Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: Throwing error in Cloud Code Triggers afterLogin, afterLogout crashes server #8280

Merged
merged 4 commits into from Nov 10, 2022
Merged

fix: Throwing error in Cloud Code Triggers afterLogin, afterLogout crashes server #8280

merged 4 commits into from Nov 10, 2022

Conversation

dblythy
Copy link
Member

@dblythy dblythy commented Nov 3, 2022

New Pull Request Checklist

Issue Description

afterLogin and afterLogout do not await, which results in throws / side-effects being uncaught. This is not the behaviour of the other triggers.

Related issue: #8255
Closes: #8255

Approach

Awaits the result of the triggers. Minor refactoring for readability.

TODOs before merging

  • Add tests
  • A changelog entry is created automatically using the pull request title (do not manually add a changelog entry)

@parse-github-assistant
Copy link

I will reformat the title to use the proper commit message syntax.

@parse-github-assistant parse-github-assistant bot changed the title fix: throwing in afterLogin and afterLogout causes server crash fix: Throwing in afterLogin and afterLogout causes server crash Nov 3, 2022
@parse-github-assistant
Copy link

parse-github-assistant bot commented Nov 3, 2022
edited

Thanks for opening this pull request!

  • 🎉 We are excited about your hands-on contribution!

@mtrezza mtrezza added the state:breaking Breaking change requires major version increment and `BREAKING CHANGE` commit message label Nov 3, 2022
@codecov
Copy link

codecov bot commented Nov 3, 2022
edited

Codecov Report

Base: 94.25% // Head: 94.26% // Increases project coverage by +0.01% 🎉

Coverage data is based on head (a91c3f6) compared to base (f535ee6).
Patch coverage: 100.00% of modified lines in pull request are covered.

Additional details and impacted files 
@@            Coverage Diff             @@
##            alpha    #8280      +/-   ##
==========================================
+ Coverage   94.25%   94.26%   +0.01%     
==========================================
  Files         180      180              
  Lines       13968    13965       -3     
==========================================
- Hits        13165    13164       -1     
+ Misses        803      801       -2
Impacted Files Coverage Δ
src/Routers/UsersRouter.js 96.21% <100.00%> (+0.78%) ⬆️
src/Adapters/Files/GridFSBucketAdapter.js 93.43% <0.00%> (-0.73%) ⬇️
src/ParseServerRESTController.js 98.48% <0.00%> (+1.51%) ⬆️

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

☔ View full report at Codecov.
📢 Do you have feedback about the report comment? Let us know in this issue.

@mtrezza mtrezza changed the title fix: Throwing in afterLogin and afterLogout causes server crash fix: Throwing in Cloud Code trigger afterLogin and afterLogout causes server crash Nov 3, 2022
@mtrezza mtrezza changed the title fix: Throwing in Cloud Code trigger afterLogin and afterLogout causes server crash fix: Throwing in Cloud Code triggers afterLogin, afterLogout causes server crash Nov 3, 2022
@dblythy dblythy requested a review from a team November 3, 2022 02:04
@mtrezza mtrezza mentioned this pull request Nov 3, 2022
Closed
3 tasks
mtrezza
mtrezza reviewed Nov 3, 2022
View reviewed changes
Copy link
Member

@mtrezza mtrezza left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@dblythy could you please take a look at #8256 (comment) and see whether it is considered in this PR?

@dblythy
Copy link
Member Author

dblythy commented Nov 6, 2022

Yes, that's effectively the change that I made

@mtrezza mtrezza changed the title fix: Throwing in Cloud Code triggers afterLogin, afterLogout causes server crash fix: Throwing in Cloud Code triggers afterLogin, afterLogout crashes server Nov 10, 2022
mtrezza
mtrezza approved these changes Nov 10, 2022
View reviewed changes
Copy link
Member

@mtrezza mtrezza left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good!

