Merge commit '089b2ab99e6211c87d68deb2e10b62d56e39c0ff'

Conflicts:
	.gitignore

Author: Krit

.github/ISSUE_TEMPLATE.md

@@ -11,3 +11,4 @@ Make sure these boxes are checked before submitting your issue -- thanks for rep
 
 
 #### Logs/Trace
+Note: If you get a browser JS error please run `npm run dev`. This will provide source maps and a much more useful stack trace.

.gitignore

@@ -8,6 +8,7 @@ npm-debug.log
 
 // vim .swp
 *.swp
+
 ### Node template
 # Logs
 logs
@@ -85,3 +86,4 @@ com_crashlytics_export_strings.xml
 crashlytics.properties
 crashlytics-build.properties
 
+.env

.npmignore

@@ -0,0 +1 @@
+Parse Dashboard/parse-dashboard-config.json

CHANGELOG.md

@@ -0,0 +1,26 @@
+## Parse Dashboard Changelog
+
+### 1.0.8
+
+* Allow Dashboard to be mounted as Express middleware, thanks to [Florent Vilmart](https://github.com/flovilmart)
+* Add an option to specify that your app is in production, thanks to [Dylan Diamond](https://github.com/dcdspace)
+* Fix GeoPoints in Parse Config, thanks to [Dylan Diamond](https://github.com/dcdspace)
+* Allow specification of the host the dashboard runs on, thanks to [hpello](https://github.com/hpello)
+* Miscellaneous look-and-feel improvements
+
+### 1.0.7
+
+* Fix sending pushes with badge increment
+
+### 1.0.6
+
+* Send push notifications from the dashboard
+* Add object count to relation browser, thanks to [Sergey Gavrilyuk](https://github.com/gavrix)
+
+### 1.0.5
+
+* Fix new features notification
+
+### 1.0.4
+
+* Class level permissions editor

CONTRIBUTING.md

@@ -3,9 +3,9 @@ We want to make contributing to this project as easy and transparent as
 possible.
 
 ## Our Development Process
-The standard installation method also clones the git repository, so you can start making and submitting changes right away.
+Get started by cloning this repository and and running `npm install` inside it. Create a file called `parse-dashboad-config.json` in the Parse-Dashboard folder inside the repo, using the format described in the readme.
 
-When working on the dashboard, use `npm run dashboard` and visit `localhost:4040` to see your dashboard. The `npm` script will automatically re-build your files when you change them, so after making a change, all you need to do is refresh the page.
+When working on the dashboard, use `npm run dashboard` and visit `localhost:4040` to see your dashboard. The `npm run dashboard` script will automatically re-build your files when you change them, so after making a change, all you need to do is refresh the page.
 
 When working on React components, use `npm run pig` and visit `localhost:4041` to view our component library and documentation (you can have both Dashboard and PIG running at once). The demos for each component are the primary way we test components, although there are also a small number of automated tests you can run with `npm test`. If you would like to create a new component that does not exist in the component library, use `npm run generate yourComponentName` to generate boilerplate code and quickly get started.
 
@@ -33,8 +33,6 @@ Facebook has a [bounty program](https://www.facebook.com/whitehat/) for the safe
 disclosure of security bugs. In those cases, please go through the process
 outlined on that page and do not file a public issue.
 
-
 ## License
 By contributing to Parse Dashboard, you agree that your contributions will be licensed
 under its license.
-

LICENSE

@@ -4,6 +4,23 @@ For Parse Dashboard software
 
 Copyright (c) 2015-Present, Parse, LLC.  All rights reserved.
 
-Parse, LLC. ("Parse") owns all right, title and interest, including all intellectual property and other proprietary rights, in and to the Parse Dashboard software (the "Software").  Subject to your compliance with these terms, you are hereby granted a non-exclusive, worldwide, royalty-free copyright license to (1) use and copy the Software; and (2) reproduce and distribute the Software as part of your own software ("Your Software").  Parse reserves all rights not expressly granted to you in this license agreement.
+Parse, LLC. ("Parse") owns all right, title and interest, including all
+intellectual property and other proprietary rights, in and to the Parse Dashboard
+software (the "Software"). Subject to your compliance with these terms, you are
+hereby granted a non-exclusive, worldwide, royalty-free copyright license to
+(1) use and copy the Software; and (2) reproduce and distribute the Software as part
+of your own software ("Your Software"), provided Your Software does not consist
+solely of the Software; and (3) modify the Software for your own internal use.
+Parse reserves all rights not expressly granted to you in this license agreement.
 
