Rewrote authentication logic – it now supports Auth0 style authentication: expiring "access tokens" and "refresh tokens" (with automatic token refresh feature).
Breaking changes:
authenticationused to be a function. Now it's an object rather than a function.authentication : function(payload)->authentication.userInfo : function(payload)- Added
authentication.refreshAccessToken(ctx)optional parameter for automatically refreshing expired tokens - Route handlers (including
apiroute handlers) are no longer bound tothis, use the newctxparameter instead:({ ... }, { ..., ctx }) => {} jwt()function parameters renamed:user_id->userId,jwt_id->tokenId.expiresInparameter added.keysparameter changed to a singlekey(pass it likekey: keys[0])authentication_token_idandauthentication_tokenroute handler parameters removed (useaccessTokenIdandaccessTokeninstead)ctx.authenticate()function removed (wasn't used at all). Renamed:ctx.jwt_id->ctx.accessTokenId,ctx.jwt->ctx.accessToken,ctx.authentication_error-> removed,ctx.token_data->ctx.accessTokenPayloadauthentication.validate_tokenoption removedparse_bodyoption renamed toparseBody
- Fix for
Dateparsing regular expression
- Added HTTP error "429 Too Many Requests"
- JWT is now only looked up in the HTTP Authorization header. JWT is no more looked up in the
authenticationcookie since it's prone to Cross-Site Request Forgery attacks.
- (breaking change) file upload's
streamfunction now takes an extrafieldsattribute (form fields) - (breaking change) removed
postprocessoption of file upload (useprocessinstead) - (breaking change) file upload
respondis now synchronous - now exporting a basic
generateUniqueFilename(path)helper function
routingandapinow don't wrap primitives into a JSON object when sending HTTP response
- Fixed HTTP status
204being sent instead of200for HEADs, GETs, POSTs and PATCHes.
- Added
Dateparsing forrouting(andapi) parameters
httputility nowrejects thePromisewith theerrorslightly different from what it was in0.1.x: it used to have.codeproperty set to HTTP response status, but now that.codeproperty is renamed to.status(I guess the new name better suits it)
- Fixed a bug of
PUT and DELETE HTTP queries must not return any contenterror being thrown when a Promise is returned from a route handler
- Placed a restriction on
PUTandDELETEHTTP queries to not return any content - Added
date_parsertohttputility
- Fixed returning
Promises in routes resolving to strange objects of form{ _c: [], _s: 0, _d: false, _h: 0, _n: false }
- Renamed
to_nameto justnamefor proxying
detect_localenow setsctx.localevariable which can be read, for example, in route handlers asthis.locale
- Added
optionsargument toproxyfunction. Seehttp-proxyoptions.
- Renamed
httputility (which is passed insideparametersobject of route handlers) tointernal_http, emphasizing the fact that it should only be used to send HTTP requests to your own servers because it will also send JWT token header and therefore it would expose that sensitive information to a third party if used for external HTTP requests.
- Added
stream(file, response)parameter forfile_uploadwhich bypasses writing the uploaded files to disk.streammust either return a Promise (the resolved value will be later sent back in HTTP response) or stream response data directly to HTTPresponse. Ifstreamis set, thenprocesswon't be called.
- Added
processparameter forfile_uploadwhich can process each file individually in parallel returning a result, whilepostprocessis applied at the end when all files are uploaded andprocessed.
- Parallelized file upload
- A little breaking change of
on_file_uploadedfunction parameters: now takes an object.
- Added short-hand aliases for
file_uploadandserve_static_files. Refactoredfile_uploadfunction call parameters.
- Removed
developmentoption. CheckingNODE_ENVnow.
- Fixed bugs found by @once-ler. Introduced
developmentoption.
- Initial release