Enhance the error objects with a `code` property containing
a machine-readable string code describing the error, for example
INVALID_TOKEN or USER_NOT_FOUND.
Also improve 404 error messages to include the model name.
Allow convenient URLs for curl and browsers such as:
- http://some-long-token@localhost:3000/
- http://token:some-long-token@localhost:3000/
Basic Auth specifies a 'Basic' scheme for the Authorization header
similar to how OAuth specifies 'Bearer' as an auth scheme.
Following a similar convention, extract the access token from the
Authorization header when it specifies the 'Basic' scheme, assuming
it is the larger of the <user>:<pass> segments.
When executing a request using a pooled connection, connectors
like MongoDB and/or MySQL rebind callbacks to the domain which
issued the request, as opposed to the domain which opened the pooled
connection.
This commit fixes the context middleware to play nicely with that
mechanism and preserve domain rebinds.
Bugs fixed:
- express helpers like `req.get` are now available in middleware
handlers registered via `app.middleware`
- `req.url` does not include the mountpath prefix now, this is
consistent with the behaviour of `app.use`
The implementation of phased middleware was completely rewritten.
- We no longer use Phase and PhaseList objects from loopback-phase.
- Handler functions are registered via the `Layer` mechanism used by
express router.
- The app keeps the layers sorted according to phases.
Add a new argument to `app.middleware` allowing developers
to restrict the middleware to a list of paths or regular expresions.
Modify `app.middlewareFromConfig` to pass `config.paths` as the second
arg of `app.middleware`.
Examples:
// A string path (interpreted via path-to-regexp)
app.middleware('auth', '/admin', ldapAuth);
// A regular expression
app.middleware('initial', /^\/~(admin|root)/, rejectWith404);
// A list of scopes
app.middleware('routes', ['/api', /^\/assets/.*\.json$/], foo);
// From config
app.middlewareFromConfig(
handlerFactory,
{
phase: 'initial',
paths: ['/scope', /^\/(a|b)/]
});
Refactor the implementation to use the new method `phaseList.zipMerge`.
This is commit is changing the behaviour in the case when
the first new phase does not exist in the current list.
Before the change, all new phases were added just before the "routes"
phase.
After this change, new phases are added to the head of the list,
until an existing phase is encountered, at which point the regular
merge algorithm kicks in.
Example:
app.defineMiddlewarePhases(['first', 'routes', 'subapps']);
Before the change: code throws an error - 'routes' already exists.
After the change: phases are merged with the following result:
'first', 'initial', ..., 'routes', 'subapps', ...
Implement method for registering (new) middleware phases.
- If all names are new, then the phases are added just before
the "routes" phase.
- Otherwise the provided list of names is merged with the existing
phases in such way that the order of phases is preserved.
Example
// built-in phases:
// initial, session, auth, parse, routes, files, final
app.defineMiddlewarePhases('custom');
// new list of phases
// initial, session, auth, parse,
// custom,
// routes, files, final
app.defineMiddlewarePhases([
'initial', 'postinit', 'preauth', 'routes', 'subapps'
]);
// new list of phases
// initial,
// postinit, preauth,
// session, auth, parse, custom,
// routes,
// subapps,
// files, final
Implement a function registering a middleware using a factory function
and a JSON config.
Example:
app.middlewareFromConfig(compression, {
enabled: true,
phase: 'initial',
config: {
threshold: 128
}
});
Modify the app and router implementation, so that the middleware is
executed in order defined by phases.
Predefined phases:
'initial', 'session', 'auth', 'parse', 'routes', 'files', 'final'
Methods defined via `app.use`, `app.route` and friends are executed
as the first thing in 'routes' phase.
API usage:
app.middleware('initial', compression());
app.middleware('initial:before', serveFavicon());
app.middleware('files:after', loopback.urlNotFound());
app.middleware('final:after', errorHandler());
Middleware flavours:
// regular handler
function handler(req, res, next) {
// do stuff
next();
}
// error handler
function errorHandler(err, req, res, next) {
// handle error and/or call next
next(err);
}
Modify `loopback.rest()` to read the configuration for
`loopback.context` from `app.get('remoting')`, which is the approach
used for all other configuration options related to the REST transport.
- Implement the middleware `loopback.context`
- Inject context into juggler and strong-remoting
- Make http context optional and default to false
- Optionally mount context middleware from `loopback.rest`
Enable authentication for all User unit-tests to check that the ACLs are
correctly configured.
Fix the rule for `confirm` - the correct permission is `ALLOW`, not
`ACL.ALLOW`.
Allow the developer to pass custom `remoting` options via Model
settings, e.g.
PersistedModel.extend(
'MyModel',
{ name: String },
{
remoting: { normalizeHttpPath: true }
});
Also add `options` arg to `app.handler`, this object is passed directly
to strong-remoting handler.
When running on Unix and no hostname is specified, use `0.0.0.0`
as the hostname instead of `localhost`.
When running on Windows and the hostname is either not specified or
it is `0.0.0.0` or `::`, use `localhost` in the URL. The reason is
that Windows cannot open URLs using `0.0.0.0` as a hostname.
- Move core models `Model` and `PersistedModel` to `lib/`.
- Move `AccessContext` class to `lib/`, since it is not a model.
- Move all other built-in models to `common/models`.
This is a preparation for extracting model definitions to JSON files.
By splitting the change into multiple commits, git is able to keep track
of file moves (renames).
Modify `registry.configureModel()` to log a warning when `dataSource`
optiont is not specified at all.
Users should provide `dataSource: null` when the model is intentionally
not attached to any data-source.
Ron Edgecomb
Ryan Graham
Ryan Graham
Raymond Feng
Raymond Feng
Pham Anh Tuan
Ritchie Martori
Clark Wang
Farid Neshat
Miroslav Bajtoš
Rob Halff
Miroslav Bajtoš
Guilherme Cirne
Juan Pizarro
Fabien Franzen
Alexander Ryzhikov
Jaka Hudoklin
britztopher