Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

feat: liveQuery support for unsorted distance queries #8221

Merged
merged 2 commits into from
Oct 11, 2022
Merged

feat: liveQuery support for unsorted distance queries #8221

merged 2 commits into from
Oct 11, 2022

Conversation

dplewis
Copy link
Member

@dplewis dplewis commented Oct 8, 2022

New Pull Request Checklist

Issue Description

Closes: #7480

Approach

TODOs before merging

  • Add tests
  • Add changes to documentation (guides, repository pages, in-code descriptions)
  • Add security check
  • Add new Parse Error codes to Parse JS SDK
  • A changelog entry is created automatically using the pull request title (do not manually add a changelog entry)

@parse-github-assistant
Copy link

parse-github-assistant bot commented Oct 8, 2022
edited
Loading

Thanks for opening this pull request!

  • ❌ Please check all required checkboxes at the top, otherwise your pull request will be closed.

  • ⚠️ Remember that a security vulnerability must only be reported confidentially, see our Security Policy. If you are not sure whether the issue is a security vulnerability, the safest way is to treat it as such and submit it confidentially to us for evaluation.

@codecov
Copy link

codecov bot commented Oct 8, 2022
edited
Loading

Codecov Report

Base: 93.96% // Head: 93.97% // Increases project coverage by +0.01% 🎉

Coverage data is based on head (1dcb868) compared to base (2a82d19).
Patch coverage: 90.90% of modified lines in pull request are covered.

Additional details and impacted files 
@@            Coverage Diff             @@
##            alpha    #8221      +/-   ##
==========================================
+ Coverage   93.96%   93.97%   +0.01%     
==========================================
  Files         182      182              
  Lines       13744    13752       +8     
==========================================
+ Hits        12914    12923       +9     
+ Misses        830      829       -1
Impacted Files Coverage Δ
src/LiveQuery/QueryTools.js 94.55% <90.90%> (-0.30%) ⬇️
src/Adapters/Files/GridFSBucketAdapter.js 80.32% <0.00%> (+0.81%) ⬆️
src/ParseServerRESTController.js 98.48% <0.00%> (+1.51%) ⬆️

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

☔ View full report at Codecov.
📢 Do you have feedback about the report comment? Let us know in this issue.

@dplewis dplewis requested review from mtrezza and dblythy October 8, 2022 04:07
@mtrezza mtrezza requested review from a team and removed request for dblythy and mtrezza October 8, 2022 06:21
@mtrezza
Copy link
Member

mtrezza commented Oct 8, 2022
edited
Loading

@dplewis thanks for the PR; please request review from @parse-community/server-review instead of individual members, check the boxes at the top and remove TODOs that don’t apply in the template.

@dplewis
Copy link
Member Author

dplewis commented Oct 8, 2022

Sorry it's a habit. I'll send it to the team in the future

@dplewis dplewis mentioned this pull request Oct 8, 2022
Merged
3 tasks
@dplewis dplewis changed the title feat(LiveQuery): support $centerSphere feat: liveQuery support for unsorted distance queries Oct 10, 2022
mtrezza
mtrezza approved these changes Oct 11, 2022
View reviewed changes
Copy link
Member

@mtrezza mtrezza left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good!

@mtrezza mtrezza merged commit 0f763da into parse-community:alpha Oct 11, 2022
parseplatformorg pushed a commit that referenced this pull request Oct 11, 2022
@semantic-release-bot
chore(release): 5.3.0-alpha.28 [skip ci]
8c30c81 
# [5.3.0-alpha.28](5.3.0-alpha.27...5.3.0-alpha.28) (2022-10-11)

### Features

* liveQuery support for unsorted distance queries ([#8221](#8221)) ([0f763da](0f763da))
@parseplatformorg
Copy link
Contributor

🎉 This change has been released in version 5.3.0-alpha.28

@parseplatformorg parseplatformorg added the state:released-alpha Released as alpha version label Oct 11, 2022
parseplatformorg pushed a commit that referenced this pull request Oct 29, 2022
@semantic-release-bot
chore(release): 5.4.0-beta.1 [skip ci]
0e30c76 
# [5.4.0-beta.1](5.3.0...5.4.0-beta.1) (2022-10-29)

