Merge remote-tracking branch 'upstream/back4app1.1.2' into homolog

Author: paivaric

.editorconfig

@@ -0,0 +1,12 @@
+root = true
+
+[*]
+indent_style = space
+indent_size = 2
+end_of_line = lf
+charset = utf-8
+trim_trailing_whitespace = true
+insert_final_newline = true
+
+[*.md]
+trim_trailing_whitespace = false

.eslintrc.json

@@ -0,0 +1,27 @@
+{
+    "env": {
+        "es6": true,
+        "node": true,
+        "browser": true
+    },
+    "parser": "babel-eslint",
+    "extends": "eslint:recommended",
+    "installedESLint": true,
+    "parserOptions": {
+        "ecmaFeatures": {
+            "experimentalObjectRestSpread": true,
+            "jsx": true
+        },
+        "sourceType": "module"
+    },
+    "plugins": [
+        "react"
+    ],
+    "rules": {
+        "react/jsx-uses-vars": 1,
+        "react/jsx-uses-react": 1,
+        "react/react-in-jsx-scope": 1,
+        "no-console": 0,
+        "no-case-declarations": 0
+    }
+}

.gitignore

@@ -5,11 +5,11 @@ PIG/bundles/
 Parse-Dashboard/public/bundles/
 Parse-Dashboard/parse-dashboard-config.json
 npm-debug.log
+.eslintcache
 
 // vim .swp
 *.swp
 .env
-
 .idea/
 
 npm-debug.log.*

.travis.yml

@@ -3,13 +3,16 @@ node_js:
 - '4.4'
 - '5.7'
 - '6.1'
+cache:
+  directories:
+    - node_modules
 deploy:
   provider: npm
   on:
     tags: true
     all_branches: true
     condition: "$TRAVIS_JOB_NUMBER = $TRAVIS_BUILD_NUMBER.1"
-    repo: ParsePlatform/parse-dashboard
+    repo: parse-community/parse-dashboard
   email:
     secure: NVlNLZh4bsCUaO1qYdXp6DpYnISQIXqz0xIaMfPI06CqFErkqlodWD7aOOYT2LyKos1f9QbQBbURl27drtJLudNqIXfMFbWMc0MwDJp4fJBa6vRFdn1jYNDcrqTbdAAoH5z6SU4r7YdiPz5pIJ7XjMajryaB7dAZLNiuZaTeTboF6QEQj+j+bw9IMcuiDIxQt3t+5f9Raah1HwZX5h5CBXS8voE97deCpf6jdVt3gaKvnZGvTvnDfYBsvmDE2ueqFK/xjt240PMArxqTbkEVFl/7Gti5jurLIKtX7StNsEZZZiGJS2+E9Px5nSFMM3JKnfD5Cj6IZxqobL9mQ4KueaL3tX5BOnbHfSpJs2t3Lp8TO0hnpmn8w/d7pekOjH3LihgC7AbZ3/ark9ZvPvP63XKhivKL4NuvNa+8yHeQNOLIzOjTPZl7ZS6XkibwxsOtgasMQWK4/Ttg6/jHHPjaXbnqn7ZoIM2GPZBv22xaReIWSRJdgW8G9ceSBEIIZFONkKsH0apDDq3eHg0vNEI4R3oEmV6t/R9yvpCzarfNLn5+l80ztMM+rX91eXT8B5V8Mpy+7urbQwIoFLUGRPDxbofEqEm8S6sLsjyYe7VnxBC4Lhir3DFxYL0+q5YLfhq64AejA4BM65+v5SyvXCUvyakzsRsydU230sJyaONHD5I=
   api_key:

CHANGELOG.md

@@ -4,6 +4,44 @@
 
 * _Contributing to this repo? Add info about your change here to be included in next release_
 
