Merge branch 'heroku_master' into aws_master

* heroku_master: (91 commits)
  added latest configfile
  Updating ISSUE_TEMPLATE to match the latest versions (parse-community#525)
  Added support for node 4.3 and some documentation to Authentication.js (parse-community#513)
  Added add row button to data browser toolbar. (parse-community#512)
  Made the encrypted passwords an option (parse-community#510)
  Allow sorting by `createdAt` ascending (parse-community#508)
  Version 1.0.18 (parse-community#507)
  E2e test (parse-community#505)
  Version 1.0.17 (parse-community#502)
  Revert "using mount path when mounted as express module" (parse-community#501)
  Version 1.0.16 (parse-community#498)
  Added the ability to accept encrypted passwords (parse-community#487)
  using mount path when mounted as express module (parse-community#486)
  fix misspelling (parse-community#497)
  Add AttachSelectedRowsDialog (parse-community#465)
  Version 1.0.15
  Add/relation viewer (parse-community#452)
  Changed Sidebar Footer links to open in a new tab (parse-community#460)
  Updated paths Procfile (parse-community#461)
  Add allowInsecureHTTP option with Express (parse-community#457)
  ...

# Conflicts:
#	Parse-Dashboard/index.js
#	Parse-Dashboard/parse-dashboard-config.json

.github/ISSUE_TEMPLATE.md

@@ -1,6 +1,8 @@
 Make sure these boxes are checked before submitting your issue -- thanks for reporting issues back to Parse Dashboard!
 
-- [ ] You're running version >=2.1.4 of Parse Server.
+- [ ] You're running version >=1.0.18 of Parse Dashboard.
+
+- [ ] You're running version >=2.2.18 of Parse Server.
 
 - [ ] You've searched through [existing issues](https://github.com/ParsePlatform/parse-dashboard/issues?utf8=%E2%9C%93&q=). Chances are that your issue has been reported or resolved before.
 

.travis.yml

@@ -1,3 +1,5 @@
 language: node_js
 node_js:
-  - "4.3"
+  - "4.4"
+  - "5.7"
+  - "6.1"

CHANGELOG.md

@@ -1,8 +1,83 @@
 ## Parse Dashboard Changelog
 
+### 1.0.18
+
+* Fix: Revert history change that was causing issues when mounting on express
+
+### 1.0.17
+
+* Fix: Revert mount path change that was causing issues when mounting on express
+
+### 1.0.16
+
+* New: Add options to add selected rows to a relation, thanks to [Han BaHwan](https://github.com/Beingbook)
+* New: Add ability to use bcrypted passwords, thanks to [Dan VanWinkle](https://github.com/dvanwinkle)
+* Fix: Fix deletion of columns, thanks to [Bryan Rhea](https://github.com/brheal)
+
+### 1.0.15
+
+* New: Add ability to delete all rows in a class, thanks to [Marco Cheung](https://github.com/Marco129)
+* New: Add relation editor, thanks to [Han BaHwan](https://github.com/Beingbook)
+* Fix: Bug when alert is missing in payload, thanks to [Herman Liang](https://github.com/hermanliang)
+* Fix: Improve target display in Push viewer, thanks to [Herman Liang](https://github.com/hermanliang)
+* Fix: Open docs and other sidebar links in new tab, thanks to [Konstantinos N.](https://github.com/kwstasna)
+
+### 1.0.14
+
+* Fix bug in past push page
+
+### 1.0.13
+
+* Fix log retrieval, thanks to [Jérémy Thiry](https://github.com/poltib)
+* Improved GeoPoint editor and ESC button in editors, thanks to [Sam Schooler](https://github.com/samschooler)
+* Add push status page to dashboard, thanks to [Jeremy Pease](https://github.com/JeremyPlease)
+
+### 1.0.12
+
+* Fix minor style issues
+* Add pointer permissions editor
+* Allow cancellation of edits in data browser using ESC key, thanks to [Manuel](https://github.com/mtrezza)
+* Show error messages in the console when your app's icons can't be found, thanks to [Saif Al-Dilaimi](https://github.com/deada92)
+
+### 1.0.11
+
+* Add the ability to specify SSL cert and key, thanks to [Cory Imdieke](https://github.com/Vortec4800)
+* Trust proxy when enabling --allowInsecureHTTP, thanks to [Andrew Chen](https://github.com/yongjhih)
+* Fix App index when apps have an apostrophe in the name
+* Fix display of prod/dev flag
+* Support for Node 6
+
+### 1.0.10
+
+* Add the ability to specify icons for your app, thanks to [Natan Rolnik](https://github.com/natanrolnik)
+* Fix sending push with JSON data
+
+### 1.0.9
+
+* Add the ability to mount the dashboard express app on a custom mount path, thanks to [hpello](https://github.com/hpello) with bugfixes from [mamaso](https://github.com/mamaso)
+* Add ability to restrict certain users to certain apps, thanks to [Felipe Andrade](https://github.com/felipemobile)
+* Fix Dockerfile, thanks to [Kakashi Liu](https://github.com/kkc)
+* Display Parse Dashboard version, thanks to [Aayush Kapoor](https://github.com/xeoneux) and [gateway](https://github.com/gateway)
+* Add a refresh button to the data browser, thanks to [TylerBrock](https://github.com/TylerBrock)
+* Add logs viewer
+* Misc. performance improvements and bugfixes, thanks to [Pavel Ivanov](https://github.com/pivanov)
+
+### 1.0.8
+
+* Allow Dashboard to be mounted as Express middleware, thanks to [Florent Vilmart](https://github.com/flovilmart)
+* Add an option to specify that your app is in production, thanks to [Dylan Diamond](https://github.com/dcdspace)
+* Fix GeoPoints in Parse Config, thanks to [Dylan Diamond](https://github.com/dcdspace)
+* Allow specification of the host the dashboard runs on, thanks to [hpello](https://github.com/hpello)
+* Miscellaneous look-and-feel improvements
+
+### 1.0.7
+
+* Fix sending pushes with badge increment
+
 ### 1.0.6
 
