CHANGELOG.md

Change Log

v0.8.12 - 2017-01-23

Added

• Support for SHA-256 hashed passwords sent from client in the default login endpoint
• PATCH support for default collection endpoints

Changed

• Allow custom error responses to be returned from custom auth functions by providing an error value in return object

Fixed

• Bcrypt build error (required upgrade of accounts-password dependency to v1.3.3)

v0.8.11 - 2016-06-16

Fixed

• Allow null or undefined to be returned from endpoint function when HTTP response is handled manually (#135)

v0.8.10 - 2016-03-28

Changed

• Add result from onLoggedOut hook to data.extra field (#196)
• Remove the default onLoggedIn and onLoggedOut hooks that returned an empty object (docs incorrectly listed them as undefined, but the result was not being used prior to v0.8.9)

v0.8.9 - 2016-03-14

Changed

• Add result from onLoggedIn hook to data.extra field (#194)

v0.8.8 - 2016-03-10

Changed

• Update to the latest version of simple:json-routes (v2.1.0)
  • Resolves errors when using alongside Iron Router (#185)

v0.8.7 - 2016-02-24

Fixed

• Declare dependency on accounts-password (#169)

v0.8.6 - 2016-02-24

Changed

• Update to the latest version of simple:json-routes (v2.0.1)
  • Increases max request size to 50mb (#78 and #179)

v0.8.5 - 2016-02-24

Fixed

• Remove Route class from global namespace (#170)

v0.8.4 - 2015-08-18

Added

• Default OPTIONS endpoint when CORS is enabled (#99)

Fixed

• Enable CORS with default authentication when both are configured (#99)

v0.8.3 - 2015-08-12

Changed

• Accept explicit username or email in default login endpoint (#121)

v0.8.2 - 2015-08-05

Changed

• Update simple:json-routes to v1.0.4 to remove Connect deprecation warnings (#118)

v0.8.1 - 2015-07-07

Added

• Default logout endpoint at POST /api/logout

Deprecated

• Default logout endpoint at GET /api/logout (#100)
  • Will be removed in v1.0
  • Use POST /api/logout instead

v0.8.0 - 2015-07-06

WARNING! API-breaking changes! Please be aware when upgrading!

Note: API-breaking changes are in bold

Added

• Support API versioning via URL path
• API configuration option for defining a default OPTIONS endpoint (used on any route that doesn't define it's own OPTIONS endpoint): defaultOptionsEndpoint

Changed

• Export Restivus as a "class" instead of an object
• Replace Iron Router with [JSON Routes] (https://github.com/stubailo/meteor-rest/tree/master/packages/json-routes)! (#38)
• Return standard response codes in any autogenerated endpoints (#48)
  • 201: Resource created (in POST collection endpoints)
  • 403: Role permission errors
  • 405: API method not found (but route exists)
• Remove dependency on useAuth API config option for endpoint authentication (#49)

Deprecated

• useAuth API config option (replaced with useDefaultAuth to better reflect it's purpose, which is to generate the default auth endpoints)

Fixed

• Iron Router related issues
  • Issue #24: Interference with other routers
  • Issue #35: App hangs on iOS
  • Issue #43: Deployed app shows iron:router welcome screen
• Issue #91: Return a 401 error when auth info is not provided in endpoint requiring default auth (previously returned 500 error)

Removed

• deleteAll collection endpoint (it had the potential to be quite destructive - #47)
• Restivus.configure() (configuration now available via Restivus constructor)

v0.7.1 - 2015-07-01

Fixed

• Issue #95: On 401 and 403 errors, Restivus should wait before sending any data

v0.7.0 - 2015-06-18

WARNING! Potentially breaking changes! Please be aware when upgrading!

Changed

• Update default auth endpoints to match current Accounts token storage (#79)
  • WARNING! All clients consuming a Restivus API with the default authentication will need to reauthenticate after this update
  • Login token is now stored as hashedToken instead of token
• Return 401 Unauthorized for failed authentication
• When logging in with bad credentials, randomly delay the response (#81)
• Declare dependency on accounts-base package

v0.6.6 - 2015-05-25

Changed

• Improve the Contributing Guidelines
  • Tighten up some conventions
  • Add more detailed information

Fixed

• Issue #68: Make Restivus a server-only package (Restivus is now undefined on the client)

v0.6.5 - 2015-04-27

Added

• Include an endpoint's configuration options [in its context] (https://github.com/kahmali/meteor-restivus#thisendpointoption)
• Allow default response headers to be configured
• Allow CORS to be disabled in API config (using [enableCors] (https://github.com/kahmali/meteor-restivus#enablecors) option)
  • Resolves Issue #39

Changed

• Default response Content-Type is now application/json instead of text/json
  • This shouldn't have any effect on existing APIs. Updating to match standard JSON type, according to RFC 4627.

Fixed

• Issue #32: Prevent non-JSON response types from being wrapped in quotes
  • This bug required clients to do additional parsing of non-JSON types (removing quotes and escaped characters)

v0.6.4 - 2015-04-14

Added

• Configuration option to disable Iron Router on the client (resolves Issue #24)

Changed

• Allow API to be configured and added to before Meteor starts (previously required within Meteor.startup())

v0.6.3 - 2015-04-03

Fixed

• Issue #20: Allow manual response in endpoints using underlying Node response object.

v0.6.2 - 2015-03-04

Fixed

• Issue #14: Prevent endpoints from being generated for any excludedEndpoints configured on collection routes (previously generated when no options were configured for any endpoints).
• Restivus.configure() is now bound to the Restivus object context

v0.6.1 - 2015-02-19

WARNING! API-breaking changes! Please be aware when upgrading!