@mtrezza mtrezza changed the title fix: Throwing in Cloud Code triggers afterLogin, afterLogout crashes server fix: Throwing error in Cloud Code triggers afterLogin, afterLogout crashes server Nov 10, 2022
@mtrezza mtrezza changed the title fix: Throwing error in Cloud Code triggers afterLogin, afterLogout crashes server fix: Throwing error in Cloud Code Triggers afterLogin, afterLogout crashes server Nov 10, 2022
@mtrezza mtrezza merged commit 130d290 into parse-community:alpha Nov 10, 2022
parseplatformorg pushed a commit that referenced this pull request Nov 10, 2022
@semantic-release-bot
chore(release): 6.0.0-alpha.5 [skip ci]
ebea057 
# [6.0.0-alpha.5](6.0.0-alpha.4...6.0.0-alpha.5) (2022-11-10)

### Bug Fixes

* Throwing error in Cloud Code Triggers `afterLogin`, `afterLogout` crashes server ([#8280](#8280)) ([130d290](130d290))

### BREAKING CHANGES

* Throwing an error in Cloud Code Triggers `afterLogin`, `afterLogout` returns a rejected promise; in previous releases it crashed the server if you did not handle the error on the Node.js process level; consider adapting your code if your app currently handles these errors on the Node.js process level with `process.on('unhandledRejection', ...)` ([130d290](130d290))
@parseplatformorg
Copy link
Contributor

🎉 This change has been released in version 6.0.0-alpha.5

@parseplatformorg parseplatformorg added the state:released-alpha Released as alpha version label Nov 10, 2022
@parse-github-assistant
Copy link

The label state:released-alpha cannot be used in combination with state:breaking.

@parse-github-assistant parse-github-assistant bot removed the state:released-alpha Released as alpha version label Nov 10, 2022
parseplatformorg pushed a commit that referenced this pull request Jan 31, 2023
@semantic-release-bot
chore(release): 6.0.0-beta.1 [skip ci]
301459d 
# [6.0.0-beta.1](5.4.0...6.0.0-beta.1) (2023-01-31)

### Bug Fixes

* `ParseServer.verifyServerUrl` may fail if server response headers are missing; remove unnecessary logging ([#8391](#8391)) ([1c37a7c](1c37a7c))
* Cloud Code trigger `beforeSave` does not work with `Parse.Role` ([#8320](#8320)) ([f29d972](f29d972))
* ES6 modules do not await the import of Cloud Code files ([#8368](#8368)) ([a7bd180](a7bd180))
* Nested objects are encoded incorrectly for MongoDB ([#8209](#8209)) ([1412666](1412666))
* Parse Server option `masterKeyIps` does not include localhost by default for IPv6 ([#8322](#8322)) ([ab82635](ab82635))
* Rate limiter may reject requests that contain a session token ([#8399](#8399)) ([c114dc8](c114dc8))
* Remove Node 12 and Node 17 support ([#8279](#8279)) ([2546cc8](2546cc8))
* Schema without class level permissions may cause error ([#8409](#8409)) ([aa2cd51](aa2cd51))
* The client IP address may be determined incorrectly in some cases; this fixes a security vulnerability in which the Parse Server option `masterKeyIps` may be circumvented, see [GHSA-vm5r-c87r-pf6x](GHSA-vm5r-c87r-pf6x) ([#8372](#8372)) ([892040d](892040d))
* Throwing error in Cloud Code Triggers `afterLogin`, `afterLogout` crashes server ([#8280](#8280)) ([130d290](130d290))

