Merge pull request #1 from parse-community/master

 Updated to pass masterKey for Config get request (parse-community#575)

Author: Andrew Miracle

.editorconfig

@@ -0,0 +1,12 @@
+root = true
+
+[*]
+indent_style = space
+indent_size = 2
+end_of_line = lf
+charset = utf-8
+trim_trailing_whitespace = true
+insert_final_newline = true
+
+[*.md]
+trim_trailing_whitespace = false

.eslintrc.json

@@ -0,0 +1,27 @@
+{
+    "env": {
+        "es6": true,
+        "node": true,
+        "browser": true
+    },
+    "parser": "babel-eslint",
+    "extends": "eslint:recommended",
+    "installedESLint": true,
+    "parserOptions": {
+        "ecmaFeatures": {
+            "experimentalObjectRestSpread": true,
+            "jsx": true
+        },
+        "sourceType": "module"
+    },
+    "plugins": [
+        "react"
+    ],
+    "rules": {
+        "react/jsx-uses-vars": 1,
+        "react/jsx-uses-react": 1,
+        "react/react-in-jsx-scope": 1,
+        "no-console": 0,
+        "no-case-declarations": 0
+    }
+}

.github/ISSUE_TEMPLATE.md

@@ -1,8 +1,8 @@
 Make sure these boxes are checked before submitting your issue -- thanks for reporting issues back to Parse Dashboard!
 
-- [ ] You're running version >=1.0.21 of Parse Dashboard.
+- [ ] You're running version >=1.0.23 of Parse Dashboard.
 
-- [ ] You're running version >=2.2.24 of Parse Server.
+- [ ] You're running version >=2.3.2 of Parse Server.
 
 - [ ] You've searched through [existing issues](https://github.com/ParsePlatform/parse-dashboard/issues?utf8=%E2%9C%93&q=). Chances are that your issue has been reported or resolved before.
 

.gitignore

@@ -5,7 +5,9 @@ PIG/bundles/
 Parse-Dashboard/public/bundles/
 Parse-Dashboard/parse-dashboard-config.json
 npm-debug.log
+.eslintcache
 
 // vim .swp
 *.swp
 .env
+.idea/

.travis.yml

@@ -1,15 +1,18 @@
 language: node_js
 node_js:
-- '4.4'
-- '5.7'
-- '6.1'
+- '6.11'
+- '8.8'
+before_script: ./scripts/before_script.sh
+cache:
+  directories:
+    - node_modules
 deploy:
   provider: npm
   on:
     tags: true
     all_branches: true
     condition: "$TRAVIS_JOB_NUMBER = $TRAVIS_BUILD_NUMBER.1"
-    repo: ParsePlatform/parse-dashboard
+    repo: parse-community/parse-dashboard
   email:
     secure: NVlNLZh4bsCUaO1qYdXp6DpYnISQIXqz0xIaMfPI06CqFErkqlodWD7aOOYT2LyKos1f9QbQBbURl27drtJLudNqIXfMFbWMc0MwDJp4fJBa6vRFdn1jYNDcrqTbdAAoH5z6SU4r7YdiPz5pIJ7XjMajryaB7dAZLNiuZaTeTboF6QEQj+j+bw9IMcuiDIxQt3t+5f9Raah1HwZX5h5CBXS8voE97deCpf6jdVt3gaKvnZGvTvnDfYBsvmDE2ueqFK/xjt240PMArxqTbkEVFl/7Gti5jurLIKtX7StNsEZZZiGJS2+E9Px5nSFMM3JKnfD5Cj6IZxqobL9mQ4KueaL3tX5BOnbHfSpJs2t3Lp8TO0hnpmn8w/d7pekOjH3LihgC7AbZ3/ark9ZvPvP63XKhivKL4NuvNa+8yHeQNOLIzOjTPZl7ZS6XkibwxsOtgasMQWK4/Ttg6/jHHPjaXbnqn7ZoIM2GPZBv22xaReIWSRJdgW8G9ceSBEIIZFONkKsH0apDDq3eHg0vNEI4R3oEmV6t/R9yvpCzarfNLn5+l80ztMM+rX91eXT8B5V8Mpy+7urbQwIoFLUGRPDxbofEqEm8S6sLsjyYe7VnxBC4Lhir3DFxYL0+q5YLfhq64AejA4BM65+v5SyvXCUvyakzsRsydU230sJyaONHD5I=
   api_key:

