Fix for api.cache.lock

The old implementation of the api.cache.lock method did not check the result of the setnx function, which could have lead to multiple nodes acquiring the same lock multiple times.

• by @vladbalmos via https://github.com/actionhero/actionhero/pull/1031

Update to the latest version of Standard

The latest version of Standard.js checks for deprecated methods from node's core. We were using a few of these older methods and they have been removed.

Misc

• Update all dependent packages to their latest versions

New actionhero github team.

This repo is now actionhero/actionhero (rather than the old evantahler/actionhero). We are a grown up organization now! All links in the project and docs should be updated.

• (mostly) by @evantahler via https://github.com/actionhero/actionhero/pull/1014 and https://github.com/actionhero/actionhero/pull/1015

Add schema inputs for Actions

Add schema input type for actions which allow validator, required, default, and formatter for actions with inputs having nested properties.

exports.addUser = {
  name: 'api/addUser',
  description: 'I add user',
  
  firstName: { required: true },
  lastName: { required: false },
  username: { required: true },
  address: {
    required: false,
    schema: {
      country: {
        required: true,
        default: 'USA'
      },
      state: { required: false },
      city: {
        required: true,
        formatter: (val) => `City:${val}`,
        validator: (val) => val.length > 10,
      }
    }
  }
  run: () => {},
}

• by @witem via https://github.com/actionhero/actionhero/pull/1026

Newly generated projects include standard.js and pass lint

New Actionhero projects (created with actionhero generate) will now include standard as a devDependency and pretest with the linter. New package.json will also include the necessary standard global ignores so that everything passes. This is all also now tested

• by @evantahler via https://github.com/actionhero/actionhero/pull/1010

fix(http): use documented api methods to set headers

We now properly supply connection.rawConnection.res.writeHead with a hash rather than an array.

• by @gergelyke via https://github.com/actionhero/actionhero/pull/1022

Misc

Update all dependant packages to their latest versions.

• This will include a major version bump to both fakeredis and primus

• Fixes a bug introduced in v16.0.1 which would crash the server if rebooting due to initializer change in development mode [#1006]
  • Fixed by @S3bb1 in https://github.com/evantahler/actionhero/pull/1007
• Upgrades our test suite & linter to Standard v9.
  • Includes dirty-chai, to enforce that the chai matchers we use in our test suite follow proper JS convention, and avoid assertions on access.

Do not require a fileLength when sending a stream

(web server) Allows Actionhero to pipe streams of unknown length to web clients, skipping the Content-Length header

• by @jacekgdudek via https://github.com/evantahler/actionhero/pull/998

Error on duplicated initializer name

When booting Actionhero, if you have initializers with duplicated names (including those which would overwrite a core initializer) the server will exit with a relevant error message.

• by @S3bb1 via https://github.com/evantahler/actionhero/pull/997

Fixes socket helper functions

(when booting the web server) cleanSocket and chmodSocket both assumed port to be a string. While this should be the case, there are no prior checks for this condition so the error thrown is quite confusing for the end user. The code has been modified to check that the port is a string type before calling indexOf on it.

• by @bayssmekanique via https://github.com/evantahler/actionhero/pull/995

Misc

• Better testing of redis shutdown behavior
• use cross-env in test environment so windows users can play along at home
• Ensure that generator and test examples pass Standard lint
• Move to the Chai assertion library in tests, dropping should

Upgrade dependent packages to latest versions

Javascript Standard Style

Version 16 is a re-write of many parts of ActionHero's internals to follow the Standard JavaScript Style Guide. This new guide replaces ESLint as our linting tool, and comes with good opinions on how to write safe, readable JS code. ActionHero now passes this linter, and as such, should be much easier to work with

All new contributions to ActionHero must follow this style, and will be tested as part of the test suite automatically.

To conform with proper JS style, some breaking changes were introduced:

• api.Connection() rather than api.connection()
• api.GenericServer() rather than api.genericServer()
• api.ActionProcessor() rather than api.actionProcessor()
• require("actionhero") not require("actionhero").actionheroPrototype should you be using ActionHero programatically.