### Features

* Access the internal scope of Parse Server using the new `maintenanceKey`; the internal scope contains unofficial and undocumented fields (prefixed with underscore `_`) which are used internally by Parse Server; you may want to manipulate these fields for out-of-band changes such as data migration or correction tasks; changes within the internal scope of Parse Server may happen at any time without notice or changelog entry, it is therefore recommended to look at the source code of Parse Server to understand the effects of manipulating internal fields before using the key; it is discouraged to use the `maintenanceKey` for routine operations in a production environment; see [access scopes](https://github.com/parse-community/parse-server#access-scopes) ([#8212](#8212)) ([f3bcc93](f3bcc93))
* Adapt `verifyServerUrl` for new asynchronous Parse Server start-up states ([#8366](#8366)) ([ffa4974](ffa4974))
* Add `ParseQuery.watch` to trigger LiveQuery only on update of specific fields ([#8028](#8028)) ([fc92faa](fc92faa))
* Add Node 19 support ([#8363](#8363)) ([a4990dc](a4990dc))
* Add option to change the log level of the logs emitted by triggers ([#8328](#8328)) ([8f3b694](8f3b694))
* Add request rate limiter based on IP address ([#8174](#8174)) ([6c79f6a](6c79f6a))
* Asynchronous initialization of Parse Server ([#8232](#8232)) ([99fcf45](99fcf45))
* Improve authentication adapter interface to support multi-factor authentication (MFA), authentication challenges, and provide a more powerful interface for writing custom authentication adapters ([#8156](#8156)) ([5bbf9ca](5bbf9ca))
* Reduce Docker image size by improving stages ([#8359](#8359)) ([40810b4](40810b4))
* Remove deprecation `DEPPS1`: Native MongoDB syntax in aggregation pipeline ([#8362](#8362)) ([d0d30c4](d0d30c4))
* Remove deprecation `DEPPS2`: Config option `directAccess` defaults to true ([#8284](#8284)) ([f535ee6](f535ee6))
* Remove deprecation `DEPPS3`: Config option `enforcePrivateUsers` defaults to `true` ([#8283](#8283)) ([ed499e3](ed499e3))
* Remove deprecation `DEPPS4`: Remove convenience method for http request `Parse.Cloud.httpRequest`  ([#8287](#8287)) ([2d79c08](2d79c08))
* Remove support for MongoDB 4.0 ([#8292](#8292)) ([37245f6](37245f6))
* Restrict use of `masterKey` to localhost by default ([#8281](#8281)) ([6c16021](6c16021))
* Upgrade Node Package Manager lock file `package-lock.json` to version 2 ([#8285](#8285)) ([ee72467](ee72467))
* Upgrade Redis 3 to 4 ([#8293](#8293)) ([7d622f0](7d622f0))
* Upgrade Redis 3 to 4 for LiveQuery ([#8333](#8333)) ([b2761fb](b2761fb))
* Upgrade to Parse JavaScript SDK 4 ([#8332](#8332)) ([9092874](9092874))
* Write log entry when request with master key is rejected as outside of `masterKeyIps` ([#8350](#8350)) ([e22b73d](e22b73d))

### BREAKING CHANGES

* The Docker image does not contain the git dependency anymore; if you have been using git as a transitive dependency it now needs to be explicitly installed in your Docker file, for example with `RUN apk --no-cache add git` (#8359) ([40810b4](40810b4))
* Fields in the internal scope of Parse Server (prefixed with underscore `_`) are only returned using the new `maintenanceKey`; previously the `masterKey` allowed reading of internal fields; see [access scopes](https://github.com/parse-community/parse-server#access-scopes) for a comparison of the keys' access permissions (#8212) ([f3bcc93](f3bcc93))
* The method `ParseServer.verifyServerUrl` now returns a promise instead of a callback. ([ffa4974](ffa4974))
* The MongoDB aggregation pipeline requires native MongoDB syntax instead of the custom Parse Server syntax; for example pipeline stage names require a leading dollar sign like `$match` and the MongoDB document ID is referenced using `_id` instead of `objectId` (#8362) ([d0d30c4](d0d30c4))
* The mechanism to determine the client IP address has been rewritten; to correctly determine the IP address it is now required to set the Parse Server option `trustProxy` accordingly if Parse Server runs behind a proxy server, see the express framework's [trust proxy](https://expressjs.com/en/guide/behind-proxies.html) setting (#8372) ([892040d](892040d))
* The Node Package Manager lock file `package-lock.json` is upgraded to version 2; while it is backwards with version 1 for the npm installer, consider this if you run any non-npm analysis tools that use the lock file (#8285) ([ee72467](ee72467))
* This release introduces the asynchronous initialization of Parse Server to prevent mounting Parse Server before being ready to receive request; it changes how Parse Server is imported, initialized and started; it also removes the callback `serverStartComplete`; see the [Parse Server 6 migration guide](https://github.com/parse-community/parse-server/blob/alpha/6.0.0.md) for more details (#8232) ([99fcf45](99fcf45))
* Nested objects are now properly stored in the database using JSON serialization; previously, due to a bug only top-level objects were serialized, but nested objects were saved as raw JSON; for example, a nested `Date` object was saved as a JSON object like `{ "__type": "Date", "iso": "2020-01-01T00:00:00.000Z" }` instead of its serialized representation `2020-01-01T00:00:00.000Z` (#8209) ([1412666](1412666))
* The Parse Server option `enforcePrivateUsers` is set to `true` by default; in previous releases this option defaults to `false`; this change improves the default security configuration of Parse Server (#8283) ([ed499e3](ed499e3))
* This release restricts the use of `masterKey` to localhost by default; if you are using Parse Dashboard on a different server to connect to Parse Server you need to add the IP address of the server that hosts Parse Dashboard to this option (#8281) ([6c16021](6c16021))
* This release upgrades to Redis 4; if you are using the Redis cache adapter with Parse Server then this is a breaking change as the Redis client options have changed; see the [Redis migration guide](https://github.com/redis/node-redis/blob/redis%404.0.0/docs/v3-to-v4.md) for more details (#8293) ([7d622f0](7d622f0))
* This release removes support for MongoDB 4.0; the new minimum supported MongoDB version is 4.2. which also removes support for the deprecated MongoDB MMAPv1 storage engine ([37245f6](37245f6))
* Throwing an error in Cloud Code Triggers `afterLogin`, `afterLogout` returns a rejected promise; in previous releases it crashed the server if you did not handle the error on the Node.js process level; consider adapting your code if your app currently handles these errors on the Node.js process level with `process.on('unhandledRejection', ...)` ([130d290](130d290))
* Config option `directAccess` defaults to true; set this to `false` in environments where multiple Parse Server instances run behind a load balancer and Parse requests within the current Node.js environment should be routed via the load balancer and distributed as HTTP requests among all instances via the `serverURL`. ([f535ee6](f535ee6))
* The convenience method for HTTP requests `Parse.Cloud.httpRequest` is removed; use your preferred 3rd party library for making HTTP requests ([2d79c08](2d79c08))
* This release removes Node 12 and Node 17 support ([2546cc8](2546cc8))
@parseplatformorg
Copy link
Contributor

