kuzzle 2.19.2 → 2.19.3

package/lib/model/security/profile.js

@@ -52,7 +52,7 @@ const bluebird_1 = __importDefault(require("bluebird"));
 const rights_1 = __importDefault(require("./rights"));
 const kerror = __importStar(require("../../kerror"));
 const safeObject_1 = require("../../util/safeObject");
-const assertionError = kerror.wrap('api', 'assert');
+const assertionError = kerror.wrap("api", "assert");
 /**
  * @class Profile
  */
@@ -70,10 +70,10 @@ class Profile {
      */
     async getPolicies() {
         if (!global.kuzzle) {
-            throw kerror.get('security', 'profile', 'uninitialized', this._id);
+            throw kerror.get("security", "profile", "uninitialized", this._id);
         }
         return bluebird_1.default.map(this.optimizedPolicies, async ({ restrictedTo, roleId }) => {
-            const role = await global.kuzzle.ask('core:security:role:get', roleId);
+            const role = await global.kuzzle.ask("core:security:role:get", roleId);
             return { restrictedTo, role };
         });
     }
@@ -82,23 +82,24 @@ class Profile {
      * @returns {Promise}
      */
     async getAllowedPolicies(request) {
-        if (this.optimizedPolicies === undefined || this.optimizedPolicies.length === 0) {
+        if (this.optimizedPolicies === undefined ||
+            this.optimizedPolicies.length === 0) {
             return [];
         }
         const policies = await this.getPolicies();
-        return policies.filter(policy => policy.role.isActionAllowed(request));
+        return policies.filter((policy) => policy.role.isActionAllowed(request));
     }
     /**
      * @param {Request} request
      * @returns {Promise<boolean>}
      */
     async isActionAllowed(request) {
-        if (this.optimizedPolicies === undefined || this.optimizedPolicies.length === 0) {
+        if (this.optimizedPolicies === undefined ||
+            this.optimizedPolicies.length === 0) {
             return false;
         }
         const allowedPolicies = await this.getAllowedPolicies(request);
-        return allowedPolicies
-            .some(policy => policy.role.checkRestrictions(request.input.args.index, request.input.args.collection, policy.restrictedTo));
+        return allowedPolicies.some((policy) => policy.role.checkRestrictions(request.input.args.index, request.input.args.collection, policy.restrictedTo));
     }
     /**
      * Validates the Profile format
@@ -111,63 +112,63 @@ class Profile {
     async validateDefinition({ strict = false } = {}) {
         this.validateRateLimit();
         if (!this.policies) {
-            throw assertionError.get('missing_argument', `${this._id}.policies`);
+            throw assertionError.get("missing_argument", `${this._id}.policies`);
         }
         if (!Array.isArray(this.policies)) {
-            throw assertionError.get('invalid_type', `${this._id}.policies`, 'object[]');
+            throw assertionError.get("invalid_type", `${this._id}.policies`, "object[]");
         }
         if (this.policies.length === 0) {
-            throw assertionError.get('empty_argument', `${this._id}.policies`);
+            throw assertionError.get("empty_argument", `${this._id}.policies`);
         }
         let i = 0;
         for (const policy of this.policies) {
             if (!policy.roleId) {
-                throw assertionError.get('missing_argument', `${this._id}.policies[${i}].roleId`);
+                throw assertionError.get("missing_argument", `${this._id}.policies[${i}].roleId`);
             }
             for (const member of Object.keys(policy)) {
-                if (member !== 'roleId' && member !== 'restrictedTo') {
-                    throw assertionError.get('unexpected_argument', `${this._id}.policies[${i}].${member}`, '"roleId", "restrictedTo"');
+                if (member !== "roleId" && member !== "restrictedTo") {
+                    throw assertionError.get("unexpected_argument", `${this._id}.policies[${i}].${member}`, '"roleId", "restrictedTo"');
                 }
             }
             if (policy.restrictedTo) {
                 if (!Array.isArray(policy.restrictedTo)) {
-                    throw assertionError.get('invalid_type', `${this._id}.policies[${i}].restrictedTo`, 'object[]');
+                    throw assertionError.get("invalid_type", `${this._id}.policies[${i}].restrictedTo`, "object[]");
                 }
                 let j = 0;
                 for (const restriction of policy.restrictedTo) {
                     if (!(0, safeObject_1.isPlainObject)(restriction)) {
-                        throw assertionError.get('invalid_type', `${this._id}.policies[${i}].restrictedTo[${restriction}]`, 'object');
+                        throw assertionError.get("invalid_type", `${this._id}.policies[${i}].restrictedTo[${restriction}]`, "object");
                     }
                     if (restriction.index === null || restriction.index === undefined) {
-                        throw assertionError.get('missing_argument', `${this._id}.policies[${i}].restrictedTo[${j}].index`);
+                        throw assertionError.get("missing_argument", `${this._id}.policies[${i}].restrictedTo[${j}].index`);
                     }
                     if (strict) {
-                        const indexExists = await global.kuzzle.ask('core:storage:public:index:exist', restriction.index);
+                        const indexExists = await global.kuzzle.ask("core:storage:public:index:exist", restriction.index);
                         if (!indexExists) {