By @evantahler via https://github.com/evantahler/actionhero/pull/983

Remove "uncaught" from error message (Taks)

• by @mklilley via https://github.com/evantahler/actionhero/pull/981

Disable file request logging by default on production

• by @evantahler via https://github.com/evantahler/actionhero/pull/986

Update all dependent packages to latest versions

• This includes replacing node-uuid with uuid (https://github.com/evantahler/actionhero/pull/984)

Maintain path when redirecting web client whose host did not match host

• If a web client's Host header/request does not match those found in api.config.servers.web.allowedRequestHosts, we will noe maintain the path of the request when redirecting
• via @evantahler via https://github.com/evantahler/actionhero/pull/977

Response type saftey for action errors and spec helper

• If your action returns a string or array, and there is an error, we should return the error as a string, and not attempt to return response.error = error, as this creates an improper javascript object. This may be a breaking change if you relied on this improper behavior
• This extends to the specHelper, whose response types should follow this same pattern. Actions with string responses will remain as string or array responses will have errors returned as strings.
• via @evantahler via https://github.com/evantahler/actionhero/pull/979

Enable/disable spechelper metadata

• In your tests, if you do not want the specHelper actions to include metadata (data.response.serverInformation, data.response.requesterInformation, and data.response.messageCount) from the server, you can configure api.specHelper.returnMetadata = false in your tests.
• via @evantahler via https://github.com/evantahler/actionhero/pull/980

This release updates the logger (api.log) in 2 meaningful ways:

• Fixes the localization of many system messages which were not using interpolation. This causes many system-specific strings to be append to your locale files when they should not have been.
  • by @evantahler via https://github.com/evantahler/actionhero/pull/975
• Creates a new config option api.config.logger.localizeLogMessages which allows developers to opt-into localizing all system log messages (api.log).
  • If you are migrating for an older version of ActionHero, your log messages will not be localized by default
  • The default changes in this pull request from the previous "enabled implicitly" to "disabled explicitly"
  • by @evantahler via https://github.com/evantahler/actionhero/pull/976

Fixes a bug introduced with v15.1.4 which was improperly detecting client protocols (http vs https) when using the new api.config.servers.web.allowedRequestHosts host restrictions.

ActionHero now allows you to define a collection of host headers which this API server will allow access from. You can set these via api.config.servers.web.allowedRequestHosts. If the Host header of a client does not match one of those listed (protocol counts!), they will be redirected to the first one present.

You can also set process.env.ALLOWED_HOSTS which will be parsed as a comma-separated list of Hosts which will set api.config.servers.web.allowedRequestHosts

By @evantahler via https://github.com/evantahler/actionhero/pull/973

This release contains no fixes over v15.1.2.
We re-published on NPM to ensure that this was the latest version.

This is a backport of https://github.com/evantahler/actionhero/releases/tag/v15.1.2 to ActionHero v12

This is a backport of https://github.com/evantahler/actionhero/releases/tag/v15.1.2 to ActionHero v14

This is a security release which solves the following:

404 Web Request with malicious file name

Previously, the default error responder when a client asked for a static-file which was missing (404) returned the name the of that file

api.config.errors.fileNotFound = function(connection){
  return connection.localize(['That file is not found (%s)', connection.params.file]);
}

This is dangerous because a malicious actor could request a filename with an executable javascript tag and harm the requester. We now will no longer return the file name:

api.config.errors.fileNotFound = function(connection){
  return connection.localize(['That file is not found']);
}

Malicious callback provided when requesting an action via JSONp

When requesting an action via JSONp, it was possible (though unlikely) that the callback string you were providing contained malicious javascript which would harm the requester. We will now sanitize the provided callback in the following way:

function callbackHtmlEscape(str){
  return str
    .replace(/&/g, '&')
    .replace(/"/g, '"')
    .replace(/'/g, ''')
    .replace(/</g, '&lt;')
    .replace(/>/g, '&gt;')
    .replace(/\)/g, '')
    .replace(/\(/g, '');
}

This fix has been backported to:

• ActionHero V14 @ v14.0.12
• ActionHero v13 @ v13.4.5

A huge thank you to @submitteddenied is earned for reporting these issues and working to fix them.

New Website

Check out www.actionherojs.com! We've overhauled our website to be more pleasant to read and the documentation easier to work with. We've also moved back to a plain Jekyll website. We can utilize GitHub's automatic site hosting from within the master branch, and we no longer need a publishing workflow nor do we need a gh-pages branch.

