kuzzle 2.18.1 → 2.19.2

package/lib/api/funnel.js

@@ -33,6 +33,7 @@ const {
   BulkController,
   ClusterController,
   CollectionController,
+  DebugController,
   DocumentController,
   IndexController,
   MemoryStorageController,
@@ -40,7 +41,7 @@ const {
   SecurityController,
   ServerController,
 } = require('./controllers');
-const documentEventAliases = require('../config/documentEventAliases');
+const { documentEventAliases } = require('../config/documentEventAliases');
 const DocumentExtractor = require('./documentExtractor');
 const sdkCompatibility = require('../config/sdkCompatibility');
 const RateLimiter = require('./rateLimiter');
@@ -115,6 +116,7 @@ class Funnel {
     this.controllers.set('bulk', new BulkController());
     this.controllers.set('cluster', new ClusterController());
     this.controllers.set('collection', new CollectionController());
+    this.controllers.set('debug', new DebugController());
     this.controllers.set('document', new DocumentController());
     this.controllers.set('index', new IndexController());
     this.controllers.set('realtime', new RealtimeController());
@@ -344,19 +346,39 @@ class Funnel {
                     modifiedRequest.id,
                     processResult);
 
-                  callback(null, processResult);
-
-                  // disables a bluebird warning in dev. mode triggered when
-                  // a promise is created and not returned
-                  return null;
+                  return global.kuzzle.pipe(
+                    'request:afterExecution',
+                    { 
+                      request: _request,
+                      result: processResult,
+                      success: true,
+                    })
+                    .then(pipeEvent => { 
+                      callback(null, pipeEvent.result);
+
+                      // disables a bluebird warning in dev. mode triggered when
+                      // a promise is created and not returned
+                      return null;
+                    });
                 }).catch(err => {
                   debug('Error processing request %s: %a', modifiedRequest.id, err);
-                  return this._executeError(err, modifiedRequest, true, callback);
+                  return global.kuzzle.pipe(
+                    'request:afterExecution',
+                    {
+                      error: err,
+                      request: modifiedRequest,
+                      success: false,
+                    }).then(pipeEvent => this._executeError(pipeEvent.error, pipeEvent.request, true, callback));
                 });
             })
             .catch(err => {
               debug('Error processing request %s: %a', req.id, err);
-              return this._executeError(err, req, true, callback);
+              return global.kuzzle.pipe('request:afterExecution',
+                {
+                  error: err,
+                  request: req,
+                  success: false,
+                }).then(pipeEvent => this._executeError(pipeEvent.error, pipeEvent.request, true, callback));
             });
         });
       }, this, request);

package/lib/api/httpRoutes.js

@@ -52,6 +52,12 @@ const routes = [
   { verb: 'get', path: '/credentials/:strategy/_me', controller: 'auth', action: 'getMyCredentials', deprecated: { since: '2.4.0', message: 'Use this route instead: http://kuzzle:7512/_me/credentials/:strategy' } }, // @deprecated
   { verb: 'get', path: '/credentials/:strategy/_me/_exists', controller: 'auth', action: 'credentialsExist', deprecated: { since: '2.4.0', message: 'Use this route instead: http://kuzzle:7512/_me/credentials/:strategy/_exists' } }, // @deprecated
 
+  { verb: 'get', path: '/debug/_nodeVersion', controller: 'debug', action: 'nodeVersion' },
+  { verb: 'post', path: '/debug/_post', controller: 'debug', action: 'post' },
+  { verb: 'post', path: '/debug/_enable', controller: 'debug', action: 'enable' },
+  { verb: 'post', path: '/debug/_disable', controller: 'debug', action: 'disable' },
+
+
   // We need to expose a GET method for "login" action in order to make authentication protocol like Oauth2 or CAS work:
   { verb: 'get', path: '/_login/:strategy', controller: 'auth', action: 'login' },
 