-                            throw kerror.get('services', 'storage', 'unknown_index', restriction.index);
+                            throw kerror.get("services", "storage", "unknown_index", restriction.index);
                         }
                     }
-                    if (restriction.collections !== undefined
-                        && restriction.collections !== null) {
+                    if (restriction.collections !== undefined &&
+                        restriction.collections !== null) {
                         if (!Array.isArray(restriction.collections)) {
-                            throw assertionError.get('invalid_type', `${this._id}.policies[${i}].restrictedTo[${j}].collections`, 'string[]');
+                            throw assertionError.get("invalid_type", `${this._id}.policies[${i}].restrictedTo[${j}].collections`, "string[]");
                         }
                         if (strict) {
                             const invalidCollections = [];
                             for (const collection of restriction.collections) {
-                                const isValid = await global.kuzzle.ask('core:storage:public:collection:exist', restriction.index, collection);
+                                const isValid = await global.kuzzle.ask("core:storage:public:collection:exist", restriction.index, collection);
                                 if (!isValid) {
                                     invalidCollections.push(collection);
                                 }
                             }
                             if (invalidCollections.length > 0) {
-                                throw kerror.get('services', 'storage', 'unknown_collection', restriction.index, invalidCollections);
+                                throw kerror.get("services", "storage", "unknown_collection", restriction.index, invalidCollections);
                             }
                         }
                     }
                     for (const member of Object.keys(restriction)) {
-                        if (member !== 'index' && member !== 'collections') {
-                            throw assertionError.get('unexpected_argument', `${this._id}.policies[${i}].restrictedTo[${j}].${member}`, '"index", "collections"');
+                        if (member !== "index" && member !== "collections") {
+                            throw assertionError.get("unexpected_argument", `${this._id}.policies[${i}].restrictedTo[${j}].${member}`, '"index", "collections"');
                         }
                     }
                     j++;
@@ -189,15 +190,15 @@ class Profile {
             const role = policy.role;
             let restrictedTo = lodash_1.default.cloneDeep(policy.restrictedTo);
             if (restrictedTo === undefined || restrictedTo.size === 0) {
-                restrictedTo = new Map([['*', ['*']]]);
+                restrictedTo = new Map([["*", ["*"]]]);
             }
             for (const [controller, rights] of Object.entries(role.controllers)) {
                 for (const [action, actionRights] of Object.entries(rights.actions)) {
-                    for (const [restrictedIndex, restrictedCollections] of restrictedTo.entries()) {
+                    for (const [restrictedIndex, restrictedCollections,] of restrictedTo.entries()) {
                         let collections = restrictedCollections;
-                        if (restrictedCollections === undefined
-                            || restrictedCollections.length === 0) {
-                            collections = ['*'];
+                        if (restrictedCollections === undefined ||
+                            restrictedCollections.length === 0) {
+                            collections = ["*"];
                         }
                         for (const collection of collections) {
                             const rightsItem = {
@@ -205,12 +206,12 @@ class Profile {
                                 collection,
                                 controller,
                                 index: restrictedIndex,
-                                value: actionRights
+                                value: actionRights,
                             };
                             const rightsObject = {
                                 // eslint-disable-next-line @typescript-eslint/ban-ts-comment
                                 // @ts-ignore
-                                [this.constructor._hash(rightsItem)]: rightsItem
+                                [this.constructor._hash(rightsItem)]: rightsItem,
                             };
                             lodash_1.default.assignWith(profileRights, rightsObject, rights_1.default.merge);
                         }
@@ -227,12 +228,12 @@ class Profile {
         if (this.rateLimit === null || this.rateLimit === undefined) {
             this.rateLimit = 0;
         }
-        if (typeof this.rateLimit !== 'number'
-            || !Number.isInteger(this.rateLimit)) {
-            throw assertionError.get('invalid_type', 'rateLimit', 'integer');
+        if (typeof this.rateLimit !== "number" ||
+            !Number.isInteger(this.rateLimit)) {
+            throw assertionError.get("invalid_type", "rateLimit", "integer");
         }
         if (this.rateLimit < 0) {
-            throw assertionError.get('invalid_argument', 'rateLimit', 'positive integer, or zero');
+            throw assertionError.get("invalid_argument", "rateLimit", "positive integer, or zero");
         }
     }
 }