🎉 This change has been released in version 6.0.0-beta.1

@parseplatformorg parseplatformorg added the state:released-beta Released as beta version label Jan 31, 2023
parseplatformorg pushed a commit that referenced this pull request Jan 31, 2023
@semantic-release-bot
chore(release): 6.0.0 [skip ci]
f7eee19 
# [6.0.0](5.4.0...6.0.0) (2023-01-31)

### Bug Fixes

* `ParseServer.verifyServerUrl` may fail if server response headers are missing; remove unnecessary logging ([#8391](#8391)) ([1c37a7c](1c37a7c))
* Cloud Code trigger `beforeSave` does not work with `Parse.Role` ([#8320](#8320)) ([f29d972](f29d972))
* ES6 modules do not await the import of Cloud Code files ([#8368](#8368)) ([a7bd180](a7bd180))
* Nested objects are encoded incorrectly for MongoDB ([#8209](#8209)) ([1412666](1412666))
* Parse Server option `masterKeyIps` does not include localhost by default for IPv6 ([#8322](#8322)) ([ab82635](ab82635))
* Rate limiter may reject requests that contain a session token ([#8399](#8399)) ([c114dc8](c114dc8))
* Remove Node 12 and Node 17 support ([#8279](#8279)) ([2546cc8](2546cc8))
* Schema without class level permissions may cause error ([#8409](#8409)) ([aa2cd51](aa2cd51))
* The client IP address may be determined incorrectly in some cases; this fixes a security vulnerability in which the Parse Server option `masterKeyIps` may be circumvented, see [GHSA-vm5r-c87r-pf6x](GHSA-vm5r-c87r-pf6x) ([#8372](#8372)) ([892040d](892040d))
* Throwing error in Cloud Code Triggers `afterLogin`, `afterLogout` crashes server ([#8280](#8280)) ([130d290](130d290))

