go/pocketbase
1
0
Fork 0
mirror of https://github.com/pocketbase/pocketbase.git synced 2025-01-27 07:18:15 +02:00
Code Issues Releases Activity
pocketbase/CHANGELOG.md

13 KiB
Raw Blame History

v0.23.0-rc7 (WIP)

Caution

This is a prerelease intended for test and experimental purposes only!

  • Attach the default panic-recover middleware after the activity logger so that we can log the error.

  • Updated the RequestEvent.BindBody FormData type inferring rules to convert numeric strings into float64 only if the resulting minimal number string representation matches the initial FormData string value (#5687).

  • Fixed the JSVM types to include properly generated function declarations when the related Go functions have shortened/combined return values.

  • Reorganized the record table fields<->columns syncing to remove the PRAGMA writable_schema usage.

v0.23.0-rc6

Caution

This is a prerelease intended for test and experimental purposes only!

  • Fixed realtime 403 API error on resubscribe (#5674).

  • Fixed the auto OAuth2 avatar mapped field assignment when the OAuth2 provider doesn't return an avatar URL (#5673). In case the avatar retrieval fails and the mapped record field "Required" option is not set, the error is silenced and only logged with WARN level.

  • Added Router.SEARCH(path, action) helper method for registering SEARCH endpoints.

  • Changed all builtin middlewares to return *hook.Handler[*core.RequestEvent] with a default middleware id for consistency and to allow removal. Or in other words, replace .BindFunc(apis.Gzip()) with .Bind(apis.Gzip()).

  • Updated the JSVM types to reflect the recent changes.

v0.23.0-rc5

Caution

This is a prerelease intended for test and experimental purposes only!

  • Added Notion OAuth2 provider (#4999; thanks @s-li1).

  • Added monday.com OAuth2 provider (#5346; thanks @Jaytpa01).

  • Added option to retrieve the OIDC OAuth2 user info from the id_token payload for the cases when the provider doesn't have a dedicated user info endpoint.

  • Fixed the relation record picker to sort by default by @rowid instead of the created field as the latter is optional (#5641).

  • Fixed the UI "Set Superusers only" button click not properly resetting the input state.

  • Fixed the OAuth2 providers logo path shown in the "Authorized providers" UI.

  • Fixed the single value UI for the select, file and relation fields (#5646)

v0.23.0-rc4

Caution

This is a prerelease intended for test and experimental purposes only!

  • Fixed the UI settings update form to prevent sending empty string for the mail password or the S3 secret options on resave of the form.

  • ⚠️ Added an exception for the OAuth2 field in the GO->JSVM name mapping rules:

    // old              -> new
collection.oAuth2.* -> collection.oauth2.*

  • Added more user friendly view collection truncate error message.

  • Added an extra suffix character to the name of autogenerated template migration file for *test suffixed collections to prevent acidentally resulting in _test.go migration files.

  • Added FieldsList.AddMarshaledJSON([]byte) helper method to load a serialized json array of objects or a single json object into an existing collection fields list.

  • Fixed the autogenerated Go migration template when updating a collection (#5631).

    ⚠️ If you have already used a previous prerelease and have autogenerated Go migration files, please check the migration files named {timestamp}_updated_{collection}.go and manually change:

    Old (broken) New 
    // add field / update field
if err := json.Unmarshal([]byte(`[{
    ...
}]`), &collection.Fields); err != nil {
    return err
}

    // add field / update field
if err := collection.Fields.AddMarshaledJSON([]byte(`{
    ...
}`)); err != nil {
    return err
}
    To test that your Go migration files work correctly you can try to start PocketBase with a new temp pb_data, e.g.: 
    go run . serve --dir="pb_data_temp"

v0.23.0-rc3

Caution

This is a prerelease intended for test and experimental purposes only!

  • Make PRAGMA optimize statement optional in case it is not supported by the driver (#5611).

  • Reapply the minimum required pb_data/auxiliary.db migrations if the db file was manually deleted (#5618).

  • To avoid confusion and unnecessary casting, the hook.HandlerFunc[T] type has been removed and instead everywhere we now use directly the underlying function definition, aka.:

    func(T) error

  • Fixed the UI input field type of the OTP.length field (#5617).

  • Other minor fixes (fixed API preview and examples error message typos, better hint for combined/multi-spaced view query columns, fixed the path for the HTTPS green favicon path, etc.).

v0.23.0-rc2

Caution

This is a prerelease intended for test and experimental purposes only!

  • Small update to the earlier v0.23.0-rc that uses pb_data/auxiliary.db instead of pb_data/aux.db because it seems that on Windows aux is disallowed as file name (#5607). If you have already upgraded to v0.23.0-rc please rename manually your pb_data/aux.db file to pb_data/auxiliary.db.

v0.23.0-rc

Caution

This is a prerelease intended for test and experimental purposes only!

It introduces many Go/JSVM breaking changes and requires manual migration steps.

All new features will be reflected in the new website documentation with the final v0.23.0 release.

Note

Please note that you don't have to upgrade to PocketBase v0.23.0 if you are not planning further developing your existing app and/or are satisfied with the v0.22.x features set. There are no identified critical issues with PocketBase v0.22.x yet and in the case of critical bugs and security vulnerabilities, the fixes will be backported for at least until Q1 of 2025 (if not longer).

