kuzzle 2.19.12 → 2.20.1

package/lib/api/controllers/baseController.d.ts

@@ -0,0 +1,74 @@
+import { JSONObject } from "kuzzle-sdk";
+import { KuzzleRequest } from "../request";
+/**
+ * Base class for all controllers
+ */
+export declare class BaseController {
+    protected __actions: Set<string>;
+    constructor();
+    get _actions(): Set<string>;
+    _addAction(name: any, fn: any): void;
+    /**
+     * Check if the provided action name exists within that controller.
+     * This check's purpose is to prevent actions leak by making actions exposure
+     * explicit.
+     *
+     * @param name
+     */
+    _isAction(name: string): boolean;
+}
+export declare class NativeController extends BaseController {
+    protected ask: (event: string, ...args: any[]) => Promise<any>;
+    protected pipe: (event: string, ...args: any[]) => Promise<any>;
+    constructor(actions?: any[]);
+    /**
+     * Controller optional initialization method.
+     * Used to perform asynchronous initialization safely: the funnel will wait
+     * for all controllers to be initialized before accepting requests.
+     */
+    init(): Promise<void>;
+    translateKoncorde(koncordeFilters: JSONObject): Promise<any>;
+    /**
+     * Throws if the body contain one of the specified attribute
+     *
+     * @param request
+     * @param paths
+     */
+    assertBodyHasNotAttributes(request: KuzzleRequest, ...paths: string[]): void;
+    /**
+     * Throws if the strategy does not exists
+     *
+     * @todo move this method in some kind of "Security" class
+     */
+    assertIsStrategyRegistered(strategy: string): void;
+    /**
+     * Throw if some target have:
+     * - missing properties
+     * - invalid types
+     * - unauthorized values
+     *
+     * @param Array of targets
+     * @param options.allowEmptyCollections
+     */
+    assertTargetsAreValid(targets: Array<{
+        index: string;
+        collections?: string[];
+    }>, { allowEmptyCollections }?: {
+        allowEmptyCollections?: boolean;
+    }): void;
+    _hasMultiTargets(str: string): boolean;
+    /**
+     * Throws if page size exceeed Kuzzle limits
+     *
+     * @param asked
+     * @throws
+     */
+    assertNotExceedMaxFetch(asked: number): void;
+    /**
+     * Throws if number of documents exceeed Kuzzle limits
+     *
+     * @param asked
+     * @throws
+     */
+    assertNotExceedMaxWrite(asked: number): void;
+}