### Features

* Access the internal scope of Parse Server using the new `maintenanceKey`; the internal scope contains unofficial and undocumented fields (prefixed with underscore `_`) which are used internally by Parse Server; you may want to manipulate these fields for out-of-band changes such as data migration or correction tasks; changes within the internal scope of Parse Server may happen at any time without notice or changelog entry, it is therefore recommended to look at the source code of Parse Server to understand the effects of manipulating internal fields before using the key; it is discouraged to use the `maintenanceKey` for routine operations in a production environment; see [access scopes](https://github.com/parse-community/parse-server#access-scopes) ([#8212](#8212)) ([f3bcc93](f3bcc93))
* Adapt `verifyServerUrl` for new asynchronous Parse Server start-up states ([#8366](#8366)) ([ffa4974](ffa4974))
* Add `ParseQuery.watch` to trigger LiveQuery only on update of specific fields ([#8028](#8028)) ([fc92faa](fc92faa))
* Add Node 19 support ([#8363](#8363)) ([a4990dc](a4990dc))
* Add option to change the log level of the logs emitted by triggers ([#8328](#8328)) ([8f3b694](8f3b694))
* Add request rate limiter based on IP address ([#8174](#8174)) ([6c79f6a](6c79f6a))
* Asynchronous initialization of Parse Server ([#8232](#8232)) ([99fcf45](99fcf45))
* Improve authentication adapter interface to support multi-factor authentication (MFA), authentication challenges, and provide a more powerful interface for writing custom authentication adapters ([#8156](#8156)) ([5bbf9ca](5bbf9ca))
* Reduce Docker image size by improving stages ([#8359](#8359)) ([40810b4](40810b4))
* Remove deprecation `DEPPS1`: Native MongoDB syntax in aggregation pipeline ([#8362](#8362)) ([d0d30c4](d0d30c4))
* Remove deprecation `DEPPS2`: Config option `directAccess` defaults to true ([#8284](#8284)) ([f535ee6](f535ee6))
* Remove deprecation `DEPPS3`: Config option `enforcePrivateUsers` defaults to `true` ([#8283](#8283)) ([ed499e3](ed499e3))
* Remove deprecation `DEPPS4`: Remove convenience method for http request `Parse.Cloud.httpRequest`  ([#8287](#8287)) ([2d79c08](2d79c08))
* Remove support for MongoDB 4.0 ([#8292](#8292)) ([37245f6](37245f6))
* Restrict use of `masterKey` to localhost by default ([#8281](#8281)) ([6c16021](6c16021))
* Upgrade Node Package Manager lock file `package-lock.json` to version 2 ([#8285](#8285)) ([ee72467](ee72467))
* Upgrade Redis 3 to 4 ([#8293](#8293)) ([7d622f0](7d622f0))
* Upgrade Redis 3 to 4 for LiveQuery ([#8333](#8333)) ([b2761fb](b2761fb))
* Upgrade to Parse JavaScript SDK 4 ([#8332](#8332)) ([9092874](9092874))
* Write log entry when request with master key is rejected as outside of `masterKeyIps` ([#8350](#8350)) ([e22b73d](e22b73d))

### BREAKING CHANGES

* The Docker image does not contain the git dependency anymore; if you have been using git as a transitive dependency it now needs to be explicitly installed in your Docker file, for example with `RUN apk --no-cache add git` (#8359) ([40810b4](40810b4))
* Fields in the internal scope of Parse Server (prefixed with underscore `_`) are only returned using the new `maintenanceKey`; previously the `masterKey` allowed reading of internal fields; see [access scopes](https://github.com/parse-community/parse-server#access-scopes) for a comparison of the keys' access permissions (#8212) ([f3bcc93](f3bcc93))
* The method `ParseServer.verifyServerUrl` now returns a promise instead of a callback. ([ffa4974](ffa4974))
* The MongoDB aggregation pipeline requires native MongoDB syntax instead of the custom Parse Server syntax; for example pipeline stage names require a leading dollar sign like `$match` and the MongoDB document ID is referenced using `_id` instead of `objectId` (#8362) ([d0d30c4](d0d30c4))
* The mechanism to determine the client IP address has been rewritten; to correctly determine the IP address it is now required to set the Parse Server option `trustProxy` accordingly if Parse Server runs behind a proxy server, see the express framework's [trust proxy](https://expressjs.com/en/guide/behind-proxies.html) setting (#8372) ([892040d](892040d))
* The Node Package Manager lock file `package-lock.json` is upgraded to version 2; while it is backwards with version 1 for the npm installer, consider this if you run any non-npm analysis tools that use the lock file (#8285) ([ee72467](ee72467))
* This release introduces the asynchronous initialization of Parse Server to prevent mounting Parse Server before being ready to receive request; it changes how Parse Server is imported, initialized and started; it also removes the callback `serverStartComplete`; see the [Parse Server 6 migration guide](https://github.com/parse-community/parse-server/blob/alpha/6.0.0.md) for more details (#8232) ([99fcf45](99fcf45))
* Nested objects are now properly stored in the database using JSON serialization; previously, due to a bug only top-level objects were serialized, but nested objects were saved as raw JSON; for example, a nested `Date` object was saved as a JSON object like `{ "__type": "Date", "iso": "2020-01-01T00:00:00.000Z" }` instead of its serialized representation `2020-01-01T00:00:00.000Z` (#8209) ([1412666](1412666))
* The Parse Server option `enforcePrivateUsers` is set to `true` by default; in previous releases this option defaults to `false`; this change improves the default security configuration of Parse Server (#8283) ([ed499e3](ed499e3))
* This release restricts the use of `masterKey` to localhost by default; if you are using Parse Dashboard on a different server to connect to Parse Server you need to add the IP address of the server that hosts Parse Dashboard to this option (#8281) ([6c16021](6c16021))
* This release upgrades to Redis 4; if you are using the Redis cache adapter with Parse Server then this is a breaking change as the Redis client options have changed; see the [Redis migration guide](https://github.com/redis/node-redis/blob/redis%404.0.0/docs/v3-to-v4.md) for more details (#8293) ([7d622f0](7d622f0))
* This release removes support for MongoDB 4.0; the new minimum supported MongoDB version is 4.2. which also removes support for the deprecated MongoDB MMAPv1 storage engine ([37245f6](37245f6))
* Throwing an error in Cloud Code Triggers `afterLogin`, `afterLogout` returns a rejected promise; in previous releases it crashed the server if you did not handle the error on the Node.js process level; consider adapting your code if your app currently handles these errors on the Node.js process level with `process.on('unhandledRejection', ...)` ([130d290](130d290))
* Config option `directAccess` defaults to true; set this to `false` in environments where multiple Parse Server instances run behind a load balancer and Parse requests within the current Node.js environment should be routed via the load balancer and distributed as HTTP requests among all instances via the `serverURL`. ([f535ee6](f535ee6))
* The convenience method for HTTP requests `Parse.Cloud.httpRequest` is removed; use your preferred 3rd party library for making HTTP requests ([2d79c08](2d79c08))
* This release removes Node 12 and Node 17 support ([2546cc8](2546cc8))
@parseplatformorg
Copy link
Contributor

