kuzzle 2.16.11 → 2.17.2

package/lib/api/controllers/adminController.js

@@ -31,7 +31,7 @@ const { Mutex } = require('../../util/mutex');
  * @class AdminController
  */
 class AdminController extends NativeController {
-  constructor() {
+  constructor () {
     super([
       'dump',
       'loadFixtures',
@@ -77,7 +77,7 @@ class AdminController extends NativeController {
   async resetSecurity () {
     const mutex = new Mutex('resetSecurity', { timeout: 0 });
 
-    if (!await mutex.lock()) {
+    if (! await mutex.lock()) {
       throw kerror.get('api', 'process', 'action_locked', 'Kuzzle is already reseting roles, profiles and users.');
     }
 
@@ -111,7 +111,7 @@ class AdminController extends NativeController {
   async resetDatabase () {
     const mutex = new Mutex('resetDatabase', { timeout: 0 });
 
-    if (!await mutex.lock()) {
+    if (! await mutex.lock()) {
       throw kerror.get('api', 'process', 'action_locked', 'Kuzzle is already reseting all indexes.');
     }
 

package/lib/api/controllers/authController.js

@@ -33,7 +33,7 @@ const kerror = require('../../kerror');
 const { has } = require('../../util/safeObject');
 const { NativeController } = require('./baseController');
 const formatProcessing = require('../../core/auth/formatProcessing');
-const User = require('../../model/security/user');
+const { User } = require('../../model/security/user');
 const ApiKey = require('../../model/storage/apiKey');
 
 /**
@@ -44,7 +44,7 @@ class AuthController extends NativeController {
    * @param {Kuzzle} kuzzle
    * @constructor
    */
-  constructor() {
+  constructor () {
     super([
       'checkRights',
       'checkToken',
@@ -110,7 +110,7 @@ class AuthController extends NativeController {
   async createApiKey (request) {
     const expiresIn = request.input.args.expiresIn || -1;
     const refresh = request.getRefresh('wait_for');
-    const apiKeyId = request.getId({ ifMissing: 'ignore' });
+    const apiKeyId = request.getId({ ifMissing: 'generate' });
     const description = request.getBodyString('description');
 
     const user = request.context.user;
@@ -176,8 +176,8 @@ class AuthController extends NativeController {
    * @returns {Promise<object>}
    */
   async logout (request) {
-    if ( !global.kuzzle.config.http.cookieAuthentication
-      || !request.getBoolean('cookieAuth')
+    if ( ! global.kuzzle.config.http.cookieAuthentication
+      || ! request.getBoolean('cookieAuth')
     ) {
       this.assertIsAuthenticated(request);
     }
@@ -195,7 +195,7 @@ class AuthController extends NativeController {
         await global.kuzzle.ask(
           'core:security:token:deleteByKuid',
           request.getKuid(),
-          {keepApiKeys: true});
+          { keepApiKeys: true });
       }
       else if ( request.context.token
         && request.context.token.type !== 'apiKey'
@@ -219,18 +219,18 @@ class AuthController extends NativeController {
             {
               httpOnly: true,
               path: '/',
-              sameSite:'strict',
+              sameSite: 'strict',
             }
           )
         }
       });
     }
 
-    return {acknowledged: true};
+    return { acknowledged: true };
   }
 
   // Used to send the Token using different ways when in cookieAuth mode. (DRY)
-  async _sendToken(token, request) {
+  async _sendToken (token, request) {
     // Only if the support of Browser Cookie as Authentication Token is enabled
     // otherwise we should send a normal response because
     // even if the SDK / Browser can handle the cookie,
@@ -300,7 +300,7 @@ class AuthController extends NativeController {
     }
     passportRequest.original = request;
 
-    if (!has(global.kuzzle.pluginsManager.strategies, strategy)) {
+    if (! has(global.kuzzle.pluginsManager.strategies, strategy)) {
       throw kerror.get('security', 'credentials', 'unknown_strategy', strategy);
     }
 
@@ -651,8 +651,8 @@ class AuthController extends NativeController {
   }
 }
 
-function wrapPluginError(error) {
-  if (!(error instanceof KuzzleError)) {
+function wrapPluginError (error) {
+  if (! (error instanceof KuzzleError)) {
     throw kerror.getFrom(
       error,
       'plugin',

package/lib/api/controllers/baseController.js

@@ -30,11 +30,11 @@ const assertionError = kerror.wrap('api', 'assert');
 
 // Base class for all controllers
 class BaseController {
-  constructor() {
+  constructor () {
     this.__actions = new Set();
   }
 
-  get _actions() {
+  get _actions () {
     return this.__actions;
   }
 
@@ -57,7 +57,7 @@ class BaseController {
 }
 
 class NativeController extends BaseController {
-  constructor(actions = []) {
+  constructor (actions = []) {
     super();
 
     this.ask = global.kuzzle.ask.bind(global.kuzzle);
@@ -135,6 +135,63 @@ class NativeController extends BaseController {
     }
   }
 
