'Is true if Parse Server should recreate any fields that are different between the current database schema and theschema definition. This should only be used during development.',
action:parsers.booleanParser,
default:false,
},
strict:{
env:'PARSE_SERVER_SCHEMA_STRICT',
help:'Is true if Parse Server should exit if schema update fail.',
'Allow a user to log in even if the 3rd party authentication token that was used to sign in to their account has expired. If this is set to `false`, then the token will be validated every time the user signs in to their account. This refers to the token that is stored in the `_User.authData` field. Defaults to `true`.',
'Configuration for your authentication providers, as stringified JSON. See http://docs.parseplatform.org/parse-server/guide/#oauth-and-3rd-party-authentication',
},
cacheAdapter:{
env:'PARSE_SERVER_CACHE_ADAPTER',
help:'Adapter module for the cache',
action:parsers.moduleOrObjectParser,
},
cacheMaxSize:{
env:'PARSE_SERVER_CACHE_MAX_SIZE',
help:'Sets the maximum size for the in memory cache, defaults to 10000',
action:parsers.numberParser('cacheMaxSize'),
default:10000,
},
cacheTTL:{
env:'PARSE_SERVER_CACHE_TTL',
help:'Sets the TTL for the in memory cache (in ms), defaults to 5000 (5 seconds)',
action:parsers.numberParser('cacheTTL'),
default:5000,
},
clientKey:{
env:'PARSE_SERVER_CLIENT_KEY',
help:'Key for iOS, MacOS, tvOS clients',
},
cloud:{
env:'PARSE_SERVER_CLOUD',
help:'Full path to your cloud code main.js',
},
cluster:{
env:'PARSE_SERVER_CLUSTER',
help:'Run with cluster, optionally set the number of processes default to os.cpus().length',
action:parsers.numberOrBooleanParser,
},
collectionPrefix:{
env:'PARSE_SERVER_COLLECTION_PREFIX',
help:'A collection prefix for the classes',
default:'',
},
customPages:{
env:'PARSE_SERVER_CUSTOM_PAGES',
help:'custom pages for password validation and reset',
'Set to `true` if Parse requests within the same Node.js environment as Parse Server should be routed to Parse Server directly instead of via the HTTP interface. Default is `false`.<br><br>If set to `false` then Parse requests within the same Node.js environment as Parse Server are executed as HTTP requests sent to Parse Server via the `serverURL`. For example, a `Parse.Query` in Cloud Code is calling Parse Server via a HTTP request. The server is essentially making a HTTP request to itself, unnecessarily using network resources such as network ports.<br><br>\u26A0\uFE0F In environments where multiple Parse Server instances run behind a load balancer and Parse requests within the current Node.js environment should be routed via the load balancer and distributed as HTTP requests among all instances via the `serverURL`, this should be set to `false`.',
'Set to `true` if a email verification token should be reused in case another token is requested but there is a token that is still valid, i.e. has not expired. This avoids the often observed issue that a user requests multiple emails and does not know which link contains a valid token because each newly generated token would invalidate the previous token.<br><br>Default is `false`.<br>Requires option `verifyUserEmails: true`.',
'Set the validity duration of the email verification token in seconds after which the token expires. The token is used in the link that is set in the email. After the token expires, the link becomes invalid and a new link has to be sent. If the option is not set or set to `undefined`, then the token never expires.<br><br>For example, to expire the token after 2 hours, set a value of 7200 seconds (= 60 seconds * 60 minutes * 2 hours).<br><br>Default is `undefined`.<br>Requires option `verifyUserEmails: true`.',
'If set to `true`, a `Parse.Object` that is in the payload when calling a Cloud Function will be converted to an instance of `Parse.Object`. If `false`, the object will not be converted and instead be a plain JavaScript object, which contains the raw data of a `Parse.Object` but is not an actual instance of `Parse.Object`. Default is `false`. <br><br>\u2139\uFE0F The expected behavior would be that the object is converted to an instance of `Parse.Object`, so you would normally set this option to `true`. The default is `false` because this is a temporary option that has been introduced to avoid a breaking change when fixing a bug where JavaScript objects are not converted to actual instances of `Parse.Object`.',
'Options for request idempotency to deduplicate identical requests that may be caused by network issues. Caution, this is an experimental feature that may not be appropriate for production.',
