kuzzle 2.16.7 → 2.16.11

package/lib/config/index.js

@@ -24,7 +24,7 @@
 const assert = require('assert');
 
 const rc = require('rc');
-
+const defaultConfig = require('./default.config');
 const packageJson = require('../../package.json');
 const kerror = require('../kerror').wrap('core', 'configuration');
 const { isPlainObject } = require('../util/safeObject');
@@ -34,11 +34,11 @@ const bytes = require('../util/bytes');
  * Loads, interprets and checks configuration files
  * @returns {object}
  */
-function load () {
+function loadConfig () {
   let config;
 
   try {
-    config = rc('kuzzle', require('../config/default.config'));
+    config = rc('kuzzle', defaultConfig.default);
   }
   catch (e) {
     throw kerror.get('cannot_parse', e.message);
@@ -128,10 +128,12 @@ function checkLimitsConfig (cfg) {
     'requestsBufferSize',
     'requestsBufferWarningThreshold',
     'subscriptionConditionsCount',
+    'subscriptionMinterms',
     'subscriptionRooms',
     'subscriptionDocumentTTL'
   ];
   const canBeZero = [
+    'subscriptionMinterms',
     'subscriptionRooms',
     'subscriptionDocumentTTL'
   ];
@@ -263,10 +265,10 @@ function preprocessProtocolsOptions(config) {
 
 function preprocessRedisOptions (redisConfig) {
   // @deprecated Remove those lines for Kuzzle v3 then
-  // remove also 'database' from .kuzzlerc.sample and default.config.js
+  // remove also 'database' from .kuzzlerc.sample and default.config
   if (redisConfig.database) {
     redisConfig.options = { db: redisConfig.database, ...redisConfig.options };
   }
 }
 
-module.exports = { load };
+module.exports = { loadConfig };

package/lib/core/backend/backendConfig.d.ts

@@ -1,10 +1,10 @@
-import { JSONObject } from '../../../index';
 import { ApplicationManager, Backend } from './index';
+import { KuzzleConfiguration } from '../../types/config/KuzzleConfiguration';
 export declare class BackendConfig extends ApplicationManager {
     /**
      * Configuration content
      */
-    content: JSONObject;
+    content: KuzzleConfiguration;
     constructor(application: Backend);
     /**
      * Sets a configuration value
@@ -18,5 +18,5 @@ export declare class BackendConfig extends ApplicationManager {
      *
      * @param config - Configuration object to merge
      */
-    merge(config: JSONObject): void;
+    merge(config: KuzzleConfiguration): void;
 }

package/lib/core/backend/backendConfig.js

@@ -26,13 +26,13 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.BackendConfig = void 0;
 const lodash_1 = __importDefault(require("lodash"));
 const kerror_1 = __importDefault(require("../../kerror"));
-const config_1 = __importDefault(require("../../config"));
 const index_1 = require("./index");
+const index_js_1 = require("../../config/index.js");
 const runtimeError = kerror_1.default.wrap('plugin', 'runtime');
 class BackendConfig extends index_1.ApplicationManager {
     constructor(application) {
         super(application);
-        this.content = config_1.default.load();
+        this.content = (0, index_js_1.loadConfig)();
     }
     /**
      * Sets a configuration value

package/lib/core/network/protocols/httpwsProtocol.js

@@ -76,11 +76,13 @@ const HTTP_ALLOWED_CONTENT_TYPES = [
   'application/x-www-form-urlencoded',
   'multipart/form-data',
 ];
+const HTTP_HEADER_CONNECTION = Buffer.from('Connection');
 const HTTP_HEADER_CONTENT_LENGTH = Buffer.from('Content-Length');
 const HTTP_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN = Buffer.from('Access-Control-Allow-Origin');
 const HTTP_HEADER_VARY = Buffer.from('Vary');
 const WILDCARD = Buffer.from('*');
 const ORIGIN = Buffer.from('Origin');
+const CLOSE = Buffer.from('close');
 const CHARSET_REGEX = /charset=([\w-]+)/i;
 
 /**
@@ -594,6 +596,8 @@ class HttpWsProtocol extends Protocol {
         response.cork(() => {
           response.writeStatus(Buffer.from(request.response.status.toString()));
 
