kuzzle 2.16.4 → 2.16.8

package/lib/config/index.js

@@ -24,7 +24,7 @@
 const assert = require('assert');
 
 const rc = require('rc');
-
+const defaultConfig = require('./default.config');
 const packageJson = require('../../package.json');
 const kerror = require('../kerror').wrap('core', 'configuration');
 const { isPlainObject } = require('../util/safeObject');
@@ -34,11 +34,11 @@ const bytes = require('../util/bytes');
  * Loads, interprets and checks configuration files
  * @returns {object}
  */
-function load () {
+function loadConfig () {
   let config;
 
   try {
-    config = rc('kuzzle', require('../config/default.config'));
+    config = rc('kuzzle', defaultConfig.default);
   }
   catch (e) {
     throw kerror.get('cannot_parse', e.message);
@@ -128,10 +128,12 @@ function checkLimitsConfig (cfg) {
     'requestsBufferSize',
     'requestsBufferWarningThreshold',
     'subscriptionConditionsCount',
+    'subscriptionMinterms',
     'subscriptionRooms',
     'subscriptionDocumentTTL'
   ];
   const canBeZero = [
+    'subscriptionMinterms',
     'subscriptionRooms',
     'subscriptionDocumentTTL'
   ];
@@ -263,10 +265,10 @@ function preprocessProtocolsOptions(config) {
 
 function preprocessRedisOptions (redisConfig) {
   // @deprecated Remove those lines for Kuzzle v3 then
-  // remove also 'database' from .kuzzlerc.sample and default.config.js
+  // remove also 'database' from .kuzzlerc.sample and default.config
   if (redisConfig.database) {
     redisConfig.options = { db: redisConfig.database, ...redisConfig.options };
   }
 }
 
-module.exports = { load };
+module.exports = { loadConfig };

package/lib/core/backend/backendConfig.d.ts

@@ -1,10 +1,10 @@
-import { JSONObject } from '../../../index';
 import { ApplicationManager, Backend } from './index';
+import { KuzzleConfiguration } from '../../types/config/KuzzleConfiguration';
 export declare class BackendConfig extends ApplicationManager {
     /**
      * Configuration content
      */
-    content: JSONObject;
+    content: KuzzleConfiguration;
     constructor(application: Backend);
     /**
      * Sets a configuration value
@@ -18,5 +18,5 @@ export declare class BackendConfig extends ApplicationManager {
      *
      * @param config - Configuration object to merge
      */
-    merge(config: JSONObject): void;
+    merge(config: KuzzleConfiguration): void;
 }

package/lib/core/backend/backendConfig.js

@@ -26,13 +26,13 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.BackendConfig = void 0;
 const lodash_1 = __importDefault(require("lodash"));
 const kerror_1 = __importDefault(require("../../kerror"));
-const config_1 = __importDefault(require("../../config"));
 const index_1 = require("./index");
+const index_js_1 = require("../../config/index.js");
 const runtimeError = kerror_1.default.wrap('plugin', 'runtime');
 class BackendConfig extends index_1.ApplicationManager {
     constructor(application) {
         super(application);
-        this.content = config_1.default.load();
+        this.content = (0, index_js_1.loadConfig)();
     }
     /**
      * Sets a configuration value

package/lib/model/security/profile.js

@@ -87,28 +87,28 @@ class Profile {
     this.validateRateLimit();
 
     if (!this.policies) {
-      throw assertionError.get('missing_argument', 'policies');
+      throw assertionError.get('missing_argument', `${this._id}.policies`);
     }
 
     if (!Array.isArray(this.policies)) {
-      throw assertionError.get('invalid_type', 'policies', 'object[]');
+      throw assertionError.get('invalid_type', `${this._id}.policies`, 'object[]');
     }
 
     if (this.policies.length === 0) {
-      throw assertionError.get('empty_argument', 'policies');
+      throw assertionError.get('empty_argument', `${this._id}.policies`);
     }
 
