kuzzle 2.16.5 → 2.16.9

package/lib/types/config/KuzzleConfiguration.d.ts

@@ -0,0 +1,123 @@
+import { ServerConfiguration, ServicesConfiguration, SecurityConfiguration, HttpConfiguration, PluginsConfiguration, LimitsConfiguration, DumpConfiguration } from '../index';
+export interface IKuzzleConfiguration {
+    realtime: {
+        /**
+         * @default false
+         */
+        pcreSupport: boolean;
+    };
+    dump: DumpConfiguration;
+    /**
+     * The HTTP section lets you configure how Kuzzle should
+     * handle HTTP requests.
+     */
+    http: HttpConfiguration;
+    /**
+     * Kuzzle configured limits.
+     */
+    limits: LimitsConfiguration;
+    /**
+     * The application section lets you configure your application.
+     */
+    application: Record<string, unknown>;
+    /**
+     * The plugins section lets you define plugins behaviors.
+     *
+     * @see https://docs.kuzzle.io/core/2/guides/write-plugins
+     */
+    plugins: PluginsConfiguration;
+    /**
+     * The repositories are used internally by Kuzzle to store its data (users,
+     * permissions, configuration etc.)
+     */
+    repositories: {
+        common: {
+            /**
+             * Time to live (in seconds) of cached objects.
+             *
+             * Decreasing this value will lower Redis memory and disk consumption,
+             * at the cost of increasing queries rate to the database and response times.
+             *
+             * @default 1440000
+             */
+            cacheTTL: number;
+        };
+    };
+    /**
+     * The security section contains the configuration for Kuzzle permissions
+     * system.
+     *
+     */
+    security: SecurityConfiguration;
+    /**
+     * Kuzzle server is the entry point for incoming requests.
+     */
+    server: ServerConfiguration;
+    /**
+     * Services are the external components Kuzzle relies on.
+     */
+    services: ServicesConfiguration;
+    stats: {
+        /**
+         * @default true
+         */
+        enabled: boolean;
+        /**
+         * @default 3600
+         */
+        ttl: number;
+        /**
+         * @default 10
+         */
+        statsInterval: number;
+    };
+    cluster: {
+        /**
+         * @default 50
+         */
+        activityDepth: number;
+        /**
+         * @default 2000
+         */
+        heartbeat: number;
+        /**
+         * @default null
+         */
+        interface: any;
+        /**
+         * @default false
+         */
+        ipv6: boolean;
+        /**
+         * @default 'private'
+         */
+        ip: string;
+        /**
+         * @default 60000
+         */
+        joinTimeout: number;
+        /**
+         * @default 1
+         */
+        minimumNodes: number;
+        ports: {
+            /**
+             * @default 7510
+             */
+            command: number;
+            /**
+             * @default 7511
+             */
+            sync: number;
+        };
+        /**
+         * @default 5000
+         */
+        syncTimeout: number;
+    };
+    internal: {
+        hash: any;
+    };
+    validation: Record<string, unknown>;
+}
+export declare type KuzzleConfiguration = Partial<IKuzzleConfiguration>;

package/lib/types/config/KuzzleConfiguration.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=KuzzleConfiguration.js.map