Fixed

• Allow existing collections to be added to API
  • v0.6.0 did not allow you to work with existing collections, or access collections created in Restivus elsewhere in your app, which is not the intended behavior. Since Meteor expects you to construct each collection only once (using new Mongo.Collection()), and store that globally, Restivus now requires that you pass an existing collection in Restivus.addCollection(), in place of the name.

v0.6.0 - 2015-02-17

WARNING! Do not use v0.6.0! Please upgrade to v0.6.1 or above. WARNING! API-breaking changes! Please be aware when upgrading!

Added

• Restivus.addCollection() method for generating CRUD endpoints for Mongo Collections. Please see README for detailed information on defining collection routes in Restivus.

Changed

• Rename Restivus.add() to Restivus.addRoute() for clarity, now that Restivus.addCollection() has been added to API. Warning! This is an API-breaking change!
• Convert all responses generated by Restivus to JSend format. Warning! This is an API-breaking change!
• README
  • Update and refactor README to include detailed information on new collection route features, including code examples and an all-new Quick Start example that also highlights the new Restivus.addCollection() method.
  • Add "Terminology" section to the README for clarification on a few key terms that are heavily used throughout the docs
  • Add section on upgrading from v0.5.x

v0.5.9 - 2015-02-16

Added

• Allow user-defined OPTIONS endpoints on routes

Changed

• README
  • Show support for OPTIONS endpoints in description and code examples in the Defining Endpoints section of README

v0.5.8 - 2015-02-11

Added

• The following options have been added in Restivus.configure() to allow for custom user authentication on endpoints (see Configuration Options for a much more detailed breakdown):
  • auth.token: The path to the auth token in the Meteor.user document
  • auth.user: A function providing one of two levels of authentication, depending on the data it returns. Once the user authentication completes successfully, the authenticated user and their ID will be attached to the endpoint context.

Changed

• README
  • Add auth.token and auth.user to Configuration Options

v0.5.7 - 2015-02-02

Changed

• README
  • Update Quick Start examples so Restivus is configured and built from within the Meteor.startup() callback
  • Add "Important!" note in the Configuration and Defining Routes sections that these must be done within the Meteor.startup() callback

Fixed

• Resolve and configure endpoints in Route.addToApi() instead of Route constructor so that endpoints are never configured until the API has been configured (with Restivus.configure()). This was causing unexpected behavior in routes that were added before the API was configured, such as authentication not being checked when necessary (so this.user and this.userId were undefined in authenticated endpoints).

v0.5.6 - 2015-01-31

Fixed

• Issue #2: Make Restivus._initAuth() private only by convention for proper context. Context was accidentally altered when refactoring Restivus into a class in latest update.

v0.5.5 - 2015-01-30

Added

• User role permissions for limiting access to endpoints (works alongside the alanning:roles package)

Changed

• Resolve and configure endpoints during Route construction, to prevent a bunch of unnecessary processing every time an endpoint was being accessed. This should yield at least a minor performance gain on all endpoints.
• Refactor Route and Restivus into CoffeeScript classes
• README
  • Add info on setting up role permissions to Route Options and Defining Endpoints sections
  • Update Quick Start example to show definition of role permissions on an endpoint

v0.5.4 - 2015-01-27

Fixed

• Issue #1: The default api path ('api/') is used if no apiPath is provided in Restivus.configure() (would previously crash Meteor).
• Only a config.apiPath that is missing the trailing '/' will have it appended during API configuration

v0.5.3 - 2015-01-15

Added

• Access this.userId within authenticated endpoints

Changed

• README
  • Add this.userId to Endpoint Context
  • Specify context in onLoggedIn and onLoggedOut hooks

Fixed

• Context in onLoggedIn and onLoggedOut hooks is now the same as within an authenticated endpoint

v0.5.2 - 2015-01-14

Added

• Support pretty JSON in API configuration

Changed

• README
  • Show endpoint object in 'Quick Start' code examples
  • Restructure topic hierarchy
  • Change 'Route Structure' section to 'Path Structure' and reword for consistent use of terminology
  • Add prettyJson to Configuration Options

Fixed

• Prevent endpoint from being called if authentication fails (and return 401)

v0.5.1 - 2015-01-10

Added

• Allow cross-domain requests to API from browsers (CORS-compliant)

Changed

• README
  • Clean up code examples
  • Add section on documenting API with apiDoc
  • Specify supported Meteor version
  • Add section on default http response configuration
  • Make it more readable in plain-text format
• Terminology (in code, comments, and README)
  • Method: The type of HTTP request (e.g., GET, PUT, POST, etc.)
  • Endpoint: The function executed when a request is made at a given path for a specific HTTP method
  • Route: A path and a set of endpoints

Fixed

• Content-Type header in endpoint response will default to text/json if not overridden by user

v0.5.0 - 2015-01-04

• Initial release