package/lib/model/security/rights.js

@@ -19,10 +19,10 @@
  * limitations under the License.
  */
 
-'use strict';
+"use strict";
 
-function isAllowed (obj) {
-  return obj && (obj.value === 'allowed' || obj.value === true);
+function isAllowed(obj) {
+  return obj && (obj.value === "allowed" || obj.value === true);
 }
 
 /**
@@ -32,8 +32,8 @@ function isAllowed (obj) {
  *
  * @returns {Object} the merged policies rights
  */
-function merge (prev, cur) {
-  cur.value = isAllowed(cur) || isAllowed(prev) ? 'allowed' : 'denied';
+function merge(prev, cur) {
+  cur.value = isAllowed(cur) || isAllowed(prev) ? "allowed" : "denied";
 
   return cur;
 }

package/lib/model/security/role.d.ts

@@ -1,6 +1,6 @@
-import { ControllerRight, ControllerRights } from '../../types/ControllerRights';
-import { KuzzleRequest } from '../../../index';
-import { OptimizedPolicyRestrictions } from '../../types/PolicyRestrictions';
+import { ControllerRight, ControllerRights } from "../../types/ControllerRights";
+import { KuzzleRequest } from "../../../index";
+import { OptimizedPolicyRestrictions } from "../../types/PolicyRestrictions";
 /**
  * @class Role
  */