🎉 This change has been released in version 6.0.0

@parseplatformorg parseplatformorg added the state:released Released as stable version label Jan 31, 2023
dblythy added a commit to dblythy/parse-server that referenced this pull request Feb 15, 2023
@dblythy
fix: Throwing error in Cloud Code Triggers afterLogin, `afterLogout…
8b1dd43 
…` crashes server (parse-community#8280)

BREAKING CHANGE: Throwing an error in Cloud Code Triggers `afterLogin`, `afterLogout` returns a rejected promise; in previous releases it crashed the server if you did not handle the error on the Node.js process level; consider adapting your code if your app currently handles these errors on the Node.js process level with `process.on('unhandledRejection', ...)`
dblythy pushed a commit to dblythy/parse-server that referenced this pull request Feb 15, 2023
@semantic-release-bot @dblythy
chore(release): 6.0.0-alpha.5 [skip ci]
43dbc61 
* Throwing error in Cloud Code Triggers `afterLogin`, `afterLogout` crashes server ([parse-community#8280](parse-community#8280)) ([130d290](parse-community@130d290))

* Throwing an error in Cloud Code Triggers `afterLogin`, `afterLogout` returns a rejected promise; in previous releases it crashed the server if you did not handle the error on the Node.js process level; consider adapting your code if your app currently handles these errors on the Node.js process level with `process.on('unhandledRejection', ...)` ([130d290](130d290))
dblythy pushed a commit to dblythy/parse-server that referenced this pull request Feb 15, 2023
@semantic-release-bot @dblythy
chore(release): 6.0.0-beta.1 [skip ci]
a8885d7 
* `ParseServer.verifyServerUrl` may fail if server response headers are missing; remove unnecessary logging ([parse-community#8391](parse-community#8391)) ([1c37a7c](parse-community@1c37a7c))
* Cloud Code trigger `beforeSave` does not work with `Parse.Role` ([parse-community#8320](parse-community#8320)) ([f29d972](parse-community@f29d972))
* ES6 modules do not await the import of Cloud Code files ([parse-community#8368](parse-community#8368)) ([a7bd180](parse-community@a7bd180))
* Nested objects are encoded incorrectly for MongoDB ([parse-community#8209](parse-community#8209)) ([1412666](parse-community@1412666))
* Parse Server option `masterKeyIps` does not include localhost by default for IPv6 ([parse-community#8322](parse-community#8322)) ([ab82635](parse-community@ab82635))
* Rate limiter may reject requests that contain a session token ([parse-community#8399](parse-community#8399)) ([c114dc8](parse-community@c114dc8))
* Remove Node 12 and Node 17 support ([parse-community#8279](parse-community#8279)) ([2546cc8](parse-community@2546cc8))
* Schema without class level permissions may cause error ([parse-community#8409](parse-community#8409)) ([aa2cd51](parse-community@aa2cd51))
* The client IP address may be determined incorrectly in some cases; this fixes a security vulnerability in which the Parse Server option `masterKeyIps` may be circumvented, see [GHSA-vm5r-c87r-pf6x](GHSA-vm5r-c87r-pf6x) ([parse-community#8372](parse-community#8372)) ([892040d](parse-community@892040d))
* Throwing error in Cloud Code Triggers `afterLogin`, `afterLogout` crashes server ([parse-community#8280](parse-community#8280)) ([130d290](parse-community@130d290))

