kuzzle 2.17.7 → 2.18.1

package/bin/start-kuzzle-server

@@ -4,7 +4,7 @@
  * Kuzzle, a backend software, self-hostable and ready to use
  * to power modern apps
  *
- * Copyright 2015-2020 Kuzzle
+ * Copyright 2015-2022 Kuzzle
  * mailto: support AT kuzzle.io
  * website: http://kuzzle.io
  *

package/lib/api/controllers/adminController.js

@@ -2,7 +2,7 @@
  * Kuzzle, a backend software, self-hostable and ready to use
  * to power modern apps
  *
- * Copyright 2015-2020 Kuzzle
+ * Copyright 2015-2022 Kuzzle
  * mailto: support AT kuzzle.io
  * website: http://kuzzle.io
  *

package/lib/api/controllers/authController.js

@@ -2,7 +2,7 @@
  * Kuzzle, a backend software, self-hostable and ready to use
  * to power modern apps
  *
- * Copyright 2015-2020 Kuzzle
+ * Copyright 2015-2022 Kuzzle
  * mailto: support AT kuzzle.io
  * website: http://kuzzle.io
  *
@@ -35,6 +35,7 @@ const { NativeController } = require('./baseController');
 const formatProcessing = require('../../core/auth/formatProcessing');
 const { User } = require('../../model/security/user');
 const ApiKey = require('../../model/storage/apiKey');
+const SecurityController = require('./securityController');
 
 /**
  * @class AuthController
@@ -471,7 +472,7 @@ class AuthController extends NativeController {
         userId,
       });
 
-    global.kuzzle.log.info(`[SECURITY] User "${userId}" applied action "${request.input.action}" on user "${userId}."`);
+    global.kuzzle.log.info(`[SECURITY] ${SecurityController.userOrSdk(userId)} applied action "${request.input.action}" on user "${userId}."`);
 
     return formatProcessing.serializeUser(user);
   }
@@ -646,7 +647,12 @@ class AuthController extends NativeController {
 
   assertIsAuthenticated (request) {
     if (request.context.user._id === this.anonymousId) {
-      throw kerror.get('security', 'rights', 'unauthorized');
+      throw kerror.get(
+        'security',
+        'rights',
+        'unauthorized',
+        request.input.controller,
+        request.input.action);
     }
   }
 }

package/lib/api/controllers/baseController.js

@@ -2,7 +2,7 @@
  * Kuzzle, a backend software, self-hostable and ready to use
  * to power modern apps
  *
- * Copyright 2015-2020 Kuzzle
+ * Copyright 2015-2022 Kuzzle
  * mailto: support AT kuzzle.io
  * website: http://kuzzle.io
  *

package/lib/api/controllers/bulkController.js

@@ -2,7 +2,7 @@
  * Kuzzle, a backend software, self-hostable and ready to use
  * to power modern apps
  *
- * Copyright 2015-2020 Kuzzle
+ * Copyright 2015-2022 Kuzzle
  * mailto: support AT kuzzle.io
  * website: http://kuzzle.io
  *

package/lib/api/controllers/clusterController.js

@@ -2,7 +2,7 @@
  * Kuzzle, a backend software, self-hostable and ready to use
  * to power modern apps
  *
- * Copyright 2015-2020 Kuzzle
+ * Copyright 2015-2022 Kuzzle
  * mailto: support AT kuzzle.io
  * website: http://kuzzle.io
  *

package/lib/api/controllers/collectionController.js

@@ -2,7 +2,7 @@
  * Kuzzle, a backend software, self-hostable and ready to use
  * to power modern apps
  *
- * Copyright 2015-2020 Kuzzle
+ * Copyright 2015-2022 Kuzzle
  * mailto: support AT kuzzle.io
  * website: http://kuzzle.io
  *

package/lib/api/controllers/documentController.js

@@ -2,7 +2,7 @@
  * Kuzzle, a backend software, self-hostable and ready to use
  * to power modern apps
  *
- * Copyright 2015-2020 Kuzzle
+ * Copyright 2015-2022 Kuzzle
  * mailto: support AT kuzzle.io
  * website: http://kuzzle.io
  *
@@ -228,8 +228,12 @@ class DocumentController extends NativeController {
       mimeType = 'text/csv';
     }
 