'(Optional) The maintenance key is used for modifying internal and read-only fields of Parse Server.<br><br>\u26A0\uFE0F This key is not intended to be used as part of a regular operation of Parse Server. This key is intended to conduct out-of-band changes such as one-time migrations or data correction tasks. Internal fields are not officially documented and may change at any time without publication in release changelogs. We strongly advice not to rely on internal fields as part of your regular operation and to investigate the implications of any planned changes *directly in the source code* of your current version of Parse Server.',
"(Optional) Restricts the use of maintenance key permissions to a list of IP addresses.<br><br>This option accepts a list of single IP addresses, for example:<br>`['10.0.0.1', '10.0.0.2']`<br><br>You can also use CIDR notation to specify an IP address range, for example:<br>`['10.0.1.0/24']`<br><br>Special cases:<br>- Setting an empty array `[]` means that `maintenanceKey` cannot be used even in Parse Server Cloud Code.<br>- Setting `['0.0.0.0/0']` means disabling the filter and the maintenance key can be used from any IP address.<br><br>Defaults to `['127.0.0.1', '::1']` which means that only `localhost`, the server itself, is allowed to use the maintenance key.",
"(Optional) Restricts the use of master key permissions to a list of IP addresses.<br><br>This option accepts a list of single IP addresses, for example:<br>`['10.0.0.1', '10.0.0.2']`<br><br>You can also use CIDR notation to specify an IP address range, for example:<br>`['10.0.1.0/24']`<br><br>Special cases:<br>- Setting an empty array `[]` means that `masterKey` cannot be used even in Parse Server Cloud Code.<br>- Setting `['0.0.0.0/0']` means disabling the filter and the master key can be used from any IP address.<br><br>To connect Parse Dashboard from a different server requires to add the IP address of the server that hosts Parse Dashboard because Parse Dashboard uses the master key.<br><br>Defaults to `['127.0.0.1', '::1']` which means that only `localhost`, the server itself, is allowed to use the master key.",
help:'Max value for limit option on queries, defaults to unlimited',
action:parsers.numberParser('maxLimit'),
},
maxLogFiles:{
env:'PARSE_SERVER_MAX_LOG_FILES',
help:
"Maximum number of logs to keep. If not set, no logs will be removed. This can be a number of files or number of days. If using days, add 'd' as the suffix. (default: null)",
action:parsers.objectParser,
},
maxUploadSize:{
env:'PARSE_SERVER_MAX_UPLOAD_SIZE',
help:'Max file size for uploads, defaults to 20mb',
default:'20mb',
},
middleware:{
env:'PARSE_SERVER_MIDDLEWARE',
help:'middleware for express server, can be string or function',
},
mountGraphQL:{
env:'PARSE_SERVER_MOUNT_GRAPHQL',
help:'Mounts the GraphQL endpoint',
action:parsers.booleanParser,
default:false,
},
mountPath:{
env:'PARSE_SERVER_MOUNT_PATH',
help:'Mount path for the server, defaults to /parse',
default:'/parse',
},
mountPlayground:{
env:'PARSE_SERVER_MOUNT_PLAYGROUND',
help:'Mounts the GraphQL Playground - never use this option in production',
action:parsers.booleanParser,
default:false,
},
objectIdSize:{
env:'PARSE_SERVER_OBJECT_ID_SIZE',
help:"Sets the number of characters in generated object id's, default 10",
'The options for pages such as password reset and email verification. Caution, this is an experimental feature that may not be appropriate for production.',
'Set to `true` to prevent a user from logging in if the email has not yet been verified and email verification is required.<br><br>Default is `false`.<br>Requires option `verifyUserEmails: true`.',
"If set to `true` it prevents a user from signing up if the email has not yet been verified and email verification is required. In that case the server responds to the sign-up with HTTP status 400 and a Parse Error 205 `EMAIL_NOT_FOUND`. If set to `false` the server responds with HTTP status 200, and client SDKs return an unauthenticated Parse User without session token. In that case subsequent requests fail until the user's email address is verified.<br><br>Default is `false`.<br>Requires option `verifyUserEmails: true`.",
"Options to limit repeated requests to Parse Server APIs. This can be used to protect sensitive endpoints such as `/requestPasswordReset` from brute-force attacks or Parse Server as a whole from denial-of-service (DoS) attacks.<br><br>\u2139\uFE0F Mind the following limitations:<br>- rate limits applied per IP address; this limits protection against distributed denial-of-service (DDoS) attacks where many requests are coming from various IP addresses<br>- if multiple Parse Server instances are behind a load balancer or ran in a cluster, each instance will calculate it's own request rates, independent from other instances; this limits the applicability of this feature when using a load balancer and another rate limiting solution that takes requests across all instances into account may be more suitable<br>- this feature provides basic protection against denial-of-service attacks, but a more sophisticated solution works earlier in the request flow and prevents a malicious requests to even reach a server instance; it's therefore recommended to implement a solution according to architecture and user case.",
