kuzzle 2.14.0 → 2.14.5

package/lib/core/backend/backendPlugin.js

@@ -73,7 +73,7 @@ class BackendPlugin extends index_1.ApplicationManager {
      */
     get(name) {
         if (!this._application._plugins[name]) {
-            throw assertionError.get('plugin_not_found', name, didYouMean_1.default(name, this.list()));
+            throw assertionError.get('plugin_not_found', name, (0, didYouMean_1.default)(name, this.list()));
         }
         return this._application._plugins[name].plugin;
     }

package/lib/core/plugin/plugin.js

@@ -23,8 +23,8 @@
 
 const path = require('path');
 const fs = require('fs');
-
 const semver = require('semver');
+const enforcer = require('openapi-enforcer');
 
 const { PluginContext } = require('./pluginContext');
 const PrivilegedPluginContext = require('./privilegedContext');
@@ -34,6 +34,7 @@ const Manifest = require('./pluginManifest');
 const { has, isPlainObject } = require('../../util/safeObject');
 
 const assertionError = kerror.wrap('plugin', 'assert');
+const controllerError = kerror.wrap('plugin', 'controller');
 const runtimeError = kerror.wrap('plugin', 'runtime');
 
 const PLUGIN_NAME_REGEX = /^[a-z-\d]+$/;
@@ -330,16 +331,21 @@ class Plugin {
           checkHttpRouteProperties(route, action, name, application);
 
           const routeProperties = Object.keys(route);
-          if (routeProperties.length > 2) {
+          if (routeProperties.length > 3) {
             routeProperties.splice(routeProperties.indexOf('url'), 1);
             routeProperties.splice(routeProperties.indexOf('path'), 1);
             routeProperties.splice(routeProperties.indexOf('verb'), 1);
+            routeProperties.splice(routeProperties.indexOf('openapi'), 1);
 
             throw assertionError.get(
               'invalid_controller_definition',
               name,
               `action "${action}" has invalid http properties: ${routeProperties.join(', ')}`);
           }
+
+          if (route.openapi) {
+            checkOpenAPISpecification(name, action, route);
+          }
         }
       }
     }
@@ -359,4 +365,38 @@ function checkHttpRouteProperties (route, action, name, application) {
   }
 }
 
+function checkOpenAPISpecification (controller, action, route) {
+  if (! isPlainObject(route.openapi)) {
+    throw assertionError.get(
+      'invalid_controller_definition',
+      controller,
+      'The "openapi" property must be an object');
+  }
+
+  // Set :param notation to {param}
+  const formattedPath = route.path.replace(/\/:([^/]*)/g,'/{$1}');
+
+  const { error, warning } = enforcer({
+    /* eslint-disable sort-keys */
+    openapi: '3.0.1',
+    info: {
+      title: 'Kuzzle API',
+      version: require('../../../package').version
+    },
+    paths: {
+      [formattedPath]: {
+        [route.verb]: route.openapi
+      }
+    },
+    /* eslint-enable sort-keys */
+  });
+
+  if (warning) {
+    global.kuzzle.log.warn(`Warning for OpenAPI specification in "${controller}:${action}", ${route.openapi} : ${warning}`);
+  }
+  if (error) {
+    throw controllerError.get('invalid_openapi_schema', controller, action, route.openapi, error);
+  }
+}
+
 module.exports = Plugin;

package/lib/core/plugin/pluginContext.js

@@ -249,8 +249,8 @@ function curryAddStrategy(pluginName) {
         // be serialized and propagated to other cluster nodes
         // so if a strategy is not defined using an authenticator, we have
         // to reject the call
-        if (!safeObject_1.isPlainObject(strategy)
-            || !safeObject_1.isPlainObject(strategy.config)
+        if (!(0, safeObject_1.isPlainObject)(strategy)
+            || !(0, safeObject_1.isPlainObject)(strategy.config)
             || typeof strategy.config.authenticator !== 'string') {
             throw contextError.get('missing_authenticator', pluginName, name);
         }