-THE SOFTWARE AND DOCUMENTATION, IF ANY, ARE PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES (INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE) ARE DISCLAIMED.  IN NO EVENT SHALL Parse OR ITS AFFILIATES, OFFICERS, DIRECTORS OR EMPLOYEES BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THE SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+THE SOFTWARE AND DOCUMENTATION, IF ANY, ARE PROVIDED "AS IS" AND ANY EXPRESS OR
+IMPLIED WARRANTIES (INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE) ARE DISCLAIMED.
+IN NO EVENT SHALL FACEBOOK OR ITS AFFILIATES, OFFICERS, DIRECTORS OR EMPLOYEES
+BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
+IN ANY WAY OUT OF THE USE OF THE SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
+OF SUCH DAMAGE.

Parse-Dashboard/app.js

@@ -0,0 +1,117 @@
+'use strict';
+const express = require('express');
+const basicAuth = require('basic-auth');
+const path = require('path');
+const packageJson = require('package-json');
+
+const currentVersionFeatures = require('../package.json').parseDashboardFeatures;
+
+var newFeaturesInLatestVersion = [];
+packageJson('parse-dashboard', 'latest').then(latestPackage => {
+  if (latestPackage.parseDashboardFeatures instanceof Array) {
+    newFeaturesInLatestVersion = latestPackage.parseDashboardFeatures.filter(feature => {
+      return currentVersionFeatures.indexOf(feature) === -1;
+    });
+  }
+});
+
+function getMount(req) {
+  let url = req.url;
+  let originalUrl = req.originalUrl;
+  var mountPathLength = req.originalUrl.length - req.url.length;
+  var mountPath = req.originalUrl.slice(0, mountPathLength);
+  if (!mountPath.endsWith('/')) {
+    mountPath += '/';
+  }
+  return mountPath;
+}
+
+module.exports = function(config, allowInsecureHTTP) {
+  var app = express();
+  // Serve public files.
+  app.use(express.static(path.join(__dirname,'public')));
+
+  // Serve the configuration.
+  app.get('/parse-dashboard-config.json', function(req, res) {
+    const response = {
+      apps: config.apps,
+      newFeaturesInLatestVersion: newFeaturesInLatestVersion,
+    };
+    const users = config.users;
+
+    let auth = null;
+    //If they provide auth when their config has no users, ignore the auth
+    if (users) {
+      auth = basicAuth(req);
+    }
+
+    //Based on advice from Doug Wilson here:
+    //https://github.com/expressjs/express/issues/2518
+    const requestIsLocal =
+      req.connection.remoteAddress === '127.0.0.1' ||
+      req.connection.remoteAddress === '::ffff:127.0.0.1' ||
+      req.connection.remoteAddress === '::1';
+    if (!requestIsLocal && !req.secure && !allowInsecureHTTP) {
+      //Disallow HTTP requests except on localhost, to prevent the master key from being transmitted in cleartext
+      return res.send({ success: false, error: 'Parse Dashboard can only be remotely accessed via HTTPS' });
+    }
+
+    if (!requestIsLocal && !users) {
+      //Accessing the dashboard over the internet can only be done with username and password
+      return res.send({ success: false, error: 'Configure a user to access Parse Dashboard remotely' });
+    }
+
+    const successfulAuth =
+      //they provided auth
+      auth &&
+      //there are configured users
+      users &&
+      //the provided auth matches one of the users
+      users.find(user => {
+        return user.user == auth.name &&
+               user.pass == auth.pass
+      });
+    if (successfulAuth) {
+      //They provided correct auth
+      return res.json(response);
+    }
+
+    if (users || auth) {
+      //They provided incorrect auth
+      res.set('WWW-Authenticate', 'Basic realm=Authorization Required');
+      return res.sendStatus(401);
+    }
+
+    //They didn't provide auth, and have configured the dashboard to not need auth
+    //(ie. didn't supply usernames and passwords)
+    if (requestIsLocal) {
+      //Allow no-auth access on localhost only, if they have configured the dashboard to not need auth
+      return res.json(response);
+    }
+    //We shouldn't get here. Fail closed.
+    res.send({ success: false, error: 'Something went wrong.' });
+  });
+
+  // For every other request, go to index.html. Let client-side handle the rest.
+  app.get('/*', function(req, res) {
+    let mountPath = getMount(req);
+    res.send(`<!DOCTYPE html>
+      <head>
+        <link rel="shortcut icon" type="image/x-icon" href="${mountPath}favicon.ico" />
+        <base href="${mountPath}"/>
+        <script>
+          PARSE_DASHBOARD_PATH = "${mountPath}";
+        </script>
+      </head>
+      <html>
+        <title>Parse Dashboard</title>
+        <body>
+          <div id="browser_mount"></div>
+          <script src="${mountPath}bundles/dashboard.bundle.js"></script>
+        </body>
+      </html>
+    `);
+  });
+
+  return app;
+}