package/lib/model/security/role.js

@@ -47,7 +47,7 @@ exports.Role = void 0;
 const kerror = __importStar(require("../../kerror"));
 const safeObject_1 = require("../../util/safeObject");
 const array_1 = require("../../util/array");
-const assertionError = kerror.wrap('api', 'assert');
+const assertionError = kerror.wrap("api", "assert");
 /**
  * @class Role
  */
@@ -61,7 +61,7 @@ class Role {
      */
     isActionAllowed(request) {
         if (!global.kuzzle) {
-            throw kerror.get('security', 'role', 'uninitialized', this._id);
+            throw kerror.get("security", "role", "uninitialized", this._id);
         }
         if (this.controllers === undefined || this.controllers === null) {
             return false;
@@ -70,15 +70,16 @@ class Role {
         // @deprecated - the "memoryStorage" alias should be removed in the next
         // major version
         // Handles the memory storage controller aliases: ms, memoryStorage
-        if ((request.input.controller === 'ms' || request.input.controller === 'memoryStorage')
-            && (this.controllers.ms || this.controllers.memoryStorage)) {
+        if ((request.input.controller === "ms" ||
+            request.input.controller === "memoryStorage") &&
+            (this.controllers.ms || this.controllers.memoryStorage)) {
             controllerRights = this.controllers.ms || this.controllers.memoryStorage;
         }
         else if ((0, safeObject_1.has)(this.controllers, request.input.controller)) {
             controllerRights = this.controllers[request.input.controller];
         }
-        else if (this.controllers['*'] !== undefined) {
-            controllerRights = this.controllers['*'];
+        else if (this.controllers["*"] !== undefined) {
+            controllerRights = this.controllers["*"];
         }
         else {
             return false;
@@ -90,13 +91,13 @@ class Role {
         if ((0, safeObject_1.has)(controllerRights.actions, request.input.action)) {
             actionRights = controllerRights.actions[request.input.action];
         }
-        else if (controllerRights.actions['*'] !== undefined) {
-            actionRights = controllerRights.actions['*'];
+        else if (controllerRights.actions["*"] !== undefined) {
+            actionRights = controllerRights.actions["*"];
         }
         else {
             return false;
         }
-        if (typeof actionRights !== 'boolean' || !actionRights) {
+        if (typeof actionRights !== "boolean" || !actionRights) {
             return false;
         }
         return true;
@@ -106,17 +107,15 @@ class Role {
      */
     async validateDefinition() {
         if (this.controllers === undefined || this.controllers === null) {
-            throw assertionError.get('missing_argument', `${this._id}.controllers`);
+            throw assertionError.get("missing_argument", `${this._id}.controllers`);
         }
         if (!(0, safeObject_1.isPlainObject)(this.controllers)) {
-            throw assertionError.get('invalid_type', `${this._id}.controllers`, 'object');
+            throw assertionError.get("invalid_type", `${this._id}.controllers`, "object");
         }
         if (Object.keys(this.controllers).length === 0) {
-            throw assertionError.get('empty_argument', `${this._id}.controllers`);
+            throw assertionError.get("empty_argument", `${this._id}.controllers`);
         }
-        Object
-            .entries(this.controllers)
-            .forEach(entry => this.validateControllerRights(...entry));
+        Object.entries(this.controllers).forEach((entry) => this.validateControllerRights(...entry));
     }
     /**
      * @param {String} index
@@ -163,23 +162,23 @@ class Role {
      */
     validateControllerRights(name, controller) {
         if (!(0, safeObject_1.isPlainObject)(controller)) {
-            throw assertionError.get('invalid_type', name, 'object');
+            throw assertionError.get("invalid_type", name, "object");
         }
         if (Object.keys(controller).length === 0) {
-            throw assertionError.get('empty_argument', name);
+            throw assertionError.get("empty_argument", name);
         }
-        if (!(0, safeObject_1.has)(controller, 'actions')) {
-            throw assertionError.get('missing_argument', name);
+        if (!(0, safeObject_1.has)(controller, "actions")) {
+            throw assertionError.get("missing_argument", name);
         }
         if (!(0, safeObject_1.isPlainObject)(controller.actions)) {
-            throw assertionError.get('invalid_type', `${name}.actions`, 'object');
+            throw assertionError.get("invalid_type", `${name}.actions`, "object");
         }
         if (Object.keys(controller.actions).length === 0) {
-            throw assertionError.get('empty_argument', `${name}.actions`);
+            throw assertionError.get("empty_argument", `${name}.actions`);
         }
         for (const [actionName, action] of Object.entries(controller.actions)) {
-            if (typeof action !== 'boolean') {
-                throw assertionError.get('invalid_type', `${name}.actions.${actionName}`, 'boolean');
+            if (typeof action !== "boolean") {
+                throw assertionError.get("invalid_type", `${name}.actions.${actionName}`, "boolean");
             }
         }
     }
@@ -189,12 +188,12 @@ class Role {
      * @returns {boolean}
      */
     canLogIn() {
-        for (const controllerKey of ['auth', '*']) {
+        for (const controllerKey of ["auth", "*"]) {
             if (this.controllers[controllerKey]) {
                 const controller = this.controllers[controllerKey];
-                for (const actionKey of ['login', '*']) {
+                for (const actionKey of ["login", "*"]) {
                     const action = controller.actions[actionKey];
-                    if (typeof action === 'boolean' && action) {
+                    if (typeof action === "boolean" && action) {
                         return true;
                     }
                 }

