Description
New Issue Checklist
- I am not disclosing a vulnerability.
- I am not just asking a question.
- I have searched through existing issues.
- I can reproduce the issue with the latest version of Parse Server.
Issue Description
#6636 sets directAccess=true by default and seems to have introduced a breaking change that is prevalent saving a new object in a afterFind trigger using the masterKey on postgres. When I add a row in the Dashboard with alpha.3, I have the same issue.
I've tracked it to this PR 7593 and it's related issue #7579. 5.0.0-alpha.1 works for me, 5.0.0-alpha.2 I haven't tested yet, but it only adds a GraphQL change which I'm not using. Leaving PR 7597 in which my servers don't work anymore for 5.0.0-alpha.3. I've also tested beta.3 and the issue is still there.
Note, this completely crashes the server. Basically, when directAccess=true it can crash postgres in cloud code functions when saving a new object in cloud code (mongo works and the logs above are still relevant). This issue doesn't occur on my deployed servers that are reversed proxied and have an actual public URL. My initial thinking is useMasterKey may not be passed as I see the issue when triggering afterFind when clicking on a Parse class in the dashboard. This still needs some more investigation. I'm using the Swift SDK, but Query.and is implemented like the rest of the Client SDKs, so this a major breaking change. In addition, skimming the additions in this PR, I highly doubt the server wasn't handling $and before this PR. If I remove the code that uses triggers (see logs below), none of my client side queries work correctly because of the additions in 7593.
I'm using https://github.com/Blackburn-Labs/parse-auditor/ which audits and uses the CloudCode afterFind here: https://github.com/Blackburn-Labs/parse-auditor/blob/fc546406414b9408e8c84cb3dd20125fdc57753d/src/index.js#L69-L74. This has worked for earlier versions of ParseServer < 4.4.0 all the way up to alpha.1 (I didn't test 2).
Problem occurs on Postgres, seems to be working on Mongo.
Steps to reproduce
Login with a user and perform queries afterFind.
I'm still looking into how to replicate the problem as a test case.
Actual Outcome
Server crashes with the logs below.
It seems, the change in the linked PR causes the a problem around here:
Expected Outcome
No crashing when directAccess=true and for the new object created in the trigger to be saved to the server.
Environment
Server
- Parse Server version: 5.0.0.alpha.3 and tested 5.0.0.beta.3
- Operating system: Linux
- Local or remote host (AWS, Azure, Google Cloud, Heroku, Digital Ocean, etc): Local docker
Database
- System (MongoDB or Postgres): Postgres
- Database version: Postgres 13
- Local or remote host (MongoDB Atlas, mLab, AWS, Azure, Google Cloud, etc): Local
Client
- SDK (iOS, Android, JavaScript, PHP, Unity, etc): Swift SDK, Also tried in the Dashboard (crashes when I add a row)
- SDK version: 2.0.0 - 2.2.6
Workaround
Set directAccess=false when configuring your server.
Logs
parse-hipaa-parse-1 | info: afterSave triggered for _User for user undefined:
parse-hipaa-parse-1 | Input: {"authData":{"anonymous":{"id":"9601869f-2eef-4fff-8519-690a422310fa"}},"ACL":{"*":{"read":true,"write":false},"aAnt8JX15Q9vjix6kGdZgjRQWm5QGrPY":{"read":true,"write":true}},"createdAt":"2021-11-22T22:21:46.478Z","username":"YBBMbganzC1KGlFhhKXWFRjNn","sessionToken":"r:97d78ad4fac78246134dc96ed8c08cac","updatedAt":"2021-11-22T22:21:46.478Z","objectId":"aAnt8JX15Q9vjix6kGdZgjRQWm5QGrPY"}
parse-hipaa-parse-1 | Result: undefined {"className":"_User","triggerType":"afterSave"}
parse-hipaa-parse-1 | /parse-server/lib/ParseServer.js:258
parse-hipaa-parse-1 | throw err;
parse-hipaa-parse-1 | ^
parse-hipaa-parse-1 |
parse-hipaa-parse-1 | TypeError: Cannot read properties of undefined (reading 'type')