package/lib/core/plugin/pluginsManager.js

@@ -712,6 +712,7 @@ class PluginsManager {
           this.routes.push({
             action,
             controller,
+            openapi: httpRoute.openapi,
             path: routePath,
             verb: httpRoute.verb
           });

package/lib/core/realtime/hotelClerk.js

@@ -54,12 +54,13 @@ class Channel {
 }
 
 class Subscription {
-  constructor (index, collection, filters, roomId, connectionId) {
+  constructor (index, collection, filters, roomId, connectionId, user) {
     this.index = index;
     this.collection = collection;
     this.filters = filters;
     this.roomId = roomId;
     this.connectionId = connectionId;
+    this.kuid = user && user._id || null;
   }
 }
 
@@ -186,6 +187,7 @@ class HotelClerk {
      * Unsubscribes a user from a room
      * @param {string} connectionId
      * @param {string} roomId
+     * @param {string} kuid
      * @param {boolean} [notify]
      */
     global.kuzzle.onAsk(
@@ -209,7 +211,6 @@ class HotelClerk {
    */
   async subscribe (request) {
     const { index, collection } = request.input.resource;
-    const propagate = request.input.args.propagate || false;
 
     if (! index) {
       return kerror.reject('api', 'assert', 'missing_argument', 'index');
@@ -230,7 +231,7 @@ class HotelClerk {
      * is made on the very last moment and is essential to ensure
      * that no zombie subscription can be performed
      */
-    if (!global.kuzzle.router.isConnectionAlive(request.context)) {
+    if (! global.kuzzle.router.isConnectionAlive(request.context)) {
       return null;
     }
 
@@ -245,13 +246,13 @@ class HotelClerk {
       throw kerror.get('api', 'assert', 'koncorde_dsl_error', e.message);
     }
 
-    await this._createRoom(normalized, { propagate });
+    this._createRoom(normalized);
 
     const { channel, subscribed } = await this._subscribeToRoom(
       normalized.id,
       request);
 
-    if (propagate && subscribed) {
+    if (subscribed) {
       global.kuzzle.emit('core:realtime:subscribe:after', normalized.id);
 
       // @deprecated -- to be removed in next major version
@@ -271,7 +272,8 @@ class HotelClerk {
       collection,
       request.input.body,
       normalized.id,
-      request.context.connection.id);
+      request.context.connection.id,
+      request.context.user);
 
     global.kuzzle.emit('core:realtime:user:subscribe:after', subscription);
 
@@ -419,14 +421,15 @@ class HotelClerk {
    * Create new room if needed
    *
    * @this HotelClerk
+   *
    * @param {NormalizedFilter} normalized - Obtained with Koncorde.normalize
    * @param {Object} [options]
-   * @param {boolean} [options.propagate] - whether the new room creation should
-   *                                        be propagated to the cluster
+   *
    * @returns {void}
    */
-  _createRoom (normalized, { propagate = true } = {}) {
-    const { collection, index, id: roomId } = normalized;
+  _createRoom (normalized) {
+    const { index: koncordeIndex, id: roomId } = normalized;
+    const [index, collection] = koncordeIndex.split('/');
 
     if (this.rooms.has(normalized.id)) {
       return;
@@ -440,12 +443,10 @@ class HotelClerk {
 
     global.kuzzle.koncorde.store(normalized);
 
-    if (propagate) {
-      global.kuzzle.emit('core:realtime:room:create:after', normalized);
+    global.kuzzle.emit('core:realtime:room:create:after', normalized);
 
-      // @deprecated -- to be removed in the next major version of kuzzle
-      global.kuzzle.emit('room:new', { collection, index, roomId });
-    }
+    // @deprecated -- to be removed in the next major version of kuzzle
+    global.kuzzle.emit('room:new', { collection, index, roomId });
 
     /*
       In some very rare cases, the room may have been created between
@@ -550,13 +551,26 @@ class HotelClerk {
       });
     }
 