-    request.response.setHeader('Content-Type', mimeType);
-    request.response.setHeader('Content-Disposition', `attachment; filename="${index}-${collection}.${format}"`);
+    request.response.configure({
+      headers: {
+        'Content-Disposition': `attachment; filename="${index}-${collection}.${format}"`,
+        'Content-Type': mimeType,
+      }
+    });
 
     return dumpCollectionDocuments(
       index,
@@ -829,6 +833,7 @@ class DocumentController extends NativeController {
    * @returns {Promise.<Object>} { successes, errors }
    */
   async _mChanges (request, methodName, action) {
+    let source = true;
     const userId = request.getKuid();
     const strict = request.getBoolean('strict');
     const silent = request.getBoolean('silent');
@@ -842,6 +847,10 @@ class DocumentController extends NativeController {
 
     this.assertNotExceedMaxWrite(documents.length);
 
+    if (request.input.args.source !== undefined) {
+      source = request.input.args.source === 'false' ? false : request.getBoolean('source');
+    }
+
     if (documents.length === 0) {
       return {
         errors: [],
@@ -865,7 +874,7 @@ class DocumentController extends NativeController {
       index,
       collection,
       documents,
-      { refresh, retryOnConflict, userId });
+      { refresh, retryOnConflict, source, userId });
 
     if (strict && response.errors.length) {
       throw kerror.get('api', 'process', 'incomplete_multiple_request', methodName, response.errors);

package/lib/api/controllers/index.js

@@ -2,7 +2,7 @@
  * Kuzzle, a backend software, self-hostable and ready to use
  * to power modern apps
  *
- * Copyright 2015-2020 Kuzzle
+ * Copyright 2015-2022 Kuzzle
  * mailto: support AT kuzzle.io
  * website: http://kuzzle.io
  *

package/lib/api/controllers/indexController.js

@@ -2,7 +2,7 @@
  * Kuzzle, a backend software, self-hostable and ready to use
  * to power modern apps
  *
- * Copyright 2015-2020 Kuzzle
+ * Copyright 2015-2022 Kuzzle
  * mailto: support AT kuzzle.io
  * website: http://kuzzle.io
  *
@@ -21,8 +21,6 @@
 
 'use strict';
 
-const Bluebird = require('bluebird');
-
 const { Request } = require('../request');
 const { NativeController } = require('./baseController');
 
@@ -119,7 +117,7 @@ class IndexController extends NativeController {
         );
       }
 
-      await Bluebird.all(promises);
+      await Promise.all(promises);
     }
 
     return response;
@@ -148,12 +146,18 @@ class IndexController extends NativeController {
   }
 
   /**
-   * Returns a list of indexes allowed to be deleted by the user
+   * Returns a list of indexes allowed to be deleted by the user.
+   *
+   * Returns entire list of public indexes when called from EmbeddedSDK
    *
    * @param {Request} request
-   * @param {String[]} publicIndexes - Complete indexes list
+   * @param {String[]} publicIndexes - Public indexes list
    */
   _allowedIndexes (request, publicIndexes) {
+    if (request.getUser() === null) {
+      return publicIndexes;
+    }
+
     const allowedIndexes = [];
 
     const promises = publicIndexes
@@ -171,7 +175,7 @@ class IndexController extends NativeController {
           });
       });
 
-    return Bluebird.all(promises)
+    return Promise.all(promises)
       .then(() => allowedIndexes);
   }
 }

package/lib/api/controllers/memoryStorageController.js

@@ -2,7 +2,7 @@
  * Kuzzle, a backend software, self-hostable and ready to use
  * to power modern apps
  *
- * Copyright 2015-2020 Kuzzle
+ * Copyright 2015-2022 Kuzzle
  * mailto: support AT kuzzle.io
  * website: http://kuzzle.io
  *

