@flowerforce/flowerbase 1.7.6-beta.0 → 1.7.6-beta.2

package/dist/monitoring/plugin.js

@@ -15,6 +15,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
 const websocket_1 = __importDefault(require("@fastify/websocket"));
 const fastify_plugin_1 = __importDefault(require("fastify-plugin"));
 require("@fastify/websocket");
+const fs_1 = __importDefault(require("fs"));
 const constants_1 = require("../constants");
 const state_1 = require("../state");
 const collections_1 = require("./routes/collections");
@@ -289,6 +290,36 @@ const createMonitoringPlugin = (0, fastify_plugin_1.default)((app_1, ...args_1)
             reply.type('application/javascript').send(js);
         }));
     });
+    const resolveCodeMirrorAsset = (internalPath) => {
+        try {
+            return require.resolve(`codemirror/${internalPath}`);
+        }
+        catch (_a) {
+            return '';
+        }
+    };
+    const codemirrorAssets = {
+        'codemirror.js': resolveCodeMirrorAsset('lib/codemirror.js'),
+        'codemirror.css': resolveCodeMirrorAsset('lib/codemirror.css'),
+        'javascript.js': resolveCodeMirrorAsset('mode/javascript/javascript.js'),
+        'foldcode.js': resolveCodeMirrorAsset('addon/fold/foldcode.js'),
+        'foldgutter.js': resolveCodeMirrorAsset('addon/fold/foldgutter.js'),
+        'brace-fold.js': resolveCodeMirrorAsset('addon/fold/brace-fold.js'),
+        'comment-fold.js': resolveCodeMirrorAsset('addon/fold/comment-fold.js'),
+        'foldgutter.css': resolveCodeMirrorAsset('addon/fold/foldgutter.css')
+    };
+    Object.entries(codemirrorAssets).forEach(([assetName, relativePath]) => {
+        app.get(`${prefix}/vendor/codemirror/${assetName}`, (_req, reply) => __awaiter(void 0, void 0, void 0, function* () {
+            const assetPath = relativePath || '';
+            if (!assetPath || !fs_1.default.existsSync(assetPath)) {
+                reply.code(404).send(`${assetName} not found`);
+                return;
+            }
+            const asset = fs_1.default.readFileSync(assetPath, 'utf8');
+            reply.header('Cache-Control', 'no-store');
+            reply.type(assetName.endsWith('.css') ? 'text/css' : 'application/javascript').send(asset);
+        }));
+    });
     app.get(`${prefix}/ws`, { websocket: true }, (connection) => {
         var _a;
         const socket = (_a = connection.socket) !== null && _a !== void 0 ? _a : connection;

package/dist/services/mongodb-atlas/index.d.ts

@@ -1,4 +1,7 @@
+import { Document } from 'mongodb';
 import { MongodbAtlasFunction } from './model';
+export declare const toWatchMatchFilter: (value: unknown) => unknown;
+export declare const watchPipelineRequestsDelete: (pipeline: Document[]) => boolean;
 declare const MongodbAtlas: MongodbAtlasFunction;
 export default MongodbAtlas;
 //# sourceMappingURL=index.d.ts.map

package/dist/services/mongodb-atlas/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/services/mongodb-atlas/index.ts"],"names":[],"mappings":"AAwBA,OAAO,EAGL,oBAAoB,EAErB,MAAM,SAAS,CAAA;AAm0ChB,QAAA,MAAM,YAAY,EAAE,oBA6BlB,CAAA;AAEF,eAAe,YAAY,CAAA"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/services/mongodb-atlas/index.ts"],"names":[],"mappings":"AAKA,OAAO,EAIL,QAAQ,EAQT,MAAM,SAAS,CAAA;AAOhB,OAAO,EAGL,oBAAoB,EAErB,MAAM,SAAS,CAAA;AAgJhB,eAAO,MAAM,kBAAkB,GAAI,OAAO,OAAO,KAAG,OA0BnD,CAAA;AA4BD,eAAO,MAAM,2BAA2B,GAAI,UAAU,QAAQ,EAAE,YAK5D,CAAA;AAgtCJ,QAAA,MAAM,YAAY,EAAE,oBAwBlB,CAAA;AAEF,eAAe,YAAY,CAAA"}