+          response.writeHeader(HTTP_HEADER_CONNECTION, CLOSE);
+
           for (const header of this.httpConfig.headers) {
             // If header is missing, add the default one
             if (request.response.headers[header[2]] === undefined) {

package/lib/core/plugin/pluginContext.d.ts

@@ -2,6 +2,7 @@ import { Koncorde } from '../shared/KoncordeWrapper';
 import { Client } from '@elastic/elasticsearch';
 import { JSONObject } from 'kuzzle-sdk';
 import { EmbeddedSDK } from '../shared/sdk/embeddedSdk';
+import { Mutex } from '../../util/mutex';
 import { RequestContext, RequestInput, KuzzleRequest } from '../../../index';
 import { BackendCluster } from '../backend';
 export interface Repository {
@@ -83,6 +84,10 @@ export declare class PluginContext {
          * @type {BackendCluster}
          */
         cluster: BackendCluster;
+        /**
+         * Current Kuzzle node unique identifier
+         */
+        nodeId: string;
     };
     config: JSONObject;
     constructors: {
@@ -94,6 +99,10 @@ export declare class PluginContext {
          * @deprecated import directly: `import { Koncorde } from 'kuzzle'`
          */
         Koncorde: Koncorde;
+        /**
+         * Mutex class
+         */
+        Mutex: typeof Mutex;
         /**
          * Plugin private storage space
          */
@@ -113,7 +122,7 @@ export declare class PluginContext {
         /**
          * Constructor for Elasticsearch SDK Client
          */
-        ESClient: new () => Client;
+        ESClient: typeof Client;
     };
     /**
      * @deprecated import directly: `import { BadRequestError, ... } from 'kuzzle'`

package/lib/core/plugin/pluginContext.js

@@ -97,6 +97,7 @@ class PluginContext {
             BaseValidationType: require('../validation/baseType'),
             ESClient: PluginContextESClient,
             Koncorde: KoncordeWrapper_1.Koncorde,
+            Mutex: mutex_1.Mutex,
             Repository: PluginContextRepository,
             Request: instantiateRequest,
             RequestContext: index_1.RequestContext,
@@ -117,6 +118,7 @@ class PluginContext {
         this.accessors = {
             cluster: new backend_1.BackendCluster(),
             execute: (request, callback) => execute(request, callback),
+            nodeId: global.kuzzle.id,
             sdk: new embeddedSdk_1.EmbeddedSDK(),
             storage: {
                 bootstrap: collections => pluginStore.init(collections),

package/lib/core/security/securityLoader.js

@@ -50,7 +50,7 @@ class SecurityLoader {
     force,
     onExistingUsers = 'fail',
     onExistingUsersWarning = false,
-    refresh = false,
+    refresh = 'false',
     user=null,
   } = {}) {
     assertIsObject(permissions);

package/lib/core/security/tokenRepository.js

@@ -130,7 +130,7 @@ class TokenRepository extends Repository {
     global.kuzzle.onAsk(
       'core:security:token:verify',
       hash => this.verifyToken(hash));
-    
+
   }
 
   /**
@@ -255,8 +255,8 @@ class TokenRepository extends Repository {
    * @returns {Promise}
    */
   async persistForUser (encodedToken, userId, ttl) {
-    const redisTTL = ttl !== -1 ? ttl : 0;
-    const expiresAt = ttl !== -1 ? Date.now() + ttl : -1;
+    const redisTTL = ttl === -1 ? 0 : ttl;
+    const expiresAt = ttl === -1 ? -1 : Date.now() + ttl;
     const token = new Token({
       _id: `${userId}#${encodedToken}`,
       expiresAt,
@@ -396,7 +396,7 @@ class TokenRepository extends Repository {
         if (keepApiKeys && cacheToken.type === 'apiKey') {
           return;
         }
-        
+
         await this.expire(cacheToken);
       }
     });
@@ -428,13 +428,10 @@ class TokenRepository extends Repository {
       debug('Loading API keys into Redis');
 
       const promises = [];
-      const createToken = async ({ token, userId, ttl }) => {
-        return await this.persistForUser(token, userId, ttl);
-      };
 