     let i = 0;
     for (const policy of this.policies) {
       if (!policy.roleId) {
-        throw assertionError.get('missing_argument', `policies[${i}].roleId`);
+        throw assertionError.get('missing_argument', `${this._id}.policies[${i}].roleId`);
       }
 
       for (const member of Object.keys(policy)) {
         if (member !== 'roleId' && member !== 'restrictedTo') {
           throw assertionError.get(
             'unexpected_argument',
-            `policies[${i}].${member}`,
+            `${this._id}.policies[${i}].${member}`,
             '"roleId", "restrictedTo"');
         }
       }
@@ -117,7 +117,7 @@ class Profile {
         if (!Array.isArray(policy.restrictedTo)) {
           throw assertionError.get(
             'invalid_type',
-            `policies[${i}].restrictedTo`,
+            `${this._id}.policies[${i}].restrictedTo`,
             'object[]');
         }
 
@@ -126,14 +126,14 @@ class Profile {
           if (!isPlainObject(restriction)) {
             throw assertionError.get(
               'invalid_type',
-              `policies[${i}].restrictedTo[${restriction}]`,
+              `${this._id}.policies[${i}].restrictedTo[${restriction}]`,
               'object');
           }
 
           if (restriction.index === null || restriction.index === undefined) {
             throw assertionError.get(
               'missing_argument',
-              `policies[${i}].restrictedTo[${j}].index`);
+              `${this._id}.policies[${i}].restrictedTo[${j}].index`);
           }
 
           if (strict) {
@@ -156,7 +156,7 @@ class Profile {
             if (!Array.isArray(restriction.collections)) {
               throw assertionError.get(
                 'invalid_type',
-                `policies[${i}].restrictedTo[${j}].collections`,
+                `${this._id}.policies[${i}].restrictedTo[${j}].collections`,
                 'string[]');
             }
 
@@ -188,7 +188,7 @@ class Profile {
             if (member !== 'index' && member !== 'collections') {
               throw assertionError.get(
                 'unexpected_argument',
-                `policies[${i}].restrictedTo[${j}].${member}`,
+                `${this._id}.policies[${i}].restrictedTo[${j}].${member}`,
                 '"index", "collections"');
             }
           }

package/lib/model/security/role.js

@@ -96,15 +96,15 @@ class Role {
    */
   async validateDefinition () {
     if (this.controllers === undefined || this.controllers === null) {
-      throw assertionError.get('missing_argument', 'controllers');
+      throw assertionError.get('missing_argument', `${this._id}.controllers`);
     }
 
     if (!isPlainObject(this.controllers)) {
-      throw assertionError.get('invalid_type', 'controllers', 'object');
+      throw assertionError.get('invalid_type', `${this._id}.controllers`, 'object');
     }
 
     if (Object.keys(this.controllers).length === 0) {
-      throw assertionError.get('empty_argument', 'controllers');
+      throw assertionError.get('empty_argument', `${this._id}.controllers`);
     }
 
     Object

package/lib/service/cache/redis.js

@@ -43,6 +43,7 @@ class Redis extends Service {
     this.client = null;
     this.commands = {};
     this.adapterName = name;
+    this.pingIntervalID = null;
   }
 
   /**
@@ -80,6 +81,10 @@ class Redis extends Service {
     });
 
     this.setCommands();
+    // TODO: Remove this when IORedis does support application level pings to keep connection to Azure Redis alive
+    if (config.pingKeepAlive && config.pingKeepAlive > 0) {
+      this._setupKeepAlive(config.pingKeepAlive);
+    }
 
     return new Bluebird((resolve, reject) => {
       this.client.once('ready', async () => {
@@ -93,6 +98,34 @@ class Redis extends Service {
     });
   }
 