package/dist/services/mongodb-atlas/index.js

@@ -23,6 +23,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
+exports.watchPipelineRequestsDelete = exports.toWatchMatchFilter = void 0;
 const cloneDeep_1 = __importDefault(require("lodash/cloneDeep"));
 const get_1 = __importDefault(require("lodash/get"));
 const isEqual_1 = __importDefault(require("lodash/isEqual"));
@@ -32,6 +33,7 @@ const utils_1 = require("../../monitoring/utils");
 const machines_1 = require("../../utils/roles/machines");
 const utils_2 = require("../../utils/roles/machines/utils");
 const monitoring_1 = require("../monitoring");
+const constants_1 = require("../../constants");
 const model_1 = require("./model");
 const utils_3 = require("./utils");
 //TODO aggiungere no-sql inject security
@@ -71,6 +73,12 @@ const findOptionKeys = new Set([
     'projection'
 ]);
 const isPlainObject = (value) => !!value && typeof value === 'object' && !Array.isArray(value);
+const isTraversablePlainObject = (value) => {
+    if (!isPlainObject(value))
+        return false;
+    const prototype = Object.getPrototypeOf(value);
+    return prototype === Object.prototype || prototype === null;
+};
 const looksLikeFindOptions = (value) => {
     if (!isPlainObject(value))
         return false;
@@ -113,21 +121,81 @@ const normalizeFindOneAndUpdateOptions = (options) => {
     return Object.assign(Object.assign({}, rest), { returnDocument: returnNewDocument ? 'after' : 'before' });
 };
 const buildAndQuery = (clauses) => clauses.length ? { $and: clauses } : {};
+const watchChangeEventRootKeys = new Set([
+    '_id',
+    'operationType',
+    'clusterTime',
+    'txnNumber',
+    'lsid',
+    'ns',
+    'documentKey',
+    'fullDocument',
+    'updateDescription'
+]);
+const isWatchChangeEventPath = (key) => {
+    if (watchChangeEventRootKeys.has(key))
+        return true;
+    return (key.startsWith('ns.') ||
+        key.startsWith('documentKey.') ||
+        key.startsWith('fullDocument.') ||
+        key.startsWith('updateDescription.'));
+};
+const isWatchOpaqueChangeEventObjectKey = (key) => key === 'ns' || key === 'documentKey' || key === 'fullDocument' || key === 'updateDescription';
 const toWatchMatchFilter = (value) => {
     if (Array.isArray(value)) {
-        return value.map((item) => toWatchMatchFilter(item));
+        return value.map((item) => (0, exports.toWatchMatchFilter)(item));
     }
-    if (!isPlainObject(value))
+    if (!isTraversablePlainObject(value))
         return value;
     return Object.entries(value).reduce((acc, [key, current]) => {
         if (key.startsWith('$')) {
-            acc[key] = toWatchMatchFilter(current);
+            acc[key] = (0, exports.toWatchMatchFilter)(current);
             return acc;
         }
-        acc[`fullDocument.${key}`] = toWatchMatchFilter(current);
+        if (isWatchOpaqueChangeEventObjectKey(key)) {
+            acc[key] = current;
+            return acc;
+        }
+        if (isWatchChangeEventPath(key)) {
+            acc[key] = (0, exports.toWatchMatchFilter)(current);
+            return acc;
+        }
+        acc[`fullDocument.${key}`] = (0, exports.toWatchMatchFilter)(current);
         return acc;
     }, {});
 };
+exports.toWatchMatchFilter = toWatchMatchFilter;
+const isDeleteOperationValue = (value) => {
+    if (typeof value === 'string')
+        return value.toLowerCase() === 'delete';
+    if (isPlainObject(value) && Array.isArray(value.$in)) {
+        return value.$in.some((entry) => isDeleteOperationValue(entry));
+    }
+    if (Array.isArray(value)) {
+        return value.some((entry) => isDeleteOperationValue(entry));
+    }
+    return false;
+};
+const hasDeleteOperationType = (value) => {
+    if (Array.isArray(value)) {
+        return value.some((entry) => hasDeleteOperationType(entry));
+    }
+    if (!isTraversablePlainObject(value))
+        return false;
+    return Object.entries(value).some(([key, current]) => {
+        if (key === 'operationType') {
+            return isDeleteOperationValue(current);
+        }
+        return hasDeleteOperationType(current);
+    });
+};
+const watchPipelineRequestsDelete = (pipeline) => pipeline.some((stage) => {
+    if (!isTraversablePlainObject(stage))
+        return false;
+    const match = stage.$match;
+    return hasDeleteOperationType(match);
+});
+exports.watchPipelineRequestsDelete = watchPipelineRequestsDelete;
 const resolveWatchArgs = (pipelineOrOptions, options) => {
     var _a;
     const inputPipeline = Array.isArray(pipelineOrOptions) ? pipelineOrOptions : [];
@@ -142,7 +210,7 @@ const resolveWatchArgs = (pipelineOrOptions, options) => {
     const _b = rawOptions, { filter: watchFilter, ids } = _b, watchOptions = __rest(_b, ["filter", "ids"]);
     const extraMatches = [];
     if (typeof watchFilter !== 'undefined') {
-        extraMatches.push({ $match: toWatchMatchFilter(watchFilter) });
+        extraMatches.push({ $match: (0, exports.toWatchMatchFilter)(watchFilter) });
     }
     if (Array.isArray(ids)) {
         extraMatches.push({
@@ -333,8 +401,9 @@ const areUpdatedFieldsAllowed = (filtered, updated, updatedPaths) => {
         return (0, isEqual_1.default)(filtered, updated);
     return updatedPaths.every((path) => (0, isEqual_1.default)((0, get_1.default)(filtered, path), (0, get_1.default)(updated, path)));
 };
-const getOperators = (collection, { rules, collName, user, run_as_system, monitoringOrigin }) => {
+const getOperators = (mongo, { rules, dbName, collName, user, run_as_system, monitoringOrigin }) => {
     var _a, _b;
+    const collection = mongo.client.db(dbName).collection(collName);
     const normalizedRules = rules !== null && rules !== void 0 ? rules : {};
     const collectionRules = normalizedRules[collName];
     const filters = (_a = collectionRules === null || collectionRules === void 0 ? void 0 : collectionRules.filters) !== null && _a !== void 0 ? _a : [];
@@ -852,22 +921,34 @@ const getOperators = (collection, { rules, collName, user, run_as_system, monito
          * This allows fine-grained control over what change events a user can observe, based on roles and filters.
          */
         watch: (pipelineOrOptions = [], options) => {
+            const changestreamCollection = mongo[constants_1.CHANGESTREAM].client.db(dbName).collection(collName);
             try {
                 const { pipeline, options: watchOptions, extraMatches } = resolveWatchArgs(pipelineOrOptions, options);
                 if (!run_as_system) {
                     (0, utils_3.checkDenyOperation)(normalizedRules, collection.collectionName, model_1.CRUD_OPERATIONS.READ);
                     // Apply access filters to initial change stream pipeline
                     const formattedQuery = (0, utils_3.getFormattedQuery)(filters, {}, user);
-                    const watchFormattedQuery = formattedQuery.map((condition) => toWatchMatchFilter(condition));
+                    const watchFormattedQuery = formattedQuery.map((condition) => (0, exports.toWatchMatchFilter)(condition));
+                    const requestedPipeline = [...extraMatches, ...pipeline];
+                    const allowDeleteBypass = (0, exports.watchPipelineRequestsDelete)(requestedPipeline);
                     const firstStep = watchFormattedQuery.length
                         ? {
-                            $match: {
-                                $and: watchFormattedQuery
-                            }
+                            $match: allowDeleteBypass
+                                ? {
+                                    $or: [
+                                        {
+                                            $and: watchFormattedQuery
+                                        },
+                                        { operationType: 'delete' }
+                                    ]
+                                }
+                                : {
+                                    $and: watchFormattedQuery
+                                }
                         }
                         : undefined;
-                    const formattedPipeline = [firstStep, ...extraMatches, ...pipeline].filter(Boolean);
-                    const result = collection.watch(formattedPipeline, watchOptions);
+                    const formattedPipeline = [firstStep, ...requestedPipeline].filter(Boolean);
+                    const result = changestreamCollection.watch(formattedPipeline, watchOptions);
                     const originalOn = result.on.bind(result);
                     /**
                      * Validates a change event against the user's roles.
@@ -917,7 +998,7 @@ const getOperators = (collection, { rules, collName, user, run_as_system, monito
                     return result;
                 }
                 // System mode: no filtering applied
-                const result = collection.watch([...extraMatches, ...pipeline], watchOptions);
+                const result = changestreamCollection.watch([...extraMatches, ...pipeline], watchOptions);
                 emitMongoEvent('watch');
                 return result;
             }
@@ -1138,11 +1219,10 @@ const MongodbAtlas = (app, { rules, user, run_as_system, monitoring } = {}) => (
     db: (dbName) => {
         return {
             collection: (collName) => {
-                const mongoClient = app.mongo.client;
-                const collection = mongoClient.db(dbName).collection(collName);
-                return getOperators(collection, {
-                    rules,
+                return getOperators(app.mongo, {
+                    dbName,
                     collName,
+                    rules,
                     user,
                     run_as_system,
                     monitoringOrigin: monitoring === null || monitoring === void 0 ? void 0 : monitoring.invokedFrom