-      await ApiKey.batchExecute({ match_all: {} }, apiKeys => {
-        for (const apiKey of apiKeys) {
-          promises.push(createToken(apiKey));
+      await ApiKey.batchExecute({ match_all: {} }, documents => {
+        for (const { _source } of documents) {
+          promises.push(this.persistForUser(_source.token, _source.userId, _source.ttl));
         }
       });
 

package/lib/core/shared/repository.js

@@ -398,7 +398,7 @@ class Repository {
    */
   async _truncate (options, part = null) {
     if (part === null) {
-      const objects = await this.search({}, { scroll: '5s', size: 100 });
+      const objects = await this.search({}, { refresh: options.refresh, scroll: '5s', size: 100 });
       const deleted = await this._truncatePart(objects, options);
 
       if (objects.hits.length < objects.total) {

package/lib/model/security/profile.js

@@ -87,28 +87,28 @@ class Profile {
     this.validateRateLimit();
 
     if (!this.policies) {
-      throw assertionError.get('missing_argument', 'policies');
+      throw assertionError.get('missing_argument', `${this._id}.policies`);
     }
 
     if (!Array.isArray(this.policies)) {
-      throw assertionError.get('invalid_type', 'policies', 'object[]');
+      throw assertionError.get('invalid_type', `${this._id}.policies`, 'object[]');
     }
 
     if (this.policies.length === 0) {
-      throw assertionError.get('empty_argument', 'policies');
+      throw assertionError.get('empty_argument', `${this._id}.policies`);
     }
 
     let i = 0;
     for (const policy of this.policies) {
       if (!policy.roleId) {
-        throw assertionError.get('missing_argument', `policies[${i}].roleId`);
+        throw assertionError.get('missing_argument', `${this._id}.policies[${i}].roleId`);
       }
 
       for (const member of Object.keys(policy)) {
         if (member !== 'roleId' && member !== 'restrictedTo') {
           throw assertionError.get(
             'unexpected_argument',
-            `policies[${i}].${member}`,
+            `${this._id}.policies[${i}].${member}`,
             '"roleId", "restrictedTo"');
         }
       }
@@ -117,7 +117,7 @@ class Profile {
         if (!Array.isArray(policy.restrictedTo)) {
           throw assertionError.get(
             'invalid_type',
-            `policies[${i}].restrictedTo`,
+            `${this._id}.policies[${i}].restrictedTo`,
             'object[]');
         }
 
@@ -126,14 +126,14 @@ class Profile {
           if (!isPlainObject(restriction)) {
             throw assertionError.get(
               'invalid_type',
-              `policies[${i}].restrictedTo[${restriction}]`,
+              `${this._id}.policies[${i}].restrictedTo[${restriction}]`,
               'object');
           }
 
           if (restriction.index === null || restriction.index === undefined) {
             throw assertionError.get(
               'missing_argument',
-              `policies[${i}].restrictedTo[${j}].index`);
+              `${this._id}.policies[${i}].restrictedTo[${j}].index`);
           }
 
           if (strict) {
@@ -156,7 +156,7 @@ class Profile {
             if (!Array.isArray(restriction.collections)) {
               throw assertionError.get(
                 'invalid_type',
-                `policies[${i}].restrictedTo[${j}].collections`,
+                `${this._id}.policies[${i}].restrictedTo[${j}].collections`,
                 'string[]');
             }
 
@@ -188,7 +188,7 @@ class Profile {
             if (member !== 'index' && member !== 'collections') {
               throw assertionError.get(
                 'unexpected_argument',
-                `policies[${i}].restrictedTo[${j}].${member}`,
+                `${this._id}.policies[${i}].restrictedTo[${j}].${member}`,
                 '"index", "collections"');
             }
           }

package/lib/model/security/role.js

@@ -96,15 +96,15 @@ class Role {
    */
   async validateDefinition () {
     if (this.controllers === undefined || this.controllers === null) {
-      throw assertionError.get('missing_argument', 'controllers');
+      throw assertionError.get('missing_argument', `${this._id}.controllers`);
     }
 
     if (!isPlainObject(this.controllers)) {
-      throw assertionError.get('invalid_type', 'controllers', 'object');
+      throw assertionError.get('invalid_type', `${this._id}.controllers`, 'object');
     }
 
     if (Object.keys(this.controllers).length === 0) {
-      throw assertionError.get('empty_argument', 'controllers');
+      throw assertionError.get('empty_argument', `${this._id}.controllers`);
     }
 