+  /**
+   * Setup a ping interval to keep the connection alive
+   * Every 60 seconds a ping is sent to Redis
+   */
+  _setupKeepAlive(delay) {
+    this.client.on('ready', async () => {
+      await this._ping();
+      this.pingIntervalID = setInterval(this._ping.bind(this), delay);
+    });
+
+    this.client.on('error', () => {
+      clearInterval(this.pingIntervalID);
+      this.pingIntervalID = null;
+    });
+  }
+
+  /**
+   * Ping Redis
+   */
+  async _ping() {
+    try {
+      await this.client.ping();
+    }
+    catch (error) {
+      global.kuzzle.log.error(`Failed to PING Redis to keep connection alive:\n${error.message}`);  
+    }
+  }
+
   /**
    * Initializes the Redis commands list, and add transformers when necessary
    */

package/lib/service/storage/elasticsearch.js

@@ -237,6 +237,12 @@ class ElasticSearch extends Service {
     let size = 0;
 
     for (const [indice, indiceInfo] of Object.entries(body.indices)) {
+      // Ignore non-Kuzzle indices
+      if ( indice[INDEX_PREFIX_POSITION_IN_INDICE] !== PRIVATE_PREFIX
+        && indice[INDEX_PREFIX_POSITION_IN_INDICE] !== PUBLIC_PREFIX ) {
+        continue;
+      }
+
       const alias = await this._getAliasFromIndice(indice);
       const indexName = this._extractIndex(alias);
       const collectionName = this._extractCollection(alias);

package/lib/types/PasswordPolicy.d.ts

@@ -0,0 +1,77 @@
+/**
+ * Represents a password policy of the local auth strategy plugin.
+ *
+ * @see https://docs.kuzzle.io/core/2/guides/main-concepts/authentication#password-policies
+ *
+ * @example
+ *
+ * {
+ *   "appliesTo": {
+ *     "profiles": ["editor"],
+ *     "roles": ["admin"]
+ *   },
+ *   "expiresAfter": "30d",
+ *   "mustChangePasswordIfSetByAdmin": true,
+ *   "passwordRegex": "^(?=.*[a-zA-Z])(?=.*[0-9])(?=.{8,})"
+ * }
+ */
+export declare type PasswordPolicy = {
+    /**
+     * Applies the policy to matching users.
+     *
+     * Can be either set to a wildcar (`"*""`) to match all users or to an
+     * object containing at least of the following property.
+     */
+    appliesTo: '*' | {
+        /**
+         * Array of user kuids the policy applies to.
+         */
+        users?: string[];
+        /**
+         * Array of profile ids the policy applies to.
+         */
+        profiles?: string[];
+        /**
+         * Array of role ids the policy applies to.
+         */
+        roles?: string[];
+    };
+    /**
+     * The delay after which a password expires.
+     *
+     * @see https://www.npmjs.com/package/ms
+     *
+     * Users with expired passwords are given a resetPasswordToken when logging in
+     * and must change their password to be allowed to log in again.
+     */
+    expiresAfter: string;
+    /**
+     * If set to true, prevents users to use their username in part of the password.
+     *
+     * The check is case-insensitive.
+     */
+    forbidLoginInPassword: boolean;
+    /**
+     * The number of passwords to store in history and checked against
+     * when a new password is set to prevent passwords reuse.
+     */
+    forbidReusedPasswordCount: number;
+    /**
+     * If set to true, whenever a password is set for a user by someone else,
+     * that user will receive a resetPasswordToken upon their next login and
+     * they will have to change their password before being allowed to log in again.
+     */
+    mustChangePasswordIfSetByAdmin: boolean;
+    /**
+     * A string representation of a regular expression to test on new passwords.
+     *
+     * @example
+     *
+     * // must be at least 6 chars long
+     * ".{6,}"
+     *
+     * // must be at least 8 chars long and include at least one letter and one digit
+     * "^(?=.*[a-zA-Z])(?=.*[0-9])(?=.{8,})"
+     */
+    passwordRegex: string;
+};

package/lib/types/PasswordPolicy.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=PasswordPolicy.js.map