+    const kuid = global.kuzzle.tokenManager.getKuidFromConnection(connectionId);
+
+    const subscription = new Subscription(
+      room.index,
+      room.collection,
+      undefined,
+      roomId,
+      connectionId,
+      { _id: kuid });
+
     global.kuzzle.emit('core:realtime:user:unsubscribe:after', {
+      /* @deprecated */
       requestContext,
+      /* @deprecated */
       room: {
         collection: room.collection,
         id: roomId,
         index: room.index,
-      }
+      },
+      subscription,
     });
   }
 

package/lib/core/security/profileRepository.js

@@ -124,14 +124,16 @@ class ProfileRepository extends Repository {
       (id, ttl) => this.scroll(id, ttl));
 
     /**
-     * Searches profiles associated to a provided list of roles
-     * @param  {Array.<String>} roles
+     * Searches profiles
+     *
+     * @param  {Object} searchBody - Search query (ES format)
      * @param  {Object} opts (from, size, scroll)
+     *
      * @returns {Object} Search results
      */
     global.kuzzle.onAsk(
       'core:security:profile:search',
-      (roles, opts) => this.searchProfiles(roles, opts));
+      (searchBody, opts) => this.search(searchBody, opts));
 
     /**
      * Removes all existing profiles and invalidates the RAM cache
@@ -316,25 +318,6 @@ class ProfileRepository extends Repository {
     });
   }
 
-  /**
-   *
-   * @param {string[]} roles - array of role ids
-   * @param {object} [options] - optional search arguments (from, size, scroll)
-   * @returns {Promise}
-   */
-  searchProfiles (roles = [], {from=0, scroll, size=1000} = {}) {
-    const query = {query: {}};
-
-    if (roles && roles.length > 0) {
-      query.query = {terms: {'policies.roleId': roles}};
-    }
-    else {
-      query.query = {match_all: {}};
-    }
-
-    return this.search(query, {from, scroll, size});
-  }
-
   /**
    * Deletes a profile
    *

package/lib/core/security/roleRepository.js

@@ -308,10 +308,14 @@ class RoleRepository extends Repository {
   }
 
   /**
-   * @param {Array} controllers
+   * @param {Object} body Search body containing either "query" or "controllers"
    * @param {Object} options
    */
-  async searchRole (controllers, {from = 0, size = 9999} = {}) {
+  async searchRole (body, { from = 0, size = 9999 } = {}) {
+    if (! body.controllers) {
+      return this.search(body, { from, size });
+    }
+
     const searchResults = await this.search(
       { query: {}, sort: [{ _id: { order: 'asc' } }]},
       { from: 0, size: 9999 }); // /!\ NOT the options values
@@ -321,11 +325,11 @@ class RoleRepository extends Repository {
       total: searchResults.total
     };
 
-    if (controllers.length > 0) {
+    if (body.controllers.length > 0) {
       result.hits = searchResults.hits
         .filter(role => Object
           .keys(role.controllers)
-          .some(key => key === '*' || controllers.includes(key)));
+          .some(key => key === '*' || body.controllers.includes(key)));
 
       result.total = result.hits.length;
     }
@@ -488,7 +492,9 @@ class RoleRepository extends Repository {
       throw kerror.get('security', 'role', 'cannot_delete');
     }
 
-    const response = await this.module.profile.searchProfiles([role._id], {
+    const query = { term: { 'policies.roleId': role._id } };
+
+    const response = await this.module.profile.search({ query }, {
       from: 0,
       size: 1
     });

package/lib/core/security/tokenRepository.js

@@ -28,7 +28,7 @@ const Bluebird = require('bluebird');
 
 const ApiKey = require('../../model/storage/apiKey');
 const { UnauthorizedError } = require('../../kerror/errors');
-const Token = require('../../model/security/token');
+const { Token } = require('../../model/security/token');
 const Repository = require('../shared/repository');
 const kerror = require('../../kerror');
 const debug = require('../../util/debug')('kuzzle:bootstrap:tokens');

package/lib/core/security/userRepository.js

@@ -122,13 +122,13 @@ class UserRepository extends Repository {
 
     /**
      * Searches users
-     * @param  {Object} query - Search query (ES format)
+     * @param  {Object} searchBody - Search body (ES format)
      * @param  {Object} opts (from, size, scroll)
      * @returns {Object} Search results
      */
     global.kuzzle.onAsk(
       'core:security:user:search',
-      (query, opts) => this.search(query, opts));
+      (searchBody, opts) => this.search(searchBody, opts));
 