+### 1.1.2
+
+* Fix: An issue introduced when using readOnlyMasterKey would make all users readOnly after one has logged in.
+* Reverts: Dependency updates that would render the build unstable / broken.
+
+### 1.1.1
+
+* Fix: Updating array of Dates now keeps it's type (was changing to array of ISO strings, issue #590), thanks to [David Riha](https://github.com/rihadavid)
+* Fix: NaN displayed when filter input is empty or negative number (#749), thanks to [Miguel Serrrano](https://github.com/miguel-s)
+* Fix: Addresses issue related to displaying iOS alert object containing title and body keys (#539), thanks to [Robert Martin del Campo](https://github.com/repertus)
+* Feature: Adds support for localized push notifications if server version is high enough, thanks to [Florent Vilmart](https://github.com/flovilmart)
+* Feature: Adds support for readOnly masterKey, thanks to [Florent Vilmart](https://github.com/flovilmart)
+* Feature: Adds support for polygon types, thansk to [Mads Bjerre](https://github.com/madsb)
+* Feature: Adds support for push time, expiration time, and expiration interval, thanks to [Marvel Mathew](https://github.com/marvelm)
+
+### 1.1.0
+
+* Feature: UI for managing push audiences (#712), thanks to [Davi Macedo](https://github.com/davimacedo)
+* Feature: When editing Object or Array fields the data is displayed in a prettier format and the textarea is resizable (#734), thanks to [Samuli Siivinen](https://github.com/ssamuli)
+* Fix: Display bug on safari when table has empty cells ('') (#731), thanks to [Samuli Siivinen](https://github.com/ssamuli)
+* Fix: Added message that notifies Background Jobs requiring additional setup (#740 & #741), thanks to [Samuli Siivinen](https://github.com/ssamuli) and [Natan Rolnik](https://github.com/natanrolnik)
+
+### 1.0.28
+* Feature: Add ability to search Object columns (#727), thanks to [Samuli Siivinen](https://github.com/ssamuli)
+* Improvement: Added/fixed a filtering option "contains string" for String fields. Case insensitive for now (#728), thanks to [Samuli Siivinen](https://github.com/ssamuli)
+* Improvement: Sort config data according to parameter names (#726), thanks to [Natan Rolnik](https://github.com/natanrolnik)
+
+### 1.0.27
+* Improvement: Show notifications upon success or failure of save and delete objects (#718), thanks to [Natan Rolnik](https://github.com/natanrolnik)
+* Improvement: Moves download option into file editor (#716), thanks to [Natan Rolnik](https://github.com/natanrolnik)
+
+### 1.0.26
+* Improvement: Fixes broken links, thanks to [Arthur Cinader](https://github.com/acinader)
+* Improvement: Title on the add row button, thanks to [Abdul Basit](https://github.com/basitsattar)
+* Improvement: Use slim docker image, thanks to [Tyler Brock](https://github.com/tbrock)
+* Fix: table scrolling on google chrome (#671), thanks to [Jacer Omri](https://github.com/JacerOmri)
+* Various: adds eslint, thanks to [Jeremy Louie](https://github.com/JeremyPlease)
+
 ### 1.0.25
 
 * Improvement: Update and add links to sidebar footer (#661), thanks to [Natan Rolnik](https://github.com/natanrolnik)

Dockerfile

@@ -1,4 +1,5 @@
-FROM node:4.4.2
+FROM node:argon-slim
+ENV NPM_CONFIG_LOGLEVEL error
 WORKDIR /src
 ADD . /src
 RUN cd /src \

LICENSE

@@ -24,3 +24,7 @@ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
 CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
 IN ANY WAY OUT OF THE USE OF THE SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
 OF SUCH DAMAGE.
+
+-----
+
+As of April 5, 2017, Parse, LLC has transferred this code to the parse-community organization, and will no longer be contributing to or distributing this code.

Parse-Dashboard/Authentication.js

@@ -17,7 +17,8 @@ function Authentication(validUsers, useEncryptedPasswords, mountPath) {
   this.mountPath = mountPath;
 }
 
-function initialize(app) {
+function initialize(app, options) {
+  options = options || {};
   var self = this;
   passport.use('local', new LocalStrategy(
     function(username, password, cb) {
@@ -43,11 +44,12 @@ function initialize(app) {
     cb(null, user);
   });
 
+  var cookieSessionSecret = options.cookieSessionSecret || require('crypto').randomBytes(64).toString('hex');
   app.use(require('connect-flash')());
   app.use(require('body-parser').urlencoded({ extended: true }));
   app.use(require('cookie-session')({
     key    : 'parse_dash',
-    secret : 'magic',
+    secret : cookieSessionSecret,
     cookie : {
       maxAge: (2 * 7 * 24 * 60 * 60 * 1000) // 2 weeks
     }
@@ -77,8 +79,9 @@ function initialize(app) {
  * @returns {Object} Object with `isAuthenticated` and `appsUserHasAccessTo` properties
  */
 function authenticate(userToTest, usernameOnly) {
-  var appsUserHasAccessTo = null;
-  var matchingUsername = null;
+  let appsUserHasAccessTo = null;
+  let matchingUsername = null;
+  let isReadOnly = false;
 
   //they provided auth
   let isAuthenticated = userToTest &&
@@ -94,6 +97,7 @@ function authenticate(userToTest, usernameOnly) {
         matchingUsername = user.user;
         // User restricted apps
         appsUserHasAccessTo = user.apps || null;
+        isReadOnly = !!user.readOnly; // make it true/false
       }
 
       return isAuthenticated;
@@ -102,7 +106,8 @@ function authenticate(userToTest, usernameOnly) {
   return {
     isAuthenticated,
     matchingUsername,
-    appsUserHasAccessTo
+    appsUserHasAccessTo,
+    isReadOnly,
   };
 }
 

Parse-Dashboard/app.js

@@ -31,7 +31,7 @@ function checkIfIconsExistForApps(apps, iconsFolder) {
     var iconName = currentApp.iconName;
     var path = iconsFolder + "/" + iconName;
 
-    fs.stat(path, function(err, stat) {
+    fs.stat(path, function(err) {
       if (err) {
           if ('ENOENT' == err.code) {// file does not exist
               console.warn("Icon with file name: " + iconName +" couldn't be found in icons folder!");
@@ -46,7 +46,8 @@ function checkIfIconsExistForApps(apps, iconsFolder) {
   }
 }
 