package/lib/types/config/LimitsConfiguration.d.ts

@@ -0,0 +1,111 @@
+export declare type LimitsConfiguration = {
+    /**
+     * Number of requests Kuzzle processes simultaneously.
+     *
+     * Requests received above this limit are buffered until a slot is freed
+     *
+     * This value should be kept low to avoid overloading Kuzzle's event loop.
+     *
+     * @default 100
+     */
+    concurrentRequests: number;
+    /**
+     * Maximum number of documents that can be fetched by a single API
+     * request. The minimum value to this limit is 1.
+     *
+     * This limits is applied to any route returning multiple documents,
+     * such as document:mGet or document:search
+     *
+     * You may have to configure ElasticSearch as well if you need
+     * to set this value higher than 10000
+     *
+     * @default 10000
+     */
+    documentsFetchCount: number;
+    /**
+     * Maximum number of documents that can be written by a single API
+     * request. The minimum value to this limit is 1.
+     *
+     * There is no higher limit to this value, but you may
+     * also have to change the value of the `maxRequestSize` parameter
+     * (in the `server` section) to make Kuzzle accept larger requests.
+     *
+     * @default 200
+     */
+    documentsWriteCount: number;
+    /**
+     * Maximum number of logins per second and per network connection.
+     *
+     * @default 1
+     */
+    loginsPerSecond: number;
+    /**
+     * Maximum number of requests that can be buffered.
+     *
+     * Requests received above this limit are discarded with a 503 error
+     *
+     * @default 50000
+     */
+    requestsBufferSize: number;
+    /**
+     * Number of buffered requests after which Kuzzle
+     * will throw `core:overload` events.
+     *
+     * @see https://docs.kuzzle.io/core/2/framework/events/core/#core-overload
+     *
+     * @default 5000
+     *
+     */
+    requestsBufferWarningThreshold: number;
+    /**
+     * Maximum number of conditions a subscription filter can contain.
+     *
+     * NB: A condition is either a "simple" operator (anything but "and",
+     *     "or" and "bool"), or a boolean condition that contains only
+     *     simple operators.
+     *
+     * @default 100
+     */
+    subscriptionConditionsCount: number;
+    /**
+     * Maximum number of minterms (AND) clauses after the filters are
+     * transformed in their Canonical Disjunctive Normal Form (CDNF).
+     *
+     * Set to 0 for no limit.
+     *
+     * @default 0
+     */
+    subscriptionMinterms: number;
+    /**
+      * Maximum number of different subscription rooms.
+      * (i.e. different index+collection+filters subscription configurations)
+      *
+      * Depends primarily on available memory.
+      *
+      * If set to 0, an unlimited number of rooms can be created.
+      *
+      * @default 1000000
+     */
+    subscriptionRooms: number;
+    /**
+     * Maximum time (in seconds) a document will be kept in cache for
+     * real-time subscriptions.
+     *
+     * This cache is used to notify subscriber when a document enters or
+     * leaves a scope after an update.
+     *
+     * By default, subscriptions will be kept 72 hours.
+     *
+     * Please note that keeping subscriptions over a long period of
+     * time may result in memory overuse.
+     *
+     * If set to 0, the subscription will be kept in cache forever.
+     *
+     * Setting the property to 0 will lead to a memory leak if
+     * documents enter a real-time subscription scope and never exit
+     * that scope.
+     *
+     * @default 259200000 (72 * 60 * 60)
+     */
+    subscriptionDocumentTTL: number;
+};

package/lib/types/config/LimitsConfiguration.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=LimitsConfiguration.js.map

