All notable changes to this project will be documented in this file.
- Reworked Login Worflow to make it more smooth
- Fixed a security vulnerability where a JS Alert was used for a confirmation
- Reworking the login workflow adds a "delay" timer for needing to click through the banner in the UI Login Modal configuration.
{
"ui": {
"loginModal": {
"hideFor": "480m"
}
}- Added Redis datastore for session management
- Added Reconnect logic for Mongo
- Added support for DIS (Dynamic Integration Service) so that external services can integrate authentication within MCF and store auth tokens in session.
- Updated Node version to 12.18.3 or higher.
- Separated MongoDB from the MCF docker file for a more mircoservice architecture.
- Added updates to the dockerfile.
- Fixed broken UI tests.
- Added 404 error page.
- With the addition of redis as the session store, there are new session configuration options.
{
"session": {
"redis_host": "REDIS_URL",
"redis_port": "REDIS_PORT",
"redis_db": "REDIS_DATABASE_NUMBER",
"cookie": {
"secure": false, // true for HTTPS, false for HTTP
"httpOnly": true, // true for HTTP, false for HTTPS
"sameSite": "lax"
}
}
}- Added the commitURL configuration option for the mms-adapter commit functionality.
{
"server": {
"commitURL": "127.0.0.1" // This is the same host as MCF
}
}- Added the corsAllowList configuration option for cross origin resource sharing.
{
"server": {
"corsAllowList": [
"http://localhost:9080",
"http://127.0.0.1:9080",
"http://127.0.0.1",
"http://localhost"
]
}
}- Fixed a bug where webhook custom data could not be updated
- Fixed a bug where webhooks could not be unarchived
- Added support for ids query parameter for all batch delete endpoints
- Updated
5xxand6xxcore tests to leverage theidsquery parameter for all batch delete tests
- Fixed a bug preventing Webhook creation with custom data
- Added
scripts/webpack-dev.config.jsto support hot reload for React development. Runningyarn watchin a separate terminal will transpile updates made to React component JSX files
- Refactored outgoing webhooks to simplify response input
- Fixed a bug causing elements with cross-references to not render properly in the UI
- Added "depth" option to the
getElements()endpoint
- Implemented the
fs-extralibrary to increase windows compatibility by reducing the number of bash commands used
- Implemented HTTP/2 in place of HTTPS/1.1. This requires no change for the current user
- Added a new artifact strategy for Amazon's S3
- Added the ability for system wide admins to reset a users password
- Added support for temporary passwords. Whenever a local user is created or has their password reset, they must change their password upon first login
- Fixed a bug causing the cursor to flicker while hovering over buttons in the UI
- Fixed a bug causing local plugins to not load properly on Windows
- Added an API endpoint which lists the filename and location of all artifact blobs on a project
- Added CONTRIBUTING.md file for detailing expectations for code contribution
- Added 8.0 User Interface Overview page to flight manual
- Updated element edit modal in the UI
- Upgraded the minimum mongoose version due to a bug with one of its dependencies
- Added a new database strategy for Amazon's DynamoDB. At this time the strategy is still in beta and should NOT be used in production
- Added the ability to allow for plugin functions to be triggered synchronously before and after most API routes
- Added a new system-admin only API endpoint to retrieve system logs
- Added a configuration option to enforce unique project ids, allowing for better backwards compatibility with the MMS API
- Added support for a configuration option which allows for enforcing how old a password must be, before in can be reused
- Added a new log file for requests and responses to security related endpoints
- Added support for the
immutablefield in themongoose-mongodb-strategy.js - Fixed a bug where artifact documents were not cloned on creation of a branch
- Fixed a deprecation warning from the
cryptolibrary - Added an ESlint plugin which enforces security related best practices
- Added an option to DELETE
/artifactsand/artifacts/:artifactidcalleddeleteBlobwhich if true, deletes the associated blob if no other artifact documents reference it
- With the addition of the DynamoDB database strategy, there are new configuration options when the DynamoDB strategy is selected. Please refer to the database README for configuration guidance
- Added the required string
log.security_file, which specifies the name of the log file which stores requests/responses of security related endpoints
{
"log": {
"security_file": "security.log"
}
}- Added the optional number
auth.oldPasswordswhich specifies the minimum number of different passwords before a password can be reused. If this option is not supplied, there is no limit.
{
"auth": {
"oldPasswords": 12
}
}- Added the optional boolean
server.uniqueProjectswhich if true, enforces project IDs to be unique. Normally, two projects can have the same ID on different orgs, but if this option is true, attempting this will result in an error. This option helps support backwards compatibility with the MMS API
{
"server": {
"uniqueProjects": true
}
}- Added page in UI for managing Artifacts. Allows the user to create, edit and delete artifacts on different branches
- Added support for webhooks. Webhooks can be created at the organization, project, branch and server levels. Webhooks can be triggered internally through the Node.js event system or externally through a URL
- Added the ability to run Mocha tests written in plugins. Any tests defined
in a
testsdirectory at the root of the plugin can be run by running the commandnode mbee test --plugin {pluginName}wherepluginNameis the name of the plugin defined in the config
- Added the virtual field
referencedByto artifacts. If populated, returns all elements which reference the artifact - Increased error testing coverage of branch and element controllers
- Added the optional field
testOnStartupto plugins. If this boolean value is true, the tests in the plugin will be run when it is built at server startup. This option can be defined for each plugin that is installed
{
"plugins": {
"enabled": true,
"plugins": {
"sample-plugin": {
"source": "path/to/sample/plugin",
"testOnStartup": true
},
"test-plugin": {
"source": "path/to/test/plugin",
"testOnStartup": false
}
}
}
}- Abstracted out database migrations to support the database abstraction layer. Each database can now have migrations which are specific to that database, in addition to the system-wide database migrations
- Updated the Artifact schema by adding a
sizefield, and changing the name ofnametodescription - Updated the Element schema by adding an
artifactfield which allows for referencing an artifact.
