Releases: pocketbase/js-sdk
v0.23.0 Release
- Added optional
pb.realtime.onDisconnect
hook function.
Note that the realtime client autoreconnect on its own and this hook is useful only for the cases where you want to apply a special behavior on server error or after closing the realtime connection.
v0.22.1 Release
- Fixed old
pb.authStore.isAdmin
/pb.authStore.isAuthRecord
getters and marked them as deprecated in favour ofpb.authStore.isSuperuser
(#323).
Note that with PocketBase v0.23.0 superusers are converted to a system auth collection so you can always simply check the value ofpb.authStore.record?.collectionName
.
v0.22.0 Release
-
Added support for sending batch/transactional create/updated/delete/upsert requests with the new batch Web APIs.
const batch = pb.createBatch(); batch.collection("example1").create({ ... }); batch.collection("example2").update("RECORD_ID", { ... }); batch.collection("example3").delete("RECORD_ID"); batch.collection("example4").upsert({ ... }); const result = await batch.send();
-
Added support for authenticating with OTP (email code):
const result = await pb.collection("users").requestOTP("[email protected]"); // ... show a modal for users to check their email and to enter the received code ... await pb.collection("users").authWithOTP(result.otpId, "EMAIL_CODE");
Note that PocketBase v0.23.0 comes also with Multi-factor authentication (MFA) support.
When enabled from the dashboard, the first auth attempt will result in 401 response and amfaId
response,
that will have to be submitted with the second auth request. For example:try { await pb.collection("users").authWithPassword("[email protected]", "1234567890"); } catch (err) { const mfaId = err.response?.mfaId; if (!mfaId) { throw err; // not mfa -> rethrow } // the user needs to authenticate again with another auth method, for example OTP const result = await pb.collection("users").requestOTP("[email protected]"); // ... show a modal for users to check their email and to enter the received code ... await pb.collection("users").authWithOTP(result.otpId, "EMAIL_CODE", { "mfaId": mfaId }); }
-
Added new
pb.collection("users").impersonate("RECORD_ID")
method for superusers.
It authenticates with the specified record id and returns a new client with the impersonated auth state loaded in a memory store.// authenticate as superusers (with v0.23.0 admins is converted to a special system auth collection "_superusers"): await pb.collection("_superusers").authWithPassword("[email protected]", "1234567890"); // impersonate const impersonateClient = pb.collection("users").impersonate("USER_RECORD_ID", 3600 /* optional token duration in seconds */) // log the impersonate token and user data console.log(impersonateClient.authStore.token); console.log(impersonateClient.authStore.record); // send requests as the impersonated user impersonateClient.collection("example").getFullList();
-
Added new
pb.collections.getScaffolds()
method to retrieve a type indexed map with the collection models (base, auth, view) loaded with their defaults. -
Added new
pb.collections.truncate(idOrName)
to delete all records associated with the specified collection. -
Added the submitted fetch options as 3rd last argument in the
pb.afterSend
hook. -
Instead of replacing the entire
pb.authStore.record
, on auth record update we now only replace the available returned response record data (pocketbase#5638). -
β οΈ Admins are converted to_superusers
auth collection and there is no longerAdminService
andAdminModel
types.
pb.admins
is soft-deprecated and aliased topb.collection("_superusers")
.// before -> after pb.admins.* -> pb.collection("_superusers").*
-
β οΈ pb.authStore.model
is soft-deprecated and superseded bypb.authStore.record
. -
β οΈ Soft-deprecated the OAuth2 success authmeta.avatarUrl
response field in favour ofmeta.avatarURL
for consistency with the Go conventions. -
β οΈ ChangedAuthMethodsList
inerface fields to accomodate the new auth methods andlistAuthMethods()
response.{ "mfa": { "duration": 100, "enabled": true }, "otp": { "duration": 0, "enabled": false }, "password": { "enabled": true, "identityFields": ["email", "username"] }, "oauth2": { "enabled": true, "providers": [{"name": "gitlab", ...}, {"name": "google", ...}] } }
-
β οΈ Require specifying collection id or name when sending test email because the email templates can be changed per collection.// old pb.settings.testEmail(email, "verification") // new pb.settings.testEmail("users", email, "verification")
-
β οΈ Soft-deprecated and aliased*Url()
->*URL()
methods for consistency with other similar native JS APIs and the accepted Go conventions.
The old methods still works but you may get a console warning to replace them because they will be removed in the future.pb.baseUrl -> pb.baseURL pb.buildUrl() -> pb.buildURL() pb.files.getUrl() -> pb.files.getURL() pb.backups.getDownloadUrl() -> pb.backups.getDownloadURL()
-
β οΈ RenamedCollectionModel.schema
toCollectionModel.fields
. -
β οΈ Renamed typeSchemaField
toCollectionField
.
v0.22.0-rc Prerelease
-
Added support for sending batch/transactional create/updated/delete/upsert requests with the new batch Web APIs.
const batch = pb.createBatch(); batch.collection("example1").create({ ... }); batch.collection("example2").update("RECORD_ID", { ... }); batch.collection("example3").delete("RECORD_ID"); batch.collection("example4").upsert({ ... }); const result = await batch.send();
-
Added support for authenticating with OTP (email code):
const result = await pb.collection("users").requestOTP("[email protected]"); // ... show a modal for users to check their email and to enter the received code ... await pb.collection("users").authWithOTP(result.otpId, "EMAIL_CODE");
Note that PocketBase v0.23.0 comes also with Multi-factor authentication (MFA) support.