### Bug Fixes

* authentication adapter app ID validation may be circumvented; this fixes a vulnerability that affects configurations which allow users to authenticate using the Parse Server authentication adapter for *Facebook* or *Spotify* and where the server-side authentication adapter configuration `appIds` is set as a string (e.g. `abc`) instead of an array of strings (e.g. `["abc"]`) ([GHSA-r657-33vp-gp22](GHSA-r657-33vp-gp22)) [skip release] ([#8187](#8187)) ([8c8ec71](8c8ec71))
* brute force guessing of user sensitive data via search patterns (GHSA-2m6g-crv8-p3c6) ([#8146](#8146)) [skip release] ([4c0c7c7](4c0c7c7))
* certificate in Apple Game Center auth adapter not validated [skip release] ([#8058](#8058)) ([75af9a2](75af9a2))
* graphQL query ignores condition `equalTo` with value `false` ([#8032](#8032)) ([7f5a15d](7f5a15d))
* internal indices for classes `_Idempotency` and `_Role` are not protected in defined schema ([#8121](#8121)) ([c16f529](c16f529))
* invalid file request not properly handled [skip release] ([#8062](#8062)) ([4c9e956](4c9e956))
* liveQuery with `containedIn` not working when object field is an array ([#8128](#8128)) ([1d9605b](1d9605b))
* protected fields exposed via LiveQuery (GHSA-crrq-vr9j-fxxh) [skip release] ([#8076](#8076)) ([9fd4516](9fd4516))
* push notifications `badge` doesn't update with Installation beforeSave trigger ([#8162](#8162)) ([3c75c2b](3c75c2b))
* query aggregation pipeline cannot handle value of type `Date` when `directAccess: true` ([#8167](#8167)) ([e424137](e424137))
* relation constraints in compound queries `Parse.Query.or`, `Parse.Query.and` not working ([#8203](#8203)) ([28f0d26](28f0d26))
* security upgrade undici from 5.6.0 to 5.8.0 ([#8108](#8108)) ([4aa016b](4aa016b))
* server crashes when receiving file download request with invalid byte range; this fixes a security vulnerability that allows an attacker to impact the availability of the server instance; the fix improves parsing of the range parameter to properly handle invalid range requests ([GHSA-h423-w6qv-2wj3](GHSA-h423-w6qv-2wj3)) [skip release] ([#8238](#8238)) ([c03908f](c03908f))
* session object properties can be updated by foreign user; this fixes a security vulnerability in which a foreign user can write to the session object of another user if the session object ID is known; the fix prevents writing to foreign session objects ([GHSA-6w4q-23cf-j9jp](GHSA-6w4q-23cf-j9jp)) [skip release] ([#8180](#8180)) ([37fed30](37fed30))
* sorting by non-existing value throws `INVALID_SERVER_ERROR` on Postgres ([#8157](#8157)) ([3b775a1](3b775a1))
* updating object includes unchanged keys in client response for certain key types ([#8159](#8159)) ([37af1d7](37af1d7))

### Features

* add convenience access to Parse Server configuration in Cloud Code via `Parse.Server` ([#8244](#8244)) ([9f11115](9f11115))
* add option to change the default value of the `Parse.Query.limit()` constraint ([#8152](#8152)) ([0388956](0388956))
* add support for MongoDB 6 ([#8242](#8242)) ([aba0081](aba0081))
* add support for Postgres 15 ([#8215](#8215)) ([2feb6c4](2feb6c4))
* liveQuery support for unsorted distance queries ([#8221](#8221)) ([0f763da](0f763da))
@parseplatformorg
Copy link
Contributor

🎉 This change has been released in version 5.4.0-beta.1

@parseplatformorg parseplatformorg added the state:released-beta Released as beta version label Oct 29, 2022
parseplatformorg pushed a commit that referenced this pull request Oct 31, 2022
@semantic-release-bot
chore(release): 5.4.0-alpha.1 [skip ci]
963613e 
# [5.4.0-alpha.1](5.3.0...5.4.0-alpha.1) (2022-10-31)