CHANGELOG.md

@@ -3,6 +3,64 @@
 ### NEXT RELEASE
 
 * _Contributing to this repo? Add info about your change here to be included in next release_
+* Fix: Filtering with a 1-digit number (#831), thanks to [Pascal Giguère](https://github.com/pgiguere1)
+
+### 1.1.2
+
+* Fix: An issue introduced when using readOnlyMasterKey would make all users readOnly after one has logged in.
+* Reverts: Dependency updates that would render the build unstable / broken.
+
+### 1.1.1
+
+* Fix: Updating array of Dates now keeps it's type (was changing to array of ISO strings, issue #590), thanks to [David Riha](https://github.com/rihadavid)
+* Fix: NaN displayed when filter input is empty or negative number (#749), thanks to [Miguel Serrrano](https://github.com/miguel-s)
+* Fix: Addresses issue related to displaying iOS alert object containing title and body keys (#539), thanks to [Robert Martin del Campo](https://github.com/repertus)
+* Feature: Adds support for localized push notifications if server version is high enough, thanks to [Florent Vilmart](https://github.com/flovilmart)
+* Feature: Adds support for readOnly masterKey, thanks to [Florent Vilmart](https://github.com/flovilmart)
+* Feature: Adds support for polygon types, thansk to [Mads Bjerre](https://github.com/madsb)
+* Feature: Adds support for push time, expiration time, and expiration interval, thanks to [Marvel Mathew](https://github.com/marvelm)
+
+### 1.1.0
+
+* Feature: UI for managing push audiences (#712), thanks to [Davi Macedo](https://github.com/davimacedo)
+* Feature: When editing Object or Array fields the data is displayed in a prettier format and the textarea is resizable (#734), thanks to [Samuli Siivinen](https://github.com/ssamuli)
+* Fix: Display bug on safari when table has empty cells ('') (#731), thanks to [Samuli Siivinen](https://github.com/ssamuli)
+* Fix: Added message that notifies Background Jobs requiring additional setup (#740 & #741), thanks to [Samuli Siivinen](https://github.com/ssamuli) and [Natan Rolnik](https://github.com/natanrolnik)
+
+### 1.0.28
+* Feature: Add ability to search Object columns (#727), thanks to [Samuli Siivinen](https://github.com/ssamuli)
+* Improvement: Added/fixed a filtering option "contains string" for String fields. Case insensitive for now (#728), thanks to [Samuli Siivinen](https://github.com/ssamuli)
+* Improvement: Sort config data according to parameter names (#726), thanks to [Natan Rolnik](https://github.com/natanrolnik)
+
+### 1.0.27
+* Improvement: Show notifications upon success or failure of save and delete objects (#718), thanks to [Natan Rolnik](https://github.com/natanrolnik)
+* Improvement: Moves download option into file editor (#716), thanks to [Natan Rolnik](https://github.com/natanrolnik)
+
+### 1.0.26
+* Improvement: Fixes broken links, thanks to [Arthur Cinader](https://github.com/acinader)
+* Improvement: Title on the add row button, thanks to [Abdul Basit](https://github.com/basitsattar)
+* Improvement: Use slim docker image, thanks to [Tyler Brock](https://github.com/tbrock)
+* Fix: table scrolling on google chrome (#671), thanks to [Jacer Omri](https://github.com/JacerOmri)
+* Various: adds eslint, thanks to [Jeremy Louie](https://github.com/JeremyPlease)
+
+### 1.0.25
+
+* Improvement: Update and add links to sidebar footer (#661), thanks to [Natan Rolnik](https://github.com/natanrolnik)
+* Fix: Don’t call unsupported endpoints in Parse Server (#660), thanks to [Natan Rolnik](https://github.com/natanrolnik)
+* Fix: Display correctly Files and GeoPoints in Config (#666), thanks to [Natan Rolnik](https://github.com/natanrolnik)
+
+### 1.0.24
+
+* Improvement: Data browser updates object count when table is filtered (#652), thanks to [Mike Rizzo](https://github.com/rizzomichaelg)
+* Improvement: Apps name sorting by name (#654), thanks to [Thilo Schmalfuß](https://github.com/scthi)
+* Fix: Fetch jobs list not showing (#656), thanks to [Natan Rolnik](https://github.com/natanrolnik)
+
+### 1.0.23
+
+* Improvement: Enabling web hooks (#584), thanks to [Antonio Davi Macedo Coelho de Castro](https://github.com/davimacedo)
+* Improvement: Set autofocus on the username input field (#644), thanks to [Herman Liang](https://github.com/hermanliang)
+* Fix: Browser won't render class table with field that contains an object (#623), thanks to [Jordan Haven](https://github.com/jordanhaven)
+* Fix: Config FETCH results in 401 (#575), thanks to [Matt Simms](https://github.com/brndmg)
 