package/lib/api/controllers/baseController.js

@@ -1,3 +1,4 @@
+"use strict";
 /*
  * Kuzzle, a backend software, self-hostable and ready to use
  * to power modern apps
@@ -18,239 +19,186 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-
-"use strict";
-
-const Bluebird = require("bluebird");
-
-const kerror = require("../../kerror");
-const { get } = require("../../util/safeObject");
-
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.NativeController = exports.BaseController = void 0;
+const kerror = __importStar(require("../../kerror"));
+const safeObject_1 = require("../../util/safeObject");
 const assertionError = kerror.wrap("api", "assert");
-
-// Base class for all controllers
+/**
+ * Base class for all controllers
+ */
 class BaseController {
-  constructor() {
-    this.__actions = new Set();
-  }
-
-  get _actions() {
-    return this.__actions;
-  }
-
-  _addAction(name, fn) {
-    this.__actions.add(name);
-    this[name] = fn;
-  }
-
-  /**
-   * Check if the provided action name exists within that controller.
-   * This check's purpose is to prevent actions leak by making actions exposure
-   * explicit.
-   *
-   * @param  {string} name
-   * @returns {boolean}
-   */
-  _isAction(name) {
-    return this.__actions.has(name);
-  }
+    constructor() {
+        this.__actions = new Set();
+    }
+    get _actions() {
+        return this.__actions;
+    }
+    _addAction(name, fn) {
+        this.__actions.add(name);
+        this[name] = fn;
+    }
+    /**
+     * Check if the provided action name exists within that controller.
+     * This check's purpose is to prevent actions leak by making actions exposure
+     * explicit.
+     *
+     * @param name
+     */
+    _isAction(name) {
+        return this.__actions.has(name);
+    }
 }
-
+exports.BaseController = BaseController;
 class NativeController extends BaseController {
-  constructor(actions = []) {
-    super();
-
-    this.ask = global.kuzzle.ask.bind(global.kuzzle);
-    this.pipe = global.kuzzle.pipe.bind(global.kuzzle);
-    this.__actions = new Set(actions);
-  }
-
-  /**
-   * Controller optional initialization method.
-   * Used to perform asynchronous initialization safely: the funnel will wait
-   * for all controllers to be initialized before accepting requests.
-   *
-   * @returns {Promise}
-   */
-  init() {
-    return Bluebird.resolve();
-  }
-
-  async translateKoncorde(koncordeFilters) {
-    if (Object.keys(koncordeFilters).length === 0) {
-      return {};
-    }
-
-    if (typeof koncordeFilters !== "object") {
-      throw assertionError.get("invalid_type", "body.query", "object");
+    constructor(actions = []) {
+        super();
+        this.ask = global.kuzzle.ask.bind(global.kuzzle);
+        this.pipe = global.kuzzle.pipe.bind(global.kuzzle);
+        this.__actions = new Set(actions);
     }
-
-    try {
-      return await this.ask("core:storage:public:translate", koncordeFilters);
-    } catch (error) {
-      if (!error.keyword) {
-        throw error;
-      }
-
-      throw assertionError.get(
-        "koncorde_restricted_keyword",
-        error.keyword.type,
-        error.keyword.name
-      );
+    /**
+     * Controller optional initialization method.
+     * Used to perform asynchronous initialization safely: the funnel will wait
+     * for all controllers to be initialized before accepting requests.
+     */
+    async init() {
+        // nothing here
     }
-  }
-
-  /**
-   * Throws if the body contain one of the specified attribute
-   *
-   * @param {Request} request
-   * @param  {...any} paths
-   */
-  assertBodyHasNotAttributes(request, ...paths) {
-    if (request.input.body !== null) {
-      for (const path of paths) {
-        if (get(request.input.body, path)) {
-          throw assertionError.get("forbidden_argument", `body.${path}`);
+    async translateKoncorde(koncordeFilters) {
+        if (Object.keys(koncordeFilters).length === 0) {
+            return {};
+        }
+        if (typeof koncordeFilters !== "object") {
+            throw assertionError.get("invalid_type", "body.query", "object");
+        }
+        try {
+            return await this.ask("core:storage:public:translate", koncordeFilters);
+        }
+        catch (error) {
+            if (!error.keyword) {
+                throw error;
+            }
+            throw assertionError.get("koncorde_restricted_keyword", error.keyword.type, error.keyword.name);
         }
-      }
     }
-  }
-
-  /**
-   * Throws if the strategy does not exists
-   *
-   * @todo move this method in some kind of "Security" class
-   * @param {String} strategy
-   */
-  assertIsStrategyRegistered(strategy) {
-    if (!global.kuzzle.pluginsManager.listStrategies().includes(strategy)) {
-      throw kerror.get("security", "credentials", "unknown_strategy", strategy);
+    /**
+     * Throws if the body contain one of the specified attribute
+     *
+     * @param request
+     * @param paths
+     */
+    assertBodyHasNotAttributes(request, ...paths) {
+        if (request.input.body !== null) {
+            for (const path of paths) {
+                if ((0, safeObject_1.get)(request.input.body, path)) {
+                    throw assertionError.get("forbidden_argument", `body.${path}`);
+                }
+            }
+        }
     }
-  }
-
-  /**
-   * Throw if some target have:
-   * - missing properties
-   * - invalid types
-   * - unauthorized values
-   *
-   * @param {Array<{index:string, collections?: string[]}>} targets Array of targets
-   * @param {*} options
-   */
-  assertTargetsAreValid(targets, { allowEmptyCollections } = {}) {
-    for (let i = 0; i < targets.length; i++) {
-      const target = targets[i];
-
-      if (!target.index) {
-        throw kerror.get(
-          "api",
-          "assert",
-          "missing_argument",