package/lib/types/ProfileDefinition.d.ts

@@ -0,0 +1,48 @@
+/**
+ * A profile definition.
+ *
+ * @see https://docs.kuzzle.io/core/2/guides/main-concepts/permissions/#profiles
+ *
+ * @example
+ *
+ * {
+ *   rateLimit: 200,
+ *   policies: [
+ *     {
+ *       roleId: 'anonymous',
+ *       restrictedTo: [ { index: 'device-manager' } ]
+ *     }
+ *   ]
+ * }
+ */
+export declare type ProfileDefinition = {
+    /**
+     * The rate limit parameter controls how many API requests a user can send,
+     * per second and per node.
+     */
+    rateLimit: number;
+    /**
+     * Grant a role rights on API actions for this profile.
+     *
+     * Each role can be restricted to a list of indexes and collections.
+     */
+    policies: Array<{
+        /**
+         * Role ID
+         */
+        roleId: string;
+        /**
+         * List of indexes and collections to restrict this role on.
+         */
+        restrictedTo?: Array<{
+            /**
+             * Index name.
+             */
+            index: string;
+            /**
+             * Collection names.
+             */
+            collections: string[];
+        }>;
+    }>;
+};

package/lib/types/ProfileDefinition.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=ProfileDefinition.js.map

package/lib/types/RoleDefinition.d.ts

@@ -0,0 +1,27 @@
+/**
+ * A role definition
+ *
+ * @see https://docs.kuzzle.io/core/2/guides/main-concepts/permissions/#roles
+ *
+ * @example
+ *
+ * {
+ *    controllers: {
+ *      auth: {
+ *        actions: {
+ *          getCurrentUser: true,
+ *          logout: true
+ *        }
+ *      }
+ *    }
+ * }
+ */
+export declare type RoleDefinition = {
+    controllers: {
+        [controllerName: string]: {
+            actions: {
+                [actionName: string]: boolean;
+            };
+        };
+    };
+};

package/lib/types/RoleDefinition.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=RoleDefinition.js.map

package/lib/types/config/DumpConfiguration.d.ts

@@ -0,0 +1,42 @@
+export declare type DumpConfiguration = {
+    /**
+     * @default false
+     */
+    enabled: boolean;
+    history: {
+        /**
+          * @default 3
+          */
+        coredump: number;
+        /**
+          * @default 5
+        */
+        reports: number;
+    };
+    /**
+     * @default './dump/'
+    */
+    path: string;
+    /**
+     * @default 'gcore'
+    */
+    gcore: string;
+    /**
+     * @default 'YYYYMMDD-HHmmss'
+    */
+    dateFormat: string;
+    handledErrors: {
+        /**
+         * @default true
+         */
+        enabled: boolean;
+        /**
+         * @default ['RangeError','TypeError','KuzzleError','InternalError'],
+        */
+        whitelist: string[];
+        /**
+         * @default 600000
+         */
+        minInterval: number;
+    };
+};

package/lib/types/config/DumpConfiguration.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=DumpConfiguration.js.map

package/lib/types/config/HttpConfiguration.d.ts

@@ -0,0 +1,43 @@
+/**
+ * routes: list of Kuzzle API exposed HTTP routes
+ * accessControlAllowOrigin: sets the Access-Control-Allow-Origin header used to
+ *   send responses to the client
+ *   (see https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS)
+ */
+export declare type HttpConfiguration = {
+    routes: any;
+    /**
+     * Sets the default Access-Control-Allow-Origin HTTP
+     * header used to send responses to the client.
+     *
+     * @default "*"
+     */
+    accessControlAllowOrigin: string;
+    /**
+     * Sets the default Access-Control-Allow-Origin HTTP
+     * header used to send responses to the client.
+     *
+     * @default false
+     */
+    accessControlAllowOriginUseRegExp: boolean;
+    /**
+     * Sets the default Access-Control-Allow-Method header.
+     *
+     * @default "GET,POST,PUT,DELETE,OPTIONS,HEAD"
+     */
+    accessControlAllowMethods: string;
+    /**
+     * Sets the default Access-Control-Allow-Headers.
+     *
+     * @default "Content-Type, Access-Control-Allow-Headers, Authorization, X-Requested-With, Content-Encoding, Content-Length, X-Kuzzle-Volatile"
+     */
+    accessControlAllowHeaders: string;
+    /**
+     * Allows browser clients to connect to Kuzzle with cookies.
+     *   /!\ This should not be allowed if the "http.accessControlAllowOrigin"
+     *   configuration contains a wildcard ("*").
+     *
+     * @default true
+    */
+    cookieAuthentication: boolean;
+};

