2.4.2 (June 21, 2023)

• HTTP Proxy: Provides now also metrics for total requests, errors and timeouts per target host
• HTTP Proxy: Fixed poolMaxWaitingRequestsPerHost handling if an HTTP interceptor rewrites the target URL

2.4.1 (June 14, 2023)

• Admin UI: The auto refresh of Admin UI pages is now disabled by default; can be enabled via link in the top right corner
• Kubernetes Remote App Registry: If the service port changes also service url should change where the config if obtained from
• MongoDB Storage Provider: Fixed a potential problem in the health probe which could lead to the situation that the server never reaches ready state
• External Redis Messaging Provider: Fixed a bug in the health probe which could lead to the situation that the server never reaches ready state
• Rest Proxy Demo App: Replaced legacy spacexdata.com API

2.4.0 (June 9, 2023)

• Core: Ignore dot folders during initial plugin scan
• Added an external messaging provider plugin that uses Redis PubSub (plugin name: mashroom-messaging-external-provider-redis). This allows it to use Redis for messaging between Mashroom clusters (client-side and server-side) and for communication with 3rd party system. See #35
• Remote Messaging Demo App: Also subscribe to topic global-notifications that allows it to broadcast a message to all users
• Helmet Middleware: Fixed default order to avoid ERR_HTTP_HEADERS_SENT errors
• Core: Added Support for Node.js 20
• Core: BREAKING CHANGE Dropped support for Node.js 14 which reached EOL
• Core: BREAKING CHANGE Renamed the server config property devModePreferredBuildTool to devModeDisableNxSupport which makes more sense, because that was the idea behind the property
• HTTP Proxy: Added new metrics for WebSocket connections:
  • mashroom_http_proxy_ws_connections_active_total
  • mashroom_http_proxy_ws_connections_active
• HTTP Proxy: Added the possibility to limit WebSocket connections through the proxy. New config properties:
  • wsMaxConnectionsTotal (setting this to 0 disables proxying WS connections)
  • wsMaxConnectionsPerHost
• HTTP Proxy: BREAKING_CHANGE Renamed pool metrics
  • mashroom_http_proxy_active_connections_total -> mashroom_http_proxy_http_pool_connections_active_total
  • mashroom_http_proxy_idle_connections_total -> mashroom_http_proxy_http_pool_connections_idle_total
  • mashroom_http_proxy_waiting_requests_total -> mashroom_http_proxy_http_pool_waiting_requests
  • mashroom_https_proxy_active_connections_total -> mashroom_http_proxy_https_pool_connections_active_total
  • mashroom_https_proxy_idle_connections_total -> mashroom_http_proxy_https_pool_connections_idle_total
  • mashroom_https_proxy_waiting_requests_total -> mashroom_http_proxy_https_pool_waiting_requests_total
• HTTP Proxy: Added additional config properties to fine tune the HTTP connection pool:
  • poolMaxTotalSockets
  • poolMaxSocketsPerHost (should be used instead of poolMaxSockets which is now deprecated)
  • poolMaxWaitingRequestsPerHost - limit the number of waiting requests if all connections for a host are already occupied. Helps to avoid the problem that a single unresponsive API/backend can fill up the reverse proxy connection pools and might render the whole server unreachable - see #112
• Add User Headers plugin: Remove all characters not allowed in HTTP headers from the display name
• HTTP Proxy: Added 4 new metrics for active and waiting requests per target URL, see #111
  • mashroom_http_proxy_http_pool_connections_active
  • mashroom_http_proxy_http_pool_waiting_requests
  • mashroom_http_proxy_https_pool_connections_active
  • mashroom_http_proxy_https_pool_waiting_requests
• Metrics Collector: Added the possibility to reset Gauges, this is useful if some label dynamically "disappear" and needs to be removed

2.3.2 (April 14, 2023)

• Core: Added the possibility to set the preferred build tool in the server config (devModePreferredBuildTool). This can be used to enforce npm if you experience troubles with nx.
• Core: Never run npm install in dev mode if a given package is not a root module and part of a mono-repo. Because in that case running npm install might break the lock file; and it is also not possible to detect if running it is necessary, because there could simply be no node_modules folder because of hoisting.

2.3.1 (April 3, 2023)

• Portal: Added a config property versionHashSalt that allows it to generate different resource version hashes per server instance. Can be used to make sure future hashes cannot be predicted or if you want to switch between different server versions on the same domain without polluting the reverse proxy cache.
• Portal: Added to property adminApp to the page render model, so the Admin panel can be removed if no Admin App has been set. Fixes the problem that an empty black panel remained at top in this case.
• Portal: The client side log now determines correctly which App caused an error, even within Composite Apps

2.3.0 (February 10, 2023)

• Portal: Made sure that the session is not touched for resource requests (images, JS, CSS) and the set-cookie header not set. Otherwise, the resources will not be cached by proxy servers.
• Kubernetes Remote App Registry: If the service port changes the App definition gets reloaded with the next scan
• Portal: Hot reload of Apps works now on all sites and when mashroom-vhost-path-mapper is being used
• Kubernetes Remote App Registry: Added a config property unregisterAppsAfterScanErrors to control if Apps should be unregistered if a service cannot be reached anymore
• Remote App Registry: Added a config property unregisterAppsAfterScanErrors to if Apps should be unregistered if an endpoint cannot be reached anymore. This fixes the problem that Apps got unregistered if the endpoint was down during the refresh. Default is -1 which means Apps are never unregistered automatically. A value of 3 would mean that Apps would be unregistered after 3 retries or 3 minutes if the scan interval is 1 minute.
• Remote App Registry: Unregister Apps properly if they disappear from an endpoint with multiple Apps
• Admin Toolbar: If a page gets deleted all subpages are moved up the parent level (until now they just disappeared)
• Admin Toolbar: Doesn't allow to remove the last Site anymore
• Portal: Made sure that all related resources are removed from the storage if a Site or Page is deleted (Permissions, App Instances, ...)
• Portal: Added a method checkLoadedPortalAppsUpdated() to the portalAppService which allows it to check if the Portal Apps loaded in the Browser have been redeployed. This could be used in a (long-running) dynamic cockpit to inform the user that some Apps might not work as expected anymore and a reload of the page would be recommended.
• Sandbox Apps: Shows now the number of loaded resources, the resources size and (if available) the memory usage of the page
• Portal: The App Info shows now also the number of the loaded resources for an App and the decoded size of those resources
• Core: Uses nx for building in dev mode if it is available. This should lead to a much faster startup in dev mode, especially if the distributed cloud cache is used.
• Core: Improved support for ts-node. If Mashroom runs with ts-node all config files can be written in TypeScript. This includes plugin config files. Example server config file mashroom.ts:

  import type {MashroomServerConfig} from '@mashroom/mashroom-json-schemas/type-definitions';
  const serverConfig: MashroomServerConfig = {
      name: 'Mashroom Test Server 7',
      port: 5050,
      // ...
  ];
  export default serverConfig;

• Portal: Disabled caching of Portal App chunks (from code splitting) that do not include a content hash in the file name. Because in that case the Browser would cache the chunk forever even if the content changes. If you use webpack you can add the content hash like this to chunk names:

   output: {
       // ...
       chunkFilename: 'my-app.[contenthash].js',
   }
  

• Portal: Added support for ES6 modules in Apps. It will automatically be turned on if the bootstrap file name ends with .mjs. Checkout the example here: https://github.com/nonblocking/mashroom-plugin-demos/tree/master/packages/mashroom-demo-plain-es6-portal-app That is just a neat tech demo, in the real world you should always use a bundler, because loading dozens of uncompressed small files is very inefficient, and it is also not possible to load libraries from node_modules.
• Portal: Added support for code-splitting in shared libraries. The only precondition is that the name of the chunks needs to be <shared_lib_base_name>.<chunk_name>.js; you would configure that in webpack like this:

    output: {
      path: __dirname + '/dist',
      filename: 'my_shared_library.js',
      chunkFilename: 'my_shared_library.[contenthash].js'
    }
  

• Core: Fixed the type of pluginContext.service.<service_ns>: it can now be undefined because the plugin might not be loaded. This can be a BREAKING CHANGE, and you have to following options to fix TypeScript errors:

   // If the services is added as "required" in the plugin definition
   const requiredService: MashroomSecurityService = pluginContext.services.security!.service;
   // Otherwise
   const optionalService: MashroomSecurityService | unknown = pluginContext.services.security?.service;
  
   // Alternatively extend MashroomServicePluginNamespaces in a type declaration file
   declare module '@mashroom/mashroom/type-definitions' {
       export interface MashroomServicePluginNamespaces {
           security: { service: MashroomSecurityService; } | /* might not be loaded yet */ undefined;
           // Orther service plugins
       }
   }
  

2.2.3 (December 19, 2022)

• Metrics Collector: Replace values in route labels (/my-api/customers/123456 -> /my-api/customers/#val)
• Core: Properly exit after HTTP server shutdown

2.2.2 (December 17, 2022)

• LDAP Security Provider and Simple Security Provider: Fixed the problem that some URL query parameters got lost after login. E.g. an URL like http://localhost:5050/portal/web/test1/sub1?a=1&b=2&c=3 was reduced to http://localhost:5050/portal/web/test1/sub1?a=1 after login.
• Sandbox App: Introduced a query flag sbAutoTest that replaces all code inputs by simple text areas, which makes it possible to fill them with automated test tools
• Core: Fixed shutdown of fs watcher in development mode (hung sometimes)
• Metrics Collector: Reduced the number generated labels for mashroom_http_request_ metrics. This reduces the Prometheus load, because every label generates a new time series
• Prometheus Exporter: Fixed a memory leak when the metrics were obtained via PM2 intercom
• OpenID Connect Security Provider: Fixed the problem that authentication attempts could fail if the IDP redirected back very quickly, but the session was not persisted in the store yet
• Portal: Added the attribute data-mr-app-name to the default App wrapper to simplify end-2-end testing
• Portal: The SSR route of Remote Apps will receive now also the path and the query parameters of the original request The body of the POST request looks like this now:

  export type MashroomPortalAppSSRRemoteRequest = {
     readonly originalRequest: {
      readonly path: string;
      readonly queryParameters: Record<string, any>;
    };
    readonly portalAppSetup: MashroomPortalAppSetup;
  }
  

2.2.1 (November 4, 2022)

• Portal: Fixed the MashroomPortalMessageBusInterceptor signature and behaviour: It should be possible to change the event data by just returning a different value; but if the interceptor function returns nothing the data should stay untouched (was set to undefined before)
• Admin Toolbar: Minor style fixes

2.2.0 (November 4, 2022)

• Portal: Fixed the problem that users were kicked out of the Portal when requests to /api/users/authenticated/authExpiration failed (see issue #99)

• Portal: Added support for server-side rendering of Composite Apps, which use other Portal Apps as their building blocks. It is now possible to define embedded Portal Apps in the SSR bootstrap like so:

   const bootstrap: MashroomPortalAppPluginSSRBootstrapFunction = async (portalAppSetup, req) => {
     // Generate server-side HTML that contains a <div id="unique-host-element-id"></div>
     const html = renderToString(<App/>);
  
     return {
        html,
        embeddedApps: [
           {
               pluginName: 'The other App',
               appConfig: {},
               appAreaId: 'unique-host-element-id',
           }
        ]
     };
   };
  

  In the Composite App make sure you don't call portalAppService.loadApp() for that already integrated App, instead you can get the appId of the server-side embedded App like this to unload/reload it later:

    const ssrPreloadedApp = portalAppService.loadedPortalApps.find(({ pluginName, portalAppAreaId }) => pluginName === 'The other App' && portalAppAreaId === 'unique-host-element-id');
    let appId;
    if (!ssrPreloadedApp) {
     // SSR failed, load client-side
     const result = await portalAppService.loadApp('host-element-id', 'The other App', null, null, {});
     if (!result.error) {
       appId = result.id;
     }
    } else {
       appId = ssrPreloadedApp.id;
    }
  

  Checkout the mashroom-portal-demo-composite-app package for a working example.

  NOTE: You have to make sure the embedded Apps aren't removed by the render framework during hydration, in React you have to add dangerouslySetInnerHTML={{ __html: '' }} to nodes whose children shall be ignored during hydration

• Kubernetes Remote App Registry:

  • Support for multiple Namespace and Service label selectors
  • For duplicate Portal Apps the active one is now more deterministic and depends on the namespace lookup (check the README in the mashroom-portal-remote-app-registry-k8s package)
  • For multiple Portal Apps per service: if one definition is invalid the other ones will be activated nevertheless
  • Support for duplicate service names in different namespaces
  • If a service gets removed all Portal Apps are unregistered immediately (without delay)

• Remote App Registry: For multiple Portal Apps per endpoint, if one definition is invalid the other ones will be activated nevertheless

• Core: Removed the forcefully stopping of the server after 5sec because this may interrupt pending requests. It also makes in impossible to increase the shutdown period via terminationGracePeriodSeconds on Kubernetes

• Prometheus Exporter: Added support for Node.js clusters. It is now possible to use prom-client's AggregatorRegistry to gather the metrics in the master process and also to get the worker metrics within a PM2 cluster. Check out the README in the mashroom-monitoring-prometheus-exporter module for details

• BREAKING CHANGE: Renamed the plugin mashroom-http-proxy-add-id-token to mashroom-http-proxy-add-access-token because access tokens should be used to make API requests on behalf of a user

• Core: Failing ready and health probes log now the causes. This is helpful on Kubernetes when the Admin UI is not available if the ready probe fails

• Added a SolidJS demo Portal App (Microfrontend)

• Portal: BREAKING CHANGE: Themes must set now a CSS variable with the (fontawsome compatible) icon font, like so:

    :root {
       --mashroom-portal-font-icon: 'Font Awesome 6 Free';
    }
  

• Portal: Dropped support for IE11 (and all legacy browsers which don't support ES6)

• Admin Toolbar: Upgrade to CodeMirror 6 with autocomplete support in the CSS editor

• Admin Toolbar: Cleanup the DOM properly after a drag ends