Version 4.0.0

Added

• #396: add access control list (see https://docs.dadi.cloud/api/4.0#authorisation-and-permissions)
• #449: remove /config endpoints

Changed

• #438: make CORS enabled by default
• #447: adds an additional content type check when determining if the current request should be parsed by the JSON parsing middleware

BREAKING CHANGES

Access control list

The main change from version 3 to 4 is the introduction of the access control list. It's technically a breaking change, since any clients without {"accessType": "admin"} will lose access to everything by default. They need to be assigned permissions for the individual resources they should be able to access, either directly or via roles.

If you don't want to use the new advanced permissions and instead keep your clients with unrestricted access to API resources, make sure to set {"accessType": "admin"} in their database records. API doesn't currently offer a way to change this property via the endpoints, so you'll need to manually make this change in the database.

Removal of write mode on configuration endpoints

Version 4 removes the ability for clients to create, modify and delete collections, custom endpoints or update the main API configuration. The read endpoints were kept – e.g. GET /api/config is valid, but POST /api/config is not.

Other breaking changes

• Requesting a document by ID (e.g. /version/database/collection/doc123456) now returns a 404 if the given ID does not correspond to a valid document, instead of returning a 200 with an empty result set. This behaviour is consistent with the DELETE and PUT verbs.

Version 4.0.0 (RC 3)

v4.0.0-rc3

Version 4.0.0-rc3

Version 4.0.0 (RC 2)

v4.0.0-rc2

chore: version 4.0.0-rc2

Version 4.0.0 (RC 1)

v4.0.0-rc1

chore: bump version

Version 3.2.1

Changed

• #435: Fix issue where filtering Object fields with nested queries would return a 400 error.

Version 3.2.0

Added

Allow DELETE requests to a media collection

Send a DELETE request to a media collection endpoint, specifying a document's _id property in the URL.

If successful, a 200 response is returned (or a 204 if feedback: false is set in config):

DELETE /media/5b10e5b76b600c760dc1cb93

{
  "status": "success",
  "message": "Document deleted successfully",
  "deleted": 1,
  "totalCount": 2
}

Digital Ocean Spaces support

This version extends the S3 storage handler to support Digital Ocean Spaces (an S3-compatible API). Simply add a Digital Ocean access key and secret along with an endpoint to the media.s3 configuration block.

"media": {
  "enabled": true,
  "storage": "s3",
  "basePath": "api-uploads",
  "pathFormat": "date",
  "s3": {
    "accessKey": "your-digital-ocean-access-key",
    "secretKey": "your-digital-ocean-secret-key",
    "bucketName": "your-digital-ocean-space",
    "region": "nyc3",
    "endpoint": "nyc3.digitaloceanspaces.com"
  }
}

Version 3.1.2

Changed

• #417: Fix issue where Reference fields pointing to the media collection were not fully resolved.

Version 3.1.1

Changed

• #413: Pass req object to hooks.

Version 3.1.0

Added

• #157: Documents in Reference fields are now resolved multiple times if settings.strictCompose is set to true
• #177: Model API now supports Promises and named parameters. old syntax is retained for backward-compatibility.
• #329: Fields in referenced documents can now be specified using dot-notation in the existing fields parameter.
• #336: A Reference field can now reference documents from multiple collections.
• #406: Introduced handshake function to ensure compatibility of versions between API core and data connectors.

Changed

• #196 and #323: Added field modules to encapsulate field-specific logic.
• #300: _createdAt and _lastModifiedAt internal fields are now appended to documents in the Model class.
• #371 and #384: Make defaults paths relative to the parent app, not the module.
• #390: Falsy values of Reference fields are now ignored, preserving the behavior of any other Reference fields in the document.
• #394: New DateTime field module now stores values as Unix timestamps and allows queries to be performed using any date format.
• #405: Lock down major version of @dadi/logger.

Version 3.1.0 (beta)

Added

• #157: Documents in Reference fields are now resolved multiple times if settings.strictCompose is set to true
• #177: Model API now supports Promises and named parameters. old syntax is retained for backward-compatibility.
• #329: Fields in referenced documents can now be specified using dot-notation in the existing fields parameter.
• #336: A Reference field can now reference documents from multiple collections.
• #406: Introduced handshake function to ensure compatibility of versions between API core and data connectors.

Changed

• #196 and #323: Added field modules to encapsulate field-specific logic.
• #300: _createdAt and _lastModifiedAt internal fields are now appended to documents in the Model class.
• #371 and #384: Make defaults paths relative to the parent app, not the module.
• #390: Falsy values of Reference fields are now ignored, preserving the behavior of any other Reference fields in the document.
• #394: New DateTime field module now stores values as Unix timestamps and allows queries to be performed using any date format.
• #405: Lock down major version of @dadi/logger.