Skip to content

v0.22.0 Release

Compare
Choose a tag to compare
@ganigeorgiev ganigeorgiev released this 24 Nov 14:45
· 11 commits to master since this release

⚠️ This release introduces some breaking changes and works only with PocketBase v0.23.0+.

  • Added support for sending batch/transactional create/updated/delete/upsert requests with the new batch Web APIs.

    const batch = pb.createBatch();
    
    batch.collection("example1").create({ ... });
    batch.collection("example2").update("RECORD_ID", { ... });
    batch.collection("example3").delete("RECORD_ID");
    batch.collection("example4").upsert({ ... });
    
    const result = await batch.send();
  • Added support for authenticating with OTP (email code):

    const result = await pb.collection("users").requestOTP("[email protected]");
    
    // ... show a modal for users to check their email and to enter the received code ...
    
    await pb.collection("users").authWithOTP(result.otpId, "EMAIL_CODE");

    Note that PocketBase v0.23.0 comes also with Multi-factor authentication (MFA) support.
    When enabled from the dashboard, the first auth attempt will result in 401 response and a mfaId response,
    that will have to be submitted with the second auth request. For example:

    try {
      await pb.collection("users").authWithPassword("[email protected]", "1234567890");
    } catch (err) {
      const mfaId = err.response?.mfaId;
      if (!mfaId) {
        throw err; // not mfa -> rethrow
      }
    
      // the user needs to authenticate again with another auth method, for example OTP
      const result = await pb.collection("users").requestOTP("[email protected]");
      // ... show a modal for users to check their email and to enter the received code ...
      await pb.collection("users").authWithOTP(result.otpId, "EMAIL_CODE", { "mfaId": mfaId });
    }
  • Added new pb.collection("users").impersonate("RECORD_ID") method for superusers.
    It authenticates with the specified record id and returns a new client with the impersonated auth state loaded in a memory store.

    // authenticate as superusers (with v0.23.0 admins is converted to a special system auth collection "_superusers"):
    await pb.collection("_superusers").authWithPassword("[email protected]", "1234567890");
    
    // impersonate
    const impersonateClient = pb.collection("users").impersonate("USER_RECORD_ID", 3600 /* optional token duration in seconds */)
    
    // log the impersonate token and user data
    console.log(impersonateClient.authStore.token);
    console.log(impersonateClient.authStore.record);
    
    // send requests as the impersonated user
    impersonateClient.collection("example").getFullList();
  • Added new pb.collections.getScaffolds() method to retrieve a type indexed map with the collection models (base, auth, view) loaded with their defaults.

  • Added new pb.collections.truncate(idOrName) to delete all records associated with the specified collection.

  • Added the submitted fetch options as 3rd last argument in the pb.afterSend hook.

  • Instead of replacing the entire pb.authStore.record, on auth record update we now only replace the available returned response record data (pocketbase#5638).

  • ⚠️ Admins are converted to _superusers auth collection and there is no longer AdminService and AdminModel types.
    pb.admins is soft-deprecated and aliased to pb.collection("_superusers").

    // before   ->  after
    pb.admins.* ->  pb.collection("_superusers").*
  • ⚠️ pb.authStore.model is soft-deprecated and superseded by pb.authStore.record.

  • ⚠️ Soft-deprecated the OAuth2 success auth meta.avatarUrl response field in favour of meta.avatarURL for consistency with the Go conventions.

  • ⚠️ Changed AuthMethodsList inerface fields to accomodate the new auth methods and listAuthMethods() response.

    {
      "mfa": {
        "duration": 100,
        "enabled": true
      },
      "otp": {
        "duration": 0,
        "enabled": false
      },
      "password": {
        "enabled": true,
        "identityFields": ["email", "username"]
      },
      "oauth2": {
        "enabled": true,
        "providers": [{"name": "gitlab", ...}, {"name": "google", ...}]
      }
    }
    
  • ⚠️ Require specifying collection id or name when sending test email because the email templates can be changed per collection.

    // old
    pb.settings.testEmail(email, "verification")
    
    // new
    pb.settings.testEmail("users", email, "verification")
  • ⚠️ Soft-deprecated and aliased *Url() -> *URL() methods for consistency with other similar native JS APIs and the accepted Go conventions.
    The old methods still works but you may get a console warning to replace them because they will be removed in the future.

    pb.baseUrl                  -> pb.baseURL
    pb.buildUrl()               -> pb.buildURL()
    pb.files.getUrl()           -> pb.files.getURL()
    pb.backups.getDownloadUrl() -> pb.backups.getDownloadURL()
  • ⚠️ Renamed CollectionModel.schema to CollectionModel.fields.

  • ⚠️ Renamed type SchemaField to CollectionField.