Fix token middleware to check if `req.loopbackContext` is active.
The context is not active for example when express-session calls
setImmediate which breaks CLS.
- Update version number in package.json, publish under "next" tag
- Add 3.0-DEVELOPING.md describing the process
- Add 3.0-RELEASE-NOTES.md to incrementally build release docs
* lib/registry: fix findModel for model ctor (Miroslav Bajtoš)
* Refer to licenses with a link (Sam Roberts)
* Fix user.resetPassword to fail on email not found (Simo Moujami)
* Fix typo in doc comment (Rand McKinney)
* Do not include redundant ports in verify links (Samuel Gaus)
* Set application's id property only if it's empty. (wusuopu)
* Check configs for shared method settings (Simon Ho)
* Add test fixtures for shared methods (Simon Ho)
* Clean up .jshintrc (Simon Ho)
* Update comment about user ACL to reflect implementation (Felipe Oliveira Carvalho)
* Add util methods to ACL and clean up related model resolutions (Raymond Feng)
* Promisify 'PersistedModel - replication' (Pradnya Baviskar)
* Promisify 'Application' model (Pradnya Baviskar)
* Allow methods filter for middleware config (Raymond Feng)
* Don't load Bluebird for createPromiseCallback (Miroslav Bajtoš)
* fix exit early when password is non-string closes#1437 (Berkeley Martinez)
* Promisify User model (Pradnya Baviskar)
* Add missing . to user model property descriptions (Richard Walker)
* Disable application model test for karma (Raymond Feng)
* Fix jsdocs for methods with where argument (Raymond Feng)
* Add link to createChangeStream docs (Ritchie Martori)
* Add PersistedModel.createChangeStream() (Ritchie Martori)
* Remove trailing whitespace from jsdoc (Ritchie Martori)
* Update model.js (Rand McKinney)
* Downgrade version of loopback-testing (Ritchie Martori)
* Auto-configure models required by `app.enableAuth` (Miroslav Bajtoš)
* Add loadBuiltinModels flag to loopback(options) (Miroslav Bajtoš)
* Add a unit-test for searchDefaultTokenKeys (Miroslav Bajtoš)
* access-token: add option "searchDefaultTokenKeys" (Owen Brotherwood)
* Fix the test case (Raymond Feng)
* Fix code standards issues (Tom Kirkpatrick)
* Add test case to highlight fatal error when trying to include a scoped relationship through a polymorphic relationship (Tom Kirkpatrick)
* add callback args for listByPrincipalType to jsdoc comment, pass explicit arguments to callback (Esco Obong)
* mark utiltiy function as private (Esco Obong)
* fix linting errors (Esco Obong)
* fix lint erros (Esco Obong)
* consolidate Role methods roles, applications, and users into one, add query param to allow for pagination and restricting fields (Esco Obong)
* fix implementation of Role methods: users,roles, and applications (Esco Obong)
* Use the new remoting.authorization hook for check access (Ritchie Martori)
* Define remote methods via model settings/config (Miroslav Bajtoš)
* Pass the full options object to the email send method in user verification process. (Alexandru Savin)
* un-document _findLayerByHandler (Rand McKinney)
* Gruntfile: disable debug & watch for CI builds (Miroslav Bajtoš)
* Update devDependencies to the latest versions (Miroslav Bajtoš)
* Remove trailing whitespace added by 242bcec (Miroslav Bajtoš)
* Update model.js (Rand McKinney)
* Improve error handling in replication (Miroslav Bajtoš)
* Add `loopback.runInContext` (Miroslav Bajtoš)
* Fix style issues (Raymond Feng)
* Document the new third callback arg of replicate() (Miroslav Bajtoš)
* Fix API doc for updateAll/deleteAll (Miroslav Bajtoš)
* Import subset of underscore.string scripts only (Miroslav Bajtoš)
* Use `ctx.instance` provided by "after delete" hook (Miroslav Bajtoš)
* Add conflict resolution API (Miroslav Bajtoš)
* Detect 3rd-party changes made during replication (Miroslav Bajtoš)
* Ability to pass in custom verification token generator This commit adds the ability for the developer to use a custom token generator function for the user.verify(...) method. By default, the system will still use the crypto.randomBytes() method if no option is provided. (jakerella)
* Remove unnecessary delay in tests. (Miroslav Bajtoš)
* Update README.md (Simon Ho)
* Remove duplicate cb func from getRoles and other doc cleanup (crandmck)
* Enhance the token middleware to support current user literal (Raymond Feng)
* Handling owner being a relation/function (Benjamin Boudreau)
* Run replication tests in the browser too (Miroslav Bajtoš)
* Add replication tests for conflict resolution (Miroslav Bajtoš)
* Fix an assertion broke by recent chai upgrade. (Miroslav Bajtoš)
* Static ACL support array of properties now (ulion)
* Add more integration tests for replication (Miroslav Bajtoš)
* Prevent more kinds of false replication conflicts (Miroslav Bajtoš)
* Upgrade deps (Raymond Feng)
* Fix "Issues" link in readme (Simon Ho)
* Add more debug logs to replication (Miroslav Bajtoš)
* Fixes#1158. (Jason Sturges)
* Checkpoint: start with seq=1 instead of seq=0 (Miroslav Bajtoš)
* Return new checkpoints in callback of replicate() (Miroslav Bajtoš)
* Create a remote checkpoint during replication too (Miroslav Bajtoš)
* Replication: fix checkpoint-related race condition (Miroslav Bajtoš)
* Support different "since" for source and target (Miroslav Bajtoš)
Refactor the core implementation of current context from
server/middleware/context.js into server/current-context.js.
