ability to use a RegExp or Callback function or both for a passwordPolicy.validator * expect username parameter in redirect to password_reset_success * adds support for _perishable_token_expires_at in postgres
2016-11-17 22:07:51 +05:30
static validatePasswordPolicy(passwordPolicy) {
if (passwordPolicy) {
Use Prettier JS (#5017) * Adds prettier * Run lint before tests
2018-09-01 13:58:06 -04:00
if (
passwordPolicy.maxPasswordAge !== undefined &&
fix(prettier): Properly handle lint-stage files (#6970) Now handles top level files and recursive files in folders. Set max line length to be 100
2020-10-25 15:06:58 -05:00
(typeof passwordPolicy.maxPasswordAge !== 'number' || passwordPolicy.maxPasswordAge < 0)
Use Prettier JS (#5017) * Adds prettier * Run lint before tests
2018-09-01 13:58:06 -04:00
) {
Adds password expiry support to password policy (#3068) * Adding support for password expiry policy * Renamed daysBeforeExpiry -> maxPasswordAge
2016-11-21 21:16:38 +05:30
throw 'passwordPolicy.maxPasswordAge must be a positive number';
}
Use Prettier JS (#5017) * Adds prettier * Run lint before tests
2018-09-01 13:58:06 -04:00
if (
passwordPolicy.resetTokenValidityDuration !== undefined &&
(typeof passwordPolicy.resetTokenValidityDuration !== 'number' ||
passwordPolicy.resetTokenValidityDuration <= 0)
) {
Adding support for optional Password Policy (#3032) * adds resetTokenValidityDuration setting * adds a validator to validate password that can be used to enforce strong passwords * adds unit tests for passwordPolicy.validator * adds unit tests to to fail reset password function if password is not in a valid format * updates README.md for passwordPolicy * prevents duplicate check for password validator in updateUserPassword * adds optional setting to disallow username in password * updates test cases to use fdescribe instead of describe * updates test cases to use request-promise instead of request * adds ability to use a RegExp or Callback function or both for a passwordPolicy.validator * expect username parameter in redirect to password_reset_success * adds support for _perishable_token_expires_at in postgres
2016-11-17 22:07:51 +05:30
throw 'passwordPolicy.resetTokenValidityDuration must be a positive number';
}
Use Prettier JS (#5017) * Adds prettier * Run lint before tests
2018-09-01 13:58:06 -04:00
if (passwordPolicy.validatorPattern) {
if (typeof passwordPolicy.validatorPattern === 'string') {
fix(prettier): Properly handle lint-stage files (#6970) Now handles top level files and recursive files in folders. Set max line length to be 100
2020-10-25 15:06:58 -05:00
passwordPolicy.validatorPattern = new RegExp(passwordPolicy.validatorPattern);
Use Prettier JS (#5017) * Adds prettier * Run lint before tests
2018-09-01 13:58:06 -04:00
} else if (!(passwordPolicy.validatorPattern instanceof RegExp)) {
Add support for regex string for password policy validatorPattern setting (#3331)
2017-01-08 20:42:44 +05:30
throw 'passwordPolicy.validatorPattern must be a regex string or RegExp object.';
}
Adding support for optional Password Policy (#3032) * adds resetTokenValidityDuration setting * adds a validator to validate password that can be used to enforce strong passwords * adds unit tests for passwordPolicy.validator * adds unit tests to to fail reset password function if password is not in a valid format * updates README.md for passwordPolicy * prevents duplicate check for password validator in updateUserPassword * adds optional setting to disallow username in password * updates test cases to use fdescribe instead of describe * updates test cases to use request-promise instead of request * adds ability to use a RegExp or Callback function or both for a passwordPolicy.validator * expect username parameter in redirect to password_reset_success * adds support for _perishable_token_expires_at in postgres
2016-11-17 22:07:51 +05:30
}
Use Prettier JS (#5017) * Adds prettier * Run lint before tests
2018-09-01 13:58:06 -04:00
if (
passwordPolicy.validatorCallback &&
typeof passwordPolicy.validatorCallback !== 'function'
) {