package/lib/types/config/PluginsConfiguration.d.ts

@@ -0,0 +1,177 @@
+import { JSONObject } from '../../../index';
+import { PasswordPolicy } from '../index';
+export declare type PluginsConfiguration = {
+    /**
+     * Common configuration for all plugins.
+     */
+    common: {
+        /**
+         * If true, Kuzzle will not load custom plugin and features (including
+         * the ones defined in the application).
+         * The API will only be available to administrators ("admin" profile)
+         * during failsafe mode.
+         *
+         * @default false
+         */
+        failsafeMode: boolean;
+        /**
+         * Maximum amount of time (in milliseconds) to wait
+         * for a concurrent plugin bootstrap.
+         *
+         * @default 30000
+         */
+        bootstrapLockTimeout: number;
+        /**
+         * List of Kuzzle's embedded plugins to be activated.
+         *
+         * Edit this list to deactivate one or more of those plugins.
+         * NOTE: this list does not control plugins installed manually.
+         *
+         * @default ["kuzzle-plugin-logger","kuzzle-plugin-auth-passport-local"]
+         */
+        include: string[];
+        /**
+         * Warning time threshold on a pipe plugin action (in milliseconds).
+         *
+         * @default 500
+         */
+        pipeWarnTime: number;
+        /**
+         * Maximum execution time of a plugin init method (in milliseconds).
+         *
+         * @default 10000
+         */
+        initTimeout: number;
+        /**
+         * Maximum number of pipes that can be executed in parallel.
+         *
+         * New pipes submitted while the maximum number of pipes is met are
+         * delayed for later execution.
+         *
+         * This parameter controls is used to limit the stress put on the
+         * event loop, allowing for Kuzzle to process pipes faster, and to
+         * protect it from performances degradation if an abnormal number of
+         * pipes are submitted.
+         *
+         * (timers do not start while a pipe is hold back)
+         *
+         * @default 50
+         */
+        maxConcurrentPipes: number;
+        /**
+         * Maximum number of pipes that can be delayed. If full, new pipes
+         * are rejected.
+         *
+         * @default 50000
+         */
+        pipesBufferSize: number;
+    };
+    /**
+     * Default logger plugin configuration.
+     *
+     * This plugin use Winston to transport the logs.
+     *
+     * @see https://github.com/kuzzleio/kuzzle-plugin-logger
+     */
+    'kuzzle-plugin-logger': {
+        /**
+         * Winston transport services declaration
+         */
+        services: {
+            /**
+             * Print logs to STDOUT
+             *
+             * @default
+             *
+             * @see https://github.com/winstonjs/winston/blob/master/docs/transports.md#console-transport
+             */
+            stdout: {
+                /**
+                 * Level of messages that transport should log
+                 *
+                 * @default "info"
+                 */
+                level: string;
+                /**
+                 * Add the date to log lines
+                 *
+                 * @default true
+                 */
+                addDate: boolean;
+                /**
+                 * Date format
+                 *
+                 * @default "YYYY-MM-DD HH-mm-ss"
+                 */
+                dateFormat: string;
+            };
+            [transport: string]: JSONObject;
+        };
+    };
+    /**
+     * Default local auth strategy plugin.
+     *
+     * @see https://github.com/kuzzleio/kuzzle-plugin-auth-passport-local/
+     */
+    'kuzzle-plugin-auth-passport-local': {
+        /**
+         * One of the supported encryption algorithms
+         * (run crypto.getHashes() to get the complete list).
+         *
+         * Examples: sha256, sha512, blake2b512, whirlpool, ...
+         *
+         * @default "sha512"
+         */
+        algorithm: string;
+        /**
+         * Boolean and controlling if the password is stretched or not.
+         *
+         * @default true
+         */
+        stretching: boolean;
+        /**
+         * Describes how the hashed password is stored in the database
+         *
+         * @see https://nodejs.org/api/buffer.html#buffer_buf_tostring_encoding_start_end
+         *
+         * @default "hex"
+         */
+        digest: string;
+        /**
+         * Determines whether the hashing algorithm uses crypto.createHash (hash)
+         * or crypto.createHmac (hmac).
+         *
+         * @see https://nodejs.org/api/crypto.html
+         *
+         * @default "hmac"
+         */
+        encryption: string;
+        /**
+         * If true, Kuzzle will refuse any credentials update or deletion,
+         * unless the currently valid password is provided
+         * or if the change is performed via the security controller.
+         *
+         * @default false
+         */
+        requirePassword: boolean;
+        /**
+         * A positive time representation of the delay after which a
+         * reset password token expires.
+         *
+         * @see https://www.npmjs.com/package/ms
+         *
+         * Users with expired passwords are given a resetPasswordToken when
+         * logging in and must change their password to be allowed to log in again.
+         *
+         * @default -1
+         */
+        resetPasswordExpiresIn: number;
+        /**
+         * Set of additional rules to apply to users, or to groups of users.
+         *
+         * @see https://docs.kuzzle.io/core/2/guides/main-concepts/authentication#password-policies
+         */
+        passwordPolicies: PasswordPolicy[];
+    };
+    [pluginName: string]: JSONObject;
+};

package/lib/types/config/PluginsConfiguration.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=PluginsConfiguration.js.map