package/dist/services/mongodb-atlas/model.d.ts

@@ -22,10 +22,11 @@ export type GetValidRuleParams<T extends Role | Filter> = {
     record?: WithId<Document> | Document | null;
 };
 type Method<T extends keyof Collection<Document>> = Collection<Document>[T];
-export type GetOperatorsFunction = (collection: Collection<Document>, { rules, collName, user, run_as_system, monitoringOrigin }: {
+export type GetOperatorsFunction = (mongoInstance: FastifyInstance["mongo"], { rules, dbName, collName, user, run_as_system, monitoringOrigin }: {
     user?: User;
     rules?: Rules;
     run_as_system?: boolean;
+    dbName: string;
     collName: string;
     monitoringOrigin?: string;
 }) => {

package/dist/services/mongodb-atlas/model.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"model.d.ts","sourceRoot":"","sources":["../../../src/services/mongodb-atlas/model.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,SAAS,CAAA;AACzC,OAAO,EACL,aAAa,EACb,oBAAoB,EACpB,UAAU,EACV,QAAQ,EACR,UAAU,EACV,uBAAuB,EACvB,cAAc,EACd,WAAW,EACX,MAAM,IAAI,WAAW,EACrB,YAAY,EACZ,MAAM,EACP,MAAM,SAAS,CAAA;AAChB,OAAO,EAAE,IAAI,EAAE,MAAM,iBAAiB,CAAA;AACtC,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,gCAAgC,CAAA;AAC9D,OAAO,EAAE,IAAI,EAAE,MAAM,6BAA6B,CAAA;AAElD,MAAM,MAAM,oBAAoB,GAAG,CACjC,GAAG,EAAE,eAAe,EACpB,EACE,KAAK,EACL,IAAI,EACJ,aAAa,EACb,UAAU,EACX,EAAE;IACD,IAAI,CAAC,EAAE,IAAI,CAAA;IACX,KAAK,CAAC,EAAE,KAAK,CAAA;IACb,aAAa,CAAC,EAAE,OAAO,CAAA;IACvB,UAAU,CAAC,EAAE;QAAE,WAAW,CAAC,EAAE,MAAM,CAAA;KAAE,CAAA;CACtC,KACE;IACH,EAAE,EAAE,CAAC,MAAM,EAAE,MAAM,KAAK;QACtB,UAAU,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,UAAU,CAAC,oBAAoB,CAAC,CAAA;KACnE,CAAA;IACD,YAAY,EAAE,CAAC,OAAO,CAAC,EAAE,oBAAoB,KAAK,aAAa,CAAA;CAChE,CAAA;AAED,MAAM,MAAM,kBAAkB,CAAC,CAAC,SAAS,IAAI,GAAG,MAAM,IAAI;IACxD,OAAO,EAAE,CAAC,EAAE,CAAA;IACZ,IAAI,EAAE,IAAI,CAAA;IACV,MAAM,CAAC,EAAE,MAAM,CAAC,QAAQ,CAAC,GAAG,QAAQ,GAAG,IAAI,CAAA;CAC5C,CAAA;AACD,KAAK,MAAM,CAAC,CAAC,SAAS,MAAM,UAAU,CAAC,QAAQ,CAAC,IAAI,UAAU,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAA;AAE3E,MAAM,MAAM,oBAAoB,GAAG,CACjC,UAAU,EAAE,UAAU,CAAC,QAAQ,CAAC,EAChC,EACE,KAAK,EACL,QAAQ,EACR,IAAI,EACJ,aAAa,EACb,gBAAgB,EACjB,EAAE;IACD,IAAI,CAAC,EAAE,IAAI,CAAA;IACX,KAAK,CAAC,EAAE,KAAK,CAAA;IACb,aAAa,CAAC,EAAE,OAAO,CAAA;IACvB,QAAQ,EAAE,MAAM,CAAA;IAChB,gBAAgB,CAAC,EAAE,MAAM,CAAA;CAC1B,KACE;IACH,gBAAgB,EAAE,CAChB,MAAM,EAAE,WAAW,CAAC,QAAQ,CAAC,EAC7B,MAAM,EAAE,YAAY,CAAC,QAAQ,CAAC,GAAG,QAAQ,EAAE,EAC3C,OAAO,CAAC,EAAE,sCAAsC,KAC7C,OAAO,CAAC,QAAQ,GAAG,IAAI,CAAC,CAAA;IAC7B,OAAO,EAAE,CACP,MAAM,CAAC,EAAE,WAAW,CAAC,QAAQ,CAAC,EAC9B,UAAU,CAAC,EAAE,QAAQ,EACrB,OAAO,CAAC,EAAE,cAAc,KACrB,UAAU,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAA;IAClC,SAAS,EAAE,CAAC,GAAG,MAAM,EAAE,UAAU,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,KAAK,UAAU,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,CAAA;IAC1F,SAAS,EAAE,CACT,GAAG,MAAM,EAAE,UAAU,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,KACvC,UAAU,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,CAAA;IACpC,SAAS,EAAE,CACT,GAAG,MAAM,EAAE,UAAU,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,KACvC,UAAU,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,CAAA;IACpC,IAAI,EAAE,CACJ,MAAM,CAAC,EAAE,WAAW,CAAC,QAAQ,CAAC,EAC9B,UAAU,CAAC,EAAE,QAAQ,EACrB,OAAO,CAAC,EAAE,WAAW,KAClB,UAAU,CAAA;IACf,KAAK,EAAE,CACL,GAAG,MAAM,EAAE,UAAU,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC,KAC5C,UAAU,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC,CAAA;IACzC,cAAc,EAAE,CACd,GAAG,MAAM,EAAE,UAAU,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC,KAC5C,UAAU,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC,CAAA;IACzC,KAAK,EAAE,CAAC,GAAG,MAAM,EAAE,UAAU,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,KAAK,UAAU,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAA;IAC9E,SAAS,EAAE,CACT,GAAG,MAAM,EAAE,CAAC,GAAG,UAAU,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,EAAE,QAAQ,EAAE,OAAO,CAAC,KAC/D,UAAU,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,CAAA;IACpC,UAAU,EAAE,CACV,GAAG,MAAM,EAAE,UAAU,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,KACxC,UAAU,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,CAAA;IACrC,UAAU,EAAE,CACV,GAAG,MAAM,EAAE,UAAU,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,KACxC,UAAU,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,CAAA;IACrC,UAAU,EAAE,CACV,GAAG,MAAM,EAAE,UAAU,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,KACxC,UAAU,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,CAAA;CACtC,CAAA;AAED,MAAM,MAAM,sCAAsC,GAAG,uBAAuB,GAAG;IAC7E,iBAAiB,CAAC,EAAE,OAAO,CAAA;CAC5B,CAAA;AAGD,oBAAY,eAAe;IACzB,MAAM,WAAW;IACjB,IAAI,SAAS;IACb,MAAM,WAAW;IACjB,MAAM,WAAW;CAElB"}