parse-hipaa-parse-1 | at /parse-server/lib/Adapters/Storage/Postgres/PostgresStorageAdapter.js:1344:40
parse-hipaa-parse-1 | at Array.forEach (<anonymous>)
parse-hipaa-parse-1 | at PostgresStorageAdapter.createObject (/parse-server/lib/Adapters/Storage/Postgres/PostgresStorageAdapter.js:1303:25)
parse-hipaa-parse-1 | at /parse-server/lib/Controllers/DatabaseController.js:782:29
parse-hipaa-parse-1 | at processTicksAndRejections (node:internal/process/task_queues:96:5)
parse-hipaa-parse-1 exited with code 7Enabling verbose and using Postgres:
parse-hipaa-parse-1 | verbose: REQUEST for [GET] /parse/classes/_User: {
parse-hipaa-parse-1 | "where": {},
parse-hipaa-parse-1 | "limit": 200,
parse-hipaa-parse-1 | "order": "-createdAt"
parse-hipaa-parse-1 | } {"method":"GET","url":"/parse/classes/_User","headers":{"host":"localhost:1337","content-type":"text/plain","origin":"http://localhost:4040","accept-encoding":"gzip, deflate","connection":"keep-alive","accept":"*/*","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.1 Safari/605.1.15","referer":"http://localhost:4040/","content-length":"253","accept-language":"en-US,en;q=0.9"},"body":{"where":{},"limit":200,"order":"-createdAt"}}
parse-hipaa-parse-1 | info: afterFind triggered for _User for user undefined:
parse-hipaa-parse-1 | Input: "AfterFind"
parse-hipaa-parse-1 | Result: "[{\"objectId\":\"HU0tDkfarECUNFhISewoJTwFEyPpzxL5\",\"createdAt\":\"2021-11-22T23:54:00.615Z\",\"updatedAt\":\"2021-11-22T23:54:00.615Z\",\"username\":\"Hello\",\"ACL\":{\"*\":{\"read\":true},\"HU0tDkfarECUNFhISewoJTwFEyPpzxL5\":{\"read\":true,\"write\":true}}}]" {"className":"_User","triggerType":"afterFind"}
parse-hipaa-parse-1 | info: afterFind triggered for _User for user undefined:
parse-hipaa-parse-1 | Input: "[{\"createdAt\":\"2021-11-22T23:54:00.615Z\",\"updatedAt\":\"2021-11-22T23:54:00.615Z\",\"username\":\"Hello\",\"ACL\":{\"*\":{\"read\":true},\"HU0tDkfarECUNFhISewoJTwFEyPpzxL5\":{\"read\":true,\"write\":true}},\"objectId\":\"HU0tDkfarECUNFhISewoJTwFEyPpzxL5\"}]" {"className":"_User","triggerType":"afterFind"}
parse-hipaa-parse-1 | verbose: RESPONSE from [GET] /parse/classes/_User: {
parse-hipaa-parse-1 | "response": {
parse-hipaa-parse-1 | "results": [
parse-hipaa-parse-1 | {
parse-hipaa-parse-1 | "createdAt": "2021-11-22T23:54:00.615Z",
parse-hipaa-parse-1 | "updatedAt": "2021-11-22T23:54:00.615Z",
parse-hipaa-parse-1 | "username": "Hello",
parse-hipaa-parse-1 | "ACL": {
parse-hipaa-parse-1 | "*": {
parse-hipaa-parse-1 | "read": true
parse-hipaa-parse-1 | },
parse-hipaa-parse-1 | "HU0tDkfarECUNFhISewoJTwFEyPpzxL5": {
parse-hipaa-parse-1 | "read": true,
parse-hipaa-parse-1 | "write": true
parse-hipaa-parse-1 | }
parse-hipaa-parse-1 | },
parse-hipaa-parse-1 | "objectId": "HU0tDkfarECUNFhISewoJTwFEyPpzxL5"
parse-hipaa-parse-1 | }
parse-hipaa-parse-1 | ]
parse-hipaa-parse-1 | }
parse-hipaa-parse-1 | } {"result":{"response":{"results":[{"createdAt":"2021-11-22T23:54:00.615Z","updatedAt":"2021-11-22T23:54:00.615Z","username":"Hello","ACL":{"*":{"read":true},"HU0tDkfarECUNFhISewoJTwFEyPpzxL5":{"read":true,"write":true}},"objectId":"HU0tDkfarECUNFhISewoJTwFEyPpzxL5"}]}}}
parse-hipaa-parse-1 | /parse-server/lib/ParseServer.js:258
parse-hipaa-parse-1 | throw err;
parse-hipaa-parse-1 | ^
parse-hipaa-parse-1 |
parse-hipaa-parse-1 | TypeError: Cannot read properties of undefined (reading 'type')
parse-hipaa-parse-1 | at /parse-server/lib/Adapters/Storage/Postgres/PostgresStorageAdapter.js:1344:40
parse-hipaa-parse-1 | at Array.forEach (<anonymous>)
parse-hipaa-parse-1 | at PostgresStorageAdapter.createObject (/parse-server/lib/Adapters/Storage/Postgres/PostgresStorageAdapter.js:1303:25)
parse-hipaa-parse-1 | at /parse-server/lib/Controllers/DatabaseController.js:782:29
parse-hipaa-parse-1 | at processTicksAndRejections (node:internal/process/task_queues:96:5)
parse-hipaa-parse-1 exited with code 7