Adding support for optional Password Policy (#3032) * adds resetTokenValidityDuration setting * adds a validator to validate password that can be used to enforce strong passwords * adds unit tests for passwordPolicy.validator * adds unit tests to to fail reset password function if password is not in a valid format * updates README.md for passwordPolicy * prevents duplicate check for password validator in updateUserPassword * adds optional setting to disallow username in password * updates test cases to use fdescribe instead of describe * updates test cases to use request-promise instead of request * adds ability to use a RegExp or Callback function or both for a passwordPolicy.validator * expect username parameter in redirect to password_reset_success * adds support for _perishable_token_expires_at in postgres
2016-11-17 22:07:51 +05:30
throw 'passwordPolicy.validatorCallback must be a function.';
}
Use Prettier JS (#5017) * Adds prettier * Run lint before tests
2018-09-01 13:58:06 -04:00
if (
passwordPolicy.doNotAllowUsername &&
typeof passwordPolicy.doNotAllowUsername !== 'boolean'
) {
Adding support for optional Password Policy (#3032) * adds resetTokenValidityDuration setting * adds a validator to validate password that can be used to enforce strong passwords * adds unit tests for passwordPolicy.validator * adds unit tests to to fail reset password function if password is not in a valid format * updates README.md for passwordPolicy * prevents duplicate check for password validator in updateUserPassword * adds optional setting to disallow username in password * updates test cases to use fdescribe instead of describe * updates test cases to use request-promise instead of request * adds ability to use a RegExp or Callback function or both for a passwordPolicy.validator * expect username parameter in redirect to password_reset_success * adds support for _perishable_token_expires_at in postgres
2016-11-17 22:07:51 +05:30
throw 'passwordPolicy.doNotAllowUsername must be a boolean value.';
}
Adds password history support to passwordPolicy (#3102) * password history support in passwordPolicy * Refactor RestWrite.transformUser * fix eslint issues
2016-11-29 22:31:52 +05:30
Use Prettier JS (#5017) * Adds prettier * Run lint before tests
2018-09-01 13:58:06 -04:00
if (
passwordPolicy.maxPasswordHistory &&
(!Number.isInteger(passwordPolicy.maxPasswordHistory) ||
passwordPolicy.maxPasswordHistory <= 0 ||
passwordPolicy.maxPasswordHistory > 20)
) {
Adds password history support to passwordPolicy (#3102) * password history support in passwordPolicy * Refactor RestWrite.transformUser * fix eslint issues
2016-11-29 22:31:52 +05:30
throw 'passwordPolicy.maxPasswordHistory must be an integer ranging 0 - 20';
}
Feature: Reuse tokens if they haven't expired (#7017) * Reuse tokens if they haven't expired * Fix failing tests * Update UserController.js * Update tests * Tests for invalid config * restart tests
2020-11-26 04:30:52 +11:00
if (
passwordPolicy.resetTokenReuseIfValid &&
typeof passwordPolicy.resetTokenReuseIfValid !== 'boolean'
) {
throw 'resetTokenReuseIfValid must be a boolean value';
}
if (passwordPolicy.resetTokenReuseIfValid && !passwordPolicy.resetTokenValidityDuration) {
throw 'You cannot use resetTokenReuseIfValid without resetTokenValidityDuration';
}
Adding support for optional Password Policy (#3032) * adds resetTokenValidityDuration setting * adds a validator to validate password that can be used to enforce strong passwords * adds unit tests for passwordPolicy.validator * adds unit tests to to fail reset password function if password is not in a valid format * updates README.md for passwordPolicy * prevents duplicate check for password validator in updateUserPassword * adds optional setting to disallow username in password * updates test cases to use fdescribe instead of describe * updates test cases to use request-promise instead of request * adds ability to use a RegExp or Callback function or both for a passwordPolicy.validator * expect username parameter in redirect to password_reset_success * adds support for _perishable_token_expires_at in postgres
2016-11-17 22:07:51 +05:30
}
}