package/lib/types/config/HttpConfiguration.js

@@ -0,0 +1,9 @@
+"use strict";
+/**
+ * routes: list of Kuzzle API exposed HTTP routes
+ * accessControlAllowOrigin: sets the Access-Control-Allow-Origin header used to
+ *   send responses to the client
+ *   (see https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS)
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=HttpConfiguration.js.map

package/lib/types/config/KuzzleConfiguration.d.ts

@@ -0,0 +1,123 @@
+import { ServerConfiguration, ServicesConfiguration, SecurityConfiguration, HttpConfiguration, PluginsConfiguration, LimitsConfiguration, DumpConfiguration } from '../index';
+export interface IKuzzleConfiguration {
+    realtime: {
+        /**
+         * @default false
+         */
+        pcreSupport: boolean;
+    };
+    dump: DumpConfiguration;
+    /**
+     * The HTTP section lets you configure how Kuzzle should
+     * handle HTTP requests.
+     */
+    http: HttpConfiguration;
+    /**
+     * Kuzzle configured limits.
+     */
+    limits: LimitsConfiguration;
+    /**
+     * The application section lets you configure your application.
+     */
+    application: Record<string, unknown>;
+    /**
+     * The plugins section lets you define plugins behaviors.
+     *
+     * @see https://docs.kuzzle.io/core/2/guides/write-plugins
+     */
+    plugins: PluginsConfiguration;
+    /**
+     * The repositories are used internally by Kuzzle to store its data (users,
+     * permissions, configuration etc.)
+     */
+    repositories: {
+        common: {
+            /**
+             * Time to live (in seconds) of cached objects.
+             *
+             * Decreasing this value will lower Redis memory and disk consumption,
+             * at the cost of increasing queries rate to the database and response times.
+             *
+             * @default 1440000
+             */
+            cacheTTL: number;
+        };
+    };
+    /**
+     * The security section contains the configuration for Kuzzle permissions
+     * system.
+     *
+     */
+    security: SecurityConfiguration;
+    /**
+     * Kuzzle server is the entry point for incoming requests.
+     */
+    server: ServerConfiguration;
+    /**
+     * Services are the external components Kuzzle relies on.
+     */
+    services: ServicesConfiguration;
+    stats: {
+        /**
+         * @default true
+         */
+        enabled: boolean;
+        /**
+         * @default 3600
+         */
+        ttl: number;
+        /**
+         * @default 10
+         */
+        statsInterval: number;
+    };
+    cluster: {
+        /**
+         * @default 50
+         */
+        activityDepth: number;
+        /**
+         * @default 2000
+         */
+        heartbeat: number;
+        /**
+         * @default null
+         */
+        interface: any;
+        /**
+         * @default false
+         */
+        ipv6: boolean;
+        /**
+         * @default 'private'
+         */
+        ip: string;
+        /**
+         * @default 60000
+         */
+        joinTimeout: number;
+        /**
+         * @default 1
+         */
+        minimumNodes: number;
+        ports: {
+            /**
+             * @default 7510
+             */
+            command: number;
+            /**
+             * @default 7511
+             */
+            sync: number;
+        };
+        /**
+         * @default 5000
+         */
+        syncTimeout: number;
+    };
+    internal: {
+        hash: any;
+    };
+    validation: Record<string, unknown>;
+}
+export declare type KuzzleConfiguration = Partial<IKuzzleConfiguration>;

package/lib/types/config/KuzzleConfiguration.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=KuzzleConfiguration.js.map