Actions can now use sendFile with buffers.

run: function (api, data, next) {
  const buffer = 'Example of data buffer';
  let bufferStream = new stream.PassThrough();
  bufferStream.end(buffer);
  data.connection.rawConnection.responseHeaders.push(['Content-Disposition', 'attachment; filename=test.csv']);
  api.servers.servers.web.sendFile(data.connection, null, bufferStream, 'text/csv', buffer.length, new Date());
  data.toRender = false;
  next();
}

• by @bluesunrise via https://github.com/evantahler/actionhero/pull/953

Addressing if-modified-since header issue on a 404

• Fixes an issue with the proper header when a public file no longer exists, but the client sends the old modification header.
• by @BigForNothing via https://github.com/evantahler/actionhero/pull/963

File request logging

• Allow direct configuration of logs when serving files via api.config.general.fileRequestLogLevel. We will show both the file on disk and the requested file path from the URL.
• by @evantahler via https://github.com/evantahler/actionhero/pull/965

Defaults

• NODE_ENV=production will allow locale files to be written by default
• Redis Password environment variable is now REDIS_PASSWORD

Misc

• actionhero version will now return the version of ActionHero in use
• actionhero help, actionhero generate and actionhero version can be run when installed globally outside of an ActionHero project directory

Packages

• Node Resque: v4.0.1
• Glob: v7.1.1
• Mocha: v3.1.2

Web Server static file cache and ETAG fixes

A collection of fixes have been included to properly handle ETAG headers and cache priority.

• Ensure that ETAG value is distinct for each file
  • by @S3bb1 via https://github.com/evantahler/actionhero/pull/938
• Fix Cache header return logic and order (ETAG vs expires and last-modified)
  • by @aurasalexander via https://github.com/evantahler/actionhero/pull/950
• Respect accept-encoding priority order as set by request header
  • by @aurasalexander via https://github.com/evantahler/actionhero/pull/949

Node Resuqe v4

Node Resque v4.0.0 removes the use of domains within tasks. This feature of node.js has been deprecated for some time. However, this means now that if your task raises an uncaught exception/rejection, the ActionHero application will not crash, rather than logging an error.

Furthermore, since the application has crashed, the job which caused the crash will not be moved into the error queue within resque.

The behavior for tasks which properly return an error has not changed.

ActionHero Clsuter

• fix no --workerTitlePrefix which was showing NaN title
• by @ericli1018 via https://github.com/evantahler/actionhero/pull/941 and @evantahler (cleanup via https://github.com/evantahler/actionhero/commit/1fdb4aa7387aea245ecc1caeda11f0fc8dfd9363)

Project Internals

ES6 transition.

• The first pass of transitioning the codebase to use new ES6 helper methods was to remove any references to var in favor of const and let, and to use arrow functions to better handle scope (no more self = this)
• ESLINT file updated to allow for ES6 mode
• by @evantahler via https://github.com/evantahler/actionhero/pull/946

Misc Bugs

• Fix the error string when unable to actionhero link properly (@dangerdespain via https://github.com/evantahler/actionhero/pull/942)

Packages

• Coveralls v2.11.13
• Request v2.27.0
• ESLint v3.6.0
• Ioredis v2.4.0
• Node Resque v4.0.0

Fixup scope of api.commands.start()/stop/restart

• You no longer need to apply this to these commands. You can call them directly.
• by @evantahler via https://github.com/evantahler/actionhero/pull/928

(Redis Connections) Provide a different initial backoff for ioredis connections that may be misconfigured or not yet available

Users with a misconfigured ioredis config, or those running Docker containers where the Redis service may not yet be fully started, may see heavy log spam during AH's boot cycle. The default ioredis configuration auto-reconnects every 50ms and can rapidly exhaust a log before an admin sees what's going on.

This change does two things:

1. It provides a staged back-off interval for reconnection attempts up to a maximum, currently set at a low, safe 1 second.
2. It provides a much longer reconnection delay for the FIRST attempt, with a convenience message for the admin:

2016-08-23T15:50:41.378Z - notice: * Starting ActionHero *
>> 2016-08-23T15:50:41.389Z - error: Redis connection `client` error Error: connect ECONNREFUSED 127.0.0.1:6379
>>     at Object.exports._errnoException (util.js:870:11)
>>     at exports._exceptionWithHostPort (util.js:893:20)
>>     at TCPConnectWrap.afterConnect [as oncomplete] (net.js:1063:14)
>> 2016-08-23T15:50:41.390Z - error: Unable to connect to Redis - please check your Redis config!

• by @crrobinson14 via https://github.com/evantahler/actionhero/pull/931

Fix "connected" event on websocket fired too early

When you listen on the "connected" event on the websocket connect and you fire immediately a action over the client lib the "actionWeb" function is used instead of the "actionWebSocket" function because self.state = 'connected'; is set after the "connected" event is emitted. This change corrects this.

• by @S3bb1 via https://github.com/evantahler/actionhero/pull/937

ActionHero Cluster

• show server id in cluster log prefix
• add workerTitlePrefix option to start cluster to modify your child process names (thanks @ericli1018!)