 ### 1.0.22
 
@@ -18,7 +76,6 @@
 * Fix: Can't send push to specific user (#570), thanks to [Dan VanWinkle](https://github.com/dvanwinkle)
 * Fix: Download link in footer menu (#567), thanks to [Pavel Ivanov](https://github.com/pivanov)
 
-
 ### 1.0.19
 
 * New: Support for trusting proxies w/ HTTPS

Dockerfile

@@ -1,4 +1,5 @@
-FROM node:4.4.2
+FROM node:argon-slim
+ENV NPM_CONFIG_LOGLEVEL error
 WORKDIR /src
 ADD . /src
 RUN cd /src \

LICENSE

@@ -24,3 +24,7 @@ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
 CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
 IN ANY WAY OUT OF THE USE OF THE SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
 OF SUCH DAMAGE.
+
+-----
+
+As of April 5, 2017, Parse, LLC has transferred this code to the parse-community organization, and will no longer be contributing to or distributing this code.

Parse-Dashboard/Authentication.js

@@ -17,7 +17,8 @@ function Authentication(validUsers, useEncryptedPasswords, mountPath) {
   this.mountPath = mountPath;
 }
 
-function initialize(app) {
+function initialize(app, options) {
+  options = options || {};
   var self = this;
   passport.use('local', new LocalStrategy(
     function(username, password, cb) {
@@ -43,11 +44,12 @@ function initialize(app) {
     cb(null, user);
   });
 
+  var cookieSessionSecret = options.cookieSessionSecret || require('crypto').randomBytes(64).toString('hex');
   app.use(require('connect-flash')());
   app.use(require('body-parser').urlencoded({ extended: true }));
   app.use(require('cookie-session')({
     key    : 'parse_dash',
-    secret : 'magic',
+    secret : cookieSessionSecret,
     cookie : {
       maxAge: (2 * 7 * 24 * 60 * 60 * 1000) // 2 weeks
     }
@@ -77,8 +79,9 @@ function initialize(app) {
  * @returns {Object} Object with `isAuthenticated` and `appsUserHasAccessTo` properties
  */
 function authenticate(userToTest, usernameOnly) {
-  var appsUserHasAccessTo = null;
-  var matchingUsername = null;
+  let appsUserHasAccessTo = null;
+  let matchingUsername = null;
+  let isReadOnly = false;
 