- Refactored the database abstraction layer by removing the need to support
callback functions in the parameters and by adding the requirement for
supporting the operation
replaceOneinModel.bulkWrite() - Removed usage of the MongoDB specifc keywords
$unset,$push,$searchand$meta - Modified queries searching the
permissionsfield to use the keyword$all. Usage of this keyword specifies that all contents in the query must be found in an array for a document to match
- Added batch CRUD operations for artifact documents
- Refactored the Database Abstraction layer by removing the required methods
Schema.pre(),Schema.method()andModel.createDocument() - Updated tests to use random test data generated from custom validators if custom validators are defined in the running config
- Fixed bug in UI where the selected branch did not persist between pages
- Removed the
leanoption from controllers
- Added basic CRUD operations for artifact documents in the API
- Added GET, POST and DELETE artifact blob API endpoints
- Implemented a local artifact storage strategy
- Implemented a database abstraction layer to support interchangeable databases. Please note this feature is in beta, and still a work in progress
- Added support for referencing elements in different projects in the UI
- Increased unit test coverage through addition of first UI unit tests
- Improved JSON rendering in UI
customfields - Modified the
archivedoption on GET requests. The option has been replaced withincludeArchived, and thearchivedoption now returns all documents which are archived - Added a configuration validator, which verifies the running config has all required fields
- Added pages for viewing all organizations and projects in the admin console
- Added
rootpathoption to GET/elements/:elementidwhich returns all parents of the specified element up through the root - Added support for disabling the patch user password API endpoint
- Increased test coverage with addition of 8xx system level tests
- Added support for locking out local users after 5 failed login attempts in 15 minutes. Users become archived, and must be unarchived by admins
- Increased linter coverage by adding rules for JSDoc headers
- Removed usage of $or and $regex in database queries to aid in implementation of different database strategies
- Removed organization and project pages from the profile page on the UI
- Added the required field
db.strategywhose value is a string, the name of the selected strategy. Please note that each strategy will have its own required fields in thedbsection
{
"db": {
"strategy": "mongoose-mongodb-strategy"
}
}- Added the required section
artifactwhich contains a single required fieldartifact.strategy, whose value is a string, the name of the selected strategy
{
"artifact": {
"strategy": "local-strategy"
}
}- Added the optional validator
artifact_idto thevalidatorssection - Changed the name of the optional field
docker.mongotodocker.db. If this field exists, it must be changed - Added optional length validators to the
validatorssection. These lengths are the MAX length of the ids
{
"validators": {
"id_length": 36,
"org_id_length": 36,
"project_id_length": 36,
"branch_id_length": 36,
"artifact_id_length": 36,
"element_id_length": 36,
"user_username_length": 36
}
}- Added the ability to branch models in API and UI
- Added ability to view other users information in the UI
- Added support for system admins to create and delete users
- Added user search API endpoint
- Changed plugin configuration section to use objects rather than an array.
See
example.cfgfor an example - Added an advanced search for elements in the UI
- Added support for sorting results in GET operations
- Added support for sending .gzip files in all post/patch/put endpoints
- Removed support for the
logDirfield in the configuration - Added additional debug level logging during database calls
- Added resource consumption info to debug level logs
- Added additional info level logging on response from API calls
- Refined UI routes to better align with API structure
- Added support for referencing projects in the
defaultorg - Updated clean command to delete contents of
datadirectory - Allow for archived elements to optionally be displayed in the UI
- Allow for element ids to be hidden from the element tree in the UI
- Added support for re-inserting data upon a failed PUT request
- Lowered permissions for PUT requests from system admins to org/project writers
- Fixed bug which crashed server when a plugin failed to be cloned
- Fixed bug which did not refresh the element tree upon creation of elements
- Updated UI pages for organization, project, user, and elements
- Added new options to element API endpoint for improved query capabilities
- Added the ability to reference elements outside the current project (must be in the same org)
- Added the mbee, holding_bin and undefined elements to all projects
- API performance improvements
- Moved session management to models directory
- Updated element tree display
- Added edit function for organization, project, user, and elements
- Added side panels for element information view
- Added element add and delete capabilities
- Updated some of the styles throughout the UI
- Added the sidebar plugin capabilities for projects
- Changed node version requirements to be 10.15.0 or higher
- Fixed a bug causing the build process to mark completion prior to the build being complete
- Fixed a bug in the logger script causing incompatibility with Windows
- Other minor bugfixes
- Improved authentication error responses
- Added a step during startup to check that installed dependencies are up to date.
- Added lean option to controllers
- Added the ability to customize request timeout
- Added CHANGELOG.md
- Added the minified option to all API endpoints
- Added the skip option to all find() functions and GET endpoints
- Renamed the "jmiOpt" option to "format"
- Added event emitter library and default events
- Added createOrReplace controller functions and PUT endpoints for all object types
- Added the fields options to all controller functions (excluding remove())
- Added the limit option to all find() functions
- Added the element search controller function and API endpoint
- Created an additional test suite to test for expected errors
- Added CREDITS file
- Added new API endpoint for updating user passwords
- Integration of front-end UI framework to support future UI development
- Provided basic support for Docker
- Provided a default configuration file
- Improved dependency management for plugins
- Updated permissions logic
- Added API Controller backwards compatibility
- Introduced database schema migration support
- Added MBEE Flight Manual (user manual)
- Updated JSDoc formatting
- Initial release