package/lib/api/request/kuzzleRequest.d.ts

@@ -324,11 +324,15 @@ export declare class KuzzleRequest {
     /**
      * Returns the index specified in the request
      */
-    getIndex(): string;
+    getIndex({ required }?: {
+        required?: boolean;
+    }): string;
     /**
      * Returns the collection specified in the request
      */
-    getCollection(): string;
+    getCollection({ required }?: {
+        required?: boolean;
+    }): string;
     /**
      * Returns the index and collection specified in the request
      */
@@ -366,8 +370,8 @@ export declare class KuzzleRequest {
      */
     getUser(): User | null;
     /**
-    * Returns the search body query according to the http method
-    */
+     * Returns the search body query according to the http method
+     */
     getSearchBody(): JSONObject;
     /**
      * Returns the search params.
@@ -446,6 +450,10 @@ export declare class KuzzleRequest {
      * @param querystring if true, the object is expected to be found in a querystring
      */
     private _getObject;
+    /**
+     * Throw `missing_argument` when this one is required
+     */
+    private checkRequired;
 }
 export declare class Request extends KuzzleRequest {
 }

package/lib/api/request/kuzzleRequest.js

@@ -627,22 +627,18 @@ class KuzzleRequest {
     /**
      * Returns the index specified in the request
      */
-    getIndex() {
+    getIndex({ required = true } = {}) {
         const index = this.input.args.index;
-        if (!index) {
-            throw assertionError.get('missing_argument', 'index');
-        }
-        return index;
+        this.checkRequired(index, 'index', required);
+        return index ? String(index) : null;
     }
     /**
      * Returns the collection specified in the request
      */
-    getCollection() {
+    getCollection({ required = true } = {}) {
         const collection = this.input.args.collection;
-        if (!collection) {
-            throw assertionError.get('missing_argument', 'collection');
-        }
-        return collection;
+        this.checkRequired(collection, 'collection', required);
+        return collection ? String(collection) : null;
     }
     /**
      * Returns the index and collection specified in the request
@@ -699,7 +695,7 @@ class KuzzleRequest {
         if (typeof id !== 'string') {
             throw assertionError.get('invalid_type', '_id', 'string');
         }
-        return id;
+        return String(id);
     }
     /**
      * Returns the current user kuid
@@ -720,8 +716,8 @@ class KuzzleRequest {
         return null;
     }
     /**
-    * Returns the search body query according to the http method
-    */
+     * Returns the search body query according to the http method
+     */
     getSearchBody() {
         if (this.context.connection.protocol !== 'http'
             || this.context.connection.misc.verb !== 'GET') {
@@ -932,6 +928,14 @@ class KuzzleRequest {
         }
         return value;
     }
+    /**
+     * Throw `missing_argument` when this one is required
+     */
+    checkRequired(arg, argName, required) {
+        if (required && !arg) {
+            throw assertionError.get('missing_argument', argName);
+        }
+    }
 }
 exports.KuzzleRequest = KuzzleRequest;
 class Request extends KuzzleRequest {

package/lib/cluster/idCardHandler.js

@@ -98,7 +98,7 @@ class ClusterIdCardHandler {
     async createIdCard() {
         let reserved = false;
         do {
-            this.nodeId = (0, name_generator_1.generateRandomName)('knode');
+            this.nodeId = name_generator_1.NameGenerator.generateRandomName({ prefix: 'knode' });
             this.nodeIdKey = `${REDIS_PREFIX}${this.nodeId}`;
             this.idCard = new IdCard({
                 birthdate: Date.now(),

package/lib/config/default.config.js

@@ -105,6 +105,9 @@ const defaultConfig = {
         }
     },
     security: {
+        debug: {
+            native_debug_protocol: false
+        },
         restrictedProfileIds: ['default'],
         jwt: {
             algorithm: 'HS256',

package/lib/config/documentEventAliases.d.ts

@@ -0,0 +1,7 @@
+interface EventAliases {
+    list: Record<string, unknown>;
+    namespace: string;
+    notBefore: string[];
+}
+export declare const documentEventAliases: EventAliases;
+export {};

