diff --git a/CHANGELOG.md b/CHANGELOG.md index 24206b79ca..5146e84218 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,9 +1,46 @@ ## Parse Server Changelog ### master -[Full Changelog](https://github.com/parse-community/parse-server/compare/4.2.0...master) -- FIX: Optimize query decoration based on pointer CLPs by looking at the class schema to determine the field's type. -- NEW (EXPERIMENTAL): Idempotency enforcement for client requests. This deduplicates requests where the client intends to send one request to Parse Server but due to network issues the server receives the request multiple times. **Caution, this is an experimental feature that may not be appropriate for production.** [#6744](https://github.com/parse-community/parse-server/issues/6744). Thanks to [Manuel Trezza](https://github.com/mtrezza). +[Full Changelog](https://github.com/parse-community/parse-server/compare/4.3.0...master) + +### 4.3.0 +[Full Changelog](https://github.com/parse-community/parse-server/compare/4.2.0...4.3.0) +- PERFORMANCE: Optimizing pointer CLP query decoration done by DatabaseController#addPointerPermissions [#6747](https://github.com/parse-community/parse-server/pull/6747). Thanks to [mess-lelouch](https://github.com/mess-lelouch). +- SECURITY: Fix security breach on GraphQL viewer. Thanks to [Antoine Cormouls](https://github.com/Moumouls). +- FIX: Save context not present if direct access enabled [#6764](https://github.com/parse-community/parse-server/pull/6764). Thanks to [Omair Vaiyani](https://github.com/omairvaiyani). +- NEW: Before Connect + Before Subscribe [#6793](https://github.com/parse-community/parse-server/pull/6793). Thanks to [dblythy](https://github.com/dblythy). +- FIX: Add version to playground to fix CDN [#6804](https://github.com/parse-community/parse-server/pull/6804). Thanks to [Antoine Cormouls](https://github.com/Moumouls). +- NEW (EXPERIMENTAL): Idempotency enforcement for client requests. This deduplicates requests where the client intends to send one request to Parse Server but due to network issues the server receives the request multiple times. **Caution, this is an experimental feature that may not be appropriate for production.** [#6748](https://github.com/parse-community/parse-server/issues/6748). Thanks to [Manuel Trezza](https://github.com/mtrezza). +- FIX: Add production Google Auth Adapter instead of using the development url [#6734](https://github.com/parse-community/parse-server/pull/6734). Thanks to [SebC.](https://github.com/SebC99). +- IMPROVE: Run Prettier JS Again Without requiring () on arrow functions [#6796](https://github.com/parse-community/parse-server/pull/6796). Thanks to [Diamond Lewis](https://github.com/dplewis). +- IMPROVE: Run Prettier JS [#6795](https://github.com/parse-community/parse-server/pull/6795). Thanks to [Diamond Lewis](https://github.com/dplewis). +- IMPROVE: Replace bcrypt with @node-rs/bcrypt [#6794](https://github.com/parse-community/parse-server/pull/6794). Thanks to [LongYinan](https://github.com/Brooooooklyn). +- IMPROVE: Make clear description of anonymous user [#6655](https://github.com/parse-community/parse-server/pull/6655). Thanks to [Jerome De Leon](https://github.com/JeromeDeLeon). +- IMPROVE: Simplify GraphQL merge system to avoid js ref bugs [#6791](https://github.com/parse-community/parse-server/pull/6791). Thanks to [Manuel](https://github.com/mtrezza). +- NEW: Pass context in beforeDelete, afterDelete, beforeFind and Parse.Cloud.run [#6666](https://github.com/parse-community/parse-server/pull/6666). Thanks to [yog27ray](https://github.com/yog27ray). +- NEW: Allow passing custom gql schema function to ParseServer#start options [#6762](https://github.com/parse-community/parse-server/pull/6762). Thanks