npm - kuzzle - Versions diffs - 2.49.1 → 2.50.0-beta.3 - Mend

kuzzle 2.49.1 → 2.50.0-beta.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (592) hide show

package/dist/lib/kuzzle/internalIndexHandler.js ADDED Viewed

@@ -0,0 +1,174 @@
+/*
+ * Kuzzle, a backend software, self-hostable and ready to use
+ * to power modern apps
+ *
+ * Copyright 2015-2022 Kuzzle
+ * mailto: support AT kuzzle.io
+ * website: http://kuzzle.io
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+"use strict";
+const crypto = require("crypto");
+const Bluebird = require("bluebird");
+const debug = require("../util/debug")("kuzzle:bootstrap:internalIndex");
+const { Store } = require("../core/shared/store");
+const { Mutex } = require("../util/mutex");
+const { storeScopeEnum } = require("../core/storage/storeScopeEnum");
+const kerror = require("../kerror");
+const securitiesBootstrap = {
+    profiles: {
+        admin: {
+            policies: [{ roleId: "admin" }],
+            rateLimit: 0,
+        },
+        anonymous: {
+            policies: [{ roleId: "anonymous" }],
+        },
+        default: {
+            policies: [{ roleId: "default" }],
+        },
+    },
+    roles: {
+        admin: {
+            controllers: {
+                "*": {
+                    actions: {
+                        "*": true,
+                    },
+                },
+            },
+        },
+        anonymous: {
+            controllers: {
+                "*": {
+                    actions: {
+                        "*": true,
+                    },
+                },
+            },
+        },
+        default: {
+            controllers: {
+                "*": {
+                    actions: {
+                        "*": true,
+                    },
+                },
+            },
+        },
+    },
+};
+const dataModelVersion = "2.0.0";
+class InternalIndexHandler extends Store {
+    constructor() {
+        super(global.kuzzle.config.services.storageEngine.internalIndex.name, storeScopeEnum.PRIVATE);
+        this.timeout =
+            global.kuzzle.config.services.internalIndex.bootstrapLockTimeout;
+        this.config = global.kuzzle.config.services.storageEngine.internalIndex;
+        // IDs for config documents
+        this._BOOTSTRAP_DONE_ID = `${this.index}.done`;
+        this._DATAMODEL_VERSION_ID = "internalIndex.dataModelVersion";
+        this._JWT_SECRET_ID = "security.jwt.secret";
+        this.logger = global.kuzzle.log.child("internalIndexHandler");
+    }
+    /**
+     * @returns {Promise}
+     */
+    async init() {
+        await super.init(this.config.collections);
+        const mutex = new Mutex("InternalIndexBootstrap", {
+            timeout: -1,
+            ttl: 30000,
+        });
+        await mutex.lock();
+        try {
+            const bootstrapped = await this.exists("config", this._BOOTSTRAP_DONE_ID);
+            if (bootstrapped) {
+                await this._initSecret();
+                return;
+            }
+            await Bluebird.resolve(this._bootstrapSequence()).timeout(this.timeout);
+            await this.create("config", { timestamp: Date.now() }, {
+                id: this._BOOTSTRAP_DONE_ID,
+            });
+        }
+        catch (error) {
+            if (error instanceof Bluebird.TimeoutError) {
+                throw kerror.get("services", "storage", "bootstrap_timeout", "internalIndex");
+            }
+            throw error;
+        }
+        finally {
+            await mutex.unlock();
+        }
+    }
+    /**
+     * @override
+     */
+    async _bootstrapSequence() {
+        debug("Bootstrapping security structure");
+        await this.createInitialSecurities();
+        debug("Bootstrapping document validation structure");
+        await this.createInitialValidations();
+        debug("Bootstrapping JWT secret");
+        await this._initSecret();
+        // Create datamodel version
+        await this.create("config", { version: dataModelVersion }, {
+            id: this._DATAMODEL_VERSION_ID,
+        });
+    }
+    /**
+     * Creates initial roles and profiles as specified in Kuzzle configuration
+     */
+    async createInitialSecurities() {
+        await Bluebird.map(Object.entries(securitiesBootstrap.roles), ([roleId, content]) => {
+            return this.createOrReplace("roles", roleId, content, {
+                refresh: "wait_for",
+            });
+        });
+        await Bluebird.map(Object.entries(securitiesBootstrap.profiles), ([profileId, content]) => {
+            return this.createOrReplace("profiles", profileId, content, {
+                refresh: "wait_for",
+            });
+        });
+    }
+    async createInitialValidations() {
+        const initialValidations = global.kuzzle.config.validation;
+        const promises = [];
+        for (const [index, collection] of Object.entries(initialValidations)) {
+            for (const [collectionName, validation] of Object.entries(collection)) {
+                const validationId = `${index}#${collectionName}`;
+                promises.push(this.createOrReplace("validations", validationId, validation));
+            }
+        }
+        await Bluebird.all(promises);
+    }
+    async _initSecret() {
+        const { authToken, jwt } = global.kuzzle.config.security;
+        const configSeed = authToken?.secret ?? jwt?.secret;
+        let storedSeed = await this.exists("config", this._JWT_SECRET_ID);
+        if (!configSeed) {
+            if (!storedSeed) {
+                storedSeed = crypto.randomBytes(512).toString("hex");
+                await this.create("config", { seed: storedSeed }, { id: this._JWT_SECRET_ID });
+            }
+            this.logger.warn("[!] Kuzzle is using a generated seed for authentication. This is suitable for development but should NEVER be used in production. See https://docs.kuzzle.io/core/2/guides/getting-started/deploy-your-application/");
+        }
+        global.kuzzle.secret = configSeed
+            ? configSeed
+            : (await this.get("config", this._JWT_SECRET_ID))._source.seed;
+    }
+}
+module.exports = InternalIndexHandler;
+//# sourceMappingURL=internalIndexHandler.js.map

