-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathchangelog
80 lines (60 loc) · 2.89 KB
/
changelog
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
# Updates 19/09/2021
- Fix caching and headers issue with cloudflare.
- Delete file method
- Security integration (ownership)
- Mime type verification
- Change from Multer to busboy
- Testing CI pipeline
- Ci test 2
# Updates 15/09/2021
- First release of media api
- Added cloudflare worker to cache media
- Google Cloud Storage API integration
- Multer for file uploads
- Renamed db folder to storage
- Creation of agnostic bucket driver
# Updates 10/09/2021
- SuperUser creation cli
- Post and user models refactored
- Added superUser role
- Content rules now accept array nested data
- Profile data modeling object is now a function that fills an object with the user data
- Database uri adapted work in production and development
# Updates 08/09/2021
- Role verify implemented on ownership middleware to allow admins to access all resources.
- Added restriction role middleware to prevent users from accessing resources they are not allowed to (optional).
- User role now is selected from a model that can be extended, allowing for custom roles, the default role is user.
- User roles is now sent inside the JWT token, to verify it when necessary.
- Created standard for config data that must be inserted on every document (user, post, comment, etc) This config object will contain granular configurations for every data inserted on db.
- Created standard for role model.
- Fixed error on posts api ( `req.user` => `req.targetUser`), now `req.targetuser` is the user that is being requested in the url endpoint and `req.user` is the user that is logged in.
- Fixed missing imports on ownership file.
# Updates 07/09/2021
- Ownership Security implementation based on route and JWT comparison
- Fixed a bug in the backend where the user was not able to persist sessions
- Added mergeParams to the routes
- Added username and userID to the JWT payload on authentication
- Better error handling for the backend
- Target user serialization for getting user by any valid identifier (this costs db queries per request, standard for api must be decided)
- Lint rule added, must include semicolons
- Created contentRulesMiddleware for project content by the user privacy configuration
- Created the rule engine (projectionEngine, createFilter).
- TODO: Move the whole operation inside try/catch and perform db lookup first
# Updates 05/09/2021
- Routing posts API to /api/users/:userId/posts
- Added security schema to the API
- Updated post schema to include author
- Fixed bug in refresh token creation (wasn't working with dayjs objects)
- Documented the new API routing
# Updates 29/08/2021
- Implementation of JWT refresh session with refresh token
- Auth JWT method refraction
# Updates 25/08/2021
- Stellar SEP 0010 auth implementation (server side)
# Updates 24/08/2021
- Basic JWT authentication middleware
- Basic JWT token validation
- Auth endpoints
- Basic user management
- Some security statements declared
- new user models