MongoDB option keys incorrectly identified as invalid

[mtrezza]

New Issue Checklist

• Report security issues confidentially.
• Any contribution is under this license.
• Before posting search existing issues.

Issue Description

#8987 introduced a feature that prevents Parse Server to start when an invalid option is identified. This was to prevent a misconfigured Parse Server to be deployed and potentially be insecure or for example cause damage to data integrity.

This currently incorrectly identifies some nested keys of databaseOptions as invalid keys. Some of the nested keys are directly passed to the MongoDB driver without being validated by Parse Server, as to allow developers to customize the MongoDB driver using its low-level options, for example:

• maxStalenessSeconds
• maxPoolSize

Other nested keys are parsed by Parse Server, for example:

• maxTimeMS

Other nested keys are used for Parse Server's internal configuration and not passed to the MongoDB driver, for example:

• enableSchemaHooks

In short, as long as databaseOptions is a potpourri of key types, its keys cannot be reasonably validated for correctness. There are various possible solutions to this; the easiest ones:

• a) Disable validation for nested keys of databaseOptions; con: disables validation for parts of the Parse Server config.
• b) Add missing keys to config definition so that they are recognized as valid; con: requires regular updates on Parse Server if MongoDB driver introduces new options, even though they may be irrelevant for Parse Server; Parser Server assumes the role of validating MongoDB driver options.
• c) Introduce a dedicated unsafeDriverOptions key whose nested keys are "unsafe", i.e. not validated and passed directly to the DB driver. Con: not practical as the MongoDB driver is a Parse Server dependency that can change at any time and may break "unsafe" driver options set in the Server config.

(b) looks like the correct approach, since the options are set via the Parse Server config and because (c) is too unstable.

Steps to reproduce

Start Parse Server with config:

const config = {
  ...,
  databaseOptions: {
    maxTimeMS: 1000,
    maxStalenessSeconds: 10,
    maxPoolSize: 10,
  }
}

Actual Outcome

Error logged:

error: Invalid Option Keys Found: databaseOptions.maxTimeMS, databaseOptions.maxStalenessSeconds, databaseOptions.maxPoolSize

Expected Outcome

No error logged, as these are all valid keys.

Environment

Server

• Parse Server version: 7.2.0

[parse-github-assistant]

Thanks for opening this issue!

• 🚀 You can help us to fix this issue faster by opening a pull request with a failing test. See our Contribution Guide for how to make a pull request, or read our New Contributor's Guide if this is your first time contributing.

[parseplatformorg]

🎉 This change has been released in version 7.3.0-alpha.2

[parseplatformorg]

🎉 This change has been released in version 7.3.0-beta.1

[parseplatformorg]

🎉 This change has been released in version 7.3.0