diff --git a/.eslintignore b/.eslintignore index b7c67dd1d3..d7cee1f6c5 100644 --- a/.eslintignore +++ b/.eslintignore @@ -1,3 +1,3 @@ lib coverage - +out diff --git a/README.md b/README.md index 2c38b9f15e..c5b21b6a21 100644 --- a/README.md +++ b/README.md @@ -245,6 +245,7 @@ The client keys used with Parse are no longer necessary with Parse Server. If yo * `auth` - Used to configure support for [3rd party authentication](http://docs.parseplatform.org/parse-server/guide/#oauth-and-3rd-party-authentication). * `facebookAppIds` - An array of valid Facebook application IDs that users may authenticate with. * `mountPath` - Mount path for the server. Defaults to `/parse`. +* `directAccess` - Replace HTTP Interface when using JS SDK in current node runtime. Defaults to false. Caution, this is an experimental feature that may not be appropriate for production. * `filesAdapter` - The default behavior (GridStore) can be changed by creating an adapter class (see [`FilesAdapter.js`](https://github.com/parse-community/parse-server/blob/master/src/Adapters/Files/FilesAdapter.js)). * `maxUploadSize` - Max file size for uploads. Defaults to 20 MB. * `loggerAdapter` - The default behavior/transport (File) can be changed by creating an adapter class (see [`LoggerAdapter.js`](https://github.com/parse-community/parse-server/blob/master/src/Adapters/Logger/LoggerAdapter.js)). diff --git a/spec/index.spec.js b/spec/index.spec.js index 6cebb23bc2..6e2bfcf61a 100644 --- a/spec/index.spec.js +++ b/spec/index.spec.js @@ -498,6 +498,16 @@ describe('server', () => { .catch(done.fail); }); + it('should allow direct access', async () => { + const RESTController = Parse.CoreManager.getRESTController(); + const spy = spyOn(Parse.CoreManager, 'setRESTController').and.callThrough(); + await reconfigureServer({ + directAccess: true, + }); + expect(spy).toHaveBeenCalledTimes(1); + Parse.CoreManager.setRESTController(RESTController); + }); + it('should load a middleware from string', done => { reconfigureServer({ middleware: 'spec/support/CustomMiddleware', diff --git a/src/Options/Definitions.js b/src/Options/Definitions.js index 4ab352d0ea..0ad84c2dff 100644 --- a/src/Options/Definitions.js +++ b/src/Options/Definitions.js @@ -148,16 +148,16 @@ module.exports.ParseServerOptions = { userSensitiveFields: { env: 'PARSE_SERVER_USER_SENSITIVE_FIELDS', help: - 'Personally identifiable information fields in the user table the should be removed for non-authorized users. **Deprecated** @see protectedFields', + 'Personally identifiable information fields in the user table the should be removed for non-authorized users. Deprecated @see protectedFields', action: parsers.arrayParser, default: ['email'], }, protectedFields: { env: 'PARSE_SERVER_PROTECTED_FIELDS', help: - 'Personally identifiable information fields in the user table the should be removed for non-authorized users.', + 'Protected fields that should be treated with extra security when fetching details.', action: parsers.objectParser, - default: { _User: { '*': ['email'] } }, + default: [], }, enableAnonymousUsers: { env: 'PARSE_SERVER_ENABLE_ANON_USERS', @@ -280,6 +280,13 @@ module.exports.ParseServerOptions = { action: parsers.numberParser('cacheMaxSize'), default: 10000, }, + directAccess: { + env: 'PARSE_SERVER_ENABLE_EXPERIMENTAL_DIRECT_ACCESS', + help: + 'Replace HTTP Interface when using JS SDK in current node runtime, defaults to false. Caution, this is an experimental feature that may not be appropriate for production.', + action: parsers.booleanParser, + default: false, + }, enableSingleSchemaCache: { env: 'PARSE_SERVER_ENABLE_SINGLE_SCHEMA_CACHE', help: diff --git a/src/Options/docs.js b/src/Options/docs.js index 2bfac7e70c..0108226012 100644 --- a/src/Options/docs.js +++ b/src/Options/docs.js @@ -28,7 +28,8 @@ * @property {String} webhookKey Key sent with outgoing webhook calls * @property {String} fileKey Key for your files * @property {Boolean} preserveFileName Enable (or disable) the addition of a unique hash to the file names - * @property {String[]} userSensitiveFields Personally identifiable information fields in the user table the should be removed for non-authorized users. + * @property {String[]} userSensitiveFields Personally identifiable information fields in the user table the should be removed for non-authorized users. Deprecated @see protectedFields + * @property {Any} protectedFields Protected fields that should be treated with extra security when fetching details. * @property {Boolean} enableAnonymousUsers Enable (or disable) anon users, defaults to true * @property {Boolean} allowClientClassCreation Enable (or disable) client class creation, defaults to true * @property {Any} auth Configuration for your authentication providers, as stringified JSON. See http://docs.parseplatform.org/parse-server/guide/#oauth-and-3rd-party-authentication @@ -50,6 +51,7 @@ * @property {Number} schemaCacheTTL The TTL for caching the schema for optimizing read/write operations. You should put a long TTL when your DB is in production. default to 5000; set 0 to disable. * @property {Number} cacheTTL Sets the TTL for the in memory cache (in ms), defaults to 5000 (5 seconds) * @property {Number} cacheMaxSize Sets the maximum size for the in memory cache, defaults to 10000 + * @property {Boolean} directAccess Replace HTTP Interface when using JS SDK in current node runtime, defaults to false. Caution, this is an experimental feature that may not be appropriate for production. * @property {Boolean} enableSingleSchemaCache Use a single schema cache shared across requests. Reduces number of queries made to _SCHEMA, defaults to false, i.e. unique schema cache per request. * @property {Boolean} enableExpressErrorHandler Enables the default express error handler for all errors * @property {Number} objectIdSize Sets the number of characters in generated object id's, default 10 diff --git a/src/Options/index.js b/src/Options/index.js index 0fb744cf5c..ab88799a88 100644 --- a/src/Options/index.js +++ b/src/Options/index.js @@ -145,6 +145,10 @@ export interface ParseServerOptions { /* Sets the maximum size for the in memory cache, defaults to 10000 :DEFAULT: 10000 */ cacheMaxSize: ?number; + /* Replace HTTP Interface when using JS SDK in current node runtime, defaults to false. Caution, this is an experimental feature that may not be appropriate for production. + :ENV: PARSE_SERVER_ENABLE_EXPERIMENTAL_DIRECT_ACCESS + :DEFAULT: false */ + directAccess: ?boolean; /* Use a single schema cache shared across requests. Reduces number of queries made to _SCHEMA, defaults to false, i.e. unique schema cache per request. :DEFAULT: false */ enableSingleSchemaCache: ?boolean; diff --git a/src/ParseServer.js b/src/ParseServer.js index 63e43ab1f3..8ee63b833b 100644 --- a/src/ParseServer.js +++ b/src/ParseServer.js @@ -136,7 +136,7 @@ class ParseServer { * @static * Create an express app for the parse server * @param {Object} options let you specify the maxUploadSize when creating the express app */ - static app({ maxUploadSize = '20mb', appId }) { + static app({ maxUploadSize = '20mb', appId, directAccess }) { // This app serves the Parse API directly. // It's the equivalent of https://api.parse.com/1 in the hosted Parse API. var api = express(); @@ -193,7 +193,10 @@ class ParseServer { ParseServer.verifyServerUrl(); }); } - if (process.env.PARSE_SERVER_ENABLE_EXPERIMENTAL_DIRECT_ACCESS === '1') { + if ( + process.env.PARSE_SERVER_ENABLE_EXPERIMENTAL_DIRECT_ACCESS === '1' || + directAccess + ) { Parse.CoreManager.setRESTController( ParseServerRESTController(appId, appRouter) );