+{"version":3,"file":"model.d.ts","sourceRoot":"","sources":["../../../src/services/mongodb-atlas/model.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,SAAS,CAAA;AACzC,OAAO,EACL,aAAa,EACb,oBAAoB,EACpB,UAAU,EACV,QAAQ,EACR,UAAU,EACV,uBAAuB,EACvB,cAAc,EACd,WAAW,EACX,MAAM,IAAI,WAAW,EACrB,YAAY,EACZ,MAAM,EACP,MAAM,SAAS,CAAA;AAChB,OAAO,EAAE,IAAI,EAAE,MAAM,iBAAiB,CAAA;AACtC,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,gCAAgC,CAAA;AAC9D,OAAO,EAAE,IAAI,EAAE,MAAM,6BAA6B,CAAA;AAElD,MAAM,MAAM,oBAAoB,GAAG,CACjC,GAAG,EAAE,eAAe,EACpB,EACE,KAAK,EACL,IAAI,EACJ,aAAa,EACb,UAAU,EACX,EAAE;IACD,IAAI,CAAC,EAAE,IAAI,CAAA;IACX,KAAK,CAAC,EAAE,KAAK,CAAA;IACb,aAAa,CAAC,EAAE,OAAO,CAAA;IACvB,UAAU,CAAC,EAAE;QAAE,WAAW,CAAC,EAAE,MAAM,CAAA;KAAE,CAAA;CACtC,KACE;IACH,EAAE,EAAE,CAAC,MAAM,EAAE,MAAM,KAAK;QACtB,UAAU,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,UAAU,CAAC,oBAAoB,CAAC,CAAA;KACnE,CAAA;IACD,YAAY,EAAE,CAAC,OAAO,CAAC,EAAE,oBAAoB,KAAK,aAAa,CAAA;CAChE,CAAA;AAED,MAAM,MAAM,kBAAkB,CAAC,CAAC,SAAS,IAAI,GAAG,MAAM,IAAI;IACxD,OAAO,EAAE,CAAC,EAAE,CAAA;IACZ,IAAI,EAAE,IAAI,CAAA;IACV,MAAM,CAAC,EAAE,MAAM,CAAC,QAAQ,CAAC,GAAG,QAAQ,GAAG,IAAI,CAAA;CAC5C,CAAA;AACD,KAAK,MAAM,CAAC,CAAC,SAAS,MAAM,UAAU,CAAC,QAAQ,CAAC,IAAI,UAAU,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAA;AAE3E,MAAM,MAAM,oBAAoB,GAAG,CACjC,aAAa,EAAE,eAAe,CAAC,OAAO,CAAC,EACvC,EACE,KAAK,EACL,MAAM,EACN,QAAQ,EACR,IAAI,EACJ,aAAa,EACb,gBAAgB,EACjB,EAAE;IACD,IAAI,CAAC,EAAE,IAAI,CAAA;IACX,KAAK,CAAC,EAAE,KAAK,CAAA;IACb,aAAa,CAAC,EAAE,OAAO,CAAA;IACvB,MAAM,EAAE,MAAM,CAAA;IACd,QAAQ,EAAE,MAAM,CAAA;IAChB,gBAAgB,CAAC,EAAE,MAAM,CAAA;CAC1B,KACE;IACH,gBAAgB,EAAE,CAChB,MAAM,EAAE,WAAW,CAAC,QAAQ,CAAC,EAC7B,MAAM,EAAE,YAAY,CAAC,QAAQ,CAAC,GAAG,QAAQ,EAAE,EAC3C,OAAO,CAAC,EAAE,sCAAsC,KAC7C,OAAO,CAAC,QAAQ,GAAG,IAAI,CAAC,CAAA;IAC7B,OAAO,EAAE,CACP,MAAM,CAAC,EAAE,WAAW,CAAC,QAAQ,CAAC,EAC9B,UAAU,CAAC,EAAE,QAAQ,EACrB,OAAO,CAAC,EAAE,cAAc,KACrB,UAAU,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAA;IAClC,SAAS,EAAE,CAAC,GAAG,MAAM,EAAE,UAAU,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,KAAK,UAAU,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,CAAA;IAC1F,SAAS,EAAE,CACT,GAAG,MAAM,EAAE,UAAU,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,KACvC,UAAU,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,CAAA;IACpC,SAAS,EAAE,CACT,GAAG,MAAM,EAAE,UAAU,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,KACvC,UAAU,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,CAAA;IACpC,IAAI,EAAE,CACJ,MAAM,CAAC,EAAE,WAAW,CAAC,QAAQ,CAAC,EAC9B,UAAU,CAAC,EAAE,QAAQ,EACrB,OAAO,CAAC,EAAE,WAAW,KAClB,UAAU,CAAA;IACf,KAAK,EAAE,CACL,GAAG,MAAM,EAAE,UAAU,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC,KAC5C,UAAU,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC,CAAA;IACzC,cAAc,EAAE,CACd,GAAG,MAAM,EAAE,UAAU,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC,KAC5C,UAAU,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC,CAAA;IACzC,KAAK,EAAE,CAAC,GAAG,MAAM,EAAE,UAAU,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,KAAK,UAAU,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAA;IAC9E,SAAS,EAAE,CACT,GAAG,MAAM,EAAE,CAAC,GAAG,UAAU,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,EAAE,QAAQ,EAAE,OAAO,CAAC,KAC/D,UAAU,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,CAAA;IACpC,UAAU,EAAE,CACV,GAAG,MAAM,EAAE,UAAU,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,KACxC,UAAU,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,CAAA;IACrC,UAAU,EAAE,CACV,GAAG,MAAM,EAAE,UAAU,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,KACxC,UAAU,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,CAAA;IACrC,UAAU,EAAE,CACV,GAAG,MAAM,EAAE,UAAU,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,KACxC,UAAU,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,CAAA;CACtC,CAAA;AAED,MAAM,MAAM,sCAAsC,GAAG,uBAAuB,GAAG;IAC7E,iBAAiB,CAAC,EAAE,OAAO,CAAA;CAC5B,CAAA;AAGD,oBAAY,eAAe;IACzB,MAAM,WAAW;IACjB,IAAI,SAAS;IACb,MAAM,WAAW;IACjB,MAAM,WAAW;CAElB"}