+  /**
+   * Throw if some target have:
+   * - missing properties
+   * - invalid types
+   * - unauthorized values
+   * 
+   * @param {Array<{index:string, collections?: string[]}>} targets Array of targets
+   * @param {*} options
+   */
+  assertTargetsAreValid (targets, { allowEmptyCollections } = {}) {
+    for (let i = 0; i < targets.length; i++) {
+      const target = targets[i];
+
+      if (! target.index) {
+        throw kerror.get('api', 'assert', 'missing_argument', `targets[${i}].index`);
+      }
+      if (this._hasMultiTargets(target.index)) {
+        throw kerror.get('services', 'storage', 'invalid_target_format', `targets[${i}].index`, target.index);
+      }
+
+      if (! allowEmptyCollections && ! target.collections) {
+        throw kerror.get('api', 'assert', 'missing_argument', `targets[${i}].collections`);
+      }
+
+      if (target.collections && ! Array.isArray(target.collections)) {
+        throw kerror.get('api', 'assert', 'invalid_type', `targets[${i}].collections`, 'array');
+      }
+
+      if (! allowEmptyCollections && target.collections.length === 0) {
+        throw kerror.get('api', 'assert', 'empty_argument', `targets[${i}].collections`);
+      }
+
+      if (allowEmptyCollections
+        && (! target.collections
+          || target.collections.length === 0)
+      ) {
+        continue;
+      }
+
+      for (let j = 0; j < target.collections.length; j++) {
+        const collection = target.collections[j];
+
+        if (typeof collection !== 'string') {
+          throw kerror.get('api', 'assert', 'invalid_type', `targets[${i}].collections[${j}]`, 'string');
+        }
+
+        if (this._hasMultiTargets(collection)) {
+          throw kerror.get('services', 'storage', 'invalid_target_format', `targets[${i}].collections[${j}]`, collection);
+        }
+      }
+    }
+  }
+
+  _hasMultiTargets (str) {
+    return [',', '*', '+'].some(chr => str.includes(chr)) || str === '_all';
+  }
+
   /**
    * Throws if page size exceeed Kuzzle limits
    *

package/lib/api/controllers/clusterController.js

@@ -24,7 +24,7 @@
 const { NativeController } = require('./baseController');
 
 class ClusterController extends NativeController {
-  constructor() {
+  constructor () {
     super([
       'status',
     ]);

package/lib/api/controllers/collectionController.js

@@ -29,7 +29,7 @@ const { NativeController } = require('./baseController');
  * @class CollectionController
  */
 class CollectionController extends NativeController {
-  constructor() {
+  constructor () {
     super([
       'create',
       'delete',
@@ -128,7 +128,7 @@ class CollectionController extends NativeController {
   async searchSpecifications (request) {
     const { from, size, scrollTTL, searchBody } = request.getSearchParams();
 
-    if (!isPlainObject(searchBody)) {
+    if (! isPlainObject(searchBody)) {
       throw kerror.get(
         'api',
         'assert',
@@ -218,7 +218,7 @@ class CollectionController extends NativeController {
     try {
       await global.kuzzle.internalIndex.delete('validations', specificationsId);
     }
-    catch(error) {
+    catch (error) {
       if (error.status === 404) {
         return {
           acknowledged: true,
@@ -435,7 +435,8 @@ class CollectionController extends NativeController {
     if (from || size) {
       if (from) {
         response.from = Number.parseInt(from);
-      } else {
+      }
+      else {
         response.from = 0;
       }
 
@@ -446,7 +447,8 @@ class CollectionController extends NativeController {
           response.from,
           response.from + response.size
         );
-      } else {
+      }
+      else {
         response.collections = response.collections.slice(response.from);
       }
     }

package/lib/api/controllers/documentController.js

@@ -29,12 +29,12 @@ const {
   assertHasIndexAndCollection,
 } = require('../../util/requestAssertions');
 const extractFields = require('../../util/extractFields');
-
+const { dumpCollectionDocuments } = require('../../util/dump-collection');
 /**
  * @class DocumentController
  */
 class DocumentController extends NativeController {
-  constructor() {
+  constructor () {
     super([
       'count',
       'create',
@@ -43,10 +43,12 @@ class DocumentController extends NativeController {
       'deleteByQuery',
       'deleteFields',
       'exists',
+      'export',
       'get',
       'mCreate',
       'mCreateOrReplace',
       'mDelete',
+      'mExists',
       'mGet',
       'mReplace',
       'mUpdate',
@@ -67,15 +69,31 @@ class DocumentController extends NativeController {
    */
   async search (request) {
     const { from, size, scrollTTL, searchBody } = request.getSearchParams();
-    const { index, collection } = request.getIndexAndCollection();
+    const index = request.input.args.index;
+    const collection = request.input.args.collection;
+    const targets = request.getArray('targets', []);
     const lang = request.getLangParam();
 
-    if (hasMultiTargets(index)) {
-      throw kerror.get('services', 'storage', 'no_multi_indexes');
+    if ( ! index
+      && ! collection
+      && (! targets || targets.length === 0)
+    ) {
+      throw kerror.get('api', 'assert', 'missing_argument', 'index, collection or targets');
+    }
+
+    if ( index
+      && collection
+      && (hasMultiTargets(index)
+        || hasMultiTargets(collection))
+    ) {
+      throw kerror.get('services', 'storage', 'invalid_multi_index_collection_usage');
     }
 