-          `targets[${i}].index`
-        );
-      }
-      if (this._hasMultiTargets(target.index)) {
-        throw kerror.get(
-          "services",
-          "storage",
-          "invalid_target_format",
-          `targets[${i}].index`,
-          target.index
-        );
-      }
-
-      if (!allowEmptyCollections && !target.collections) {
-        throw kerror.get(
-          "api",
-          "assert",
-          "missing_argument",
-          `targets[${i}].collections`
-        );
-      }
-
-      if (target.collections && !Array.isArray(target.collections)) {
-        throw kerror.get(
-          "api",
-          "assert",
-          "invalid_type",
-          `targets[${i}].collections`,
-          "array"
-        );
-      }
-
-      if (!allowEmptyCollections && target.collections.length === 0) {
-        throw kerror.get(
-          "api",
-          "assert",
-          "empty_argument",
-          `targets[${i}].collections`
-        );
-      }
-
-      if (
-        allowEmptyCollections &&
-        (!target.collections || target.collections.length === 0)
-      ) {
-        continue;
-      }
-
-      for (let j = 0; j < target.collections.length; j++) {
-        const collection = target.collections[j];
-
-        if (typeof collection !== "string") {
-          throw kerror.get(
-            "api",
-            "assert",
-            "invalid_type",
-            `targets[${i}].collections[${j}]`,
-            "string"
-          );
+    /**
+     * Throws if the strategy does not exists
+     *
+     * @todo move this method in some kind of "Security" class
+     */
+    assertIsStrategyRegistered(strategy) {
+        if (!global.kuzzle.pluginsManager.listStrategies().includes(strategy)) {
+            throw kerror.get("security", "credentials", "unknown_strategy", strategy);
         }
-
-        if (this._hasMultiTargets(collection)) {
-          throw kerror.get(
-            "services",
-            "storage",
-            "invalid_target_format",
-            `targets[${i}].collections[${j}]`,
-            collection
-          );
+    }
+    /**
+     * Throw if some target have:
+     * - missing properties
+     * - invalid types
+     * - unauthorized values
+     *
+     * @param Array of targets
+     * @param options.allowEmptyCollections
+     */
+    assertTargetsAreValid(targets, { allowEmptyCollections = false } = {}) {
+        for (let i = 0; i < targets.length; i++) {
+            const target = targets[i];
+            if (!target.index) {
+                throw kerror.get("api", "assert", "missing_argument", `targets[${i}].index`);
+            }
+            if (this._hasMultiTargets(target.index)) {
+                throw kerror.get("services", "storage", "invalid_target_format", `targets[${i}].index`, target.index);
+            }
+            if (!allowEmptyCollections && !target.collections) {
+                throw kerror.get("api", "assert", "missing_argument", `targets[${i}].collections`);
+            }
+            if (target.collections && !Array.isArray(target.collections)) {
+                throw kerror.get("api", "assert", "invalid_type", `targets[${i}].collections`, "array");
+            }
+            if (!allowEmptyCollections && target.collections.length === 0) {
+                throw kerror.get("api", "assert", "empty_argument", `targets[${i}].collections`);
+            }
+            if (allowEmptyCollections &&
+                (!target.collections || target.collections.length === 0)) {
+                continue;
+            }
+            for (let j = 0; j < target.collections.length; j++) {
+                const collection = target.collections[j];
+                if (typeof collection !== "string") {
+                    throw kerror.get("api", "assert", "invalid_type", `targets[${i}].collections[${j}]`, "string");
+                }
+                if (this._hasMultiTargets(collection)) {
+                    throw kerror.get("services", "storage", "invalid_target_format", `targets[${i}].collections[${j}]`, collection);
+                }
+            }
         }
-      }
     }
-  }
-
-  _hasMultiTargets(str) {
-    return [",", "*", "+"].some((chr) => str.includes(chr)) || str === "_all";
-  }
-
-  /**
-   * Throws if page size exceeed Kuzzle limits
-   *
-   * @param {Number} asked
-   * @throws
-   */
-  assertNotExceedMaxFetch(asked) {
-    const limit = global.kuzzle.config.limits.documentsFetchCount;
-
-    if (asked > limit) {
-      throw kerror.get("services", "storage", "get_limit_exceeded");
+    _hasMultiTargets(str) {
+        return [",", "*", "+"].some((chr) => str.includes(chr)) || str === "_all";
+    }
+    /**
+     * Throws if page size exceeed Kuzzle limits
+     *
+     * @param asked
+     * @throws
+     */
+    assertNotExceedMaxFetch(asked) {
+        const limit = global.kuzzle.config.limits.documentsFetchCount;
+        if (asked > limit) {
+            throw kerror.get("services", "storage", "get_limit_exceeded");
+        }
     }
-  }
-
-  /**
-   * Throws if number of documents exceeed Kuzzle limits
-   *
-   * @param {Number} asked
-   * @throws
-   */
-  assertNotExceedMaxWrite(asked) {
-    const limit = global.kuzzle.config.limits.documentsWriteCount;
-
-    if (asked > limit) {
-      throw kerror.get("services", "storage", "write_limit_exceeded");
+    /**
+     * Throws if number of documents exceeed Kuzzle limits
+     *
+     * @param asked
+     * @throws
+     */
+    assertNotExceedMaxWrite(asked) {
+        const limit = global.kuzzle.config.limits.documentsWriteCount;
+        if (asked > limit) {
+            throw kerror.get("services", "storage", "write_limit_exceeded");
+        }
     }
-  }
 }
-
-module.exports = { BaseController, NativeController };
+exports.NativeController = NativeController;
+//# sourceMappingURL=baseController.js.map