     Object

package/lib/service/cache/redis.js

@@ -43,6 +43,7 @@ class Redis extends Service {
     this.client = null;
     this.commands = {};
     this.adapterName = name;
+    this.pingIntervalID = null;
   }
 
   /**
@@ -80,6 +81,10 @@ class Redis extends Service {
     });
 
     this.setCommands();
+    // TODO: Remove this when IORedis does support application level pings to keep connection to Azure Redis alive
+    if (config.pingKeepAlive && config.pingKeepAlive > 0) {
+      this._setupKeepAlive(config.pingKeepAlive);
+    }
 
     return new Bluebird((resolve, reject) => {
       this.client.once('ready', async () => {
@@ -93,6 +98,34 @@ class Redis extends Service {
     });
   }
 
+  /**
+   * Setup a ping interval to keep the connection alive
+   * Every 60 seconds a ping is sent to Redis
+   */
+  _setupKeepAlive(delay) {
+    this.client.on('ready', async () => {
+      await this._ping();
+      this.pingIntervalID = setInterval(this._ping.bind(this), delay);
+    });
+
+    this.client.on('error', () => {
+      clearInterval(this.pingIntervalID);
+      this.pingIntervalID = null;
+    });
+  }
+
+  /**
+   * Ping Redis
+   */
+  async _ping() {
+    try {
+      await this.client.ping();
+    }
+    catch (error) {
+      global.kuzzle.log.error(`Failed to PING Redis to keep connection alive:\n${error.message}`);  
+    }
+  }
+
   /**
    * Initializes the Redis commands list, and add transformers when necessary
    */

package/lib/types/InternalLogger.d.ts

@@ -0,0 +1,25 @@
+/**
+ * Internal logger.
+ */
+export declare type InternalLogger = {
+    /**
+     * Logs a debug message
+     */
+    debug: (message: any) => void;
+    /**
+     * Logs an error message
+     */
+    error: (message: any) => void;
+    /**
+     * Logs an info message
+     */
+    info: (message: any) => void;
+    /**
+     * Logs a verbose message
+     */
+    verbose: (message: any) => void;
+    /**
+     * Logs a warn message
+     */
+    warn: (message: any) => void;
+};

package/lib/types/InternalLogger.js

@@ -0,0 +1,23 @@
+"use strict";
+/*
+ * Kuzzle, a backend software, self-hostable and ready to use
+ * to power modern apps
+ *
+ * Copyright 2015-2020 Kuzzle
+ * mailto: support AT kuzzle.io
+ * website: http://kuzzle.io
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=InternalLogger.js.map

package/lib/types/PasswordPolicy.d.ts

@@ -0,0 +1,77 @@
+/**
+ * Represents a password policy of the local auth strategy plugin.
+ *
+ * @see https://docs.kuzzle.io/core/2/guides/main-concepts/authentication#password-policies
+ *
+ * @example
+ *
+ * {
+ *   "appliesTo": {
+ *     "profiles": ["editor"],
+ *     "roles": ["admin"]
+ *   },
+ *   "expiresAfter": "30d",
+ *   "mustChangePasswordIfSetByAdmin": true,
+ *   "passwordRegex": "^(?=.*[a-zA-Z])(?=.*[0-9])(?=.{8,})"
+ * }
+ */
+export declare type PasswordPolicy = {
+    /**
+     * Applies the policy to matching users.
+     *
+     * Can be either set to a wildcar (`"*""`) to match all users or to an
+     * object containing at least of the following property.
+     */
+    appliesTo: '*' | {
+        /**
+         * Array of user kuids the policy applies to.
+         */
+        users?: string[];
+        /**
+         * Array of profile ids the policy applies to.
+         */
+        profiles?: string[];
+        /**
+         * Array of role ids the policy applies to.
+         */
+        roles?: string[];
+    };
+    /**
+     * The delay after which a password expires.
+     *
+     * @see https://www.npmjs.com/package/ms
+     *
+     * Users with expired passwords are given a resetPasswordToken when logging in
+     * and must change their password to be allowed to log in again.
+     */
+    expiresAfter: string;
+    /**
+     * If set to true, prevents users to use their username in part of the password.
+     *
+     * The check is case-insensitive.
+     */
+    forbidLoginInPassword: boolean;
+    /**
+     * The number of passwords to store in history and checked against
+     * when a new password is set to prevent passwords reuse.
+     */
+    forbidReusedPasswordCount: number;
+    /**
+     * If set to true, whenever a password is set for a user by someone else,
+     * that user will receive a resetPasswordToken upon their next login and
+     * they will have to change their password before being allowed to log in again.
+     */
+    mustChangePasswordIfSetByAdmin: boolean;
+    /**
+     * A string representation of a regular expression to test on new passwords.
+     *
+     * @example
+     *
+     * // must be at least 6 chars long
+     * ".{6,}"
+     *
+     * // must be at least 8 chars long and include at least one letter and one digit
+     * "^(?=.*[a-zA-Z])(?=.*[0-9])(?=.{8,})"
+     */
+    passwordRegex: string;
+};