     /**
      * Removes all existing users

package/lib/core/shared/KoncordeWrapper.d.ts

@@ -2,7 +2,7 @@ import { JSONObject } from 'kuzzle-sdk';
 /**
  * Emulates the normalized object returned by Koncorde v3
  */
-declare class NormalizedFilterV3 {
+export declare class NormalizedFilterV3 {
     /**
      * Filter Unique Identifier
      *
@@ -148,4 +148,3 @@ export declare class Koncorde {
      */
     validate(filter: JSONObject): Promise<void>;
 }
-export {};

package/lib/core/shared/KoncordeWrapper.js

@@ -20,7 +20,7 @@
  * limitations under the License.
  */
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.Koncorde = void 0;
+exports.Koncorde = exports.NormalizedFilterV3 = void 0;
 const koncorde_1 = require("koncorde");
 const koncordeCompat_1 = require("../../util/koncordeCompat");
 /**
@@ -34,6 +34,7 @@ class NormalizedFilterV3 {
         this.normalized = normalized.filter;
     }
 }
+exports.NormalizedFilterV3 = NormalizedFilterV3;
 /*
   @deprecated
 
@@ -81,7 +82,7 @@ class Koncorde {
      * @return {boolean}
      */
     exists(index, collection) {
-        return this.koncorde.getIndexes().includes(koncordeCompat_1.toKoncordeIndex(index, collection));
+        return this.koncorde.getIndexes().includes((0, koncordeCompat_1.toKoncordeIndex)(index, collection));
     }
     /**
      * Returns the list of collections associated to an index registered in this
@@ -91,7 +92,7 @@ class Koncorde {
      * @return {string[]}
      */
     getCollections(index) {
-        return koncordeCompat_1.getCollections(this.koncorde, index);
+        return (0, koncordeCompat_1.getCollections)(this.koncorde, index);
     }
     /**
      * Returns the list of filter identifiers registered on a given
@@ -102,7 +103,7 @@ class Koncorde {
      * @return {string[]}
      */
     getFilterIds(index, collection) {
-        return this.koncorde.getFilterIds(koncordeCompat_1.toKoncordeIndex(index, collection));
+        return this.koncorde.getFilterIds((0, koncordeCompat_1.toKoncordeIndex)(index, collection));
     }
     /**
      * Returns the list of indexes registered in this Koncorde instance
@@ -110,7 +111,7 @@ class Koncorde {
      * @return {string[]}
      */
     getIndexes() {
-        return koncordeCompat_1.getIndexes(this.koncorde);
+        return (0, koncordeCompat_1.getIndexes)(this.koncorde);
     }
     /**
      * Checks if a filter is registered for the given filter identifier
@@ -137,7 +138,7 @@ class Koncorde {
      * @return {NormalizedFilterV3}
      */
     async normalize(index, collection, filter) {
-        return new NormalizedFilterV3(index, collection, this.koncorde.normalize(filter, koncordeCompat_1.toKoncordeIndex(index, collection)));
+        return new NormalizedFilterV3(index, collection, this.koncorde.normalize(filter, (0, koncordeCompat_1.toKoncordeIndex)(index, collection)));
     }
     /**
      * Registers a filter to the engine instance. This method is equivalent to
@@ -149,7 +150,7 @@ class Koncorde {
      * @return {JSONObject}
      */
     async register(index, collection, filter) {
-        const indexV4 = koncordeCompat_1.toKoncordeIndex(index, collection);
+        const indexV4 = (0, koncordeCompat_1.toKoncordeIndex)(index, collection);
         const normalized = this.koncorde.normalize(filter, indexV4);
         return this.store(new NormalizedFilterV3(index, collection, normalized));
     }
@@ -170,7 +171,7 @@ class Koncorde {
      * @return {JSONObject}
      */
     async store(normalized) {
-        const indexV4 = koncordeCompat_1.toKoncordeIndex(normalized.index, normalized.collection);
+        const indexV4 = (0, koncordeCompat_1.toKoncordeIndex)(normalized.index, normalized.collection);
         if (this.koncorde.hasFilterId(normalized.id, indexV4)) {
             return {
                 diff: false,
@@ -196,7 +197,7 @@ class Koncorde {
      * @return {string[]}
      */
     test(index, collection, data, id) {
-        return koncordeCompat_1.koncordeTest(this.koncorde, index, collection, data, id);
+        return (0, koncordeCompat_1.koncordeTest)(this.koncorde, index, collection, data, id);
     }
     /**
      * Tests the provided filter without storing it in the engine, to check