package/lib/config/documentEventAliases.js

@@ -1,3 +1,4 @@
+"use strict";
 /*
  * Kuzzle, a backend software, self-hostable and ready to use
  * to power modern apps
@@ -18,16 +19,29 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-
-'use strict';
-
-module.exports = {
-  list: {
-    'delete': ['delete', 'deleteByQuery', 'mDelete'],
-    'get': ['get', 'mGet', 'search'],
-    'update': ['update', 'mUpdate', 'updateByQuery', 'upsert'],
-    'write': ['create', 'createOrReplace', 'mCreate', 'mCreateOrReplace', 'mReplace', 'replace']
-  },
-  namespace: 'generic:document',
-  notBefore: ['search', 'deleteByQuery', 'updateByQuery'],
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
 };
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.documentEventAliases = void 0;
+const documentController_1 = __importDefault(require("../api/controllers/documentController"));
+function filter(obj, expectValue) {
+    const result = [];
+    for (const [action, event] of Object.entries(obj)) {
+        if (event === expectValue) {
+            result.push(action);
+        }
+    }
+    return result;
+}
+exports.documentEventAliases = {
+    list: {
+        delete: filter(documentController_1.default.actions, 'delete'),
+        get: filter(documentController_1.default.actions, 'get'),
+        update: filter(documentController_1.default.actions, 'update'),
+        write: filter(documentController_1.default.actions, 'write'),
+    },
+    namespace: 'generic:document',
+    notBefore: ['search', 'deleteByQuery', 'updateByQuery', 'export'],
+};
+//# sourceMappingURL=documentEventAliases.js.map

package/lib/core/backend/backend.d.ts

@@ -168,6 +168,10 @@ export declare class Backend {
      * EmbeddedSDK instance
      */
     get sdk(): EmbeddedSDK;
+    /**
+     * Cluster node ID
+     */
+    get nodeId(): string;
     private get _instanceProxy();
     /**
      * Try to read the current commit hash.

package/lib/core/backend/backend.js

@@ -243,6 +243,15 @@ class Backend {
         }
         return this._sdk;
     }
+    /**
+     * Cluster node ID
+     */
+    get nodeId() {
+        if (!this.started) {
+            throw runtimeError.get('unavailable_before_start', 'nodeId');
+        }
+        return this._kuzzle.id;
+    }
     get _instanceProxy() {
         return {
             api: this._controllers,

package/lib/core/network/protocols/httpwsProtocol.js

@@ -555,10 +555,16 @@ class HttpWsProtocol extends Protocol {
     if (type.includes('multipart/form-data')) {
       const parts = uWS.getParts(content, message.headers['content-type']);
       message.content = {};
+      
+      if (! parts) {
+        cb();
+        return;
+      }
 
       for (const part of parts) {
         if (part.data.byteLength > this.maxFormFileSize) {
           cb(HTTP_FILE_TOO_LARGE_ERROR);
+          return;
         }
 
         if (part.filename) {

package/lib/core/shared/sdk/embeddedSdk.d.ts

@@ -6,7 +6,7 @@ interface EmbeddedRealtime extends RealtimeController {
      * and, optionally, user events matching the provided filters will generate
      * real-time notifications.
      *
-     * @see https://docs.kuzzle.io/core/2/guides/main-concepts/6-realtime-engine/
+     * @see https://docs.kuzzle.io/core/2/guides/main-concepts/realtime-engine/
      *
      * @param index Index name
      * @param collection Collection name

