From ba3cf52a7f1c318e9b56a625e89a305ee0781dbb Mon Sep 17 00:00:00 2001 From: Manuel <5673677+mtrezza@users.noreply.github.com> Date: Fri, 27 Aug 2021 20:41:43 +0200 Subject: [PATCH 1/4] add issue bot for prs --- .github/workflows/issue-bot.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/issue-bot.yml b/.github/workflows/issue-bot.yml index 18eb37ada1..4750fa403d 100644 --- a/.github/workflows/issue-bot.yml +++ b/.github/workflows/issue-bot.yml @@ -1,5 +1,8 @@ name: Issue Bot -on: [issues] +on: + issues: + pull_request: + types: [opened, reopened, edited] jobs: issue-bot: runs-on: ubuntu-latest From 2af63500e801739ce20bcd7767d93164591764e4 Mon Sep 17 00:00:00 2001 From: Manuel <5673677+mtrezza@users.noreply.github.com> Date: Fri, 27 Aug 2021 20:45:32 +0200 Subject: [PATCH 2/4] Update CHANGELOG.md --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index b04fa45be0..ed242afc50 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -146,6 +146,7 @@ ___ - Add ability to pass context of an object via a header, X-Parse-Cloud-Context, for Cloud Code triggers. The header addition allows client SDK's to add context without injecting _context in the body of JSON objects (Corey Baker) [#7437](https://github.com/parse-community/parse-server/pull/7437) - Add CI check to add changelog entry (Manuel Trezza) [#7512](https://github.com/parse-community/parse-server/pull/7512) - Refactor: uniform issue templates across repos (Manuel Trezza) [#7528](https://github.com/parse-community/parse-server/pull/7528) +- ci: add Issue Bot for PRs (Manuel Trezza) [#7530](https://github.com/parse-community/parse-server/pull/7530) ## 4.10.2 [Full Changelog](https://github.com/parse-community/parse-server/compare/4.10.1...4.10.2) From d7a34ceeb9d99c995643c5c2dd6d8d7cb4f791b3 Mon Sep 17 00:00:00 2001 From: Manuel <5673677+mtrezza@users.noreply.github.com> Date: Fri, 27 Aug 2021 20:50:41 +0200 Subject: [PATCH 3/4] Update issue-bot.yml --- .github/workflows/issue-bot.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/issue-bot.yml b/.github/workflows/issue-bot.yml index 4750fa403d..dd59371116 100644 --- a/.github/workflows/issue-bot.yml +++ b/.github/workflows/issue-bot.yml @@ -1,6 +1,7 @@ name: Issue Bot on: issues: + types: [opened, reopened, edited] pull_request: types: [opened, reopened, edited] jobs: From 4e70e7bfc987c9cae89adef5f2b0e8826669e825 Mon Sep 17 00:00:00 2001 From: Manuel <5673677+mtrezza@users.noreply.github.com> Date: Thu, 2 Sep 2021 16:52:06 +0200 Subject: [PATCH 4/4] add best practice page --- BEST_PRACTICE.md | 27 +++++++++++++++++++++++++++ CHANGELOG.md | 1 + README.md | 5 +++++ 3 files changed, 33 insertions(+) create mode 100644 BEST_PRACTICE.md diff --git a/BEST_PRACTICE.md b/BEST_PRACTICE.md new file mode 100644 index 0000000000..a860a37698 --- /dev/null +++ b/BEST_PRACTICE.md @@ -0,0 +1,27 @@ +# Best Practice + +- [Security](#security) + - [Firewall](#firewall) +- [Optimization](#optimization) + - [Database](#database) + - [Queries](#queries) + +*This page is a work in progress and by no means complete. If you have any suggestions, please open a PR to extend the list.* + +## Security + +### Firewall + +Protect all Parse Server endpoints using a Firewall. For example, rate-limiting the number of requests per IP address can mitigate the risk of malicious attempts to scape user data, flood your database and simple DDoS attacks. + +## Optimization + +The following is a list of design considerations to optimize data traffic. + +### Database + +- Use short field names; field names need to be stored in the database just like the field values; short field names not only require less database storage but also reduce the data traffic between database, server and client. + +### Queries + +- Use `select` and `exclude` to transfer only the fields that you need instead of the whole object. \ No newline at end of file diff --git a/CHANGELOG.md b/CHANGELOG.md index 162cf851d8..e4f1ef1864 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -150,6 +150,7 @@ ___ - Add CI check to add changelog entry (Manuel Trezza) [#7512](https://github.com/parse-community/parse-server/pull/7512) - Refactor: uniform issue templates across repos (Manuel Trezza) [#7528](https://github.com/parse-community/parse-server/pull/7528) - ci: bump ci environment (Manuel Trezza) [#7539](https://github.com/parse-community/parse-server/pull/7539) +- docs: add best practice page (Manuel Trezza) [#7541](https://github.com/parse-community/parse-server/pull/7541) ## 4.10.3 [Full Changelog](https://github.com/parse-community/parse-server/compare/4.10.2...4.10.3) diff --git a/README.md b/README.md index 7137ec153c..47adb6f719 100644 --- a/README.md +++ b/README.md @@ -76,6 +76,7 @@ The full documentation for Parse Server is available in the [wiki](https://githu - [Reserved Keys](#reserved-keys) - [Parameters](#parameters-1) - [Logging](#logging) +- [Best Practice](#best-practice) - [Deprecations](#deprecations) - [Live Query](#live-query) - [GraphQL](#graphql) @@ -740,6 +741,10 @@ Logs are also viewable in Parse Dashboard. **Want new line delimited JSON error logs (for consumption by CloudWatch, Google Cloud Logging, etc)?** Pass the `JSON_LOGS` environment variable when starting `parse-server`. Usage :- `JSON_LOGS='1' parse-server --appId APPLICATION_ID --masterKey MASTER_KEY` +# Best Practice + +See the [Best Practice](https://github.com/parse-community/parse-server/blob/master/BEST_PRACTICE.md) page for security considerations and common server and database optimizations. + # Deprecations See the [Deprecation Plan](https://github.com/parse-community/parse-server/blob/master/DEPRECATIONS.md) for an overview of deprecations and planned breaking changes.