package/lib/core/shared/repository.js

@@ -104,12 +104,12 @@ class Repository {
   /**
    * Search in database corresponding repository according to a query
    *
-   * @param {object} query
+   * @param {object} searchBody
    * @param {object} [options] - optional search arguments (from, size, scroll)
    * @returns {Promise}
    */
-  async search (query, options = {}) {
-    const response = await this.store.search(this.collection, query, options);
+  async search (searchBody, options = {}) {
+    const response = await this.store.search(this.collection, searchBody, options);
 
     return this._formatSearchResults(response);
   }

package/lib/core/shared/sdk/embeddedSdk.d.ts

@@ -16,8 +16,8 @@ interface EmbeddedRealtime extends RealtimeController {
      *    - `scope` Subscribe to document entering or leaving the scope. (default: 'all')
      *    - `users` Subscribe to users entering or leaving the room. (default: 'none')
      *    - `subscribeToSelf` Subscribe to notifications fired by our own queries. (default: true)
-     *    - `volatile` Subscription information sent alongside notifications
-     *    - `propagate` Propagate the callback execution on each cluster node
+     *    - `volatile` Subscription information sent alongside notifications. (default: `{}`)
+     *    - `propagate` Propagate the callback execution on each cluster node. (default: false)
      *
      * @returns A string containing the room ID
      */

package/lib/core/shared/sdk/embeddedSdk.js

@@ -44,7 +44,7 @@ class EmbeddedSDK extends kuzzle_sdk_1.Kuzzle {
      * @param options - Optional sdk arguments
      */
     as(user, options = { checkRights: false }) {
-        if (!safeObject_1.isPlainObject(user) || typeof user._id !== 'string') {
+        if (!(0, safeObject_1.isPlainObject)(user) || typeof user._id !== 'string') {
             throw contextError.get('invalid_user');
         }
         return new impersonatedSdk_1.default(user._id, options);
@@ -60,7 +60,7 @@ class EmbeddedSDK extends kuzzle_sdk_1.Kuzzle {
      */
     query(request, options = {}) {
         // By default, do not propagate realtime notification accross cluster nodes
-        if (safeObject_1.isPlainObject(request)
+        if ((0, safeObject_1.isPlainObject)(request)
             && request.controller === 'realtime'
             && request.action === 'subscribe') {
             request.propagate = options.propagate === undefined || options.propagate === null

package/lib/kerror/codes/4-plugin.json

@@ -343,6 +343,12 @@
           "code": 9,
           "message": "Unexpected return value from action \"%s:%s\": expected a Promise",
           "class": "PluginImplementationError"
+        },
+        "invalid_openapi_schema": {
+          "description": "OpenAPI specification is invalid",
+          "code": 10,
+          "message": "Invalid OpenAPI specification in \"%s:%s\", %s : %s",
+          "class": "PluginImplementationError"
         }
       }
     },

package/lib/kuzzle/kuzzle.js

@@ -38,7 +38,7 @@ const PassportWrapper = require('../core/auth/passportWrapper');
 const PluginsManager = require('../core/plugin/pluginsManager');
 const Router = require('../core/network/router');
 const Statistics = require('../core/statistics');
-const TokenManager = require('../core/auth/tokenManager');
+const { TokenManager } = require('../core/auth/tokenManager');
 const Validation = require('../core/validation');
 const Logger = require('./log');
 const vault = require('./vault');