package/lib/api/controllers/realtimeController.js

@@ -2,7 +2,7 @@
  * Kuzzle, a backend software, self-hostable and ready to use
  * to power modern apps
  *
- * Copyright 2015-2020 Kuzzle
+ * Copyright 2015-2022 Kuzzle
  * mailto: support AT kuzzle.io
  * website: http://kuzzle.io
  *

package/lib/api/controllers/securityController.js

@@ -2,7 +2,7 @@
  * Kuzzle, a backend software, self-hostable and ready to use
  * to power modern apps
  *
- * Copyright 2015-2020 Kuzzle
+ * Copyright 2015-2022 Kuzzle
  * mailto: support AT kuzzle.io
  * website: http://kuzzle.io
  *
@@ -31,13 +31,18 @@ const { NativeController } = require('./baseController');
 const formatProcessing = require('../../core/auth/formatProcessing');
 const ApiKey = require('../../model/storage/apiKey');
 const kerror = require('../../kerror');
-const { has, get } = require('../../util/safeObject');
+const { has } = require('../../util/safeObject');
 const { generateRandomName } = require('../../util/name-generator');
 
 /**
  * @class SecurityController
  */
 class SecurityController extends NativeController {
+
+  static userOrSdk (userId) {
+    return userId === null ? 'EmbeddedSDK' : `User "${userId}"`;
+  }
+
   constructor () {
     super([
       'checkRights',
@@ -92,6 +97,7 @@ class SecurityController extends NativeController {
       'updateRoleMapping',
       'updateUser',
       'updateUserMapping',
+      'upsertUser',
       'validateCredentials'
     ]);
 
@@ -149,7 +155,7 @@ class SecurityController extends NativeController {
       refresh,
     });
 
-    global.kuzzle.log.info(`[SECURITY] User "${creatorId}" applied action "${request.input.action}" on user "${userId}."`);
+    global.kuzzle.log.info(`[SECURITY] ${SecurityController.userOrSdk(creatorId)} applied action "${request.input.action}" on user "${userId}."`);
     return apiKey.serialize({ includeToken: true });
   }
 
@@ -371,7 +377,7 @@ class SecurityController extends NativeController {
       userId,
     });
 
-    global.kuzzle.log.info(`[SECURITY] User "${userId}" applied action "${request.input.action}" on role "${role._id}."`);
+    global.kuzzle.log.info(`[SECURITY] ${SecurityController.userOrSdk(userId)} applied action "${request.input.action}" on role "${role._id}."`);
     return formatProcessing.serializeRole(role);
   }
 
@@ -392,7 +398,7 @@ class SecurityController extends NativeController {
       userId,
     });
 
-    global.kuzzle.log.info(`[SECURITY] User "${userId}" applied action "${request.input.action}" on role "${role._id}."`);
+    global.kuzzle.log.info(`[SECURITY] ${SecurityController.userOrSdk(userId)} applied action "${request.input.action}" on role "${role._id}."`);
     return formatProcessing.serializeRole(role);
   }
 
@@ -409,7 +415,7 @@ class SecurityController extends NativeController {
       refresh: request.getRefresh('wait_for')
     });
 
-    global.kuzzle.log.info(`[SECURITY] User "${request.getKuid()}" applied action "${request.input.action} on role "${id}."`);
+    global.kuzzle.log.info(`[SECURITY] ${SecurityController.userOrSdk(request.getKuid())} applied action "${request.input.action} on role "${id}."`);
 
     // @todo This avoids a breaking change... but we should really return
     // an acknowledgment.
@@ -472,7 +478,7 @@ class SecurityController extends NativeController {
         userId,
       });
 
-    global.kuzzle.log.info(`[SECURITY] User "${userId}" applied action "${request.input.action}" on profile "${profile._id}."`);
+    global.kuzzle.log.info(`[SECURITY] ${SecurityController.userOrSdk(userId)} applied action "${request.input.action}" on profile "${profile._id}."`);
 
     return formatProcessing.serializeProfile(profile);
   }
@@ -501,7 +507,7 @@ class SecurityController extends NativeController {
         userId,
       });
 