-module.exports = function(config, allowInsecureHTTP) {
+module.exports = function(config, options) {
+  options = options || {};
   var app = express();
   // Serve public files.
   app.use(express.static(path.join(__dirname,'public')));
@@ -62,7 +63,7 @@ module.exports = function(config, allowInsecureHTTP) {
     const users = config.users;
     const useEncryptedPasswords = config.useEncryptedPasswords ? true : false;
     const authInstance = new Authentication(users, useEncryptedPasswords, mountPath);
-    authInstance.initialize(app);
+    authInstance.initialize(app, { cookieSessionSecret: options.cookieSessionSecret });
 
     // CSRF error handler
     app.use(function (err, req, res, next) {
@@ -75,8 +76,9 @@ module.exports = function(config, allowInsecureHTTP) {
 
     // Serve the configuration.
     app.get('/parse-dashboard-config.json', function(req, res) {
+      let apps = config.apps.map((app) => Object.assign({}, app)); // make a copy
       let response = {
-        apps: config.apps,
+        apps: apps,
         newFeaturesInLatestVersion: newFeaturesInLatestVersion,
       };
 
@@ -86,7 +88,7 @@ module.exports = function(config, allowInsecureHTTP) {
         req.connection.remoteAddress === '127.0.0.1' ||
         req.connection.remoteAddress === '::ffff:127.0.0.1' ||
         req.connection.remoteAddress === '::1';
-      if (!requestIsLocal && !req.secure && !allowInsecureHTTP) {
+      if (!requestIsLocal && !req.secure && !options.allowInsecureHTTP) {
         //Disallow HTTP requests except on localhost, to prevent the master key from being transmitted in cleartext
         return res.send({ success: false, error: 'Parse Dashboard can only be remotely accessed via HTTPS' });
       }
@@ -100,14 +102,29 @@ module.exports = function(config, allowInsecureHTTP) {
 
       const successfulAuth = authentication && authentication.isAuthenticated;
       const appsUserHasAccess = authentication && authentication.appsUserHasAccessTo;
+      const isReadOnly = authentication && authentication.isReadOnly;
+      // User is full read-only, replace the masterKey by the read-only one
+      if (isReadOnly) {
+        response.apps = response.apps.map((app) => {
+          app.masterKey = app.readOnlyMasterKey;
+          if (!app.masterKey) {
+            throw new Error('You need to provide a readOnlyMasterKey to use read-only features.');
+          }
+          return app;
+        });
+      }
 
       if (successfulAuth) {
         if (appsUserHasAccess) {
           // Restric access to apps defined in user dictionary
           // If they didn't supply any app id, user will access all apps
           response.apps = response.apps.filter(function (app) {
             return appsUserHasAccess.find(appUserHasAccess => {
-              return app.appId == appUserHasAccess.appId
+              const isSame = app.appId === appUserHasAccess.appId;
+              if (isSame && appUserHasAccess.readOnly) {
+                app.masterKey = app.readOnlyMasterKey;
+              }
+              return isSame;
             })
           });
         }

Parse-Dashboard/index.js

@@ -25,13 +25,15 @@ program.option('--allowInsecureHTTP [allowInsecureHTTP]', 'set this flag when yo
 program.option('--sslKey [sslKey]', 'the path to the SSL private key.');
 program.option('--sslCert [sslCert]', 'the path to the SSL certificate.');
 program.option('--trustProxy [trustProxy]', 'set this flag when you are behind a front-facing proxy, such as when hosting on Heroku.  Uses X-Forwarded-* headers to determine the client\'s connection and IP address.');
+program.option('--cookieSessionSecret [cookieSessionSecret]', 'set the cookie session secret, defaults to a random string. You should set that value if you want sessions to work across multiple server, or across restarts');
 
 program.parse(process.argv);
 
 const host = program.host || process.env.HOST || '0.0.0.0';
 const port = program.port || process.env.PORT || 4040;
 const mountPath = program.mountPath || process.env.MOUNT_PATH || '/';
 const allowInsecureHTTP = program.allowInsecureHTTP || process.env.PARSE_DASHBOARD_ALLOW_INSECURE_HTTP;
+const cookieSessionSecret = program.cookieSessionSecret || process.env.PARSE_DASHBOARD_COOKIE_SESSION_SECRET;
 const trustProxy = program.trustProxy || process.env.PARSE_DASHBOARD_TRUST_PROXY;
 
 if (trustProxy && allowInsecureHTTP) {
@@ -115,7 +117,8 @@ p.then(config => {
   if (allowInsecureHTTP || trustProxy) app.enable('trust proxy');
 
   config.data.trustProxy = trustProxy;
-  app.use(mountPath, parseDashboard(config.data, allowInsecureHTTP));
+  let dashboardOptions = { allowInsecureHTTP: allowInsecureHTTP, cookieSessionSecret: cookieSessionSecret };
+  app.use(mountPath, parseDashboard(config.data, dashboardOptions));
   if(!configSSLKey || !configSSLCert){
     // Start the server.
     const server = app.listen(port, host, function () {