package/lib/model/security/token.d.ts

@@ -0,0 +1,29 @@
+export interface TokenContent {
+    /**
+     * Token ID (also Redis key)
+     *
+     * @example `${userId}#${jwt}`
+     */
+    _id?: string;
+    expiresAt?: number;
+    ttl?: number;
+    userId?: string;
+    connectionIds?: string[];
+    jwt?: string;
+    refreshed?: boolean;
+}
+/**
+ * Represents a token that identify an user.
+ */
+export declare class Token implements TokenContent {
+    _id: string;
+    expiresAt: number;
+    ttl: number;
+    userId: string;
+    jwt: string;
+    refreshed: boolean;
+    constructor(data?: TokenContent);
+    get type(): 'apiKey' | 'authToken';
+    static get AUTH_PREFIX(): string;
+    static get APIKEY_PREFIX(): string;
+}

package/lib/model/security/token.js

@@ -1,3 +1,4 @@
+"use strict";
 /*
  * Kuzzle, a backend software, self-hostable and ready to use
  * to power modern apps
@@ -18,32 +19,32 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-
-'use strict';
-
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Token = void 0;
 /**
- * @class Token
+ * Represents a token that identify an user.
  */
 class Token {
-  constructor(data = {}) {
-    this._id = data._id || null;
-    this.expiresAt = data.expiresAt || null;
-    this.ttl = data.ttl || null;
-    this.userId = data.userId || null;
-    this.connectionId = data.connectionId || null;
-    this.jwt = data.jwt || null;
-    this.refreshed = Boolean(data.refreshed);
-  }
-
-  get type() {
-    if (this.jwt && this.jwt.startsWith(Token.APIKEY_PREFIX)) {
-      return 'apiKey';
+    constructor(data = {}) {
+        this._id = data._id || null;
+        this.expiresAt = data.expiresAt || null;
+        this.ttl = data.ttl || null;
+        this.userId = data.userId || null;
+        this.jwt = data.jwt || null;
+        this.refreshed = Boolean(data.refreshed);
+    }
+    get type() {
+        if (this.jwt && this.jwt.startsWith(Token.APIKEY_PREFIX)) {
+            return 'apiKey';
+        }
+        return 'authToken';
+    }
+    static get AUTH_PREFIX() {
+        return 'kauth-';
+    }
+    static get APIKEY_PREFIX() {
+        return 'kapikey-';
     }
-    return 'authToken';
-  }
 }
-
-Token.AUTH_PREFIX = 'kauth-';
-Token.APIKEY_PREFIX = 'kapikey-';
-
-module.exports = Token;
+exports.Token = Token;
+//# sourceMappingURL=token.js.map

package/lib/service/storage/elasticsearch.js

@@ -116,7 +116,6 @@ class ElasticSearch extends Service {
       'explain',
       'from',
       'highlight',
-      'inner_hits',
       'query',
       'search_after',
       'search_timeout',
@@ -395,11 +394,30 @@ class ElasticSearch extends Service {
   }
 
   _formatSearchResult (body) {
+    function formatHit (hit) {
+      return {
+        _id: hit._id,
+        _score: hit._score,
+        _source: hit._source,
+        highlight: hit.highlight,
+      };
+    }
+
+    function formatInnerHits (innerHits) {
+      if (! innerHits) {
+        return undefined;
+      }
+
+      const formattedInnerHits = {};
+      for (const [name, innerHit] of Object.entries(innerHits)) {
+        formattedInnerHits[name] = innerHit.hits.hits.map(formatHit);
+      }
+      return formattedInnerHits;
+    }
+
     const hits = body.hits.hits.map(hit => ({
-      _id: hit._id,
-      _score: hit._score,
-      _source: hit._source,
-      highlight: hit.highlight,
+      inner_hits: formatInnerHits(hit.inner_hits),
+      ...formatHit(hit)
     }));
 
     return {