package/dist/utils/index.d.ts

@@ -1,3 +1,4 @@
 export declare const readFileContent: (filePath: string) => string;
 export declare const readJsonContent: (filePath: string) => unknown;
+export declare const recursivelyCollectFiles: (dir: string) => string[];
 //# sourceMappingURL=index.d.ts.map

package/dist/utils/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/utils/index.ts"],"names":[],"mappings":"AAEA,eAAO,MAAM,eAAe,GAAI,UAAU,MAAM,WAAuC,CAAA;AACvF,eAAO,MAAM,eAAe,GAAI,UAAU,MAAM,KACL,OAAO,CAAA"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/utils/index.ts"],"names":[],"mappings":"AAGA,eAAO,MAAM,eAAe,GAAI,UAAU,MAAM,WAAuC,CAAA;AACvF,eAAO,MAAM,eAAe,GAAI,UAAU,MAAM,KACL,OAAO,CAAA;AAElD,eAAO,MAAM,uBAAuB,GAAI,KAAK,MAAM,KAAG,MAAM,EAQ3D,CAAA"}

package/dist/utils/index.js

@@ -3,9 +3,20 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.readJsonContent = exports.readFileContent = void 0;
-const fs_1 = __importDefault(require("fs"));
-const readFileContent = (filePath) => fs_1.default.readFileSync(filePath, 'utf-8');
+exports.recursivelyCollectFiles = exports.readJsonContent = exports.readFileContent = void 0;
+const node_fs_1 = __importDefault(require("node:fs"));
+const node_path_1 = __importDefault(require("node:path"));
+const readFileContent = (filePath) => node_fs_1.default.readFileSync(filePath, 'utf-8');
 exports.readFileContent = readFileContent;
 const readJsonContent = (filePath) => JSON.parse((0, exports.readFileContent)(filePath));
 exports.readJsonContent = readJsonContent;
+const recursivelyCollectFiles = (dir) => {
+    return node_fs_1.default.readdirSync(dir, { withFileTypes: true }).flatMap((entry) => {
+        const fullPath = node_path_1.default.join(dir, entry.name);
+        if (entry.isDirectory()) {
+            return (0, exports.recursivelyCollectFiles)(fullPath);
+        }
+        return entry.isFile() ? [fullPath] : [];
+    });
+};
+exports.recursivelyCollectFiles = recursivelyCollectFiles;

package/dist/utils/initializer/mongodbCSFLE.d.ts

@@ -0,0 +1,69 @@
+import { UUID, type Document, type AWSEncryptionKeyOptions, type AWSKMSProviderConfiguration, type AzureEncryptionKeyOptions, type AzureKMSProviderConfiguration, type GCPKMSProviderConfiguration, type GCPEncryptionKeyOptions, type KMIPKMSProviderConfiguration, type KMIPEncryptionKeyOptions, type LocalKMSProviderConfiguration, type AutoEncryptionExtraOptions, type AutoEncryptionOptions } from "mongodb";
+import { type EncryptionSchemas } from "../../features/encryption/interface";
+type KMSProviderConfig = {
+    /**
+     * The alias of the key. It must be referenced in the schema map
+     * to select which key to use for encryption.
+     */
+    keyAlias: string;
+    /**
+     * KMS Provider name.
+     */
+    provider: "aws";
+    /**
+     * KMS Provider specific authorization configuration.
+     */
+    config: AWSKMSProviderConfiguration;
+    /**
+     * Configuration of the master key.
+     */
+    masterKey: AWSEncryptionKeyOptions;
+} | {
+    keyAlias: string;
+    provider: "azure";
+    config: AzureKMSProviderConfiguration;
+    masterKey: AzureEncryptionKeyOptions;
+} | {
+    keyAlias: string;
+    provider: "gcp";
+    config: GCPKMSProviderConfiguration;
+    masterKey: GCPEncryptionKeyOptions;
+} | {
+    keyAlias: string;
+    provider: "kmip";
+    config: KMIPKMSProviderConfiguration;
+    masterKey: KMIPEncryptionKeyOptions;
+} | {
+    keyAlias: string;
+    provider: "local";
+    config: LocalKMSProviderConfiguration;
+};
+export type MongoDbEncryptionConfig = {
+    kmsProviders: KMSProviderConfig[];
+    /**
+     * The Key Vault database name
+     * @default encryption
+     */
+    keyVaultDb?: string;
+    /**
+   * The Key Vault database collection
+   * @default __keyVault
+   */
+    keyVaultCollection?: string;
+    extraOptions?: AutoEncryptionExtraOptions;
+};
+type DataKey = {
+    dataKeyId: UUID;
+    dataKeyAlias: string;
+};
+export declare const buildSchemaMap: (schemas: EncryptionSchemas, dataKeys: DataKey[]) => Record<string, Document>;
+/**
+ * Setup MongoDB Client-Side Field Level Encryption (CSFLE).
+ * @see https://www.mongodb.com/docs/manual/core/csfle
+ */
+export declare const setupMongoDbCSFLE: (config: MongoDbEncryptionConfig & {
+    mongodbUrl: string;
+    schemas?: EncryptionSchemas;
+}) => Promise<AutoEncryptionOptions>;
+export {};
+//# sourceMappingURL=mongodbCSFLE.d.ts.map