package/lib/model/security/token.d.ts

@@ -23,7 +23,7 @@ export declare class Token implements TokenContent {
     jwt: string;
     refreshed: boolean;
     constructor(data?: TokenContent);
-    get type(): 'apiKey' | 'authToken';
+    get type(): "apiKey" | "authToken";
     static get AUTH_PREFIX(): string;
     static get APIKEY_PREFIX(): string;
 }

package/lib/model/security/token.js

@@ -35,15 +35,15 @@ class Token {
     }
     get type() {
         if (this.jwt && this.jwt.startsWith(Token.APIKEY_PREFIX)) {
-            return 'apiKey';
+            return "apiKey";
         }
-        return 'authToken';
+        return "authToken";
     }
     static get AUTH_PREFIX() {
-        return 'kauth-';
+        return "kauth-";
     }
     static get APIKEY_PREFIX() {
-        return 'kapikey-';
+        return "kapikey-";
     }
 }
 exports.Token = Token;

package/lib/model/security/user.d.ts

@@ -1,5 +1,5 @@
-import { Profile } from './profile';
-import { KuzzleRequest } from '../../../index';
+import { Profile } from "./profile";
+import { KuzzleRequest } from "../../../index";
 /**
  * @class User
  */

package/lib/model/security/user.js

@@ -63,18 +63,18 @@ class User {
      */
     getProfiles() {
         if (!global.kuzzle) {
-            return kerror.reject('security', 'user', 'uninitialized', this._id);
+            return kerror.reject("security", "user", "uninitialized", this._id);
         }
-        return global.kuzzle.ask('core:security:profile:mGet', this.profileIds);
+        return global.kuzzle.ask("core:security:profile:mGet", this.profileIds);
     }
     /**
      * @returns {Promise}
      */
     async getRights() {
         const profiles = await this.getProfiles();
-        const results = await Promise.all(profiles.map(p => p.getRights()));
+        const results = await Promise.all(profiles.map((p) => p.getRights()));
         const rights = {};
-        results.forEach(right => lodash_1.default.assignWith(rights, right, rights_1.default.merge));
+        results.forEach((right) => lodash_1.default.assignWith(rights, right, rights_1.default.merge));
         return rights;
     }
     /**
@@ -85,7 +85,7 @@ class User {
         if (this.profileIds === undefined || this.profileIds.length === 0) {
             return false;
         }
-        const targets = request.getArray('targets', []);
+        const targets = request.getArray("targets", []);
         const profiles = await this.getProfiles();
         if (targets.length === 0) {
             for (const profile of profiles) {
@@ -104,7 +104,7 @@ class User {
      * later on, based on index and collections authorized for the given user.
      */
     async areTargetsAllowed(request, profiles, targets) {
-        const profilesPolicies = await Promise.all(profiles.map(profile => profile.getAllowedPolicies(request)));
+        const profilesPolicies = await Promise.all(profiles.map((profile) => profile.getAllowedPolicies(request)));
         // Every target must be allowed by at least one profile
         for (const target of targets) {
             // Skip targets with no Index or Collection
@@ -112,15 +112,15 @@ class User {
                 continue;
             }
             // TODO: Support Wildcard
-            if (target.index.includes('*')) {
+            if (target.index.includes("*")) {
                 return false;
             }
             for (const collection of target.collections) {
                 // TODO: Support Wildcard
-                if (collection.includes('*')) {
+                if (collection.includes("*")) {
                     return false;
                 }
-                const isTargetAllowed = profilesPolicies.some(policies => policies.some(policy => policy.role.checkRestrictions(target.index, collection, policy.restrictedTo)));
+                const isTargetAllowed = profilesPolicies.some((policies) => policies.some((policy) => policy.role.checkRestrictions(target.index, collection, policy.restrictedTo)));
                 if (!isTargetAllowed) {
                     return false;
                 }

package/lib/model/storage/apiKey.js

@@ -19,36 +19,37 @@
  * limitations under the License.
  */
 
-'use strict';
+"use strict";
 