-    global.kuzzle.log.info(`[SECURITY] User "${userId}" applied action "${request.input.action}" on profile "${profile._id}."`);
+    global.kuzzle.log.info(`[SECURITY] ${SecurityController.userOrSdk(userId)} applied action "${request.input.action}" on profile "${profile._id}."`);
 
     return formatProcessing.serializeProfile(profile);
   }
@@ -522,7 +528,7 @@ class SecurityController extends NativeController {
 
     await this.ask('core:security:profile:delete', id, options);
 
-    global.kuzzle.log.info(`[SECURITY] User "${userId}" applied action "${request.input.action}" on profile "${id}."`);
+    global.kuzzle.log.info(`[SECURITY] ${SecurityController.userOrSdk(userId)} applied action "${request.input.action}" on profile "${id}."`);
 
     // @todo - replace by an acknowledgement
     return { _id: id };
@@ -602,7 +608,8 @@ class SecurityController extends NativeController {
       ids = request.getBodyArray('ids');
     }
     else {
-      ids = request.getString('ids').split(',');
+      // @deprecated Should be replaced with request.getArray('ids')
+      ids = request.getArrayLegacy('ids');
     }
 
     const users = await this.ask('core:security:user:mGet', ids);
@@ -757,7 +764,7 @@ class SecurityController extends NativeController {
 
     await this.ask('core:security:user:delete', id, options);
 
-    global.kuzzle.log.info(`[SECURITY] User "${request.getKuid()}" applied action "${request.input.action}" on user "${id}."`);
+    global.kuzzle.log.info(`[SECURITY] ${SecurityController.userOrSdk(request.getKuid())} applied action "${request.input.action}" on user "${id}."`);
 
     return { _id: id };
   }
@@ -770,17 +777,9 @@ class SecurityController extends NativeController {
    */
   async createUser (request) {
     const content = request.getBodyObject('content');
-    const profileIds = get(content, 'profileIds');
+    const profileIds = request.getBodyArray('content.profileIds');
     const humanReadableId = request.getString('kuid', 'human') !== 'uuid';
 
-    if (profileIds === undefined) {
-      throw kerror.get('api', 'assert', 'missing_argument', 'body.content.profileIds');
-    }
-
-    if (! Array.isArray(profileIds)) {
-      throw kerror.get('api', 'assert', 'invalid_type', 'body.content.profileIds', 'array');
-    }
-
     return this._persistUser(request, profileIds, content, { humanReadableId });
   }
 
@@ -819,20 +818,38 @@ class SecurityController extends NativeController {
       ? null
       : request.getBodyArray('profileIds');
 
-    const updated = await this.ask(
-      'core:security:user:update',
-      id,
-      profileIds,
-      content,
-      {
-        refresh: request.getRefresh('wait_for'),
-        retryOnConflict: request.getInteger('retryOnConflict', 10),
-        userId,
-      });
+    return this._changeUser(request, id, content, userId, profileIds);
+  }
 
-    global.kuzzle.log.info(`[SECURITY] User "${userId}" applied action "${request.input.action}" on user "${id}."`);
+  /**
+   * Applies a partial update to an existing user.
+   * If the user doesn't already exist, a new user is created.
+   *
+   * @param {Request} request
+   * @returns {Promise}
+   */
+  async upsertUser (request) {
+    const id = request.getId();
+    const content = request.getBodyObject('content');
+    const userId = request.getKuid();
+    const profileIds = request.getBodyArray('content.profileIds');
+    const defaultValues = request.getBodyObject('default', {});
 
-    return formatProcessing.serializeUser(updated);
+    try {
+      return await this._changeUser(request, id, content, userId, profileIds);
+    }
+    catch (error) {
+      if (error.id && error.id === 'security.user.not_found') {
+        const creatingContent = {
+          ...defaultValues,
+          ...content, // Order important, content erase default duplicates
+        };
+
+        return this._persistUser(request, profileIds, creatingContent);
+      }
+
+      throw error;
+    }
   }
 
   /**
@@ -854,7 +871,7 @@ class SecurityController extends NativeController {
       content,
       { refresh: request.getRefresh('wait_for'), userId });
 