* Access the internal scope of Parse Server using the new `maintenanceKey`; the internal scope contains unofficial and undocumented fields (prefixed with underscore `_`) which are used internally by Parse Server; you may want to manipulate these fields for out-of-band changes such as data migration or correction tasks; changes within the internal scope of Parse Server may happen at any time without notice or changelog entry, it is therefore recommended to look at the source code of Parse Server to understand the effects of manipulating internal fields before using the key; it is discouraged to use the `maintenanceKey` for routine operations in a production environment; see [access scopes](https://github.com/parse-community/parse-server#access-scopes) ([parse-community#8212](parse-community#8212)) ([f3bcc93](parse-community@f3bcc93))
* Adapt `verifyServerUrl` for new asynchronous Parse Server start-up states ([parse-community#8366](parse-community#8366)) ([ffa4974](parse-community@ffa4974))
* Add `ParseQuery.watch` to trigger LiveQuery only on update of specific fields ([parse-community#8028](parse-community#8028)) ([fc92faa](parse-community@fc92faa))
* Add Node 19 support ([parse-community#8363](parse-community#8363)) ([a4990dc](parse-community@a4990dc))
* Add option to change the log level of the logs emitted by triggers ([parse-community#8328](parse-community#8328)) ([8f3b694](parse-community@8f3b694))
* Add request rate limiter based on IP address ([parse-community#8174](parse-community#8174)) ([6c79f6a](parse-community@6c79f6a))
* Asynchronous initialization of Parse Server ([parse-community#8232](parse-community#8232)) ([99fcf45](parse-community@99fcf45))
* Improve authentication adapter interface to support multi-factor authentication (MFA), authentication challenges, and provide a more powerful interface for writing custom authentication adapters ([parse-community#8156](parse-community#8156)) ([5bbf9ca](parse-community@5bbf9ca))
* Reduce Docker image size by improving stages ([parse-community#8359](parse-community#8359)) ([40810b4](parse-community@40810b4))
* Remove deprecation `DEPPS1`: Native MongoDB syntax in aggregation pipeline ([parse-community#8362](parse-community#8362)) ([d0d30c4](parse-community@d0d30c4))
* Remove deprecation `DEPPS2`: Config option `directAccess` defaults to true ([parse-community#8284](parse-community#8284)) ([f535ee6](parse-community@f535ee6))
* Remove deprecation `DEPPS3`: Config option `enforcePrivateUsers` defaults to `true` ([parse-community#8283](parse-community#8283)) ([ed499e3](parse-community@ed499e3))
* Remove deprecation `DEPPS4`: Remove convenience method for http request `Parse.Cloud.httpRequest`  ([parse-community#8287](parse-community#8287)) ([2d79c08](parse-community@2d79c08))
* Remove support for MongoDB 4.0 ([parse-community#8292](parse-community#8292)) ([37245f6](parse-community@37245f6))
* Restrict use of `masterKey` to localhost by default ([parse-community#8281](parse-community#8281)) ([6c16021](parse-community@6c16021))
* Upgrade Node Package Manager lock file `package-lock.json` to version 2 ([parse-community#8285](parse-community#8285)) ([ee72467](parse-community@ee72467))
* Upgrade Redis 3 to 4 ([parse-community#8293](parse-community#8293)) ([7d622f0](parse-community@7d622f0))
* Upgrade Redis 3 to 4 for LiveQuery ([parse-community#8333](parse-community#8333)) ([b2761fb](parse-community@b2761fb))
* Upgrade to Parse JavaScript SDK 4 ([parse-community#8332](parse-community#8332)) ([9092874](parse-community@9092874))
* Write log entry when request with master key is rejected as outside of `masterKeyIps` ([parse-community#8350](parse-community#8350)) ([e22b73d](parse-community@e22b73d))

