Feathers 2019 new years news
source link: https://blog.feathersjs.com/feathers-2019-new-years-news-f478d5f2c8cd
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
In another article we’ll look at the things that are on the move and planned for 2019 but first, here is what happened since the fall update.
Feathers Core
The crow situation
People love big major version number announcements. Unfortunately, as we mentioned before, this doesn’t really play well with either Semantic Versioning (where even the tiniest breaking change requires a major version update) or a modular system like Feathers where you can pick-and-choose the components you want to use. This is why Feathers is using bird names like Auk, Buzzard and the upcoming Crow for its release names. Because Feathers is so modular however, that doesn’t really mean you have wait for a big release announcement to upgrade individual modules. If you have an existing Feathers application it will actually be easier to make those upgrades, like the database adapters below, as they are released.
Until it is announced, the Crow release means the latest published version of the modules in the @feathersjs
namespace and the database adapters.
New docs
That said, we did start migrating the documentation for the next version away from GitBook to Vuepress, the static site documentation engine made by the crew over at VueJS. You can find the work in progress at:
Aside from the migration guide which will continuously be updated with migration instructions for newly released modules and features, the content is currently the same as the main documentation. It also comes with a new Cookbook section where we’d like to collect common Feathers patterns and recipes. For further discussion and to collect ideas for recipes, see this issue. If you have some design and styling ideas, feel free to join the discussion in this issue.
Database adapter updates
Having features enabled by default can make things easier for beginners but there is also a risk of exposing unintended functionality. The latest versions of the Feathers database adapters include some important security and usability updates that require to explicitly enable certain functionality that was previously available by default. The release versions are:
Although there may be breaking changes, upgrading is highly recommended since it will make your Feathers application more secure by default. You can find the full migration details in the DB adapter migration guide. Here is what changed:
Querying by id
All database adapters now support additional query parameters for get
and remove
, update
and patch
with an id. If the record does not match that query, even if the id
is valid, a NotFound
error will be thrown. This is very useful for the common case of e.g. restricting requests to the user or an organization the same way as you already would in a find
method.
Previously this required making an additional get
request first.
Hook-less service methods
Service methods can now be called without any hooks by adding a _
in front of the method name as _find
, _get
, _create
, _patch
, _update
and _remove
. This can be useful if you need the raw data from the service and don't want to trigger any of its hooks. Note that these methods are only available in a Feathers database adapter and not for any other service unless it has been implemented explicitly.
Multi updates
Creating, updating or removing multiple records at once has always been part of the Feathers adapter specification and documented in the adapter common API but it appears to have been something that was often overlooked.
This means applications may accept requests that are not anticipated (like deleting or creating multiple records at once) and in the worst case be open to malicious request. Additionally, it could also lead to unexpected data in a hook that require special cases (like context.data
or context.result
being an array).
Now, multiple create
, patch
and remove
calls (with the id
value set to null
) are disabled by default and have to be enabled explicitly by setting the multi
option when initializing the adapter service:
When using the multi
option, hooks have to make sure to handle those cases and queries have to be secured accordingly (e.g. using feathers-authentication-hooks).
Whitelisting
Some database adapters allowed additional query parameters outside the official Feathers query syntax. To reduce the risk of allowing malicious queries only the standard query syntax is now allowed.
Non-standard query parameters (any query property starting with a $
) will now throw an error. To allow them, they have to be explicitly whitelisted using the whitelist
option:
As with multi
updates, it is important to consider the potential side effects of a whitelisted query parameter.
Root level services
A common request, especially when it comes to a more microservice oriented architecture was the ability to register a service at the root level. As of @feathersjs/feathers
v3.3.0 [changelog] and the latest transport(@feathersjs/socketio
or @feathersjs/express
) this is now possible by giving a service the /
path like this:
Feathers+
The new CLI+ is similar to the current cli in that it uses the same commands and asks similar questions but also:
- Generates either JavaScript or TypeScript code; with semicolons or without.
- Converts DB-agnostic JSON-schema models to the DB model each service is currently configured for.
- Generates quality fake data and optionally seeds your DB with it.
- Generates unit and client/server tests for your hooks, services and authentication.
- Generates the resolvers needed for your GraphQL Query interface. These resolvers use batch-loaders for x10 performance.
- Interoperates with Apollo.
- Populates your records almost automatically.
- Regenerates you app without losing changes you’ve made. You stay up-to-date with enhancements and fixes.
A transition from the current @feathersjs/cli
to the CLI+ is planned for the final Crow release.
feathers-hooks-common
feathers-hooks-common is a collection of useful hooks that a Feathers application usually needs.
- TypeScript typings have been added (j2L4e).
- TypeScript IDE interface displays include links to the documentation.
- The new fgraphql populate hook allows you to leverage the GraphQL resolvers generated by cli+ so you can populate records without writing code.
- softDelete2 improves the functionality of the now deprecated softDelete.
- dialablePhoneNumber uses a version of Google’s Android libphonenumberlibraryfor parsing, formatting, and validating international phone numbers.
- alterItems now works with async callback functions.
- keepInArray and keepQueryInArray keep selected fields within nested arrays.
authentication-local-management
The current feathers-authentication-management is in the process of being rewritten as authentication-local-management. The new version
- Is easier to configure,
- Is more customizable via hooks and plug-ins,
- Supports SMS as well as email push notifications,
- Has features to support multi factor authentication which you can use in two factor authentication (2FA), sign-in to new devices, or sign-in after an extended period,
- Allows users to invite others,
- Supports multiple password-like fields, e.g. PIN, badge#,
- Can prevent reuse of passwords via password history,
- Supports password hashing using other than hashPassword().
Articles
created a comprehensive list of Feathers articles published in 2018:As always, many thanks to everyone for the great contributions over the last little while and to a great 2019! ❤️
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK