v.1.7.0 (main 1.7.0)
Back End / API Changelog
This changelog only refers to chanegs to the API and back end. If you want to read about changes in the front end, take a look at the front end releases.
API Changes
- Following Endpoints are now no more valid and marked as
DEPRECATED:GET /api/sessionsDELETE /api/sessions/:SESSIONID
Major Changes
- Sessions are now stored on the client side using JWTs instead of session tokens compared against the database. If you want to read more about this and what has changed whith this, read issue #14
- newly generated passwords (for example when creating new accounts or changing a password) are now hashed with argon2id instead of bcrypt, which is way more safe and secure. Old password hashes will be still compared with bcrypt, only new passwords are saved with argon2. [#16]
- user and page requests are now memory-cached on the server side to accelerate requests and minimize database load
- static resources like champion and rune informations are now shipped with proper browser caching headers to reduce server load and speed up the front end experience
Fixes
- Fix a critical bug on querrying users from the MongoDB database which would have led to the ability of logging into other users account on creating a new account because of the new caching methods
- Page share links are now generated from an URL safe character set instead of a default base64 character set [#13]
- Changing the e-mail address now requires the current password as same as all other critical user settings [#15]
Docker Image
# docker pull myrunes/backend:1.7.0