package/{lib → dist/lib}/kuzzle/kuzzle.d.ts RENAMED Viewed

@@ -5,7 +5,7 @@ import { TokenManager } from "../core/auth/tokenManager";
 import EntryPoint from "../core/network/entryPoint";
 import Router from "../core/network/router";
 import PluginsManager from "../core/plugin/pluginsManager";
-import Validation from "../core/validation";
+import Validation from "../core/validation/validation";
 import { KuzzleConfiguration } from "../types/config/KuzzleConfiguration";
 import AsyncStore from "../util/asyncStore";
 import { ImportConfig, InstallationConfig, StartOptions, SupportConfig } from "./../types/Kuzzle";
@@ -13,7 +13,6 @@ import KuzzleEventEmitter from "./event/KuzzleEventEmitter";
 import InternalIndexHandler from "./internalIndexHandler";
 import kuzzleStateEnum from "./kuzzleStateEnum";
 import { Logger } from "./Logger";
-import vault from "./vault";
 declare class Kuzzle extends KuzzleEventEmitter {
     config: KuzzleConfiguration;
     private _state;
@@ -45,7 +44,7 @@ declare class Kuzzle extends KuzzleEventEmitter {
     /**
      * Validation core component
      */
-    validation: typeof Validation;
+    validation: Validation;
     /**
      * Dump generator
      */
@@ -53,7 +52,7 @@ declare class Kuzzle extends KuzzleEventEmitter {
     /**
      * Vault component (will be initialized after bootstrap)
      */
-    vault: typeof vault;
+    vault: any;
     /**
      * AsyncLocalStorage wrapper
      */
@@ -129,10 +128,10 @@ declare class Kuzzle extends KuzzleEventEmitter {
      * @returns {Promise<void>}
      */
     loadInitialState(toImport?: ImportConfig, toSupport?: SupportConfig): Promise<void>;
-    dump(suffix: any): any;
+    dump(suffix: any): Promise<any>;
     hash(input: any): number;
-    get state(): typeof kuzzleStateEnum;
-    set state(value: typeof kuzzleStateEnum);
+    get state(): kuzzleStateEnum;
+    set state(value: kuzzleStateEnum);
     /**
      * Register handlers and do a kuzzle dump for:
      * - system signals

