Fix token middleware to check if `req.loopbackContext` is active.
The context is not active for example when express-session calls
setImmediate which breaks CLS.
- Removes backward compatibility
for legacy end points `/models` & `/routes`
- Removes `legacyExplorer` flag which
enabled these routes
- Update related tests & tests using the
legacyExplorer flag
Add two new options:
- When `enableDoublecheck` is true, the middleware will run
even if a previous middleware has already set `req.accessToken`
(possibly to `null` for anonymous requests)
- When `overwriteExistingToken` is true (and `enableDoublecheck` too),
the middleware will overwrite `req.accessToken` set by a previous
middleware instances.
- `loopback.registry` is now a true global registry
- `app.registry` is unique per app object
- `Model.registry` is set when a Model is created using any registry method
- `loopback.localRegistry` and `loopback({localRegistry: true})` when set to `true` this will create a `Registry` per `Application`. It defaults to `false`.
Refactor the core implementation of current context from
server/middleware/context.js into server/current-context.js.
Expose new public API:
- loopback.runInContext
- loopback.createContext
Setting legacyExplorer to false in the loopback config will disable
the routes /routes and /models made available in loopback.rest.
The deprecate module has been added to the project with a reference
added for the legacyExplorer option as it is no longer required by
loopback-explorer. Tests added to validate functionality of disabled
and enabled legacy explorer routes.
Domains are created per request rather than creating a single
domain for all requests. This kills the memory leak, as a single
domain would keep a reference to every single req and res, causing
rapid heap growth.
When executing a request using a pooled connection, connectors
like MongoDB and/or MySQL rebind callbacks to the domain which
issued the request, as opposed to the domain which opened the pooled
connection.
This commit fixes the context middleware to play nicely with that
mechanism and preserve domain rebinds.
The new location allows developer to use the following identifiers
when loading the middleware using the new declarative style:
app.middlewareFromConfig(
require('loopback/server/middleware/rest'),
{ phase: 'routes' });
app.middlewareFromConfig(
require('loopback/server/middleware/url-not-found'),
{ phase: 'final' });
Candy
Carl Fürstenberg
Miroslav Bajtoš
gunjpan
Loay
Ryan Graham
Manu Phatak
Benjamin Kröger
Richard Walker
Owen Brotherwood
Ritchie Martori
Miroslav Bajtoš
Raymond Feng
Ron Edgecomb
Samuel Reed
Pham Anh Tuan
Rand McKinney