### Bug Fixes

* authentication adapter app ID validation may be circumvented; this fixes a vulnerability that affects configurations which allow users to authenticate using the Parse Server authentication adapter for *Facebook* or *Spotify* and where the server-side authentication adapter configuration `appIds` is set as a string (e.g. `abc`) instead of an array of strings (e.g. `["abc"]`) ([GHSA-r657-33vp-gp22](GHSA-r657-33vp-gp22)) [skip release] ([#8187](#8187)) ([8c8ec71](8c8ec71))
* brute force guessing of user sensitive data via search patterns (GHSA-2m6g-crv8-p3c6) ([#8146](#8146)) [skip release] ([4c0c7c7](4c0c7c7))
* certificate in Apple Game Center auth adapter not validated [skip release] ([#8058](#8058)) ([75af9a2](75af9a2))
* graphQL query ignores condition `equalTo` with value `false` ([#8032](#8032)) ([7f5a15d](7f5a15d))
* internal indices for classes `_Idempotency` and `_Role` are not protected in defined schema ([#8121](#8121)) ([c16f529](c16f529))
* invalid file request not properly handled [skip release] ([#8062](#8062)) ([4c9e956](4c9e956))
* liveQuery with `containedIn` not working when object field is an array ([#8128](#8128)) ([1d9605b](1d9605b))
* protected fields exposed via LiveQuery (GHSA-crrq-vr9j-fxxh) [skip release] ([#8076](#8076)) ([9fd4516](9fd4516))
* push notifications `badge` doesn't update with Installation beforeSave trigger ([#8162](#8162)) ([3c75c2b](3c75c2b))
* query aggregation pipeline cannot handle value of type `Date` when `directAccess: true` ([#8167](#8167)) ([e424137](e424137))
* relation constraints in compound queries `Parse.Query.or`, `Parse.Query.and` not working ([#8203](#8203)) ([28f0d26](28f0d26))
* security upgrade undici from 5.6.0 to 5.8.0 ([#8108](#8108)) ([4aa016b](4aa016b))
* server crashes when receiving file download request with invalid byte range; this fixes a security vulnerability that allows an attacker to impact the availability of the server instance; the fix improves parsing of the range parameter to properly handle invalid range requests ([GHSA-h423-w6qv-2wj3](GHSA-h423-w6qv-2wj3)) [skip release] ([#8238](#8238)) ([c03908f](c03908f))
* session object properties can be updated by foreign user; this fixes a security vulnerability in which a foreign user can write to the session object of another user if the session object ID is known; the fix prevents writing to foreign session objects ([GHSA-6w4q-23cf-j9jp](GHSA-6w4q-23cf-j9jp)) [skip release] ([#8180](#8180)) ([37fed30](37fed30))
* sorting by non-existing value throws `INVALID_SERVER_ERROR` on Postgres ([#8157](#8157)) ([3b775a1](3b775a1))
* updating object includes unchanged keys in client response for certain key types ([#8159](#8159)) ([37af1d7](37af1d7))

### Features

* add convenience access to Parse Server configuration in Cloud Code via `Parse.Server` ([#8244](#8244)) ([9f11115](9f11115))
* add option to change the default value of the `Parse.Query.limit()` constraint ([#8152](#8152)) ([0388956](0388956))
* add support for MongoDB 6 ([#8242](#8242)) ([aba0081](aba0081))
* add support for Postgres 15 ([#8215](#8215)) ([2feb6c4](2feb6c4))
* liveQuery support for unsorted distance queries ([#8221](#8221)) ([0f763da](0f763da))
@parseplatformorg
Copy link
Contributor

🎉 This change has been released in version 5.4.0-alpha.1

parseplatformorg pushed a commit that referenced this pull request Nov 19, 2022
@semantic-release-bot
chore(release): 5.4.0 [skip ci]
9b34b02 
# [5.4.0](5.3.3...5.4.0) (2022-11-19)