// if the passwordPolicy.validatorPattern is configured then setup a callback to process the pattern
static setupPasswordValidator(passwordPolicy) {
if (passwordPolicy && passwordPolicy.validatorPattern) {
Use Prettier JS (#5017) * Adds prettier * Run lint before tests
2018-09-01 13:58:06 -04:00
passwordPolicy.patternValidator = value => {
Adding support for optional Password Policy (#3032) * adds resetTokenValidityDuration setting * adds a validator to validate password that can be used to enforce strong passwords * adds unit tests for passwordPolicy.validator * adds unit tests to to fail reset password function if password is not in a valid format * updates README.md for passwordPolicy * prevents duplicate check for password validator in updateUserPassword * adds optional setting to disallow username in password * updates test cases to use fdescribe instead of describe * updates test cases to use request-promise instead of request * adds ability to use a RegExp or Callback function or both for a passwordPolicy.validator * expect username parameter in redirect to password_reset_success * adds support for _perishable_token_expires_at in postgres
2016-11-17 22:07:51 +05:30
return passwordPolicy.validatorPattern.test(value);
Use Prettier JS (#5017) * Adds prettier * Run lint before tests
2018-09-01 13:58:06 -04:00
};
Adding support for optional Password Policy (#3032) * adds resetTokenValidityDuration setting * adds a validator to validate password that can be used to enforce strong passwords * adds unit tests for passwordPolicy.validator * adds unit tests to to fail reset password function if password is not in a valid format * updates README.md for passwordPolicy * prevents duplicate check for password validator in updateUserPassword * adds optional setting to disallow username in password * updates test cases to use fdescribe instead of describe * updates test cases to use request-promise instead of request * adds ability to use a RegExp or Callback function or both for a passwordPolicy.validator * expect username parameter in redirect to password_reset_success * adds support for _perishable_token_expires_at in postgres
2016-11-17 22:07:51 +05:30
}
}
Use Prettier JS (#5017) * Adds prettier * Run lint before tests
2018-09-01 13:58:06 -04:00
static validateEmailConfiguration({
emailAdapter,
appName,
publicServerURL,
emailVerifyTokenValidityDuration,
Feature: Reuse tokens if they haven't expired (#7017) * Reuse tokens if they haven't expired * Fix failing tests * Update UserController.js * Update tests * Tests for invalid config * restart tests
2020-11-26 04:30:52 +11:00
emailVerifyTokenReuseIfValid,
Use Prettier JS (#5017) * Adds prettier * Run lint before tests
2018-09-01 13:58:06 -04:00
}) {
Better e-mail adapter testing (#2208)
2016-07-05 12:08:46 -07:00
if (!emailAdapter) {
throw 'An emailAdapter is required for e-mail verification and password resets.';
}
if (typeof appName !== 'string') {
throw 'An app name is required for e-mail verification and password resets.';
}
if (typeof publicServerURL !== 'string') {
throw 'A public server url is required for e-mail verification and password resets.';
Improves validation of email parameters in Configuration
2016-02-28 00:15:59 -05:00
}
Adds ability to expire email verify token (#2216)
2016-07-19 01:10:36 -05:00
if (emailVerifyTokenValidityDuration) {
if (isNaN(emailVerifyTokenValidityDuration)) {
throw 'Email verify token validity duration must be a valid number.';
} else if (emailVerifyTokenValidityDuration <= 0) {
Use Prettier JS (#5017) * Adds prettier * Run lint before tests
2018-09-01 13:58:06 -04:00
throw 'Email verify token validity duration must be a value greater than 0.';
Adds ability to expire email verify token (#2216)
2016-07-19 01:10:36 -05:00
}
}
Feature: Reuse tokens if they haven't expired (#7017) * Reuse tokens if they haven't expired * Fix failing tests * Update UserController.js * Update tests * Tests for invalid config * restart tests
2020-11-26 04:30:52 +11:00
if (emailVerifyTokenReuseIfValid && typeof emailVerifyTokenReuseIfValid !== 'boolean') {
throw 'emailVerifyTokenReuseIfValid must be a boolean value';
}