to [Luca](https://github.com/lucatk). +- NEW: Allow custom cors origin header [#6772](https://github.com/parse-community/parse-server/pull/6772). Thanks to [Kevin Yao](https://github.com/kzmeyao). +- FIX: Fix context for cascade-saving and saving existing object [#6735](https://github.com/parse-community/parse-server/pull/6735). Thanks to [Manuel](https://github.com/mtrezza). +- NEW: Add file bucket encryption using fileKey [#6765](https://github.com/parse-community/parse-server/pull/6765). Thanks to [Corey Baker](https://github.com/cbaker6). +- FIX: Removed gaze from dev dependencies and removed not working dev script [#6745](https://github.com/parse-community/parse-server/pull/6745). Thanks to [Vincent Semrau](https://github.com/vince1995). +- IMPROVE: Upgrade graphql-tools to v6 [#6701](https://github.com/parse-community/parse-server/pull/6701). Thanks to [Yaacov Rydzinski](https://github.com/yaacovCR). +- NEW: Support Metadata in GridFSAdapter [#6660](https://github.com/parse-community/parse-server/pull/6660). Thanks to [Diamond Lewis](https://github.com/dplewis). +- NEW: Allow to unset file from graphql [#6651](https://github.com/parse-community/parse-server/pull/6651). Thanks to [Antoine Cormouls](https://github.com/Moumouls). +- NEW: Handle shutdown for RedisCacheAdapter [#6658](https://github.com/parse-community/parse-server/pull/6658). Thanks to [promisenxu](https://github.com/promisenxu). +- FIX: Fix explain on user class [#6650](https://github.com/parse-community/parse-server/pull/6650). Thanks to [Manuel](https://github.com/mtrezza). +- FIX: Fix read preference for aggregate [#6585](https://github.com/parse-community/parse-server/pull/6585). Thanks to [Manuel](https://github.com/mtrezza). +- NEW: Add context to Parse.Object.save [#6626](https://github.com/parse-community/parse-server/pull/6626). Thanks to [Manuel](https://github.com/mtrezza). +- NEW: Adding ssl config params to Postgres URI [#6580](https://github.com/parse-community/parse-server/pull/6580). Thanks to [Corey Baker](https://github.com/cbaker6). +- FIX: Travis postgres update: removing unnecessary start of mongo-runner [#6594](https://github.com/parse-community/parse-server/pull/6594). Thanks to [Corey Baker](https://github.com/cbaker6). +- FIX: ObjectId size for Pointer in Postgres [#6619](https://github.com/parse-community/parse-server/pull/6619). Thanks to [Corey Baker](https://github.com/cbaker6). +- IMPROVE: Improve a test case [#6629](https://github.com/parse-community/parse-server/pull/6629). Thanks to [Gordon Sun](https://github.com/sunshineo). +- NEW: Allow to resolve automatically Parse Type fields from Custom Schema [#6562](https://github.com/parse-community/parse-server/pull/6562). Thanks to [Antoine Cormouls](https://github.com/Moumouls). +- FIX: Remove wrong console log in test [#6627](https://github.com/parse-community/parse-server/pull/6627). Thanks to [Gordon Sun](https://github.com/sunshineo). +- IMPROVE: Graphql tools v5 [#6611](https://github.com/parse-community/parse-server/pull/6611). Thanks to [Yaacov Rydzinski](https://github.com/yaacovCR). +- FIX: Catch JSON.parse and return 403 properly [#6589](https://github.com/parse-community/parse-server/pull/6589). Thanks to [Gordon Sun](https://github.com/sunshineo). +- PERFORMANCE: Allow covering relation queries with minimal index [#6581](https://github.com/parse-community/parse-server/pull/6581). Thanks to [Noah Silas](https://github.com/noahsilas). +- FIX: Fix Postgres group aggregation [#6522](https://github.com/parse-community/parse-server/pull/6522). Thanks to [Siddharth Ramesh](https://github.com/srameshr). +- NEW: Allow set user mapped from JWT directly on request [#6411](https://github.com/parse-community/parse-server/pull/6411). Thanks to [Gordon Sun](https://github.com/sunshineo). ### 4.2.0 [Full Changelog](https://github.com/parse-community/parse-server/compare/4.1.0...4.2.0) diff --git a/package-lock.json b/package-lock.json index c186e9f836..87259fd17a 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,6 +1,6 @@ { "name": "parse-server", - "version": "4.2.0", + "version": "4.3.0", "lockfileVersion": 1, "requires": true, "dependencies": { diff --git a/package.json b/package.json index eb572d3c75..519b528d22 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "parse-server", - "version": "4.2.0", + "version": "4.3.0", "description": "An express module providing a Parse-compatible API server", "main": "lib/index.js", "repository": { diff --git a/spec/DatabaseController.spec.js b/spec/DatabaseController.spec.js index e2df0f1e95..77cd6d035a 100644 --- a/spec/DatabaseController.spec.js +++ b/spec/DatabaseController.spec.js @@ -3,7 +3,7 @@ const validateQuery = DatabaseController._validateQuery; describe('DatabaseController', function () { describe('validateQuery', function () { - it('should not restructure simple cases of SERVER-13732', (done) => { + it('should not restructure simple cases of SERVER-13732', done => { const query = { $or: [{ a: 1 }, { a: 2 }], _rperm: { $in: ['a', 'b'] }, @@ -18,7 +18,7 @@ describe('DatabaseController', function () { done(); }); - it('should not restructure SERVER-13732 queries with $nears', (done) => { + it('should not restructure SERVER-13732 queries with $nears', done => { let query = { $or: [{ a: 1 }, { b: 1 }], c: { $nearSphere: {} } }; validateQuery(query); expect(query).toEqual({ @@ -31,7 +31,7 @@ describe('DatabaseController', function () { done(); }); - it('should not push refactored keys down a tree for SERVER-13732', (done) => { + it('should not push refactored keys down a tree for SERVER-13732', done => { const query = { a: 1, $or: [{ $or: [{ b: 1 }, { b: 2 }] }, { $or: [{ c: 1 }, { c: 2 }] }], @@ -45,12 +45,12 @@ describe('DatabaseController', function () { done(); }); - it('should reject invalid queries', (done) => { + it('should reject invalid queries', done => { expect(() => validateQuery({ $or: { a: 1 } })).toThrow(); done(); }); - it('should accept valid queries', (done) => { + it('should accept valid queries', done => { expect(() => validateQuery({ $or: [{ a: 1 }, { b: 2 }] })).not.toThrow(); done(); }); @@ -69,7 +69,7 @@ describe('DatabaseController', function () { 'getExpectedType', ]); - it('should not decorate query if no pointer CLPs are present', (done) => { + it('should not decorate query if no pointer CLPs are present', done => { const clp = buildCLP(); const query = { a: 'b' }; @@ -93,7 +93,7 @@ describe('DatabaseController', function () { done(); }); - it('should decorate query if a pointer CLP entry is present', (done) => { + it('should decorate query if a pointer CLP entry is present', done => { const clp = buildCLP(['user']); const query = { a: 'b' }; @@ -120,7 +120,7 @@ describe('DatabaseController', function () { done(); }); - it('should decorate query if an array CLP entry is present', (done) => { + it('should decorate query if an array CLP entry is present', done => { const clp = buildCLP(['users']); const query = { a: 'b' }; @@ -150,7 +150,7 @@ describe('DatabaseController', function () { done(); }); - it('should decorate query if an object CLP entry is present', (done) => { + it('should decorate query if an object CLP entry is present', done => { const clp = buildCLP(['user']); const query = { a: 'b' }; @@ -180,7 +180,7 @@ describe('DatabaseController', function () { done(); }); - it('should decorate query if a pointer CLP is present and the same field