Merge pull request #180 from StatelessStudio/v2.1.0

[3.0.0] Jun-20-2019

Author: DrewImm

.travis.yml

@@ -1,6 +1,6 @@
 language: node_js
 node_js:
-  - "10.13.0"
+  - "10.15.3"
 before_script:
   - psql -c 'create database testdb;' -U postgres
   - cp local.config.travis.json local.config.json

CHANGELOG.md

@@ -1,5 +1,33 @@
 # PointyApi Changelog
 
+## [3.0.0] Jun-20-2019
+
+### Breaking Changes (See migration.md)
+- [Issue #179] Swap http expect & token param
+- Removed database error handler
+- Changed `refreshToken` to `__refreshToken` in post endpoints
+- Changed `CLIENT_URL` to `ALLOW_ORIGIN`
+
+### Additions
+- Added jwtBearer::sign argument
+- Added pointy::testmode
+- Added new ipc message test
+- Added ExampleUser class
+- Added ready-check prior to starting server
+- Added BaseDb::conn
+- Moved Postgres members to BaseDB
+
+### Fixes
+- Error handling
+- Fixed a bug which mixed up `JWT_TTL` and `JWT_REFRESH_TTL`
+- runHook should log error
+- patchEndpoint should merge payload after patch hook
+- Login endpoint should check validation
+- npm update
+- Simplified login endpoint
+- Fixed default entities bug
+- Moved "server-ready" ipc from listen() to pointy::start()
+
 ## [2.0.0] Jun-06-2019
 
 ### Breaking Changes (See migration.md)

README.md

@@ -157,6 +157,7 @@ npm i pointyapi
 			.setEntities(
 				[
 					/* TODO: We will set our models here */
+					ExampleUser
 				]
 			)
 			.connect(ROOT_PATH)
@@ -168,7 +169,7 @@ npm i pointyapi
 	```
 3. **Create a user route**
 
-	By default, PointyAPI will use `BaseUser` as the user model. Let's create a route for this model, so that we can access this model through our API:
+	By default, PointyAPI will use `ExampleUser` as the user model. Let's create a route for this model, so that we can access this model through our API:
    - Create a folder for routes, `src/routes/`
    - Create a new router file, `src/routes/user.ts`
    - Copy & paste router code:
@@ -178,7 +179,7 @@ npm i pointyapi
 
 	import { Router } from 'express';
 	import { setModel } from 'pointyapi';
-	import { BaseUser } from 'pointyapi/models';
+	import { ExampleUser } from 'pointyapi/models';
 	import { postFilter, getFilter, patchFilter } from 'pointyapi/filters';
 	import { onlySelf } from 'pointyapi/guards';
 	import {
@@ -190,9 +191,9 @@ npm i pointyapi
 
 	const router: Router = Router();
 
-	// Set the route model to BaseUser
+	// Set the route model to ExampleUser
 	async function loader(request, response, next) {
-		if (await setModel(request, response, BaseUser)) {
+		if (await setModel(request, response, ExampleUser)) {
 			next();
 		}
 	}
@@ -211,7 +212,7 @@ npm i pointyapi
 	Open `src/index.ts` up again, and let's import our new User route.
 
 	```typescript
-	import { BaseUser } from 'pointyapi/models'; // Add import to our user model
+	import { ExampleUser } from 'pointyapi/models'; // Add import to our user model
 
 	...
 	// Routes
@@ -229,7 +230,7 @@ npm i pointyapi
 		.setEntities(
 			[
 				/* TODO: We will set our models here */
-				BaseUser // Add our BaseModel model to the database
+				ExampleUser // Add our BaseModel model to the database
 			]
 		)
 
@@ -304,14 +305,14 @@ npm i pointyapi
 
 	import { Router } from 'express';
 	import { loginEndpoint, logoutEndpoint } from 'pointyapi/endpoints';
-	import { BaseUser } from 'pointyapi/models';
+	import { ExampleUser } from 'pointyapi/models';
 	import { setModel } from 'pointyapi';
 
 	const router: Router = Router();
 
 	// Set our route model & activate auth route
 	async function loader(request, response, next) {
-		if (await setModel(request, response, BaseUser, true)) {
+		if (await setModel(request, response, ExampleUser, true)) {
 			next();
 		}
 	}
@@ -344,7 +345,7 @@ npm i pointyapi
 		.setEntities(
 			[
 				/* TODO: We will set our models here */
-				BaseUser
+				ExampleUser
 			]
 		)
 
