@edirect/mongo 11.0.43 → 11.0.45

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/dist/package.json +21 -4
  2. package/dist/src/aws.d.ts +3 -3
  3. package/dist/src/aws.d.ts.map +1 -1
  4. package/dist/src/aws.js +32 -19
  5. package/dist/src/mongo.providers.d.ts.map +1 -1
  6. package/dist/src/mongo.providers.js +11 -25
  7. package/package.json +2 -2
package/dist/package.json CHANGED
@@ -1,6 +1,7 @@
1
1
  {
2
2
  "name": "@edirect/mongo",
3
- "version": "11.0.43",
3
+ "version": "11.0.45",
4
+ "packageScope": "@edirect",
4
5
  "main": "./dist/src/index.js",
5
6
  "types": "./dist/src/index.d.ts",
6
7
  "exports": {
@@ -17,12 +18,28 @@
17
18
  ],
18
19
  "dependencies": {
19
20
  "@aws-sdk/credential-providers": "^3.975.0",
20
- "@edirect/config": "^11.0.43",
21
+ "@edirect/config": "workspace:*",
21
22
  "@nestjs/common": "^11.1.12",
22
- "aws4": "^1.13.2",
23
23
  "mongodb": "^7.0.0",
24
24
  "mongoose": "^9.1.5",
25
25
  "tslib": "^2.8.1"
26
26
  },
27
+ "nx": {
28
+ "name": "@edirect/mongo",
29
+ "targets": {
30
+ "build": {
31
+ "executor": "@nx/js:tsc",
32
+ "options": {
33
+ "main": "{workspaceRoot}/packages/edirect-mongo/src/index.ts",
34
+ "tsConfig": "{workspaceRoot}/packages/edirect-mongo/tsconfig.lib.json",
35
+ "outputPath": "{workspaceRoot}/packages/edirect-mongo/dist",
36
+ "assets": [
37
+ "{workspaceRoot}/packages/edirect-mongo/package.json",
38
+ "{workspaceRoot}/packages/edirect-mongo/README.md"
39
+ ]
40
+ }
41
+ }
42
+ }
43
+ },
27
44
  "type": "commonjs"
28
- }
45
+ }
package/dist/src/aws.d.ts CHANGED
@@ -1,5 +1,5 @@
1
1
  import { AWSCredentials } from 'mongodb';
2
- export declare const MONGODB_AWS_ROLE_ARN: string | undefined;
3
- export declare const AWS_WEB_IDENTITY_TOKEN_FILE: string | undefined;
4
- export declare function getMongoAwsCredentialProvider(): () => Promise<AWSCredentials>;
2
+ export declare const shouldAssumeRole: string | undefined;
3
+ export declare const generateAwsCredentials: () => Promise<AWSCredentials | undefined>;
4
+ export declare const generateConnectionString: (cnn: string | undefined) => Promise<string>;
5
5
  //# sourceMappingURL=aws.d.ts.map
package/dist/src/aws.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"aws.d.ts","sourceRoot":"","sources":["../../src/aws.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,cAAc,EAAE,MAAM,SAAS,CAAC;AAKzC,eAAO,MAAM,oBAAoB,oBAAmC,CAAC;AACrE,eAAO,MAAM,2BAA2B,oBACC,CAAC;AAI1C,wBAAgB,6BAA6B,IAAI,MAAM,OAAO,CAAC,cAAc,CAAC,CAY7E"}
1
+ {"version":3,"file":"aws.d.ts","sourceRoot":"","sources":["../../src/aws.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,cAAc,EAAE,MAAM,SAAS,CAAC;AAKzC,eAAO,MAAM,gBAAgB,oBACwB,CAAC;AAEtD,eAAO,MAAM,sBAAsB,QAAa,OAAO,CACrD,cAAc,GAAG,SAAS,CAQ3B,CAAC;AAEF,eAAO,MAAM,wBAAwB,GACnC,KAAK,MAAM,GAAG,SAAS,KACtB,OAAO,CAAC,MAAM,CAqBhB,CAAC"}
package/dist/src/aws.js CHANGED
@@ -1,23 +1,36 @@
1
1
  "use strict";
2
2
  Object.defineProperty(exports, "__esModule", { value: true });
3
- exports.AWS_WEB_IDENTITY_TOKEN_FILE = exports.MONGODB_AWS_ROLE_ARN = void 0;
4
- exports.getMongoAwsCredentialProvider = getMongoAwsCredentialProvider;
3
+ exports.generateConnectionString = exports.generateAwsCredentials = exports.shouldAssumeRole = void 0;
5
4
  const credential_providers_1 = require("@aws-sdk/credential-providers");
6
- // Environment variables required for IRSA/EKS role assumption authentication:
7
- // MONGODB_AWS_ROLE_ARN: the AWS IAM Role ARN to assume
8
- // AWS_WEB_IDENTITY_TOKEN_FILE: path to serviceAccount token (set by kubelet when IRSA is enabled)
9
- exports.MONGODB_AWS_ROLE_ARN = process.env.MONGODB_AWS_ROLE_ARN;
10
- exports.AWS_WEB_IDENTITY_TOKEN_FILE = process.env.AWS_WEB_IDENTITY_TOKEN_FILE;
11
- // A dynamic credentials provider for the MongoDB driver that will always fetch fresh AWS credentials (using IRSA+STS)
12
- // ALWAYS use this as the value of AWS_CREDENTIAL_PROVIDER in authMechanismProperties. Never embed static keys/tokens in the URI.