   //they provided auth
   let isAuthenticated = userToTest &&
@@ -94,6 +97,7 @@ function authenticate(userToTest, usernameOnly) {
         matchingUsername = user.user;
         // User restricted apps
         appsUserHasAccessTo = user.apps || null;
+        isReadOnly = !!user.readOnly; // make it true/false
       }
 
       return isAuthenticated;
@@ -102,7 +106,8 @@ function authenticate(userToTest, usernameOnly) {
   return {
     isAuthenticated,
     matchingUsername,
-    appsUserHasAccessTo
+    appsUserHasAccessTo,
+    isReadOnly,
   };
 }
 

Parse-Dashboard/app.js

@@ -31,7 +31,7 @@ function checkIfIconsExistForApps(apps, iconsFolder) {
     var iconName = currentApp.iconName;
     var path = iconsFolder + "/" + iconName;
 
-    fs.stat(path, function(err, stat) {
+    fs.stat(path, function(err) {
       if (err) {
           if ('ENOENT' == err.code) {// file does not exist
               console.warn("Icon with file name: " + iconName +" couldn't be found in icons folder!");
@@ -46,7 +46,8 @@ function checkIfIconsExistForApps(apps, iconsFolder) {
   }
 }
 
-module.exports = function(config, allowInsecureHTTP) {
+module.exports = function(config, options) {
+  options = options || {};
   var app = express();
   // Serve public files.
   app.use(express.static(path.join(__dirname,'public')));
@@ -62,7 +63,7 @@ module.exports = function(config, allowInsecureHTTP) {
     const users = config.users;
     const useEncryptedPasswords = config.useEncryptedPasswords ? true : false;
     const authInstance = new Authentication(users, useEncryptedPasswords, mountPath);
-    authInstance.initialize(app);
+    authInstance.initialize(app, { cookieSessionSecret: options.cookieSessionSecret });
 
     // CSRF error handler
     app.use(function (err, req, res, next) {
@@ -75,8 +76,9 @@ module.exports = function(config, allowInsecureHTTP) {
 
     // Serve the configuration.
     app.get('/parse-dashboard-config.json', function(req, res) {
+      let apps = config.apps.map((app) => Object.assign({}, app)); // make a copy
       let response = {
-        apps: config.apps,
+        apps: apps,
         newFeaturesInLatestVersion: newFeaturesInLatestVersion,
       };
 
@@ -86,7 +88,7 @@ module.exports = function(config, allowInsecureHTTP) {
         req.connection.remoteAddress === '127.0.0.1' ||
         req.connection.remoteAddress === '::ffff:127.0.0.1' ||
         req.connection.remoteAddress === '::1';
-      if (!requestIsLocal && !req.secure && !allowInsecureHTTP) {
+      if (!requestIsLocal && !req.secure && !options.allowInsecureHTTP) {
         //Disallow HTTP requests except on localhost, to prevent the master key from being transmitted in cleartext
         return res.send({ success: false, error: 'Parse Dashboard can only be remotely accessed via HTTPS' });
       }
@@ -100,14 +102,29 @@ module.exports = function(config, allowInsecureHTTP) {
 
       const successfulAuth = authentication && authentication.isAuthenticated;
       const appsUserHasAccess = authentication && authentication.appsUserHasAccessTo;
+      const isReadOnly = authentication && authentication.isReadOnly;
+      // User is full read-only, replace the masterKey by the read-only one
+      if (isReadOnly) {
+        response.apps = response.apps.map((app) => {
+          app.masterKey = app.readOnlyMasterKey;
+          if (!app.masterKey) {
+            throw new Error('You need to provide a readOnlyMasterKey to use read-only features.');
+          }
+          return app;
+        });
+      }
 
       if (successfulAuth) {
         if (appsUserHasAccess) {
           // Restric access to apps defined in user dictionary
           // If they didn't supply any app id, user will access all apps
           response.apps = response.apps.filter(function (app) {
             return appsUserHasAccess.find(appUserHasAccess => {
-              return app.appId == appUserHasAccess.appId
+              const isSame = app.appId === appUserHasAccess.appId;
+              if (isSame && appUserHasAccess.readOnly) {
+                app.masterKey = app.readOnlyMasterKey;
+              }
+              return isSame;
             })
           });
         }