@@ -379,7 +380,7 @@ npm i pointyapi
 To launch in production mode, please make sure the following variables are set (environment variables/.env)
 
 - **SITE_TITLE** - Set the site title
-- **CLIENT_URL** - Set your client URL to add the client to the CORS policy
+- **ALLOW_ORIGIN** - Set your client URL to add the client to the CORS policy
 - **JWT_KEY** - Set your token key to make JWT cryptographically secure
 - **JWT_TTL** - Set your token time-to-live (seconds). Default is 15 minutes
 - **JWT_REFRESH_TTL** - Set your refresh token time-to-live (seconds). Default is 7 days.

migration.md

@@ -1,5 +1,11 @@
 # Migration Guide
 
+## What version do you have?
+> Choose the version you have before upgrading, and follow the guide to the bottom from there.
+- [Version 0.x.x](#version-0.x.x-->-1.x.x)
+- [Version 1.x.x](#version-1.x.x-->-2.x.x)
+- [Version 2.x.x](#version-2.x.x-->-3.x.x)
+
 ## Version 0.x.x -> 1.x.x
 
 1. Remove `response` parameter from responders and handlers
@@ -31,7 +37,7 @@
 	```typescript
 	// Set model
 	router.use((request, response, next) => {
-		if (await setModel(request, response, BaseUser)) {
+		if (await setModel(request, response, ExampleUser)) {
 			// Note that this next() call is now in an if-statement around the setModel()
 			next();
 		}
@@ -51,7 +57,7 @@
 	// Set model
 	router.use((request, response, next) => {
 		//                                               vvv add this for auth routes
-		if (await setModel(request, response, BaseUser, true)) {
+		if (await setModel(request, response, ExampleUser, true)) {
 			// Note that this next() call is now in an if-statement around the setModel()
 			next();
 		}
@@ -110,11 +116,24 @@
 1. Auth tokens are now completely stateless. Remove the `token` field from your User entity.
 2. Login now issues a refresh token.
    1. Make a POST endpoint in your auth router:
-		`router.post('/refresh', refreshTokenEndpoint);` 
-   2. Update your front-end auth service to save the `refreshToken` and `refreshExpiration` from the `loginEndpoint`
-   3. Set a timeout to call the `refreshTokenEndpoint` route when the access token expires. `refreshTokenEndpoint` will return an updated user object, including a new access token & expiration time.
+		`router.post('/refresh', loader, refreshTokenEndpoint);` 
+   2. Update your front-end auth refreshTokenservice to save the `refreshToken` and `refreshExpiration` from the `loginEndpoint`
+   3. Set a timeout to call the `refreshTokenEndpoint` route when the access token expires. Setup the body like this: `{ __refreshToken: myRefreshToken }`.  This will return an updated user object, including a new access token & expiration time.
 3. **(Optional)** PointyAPI now supports `UUID`. Follow the steps in the Readme to enable UUID (strongly recommended for production).
 
    **NOTE** If you are already in production and decide to migrate to UUID, you must make sure to update relations etc
 
 4. **(Optional)** Guards will now issue a `401` only if a token is not present/valid, otherwise will issue a `403`. This may help determine if the user is authenticated/authorized on the front-end.
+
+## Version 2.x.x -> 3.x.x
+
+1. If you use the PointyAPI HTTP Client, the functions have swapped the `bearer` and `expect` parameters. You must swap these in your code.
+2. If your code uses a custom database error handler, this should be removed and the pointyapi error handler used instead.
+3. `CLIENT_URL` is no longer used for CORS policy. Now you should use `ALLOW_ORIGINS`. **However, `CLIENT_URL` is still used for links, etc - so don't remove it**.
+	Example:
+	
+	`/.env`
+	```
+	CLIENT_URL=http://example.com/
+	ALLOW_ORIGINS=http://example.com/, http://cool-example.com/
+	```

orm-cli.js

@@ -8,6 +8,6 @@ module.exports = {
 	user: dbSettings.user,
 	password: dbSettings.password,
 	database: dbSettings.database,
-	entities: [ 'lib/src/models/base-user.ts' ],
+	entities: [],
 	uuidExtension: 'pgcrypto'
 };