package/lib/api/controllers/documentController.js

@@ -232,17 +232,15 @@ class DocumentController extends NativeController {
 
   async export(request) {
     const { index, collection } = request.getIndexAndCollection();
-    const { size, scrollTTL, searchBody } = request.getSearchParams();
-    const format = request.getString("format", "jsonl");
-    const fields = request.getBodyArray("fields", []);
+    const { size, scrollTTL } = request.getSearchParams();
     const lang = request.getLangParam();
+    const format = request.getString("format", "jsonl");
     const separator = request.getString("separator", ",");
-    const fieldsName = request.getBodyObject("fieldsName", {});
+    const query = request.getObjectFromBodyOrArgs("query", {});
+    const fields = request.getArrayFromBodyOrArgs("fields", []);
+    const fieldsName = request.getObjectFromBodyOrArgs("fieldsName", {});
 
-    // Remove "fields" and "fieldsName" from searchBody to avoid ES throwing an error
-    // since those properties are not allowed in the searchBody
-    searchBody.fields = undefined;
-    searchBody.fieldsName = undefined;
+    const searchBody = { query };
 
     if (request.context.connection.protocol !== "http") {
       throw kerror.get(

package/lib/api/funnel.js

@@ -50,6 +50,7 @@ const kerror = require("../kerror");
 const debug = require("../util/debug")("kuzzle:funnel");
 const processError = kerror.wrap("api", "process");
 const { has } = require("../util/safeObject");
+const { HttpStream } = require("../types");
 
 // Actions of the auth controller that does not necessite to verify the token
 // when cookie auth is active
@@ -662,7 +663,9 @@ class Funnel {
       ) {
         // check if the plugin response can be serialized
         try {
-          JSON.stringify(responseData);
+          if (!(responseData instanceof HttpStream)) {
+            JSON.stringify(responseData);
+          }
         } catch (e) {
           _request.setResult(null);
           throw kerror.get("plugin", "controller", "unserializable_response");

package/lib/api/httpRoutes.js

@@ -664,6 +664,12 @@ const routes = [
     controller: "auth",
     action: "checkToken",
   },
+  {
+    verb: "post",
+    path: "/_createToken",
+    controller: "auth",
+    action: "createToken",
+  },
   {
     verb: "post",
     path: "/_refreshToken",

package/lib/api/openapi/openApiGenerator.js

@@ -25,7 +25,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.generateOpenApi = void 0;
 const lodash_1 = __importDefault(require("lodash"));
-const inflector_1 = require("../../util/inflector");
+const Inflector_1 = require("../../util/Inflector");
 const routeUrlMatch = /:([^/]*)/g;
 /**
  * Generate basic openApi Controller
@@ -35,7 +35,7 @@ function generateController(route, definition) {
         return;
     }
     if (!lodash_1.default.some(definition.tags, { name: route.controller })) {
-        const capitalizedController = inflector_1.Inflector.pascalCase(route.controller);
+        const capitalizedController = Inflector_1.Inflector.pascalCase(route.controller);
         definition.tags.push({
             description: `${capitalizedController} Controller`,
             name: route.controller,