If you don't plan upgrading just make sure to pin the SDKs version to their latest PocketBase v0.22.x compatible:

  • JS SDK: <0.22.0
  • Dart SDK: <0.19.0

PocketBase v0.23.0-rc is a major refactor of the internals with the overall goal of making PocketBase an easier to use Go framework.

There are many changes but to highlight some of the most notable ones:

  • Replaced echo with a new router built on top of the Go 1.22 net/http mux enhancements.
  • Merged daos packages in core.App to simplify the DB operations (the models package structs are also migrated in core).
  • Option to specify custom DBConnect function as part of the app configuration to allow different database/sql SQLite drivers (turso/libsql, sqlcipher, etc.) and custom builds.
  • New hooks allowing better control over the execution chain and error handling (including wrapping an entire hook chain in a single DB transaction).
  • Various Record model improvements (support for get/set modifiers, simplfied file upload by treating the file(s) as regular field value like record.Set("document", file), etc.).
  • Dedicated fields structs with safer defaults to make it easier creating/updating collections programmatically.
  • Option to mark field as Private/Hidden, disallowing regular users to read or modify it (there is also a dedicated Record hook to hide/unhide Record fields programmatically from a single place).
  • Option to customize the default system collection fields (id, email, password, etc.).
  • Admins are now system _superusers auth records.
  • Builtin rate limiter (supports tags, wildcards and exact routes matching).
  • Batch/transactional Web API endpoint.
  • Impersonate Web API endpoint (it could be also used for generating fixed/non-refreshable superuser tokens, aka. "API keys").
  • Support for custom user request activity log attributes.
  • One-Time Password (OTP) auth method (via email code).
  • Multi-Factor Authentication (MFA) support (currently requires any 2 different auth methods to be used).
  • Support for Record "proxy/projection" in preparation for the planned autogeneration of typed Go record models.
  • Various minor UI improvements (recursive Presentable view, slightly different collection options organization, zoom/pan for the logs chart, etc.)
  • and many more...

In terms of performance, the Go standard router mux is known to be slightly slower compared to Gin, Echo, etc. implementations, but based on my local tests the difference is negliable. The benchmarks repo will be updated with the final v0.23.0 release (currently there seems to be ~10% memory consumption increase which I'll have to investigate to see whether it is from the router change or from the new hooks).

Go/JSVM APIs changes

For upgrading to PocketBase v0.23.0, please refer to:

SDKs changes

Web APIs changes

  • New POST /api/batch endpoint.

  • New GET /api/collections/meta/scaffolds endpoint.

  • New DELETE /api/collections/{collection}/truncate endpoint.

  • New POST /api/collections/{collection}/request-otp endpoint.

  • New POST /api/collections/{collection}/auth-with-otp endpoint.

  • New POST /api/collections/{collection}/impersonate/{id} endpoint.

  • ⚠️ Previously when uploading new files to a multiple file field, new files were automatically appended to the existing field values. This behaviour has changed with v0.23+ and for consistency with the other multi-valued fields when uploading new files they will replace the old ones. If you want to prepend or append new files to an existing multiple file field value you can use the + prefix or suffix:

    "documents": [file1, file2]  // => [file1_name, file2_name]
"+documents": [file1, file2] // => [file1_name, file2_name, old1_name, old2_name]
"documents+": [file1, file2] // => [old1_name, old2_name, file1_name, file2_name]

  • ⚠️ Removed GET /records/{id}/external-auths and DELETE /records/{id}/external-auths/{provider} endpoints because this is now handled by sending list and delete requests to the _externalAuths collection.

  • ⚠️ Changes to the app settings model fields and response (+new options such as trustedProxy, rateLimits, batch, etc.). The app settings Web APIs are mostly used by the Dashboard UI and rarely by the end users, but if you want to check all settings changes please refer to the Settings Go struct.

  • ⚠️ New flatten Collection model and fields structure. The Collection model Web APIs are mostly used by the Dashboard UI and rarely by the end users, but if you want to check all changes please refer to the Collection Go struct.

  • ⚠️ The top level error response code key was renamed to status for consistency with the Go APIs. The error field key remains code:

    {
    "status": 400, // <-- old: "code"
    "message": "Failed to create record.",
    "data": {
        "title": {
            "code": "validation_required",
            "message": "Missing required value."
        }
    }
}

  • ⚠️ New fields in the GET /api/collections/{collection}/auth-methods response. The old authProviders, usernamePassword, emailPassword fields are still returned in the response but are considered deprecated and will be removed in the future.

    {
    "mfa": {
        "duration": 100,
        "enabled": true
    },
    "otp": {
        "duration": 0,
        "enabled": false
    },
    "password": {
        "enabled": true,
        "identityFields": ["email", "username"]
    },
    "oauth2": {
        "enabled": true,
        "providers": [{"name": "gitlab", ...}, {"name": "google", ...}]
    },
    // old fields...
}

  • ⚠️ Soft-deprecated the OAuth2 auth success meta.avatarUrl field in favour of meta.avatarURL.