-    if (hasMultiTargets(collection)) {
-      throw kerror.get('services', 'storage', 'no_multi_collections');
+    if (targets.length > 0) {
+      // Index and Collections from a target should not contains any characters for multi targetting or _all
+      // Otherwise it might be possible to bypass some checks and access data that should be accessed
+      // We should also verify that each target has an index and collections specified before further processing
+      this.assertTargetsAreValid(targets);
     }
 
     this.assertNotExceedMaxFetch(size - from);
@@ -84,13 +102,23 @@ class DocumentController extends NativeController {
       searchBody.query = await this.translateKoncorde(searchBody.query || {});
     }
 
-    const result = await this.ask(
-      'core:storage:public:document:search',
-      index,
-      collection,
-      searchBody,
-      { from, scroll: scrollTTL, size });
-
+    let result;
+    if (targets.length > 0) {
+      result = await this.ask(
+        'core:storage:public:document:multiSearch',
+        targets,
+        searchBody,
+        { from, scroll: scrollTTL, size });
+    }
+    else {
+      result = await this.ask(
+        'core:storage:public:document:search',
+        index,
+        collection,
+        searchBody,
+        { from, scroll: scrollTTL, size });
+    }
+    
     return {
       aggregations: result.aggregations,
       hits: result.hits,
@@ -133,6 +161,91 @@ class DocumentController extends NativeController {
     return this.ask('core:storage:public:document:exist', index, collection, id);
   }
 
+  /**
+   * @param {Request} request
+   */
+  async mExists (request) {
+    let ids;
+    if ( request.input.body
+      && request.input.body.ids
+      && Object.keys(request.input.body.ids).length
+    ) {
+      ids = request.getBodyArray('ids');
+    }
+    else {
+      ids = request.getArray('ids');
+    }
+    const { index, collection } = request.getIndexAndCollection();
+
+    const strict = request.getBoolean('strict');
+    this.assertNotExceedMaxFetch(ids.length);
+
+    const { items, errors } = await this.ask(
+      'core:storage:public:document:mExists',
+      index, collection,
+      ids);
+
+    if (strict && errors.length) {
+      throw kerror.get(
+        'api',
+        'process',
+        'incomplete_multiple_request',
+        'get',
+        errors);
+    }
+
+    return {
+      errors,
+      successes: items
+    };
+  }
+
+  async export (request) {
+    const { index, collection } = request.getIndexAndCollection();
+    const { size, scrollTTL, searchBody } = request.getSearchParams();
+    const format = request.getString('format', 'jsonl');
+    const fields = request.getBodyArray('fields', []);
+    const lang = request.getLangParam();
+    const separator = request.getString('separator', ',');
+    const fieldsName = request.getBodyObject('fieldsName', {});
+
+    // Remove "fields" and "fieldsName" from searchBody to avoid ES throwing an error
+    // since those properties are not allowed in the searchBody
+    searchBody.fields = undefined;
+    searchBody.fieldsName = undefined;
+
+    if (request.context.connection.protocol !== 'http') {
+      throw kerror.get('api', 'assert', 'unsupported_protocol', request.context.connection.protocol, 'document:export');
+    }
+
+    if (lang === 'koncorde') {
+      searchBody.query = await this.translateKoncorde(searchBody.query || {});
+    }
+
+    let mimeType = 'html/text';
+
+    if (format.toLowerCase() === 'csv') {
+      mimeType = 'text/csv';
+    }
+
+    request.response.setHeader('Content-Type', mimeType);
+    request.response.setHeader('Content-Disposition', `attachment; filename="${index}-${collection}.${format}"`);
+
+    return dumpCollectionDocuments(
+      index,
+      collection,
+      searchBody,
+      format,
+      fields,
+      {
+        fieldsName,
+        lang,
+        scroll: scrollTTL || '5s',
+        separator,
+        size,
+      });
+  }
+
   /**
    * @param {Request} request
    * @returns {Promise<Object>}
@@ -226,7 +339,7 @@ class DocumentController extends NativeController {
       'core:storage:public:document:create',
       index,
       collection,
-      request.getBody(validated),
+      validated.getBody(),
       { id, refresh, userId });
 
     if (! silent) {
@@ -685,7 +798,7 @@ class DocumentController extends NativeController {
         })));
     }
 
-    if (!source) {
+    if (! source) {
       result.successes.forEach(d => (d._source = undefined));
     }
 
@@ -773,7 +886,7 @@ class DocumentController extends NativeController {
         request,
         action,
         response.items.map(item => {
-          if (!item.created) {
+          if (! item.created) {
             item._updatedFields = extractFields(
               documentsDictionnary[item._id],
               { fieldsToIgnore: ['_kuzzle_info'] });

package/lib/api/controllers/indexController.js

@@ -30,7 +30,7 @@ const { NativeController } = require('./baseController');
  * @class IndexController
  */
 class IndexController extends NativeController {
-  constructor() {
+  constructor () {
     super([
       'create',
       'delete',