package/lib/core/shared/sdk/embeddedSdk.js

@@ -48,11 +48,36 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.EmbeddedSDK = void 0;
 const kuzzle_sdk_1 = require("kuzzle-sdk");
+const lodash_1 = __importDefault(require("lodash"));
 const funnelProtocol_1 = require("./funnelProtocol");
 const safeObject_1 = require("../../../util/safeObject");
 const kerror = __importStar(require("../../../kerror"));
 const impersonatedSdk_1 = __importDefault(require("./impersonatedSdk"));
 const contextError = kerror.wrap('plugin', 'context');
+const forbiddenEmbeddedActions = {
+    'auth': new Set([
+        'checkRights',
+        'createApiKey',
+        'createMyCredentials',
+        'credentialsExist',
+        'deleteApiKey',
+        'getCurrentUser',
+        'getMyCredentials',
+        'getMyRights',
+        'getStrategies',
+        'logout',
+        'refreshToken',
+        'searchApiKeys',
+        'updateMyCredentials',
+        'updateSelf',
+        'validateMyCredentials',
+    ]),
+};
+const warnEmbeddedActions = {
+    'auth': {
+        'login': 'EmbeddedSDK.login is deprecated, use user impersonation instead',
+    }
+};
 /**
  * Kuzzle embedded SDK to make API calls inside applications or plugins.
  */
@@ -91,6 +116,14 @@ class EmbeddedSDK extends kuzzle_sdk_1.Kuzzle {
                 ? false
                 : options.propagate;
         }
+        if (forbiddenEmbeddedActions[request.controller] !== undefined
+            && forbiddenEmbeddedActions[request.controller].has(request.action)) {
+            throw kerror.get('api', 'process', 'forbidden_embedded_sdk_action', request.controller, request.action, ', use user impersonation or security controller instead');
+        }
+        const warning = lodash_1.default.get(warnEmbeddedActions, [request.controller, request.action]);
+        if (warning) {
+            global.kuzzle.log.warn(warning);
+        }
         return super.query(request, options);
     }
 }

package/lib/kerror/codes/0-core.json

@@ -154,6 +154,41 @@
           "class": "GatewayTimeoutError"
         }
       }
+    },
+    "debugger": {
+      "code": 5,
+      "errors": {
+        "not_enabled": {
+          "description": "The debugger is not enabled",
+          "code": 1,
+          "message": "Debugger is not enabled",
+          "class": "PreconditionError"
+        },
+        "monitor_already_running": {
+          "description": "The monitor is already running",
+          "code": 2,
+          "message": "The monitoring of \"%s\" is already running",
+          "class": "PreconditionError"
+        },
+        "monitor_not_running": {
+          "description": "The monitor is not running",
+          "code": 3,
+          "message": "The monitoring of \"%s\" is not running",
+          "class": "PreconditionError"
+        },
+        "native_debug_protocol_usage_denied": {
+          "description": "Usage of the native debug protocol is not allowed",
+          "code": 4,
+          "message": "Usage of the native debug protocol is not allowed",
+          "class": "PreconditionError"
+        },
+        "method_not_found": {
+          "description": "Debugger method not found",
+          "code": 5,
+          "message": "Debugger method \"%s\" not found.",
+          "class": "PreconditionError"
+        }
+      }
     }
   }
 }

package/lib/kerror/codes/2-api.json

@@ -182,6 +182,12 @@
           "code": 13,
           "message": "Rejected: Too many login attempts per second",
           "class": "TooManyRequestsError"
+        },
+        "forbidden_embedded_sdk_action": {
+          "description": "A forbidden EmbdeddedSDK action has been called",
+          "code": 14,
+          "message": "The action %s:%s has been called while it is forbidden in the EmbeddedSDK%s.",
+          "class": "PluginImplementationError"
         }
       }
     }

package/lib/kuzzle/kuzzle.d.ts

@@ -1 +1 @@
-export {};
+export declare const BACKEND_IMPORT_KEY = "backend:init:import";