if (emailVerifyTokenReuseIfValid && !emailVerifyTokenValidityDuration) {
throw 'You cannot use emailVerifyTokenReuseIfValid without emailVerifyTokenValidityDuration';
}
Improves validation of email parameters in Configuration
2016-02-28 00:15:59 -05:00
}
Sends 404 when parseServerURL is not set on public pages - throws when verifyEmail = true && publicServerURL not set
2016-02-29 20:51:13 -05:00
Security: limit Masterkey remote access (#4017) * update choose_password to have the confirmation * add comment mark * First version, no test * throw error right away instead of just use masterKey false * fix the logic * move it up before the masterKey check * adding some test * typo * remove the choose_password * newline * add cli options * remove trailing space * handle in case the server is behind proxy * add getting the first ip in the ip list of xff * sanity check the ip in config if it is a valid ip address * split ip extraction to another function * trailing spaces
2017-07-23 18:26:30 +02:00
static validateMasterKeyIps(masterKeyIps) {
for (const ip of masterKeyIps) {
Use Prettier JS (#5017) * Adds prettier * Run lint before tests
2018-09-01 13:58:06 -04:00
if (!net.isIP(ip)) {
Security: limit Masterkey remote access (#4017) * update choose_password to have the confirmation * add comment mark * First version, no test * throw error right away instead of just use masterKey false * fix the logic * move it up before the masterKey check * adding some test * typo * remove the choose_password * newline * add cli options * remove trailing space * handle in case the server is behind proxy * add getting the first ip in the ip list of xff * sanity check the ip in config if it is a valid ip address * split ip extraction to another function * trailing spaces
2017-07-23 18:26:30 +02:00
throw `Invalid ip in masterKeyIps: ${ip}`;
}
}
}
Adds ability to override mount with publicServerURL for production uses
2016-03-30 19:50:08 -04:00
get mount() {
var mount = this._mount;
if (this.publicServerURL) {
mount = this.publicServerURL;
}
return mount;
}
set mount(newValue) {
this._mount = newValue;
}
Add config.expireInactiveSession to add support for non-expiring inactive sessions (#1536) * Create non-expiring session when sessionLength is zero * Introduce expireInactiveSessions setting
2016-05-06 20:50:45 +01:00
static validateSessionConfiguration(sessionLength, expireInactiveSessions) {
if (expireInactiveSessions) {
if (isNaN(sessionLength)) {
throw 'Session length must be a valid number.';
Use Prettier JS (#5017) * Adds prettier * Run lint before tests
2018-09-01 13:58:06 -04:00
} else if (sessionLength <= 0) {
throw 'Session length must be a value greater than 0.';
Add config.expireInactiveSession to add support for non-expiring inactive sessions (#1536) * Create non-expiring session when sessionLength is zero * Introduce expireInactiveSessions setting
2016-05-06 20:50:45 +01:00
}
Added session length option for session tokens to server configuration
2016-04-02 11:36:47 -04:00
}
}
Add maxLimit server configuration (#4048) * Add maxLimit server configuration * Fix maxlimit validation logic to correctly handle maxLimit:0 case
2017-10-02 06:23:09 -07:00
static validateMaxLimit(maxLimit) {
if (maxLimit <= 0) {
Use Prettier JS (#5017) * Adds prettier * Run lint before tests
2018-09-01 13:58:06 -04:00
throw 'Max limit must be a value greater than 0.';
Add maxLimit server configuration (#4048) * Add maxLimit server configuration * Fix maxlimit validation logic to correctly handle maxLimit:0 case
2017-10-02 06:23:09 -07:00
}
}
feat: add allowHeaders to Options (#6044) * feat: add allowHeaders to Options This allows developers to use custom headers in their API requests, and they will be accepted by their mounted app. * refactor: convert allowCrossDomain to generator to add appId in scope This is necessary as the middleware may run in OPTIONS request that do not contain the appId within the header. * chore: update Definitions and docs * fix: update test to use new allowCrossDomain params * chore: add tests for allowCustomDomain middleware re: allowHeadrs
2019-09-12 22:03:57 +01:00
static validateAllowHeaders(allowHeaders) {
