Release Explorer
- Current release
- Release - 10/10/2025
- Release - 11/10/2025
- Release - 12/10/2025
- Release - 13/10/2025
- Release - 14/10/2025
- Release - 15/10/2025
- Release - 16/10/2025
- Release - 17/10/2025
- Release - 18/10/2025
- Release - 19/10/2025
- Release - 20/10/2025
- Release - 21/10/2025
- Release - 22/10/2025
- Release - 23/10/2025
- Release - 24/10/2025
- Release - 25/10/2025
- Release - 26/10/2025
- Release - 27/10/2025
- Release - 28/10/2025
- Release - 29/10/2025
- Release - 30/10/2025
- Release - 31/10/2025
- Release - 01/11/2025
- Release - 02/11/2025
- Release - 03/11/2025
- Release - 04/11/2025
- Release - 05/11/2025
- Release - 07/11/2025
- Release - 07/11/2025
- Release - 08/11/2025
- Release - 09/11/2025
- Release - 10/11/2025
- Release - 11/11/2025
- Release - 12/11/2025
Release Notes - Debug Branch Update (ms-nodejs-backend)
Overview
This update introduces a debugging feature to bypass token validation and user permission checks in the authentication flow under specific environment configurations. Additionally, it refines routing for flow-related endpoints and updates dependencies, improving the debugging experience for developers and simplifying access during testing.
New Features
- Added a debug mode that bypasses token validation and simulates a logged-in user with a global admin role when the system is configured with
jwkConfig.ignoreExpiration()enabled and an environment variableORG_IDis set. - Created new API routing for flow management under the simplified path
/flow, secured with permission-based middleware. - Implemented
getFlowsasynchronous method in the flows controller to retrieve flows data for the organization and platform.
Improvements / Changes
- Modified the authentication logic to:
- Log a fatal warning when users log in without OAuth under the debug bypass condition.
- Set
iamObjectwith a test user and organization data to simulate admin-level access. - Commented out permission checks related to user platform ID matching with the provider ID, effectively disabling authorization checks during debug mode.
- Updated flow-related router paths for clarity and ease of access.
- Upgraded the package
@firstmatecloud/package-prismadb-schemesfrom version0.0.14to0.0.18. - Corrected exception throwing syntax in flow existence verification to instantiate the error properly (
throw new ApplicationError(errorCodes.B022)).
Bug Fixes
- No user-facing bug fixes in this update; changes primarily target developer debugging and internal testing flows.
Technical / Developer Notes
- The debug bypass allows developers to test protected routes and workflows without requiring valid OAuth tokens or platform ID checks by setting environment variables (
ORG_ID) and enabling token expiration ignore mode (jwkConfig.ignoreExpiration()). - Permission validation related to platform IDs for users is temporarily disabled by commenting out the relevant error throws; this should be reverted for production deployments to maintain security.
- The logging of a fatal level message on bypass usage ensures visibility for critical audit or debugging alerts.
- Flow API endpoints have been refactored to use a cleaner route structure (
/flow) with associated permission middleware guarding access. - Developers should note the package upgrade and adapt any schema-related interactions accordingly.
Breaking Changes
- Temporary removal (commenting out) of platform ID permission validations disables certain access restrictions, which may affect security assumptions if debug mode is enabled in production environments. Ensure debug flags and environment variables are unset in production.
Acknowledgements
- Thank you to the development team for enhancing debug capabilities, streamlining flow endpoints, and improving error handling consistency.
This update aims to improve developer productivity by enabling safe debug shortcuts and better organized flow management APIs while maintaining clear guards against misuse through environment configurations and permission middlewares.