package/lib/kuzzle/kuzzle.js

@@ -46,6 +46,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
+exports.BACKEND_IMPORT_KEY = void 0;
 const path_1 = __importDefault(require("path"));
 const murmurhash_native_1 = require("murmurhash-native");
 const json_stable_stringify_1 = __importDefault(require("json-stable-stringify"));
@@ -78,7 +79,8 @@ const cluster_1 = __importDefault(require("../cluster"));
 const package_json_1 = require("../../package.json");
 const name_generator_1 = require("../util/name-generator");
 const openapi_1 = require("../api/openapi");
-const BACKEND_IMPORT_KEY = 'backend:init:import';
+const crypto_1 = require("../util/crypto");
+exports.BACKEND_IMPORT_KEY = 'backend:init:import';
 let _kuzzle = null;
 Reflect.defineProperty(global, 'kuzzle', {
     configurable: true,
@@ -201,7 +203,7 @@ class Kuzzle extends kuzzleEventEmitter_1.default {
             this.log.info('[✔] Cluster initialized');
         }
         else {
-            id = (0, name_generator_1.generateRandomName)('knode');
+            id = name_generator_1.NameGenerator.generateRandomName({ prefix: 'knode' });
             this.log.info('[X] Cluster disabled: single node mode.');
         }
         return id;
@@ -368,11 +370,10 @@ class Kuzzle extends kuzzleEventEmitter_1.default {
      */
     async _waitForImportToFinish() {
         const importTypes = Object.keys(this.importTypes);
-        while (importTypes.length) {
+        for (const importType of importTypes) {
             // If the import is done, we pop it from the queue to check the next one
-            if (await this.ask('core:cache:internal:get', `${BACKEND_IMPORT_KEY}:${importTypes[0]}`)) {
-                importTypes.shift();
-                continue;
+            if (await this.ask('core:cache:internal:get', `${exports.BACKEND_IMPORT_KEY}:${importType}`)) {
+                return;
             }
             await bluebird_1.default.delay(1000);
         }
@@ -399,8 +400,26 @@ class Kuzzle extends kuzzleEventEmitter_1.default {
         const lockedMutex = [];
         try {
             for (const [type, importMethod] of Object.entries(this.importTypes)) {
+                const importPayload = {};
+                switch (type) {
+                    case 'fixtures':
+                        lodash_1.default.set(importPayload, 'toSupport.fixtures', toSupport.fixtures);
+                        break;
+                    case 'mappings':
+                        lodash_1.default.set(importPayload, 'toSupport.mappings', toSupport.mappings);
+                        lodash_1.default.set(importPayload, 'toImport.mappings', toImport.mappings);
+                        break;
+                    case 'permissions':
+                        lodash_1.default.set(importPayload, 'toSupport.securities', toSupport.securities);
+                        lodash_1.default.set(importPayload, 'toImport.profiles', toImport.profiles);
+                        lodash_1.default.set(importPayload, 'toImport.roles', toImport.roles);
+                        lodash_1.default.set(importPayload, 'toImport.users', toImport.users);
+                        break;
+                }
+                const importPayloadHash = (0, crypto_1.sha256)((0, json_stable_stringify_1.default)(importPayload));
                 const mutex = new mutex_1.Mutex(`backend:import:${type}`, { timeout: 0 });
-                const initialized = await this.ask('core:cache:internal:get', `${BACKEND_IMPORT_KEY}:${type}`) === '1';
+                const existingHash = await this.ask('core:cache:internal:get', `${exports.BACKEND_IMPORT_KEY}:${type}`);
+                const initialized = existingHash === importPayloadHash;
                 const locked = await mutex.lock();
                 await importMethod({ toImport, toSupport }, {
                     firstCall: !initialized && locked,
@@ -409,7 +428,7 @@ class Kuzzle extends kuzzleEventEmitter_1.default {
                 });
                 if (!initialized && locked) {
                     lockedMutex.push(mutex);
-                    await this.ask('core:cache:internal:store', `${BACKEND_IMPORT_KEY}:${type}`, 1, { ttl: 5 * 60 * 1000 });
+                    await this.ask('core:cache:internal:store', `${exports.BACKEND_IMPORT_KEY}:${type}`, importPayloadHash);
                 }
             }
             await this._waitForImportToFinish();

package/lib/model/storage/apiKey.js

@@ -21,16 +21,11 @@
 
 'use strict';
 
-const crypto = require('crypto');
-
+const { sha256 } = require('../../util/crypto');
 const debug = require('../../util/debug')('models:storage:apiKey');
 const kerror = require('../../kerror');
 const BaseModel = require('./baseModel');
 