if (![null, undefined].includes(allowHeaders)) {
if (Array.isArray(allowHeaders)) {
allowHeaders.forEach(header => {
if (typeof header !== 'string') {
throw 'Allow headers must only contain strings';
} else if (!header.trim().length) {
throw 'Allow headers must not contain empty strings';
}
});
} else {
throw 'Allow headers must be an array';
}
}
}
Adds ability to expire email verify token (#2216)
2016-07-19 01:10:36 -05:00
generateEmailVerifyTokenExpiresAt() {
if (!this.verifyUserEmails || !this.emailVerifyTokenValidityDuration) {
return undefined;
}
var now = new Date();
fix(prettier): Properly handle lint-stage files (#6970) Now handles top level files and recursive files in folders. Set max line length to be 100
2020-10-25 15:06:58 -05:00
return new Date(now.getTime() + this.emailVerifyTokenValidityDuration * 1000);
Adds ability to expire email verify token (#2216)
2016-07-19 01:10:36 -05:00
}
Adding support for optional Password Policy (#3032) * adds resetTokenValidityDuration setting * adds a validator to validate password that can be used to enforce strong passwords * adds unit tests for passwordPolicy.validator * adds unit tests to to fail reset password function if password is not in a valid format * updates README.md for passwordPolicy * prevents duplicate check for password validator in updateUserPassword * adds optional setting to disallow username in password * updates test cases to use fdescribe instead of describe * updates test cases to use request-promise instead of request * adds ability to use a RegExp or Callback function or both for a passwordPolicy.validator * expect username parameter in redirect to password_reset_success * adds support for _perishable_token_expires_at in postgres
2016-11-17 22:07:51 +05:30
generatePasswordResetTokenExpiresAt() {
fix(prettier): Properly handle lint-stage files (#6970) Now handles top level files and recursive files in folders. Set max line length to be 100
2020-10-25 15:06:58 -05:00
if (!this.passwordPolicy || !this.passwordPolicy.resetTokenValidityDuration) {
Adding support for optional Password Policy (#3032) * adds resetTokenValidityDuration setting * adds a validator to validate password that can be used to enforce strong passwords * adds unit tests for passwordPolicy.validator * adds unit tests to to fail reset password function if password is not in a valid format * updates README.md for passwordPolicy * prevents duplicate check for password validator in updateUserPassword * adds optional setting to disallow username in password * updates test cases to use fdescribe instead of describe * updates test cases to use request-promise instead of request * adds ability to use a RegExp or Callback function or both for a passwordPolicy.validator * expect username parameter in redirect to password_reset_success * adds support for _perishable_token_expires_at in postgres
2016-11-17 22:07:51 +05:30
return undefined;
}
const now = new Date();
fix(prettier): Properly handle lint-stage files (#6970) Now handles top level files and recursive files in folders. Set max line length to be 100
2020-10-25 15:06:58 -05:00
return new Date(now.getTime() + this.passwordPolicy.resetTokenValidityDuration * 1000);
Adding support for optional Password Policy (#3032) * adds resetTokenValidityDuration setting * adds a validator to validate password that can be used to enforce strong passwords * adds unit tests for passwordPolicy.validator * adds unit tests to to fail reset password function if password is not in a valid format * updates README.md for passwordPolicy * prevents duplicate check for password validator in updateUserPassword * adds optional setting to disallow username in password * updates test cases to use fdescribe instead of describe * updates test cases to use request-promise instead of request * adds ability to use a RegExp or Callback function or both for a passwordPolicy.validator * expect username parameter in redirect to password_reset_success * adds support for _perishable_token_expires_at in postgres
2016-11-17 22:07:51 +05:30
}
Added session length option for session tokens to server configuration