package/{lib → dist/lib}/kuzzle/kuzzle.js RENAMED Viewed

@@ -66,9 +66,9 @@ const router_1 = __importDefault(require("../core/network/router"));
 const pluginsManager_1 = __importDefault(require("../core/plugin/pluginsManager"));
 const realtime_1 = __importDefault(require("../core/realtime"));
 const security_1 = __importDefault(require("../core/security"));
-const statistics_1 = __importDefault(require("../core/statistics"));
+const statistics_1 = __importDefault(require("../core/statistics/statistics"));
 const storageEngine_1 = __importDefault(require("../core/storage/storageEngine"));
-const validation_1 = __importDefault(require("../core/validation"));
+const validation_1 = __importDefault(require("../core/validation/validation"));
 const kerror = __importStar(require("../kerror"));
 const asyncStore_1 = __importDefault(require("../util/asyncStore"));
 const crypto_1 = require("../util/crypto");
@@ -514,6 +514,9 @@ class Kuzzle extends KuzzleEventEmitter_1.default {
      */
     registerSignalHandlers() {
         process.removeAllListeners("unhandledRejection");
+        process.on("exit", () => {
+            this.shutdown();
+        });
         process.on("unhandledRejection", (reason, promise) => {
             if (reason !== undefined) {
                 if (reason instanceof Error) {

package/dist/lib/kuzzle/kuzzleStateEnum.d.ts ADDED Viewed

@@ -0,0 +1,20 @@
+export = kuzzleStateEnum;
+type kuzzleStateEnum = number;
+/**
+ * @typedef {number} kuzzleStateEnum
+ */
+/**
+ * Enum for Kuzzle's state
+ * @readOnly
+ * @enum {kuzzleStateEnum}
+ */
+declare const kuzzleStateEnum: Readonly<{
+    NOT_ENOUGH_NODES: 4;
+    RUNNING: 2;
+    SHUTTING_DOWN: 3;
+    STARTING: 1;
+}>;
+declare namespace kuzzleStateEnum {
+    export { kuzzleStateEnum };
+}
+type kuzzleStateEnum = number;

package/{lib → dist/lib}/kuzzle/kuzzleStateEnum.js RENAMED Viewed

@@ -18,23 +18,20 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 "use strict";
 /**
  * @typedef {number} kuzzleStateEnum
  */
 /**
  * Enum for Kuzzle's state
  * @readOnly
  * @enum {kuzzleStateEnum}
  */
 const kuzzleStateEnum = Object.freeze({
-  NOT_ENOUGH_NODES: 4,
-  RUNNING: 2,
-  SHUTTING_DOWN: 3,
-  STARTING: 1,
+    NOT_ENOUGH_NODES: 4,
+    RUNNING: 2,
+    SHUTTING_DOWN: 3,
+    STARTING: 1,
 });
 module.exports = kuzzleStateEnum;
+//# sourceMappingURL=kuzzleStateEnum.js.map

package/dist/lib/kuzzle/vault.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export function load(vaultKey: any, secretsFile: any): Vault;
2	+ import { Vault } from "kuzzle-vault";

package/dist/lib/kuzzle/vault.js ADDED Viewed

@@ -0,0 +1,63 @@
+/*
+ * Kuzzle, a backend software, self-hostable and ready to use
+ * to power modern apps
+ *
+ * Copyright 2015-2022 Kuzzle
+ * mailto: support AT kuzzle.io
+ * website: http://kuzzle.io
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+"use strict";
+const assert = require("assert");
+const fs = require("fs");
+const path = require("path");
+const _ = require("lodash");
+const { Vault } = require("kuzzle-vault");
+// The Vault package remove the variable from env after reading it and we have
+// to instantiate the Vault two times with Kaaf (one before init and one after)
+let ENV_VAULT_KEY;
+function load(vaultKey, secretsFile) {
+    // Using KaaF kuzzle is an npm package and is located under node_modules folder
+    // We need to get back to root folder of the project to get the secret file
+    const defaultEncryptedSecretsFile = __dirname.endsWith("/node_modules/kuzzle/lib/kuzzle")
+        ? path.resolve(`${__dirname}/../../../../config/secrets.enc.json`)
+        : path.resolve(`${__dirname}/../../config/secrets.enc.json`);
+    const encryptedSecretsFile = secretsFile ||
+        process.env.KUZZLE_SECRETS_FILE ||
+        defaultEncryptedSecretsFile;
+    let key = vaultKey;
+    if (_.isEmpty(vaultKey) &&
+        (!_.isEmpty(process.env.KUZZLE_VAULT_KEY) || !_.isEmpty(ENV_VAULT_KEY))) {
+        // Keep the vault key value when reading it from the env
+        key = ENV_VAULT_KEY = process.env.KUZZLE_VAULT_KEY || ENV_VAULT_KEY;
+    }
+    const fileExists = fs.existsSync(encryptedSecretsFile);
+    // Abort if a custom secrets file has been provided but Kuzzle can't load it
+    if (!_.isEmpty(process.env.KUZZLE_SECRETS_FILE) || !_.isEmpty(secretsFile)) {
+        assert(fileExists, `A secret file has been provided but Kuzzle cannot find it at "${encryptedSecretsFile}".`);
+    }
+    // Abort if a secret file is found (default or custom)
+    // but no vault key has been provided
+    assert(!(fileExists && _.isEmpty(key)), "A secret file has been provided but Kuzzle cannot find the Vault key. Aborting.");
+    // Abort if a vault key has been provided
+    // but no secrets file can be loaded (default or custom)
+    assert(!(!_.isEmpty(key) && !fileExists), `A Vault key is present but Kuzzle cannot find the secret file at "${encryptedSecretsFile}". Aborting.`);
+    const vault = new Vault(key);
+    if (key) {
+        vault.decrypt(encryptedSecretsFile);
+    }
+    return vault;
+}
+module.exports = { load };
+//# sourceMappingURL=vault.js.map