13
- function getMongoAwsCredentialProvider() {
14
- if (!exports.MONGODB_AWS_ROLE_ARN || !exports.AWS_WEB_IDENTITY_TOKEN_FILE) {
15
- throw new Error('[mongo] MONGODB_AWS_ROLE_ARN or AWS_WEB_IDENTITY_TOKEN_FILE are not set. ' +
16
- 'These are required for AWS IAM auth (IRSA, STS assume role), and must be set in the environment!');
5
+ const MONGODB_AWS_ROLE_ARN = process.env.MONGODB_AWS_ROLE_ARN;
6
+ const AWS_WEB_IDENTITY_TOKEN_FILE = process.env.AWS_WEB_IDENTITY_TOKEN_FILE;
7
+ exports.shouldAssumeRole = MONGODB_AWS_ROLE_ARN && AWS_WEB_IDENTITY_TOKEN_FILE;
8
+ const generateAwsCredentials = async () => {
9
+ if (exports.shouldAssumeRole) {
10
+ return (0, credential_providers_1.fromNodeProviderChain)({
11
+ roleArn: MONGODB_AWS_ROLE_ARN,
12
+ });
17
13
  }
18
- // This permanently produces a rotating credentials chain using the specified roleArn, IRSA, and web identity token
19
- const credentialChain = (0, credential_providers_1.fromNodeProviderChain)({
20
- roleArn: exports.MONGODB_AWS_ROLE_ARN,
21
- });
22
- return () => credentialChain();
23
- }
14
+ return (0, credential_providers_1.fromNodeProviderChain)();
15
+ };
16
+ exports.generateAwsCredentials = generateAwsCredentials;
17
+ const generateConnectionString = async (cnn) => {
18
+ if (!cnn) {
19
+ throw new Error('MongoDB connection string is not defined');
20
+ }
21
+ if (exports.shouldAssumeRole) {
22
+ const credentials = await (0, exports.generateAwsCredentials)();
23
+ if (credentials) {
24
+ const url = new URL(cnn);
25
+ url.username = credentials.accessKeyId || '';
26
+ url.password = credentials.secretAccessKey || '';
27
+ if (credentials.sessionToken) {
28
+ url.searchParams.set('authMechanismProperties', `AWS_SESSION_TOKEN:${credentials.sessionToken}`);
29
+ }
30
+ return url.toString();
31
+ }
32
+ throw new Error('Failed to assume role with web identity');
33
+ }
34
+ return cnn;
35
+ };
36
+ exports.generateConnectionString = generateConnectionString;
package/dist/src/mongo.providers.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"mongo.providers.d.ts","sourceRoot":"","sources":["../../src/mongo.providers.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,QAAQ,EAAE,MAAM,gBAAgB,CAAC;AAU1C,eAAO,MAAM,cAAc,EAAE,QAAQ,EA8BpC,CAAC"}
1
+ {"version":3,"file":"mongo.providers.d.ts","sourceRoot":"","sources":["../../src/mongo.providers.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,QAAQ,EAAE,MAAM,gBAAgB,CAAC;AAU1C,eAAO,MAAM,cAAc,EAAE,QAAQ,EAiBpC,CAAC"}
package/dist/src/mongo.providers.js CHANGED
@@ -9,31 +9,17 @@ const mongoUrl = (configService) => configService.get('MONGO_URL') ?? configServ
9
9
  exports.MongoProviders = [
10
10
  {
11
11
  provide: 'MONGO_CONNECTION',
12
- useFactory: async (configService) => {
13
- const connectionString = mongoUrl(configService);
14
- if (!connectionString)
15
- throw new Error('MongoDB connection string is not defined');
16
- const options = {};
17
- // Always use dynamic AWS credential provider for MongoDB-AWS mechanism
18
- if ((connectionString ?? '').includes('MONGODB-AWS')) {
19
- options.authMechanismProperties = {
20
- // This will provide rotating, always-fresh AWS credentials via IRSA
21
- AWS_CREDENTIAL_PROVIDER: (0, aws_1.getMongoAwsCredentialProvider)(),
22
- };
23
- }
24
- // Pool sizing for dev/test only
25
- if (isNotProductionOrLive(configService.get('NODE_ENV'))) {
26
- options.minPoolSize = 0;
27
- options.maxPoolSize = 10;
28
- }
29
- try {
30
- return await (0, mongoose_1.connect)(connectionString, options);
31
- }
32
- catch (err) {
33
- console.error('[mongo] Failed to connect to MongoDB:', err);
34
- throw err;
35
- }
36
- },
12
+ useFactory: async (configService) => (0, mongoose_1.connect)(await (0, aws_1.generateConnectionString)(mongoUrl(configService)), {
13
+ ...(isNotProductionOrLive(configService.get('NODE_ENV')) && {
14
+ minPoolSize: 0,
15
+ maxPoolSize: 10,
16
+ ...((mongoUrl(configService) ?? '').includes('MONGODB-AWS') && {
17
+ authMechanismProperties: {
18
+ AWS_CREDENTIAL_PROVIDER: aws_1.generateAwsCredentials,
19
+ },
20
+ }),
21
+ }),
22
+ }),
37
23
  inject: [config_1.ConfigService],
38
24
  },
39
25
  ];
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@edirect/mongo",
3
- "version": "11.0.43",
3
+ "version": "11.0.45",
4
4
  "packageScope": "@edirect",
5
5
  "main": "./dist/src/index.js",
6
6
  "types": "./dist/src/index.d.ts",
@@ -23,7 +23,7 @@
23
23
  "mongodb": "^7.0.0",
24
24
  "mongoose": "^9.1.5",
25
25
  "tslib": "^2.8.1",
26
- "@edirect/config": "11.0.43"
26
+ "@edirect/config": "11.0.45"
27
27
  },
28
28
  "nx": {
29
29
  "name": "@edirect/mongo",