This update will grant owner-level access to the user your database with the user ID 1. There is almost certainly no situation in which this user is not your main user, since multi-user access was not officially supported yet.
However, if you have manually added more users to your database, ensure that the first user who was added to your database is your administrator. The two fields to pay attention to are the new is_owner and user_permissions fields in the users table. If you need to copy these values from the user with ID 1 to a different user, do so immediately after starting your Switchblade server after the update, and be sure to reset those values to their defaults on the old user once you have copied them to the correct administrator.
In the future, the is_owner field will be used to apply new permissions to your owner user, so these manual changes will not be necessary.
This version of Switchblade specifies Node v20 and npm v10 in package.json. It should still run on v19, but v19 is no longer under maintenance. Node v20 is now the LTS version.
- Added the ability to get the identity of other users
- Use the new
GET /usersendpoint to list the users on your Switchblade server- This endpoint supports several filters. You can learn more in the README.
- Use the new
GET /users/{userId}endpoint to fetch a different user's identity - Only the owner of the Switchblade server can view this data by default, but other users can be granted access to it.
- Use the new
- Added the ability to add new users
- Use the new
POST /usersendpoint to create users
- Use the new
- Added permissions system for managing what users are allowed to do
- Use the new
PATCH /users/{userId}endpoint to manage a user, including updating their username, password, and permissions. Only the owner of the Switchblade server will have access to these tools by default, but permission to access the tools can be granted to other users. - See what permissions are available using the
GET /endpoint, which now includes a template of all permissions grouped into categories.
- Use the new
- At this time there is no granular control for allowing users to have admin access to specific shortcuts that they don't own. Users can manage shortcuts/versions they created, and users with the appropriate permission can manage all shortcuts or versions.
- Support for more granular control (i.e., allowing the owner of a shortcut to designate a collaborator for that one shortcut so that they can modify it or its versions) is being considered for a future update, but is not guaranteed.
- A new
creatorIdfilter has been added to the relevant endpoints for finding shortcuts and versions created by a specific user - A new
/autocomplete/usersendpoint has been added for getting user-search autocomplete results
- Added user identity API to Postman collection and README
- Added user list API to Postman collection and README
- Added user creation API to Postman collection and README
- Added user modification API to Postman collection and README
- Added permissions template API to Postman collection and README
- Added user autocomplete API to Postman collection and README
- Added
creatorIdparameter to relevant endpoints in Postman collection and README - Updated dependencies
This release is accompanied by the release of the Switchblade SDK, a JavaScript/TypeScript package that makes it easy to interact with Switchblade servers.
Also being launched with this update is Switchblade UI, a front end application for managing your Switchblade server and shortcuts. You can run Switchblade UI anywhere you can run React apps.
Switchblade SDK started its life as part of Switchblade UI before being broken out into a separate package so that anyone can use it!
- Added the ability to perform MFA as a two-step process more in line with how other websites operate
- In version previous versions the MFA code had to be submitted at the same time as the username and password.
- With the new flow, you can submit just the username and password. You will get back a response with a new
mfaRequiredproperty that indicates you should surface the MFA input to your user, along with anmfaTokenthat is used as part of the next step. - Submit the MFA code along with a standard
Authorizationheader using themfaTokenas your bearer token. ThismfaTokenis valid for 45 seconds after creation. - You will get back the standard login response after this second step.
- The old workflow of submitting the MFA code with the username and password is still fully supported
- This new flow can be detected with the
MULTI_STEP_MFAfeature flag.
- Added support for
searchquery parameter onGET /shortcutsendpoint. This field searches the full text of the shortcut name, headline, and description. This can be detected with theSHORTCUT_KEYWORD_SEARCHfeature flag. - Added support for
searchquery parameter onGET /shortcuts/{shortcutId}/historyendpoint. This field searches the full text of the version number, change log, and download URL. This can be detected with theVERSION_KEYWORD_SEARCHfeature flag.
- The root endpoint
GET /now returns an object indicating which newer features (such as the aforementioned multi-step MFA flow) are available on the server. This can be used for feature detection in front end applications.
- Added
mfaEnabledas a property on the user object from theGET /meendpoint - The response during the final step of enabling MFA on a user's account will include new
successboolean to indicate if the operation was successful - The
POST /setupendpoint will now return asuccessboolean along with the message to indicate whether or not the setup was successful
- Fixed an issue with the
statefilters onGET /shortcutsandGET /shortcuts/{shortcutId}/historythat could cause them to return only published items if the filter was left blank - Fixed a bug where Mac and iOS system versions would be written as
0to the database if not included in requests toPOST /shortcuts/{shortcutId}/versionorPATCH /shortcuts/{shortcutId}/version/{versionNumber} - Fixed an issue that could cause a message about a decryption failure to appear if your OTP code had expired.
- Updated README with documentation for new search parameters and MFA flow
- Updated Postman collection with search parameters and support for automatically setting the
mfaTokenin your environment when performing a multi-step MFA flow - Updated dependencies
- Removed unused middleware
- Added missing query parameter docs to Postman collection
- Updated dependencies
- Added everything