2016-04-02 11:36:47 -04:00
generateSessionExpiresAt() {
Add config.expireInactiveSession to add support for non-expiring inactive sessions (#1536) * Create non-expiring session when sessionLength is zero * Introduce expireInactiveSessions setting
2016-05-06 20:50:45 +01:00
if (!this.expireInactiveSessions) {
return undefined;
}
Added session length option for session tokens to server configuration
2016-04-02 11:36:47 -04:00
var now = new Date();
Use Prettier JS (#5017) * Adds prettier * Run lint before tests
2018-09-01 13:58:06 -04:00
return new Date(now.getTime() + this.sessionLength * 1000);
Added session length option for session tokens to server configuration
2016-04-02 11:36:47 -04:00
}
Refactors verify_email, adds public html
2016-02-25 19:04:27 -05:00
get invalidLinkURL() {
fix(prettier): Properly handle lint-stage files (#6970) Now handles top level files and recursive files in folders. Set max line length to be 100
2020-10-25 15:06:58 -05:00
return this.customPages.invalidLink || `${this.publicServerURL}/apps/invalid_link.html`;
Refactors verify_email, adds public html
2016-02-25 19:04:27 -05:00
}
Add LiveQuery
2016-03-10 14:27:00 -08:00
Add support for resending verification email in case of expired token (#3617) * -Defines new public API route /apps/:appId/resend_verification_email that will generate a new email verification link and email for a user identified by username in POST body -Add template and url support for invalidVerificationLink, linkSendSuccess, and linkSendFail pages. The invalidVerificationLink pages includes a button that allows the user to generate a new verification email if their current token has expired, using the new public API route -All three pages have default html that will be functional out of the box, but they can be customized in the customPages object. The custom page for invalidVerificationLink needs to handle the extraction of the username and appId from the url and the POST to generate the new link (this requires javascript) -Clicking a link for an email that has already been verified now routes to the emailVerifySuccess page instead of the invalidLink page * Fix package.json repo url to be parse-server againwq * Fix js lint issues * Update unit tests * Use arrow functions, change html page comments, use qs and a string template to construct location for invalidVerificationLink page, syntax fixes * Remember to pass result when using arrow function
2017-05-10 14:02:16 +01:00
get invalidVerificationLinkURL() {
Use Prettier JS (#5017) * Adds prettier * Run lint before tests
2018-09-01 13:58:06 -04:00
return (
this.customPages.invalidVerificationLink ||
`${this.publicServerURL}/apps/invalid_verification_link.html`
);
Add support for resending verification email in case of expired token (#3617) * -Defines new public API route /apps/:appId/resend_verification_email that will generate a new email verification link and email for a user identified by username in POST body -Add template and url support for invalidVerificationLink, linkSendSuccess, and linkSendFail pages. The invalidVerificationLink pages includes a button that allows the user to generate a new verification email if their current token has expired, using the new public API route -All three pages have default html that will be functional out of the box, but they can be customized in the customPages object. The custom page for invalidVerificationLink needs to handle the extraction of the username and appId from the url and the POST to generate the new link (this requires javascript) -Clicking a link for an email that has already been verified now routes to the emailVerifySuccess page instead of the invalidLink page * Fix package.json repo url to be parse-server againwq * Fix js lint issues * Update unit tests * Use arrow functions, change html page comments, use qs and a string template to construct location for invalidVerificationLink page, syntax fixes * Remember to pass result when using arrow function
2017-05-10 14:02:16 +01:00
}
get linkSendSuccessURL() {
Use Prettier JS (#5017) * Adds prettier * Run lint before tests
2018-09-01 13:58:06 -04:00
return (