When enabled from the dashboard, the first auth attempt will result in 401 response and amfaId
response,
that will have to be submitted with the second auth request. For example:try { await pb.collection("users").authWithPassword("[email protected]", "1234567890"); } catch (err) { const mfaId = err.response?.mfaId; if (!mfaId) { throw err; // not mfa -> rethrow } // the user needs to authenticate again with another auth method, for example OTP const result = await pb.collection("users").requestOTP("[email protected]"); // ... show a modal for users to check their email and to enter the received code ... await pb.collection("users").authWithOTP(result.otpId, "EMAIL_CODE", { "mfaId": mfaId }); }
-
Added new
pb.collection("users").impersonate("RECORD_ID")
method for superusers.
It authenticates with the specified record id and returns a new client with the impersonated auth state loaded in a memory store.// authenticate as superusers (with v0.23.0 admins is converted to a special system auth collection "_superusers"): await pb.collection("_superusers").authWithPassword("[email protected]", "1234567890"); // impersonate const impersonateClient = pb.collection("users").impersonate("USER_RECORD_ID", 3600 /* optional token duration in seconds */) // log the impersonate token and user data console.log(impersonateClient.authStore.token); console.log(impersonateClient.authStore.record); // send requests as the impersonated user impersonateClient.collection("example").getFullList();
-
Added new
pb.collections.getScaffolds()
method to retrieve a type indexed map with the collection models (base, auth, view) loaded with their defaults. -
Added new
pb.collections.truncate(idOrName)
to delete all records associated with the specified collection. -
Added the submitted fetch options as 3rd last argument in the
pb.afterSend
hook. -
β οΈ Admins are converted to_superusers
auth collection and there is no longerAdminService
andAdminModel
types.
pb.admins
is soft-deprecated and aliased topb.collection("_superusers")
.// before -> after pb.admins.* -> pb.collection("_superusers").*
-
β οΈ pb.authStore.model
is soft-deprecated and superseded bypb.authStore.record
. -
β οΈ Soft-deprecated the OAuth2 success authmeta.avatarUrl
response field in favour ofmeta.avatarURL
for consistency with the Go conventions. -
β οΈ ChangedAuthMethodsList
inerface fields to accomodate the new auth methods andlistAuthMethods()
response.{ "mfa": { "duration": 100, "enabled": true }, "otp": { "duration": 0, "enabled": false }, "password": { "enabled": true, "identityFields": ["email", "username"] }, "oauth2": { "enabled": true, "providers": [{"name": "gitlab", ...}, {"name": "google", ...}] } }
-
β οΈ Require specifying collection id or name when sending test email because the email templates can be changed per collection.// old pb.settings.testEmail(email, "verification") // new pb.settings.testEmail("users", email, "verification")
-
β οΈ Soft-deprecated and aliased*Url()
->*URL()
methods for consistency with other similar native JS APIs and the accepted Go conventions.
The old methods still works but you may get a console warning to replace them because they will be removed in the future.pb.baseUrl -> pb.baseURL pb.buildUrl() -> pb.buildURL() pb.files.getUrl() -> pb.files.getURL() pb.backups.getDownloadUrl() -> pb.backups.getDownloadURL()
-
β οΈ RenamedCollectionModel.schema
toCollectionModel.fields
. -
β οΈ Renamed typeSchemaField
toCollectionField
.
v0.21.5 Release
- Shallow copy the realtime subscribe
options
argument for consistency with the other methods (#308).
v0.21.4 Release
- Fixed the
requestKey
handling inauthWithOAuth2({...})
to allow manually cancelling the entire OAuth2 pending request flow usingpb.cancelRequest(requestKey)
.
Due to thewindow.close
caveats note that the OAuth2 popup window may still remain open depending on which stage of the OAuth2 flow the cancellation has been invoked.
v0.21.3 Release
- Enforce temporary the
atob
polyfill for ReactNative until Expo 51+ and React Native v0.74+atob
fix get released.
This should fix the recently reported issues withpb.authStore.isValid
always returningfalse
on Android and iOS.
v0.21.2 Release
- Exported
HealthService
types (#289).
v0.21.1 Release
-
Manually update the verified state of the current matching
AuthStore
model on successful "confirm-verification" call. -
Manually clear the current matching
AuthStore
on "confirm-email-change" call because previous tokens are always invalidated. -
Fixed the
fetch
mock tests to check also the sent body param values. -
Formatted the source code with prettier.
v0.21.0 Release
multipart/form-data
body is handled.
-
Properly sent json body with
multipart/form-data
requests.
This should fix the edge cases mentioned in the v0.20.3 release. -
Gracefully handle OAuth2 redirect error with the
authWithOAuth2()
call.