 * Send push notifications from the dashboard
+* Add object count to relation browser, thanks to [Sergey Gavrilyuk](https://github.com/gavrix)
 
 ### 1.0.5
 

CONTRIBUTING.md

@@ -3,7 +3,7 @@ We want to make contributing to this project as easy and transparent as
 possible.
 
 ## Our Development Process
-Get started by cloning this repository and and running `npm install` inside it. Create a file called `parse-dashboad-config.json` in the Parse-Dashboard folder inside the repo, using the format described in the readme.
+Get started by cloning this repository and and running `npm install` inside it. Create a file called `parse-dashboard-config.json` in the Parse-Dashboard folder inside the repo, using the format described in the readme.
 
 When working on the dashboard, use `npm run dashboard` and visit `localhost:4040` to see your dashboard. The `npm run dashboard` script will automatically re-build your files when you change them, so after making a change, all you need to do is refresh the page.
 

Dockerfile

@@ -1,6 +1,10 @@
-FROM node:4.3.2
-ADD package.json /src/package.json
-RUN cd /src && npm install
-ADD . /src
+FROM node:4.4.2
 WORKDIR /src
-ENTRYPOINT ["npm", "start", "--"]
+ADD . /src
+RUN cd /src \
+ && npm install \
+ && npm run build \
+ && npm cache clear \
+ && rm -rf ~/.npm \
+ && rm -rf /var/lib/apt/lists/*
+ENTRYPOINT ["npm", "run", "dashboard"]

Parse-Dashboard/Authentication.js

@@ -0,0 +1,50 @@
+"use strict";
+
+/**
+ * Constructor for Authentication class
+ * 
+ * @class Authentication
+ * @param {Object[]} validUsers
+ * @param {boolean} useEncryptedPasswords
+ */
+function Authentication(validUsers, useEncryptedPasswords) {
+    this.validUsers = validUsers;
+    this.useEncryptedPasswords = useEncryptedPasswords || false;
+}
+
+/**
+ * Authenticates the `userToTest`
+ * 
+ * @param {Object} userToTest
+ * @returns {Object} Object with `isAuthenticated` and `appsUserHasAccessTo` properties
+ */
+function authenticate(userToTest) {
+  let bcrypt = require('bcryptjs');
+
+  var appsUserHasAccessTo = null;
+
+  //they provided auth
+  let isAuthenticated = userToTest &&
+    //there are configured users
+    this.validUsers &&
+    //the provided auth matches one of the users
+    this.validUsers.find(user => {
+      let isAuthenticated = userToTest.name == user.user &&
+                        (this.useEncryptedPasswords ? bcrypt.compareSync(userToTest.pass, user.pass) : userToTest.pass == user.pass);
+      if (isAuthenticated) {
+        // User restricted apps
+        appsUserHasAccessTo = user.apps || null;
+      }
+
+      return isAuthenticated;
+    }) ? true : false;
+
+  return {
+    isAuthenticated,
+    appsUserHasAccessTo
+  };
+}
+
+Authentication.prototype.authenticate = authenticate;
+
+module.exports = Authentication;