'An array of keys and values that are prohibited in database read and write requests to prevent potential security vulnerabilities. It is possible to specify only a key (`{"key":"..."}`), only a value (`{"value":"..."}`) or a key-value pair (`{"key":"...","value":"..."}`). The specification can use the following types: `boolean`, `numeric` or `string`, where `string` will be interpreted as a regex notation. Request data is deep-scanned for matching definitions to detect also any nested occurrences. Defaults are patterns that are likely to be used in malicious requests. Setting this option will override the default patterns.',
"When a user changes their password, either through the reset password email or while logged in, all sessions are revoked if this is true. Set to false if you don't want to revoke sessions.",
action:parsers.booleanParser,
default:true,
},
scheduledPush:{
env:'PARSE_SERVER_SCHEDULED_PUSH',
help:'Configuration for push scheduling, defaults to false.',
'Set to `false` to prevent sending of verification email. Supports a function with a return value of `true` or `false` for conditional email sending.<br><br>Default is `true`.<br>',
'The trust proxy settings. It is important to understand the exact setup of the reverse proxy, since this setting will trust values provided in the Parse Server API request. See the <a href="https://expressjs.com/en/guide/behind-proxies.html">express trust proxy settings</a> documentation. Defaults to `false`.',
'Set to `true` to require users to verify their email address to complete the sign-up process. Supports a function with a return value of `true` or `false` for conditional verification.<br><br>Default is `false`.',
'Optional, if `true` the rate limit will also apply to requests that are made in by Cloud Code, default is `false`. Note that a public Cloud Code function that triggers internal requests may circumvent rate limiting and be vulnerable to attacks.',
action:parsers.booleanParser,
default:false,
},
includeMasterKey:{
env:'PARSE_SERVER_RATE_LIMIT_INCLUDE_MASTER_KEY',
help:
'Optional, if `true` the rate limit will also apply to requests using the `masterKey`, default is `false`. Note that a public Cloud Code function that triggers internal requests using the `masterKey` may circumvent rate limiting and be vulnerable to attacks.',
'Optional, the URL of the Redis server to store rate limit data. This allows to rate limit requests for multiple servers by calculating the sum of all requests across all servers. This is useful if multiple servers are processing requests behind a load balancer. For example, the limit of 10 requests is reached if each of 2 servers processed 5 requests.',
'The number of requests that can be made per IP address within the time window set in `requestTimeWindow` before the rate limit is applied.',
action:parsers.numberParser('requestCount'),
},
requestMethods:{
env:'PARSE_SERVER_RATE_LIMIT_REQUEST_METHODS',
help:
'Optional, the HTTP request methods to which the rate limit should be applied, default is all methods.',
action:parsers.arrayParser,
},
requestPath:{
env:'PARSE_SERVER_RATE_LIMIT_REQUEST_PATH',
help:
'The path of the API route to be rate limited. Route paths, in combination with a request method, define the endpoints at which requests can be made. Route paths can be strings, string patterns, or regular expression. See: https://expressjs.com/en/guide/routing.html',
"The type of rate limit to apply. The following types are supported:<br><br>- `global`: rate limit based on the number of requests made by all users <br>- `ip`: rate limit based on the IP address of the request <br>- `user`: rate limit based on the user ID of the request <br>- `session`: rate limit based on the session token of the request <br><br><br>:default: 'ip'",
'The security check groups to run. This allows to add custom security checks or override existing ones. Default are the groups defined in `CheckGroups.js`.',
action:parsers.arrayParser,
},
enableCheck:{
env:'PARSE_SERVER_SECURITY_ENABLE_CHECK',
help:'Is true if Parse Server should check for weak security settings.',
action:parsers.booleanParser,
default:false,
},
