1.17.0 Breaking Changes

julian

NodeBB no longer supports NodeJS 10 and below!
NodeBB no longer supports Internet Explorer!

POST /login
- The HTTP response code for one type of rejected response has changed
- If the system is configured to allow login via "username only" or "email only", and you attempt to log in with an incorrect login type (i.e. username instead of email, or vice versa), a HTTP 400 will be sent back instead of HTTP 500

<baris>

plugins.fireHook ~~removed~~ deprecated use plugins.hooks.fire instead
plugins.registerHook ~~removed~~ deprecated use plugins.hooks.register instead
plugins.unregisterHook ~~removed~~ deprecated use plugins.hooks.unregister instead
plugins.hasListeners ~~removed~~ deprecated use plugins.hooks.hasListeners instead

https://github.com/NodeBB/NodeBB/commit/d41de481a4743de3e7a83fd9a97df49ffe2554e3

Edit:

Not enough warning was given for this change, and so its removal has been pushed back to v1.18.0

<baris>

https://github.com/NodeBB/NodeBB/commit/2ad0d0d0d8a11b1edb7eb07bc3ee903ecc66d941

julian

Routes using the upload controller will have their response schema changed to match v3 responses (with status and response at root level).

Note: Unfortunately, this means the Write API (being the only plugin utilising this controller outside of core) will contain a breaking change for the /api/v2/util/upload route.

https://github.com/NodeBB/NodeBB/commit/84dfdfe659ce007f67dc7bc84dba3002deee52ea

julian

The filter:admin/header.build hook has been renamed to filter:middleware.renderAdminHeader so as to not be confused with the other dynamically generated template .build() hooks.

The function signature has not changed.

https://github.com/NodeBB/NodeBB/commit/5f9f241e376800689964a8b71518f0bba8df7531

julian

The plugin hook filter:privileges:isUserAllowedTo has been renamed to filter:privileges:isAllowedTo to more properly reflect the fact that it also consumed group names in addition to uids.

The hook function signature has not changed, just the name.

https://github.com/NodeBB/NodeBB/commit/5a775e09dc8911257ded123ec6924abea50e47e2

<baris>

/categories page no longer loads all categories, will be paginated based on ACP setting
/category page no longer loads all subcategories, will load x number of subcategories based on ACP setting per category
/recent, /unread, /popular, /top will no longer loads all categories.
/search page used to load all categories in the variable categories, this has been renamed to allCategories. categories is used for the results returned when categories are searched.

Core changes
https://github.com/NodeBB/NodeBB/pull/9257

Required changes for custom themes
https://github.com/NodeBB/nodebb-theme-persona/pull/516
https://github.com/NodeBB/nodebb-theme-persona/pull/517

Composer
https://github.com/NodeBB/nodebb-plugin-composer-default/pull/146/files
https://github.com/NodeBB/nodebb-plugin-composer-default/commit/fce3679f72d3ba8c0c5e5a9cad4e59fccbc86f2f#diff-e2fb13f86d048149f1777ad8e9905d81cfcbbd9cc7d8e21d1c295e41707e12ab

julian

The action:flags.create hook is no longer called after flag notifications have been delivered to the admins/mods. It is now called after the flag is created (as per the name).

Note that a flag is only created the first time a post or user is flagged. Subsequent flags add a report to the existing flag, which you can listen for with action:flags.addReport. This hook is called on all report additions, including during the initial flag creation.

Where action:flags.create used to be, we now call action:flags.notify and pass in additional properties from, to, and the notification object itself.

https://github.com/NodeBB/NodeBB/commit/00a68a954895b450933e738058b9b8f6c225333a

julian

Authentication middleware is now called on every page and API route. Plugin routes are also affected if they use routeHelpers.setupPageRoute or routeHelpers.setupAPIRoute.

This fixes an issue we had previously where certain routes were treated by NodeBB as being accessed as guest even though a valid Write API token was passed in. Now, every single page and API route in NodeBB can be authenticated via Write API (or suitable third-party authenticator via response:middleware.authenticate)

In short, the changes:

middleware.authenticate has been deprecated
- For routes that attach directly to the router (e.g. router.post(...), replace middleware.authenticate with middleware.authenticateRequest and middleware.ensureLoggedIn in order to retain the same behaviour
- For routes that use setupPageRoute or setupAPIRoute, replace middleware.authenticate with middleware.ensureLoggedIn only.
middleware.authenticateOrGuest has been renamed middleware.authenticateRequest
- Just rename the middleware as necessary

nodebb/nodebb@7da061f0d7c507146d88ce40a381a2f1d443c5b4

<baris>

https://github.com/NodeBB/NodeBB/issues/9364