package/dist/utils/initializer/mongodbCSFLE.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"mongodbCSFLE.d.ts","sourceRoot":"","sources":["../../../src/utils/initializer/mongodbCSFLE.ts"],"names":[],"mappings":"AAAA,OAAO,EAGL,IAAI,EAEJ,KAAK,QAAQ,EACb,KAAK,uBAAuB,EAC5B,KAAK,2BAA2B,EAChC,KAAK,yBAAyB,EAC9B,KAAK,6BAA6B,EAClC,KAAK,2BAA2B,EAChC,KAAK,uBAAuB,EAC5B,KAAK,4BAA4B,EACjC,KAAK,wBAAwB,EAC7B,KAAK,6BAA6B,EAClC,KAAK,0BAA0B,EAE/B,KAAK,qBAAqB,EAC3B,MAAM,SAAS,CAAC;AACjB,OAAO,EAAoF,KAAK,iBAAiB,EAAE,MAAM,qCAAqC,CAAC;AAG/J,KAAK,iBAAiB,GAClB;IACA;;;OAGG;IACH,QAAQ,EAAE,MAAM,CAAA;IAChB;;OAEG;IACH,QAAQ,EAAE,KAAK,CAAA;IACf;;OAEG;IACH,MAAM,EAAE,2BAA2B,CAAA;IACnC;;OAEG;IACH,SAAS,EAAE,uBAAuB,CAAA;CACnC,GAAG;IACF,QAAQ,EAAE,MAAM,CAAA;IAChB,QAAQ,EAAE,OAAO,CAAA;IACjB,MAAM,EAAE,6BAA6B,CAAC;IACtC,SAAS,EAAE,yBAAyB,CAAA;CACrC,GAAG;IACF,QAAQ,EAAE,MAAM,CAAA;IAChB,QAAQ,EAAE,KAAK,CAAA;IACf,MAAM,EAAE,2BAA2B,CAAC;IACpC,SAAS,EAAE,uBAAuB,CAAA;CACnC,GAAG;IACF,QAAQ,EAAE,MAAM,CAAA;IAChB,QAAQ,EAAE,MAAM,CAAA;IAChB,MAAM,EAAE,4BAA4B,CAAC;IACrC,SAAS,EAAE,wBAAwB,CAAA;CACpC,GAAG;IACF,QAAQ,EAAE,MAAM,CAAA;IAChB,QAAQ,EAAE,OAAO,CAAA;IACjB,MAAM,EAAE,6BAA6B,CAAC;CACvC,CAAA;AAEH,MAAM,MAAM,uBAAuB,GAAG;IACpC,YAAY,EAAE,iBAAiB,EAAE,CAAC;IAClC;;;OAGG;IACH,UAAU,CAAC,EAAE,MAAM,CAAA;IACnB;;;KAGC;IACD,kBAAkB,CAAC,EAAE,MAAM,CAAA;IAC3B,YAAY,CAAC,EAAE,0BAA0B,CAAA;CAC1C,CAAA;AAOD,KAAK,OAAO,GAAG;IAAE,SAAS,EAAE,IAAI,CAAC;IAAC,YAAY,EAAE,MAAM,CAAA;CAAE,CAAA;AAkFxD,eAAO,MAAM,cAAc,GAAI,SAAS,iBAAiB,EAAE,UAAU,OAAO,EAAE,6BAK7E,CAAA;AAED;;;GAGG;AACH,eAAO,MAAM,iBAAiB,GAC5B,QAAQ,uBAAuB,GAAG;IAAE,UAAU,EAAE,MAAM,CAAC;IAAC,OAAO,CAAC,EAAE,iBAAiB,CAAA;CAAE,KACpF,OAAO,CAAC,qBAAqB,CA8C/B,CAAA"}