-    global.kuzzle.log.info(`[SECURITY] User "${userId}" applied action "${request.input.action}" on user "${id}."`);
+    global.kuzzle.log.info(`[SECURITY] ${SecurityController.userOrSdk(userId)} applied action "${request.input.action}" on user "${id}."`);
 
     return formatProcessing.serializeUser(user);
   }
@@ -877,7 +894,7 @@ class SecurityController extends NativeController {
       userId,
     });
 
-    global.kuzzle.log.info(`[SECURITY] User "${userId}" applied action "${request.input.action}" on profile "${id}."`);
+    global.kuzzle.log.info(`[SECURITY] ${SecurityController.userOrSdk(userId)} applied action "${request.input.action}" on profile "${id}."`);
     return formatProcessing.serializeProfile(updated);
   }
 
@@ -899,7 +916,7 @@ class SecurityController extends NativeController {
       userId,
     });
 
-    global.kuzzle.log.info(`[SECURITY] User "${userId}" applied action "${request.input.action}" on role "${id}."`);
+    global.kuzzle.log.info(`[SECURITY] ${SecurityController.userOrSdk(userId)} applied action "${request.input.action}" on role "${id}."`);
 
     return formatProcessing.serializeRole(updated);
   }
@@ -940,7 +957,7 @@ class SecurityController extends NativeController {
       }
     }
 
-    global.kuzzle.log.info(`[SECURITY] User "${userId}" applied action "${request.input.action}".`);
+    global.kuzzle.log.info(`[SECURITY] ${SecurityController.userOrSdk(userId)} applied action "${request.input.action}".`);
 
     return user;
   }
@@ -1029,7 +1046,7 @@ class SecurityController extends NativeController {
 
     const createMethod = this.getStrategyMethod(strategy, 'create');
 
-    global.kuzzle.log.info(`[SECURITY] User "${request.getKuid()}" applied action "${request.input.action}" on user "${id}."`);
+    global.kuzzle.log.info(`[SECURITY] ${SecurityController.userOrSdk(request.getKuid())} applied action "${request.input.action}" on user "${id}."`);
     return createMethod(request, body, id, strategy);
   }
 
@@ -1053,7 +1070,7 @@ class SecurityController extends NativeController {
 
     const updateMethod = this.getStrategyMethod(strategy, 'update');
 
-    global.kuzzle.log.info(`[SECURITY] User "${request.getKuid()}" applied action "${request.input.action}" on user "${id}."`);
+    global.kuzzle.log.info(`[SECURITY] ${SecurityController.userOrSdk(request.getKuid())} applied action "${request.input.action}" on user "${id}."`);
 
     return updateMethod(request, body, id, strategy);
   }
@@ -1106,7 +1123,7 @@ class SecurityController extends NativeController {
 
     await deleteMethod(request, id, strategy);
 
-    global.kuzzle.log.info(`[SECURITY] User "${request.getKuid()}" applied action "${request.input.action}" on user "${id}."`);
+    global.kuzzle.log.info(`[SECURITY] ${SecurityController.userOrSdk(request.getKuid())} applied action "${request.input.action}" on user "${id}."`);
 
     return { acknowledged: true };
   }
@@ -1217,15 +1234,36 @@ class SecurityController extends NativeController {
     }
 
     if (successes.length > 1000) {
-      global.kuzzle.log.info(`[SECURITY] User "${request.getKuid()}" deleted the following ${type}s: ${successes.slice(0, 1000).join(', ')}... (${successes.length - 1000} more users deleted)."`);
+      global.kuzzle.log.info(`[SECURITY] ${SecurityController.userOrSdk(request.getKuid())} deleted the following ${type}s: ${successes.slice(0, 1000).join(', ')}... (${successes.length - 1000} more users deleted)."`);
     }
     else {
-      global.kuzzle.log.info(`[SECURITY] User "${request.getKuid()}" deleted the following ${type}s: ${successes.join(', ')}."`);
+      global.kuzzle.log.info(`[SECURITY] ${SecurityController.userOrSdk(request.getKuid())} deleted the following ${type}s: ${successes.join(', ')}."`);
     }
 