is part of the query', (done) => { + it('should decorate query if a pointer CLP is present and the same field is part of the query', done => { const clp = buildCLP(['user']); const query = { a: 'b', user: 'a' }; @@ -209,7 +209,7 @@ describe('DatabaseController', function () { done(); }); - it('should transform the query to an $or query if multiple array/pointer CLPs are present', (done) => { + it('should transform the query to an $or query if multiple array/pointer CLPs are present', done => { const clp = buildCLP(['user', 'users', 'userObject']); const query = { a: 'b' }; @@ -248,7 +248,7 @@ describe('DatabaseController', function () { done(); }); - it('should throw an error if for some unexpected reason the property specified in the CLP is neither a pointer nor an array', (done) => { + it('should throw an error if for some unexpected reason the property specified in the CLP is neither a pointer nor an array', done => { const clp = buildCLP(['user']); const query = { a: 'b' }; diff --git a/src/Controllers/DatabaseController.js b/src/Controllers/DatabaseController.js index 7db5b52cb3..334494b1b5 100644 --- a/src/Controllers/DatabaseController.js +++ b/src/Controllers/DatabaseController.js @@ -1567,7 +1567,7 @@ class DatabaseController { objectId: userId, }; - const queries = permFields.map((key) => { + const queries = permFields.map(key => { const fieldDescriptor = schema.getExpectedType(className, key); const fieldType = fieldDescriptor && @@ -1769,9 +1769,12 @@ class DatabaseController { const roleClassPromise = this.loadSchema().then(schema => schema.enforceClassExists('_Role') ); - const idempotencyClassPromise = this.adapter instanceof MongoStorageAdapter - ? this.loadSchema().then((schema) => schema.enforceClassExists('_Idempotency')) - : Promise.resolve(); + const idempotencyClassPromise = + this.adapter instanceof MongoStorageAdapter + ? this.loadSchema().then(schema => + schema.enforceClassExists('_Idempotency') + ) + : Promise.resolve(); const usernameUniqueness = userClassPromise .then(() => @@ -1836,42 +1839,46 @@ class DatabaseController { throw error; }); - const idempotencyRequestIdIndex = this.adapter instanceof MongoStorageAdapter - ? idempotencyClassPromise - .then(() => - this.adapter.ensureUniqueness( - '_Idempotency', - requiredIdempotencyFields, - ['reqId'] - )) - .catch((error) => { - logger.warn( - 'Unable to ensure uniqueness for idempotency request ID: ', - error - ); - throw error; - }) - : Promise.resolve(); - - const idempotencyExpireIndex = this.adapter instanceof MongoStorageAdapter - ? idempotencyClassPromise - .then(() => - this.adapter.ensureIndex( - '_Idempotency', - requiredIdempotencyFields, - ['expire'], - 'ttl', - false, - { ttl: 0 }, - )) - .catch((error) => { - logger.warn( - 'Unable to create TTL index for idempotency expire date: ', - error - ); - throw error; - }) - : Promise.resolve(); + const idempotencyRequestIdIndex = + this.adapter instanceof MongoStorageAdapter + ? idempotencyClassPromise + .then(() => + this.adapter.ensureUniqueness( + '_Idempotency', + requiredIdempotencyFields, + ['reqId'] + ) + ) + .catch(error => { + logger.warn( + 'Unable to ensure uniqueness for idempotency request ID: ', + error + ); + throw error; + }) + : Promise.resolve(); + + const idempotencyExpireIndex = + this.adapter instanceof MongoStorageAdapter + ? idempotencyClassPromise + .then(() => + this.adapter.ensureIndex( + '_Idempotency', + requiredIdempotencyFields, + ['expire'], + 'ttl', + false, + { ttl: 0 } + ) + ) + .catch(error => { + logger.warn( + 'Unable to create TTL index for idempotency expire date: ', + error + ); + throw error; + }) + : Promise.resolve(); const indexPromise = this.adapter.updateSchemaWithIndexes();