* The Docker image does not contain the git dependency anymore; if you have been using git as a transitive dependency it now needs to be explicitly installed in your Docker file, for example with `RUN apk --no-cache add git` (parse-community#8359) ([40810b4](40810b4))
* Fields in the internal scope of Parse Server (prefixed with underscore `_`) are only returned using the new `maintenanceKey`; previously the `masterKey` allowed reading of internal fields; see [access scopes](https://github.com/parse-community/parse-server#access-scopes) for a comparison of the keys' access permissions (parse-community#8212) ([f3bcc93](f3bcc93))
* The method `ParseServer.verifyServerUrl` now returns a promise instead of a callback. ([ffa4974](ffa4974))
* The MongoDB aggregation pipeline requires native MongoDB syntax instead of the custom Parse Server syntax; for example pipeline stage names require a leading dollar sign like `$match` and the MongoDB document ID is referenced using `_id` instead of `objectId` (parse-community#8362) ([d0d30c4](d0d30c4))
* The mechanism to determine the client IP address has been rewritten; to correctly determine the IP address it is now required to set the Parse Server option `trustProxy` accordingly if Parse Server runs behind a proxy server, see the express framework's [trust proxy](https://expressjs.com/en/guide/behind-proxies.html) setting (parse-community#8372) ([892040d](892040d))
* The Node Package Manager lock file `package-lock.json` is upgraded to version 2; while it is backwards with version 1 for the npm installer, consider this if you run any non-npm analysis tools that use the lock file (parse-community#8285) ([ee72467](ee72467))
* This release introduces the asynchronous initialization of Parse Server to prevent mounting Parse Server before being ready to receive request; it changes how Parse Server is imported, initialized and started; it also removes the callback `serverStartComplete`; see the [Parse Server 6 migration guide](https://github.com/parse-community/parse-server/blob/alpha/6.0.0.md) for more details (parse-community#8232) ([99fcf45](99fcf45))
* Nested objects are now properly stored in the database using JSON serialization; previously, due to a bug only top-level objects were serialized, but nested objects were saved as raw JSON; for example, a nested `Date` object was saved as a JSON object like `{ "__type": "Date", "iso": "2020-01-01T00:00:00.000Z" }` instead of its serialized representation `2020-01-01T00:00:00.000Z` (parse-community#8209) ([1412666](1412666))
* The Parse Server option `enforcePrivateUsers` is set to `true` by default; in previous releases this option defaults to `false`; this change improves the default security configuration of Parse Server (parse-community#8283) ([ed499e3](ed499e3))
* This release restricts the use of `masterKey` to localhost by default; if you are using Parse Dashboard on a different server to connect to Parse Server you need to add the IP address of the server that hosts Parse Dashboard to this option (parse-community#8281) ([6c16021](6c16021))
* This release upgrades to Redis 4; if you are using the Redis cache adapter with Parse Server then this is a breaking change as the Redis client options have changed; see the [Redis migration guide](https://github.com/redis/node-redis/blob/redis%404.0.0/docs/v3-to-v4.md) for more details (parse-community#8293) ([7d622f0](7d622f0))
* This release removes support for MongoDB 4.0; the new minimum supported MongoDB version is 4.2. which also removes support for the deprecated MongoDB MMAPv1 storage engine ([37245f6](37245f6))
* Throwing an error in Cloud Code Triggers `afterLogin`, `afterLogout` returns a rejected promise; in previous releases it crashed the server if you did not handle the error on the Node.js process level; consider adapting your code if your app currently handles these errors on the Node.js process level with `process.on('unhandledRejection', ...)` ([130d290](130d290))
* Config option `directAccess` defaults to true; set this to `false` in environments where multiple Parse Server instances run behind a load balancer and Parse requests within the current Node.js environment should be routed via the load balancer and distributed as HTTP requests among all instances via the `serverURL`. ([f535ee6](f535ee6))
* The convenience method for HTTP requests `Parse.Cloud.httpRequest` is removed; use your preferred 3rd party library for making HTTP requests ([2d79c08](2d79c08))
* This release removes Node 12 and Node 17 support ([2546cc8](2546cc8))
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mtrezza mtrezza mtrezza approved these changes

Assignees
No one assigned
Labels
state:breaking Breaking change requires major version increment and `BREAKING CHANGE` commit message state:released Released as stable version state:released-beta Released as beta version
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Server crashes when throwing inside Cloud Code trigger
3 participants
@dblythy @parseplatformorg @mtrezza