     return successes;
   }
 
+  /**
+   * @returns {Promise}
+   * @private
+   */
+  async _changeUser (request, id, content, userId, profileIds) {
+    const updated = await this.ask(
+      'core:security:user:update',
+      id,
+      profileIds,
+      content,
+      {
+        refresh: request.getRefresh('wait_for'),
+        retryOnConflict: request.getInteger('retryOnConflict', 10),
+        userId,
+      });
+
+    global.kuzzle.log.info(`[SECURITY] ${SecurityController.userOrSdk(userId)} applied action "${request.input.action}" on user "${id}."`);
+
+    return formatProcessing.serializeUser(updated);
+  }
+
   /**
    * @param {Request} request
    * @returns {Promise}
@@ -1315,7 +1353,7 @@ class SecurityController extends NativeController {
     }
 
     if (creationFailure === null) {
-      global.kuzzle.log.info(`[SECURITY] User "${request.getKuid()}" applied action "${request.input.action}" on user "${id}."`);
+      global.kuzzle.log.info(`[SECURITY] ${SecurityController.userOrSdk(request.getKuid())} applied action "${request.input.action}" on user "${id}."`);
       return createdUser;
     }
 

package/lib/api/controllers/serverController.js

@@ -2,7 +2,7 @@
  * Kuzzle, a backend software, self-hostable and ready to use
  * to power modern apps
  *
- * Copyright 2015-2020 Kuzzle
+ * Copyright 2015-2022 Kuzzle
  * mailto: support AT kuzzle.io
  * website: http://kuzzle.io
  *
@@ -188,7 +188,8 @@ class ServerController extends NativeController {
 
     let services;
     if (typeof request.input.args.services === 'string') {
-      services = request.input.args.services.split(',');
+      // @deprecated Should be replaced with request.getArray('services')
+      services = request.getArrayLegacy('services');
     }
     if (! services || services.includes('internalCache')) {
       try {

package/lib/api/documentExtractor.js

@@ -2,7 +2,7 @@
  * Kuzzle, a backend software, self-hostable and ready to use
  * to power modern apps
  *
- * Copyright 2015-2020 Kuzzle
+ * Copyright 2015-2022 Kuzzle
  * mailto: support AT kuzzle.io
  * website: http://kuzzle.io
  *
@@ -56,7 +56,8 @@ const extractors = ([
             ids = request.input.args.ids;
           }
           else if (typeof request.input.args.ids === 'string') {
-            ids = request.input.args.ids.split(',');
+            // @deprecated Should be replaced with request.getArray('ids')
+            ids = request.getArrayLegacy('ids');
           }
           else {
             throw assertionError.get(

package/lib/api/funnel.js

@@ -2,7 +2,7 @@
  * Kuzzle, a backend software, self-hostable and ready to use
  * to power modern apps
  *
- * Copyright 2015-2020 Kuzzle
+ * Copyright 2015-2022 Kuzzle
  * mailto: support AT kuzzle.io
  * website: http://kuzzle.io
  *

package/lib/api/httpRoutes.js

@@ -2,7 +2,7 @@
  * Kuzzle, a backend software, self-hostable and ready to use
  * to power modern apps
  *
- * Copyright 2015-2020 Kuzzle
+ * Copyright 2015-2022 Kuzzle
  * mailto: support AT kuzzle.io
  * website: http://kuzzle.io
  *
@@ -35,8 +35,9 @@ const {
   OpenApiDocumentCreate,
   OpenApiDocumentCreateOrReplace,
   OpenApiDocumentValidate,
-} = require('./openapi/components/document');
-
+  OpenApiSecurityUpsertUser,
+  OpenApiDocumentmCreateOrReplace,
+} = require('./openapi/components');
 
 const routes = [
   // GET (idempotent)
@@ -76,7 +77,7 @@ const routes = [
   { verb: 'get', path: '/:index/:collection/:_id', controller: 'document', action: 'get', openapi: OpenApiDocumentGet },
   { verb: 'get', path: '/:index/:collection/_mGet', controller: 'document', action: 'mGet' },
   { verb: 'get', path: '/:index/:collection/:_id/_exists', controller: 'document', action: 'exists', openapi: OpenApiDocumentExists },
-  { verb: 'get', path: '/:index/:collection/_mExists', controller: 'document', action: 'mExists' },
+  { verb: 'post', path: '/:index/:collection/_mExists', controller: 'document', action: 'mExists' },
   { verb: 'get', path: '/_scroll/:scrollId', controller: 'document', action: 'scroll', openapi: OpenApiDocumentScroll },
 