### Bug Fixes

* authentication adapter app ID validation may be circumvented; this fixes a vulnerability that affects configurations which allow users to authenticate using the Parse Server authentication adapter for *Facebook* or *Spotify* and where the server-side authentication adapter configuration `appIds` is set as a string (e.g. `abc`) instead of an array of strings (e.g. `["abc"]`) ([GHSA-r657-33vp-gp22](GHSA-r657-33vp-gp22)) [skip release] ([#8187](#8187)) ([8c8ec71](8c8ec71))
* brute force guessing of user sensitive data via search patterns (GHSA-2m6g-crv8-p3c6) ([#8146](#8146)) [skip release] ([4c0c7c7](4c0c7c7))
* certificate in Apple Game Center auth adapter not validated [skip release] ([#8058](#8058)) ([75af9a2](75af9a2))
* graphQL query ignores condition `equalTo` with value `false` ([#8032](#8032)) ([7f5a15d](7f5a15d))
* internal indices for classes `_Idempotency` and `_Role` are not protected in defined schema ([#8121](#8121)) ([c16f529](c16f529))
* invalid file request not properly handled [skip release] ([#8062](#8062)) ([4c9e956](4c9e956))
* liveQuery with `containedIn` not working when object field is an array ([#8128](#8128)) ([1d9605b](1d9605b))
* protected fields exposed via LiveQuery (GHSA-crrq-vr9j-fxxh) [skip release] ([#8076](#8076)) ([9fd4516](9fd4516))
* push notifications `badge` doesn't update with Installation beforeSave trigger ([#8162](#8162)) ([3c75c2b](3c75c2b))
* query aggregation pipeline cannot handle value of type `Date` when `directAccess: true` ([#8167](#8167)) ([e424137](e424137))
* relation constraints in compound queries `Parse.Query.or`, `Parse.Query.and` not working ([#8203](#8203)) ([28f0d26](28f0d26))
* security upgrade undici from 5.6.0 to 5.8.0 ([#8108](#8108)) ([4aa016b](4aa016b))
* server crashes when receiving file download request with invalid byte range; this fixes a security vulnerability that allows an attacker to impact the availability of the server instance; the fix improves parsing of the range parameter to properly handle invalid range requests ([GHSA-h423-w6qv-2wj3](GHSA-h423-w6qv-2wj3)) [skip release] ([#8238](#8238)) ([c03908f](c03908f))
* session object properties can be updated by foreign user; this fixes a security vulnerability in which a foreign user can write to the session object of another user if the session object ID is known; the fix prevents writing to foreign session objects ([GHSA-6w4q-23cf-j9jp](GHSA-6w4q-23cf-j9jp)) [skip release] ([#8180](#8180)) ([37fed30](37fed30))
* sorting by non-existing value throws `INVALID_SERVER_ERROR` on Postgres ([#8157](#8157)) ([3b775a1](3b775a1))
* updating object includes unchanged keys in client response for certain key types ([#8159](#8159)) ([37af1d7](37af1d7))

### Features

* add convenience access to Parse Server configuration in Cloud Code via `Parse.Server` ([#8244](#8244)) ([9f11115](9f11115))
* add option to change the default value of the `Parse.Query.limit()` constraint ([#8152](#8152)) ([0388956](0388956))
* add support for MongoDB 6 ([#8242](#8242)) ([aba0081](aba0081))
* add support for Postgres 15 ([#8215](#8215)) ([2feb6c4](2feb6c4))
* liveQuery support for unsorted distance queries ([#8221](#8221)) ([0f763da](0f763da))
@parseplatformorg
Copy link
Contributor

🎉 This change has been released in version 5.4.0

@parseplatformorg parseplatformorg added the state:released Released as stable version label Nov 19, 2022
@parseplatformorg
Copy link
Contributor