-const { sha256 } = require('../../util/crypto');
-const debug = require('../../util/debug')('models:storage:apiKey');
-const kerror = require('../../kerror');
-const BaseModel = require('./baseModel');
+const { sha256 } = require("../../util/crypto");
+const debug = require("../../util/debug")("models:storage:apiKey");
+const kerror = require("../../kerror");
+const BaseModel = require("./baseModel");
 
 class ApiKey extends BaseModel {
-  constructor (_source, _id = null) {
+  constructor(_source, _id = null) {
     super(_source, _id);
   }
 
   /**
    * @override
    */
-  async _afterDelete () {
+  async _afterDelete() {
     const token = await global.kuzzle.ask(
-      'core:security:token:get',
+      "core:security:token:get",
       this.userId,
-      this.token);
+      this.token
+    );
 
     if (token) {
-      await global.kuzzle.ask('core:security:token:delete', token);
+      await global.kuzzle.ask("core:security:token:delete", token);
     }
   }
 
-  serialize ({ includeToken = false } = {}) {
+  serialize({ includeToken = false } = {}) {
     const serialized = super.serialize();
 
-    if (! includeToken) {
+    if (!includeToken) {
       delete serialized._source.token;
     }
 
@@ -60,15 +61,22 @@ class ApiKey extends BaseModel {
   /**
    * @override
    */
-  static get collection () {
-    return 'api-keys';
+  static get collection() {
+    return "api-keys";
   }
 
   /**
    * @override
    */
-  static get fields () {
-    return ['userId', 'description', 'expiresAt', 'ttl', 'token', 'fingerprint'];
+  static get fields() {
+    return [
+      "userId",
+      "description",
+      "expiresAt",
+      "ttl",
+      "token",
+      "fingerprint",
+    ];
   }
 
   /**
@@ -81,28 +89,30 @@ class ApiKey extends BaseModel {
    *
    * @returns {ApiKey}
    */
-  static async create (
+  static async create(
     user,
     expiresIn,
     description,
     { creatorId = null, apiKeyId = null, refresh, bypassMaxTTL = false } = {}
   ) {
-    const token = await global.kuzzle.ask('core:security:token:create', user, {
+    const token = await global.kuzzle.ask("core:security:token:create", user, {
       bypassMaxTTL,
       expiresIn,
-      type: 'apiKey',
+      type: "apiKey",
     });
 
     const fingerprint = sha256(token.jwt);
-    const apiKey = new ApiKey({
-      description,
-      expiresAt: token.expiresAt,
-      fingerprint,
-      token: token.jwt,
-      ttl: token.ttl,
-      userId: user._id,
-    },
-    apiKeyId || fingerprint);
+    const apiKey = new ApiKey(
+      {
+        description,
+        expiresAt: token.expiresAt,
+        fingerprint,
+        token: token.jwt,
+        ttl: token.ttl,
+        userId: user._id,
+      },
+      apiKeyId || fingerprint
+    );
 
     await apiKey.save({ refresh, userId: creatorId });
 
@@ -117,12 +127,12 @@ class ApiKey extends BaseModel {
    *
    * @returns {ApiKey}
    */
-  static async load (userId, id) {
+  static async load(userId, id) {
     const apiKey = await super.load(id);
 
     if (userId !== apiKey.userId) {
-      throw kerror.get('services', 'storage', 'not_found', id, {
-        message: `ApiKey "${id}" not found for user "${userId}".`
+      throw kerror.get("services", "storage", "not_found", id, {
+        message: `ApiKey "${id}" not found for user "${userId}".`,
       });
     }
 
@@ -137,8 +147,8 @@ class ApiKey extends BaseModel {
    *
    * @returns {Promise}
    */
-  static deleteByUser (user, { refresh } = {}) {
-    debug('Delete ApiKeys for user %a', user);
+  static deleteByUser(user, { refresh } = {}) {
+    debug("Delete ApiKeys for user %a", user);
     return this.deleteByQuery({ term: { userId: user._id } }, { refresh });
   }
 }