Support direct access server option

.eslintignore

@@ -1,3 +1,3 @@
 lib
 coverage
-
+out

README.md

@@ -245,6 +245,7 @@ The client keys used with Parse are no longer necessary with Parse Server. If yo
 * `auth` - Used to configure support for [3rd party authentication](http://docs.parseplatform.org/parse-server/guide/#oauth-and-3rd-party-authentication).
 * `facebookAppIds` - An array of valid Facebook application IDs that users may authenticate with.
 * `mountPath` - Mount path for the server. Defaults to `/parse`.
+* `directAccess` - Replace HTTP Interface when using JS SDK in current node runtime. Defaults to false. Caution, this is an experimental feature that may not be appropriate for production.
 * `filesAdapter` - The default behavior (GridStore) can be changed by creating an adapter class (see [`FilesAdapter.js`](https://github.com/parse-community/parse-server/blob/master/src/Adapters/Files/FilesAdapter.js)).
 * `maxUploadSize` - Max file size for uploads. Defaults to 20 MB.
 * `loggerAdapter` - The default behavior/transport (File) can be changed by creating an adapter class (see [`LoggerAdapter.js`](https://github.com/parse-community/parse-server/blob/master/src/Adapters/Logger/LoggerAdapter.js)).

spec/index.spec.js

@@ -498,6 +498,16 @@ describe('server', () => {
  .catch(done.fail);
  });
 
+ it('should allow direct access', async () => {
+ const RESTController = Parse.CoreManager.getRESTController();
+ const spy = spyOn(Parse.CoreManager, 'setRESTController').and.callThrough();
+ await reconfigureServer({
+ directAccess: true,
+ });
+ expect(spy).toHaveBeenCalledTimes(1);
+ Parse.CoreManager.setRESTController(RESTController);
+ });
+
  it('should load a middleware from string', done => {
  reconfigureServer({
  middleware: 'spec/support/CustomMiddleware',

src/Options/Definitions.js

@@ -148,16 +148,16 @@ module.exports.ParseServerOptions = {
  userSensitiveFields: {
  env: 'PARSE_SERVER_USER_SENSITIVE_FIELDS',
  help:
- 'Personally identifiable information fields in the user table the should be removed for non-authorized users. **Deprecated** @see protectedFields',
+ 'Personally identifiable information fields in the user table the should be removed for non-authorized users. Deprecated @see protectedFields',
  action: parsers.arrayParser,
  default: ['email'],
  },
  protectedFields: {
  env: 'PARSE_SERVER_PROTECTED_FIELDS',
  help:
- 'Personally identifiable information fields in the user table the should be removed for non-authorized users.',
+ 'Protected fields that should be treated with extra security when fetching details.',
  action: parsers.objectParser,
- default: { _User: { '*': ['email'] } },
+ default: [],
  },
  enableAnonymousUsers: {
  env: 'PARSE_SERVER_ENABLE_ANON_USERS',
@@ -280,6 +280,13 @@ module.exports.ParseServerOptions = {
  action: parsers.numberParser('cacheMaxSize'),
  default: 10000,
  },
+ directAccess: {
+ env: 'PARSE_SERVER_ENABLE_EXPERIMENTAL_DIRECT_ACCESS',
+ help:
+ 'Replace HTTP Interface when using JS SDK in current node runtime, defaults to false. Caution, this is an experimental feature that may not be appropriate for production.',
+ action: parsers.booleanParser,
+ default: false,
+ },
  enableSingleSchemaCache: {
  env: 'PARSE_SERVER_ENABLE_SINGLE_SCHEMA_CACHE',
  help:

src/Options/docs.js

@@ -28,7 +28,8 @@
  * @property {String} webhookKey Key sent with outgoing webhook calls
  * @property {String} fileKey Key for your files
  * @property {Boolean} preserveFileName Enable (or disable) the addition of a unique hash to the file names
- * @property {String[]} userSensitiveFields Personally identifiable information fields in the user table the should be removed for non-authorized users.
+ * @property {String[]} userSensitiveFields Personally identifiable information fields in the user table the should be removed for non-authorized users. Deprecated @see protectedFields
+ * @property {Any} protectedFields Protected fields that should be treated with extra security when fetching details.
  * @property {Boolean} enableAnonymousUsers Enable (or disable) anon users, defaults to true
  * @property {Boolean} allowClientClassCreation Enable (or disable) client class creation, defaults to true
  * @property {Any} auth Configuration for your authentication providers, as stringified JSON. See http://docs.parseplatform.org/parse-server/guide/#oauth-and-3rd-party-authentication
@@ -50,6 +51,7 @@
  * @property {Number} schemaCacheTTL The TTL for caching the schema for optimizing read/write operations. You should put a long TTL when your DB is in production. default to 5000; set 0 to disable.
  * @property {Number} cacheTTL Sets the TTL for the in memory cache (in ms), defaults to 5000 (5 seconds)
  * @property {Number} cacheMaxSize Sets the maximum size for the in memory cache, defaults to 10000
+ * @property {Boolean} directAccess Replace HTTP Interface when using JS SDK in current node runtime, defaults to false. Caution, this is an experimental feature that may not be appropriate for production.
  * @property {Boolean} enableSingleSchemaCache Use a single schema cache shared across requests. Reduces number of queries made to _SCHEMA, defaults to false, i.e. unique schema cache per request.
  * @property {Boolean} enableExpressErrorHandler Enables the default express error handler for all errors
  * @property {Number} objectIdSize Sets the number of characters in generated object id's, default 10

src/Options/index.js

@@ -145,6 +145,10 @@ export interface ParseServerOptions {
  /* Sets the maximum size for the in memory cache, defaults to 10000
  :DEFAULT: 10000 */
  cacheMaxSize: ?number;
+ /* Replace HTTP Interface when using JS SDK in current node runtime, defaults to false. Caution, this is an experimental feature that may not be appropriate for production.
+ :ENV: PARSE_SERVER_ENABLE_EXPERIMENTAL_DIRECT_ACCESS
+ :DEFAULT: false */
+ directAccess: ?boolean;
  /* Use a single schema cache shared across requests. Reduces number of queries made to _SCHEMA, defaults to false, i.e. unique schema cache per request.
  :DEFAULT: false */
  enableSingleSchemaCache: ?boolean;

src/ParseServer.js

@@ -136,7 +136,7 @@ class ParseServer {
  * @static
  * Create an express app for the parse server
  * @param {Object} options let you specify the maxUploadSize when creating the express app */
- static app({ maxUploadSize = '20mb', appId }) {
+ static app({ maxUploadSize = '20mb', appId, directAccess }) {
  // This app serves the Parse API directly.
  // It's the equivalent of https://api.parse.com/1 in the hosted Parse API.
  var api = express();
@@ -193,7 +193,10 @@ class ParseServer {
  ParseServer.verifyServerUrl();
  });
  }
- if (process.env.PARSE_SERVER_ENABLE_EXPERIMENTAL_DIRECT_ACCESS === '1') {
+ if (
+ process.env.PARSE_SERVER_ENABLE_EXPERIMENTAL_DIRECT_ACCESS === '1' ||
+ directAccess
+ ) {
  Parse.CoreManager.setRESTController(
  ParseServerRESTController(appId, appRouter)
  );