package/lib/types/PasswordPolicy.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=PasswordPolicy.js.map

package/lib/types/ProfileDefinition.d.ts

@@ -0,0 +1,48 @@
+/**
+ * A profile definition.
+ *
+ * @see https://docs.kuzzle.io/core/2/guides/main-concepts/permissions/#profiles
+ *
+ * @example
+ *
+ * {
+ *   rateLimit: 200,
+ *   policies: [
+ *     {
+ *       roleId: 'anonymous',
+ *       restrictedTo: [ { index: 'device-manager' } ]
+ *     }
+ *   ]
+ * }
+ */
+export declare type ProfileDefinition = {
+    /**
+     * The rate limit parameter controls how many API requests a user can send,
+     * per second and per node.
+     */
+    rateLimit: number;
+    /**
+     * Grant a role rights on API actions for this profile.
+     *
+     * Each role can be restricted to a list of indexes and collections.
+     */
+    policies: Array<{
+        /**
+         * Role ID
+         */
+        roleId: string;
+        /**
+         * List of indexes and collections to restrict this role on.
+         */
+        restrictedTo?: Array<{
+            /**
+             * Index name.
+             */
+            index: string;
+            /**
+             * Collection names.
+             */
+            collections: string[];
+        }>;
+    }>;
+};

package/lib/types/ProfileDefinition.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=ProfileDefinition.js.map

package/lib/types/RoleDefinition.d.ts

@@ -0,0 +1,27 @@
+/**
+ * A role definition
+ *
+ * @see https://docs.kuzzle.io/core/2/guides/main-concepts/permissions/#roles
+ *
+ * @example
+ *
+ * {
+ *    controllers: {
+ *      auth: {
+ *        actions: {
+ *          getCurrentUser: true,
+ *          logout: true
+ *        }
+ *      }
+ *    }
+ * }
+ */
+export declare type RoleDefinition = {
+    controllers: {
+        [controllerName: string]: {
+            actions: {
+                [actionName: string]: boolean;
+            };
+        };
+    };
+};

package/lib/types/RoleDefinition.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=RoleDefinition.js.map

package/lib/types/config/DumpConfiguration.d.ts

@@ -0,0 +1,42 @@
+export declare type DumpConfiguration = {
+    /**
+     * @default false
+     */
+    enabled: boolean;
+    history: {
+        /**
+          * @default 3
+          */
+        coredump: number;
+        /**
+          * @default 5
+        */
+        reports: number;
+    };
+    /**
+     * @default './dump/'
+    */
+    path: string;
+    /**
+     * @default 'gcore'
+    */
+    gcore: string;
+    /**
+     * @default 'YYYYMMDD-HHmmss'
+    */
+    dateFormat: string;
+    handledErrors: {
+        /**
+         * @default true
+         */
+        enabled: boolean;
+        /**
+         * @default ['RangeError','TypeError','KuzzleError','InternalError'],
+        */
+        whitelist: string[];
+        /**
+         * @default 600000
+         */
+        minInterval: number;
+    };
+};

package/lib/types/config/DumpConfiguration.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=DumpConfiguration.js.map