Expose new public API:
- loopback.runInContext
- loopback.createContext
* Replace deprecated hooks with Operation hooks (Miroslav Bajtoš)
* test: don't warn about running deprecated paths (Miroslav Bajtoš)
* karma conf: prevent timeouts on Travis CI (Miroslav Bajtoš)
* Pass options from User.login to createAccessToken (Raymond Feng)
* Config option to disable legacy explorer routes Setting legacyExplorer to false in the loopback config will disable the routes /routes and /models made available in loopback.rest. The deprecate module has been added to the project with a reference added for the legacyExplorer option as it is no longer required by loopback-explorer. Tests added to validate functionality of disabled and enabled legacy explorer routes. (Ron Edgecomb)
* test: setup GUID for all models tracking changes (Miroslav Bajtoš)
* Change tracking requires a string id set to GUID (Miroslav Bajtoš)
Make the "redirect" parameter optional. When the parameter is not
specified, the server responds with an empty response (204). This allows
API clients to call the method without the need to handle redirects
and HTML responses.
Even when the "redirect" parameter is included, the builtin afterRemote
hook still calls next(), so that user-provided afterRemote hooks
are executed too.
The patch strongloop/loopback-datasource-juggler#436 changed the way
how `Model.extend` works, which broke one loopback test relying on the
old behaviour.
This commit fixes the failing test. The test is checking now that
the model base was not changed, instead of checking that the base
is undefined.
Bugs fixed:
- express helpers like `req.get` are now available in middleware
handlers registered via `app.middleware`
- `req.url` does not include the mountpath prefix now, this is
consistent with the behaviour of `app.use`
The implementation of phased middleware was completely rewritten.
- We no longer use Phase and PhaseList objects from loopback-phase.
- Handler functions are registered via the `Layer` mechanism used by
express router.
- The app keeps the layers sorted according to phases.
Add a new argument to `app.middleware` allowing developers
to restrict the middleware to a list of paths or regular expresions.
Modify `app.middlewareFromConfig` to pass `config.paths` as the second
arg of `app.middleware`.
Examples:
// A string path (interpreted via path-to-regexp)
app.middleware('auth', '/admin', ldapAuth);
// A regular expression
app.middleware('initial', /^\/~(admin|root)/, rejectWith404);
// A list of scopes
app.middleware('routes', ['/api', /^\/assets/.*\.json$/], foo);
// From config
app.middlewareFromConfig(
handlerFactory,
{
phase: 'initial',
paths: ['/scope', /^\/(a|b)/]
});
Modify the app and router implementation, so that the middleware is
executed in order defined by phases.
Predefined phases:
'initial', 'session', 'auth', 'parse', 'routes', 'files', 'final'
Methods defined via `app.use`, `app.route` and friends are executed
as the first thing in 'routes' phase.
API usage:
app.middleware('initial', compression());
app.middleware('initial:before', serveFavicon());
app.middleware('files:after', loopback.urlNotFound());
app.middleware('final:after', errorHandler());
Middleware flavours:
// regular handler
function handler(req, res, next) {
// do stuff
next();
}
// error handler
function errorHandler(err, req, res, next) {
// handle error and/or call next
next(err);
}