package/dist/utils/initializer/mongodbCSFLE.js

@@ -0,0 +1,131 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.setupMongoDbCSFLE = exports.buildSchemaMap = void 0;
+const mongodb_1 = require("mongodb");
+const constants_1 = require("../../constants");
+function ensureUniqueKeyAltNameIndex(db, config) {
+    return __awaiter(this, void 0, void 0, function* () {
+        yield db.collection(config.keyVaultCollection).createIndex({ keyAltNames: 1 }, {
+            unique: true,
+            partialFilterExpression: { keyAltNames: { $exists: true } },
+        });
+    });
+}
+/**
+ * Ensure provided KMS Providers DEK keys exist in the key vault. If not, they are created.
+ */
+function ensureDataEncryptionKeys(clientEncryption, keyVaultDb, config) {
+    return __awaiter(this, void 0, void 0, function* () {
+        const keys = [];
+        for (const kmsProvider of config.kmsProviders) {
+            const existingKey = yield keyVaultDb.collection(config.keyVaultCollection).findOne({
+                keyAltNames: kmsProvider.keyAlias,
+            });
+            if ((existingKey === null || existingKey === void 0 ? void 0 : existingKey._id) instanceof mongodb_1.Binary) {
+                keys.push({ dataKeyId: existingKey._id, dataKeyAlias: kmsProvider.keyAlias });
+                continue;
+            }
+            const dataKeyId = yield clientEncryption.createDataKey(kmsProvider.provider, {
+                masterKey: "masterKey" in kmsProvider ? kmsProvider.masterKey : undefined,
+                keyAltNames: [kmsProvider.keyAlias],
+            });
+            console.log(`[MongoDB Encryption] Created new key with alias ${kmsProvider.keyAlias}`);
+            keys.push({ dataKeyId, dataKeyAlias: kmsProvider.keyAlias });
+        }
+        return keys;
+    });
+}
+/**
+ * Recursively resolve key aliases in an encryption schema to their corresponding key IDs.
+ */
+const resolveKeyAliases = (schema, dataKeys) => {
+    var _a, _b;
+    if ("encrypt" in schema) {
+        if (!schema.encrypt.keyAlias) {
+            return schema;
+        }
+        const keyId = (_a = dataKeys.find(k => k.dataKeyAlias === schema.encrypt.keyAlias)) === null || _a === void 0 ? void 0 : _a.dataKeyId;
+        if (!keyId) {
+            throw new Error(`Key with alias ${schema.encrypt.keyAlias} could not be found in the Key Vault.`);
+        }
+        return {
+            encrypt: {
+                bsonType: schema.encrypt.bsonType,
+                algorithm: schema.encrypt.algorithm,
+                keyId: [keyId]
+            }
+        };
+    }
+    const mappedSchema = {
+        bsonType: "object",
+        properties: Object.entries(schema.properties).reduce((acc, [property, config]) => {
+            acc[property] = resolveKeyAliases(config, dataKeys);
+            return acc;
+        }, {})
+    };
+    if (schema.encryptMetadata) {
+        const keyId = (_b = dataKeys.find(k => k.dataKeyAlias === schema.encryptMetadata.keyAlias)) === null || _b === void 0 ? void 0 : _b.dataKeyId;
+        if (!keyId) {
+            throw new Error(`Key with alias ${schema.encryptMetadata.keyAlias} could not be found in the Key Vault.`);
+        }
+        mappedSchema.encryptMetadata = { keyId: [keyId] };
+    }
+    return mappedSchema;
+};
+const buildSchemaMap = (schemas, dataKeys) => {
+    return Object.entries(schemas).reduce((acc, [key, schema]) => {
+        acc[key] = resolveKeyAliases(schema, dataKeys);
+        return acc;
+    }, {});
+};
+exports.buildSchemaMap = buildSchemaMap;
+/**
+ * Setup MongoDB Client-Side Field Level Encryption (CSFLE).
+ * @see https://www.mongodb.com/docs/manual/core/csfle
+ */
+const setupMongoDbCSFLE = (config) => __awaiter(void 0, void 0, void 0, function* () {
+    var _a, _b;
+    if (config.kmsProviders.length === 0) {
+        throw new Error('At least one KMS Provider is required when using MongoDB encryption');
+    }
+    const requiredConfig = {
+        kmsProviders: config.kmsProviders,
+        keyVaultDb: (_a = config.keyVaultDb) !== null && _a !== void 0 ? _a : constants_1.DEFAULT_CONFIG.MONGODB_ENCRYPTION_CONFIG.keyVaultDb,
+        keyVaultCollection: (_b = config.keyVaultDb) !== null && _b !== void 0 ? _b : constants_1.DEFAULT_CONFIG.MONGODB_ENCRYPTION_CONFIG.keyVaultCollection,
+    };
+    const kmsProviders = requiredConfig.kmsProviders.reduce((acc, { provider, config }) => (Object.assign(Object.assign({}, acc), { [provider]: config })), {});
+    const keyVaultNamespace = `${requiredConfig.keyVaultDb}.${requiredConfig.keyVaultCollection}`;
+    const keyVaultClient = new mongodb_1.MongoClient(config.mongodbUrl, {
+        maxPoolSize: 1,
+        autoEncryption: {
+            keyVaultNamespace,
+            kmsProviders,
+            extraOptions: config.extraOptions
+        }
+    });
+    yield keyVaultClient.connect();
+    const keyVaultDb = keyVaultClient.db(requiredConfig.keyVaultDb);
+    yield ensureUniqueKeyAltNameIndex(keyVaultDb, requiredConfig);
+    const clientEncryption = new mongodb_1.ClientEncryption(keyVaultClient, {
+        keyVaultNamespace,
+        kmsProviders,
+    });
+    const dataKeys = yield ensureDataEncryptionKeys(clientEncryption, keyVaultDb, requiredConfig);
+    yield keyVaultClient.close();
+    return {
+        keyVaultNamespace,
+        kmsProviders,
+        schemaMap: config.schemas ? (0, exports.buildSchemaMap)(config.schemas, dataKeys) : undefined,
+        extraOptions: config.extraOptions
+    };
+});
+exports.setupMongoDbCSFLE = setupMongoDbCSFLE;

package/dist/utils/initializer/registerPlugins.d.ts

@@ -1,6 +1,8 @@
 import { FastifyInstance } from 'fastify';
 import { CorsConfig } from '../../';
 import { Functions } from '../../features/functions/interface';
+import { EncryptionSchemas } from '../../features/encryption/interface';
+import { MongoDbEncryptionConfig } from './mongodbCSFLE';
 type RegisterFunction = FastifyInstance['register'];
 type RegisterPluginsParams = {
     register: RegisterFunction;
@@ -8,6 +10,8 @@ type RegisterPluginsParams = {
     jwtSecret: string;
     functionsList: Functions;
     corsConfig?: CorsConfig;
+    encryptionSchemas?: EncryptionSchemas;
+    mongodbEncryptionConfig?: MongoDbEncryptionConfig;
 };
 /**
  * > Used to register all plugins
@@ -16,6 +20,6 @@ type RegisterPluginsParams = {
  * @param jwtSecret -> connection jwt
  * @tested
  */
-export declare const registerPlugins: ({ register, mongodbUrl, jwtSecret, functionsList, corsConfig }: RegisterPluginsParams) => Promise<void>;
+export declare const registerPlugins: ({ register, mongodbUrl, jwtSecret, functionsList, corsConfig, mongodbEncryptionConfig, encryptionSchemas }: RegisterPluginsParams) => Promise<void>;
 export {};
 //# sourceMappingURL=registerPlugins.d.ts.map