🎉 This change has been released in version 5.4.0

@parseplatformorg parseplatformorg added the state:released-5.x.x Released as LTS version label Nov 19, 2022
dblythy pushed a commit to dblythy/parse-server that referenced this pull request Feb 15, 2023
@semantic-release-bot @dblythy
chore(release): 5.4.0-alpha.1 [skip ci]
f3c3f3e 
* authentication adapter app ID validation may be circumvented; this fixes a vulnerability that affects configurations which allow users to authenticate using the Parse Server authentication adapter for *Facebook* or *Spotify* and where the server-side authentication adapter configuration `appIds` is set as a string (e.g. `abc`) instead of an array of strings (e.g. `["abc"]`) ([GHSA-r657-33vp-gp22](GHSA-r657-33vp-gp22)) [skip release] ([parse-community#8187](parse-community#8187)) ([8c8ec71](parse-community@8c8ec71))
* brute force guessing of user sensitive data via search patterns (GHSA-2m6g-crv8-p3c6) ([parse-community#8146](parse-community#8146)) [skip release] ([4c0c7c7](parse-community@4c0c7c7))
* certificate in Apple Game Center auth adapter not validated [skip release] ([parse-community#8058](parse-community#8058)) ([75af9a2](parse-community@75af9a2))
* graphQL query ignores condition `equalTo` with value `false` ([parse-community#8032](parse-community#8032)) ([7f5a15d](parse-community@7f5a15d))
* internal indices for classes `_Idempotency` and `_Role` are not protected in defined schema ([parse-community#8121](parse-community#8121)) ([c16f529](parse-community@c16f529))
* invalid file request not properly handled [skip release] ([parse-community#8062](parse-community#8062)) ([4c9e956](parse-community@4c9e956))
* liveQuery with `containedIn` not working when object field is an array ([parse-community#8128](parse-community#8128)) ([1d9605b](parse-community@1d9605b))
* protected fields exposed via LiveQuery (GHSA-crrq-vr9j-fxxh) [skip release] ([parse-community#8076](parse-community#8076)) ([9fd4516](parse-community@9fd4516))
* push notifications `badge` doesn't update with Installation beforeSave trigger ([parse-community#8162](parse-community#8162)) ([3c75c2b](parse-community@3c75c2b))
* query aggregation pipeline cannot handle value of type `Date` when `directAccess: true` ([parse-community#8167](parse-community#8167)) ([e424137](parse-community@e424137))
* relation constraints in compound queries `Parse.Query.or`, `Parse.Query.and` not working ([parse-community#8203](parse-community#8203)) ([28f0d26](parse-community@28f0d26))
* security upgrade undici from 5.6.0 to 5.8.0 ([parse-community#8108](parse-community#8108)) ([4aa016b](parse-community@4aa016b))
* server crashes when receiving file download request with invalid byte range; this fixes a security vulnerability that allows an attacker to impact the availability of the server instance; the fix improves parsing of the range parameter to properly handle invalid range requests ([GHSA-h423-w6qv-2wj3](GHSA-h423-w6qv-2wj3)) [skip release] ([parse-community#8238](parse-community#8238)) ([c03908f](parse-community@c03908f))
* session object properties can be updated by foreign user; this fixes a security vulnerability in which a foreign user can write to the session object of another user if the session object ID is known; the fix prevents writing to foreign session objects ([GHSA-6w4q-23cf-j9jp](GHSA-6w4q-23cf-j9jp)) [skip release] ([parse-community#8180](parse-community#8180)) ([37fed30](parse-community@37fed30))
* sorting by non-existing value throws `INVALID_SERVER_ERROR` on Postgres ([parse-community#8157](parse-community#8157)) ([3b775a1](parse-community@3b775a1))
* updating object includes unchanged keys in client response for certain key types ([parse-community#8159](parse-community#8159)) ([37af1d7](parse-community@37af1d7))

* add convenience access to Parse Server configuration in Cloud Code via `Parse.Server` ([parse-community#8244](parse-community#8244)) ([9f11115](parse-community@9f11115))
* add option to change the default value of the `Parse.Query.limit()` constraint ([parse-community#8152](parse-community#8152)) ([0388956](parse-community@0388956))
* add support for MongoDB 6 ([parse-community#8242](parse-community#8242)) ([aba0081](parse-community@aba0081))
* add support for Postgres 15 ([parse-community#8215](parse-community#8215)) ([2feb6c4](parse-community@2feb6c4))
* liveQuery support for unsorted distance queries ([parse-community#8221](parse-community#8221)) ([0f763da](parse-community@0f763da))
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@mtrezza mtrezza mtrezza approved these changes

Assignees
No one assigned
Labels
state:released Released as stable version state:released-5.x.x Released as LTS version state:released-alpha Released as alpha version state:released-beta Released as beta version
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

withinKilometers withinMiles withinRadians not working with Live Query
3 participants
@dplewis @mtrezza @parseplatformorg