fix(prettier): Properly handle lint-stage files (#6970) Now handles top level files and recursive files in folders. Set max line length to be 100
2020-10-25 15:06:58 -05:00
this.customPages.linkSendSuccess || `${this.publicServerURL}/apps/link_send_success.html`
Use Prettier JS (#5017) * Adds prettier * Run lint before tests
2018-09-01 13:58:06 -04:00
);
Add support for resending verification email in case of expired token (#3617) * -Defines new public API route /apps/:appId/resend_verification_email that will generate a new email verification link and email for a user identified by username in POST body -Add template and url support for invalidVerificationLink, linkSendSuccess, and linkSendFail pages. The invalidVerificationLink pages includes a button that allows the user to generate a new verification email if their current token has expired, using the new public API route -All three pages have default html that will be functional out of the box, but they can be customized in the customPages object. The custom page for invalidVerificationLink needs to handle the extraction of the username and appId from the url and the POST to generate the new link (this requires javascript) -Clicking a link for an email that has already been verified now routes to the emailVerifySuccess page instead of the invalidLink page * Fix package.json repo url to be parse-server againwq * Fix js lint issues * Update unit tests * Use arrow functions, change html page comments, use qs and a string template to construct location for invalidVerificationLink page, syntax fixes * Remember to pass result when using arrow function
2017-05-10 14:02:16 +01:00
}
get linkSendFailURL() {
fix(prettier): Properly handle lint-stage files (#6970) Now handles top level files and recursive files in folders. Set max line length to be 100
2020-10-25 15:06:58 -05:00
return this.customPages.linkSendFail || `${this.publicServerURL}/apps/link_send_fail.html`;
Add support for resending verification email in case of expired token (#3617) * -Defines new public API route /apps/:appId/resend_verification_email that will generate a new email verification link and email for a user identified by username in POST body -Add template and url support for invalidVerificationLink, linkSendSuccess, and linkSendFail pages. The invalidVerificationLink pages includes a button that allows the user to generate a new verification email if their current token has expired, using the new public API route -All three pages have default html that will be functional out of the box, but they can be customized in the customPages object. The custom page for invalidVerificationLink needs to handle the extraction of the username and appId from the url and the POST to generate the new link (this requires javascript) -Clicking a link for an email that has already been verified now routes to the emailVerifySuccess page instead of the invalidLink page * Fix package.json repo url to be parse-server againwq * Fix js lint issues * Update unit tests * Use arrow functions, change html page comments, use qs and a string template to construct location for invalidVerificationLink page, syntax fixes * Remember to pass result when using arrow function
2017-05-10 14:02:16 +01:00
}
Refactors verify_email, adds public html
2016-02-25 19:04:27 -05:00
get verifyEmailSuccessURL() {
Use Prettier JS (#5017) * Adds prettier * Run lint before tests
2018-09-01 13:58:06 -04:00
return (
this.customPages.verifyEmailSuccess ||
`${this.publicServerURL}/apps/verify_email_success.html`
);
Refactors verify_email, adds public html
2016-02-25 19:04:27 -05:00
}
Add LiveQuery
2016-03-10 14:27:00 -08:00
Refactors verify_email, adds public html
2016-02-25 19:04:27 -05:00
get choosePasswordURL() {
fix(prettier): Properly handle lint-stage files (#6970) Now handles top level files and recursive files in folders. Set max line length to be 100
2020-10-25 15:06:58 -05:00
return this.customPages.choosePassword || `${this.publicServerURL}/apps/choose_password`;