-function sha256 (string) {
-  return crypto.createHash('sha256').update(string).digest('hex');
-}
-
 class ApiKey extends BaseModel {
   constructor (_source, _id = null) {
     super(_source, _id);

package/lib/service/storage/elasticsearch.js

@@ -182,7 +182,7 @@ class ElasticSearch extends Service {
   /**
    * Translate Koncorde filters to Elasticsearch query
    *
-   * @param {Object} koncordeFilters - Set of valid Koncorde filters
+   * @param {Object} filters - Set of valid Koncorde filters
    * @returns {Object} Equivalent Elasticsearch query
    */
   translateKoncordeFilters (filters) {
@@ -1435,10 +1435,9 @@ class ElasticSearch extends Service {
     // rollback the whole operation. Since mappings can't be rollback, we try to
     // update the settings first, then the mappings and we rollback the settings
     // if putMappings fail.
-    let indiceSettings;
+    let indexSettings;
     try {
-      const response = await this._client.indices.getSettings(esRequest);
-      indiceSettings = response.body[esRequest.index].settings;
+      indexSettings = await this._getSettings(esRequest);
     }
     catch (error) {
       throw this._esWrapper.formatESError(error);
@@ -1460,11 +1459,7 @@ class ElasticSearch extends Service {
       }
     }
     catch (error) {
-      const allowedSettings = {
-        index: _.omit(
-          indiceSettings.index,
-          ['creation_date', 'provided_name', 'uuid', 'version'])
-      };
+      const allowedSettings = this.getAllowedIndexSettings(indexSettings);
 
       // Rollback to previous settings
       if (! _.isEmpty(settings)) {
@@ -1477,6 +1472,20 @@ class ElasticSearch extends Service {
     return null;
   }
 
+  /**
+   * Given index settings we return a new version of index settings
+   * only with allowed settings that can be set (during update or create index).
+   * @param indexSettings the index settings
+   * @returns {{index: *}} a new index settings with only allowed settings.
+   */
+  getAllowedIndexSettings (indexSettings) {
+    return {
+      index: _.omit(
+        indexSettings.index,
+        ['creation_date', 'provided_name', 'uuid', 'version'])
+    };
+  }
+
   /**
   * Sends an empty UpdateByQuery request to update the search index
   *
@@ -1583,7 +1592,7 @@ class ElasticSearch extends Service {
   }
 
   /**
-   * Empties the content of a collection. Keep the existing mapping.
+   * Empties the content of a collection. Keep the existing mapping and settings.
    *
    * @param {String} index - Index name
    * @param {String} collection - Collection name
@@ -1592,6 +1601,7 @@ class ElasticSearch extends Service {
    */
   async truncateCollection (index, collection) {
     let mappings;
+    let settings;
 
     const esRequest = {
       index: await this._getIndice(index, collection)
@@ -1599,7 +1609,11 @@ class ElasticSearch extends Service {
 
     try {
       mappings = await this.getMapping(index, collection, { includeKuzzleMeta: true });
-
+      settings = await this._getSettings(esRequest);
+      settings = {
+        ...settings,
+        ...this.getAllowedIndexSettings(settings)
+      };
       await this._client.indices.delete(esRequest);
 
       await this._client.indices.create({
@@ -1608,7 +1622,8 @@ class ElasticSearch extends Service {
           aliases: {
             [this._getAlias(index, collection)]: {}
           },
-          mappings
+          mappings,
+          settings
         }
       });
 
@@ -2535,7 +2550,7 @@ class ElasticSearch extends Service {
    *
    * @param {String} index - Index name
    * @param {String} collection - Collection name
-   * @param {Array.<String>} documents - Documents IDs
+   * @param {Array.<String>} ids - Documents IDs
    * @param {Object} options - timeout (undefined), refresh (undefined)
    *
    * @returns {Promise.<{ documents, errors }>
@@ -2857,6 +2872,18 @@ class ElasticSearch extends Service {
     return body[0].index;
   }
 
+  /**
+   * Given an ES Request returns the settings of the corresponding indice.
+   *
+   * @param esRequest the ES Request with wanted settings.
+   * @return {Promise<*>} the settings of the indice.
+   * @private
+   */
+  async _getSettings (esRequest) {
+    const response = await this._client.indices.getSettings(esRequest);
+    return response.body[esRequest.index].settings;
+  }
+
   /**
    * Given index + collection, returns an available indice name.
    * Use this function when creating the associated indice. Otherwise use `_getAlias`.