Parse-Dashboard/app.js

@@ -0,0 +1,166 @@
+'use strict';
+const express = require('express');
+const basicAuth = require('basic-auth');
+const path = require('path');
+const packageJson = require('package-json');
+var fs = require('fs');
+
+const currentVersionFeatures = require('../package.json').parseDashboardFeatures;
+
+var newFeaturesInLatestVersion = [];
+packageJson('parse-dashboard', 'latest').then(latestPackage => {
+  if (latestPackage.parseDashboardFeatures instanceof Array) {
+    newFeaturesInLatestVersion = latestPackage.parseDashboardFeatures.filter(feature => {
+      return currentVersionFeatures.indexOf(feature) === -1;
+    });
+  }
+});
+
+function getMount(req) {
+  let url = req.url;
+  let originalUrl = req.originalUrl;
+  var mountPathLength = req.originalUrl.length - req.url.length;
+  var mountPath = req.originalUrl.slice(0, mountPathLength);
+  if (!mountPath.endsWith('/')) {
+    mountPath += '/';
+  }
+  return mountPath;
+}
+
+function checkIfIconsExistForApps(apps, iconsFolder) {
+  for (var i in apps) {
+    var currentApp = apps[i];
+    var iconName = currentApp.iconName;
+    var path = iconsFolder + "/" + iconName;
+
+    fs.stat(path, function(err, stat) {
+      if (err) {
+          if ('ENOENT' == err.code) {// file does not exist
+              console.warn("Icon with file name: " + iconName +" couldn't be found in icons folder!");
+          } else {
+            console.log(
+              'An error occurd while checking for icons, please check permission!');
+          }
+      } else {
+          //every thing was ok so for example you can read it and send it to client
+      }
+  } );
+  }
+}
+
+module.exports = function(config, allowInsecureHTTP) {
+  var app = express();
+  // Serve public files.
+  app.use(express.static(path.join(__dirname,'public')));
+
+  // Serve the configuration.
+  app.get('/parse-dashboard-config.json', function(req, res) {
+    let response = {
+      apps: config.apps,
+      newFeaturesInLatestVersion: newFeaturesInLatestVersion,
+    };
+
+    const users = config.users;
+    const useEncryptedPasswords = config.useEncryptedPasswords ? true : false;
+
+    let auth = null;
+    //If they provide auth when their config has no users, ignore the auth
+    if (users) {
+      auth = basicAuth(req);
+    }
+
+    //Based on advice from Doug Wilson here:
+    //https://github.com/expressjs/express/issues/2518
+    const requestIsLocal =
+      req.connection.remoteAddress === '127.0.0.1' ||
+      req.connection.remoteAddress === '::ffff:127.0.0.1' ||
+      req.connection.remoteAddress === '::1';
+    if (!requestIsLocal && !req.secure && !allowInsecureHTTP) {
+      //Disallow HTTP requests except on localhost, to prevent the master key from being transmitted in cleartext
+      return res.send({ success: false, error: 'Parse Dashboard can only be remotely accessed via HTTPS' });
+    }
+
+    if (!requestIsLocal && !users) {
+      //Accessing the dashboard over the internet can only be done with username and password
+      return res.send({ success: false, error: 'Configure a user to access Parse Dashboard remotely' });
+    }
+
+    let Authentication = require('./Authentication');
+    const authInstance = new Authentication(users, useEncryptedPasswords);
+    const authentication = authInstance.authenticate(auth);
+
+    const successfulAuth = authentication.isAuthenticated;
+    const appsUserHasAccess = authentication.appsUserHasAccessTo;
+
+    if (successfulAuth) {
+      if (appsUserHasAccess) {
+        // Restric access to apps defined in user dictionary
+        // If they didn't supply any app id, user will access all apps
+        response.apps = response.apps.filter(function (app) {
+          return appsUserHasAccess.find(appUserHasAccess => {
+            return app.appId == appUserHasAccess.appId
+          })
+        });
+      }
+      // They provided correct auth
+      return res.json(response);
+    }
+
+    if (users || auth) {
+      //They provided incorrect auth
+      res.set('WWW-Authenticate', 'Basic realm=Authorization Required');
+      return res.sendStatus(401);
+    }
+
+    //They didn't provide auth, and have configured the dashboard to not need auth
+    //(ie. didn't supply usernames and passwords)
+    if (requestIsLocal) {
+      //Allow no-auth access on localhost only, if they have configured the dashboard to not need auth
+      return res.json(response);
+    }
+    //We shouldn't get here. Fail closed.
+    res.send({ success: false, error: 'Something went wrong.' });
+  });
+
+  // Serve the app icons. Uses the optional `iconsFolder` parameter as
+  // directory name, that was setup in the config file.
+  // We are explicitly not using `__dirpath` here because one may be
+  // running parse-dashboard from globally installed npm.
+  if (config.iconsFolder) {
+    try {
+      var stat = fs.statSync(config.iconsFolder);
+      if (stat.isDirectory()) {
+        app.use('/appicons', express.static(config.iconsFolder));
+        //Check also if the icons really exist
+        checkIfIconsExistForApps(config.apps, config.iconsFolder);
+      }
+    } catch (e) {
+      // Directory doesn't exist or something.
+      console.warn("Iconsfolder at path: " + config.iconsFolder +
+        " not found!");
+    }
+  }
+
+  // For every other request, go to index.html. Let client-side handle the rest.
+  app.get('/*', function(req, res) {
+    let mountPath = getMount(req);
+    res.send(`<!DOCTYPE html>
+      <head>
+        <link rel="shortcut icon" type="image/x-icon" href="${mountPath}favicon.ico" />
+        <base href="${mountPath}"/>
+        <script>
+          PARSE_DASHBOARD_PATH = "${mountPath}";
+        </script>
+      </head>
+      <html>
+        <title>Parse Dashboard</title>
+        <body>
+          <div id="browser_mount"></div>
+          <script src="${mountPath}bundles/dashboard.bundle.js"></script>
+        </body>
+      </html>
+    `);
+  });
+
+  return app;
+}