Refactor and advancements - Drops mailController, centralized in UserController - Adds views folder for change_password - Improves PromiseRouter to support text results - Improves PromiseRouter to support empty responses for redirects - Adds options to AdaptableController - UsersController gracefully fails when no adapter is set - Refactors GlobalConfig into same style for Routers
2016-02-27 10:51:12 -05:00
}
Add LiveQuery
2016-03-10 14:27:00 -08:00
Refactor and advancements - Drops mailController, centralized in UserController - Adds views folder for change_password - Improves PromiseRouter to support text results - Improves PromiseRouter to support empty responses for redirects - Adds options to AdaptableController - UsersController gracefully fails when no adapter is set - Refactors GlobalConfig into same style for Routers
2016-02-27 10:51:12 -05:00
get requestResetPasswordURL() {
feat: add allowHeaders to Options (#6044) * feat: add allowHeaders to Options This allows developers to use custom headers in their API requests, and they will be accepted by their mounted app. * refactor: convert allowCrossDomain to generator to add appId in scope This is necessary as the middleware may run in OPTIONS request that do not contain the appId within the header. * chore: update Definitions and docs * fix: update test to use new allowCrossDomain params * chore: add tests for allowCustomDomain middleware re: allowHeadrs
2019-09-12 22:03:57 +01:00
return `${this.publicServerURL}/apps/${this.applicationId}/request_password_reset`;
Refactors verify_email, adds public html
2016-02-25 19:04:27 -05:00
}
Add LiveQuery
2016-03-10 14:27:00 -08:00
Refactors verify_email, adds public html
2016-02-25 19:04:27 -05:00
get passwordResetSuccessURL() {
Use Prettier JS (#5017) * Adds prettier * Run lint before tests
2018-09-01 13:58:06 -04:00
return (
this.customPages.passwordResetSuccess ||
`${this.publicServerURL}/apps/password_reset_success.html`
);
Refactors verify_email, adds public html
2016-02-25 19:04:27 -05:00
}
Add LiveQuery
2016-03-10 14:27:00 -08:00
Add parseFrameURL for masking user-facing pages (#3267) * Add parseFrameURL for masking user-facing pages. Allow users to specify a different address which is used to mask parse requests for verifying email and resetting password. This is how Parse.com used to allow customers to gain control over page content, styling etc. On the destination page javascript is used to check the link in the request and embed the parse server page using IFRAME. * Fix code indentation * Rename method for building link and pass config to it. * Add customPages options to README.md. * Add tests for parseFrameURL email link building, and parseFrameURL option. * Add parseFrameURL for masking user-facing pages. Allow users to specify a different address which is used to mask parse requests for verifying email and resetting password. This is how Parse.com used to allow customers to gain control over page content, styling etc. On the destination page javascript is used to check the link in the request and embed the parse server page using IFRAME. * Fix code indentation * Rename method for building link and pass config to it. * Add customPages options to README.md. * Don't Object.assign to defaultConfiguration global
2017-01-08 19:56:57 +01:00
get parseFrameURL() {
return this.customPages.parseFrameURL;
}
Refactors verify_email, adds public html
2016-02-25 19:04:27 -05:00
get verifyEmailURL() {
Sends 404 when parseServerURL is not set on public pages - throws when verifyEmail = true && publicServerURL not set
2016-02-29 20:51:13 -05:00
return `${this.publicServerURL}/apps/${this.applicationId}/verify_email`;
Refactors verify_email, adds public html
2016-02-25 19:04:27 -05:00
}
Add config.expireInactiveSession to add support for non-expiring inactive sessions (#1536) * Create non-expiring session when sessionLength is zero * Introduce expireInactiveSessions setting
2016-05-06 20:50:45 +01:00
}
Initial release, parse-server, 2.0.0
2016-01-28 10:58:12 -08:00
Refactors FilesController in FilesRouter and FilesController
2016-02-20 12:25:43 -05:00
export default Config;
Initial release, parse-server, 2.0.0
2016-01-28 10:58:12 -08:00
module.exports = Config;
Reference in New Issue Copy Permalink