Misc

• Fix some old references in the docs to startCluster (it is startcluster` now)!
• Fix typo (thanks @johnmhenson)

Tasks/Resque

• Scheduler will now log when it has become master
  • by @evantahler via https://github.com/evantahler/actionhero/commit/033ec790ef7f901febe723d02cbbd423f143ca65
• api.tasks.addMiddleware no longer requires a callback. Errors will be thrown directly.
  • by @evantahler via https://github.com/evantahler/actionhero/pull/926

Packages:

• ioredis -> ^2.3.0
• is-running -> ^2.0.1
• uglify-js -> ^2.7.2
• should -> ^11.0.0
• eslint -> ^3.3.1

Docs

• New TaskFlow Graphic
• Link @l0oky's collection of plugins: https://github.com/l0oky/awesome-actionhero

Bugs

• Fix a bug which would crash the server if connection to Redis was lost and then re-connected. By @evantahler via https://github.com/evantahler/actionhero/commit/a83187ac6d47622271141e492b7a06ad931c0210 (solves https://github.com/evantahler/actionhero/issues/917)

Packages

• Mocha updated to version 3.0.2

Task Middleware

• Removes "plugins" from tasks in favor of middleware, matching the rest of the ActionHero system.
• Task middleware is implemented as a thin wrapper around Node Resque plugins and currently exposes the before_perform, after_perform, before_enqueue, and after_enqueue functions of Resque plugins through preProcessor, postProcessor, preEnqueue, and postEnqueue methods. Each middleware requires a name and at least one function. In addition, a middleware can be global, in which case it also requires a priority.
• In the preProcessor, you can access the original task params through this.args[0].
• In the postProcessor, you can access the task result at this.worker.result.
• In the preEnqueue and postEnqueue you can access the task params through this.args[0]. - If you wish to prevent a task from being enqueued using the preEnqueue middleware you must explicitly set the toRun value to false in the callback. Because the task middleware is executed by Resque this is an instance of a Resque Worker and contains a number of other elements which may be useful in a middleware.
• The following example is a simplistic implementation of a task execution timer middleware.

'use strict';

module.exports = {
  loadPriority:  1000,
  initialize: function(api, next){
    api.taskTimer = {
      middleware: {
        name: 'timer',
        global: true,
        priority: 90,
        preProcessor: function(next){
          var worker = this.worker;
          worker.start = process.hrtime();
          next();
        },
        postProcessor: function(next){
          var worker = this.worker;
          var elapsed = process.hrtime(worker.start);
          var seconds = elapsed[0];
          var millis = elapsed[1] / 1000000;
          api.log('Task ' + worker.job.class + ' finished in ' + seconds + ' s and ' + millis + ' ms.', 'info');
          next();
        },
        preEnqueue: function(next){
          var params = this.args[0];
          //Validate params
          next(null, true); //callback is in form cb(error, toRun)
        },
        postEnqueue: function(next){
          api.log("Task successfully enqueued!");
          next();
        }
      }
    };

    api.tasks.addMiddleware(api.taskTimer.middleware, function(error){
      next(error);
    });
  }
};

• by @gcoonrod via https://github.com/evantahler/actionhero/pull/898 and https://github.com/evantahler/actionhero/pull/904

Binary Commands

• This change greatly simplifies/refactors the ActionHero binaries and changes the following commands:

`actionhero generateAction --name=[name]`      -> `actionhero generate action --name=[name]` 
`actionhero generateInitializer --name=[name]` -> `actionhero generate initializer --name=[name]` 
`actionhero generateServer --name=[name]`      -> `actionhero generate server --name=[name]` 
`actionhero generateTask --name=[name]`        -> `actionhero generate task --name=[name]` 

• We now also use the optimist generators/CLI tool to provide more helpful input guidance.
• Binary commands now use normal ActionHero logger options, matching the rest of the project
• When generating an initializer, you can specify priorities on the CLI via --startPriority, --stopPriority and --loadPriority
• Fixes a few edge cases where the ActionHero server would not boot if there were logging errors
• Moves a few of the boot messages to debug status to quiet down ActionHero when starting up.
• Update help file for Binary
• by @evantahler and @l0oky via https://github.com/evantahler/actionhero/pull/913

Packages

• node-resque updated to version 2.1.2 (fixes an error clearing task locks when a job fails due to an uncaughtException)
• async updated to version 2.0.1
• primus updated to version 6.0 (may include some breaking transport changes)