package/lib/types/config/SecurityConfiguration.d.ts

@@ -0,0 +1,182 @@
+/// <reference types="node" />
+import { JSONObject } from '../../../index';
+import { RoleDefinition, ProfileDefinition } from '../index';
+export declare type SecurityConfiguration = {
+    /**
+     * The profileIds applied to a user created with the API action
+     * `security:createRestrictedUser`.
+     *
+     * @default ["default"]
+     */
+    restrictedProfileIds: string[];
+    /**
+    * @deprecated Use `security.authToken` instead.
+    */
+    jwt?: JSONObject;
+    /**
+    * Configuration for the npm package jsonwebtoken
+    * who handle Kuzzle Authentication Token.
+    *
+    * @see https://github.com/auth0/node-jsonwebtoken
+    */
+    authToken: {
+        /**
+        * Hash/encryption method used to sign the token.
+        *
+        * @default "HS256"
+        */
+        algorithm: string;
+        /**
+        * Token default expiration time.
+        *
+        * @see https://www.npmjs.com/package/ms
+        *
+        * @default "1h"
+        */
+        expiresIn: string;
+        /**
+        * Duration in ms during which a renewed token is still considered valid.
+        *
+        * @default 1000
+        */
+        gracePeriod: number;
+        /**
+        * Maximum duration in milliseconds a token can be requested to be valid.
+        *
+        * If set to -1, no maximum duration is set.
+        *
+        * @default -1
+        */
+        maxTTL: number;
+        /**
+        * String or buffer data containing either the secret for HMAC
+        * algorithms, or the PEM encoded private key for RSA and ECDSA.
+        *
+        * If left to null, Kuzzle will autogenerate a random
+        * seed (can only be used with HMAC algorithms).
+        *
+        * @default null
+        */
+        secret: string | Buffer;
+    };
+    apiKey: {
+        /**
+        * Maximum duration in milliseconds a token can be requested to be valid.
+        *
+        * If set to -1, no maximum duration is set.
+        *
+        * @default -1
+        */
+        maxTTL: number;
+    };
+    /**
+    * The default role defines permissions for all users,
+    * until an administrator configures the backend rights.
+    *
+    * By default, all users are granted all permissions.
+    *
+    * @default
+    *
+    * {
+    *   "role": {
+    *      "controllers": {
+    *        "*": {
+    *          "actions": {
+    *            "*": true
+    *          }
+    *        }
+    *      }
+    *    }
+    *  }
+    */
+    default: {
+        role: RoleDefinition;
+    };
+    /**
+    * Permissions used when creating an administrator user.
+    *
+    * By default, the admin user is granted all permissions.
+    *
+    * Anonymous and non-administrator users have their rights restricted.
+    *
+    * @default
+    *
+    * {
+          "roles": {
+            "admin": {
+              "controllers": {
+                "*": {
+                  "actions": {
+                    "*": true
+                  }
+                }
+              }
+            },
+            "default": {
+              "controllers": {
+                "auth": {
+                  "actions": {
+                    "checkToken": true,
+                    "getCurrentUser": true,
+                    "getMyRights": true,
+                    "logout": true,
+                    "updateSelf": true
+                  }
+                },
+                "server": {
+                  "actions": {
+                    "publicApi": true
+                  }
+                }
+              }
+            },
+            "anonymous": {
+              "controllers": {
+                "auth": {
+                  "actions": {
+                    "checkToken": true,
+                    "getCurrentUser": true,
+                    "getMyRights": true,
+                    "login": true
+                  }
+                },
+                "server": {
+                  "actions": {
+                    "publicApi": true,
+                    "openapi": true
+                  }
+                }
+              }
+            }
+          },
+          "profiles": {
+            "admin": {
+              "rateLimit": 0,
+              "policies": [ {"roleId": "admin"} ]
+            },
+            "default": {
+              "rateLimit": 10,
+              "policies": [ {"roleId": "default"} ]
+            },
+            "anonymous": {
+              "rateLimit": 200,
+              "policies": [ {"roleId": "anonymous"} ]
+            }
+          }
+        }
+    */
+    standard: {
+        roles: {
+            admin: RoleDefinition;
+            default: RoleDefinition;
+            anonymous: RoleDefinition;
+            [roleName: string]: RoleDefinition;
+        };
+        profiles: {
+            admin: ProfileDefinition;
+            default: ProfileDefinition;
+            anonymous: ProfileDefinition;
+            [profileName: string]: ProfileDefinition;
+        };
+    };
+};

package/lib/types/config/SecurityConfiguration.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=SecurityConfiguration.js.map