Since the new owners of this repository decided to no longer share their toys and have taken the source code away from the public,
we have provided the old changelog for the @3wks/gae-node-nestjs library here for convenience to allow people to upgrade old applications eventually to our
new @mondomob/gae-node-nestjs library.
NOTE: This changelog is for the old @3wks/gae-node-nests library.
Here is the main @mondomob/gae-node-nestjs changelog.
- Fix typings to support multiple query predicates for arrays of primitives and union types.
- Audit fix one moderate security issue related to "serialize-javascript". Internal minor dependency updates.
- Allow multiple predicates per field when querying search service
- Update some internal dependencies to get vulnerabilities down to one moderate from 12,763
- Allow users with existing (enabled) User entity to login with external auth. Previous code assumed that if we don't have a LoginCredential stored then we always need to create a user. This caused errors when we had a user record already but that user had not logged in (in most cases resulting in an endless redirect loop). Updated solution allows existing user to login.
UserServiceinterface has an additional method tocreateOrUpdate. Most implementations that extendAbstractUserServiceshould remain unaffected.
- Pass Context to repository beforePersist hook
- Allow custom props in Context
- Any existing beforePersist hooks need to update to use the new signature:
protected beforePersist(context: Context, entities: OneOrMany<T>): OneOrMany<T>;
- Log graphql errors as warning severity
- Log non-fatal errors as warning severity in transactions
- Automatically filter undefined entries from search results
- Delete search indexes when entities deleted
- Add changelog
- Update all gcloud dependencies
- Allow fake login in deployed environments. A secret is required for deployed environments it logs a warn level message that fake login is enabled.
- Add email whitelist option to mail devhooks
- Email prefix can be added without enabling diversion
- [Bug] Respect local login enabled flag
- Update jest config for server code with "testEnvironment": "node" or run with jest --env node
- Fake login config has changed to use following form:
auth: {
fake?: {
enabled?: boolean;
secret?: string;
}
}
- Update passport auth service to raise authentication errors on failed logins
- Update dev dependencies
- Use uuid instead of node-uuid lib
- Add prettier as dependency and fixup lint/format conflicts
No breaking changes.
- Reject login attempts if local backed user has been explicitly disabled.
- Update local signout to be a GET request instead of a POST. Existing method still there but logs a deprecation warning.
- Static assets can be configured before session handling by passing configuration to configureExpress function. By default will also not serve index.html if you request the site root (required for next change to work correctly). So instead of:
app.useStaticAssets('public');
Do this:
configureExpress(expressApp, {
session: {...},
staticAssets: {
root: 'public',
},
});
- Session will be saved before index.html is returned to browser. Depends on previous change so that the index.html won’t be served by the static middleware. Instead will always be served by the Nest catch all exception handler in filter.ts (i.e. the catch all route to enable client side routing).
- Update @google-cloud/storage to 2.5.0
- Enable configuration of federated auth failureRedirect url. No changes required as defaults to / to match existing behaviour.
- Ensure all LoginCredentials entities are always saved with lowercase id and retrieved with lowercase id in auth service. This could be breaking if you have existing LoginCredentials entities stored with mixed case.
- Add
beforePersist()hook on Repository so that you can intercept and optionally transform entities before one of the many "save" methods: save update insert upsert.
- Add fake login option for local development environment only
- Add ability to sign-in with okta using oidc (Open ID Connect) protocol.
- Add option
overwriteExistingso that if someone previously registered/logged in with username/password it will overwrite their existing credentials to be oidc and re-use the user with pre-existing roles.
- Default session timeout can be overridde
- [Bug] Auth Controller activateAccount service hanging
- Add query for checking activation code
- [Bug] Fix csrf maxage
- [Bug] Set a (very long) max age on the csrf token cookie, to fix bug where session cookie can still be valid (now that we are setting a maxage on them) but the csrf token is gone
- [Bug] reinstate activate endpoint (oops)
- Disallow adding super role when editing users so its consistent with inviting
- Support paged queries with the search service
- Improve expired activation code message copy and move activationExpiryInMinutes configuration to a more meaningful place
- Add configurable copy to activation email to indicate when link will expire
- Remove auto-login after activate because it hasnt been done properly
- Add img-src directive for gravatar as it's widely used
- Add an auth listener so library consumers can listen for login events (breaking change)
- Default session timeout to 2 hours, and enable rolling sessions (so maxAge gets reset when there is activity)
- Add endpoint to redirect to auth0 logout page
- Include profile scope for auth0 integration and set name on user
- fix manifest-src error