package/lib/api/request/kuzzleRequest.d.ts

@@ -16,7 +16,7 @@ export declare class KuzzleRequest {
      * Request external ID (specified by "requestId" or random uuid)
      */
     id: string;
-    constructor(data: any, options: any);
+    constructor(data: any, options?: any);
     /**
      * Request internal ID
      */
@@ -373,6 +373,8 @@ export declare class KuzzleRequest {
      * Returns the search body query according to the http method
      */
     getSearchBody(): JSONObject;
+    getObjectFromBodyOrArgs(name: string, def?: JSONObject): JSONObject;
+    getArrayFromBodyOrArgs(name: string, def?: any): JSONObject;
     /**
      * Returns the search params.
      */

package/lib/api/request/kuzzleRequest.js

@@ -726,6 +726,38 @@ class KuzzleRequest {
         }
         return this.getObject("searchBody", {});
     }
+    getObjectFromBodyOrArgs(name, def) {
+        if (this.context.connection.protocol !== "http" ||
+            this.context.connection.misc.verb !== "GET") {
+            return this.getBodyObject(name, def);
+        }
+        const rawObject = this.getString(name, JSON.stringify(def));
+        try {
+            return JSON.parse(rawObject);
+        }
+        catch (error) {
+            if (error instanceof SyntaxError) {
+                throw assertionError.get("invalid_type", name, "JSON string");
+            }
+            throw error;
+        }
+    }
+    getArrayFromBodyOrArgs(name, def) {
+        if (this.context.connection.protocol !== "http" ||
+            this.context.connection.misc.verb !== "GET") {
+            return this.getBodyArray(name, def);
+        }
+        const rawObject = this.getString(name, JSON.stringify(def));
+        try {
+            return JSON.parse(rawObject);
+        }
+        catch (error) {
+            if (error instanceof SyntaxError) {
+                throw assertionError.get("invalid_type", name, "JSON string");
+            }
+            throw error;
+        }
+    }
     /**
      * Returns the search params.
      */

package/lib/core/backend/backendController.js

@@ -47,7 +47,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.BackendController = void 0;
-const inflector_1 = require("../../util/inflector");
+const Inflector_1 = require("../../util/Inflector");
 const kerror = __importStar(require("../../kerror"));
 const index_1 = require("./index");
 const plugin_1 = __importDefault(require("../plugin/plugin"));
@@ -149,7 +149,7 @@ class BackendController extends index_1.ApplicationManager {
             throw runtimeError.get("already_started", "controller");
         }
         if (!controller.name) {
-            controller.name = inflector_1.Inflector.kebabCase(controller.constructor.name).replace("-controller", "");
+            controller.name = Inflector_1.Inflector.kebabCase(controller.constructor.name).replace("-controller", "");
         }
         plugin_1.default.checkControllerDefinition(controller.name, controller.definition);
         for (const [action, definition] of Object.entries(controller.definition.actions)) {

package/lib/core/backend/backendPlugin.js

@@ -47,7 +47,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.BackendPlugin = void 0;
-const inflector_1 = require("../../util/inflector");
+const Inflector_1 = require("../../util/Inflector");
 const kerror = __importStar(require("../../kerror"));
 const index_1 = require("./index");
 const didYouMean_1 = __importDefault(require("../../util/didYouMean"));
@@ -77,7 +77,7 @@ class BackendPlugin extends index_1.ApplicationManager {
             throw assertionError.get("no_name_provided");
         }
         const name = options.name ||
-            inflector_1.Inflector.kebabCase(plugin.constructor.name.replace("Plugin", ""));
+            Inflector_1.Inflector.kebabCase(plugin.constructor.name.replace("Plugin", ""));
         if (!this._application.PluginObject.checkName(name)) {
             throw assertionError.get("invalid_plugin_name", name);
         }