enableCheckLog:{
env:'PARSE_SERVER_SECURITY_ENABLE_CHECK_LOG',
help:
'Is true if the security check report should be written to logs. This should only be enabled temporarily to not expose weak security settings in logs.',
help:'Is true if pages should be localized; this has no effect on custom page redirects.',
action:parsers.booleanParser,
default:false,
},
enableRouter:{
env:'PARSE_SERVER_PAGES_ENABLE_ROUTER',
help:
'Is true if the pages router should be enabled; this is required for any of the pages options to take effect. Caution, this is an experimental feature that may not be appropriate for production.',
action:parsers.booleanParser,
default:false,
},
forceRedirect:{
env:'PARSE_SERVER_PAGES_FORCE_REDIRECT',
help:
'Is true if responses should always be redirects and never content, false if the response type should depend on the request type (GET request -> content response; POST request -> redirect response).',
'The fallback locale for localization if no matching translation is provided for the given locale. This is only relevant when providing translation resources via JSON file.',
default:'en',
},
localizationJsonPath:{
env:'PARSE_SERVER_PAGES_LOCALIZATION_JSON_PATH',
help:
'The path to the JSON file for localization; the translations will be used to fill template placeholders according to the locale.',
},
pagesEndpoint:{
env:'PARSE_SERVER_PAGES_PAGES_ENDPOINT',
help:"The API endpoint for the pages. Default is 'apps'.",
default:'apps',
},
pagesPath:{
env:'PARSE_SERVER_PAGES_PAGES_PATH',
help:
"The path to the pages directory; this also defines where the static endpoint '/apps' points to. Default is the './public/' directory.",
default:'./public',
},
placeholders:{
env:'PARSE_SERVER_PAGES_PLACEHOLDERS',
help:
'The placeholder keys and values which will be filled in pages; this can be a simple object or a callback function.',
'This string should match the appId in use by your Parse Server. If you deploy the LiveQuery server alongside Parse Server, the LiveQuery server will try to use the same appId.',
},
cacheTimeout:{
env:'PARSE_LIVE_QUERY_SERVER_CACHE_TIMEOUT',
help:
"Number in milliseconds. When clients provide the sessionToken to the LiveQuery server, the LiveQuery server will try to fetch its ParseUser's objectId from parse server and store it in the cache. The value defines the duration of the cache. Check the following Security section and our protocol specification for details, defaults to 5 * 1000 ms (5 seconds).",
action:parsers.numberParser('cacheTimeout'),
},
keyPairs:{
env:'PARSE_LIVE_QUERY_SERVER_KEY_PAIRS',
help:
'A JSON object that serves as a whitelist of keys. It is used for validating clients when they try to connect to the LiveQuery server. Check the following Security section and our protocol specification for details.',
action:parsers.objectParser,
},
logLevel:{
env:'PARSE_LIVE_QUERY_SERVER_LOG_LEVEL',
help:
'This string defines the log level of the LiveQuery server. We support VERBOSE, INFO, ERROR, NONE, defaults to INFO.',
},
masterKey:{
env:'PARSE_LIVE_QUERY_SERVER_MASTER_KEY',
help:
'This string should match the masterKey in use by your Parse Server. If you deploy the LiveQuery server alongside Parse Server, the LiveQuery server will try to use the same masterKey.',
},
port:{
env:'PARSE_LIVE_QUERY_SERVER_PORT',
help:'The port to run the LiveQuery server, defaults to 1337.',
action:parsers.numberParser('port'),
default:1337,
},
pubSubAdapter:{
env:'PARSE_LIVE_QUERY_SERVER_PUB_SUB_ADAPTER',
help:'LiveQuery pubsub adapter',
action:parsers.moduleOrObjectParser,
},
redisOptions:{
env:'PARSE_LIVE_QUERY_SERVER_REDIS_OPTIONS',
help:"parse-server's LiveQuery redisOptions",
action:parsers.objectParser,
},
redisURL:{
env:'PARSE_LIVE_QUERY_SERVER_REDIS_URL',
help:"parse-server's LiveQuery redisURL",
},
serverURL:{
env:'PARSE_LIVE_QUERY_SERVER_SERVER_URL',
help:
'This string should match the serverURL in use by your Parse Server. If you deploy the LiveQuery server alongside Parse Server, the LiveQuery server will try to use the same serverURL.',
},
websocketTimeout:{
env:'PARSE_LIVE_QUERY_SERVER_WEBSOCKET_TIMEOUT',
help:
'Number of milliseconds between ping/pong frames. The WebSocket server sends ping/pong frames to the clients to keep the WebSocket alive. This value defines the interval of the ping/pong frame from the server to clients, defaults to 10 * 1000 ms (10 s).',
'An array of paths for which the feature should be enabled. The mount path must not be included, for example instead of `/parse/functions/myFunction` specifiy `functions/myFunction`. The entries are interpreted as regular expression, for example `functions/.*` matches all functions, `jobs/.*` matches all jobs, `classes/.*` matches all classes, `.*` matches all paths.',