   { verb: 'get', path: '/:index/_exists', controller: 'index', action: 'exists' },
@@ -234,6 +235,7 @@ const routes = [
   { verb: 'post', path: '/roles/_search', controller: 'security', action: 'searchRoles' },
   { verb: 'post', path: '/users/_search', controller: 'security', action: 'searchUsers' },
   { verb: 'post', path: '/credentials/:strategy/users/_search', controller: 'security', action: 'searchUsersByCredentials' },
+  { verb: 'post', path: '/users/:_id/_upsert', controller: 'security', action: 'upsertUser', openapi: OpenApiSecurityUpsertUser },
   { verb: 'post', path: '/credentials/:strategy/:_id/_validate', controller: 'security', action: 'validateCredentials' },
   { verb: 'post', path: '/_checkRights', controller: 'auth', action: 'checkRights' },
   { verb: 'post', path: '/_checkRights/:userId', controller: 'security', action: 'checkRights' },
@@ -355,7 +357,7 @@ const routes = [
   { verb: 'put', path: '/:index/:collection/_specifications', controller: 'collection', action: 'updateSpecifications' },
 
   { verb: 'put', path: '/:index/:collection/:_id', controller: 'document', action: 'createOrReplace', openapi: OpenApiDocumentCreateOrReplace },
-  { verb: 'put', path: '/:index/:collection/_mCreateOrReplace', controller: 'document', action: 'mCreateOrReplace' },
+  { verb: 'put', path: '/:index/:collection/_mCreateOrReplace', controller: 'document', action: 'mCreateOrReplace', openapi: OpenApiDocumentmCreateOrReplace },
   { verb: 'put', path: '/:index/:collection/:_id/_replace', controller: 'document', action: 'replace', openapi: OpenApiDocumentReplace },
   { verb: 'put', path: '/:index/:collection/_mReplace', controller: 'document', action: 'mReplace' },
   { verb: 'put', path: '/:index/:collection/_mUpdate', controller: 'document', action: 'mUpdate', deprecated: { since: '2.11.0', message: 'Use "document:mUpdate" route with PATCH instead of PUT' } }, // @deprecated

package/lib/api/openapi/OpenApiManager.js

@@ -3,7 +3,7 @@
  * Kuzzle, a backend software, self-hostable and ready to use
  * to power modern apps
  *
- * Copyright 2015-2020 Kuzzle
+ * Copyright 2015-2022 Kuzzle
  * mailto: support AT kuzzle.io
  * website: http://kuzzle.io
  *
@@ -79,6 +79,10 @@ class OpenApiManager {
                     ...components_1.OpenApiDocumentCreateOrReplaceComponent,
                     ...components_1.OpenApiDocumentCreateComponent,
                     ...components_1.OpenApiDocumentValidateComponent,
+                },
+                security: {
+                    ...components_1.OpenApiSecurityUpsertUserComponent,
+                    ...components_1.OpenApiDocumentmCreateOrReplaceComponent,
                 }
             }
         };

package/lib/api/openapi/components/document/get.yaml

@@ -14,7 +14,7 @@ DocumentGet:
         type: string
       required: true
     - in: path
-      name: documentId
+      name: _id
       schema:
         type: string
       required: true

package/lib/api/openapi/components/document/index.d.ts

@@ -20,3 +20,5 @@ export declare const OpenApiDocumentDeleteByQuery: any;
 export declare const OpenApiDocumentDeleteByQueryComponent: any;
 export declare const OpenApiDocumentValidate: any;
 export declare const OpenApiDocumentValidateComponent: any;
+export declare const OpenApiDocumentmCreateOrReplace: any;
+export declare const OpenApiDocumentmCreateOrReplaceComponent: any;