package/dist/utils/initializer/registerPlugins.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"registerPlugins.d.ts","sourceRoot":"","sources":["../../../src/utils/initializer/registerPlugins.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,eAAe,EAAE,MAAM,SAAS,CAAA;AAEzC,OAAO,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAA;AAOnC,OAAO,EAAE,SAAS,EAAE,MAAM,oCAAoC,CAAA;AAG9D,KAAK,gBAAgB,GAAG,eAAe,CAAC,UAAU,CAAC,CAAA;AAGnD,KAAK,qBAAqB,GAAG;IAC3B,QAAQ,EAAE,gBAAgB,CAAA;IAC1B,UAAU,EAAE,MAAM,CAAA;IAClB,SAAS,EAAE,MAAM,CAAA;IACjB,aAAa,EAAE,SAAS,CAAA;IACxB,UAAU,CAAC,EAAE,UAAU,CAAA;CACxB,CAAA;AAQD;;;;;;GAMG;AACH,eAAO,MAAM,eAAe,GAAU,gEAMnC,qBAAqB,kBAsBvB,CAAA"}
+{"version":3,"file":"registerPlugins.d.ts","sourceRoot":"","sources":["../../../src/utils/initializer/registerPlugins.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,eAAe,EAAE,MAAM,SAAS,CAAA;AAEzC,OAAO,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAA;AAOnC,OAAO,EAAE,SAAS,EAAE,MAAM,oCAAoC,CAAA;AAC9D,OAAO,EAAE,iBAAiB,EAAE,MAAM,qCAAqC,CAAA;AAEvE,OAAO,EAAqB,uBAAuB,EAAE,MAAM,gBAAgB,CAAA;AAE3E,KAAK,gBAAgB,GAAG,eAAe,CAAC,UAAU,CAAC,CAAA;AAGnD,KAAK,qBAAqB,GAAG;IAC3B,QAAQ,EAAE,gBAAgB,CAAA;IAC1B,UAAU,EAAE,MAAM,CAAA;IAClB,SAAS,EAAE,MAAM,CAAA;IACjB,aAAa,EAAE,SAAS,CAAA;IACxB,UAAU,CAAC,EAAE,UAAU,CAAA;IACvB,iBAAiB,CAAC,EAAE,iBAAiB,CAAA;IACrC,uBAAuB,CAAC,EAAE,uBAAuB,CAAA;CAClD,CAAA;AAQD;;;;;;GAMG;AACH,eAAO,MAAM,eAAe,GAAU,4GAQnC,qBAAqB,kBAwBvB,CAAA"}

package/dist/utils/initializer/registerPlugins.js

@@ -23,6 +23,7 @@ const controller_3 = require("../../auth/providers/custom-function/controller");
 const controller_4 = require("../../auth/providers/local-userpass/controller");
 const constants_1 = require("../../constants");
 const plugin_1 = __importDefault(require("../../monitoring/plugin"));
+const mongodbCSFLE_1 = require("./mongodbCSFLE");
 /**
  * > Used to register all plugins
  * @param register -> the fastify register method
@@ -30,13 +31,15 @@ const plugin_1 = __importDefault(require("../../monitoring/plugin"));
  * @param jwtSecret -> connection jwt
  * @tested
  */
-const registerPlugins = (_a) => __awaiter(void 0, [_a], void 0, function* ({ register, mongodbUrl, jwtSecret, functionsList, corsConfig }) {
+const registerPlugins = (_a) => __awaiter(void 0, [_a], void 0, function* ({ register, mongodbUrl, jwtSecret, functionsList, corsConfig, mongodbEncryptionConfig, encryptionSchemas }) {
     try {
         const registersConfig = yield getRegisterConfig({
             mongodbUrl,
             jwtSecret,
             corsConfig,
-            functionsList
+            functionsList,
+            mongodbEncryptionConfig,
+            encryptionSchemas
         });
         registersConfig.forEach(({ plugin, options, pluginName }) => {
             try {
@@ -61,11 +64,14 @@ exports.registerPlugins = registerPlugins;
  * @param jwtSecret -> connection jwt
  * @testable
  */
-const getRegisterConfig = (_a) => __awaiter(void 0, [_a], void 0, function* ({ mongodbUrl, jwtSecret, corsConfig }) {
+const getRegisterConfig = (_a) => __awaiter(void 0, [_a], void 0, function* ({ mongodbUrl, jwtSecret, corsConfig, encryptionSchemas, mongodbEncryptionConfig, }) {
     const corsOptions = corsConfig !== null && corsConfig !== void 0 ? corsConfig : {
         origin: '*',
         methods: ['POST', 'GET']
     };
+    const autoEncryption = mongodbEncryptionConfig
+        ? yield (0, mongodbCSFLE_1.setupMongoDbCSFLE)(Object.assign({ mongodbUrl, schemas: encryptionSchemas }, mongodbEncryptionConfig))
+        : undefined;
     const baseConfig = [
         {
             pluginName: 'cors',
@@ -76,8 +82,24 @@ const getRegisterConfig = (_a) => __awaiter(void 0, [_a], void 0, function* ({ m
             pluginName: 'fastifyMongodb',
             plugin: mongodb_1.default,
             options: {
+                url: mongodbUrl,
                 forceClose: true,
-                url: mongodbUrl
+                autoEncryption
+            }
+        },
+        /**
+         * When auto-encryption is active, add another MongoDB client with bypass for change streams.
+         * The $changeStream operator does not support automatic encryption, only decryption.
+         * @see https://www.mongodb.com/docs/manual/core/csfle/reference/supported-operations
+         */
+        autoEncryption && {
+            pluginName: 'fastifyMongodb',
+            plugin: mongodb_1.default,
+            options: {
+                name: "changestream",
+                url: mongodbUrl,
+                forceClose: true,
+                autoEncryption: Object.assign(Object.assign({}, autoEncryption), { bypassAutoEncryption: true })
             }
         },
         {
@@ -133,5 +155,5 @@ const getRegisterConfig = (_a) => __awaiter(void 0, [_a], void 0, function* ({ m
             options: { basePath: '/monit' }
         });
     }
-    return baseConfig;
+    return baseConfig.filter(Boolean);
 });