action:parsers.arrayParser,
default:[],
},
ttl:{
env:'PARSE_SERVER_EXPERIMENTAL_IDEMPOTENCY_TTL',
help:
'The duration in seconds after which a request record is discarded from the database, defaults to 300s.',
'Set the duration in minutes that a locked-out account remains locked out before automatically becoming unlocked.<br><br>Valid values are greater than `0` and less than `100000`.',
'Set the number of failed sign-in attempts that will cause a user account to be locked. If the account is locked. The account will unlock after the duration set in the `duration` option has passed and no further login attempts have been made.<br><br>Valid values are greater than `0` and less than `1000`.',
'Set to `true` if the account should be unlocked after a successful password reset.<br><br>Default is `false`.<br>Requires options `duration` and `threshold` to be set.',
'Set the number of previous password that will not be allowed to be set as new password. If the option is not set or set to `0`, no previous passwords will be considered.<br><br>Valid values are >= `0` and <= `20`.<br>Default is `0`.',
'Set to `true` if a request to reset the password should return a success response even if the provided email address is invalid, or `false` if the request should return an error response if the email address is invalid.<br><br>Default is `true`.',
'Set to `true` if a password reset token should be reused in case another token is requested but there is a token that is still valid, i.e. has not expired. This avoids the often observed issue that a user requests multiple emails and does not know which link contains a valid token because each newly generated token would invalidate the previous token.<br><br>Default is `false`.',
'Set the validity duration of the password reset token in seconds after which the token expires. The token is used in the link that is set in the email. After the token expires, the link becomes invalid and a new link has to be sent. If the option is not set or set to `undefined`, then the token never expires.<br><br>For example, to expire the token after 2 hours, set a value of 7200 seconds (= 60 seconds * 60 minutes * 2 hours).<br><br>Default is `undefined`.',
'Set a callback function to validate a password to be accepted.<br><br>If used in combination with `validatorPattern`, the password must pass both to be accepted.',
'Set the regular expression validation pattern a password must match to be accepted.<br><br>If used in combination with `validatorCallback`, the password must pass both to be accepted.',
"Sets the allowed file extensions for uploading files. The extension is defined as an array of file extensions, or a regex pattern.<br><br>It is recommended to restrict the file upload extensions as much as possible. HTML files are especially problematic as they may be used by an attacker who uploads a HTML form to look legitimate under your app's domain name, or to compromise the session token of another user via accessing the browser's local storage.<br><br>Defaults to `^[^hH][^tT][^mM][^lL]?$` which allows any file extension except HTML files.",
'Enables database real-time hooks to update single schema cache. Set to `true` if using multiple Parse Servers instances connected to the same database. Failing to do so will cause a schema change to not propagate to all instances and re-syncing will only happen when the instances restart. To use this feature with MongoDB, a replica set cluster with [change stream](https://docs.mongodb.com/manual/changeStreams/#availability) support is required.',
'The duration in seconds after which the schema cache expires and will be refetched from the database. Use this option if using multiple Parse Servers instances connected to the same database. A low duration will cause the schema cache to be updated too often, causing unnecessary database reads. A high duration will cause the schema to be updated too rarely, increasing the time required until schema changes propagate to all server instances. This feature can be used as an alternative or in conjunction with the option `enableSchemaHooks`. Default is infinite which means the schema cache never expires.',
'Log level used by the Cloud Code Triggers `afterSave`, `afterDelete`, `afterSaveFile`, `afterDeleteFile`, `afterFind`, `afterLogout`. Default is `info`.',
'Log level used by the Cloud Code Triggers `beforeSave`, `beforeSaveFile`, `beforeDeleteFile`, `beforeFind`, `beforeLogin` on error. Default is `error `.',
'Log level used by the Cloud Code Triggers `beforeSave`, `beforeSaveFile`, `beforeDeleteFile`, `beforeFind`, `beforeLogin` on success. Default is `info`.',