package/dist/lib/model/security/rights.d.ts ADDED Viewed

@@ -0,0 +1,8 @@
+/**
+ * Merge function for policies rights
+ * @param {Object} prev existing policies rights
+ * @param {Object} cur new policies rights to merge
+ *
+ * @returns {Object} the merged policies rights
+ */
+export function merge(prev: any, cur: any): any;

package/{lib → dist/lib}/model/security/rights.js RENAMED Viewed

@@ -18,13 +18,10 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 "use strict";
 function isAllowed(obj) {
-  return obj && (obj.value === "allowed" || obj.value === true);
+    return obj && (obj.value === "allowed" || obj.value === true);
 }
 /**
  * Merge function for policies rights
  * @param {Object} prev existing policies rights
@@ -33,9 +30,8 @@ function isAllowed(obj) {
  * @returns {Object} the merged policies rights
  */
 function merge(prev, cur) {
-  cur.value = isAllowed(cur) || isAllowed(prev) ? "allowed" : "denied";
-  return cur;
+    cur.value = isAllowed(cur) || isAllowed(prev) ? "allowed" : "denied";
+    return cur;
 }
 module.exports = { merge };
+//# sourceMappingURL=rights.js.map

package/{lib → dist/lib}/model/security/role.d.ts RENAMED Viewed

@@ -1,4 +1,4 @@
-import { ControllerRight, ControllerRights } from "../../types/ControllerRights";
+import { ControllerRight, ControllerRights } from "../../types/controllers/ControllerRights";
 import { KuzzleRequest } from "../../../index";
 import { OptimizedPolicyRestrictions } from "../../types/PolicyRestrictions";
 /**

package/{lib → dist/lib}/model/security/user.d.ts RENAMED Viewed

@@ -6,6 +6,7 @@ import { KuzzleRequest } from "../../../index";
 export declare class User {
     _id: string;
     profileIds: string[];
+    strategies: any;
     constructor();
     /**
      * @returns {Promise<Profile[]>}

package/dist/lib/model/storage/apiKey.d.ts ADDED Viewed

@@ -0,0 +1,49 @@
+export = ApiKey;
+declare class ApiKey extends BaseModel {
+    /**
+     * @override
+     */
+    static override get collection(): string;
+    /**
+     * @override
+     */
+    static override get fields(): string[];
+    /**
+     * Creates a new API key for an user
+     *
+     * @param {User} user
+     * @param {String} expiresIn - API key expiration date in ms format
+     * @param {String} description
+     * @param {Object} options - creatorId (null), apiKeyId (null), refresh (null), bypassMaxTTL (false)
+     *
+     * @returns {Promise<ApiKey>}
+     */
+    static create(user: User, expiresIn: string, description: string, { creatorId, apiKeyId, refresh, bypassMaxTTL }?: any): Promise<ApiKey>;
+    /**
+     * Loads an user API key from the database
+     *
+     * @param {String} userId - User ID
+     * @param {String} id - API key ID
+     *
+     * @returns {Promise<ApiKey>}
+     */
+    static load(userId: string, id: string): Promise<ApiKey>;
+    /**
+     * Deletes API keys for an user
+     *
+     * @param {User} user
+     * @param {Object} options - refresh (null)
+     *
+     * @returns {Promise}
+     */
+    static deleteByUser(user: User, { refresh }?: any): Promise<any>;
+    constructor(_source: any, _id?: any);
+    /**
+     * @override
+     */
+    override _afterDelete(): Promise<void>;
+    serialize({ includeToken }?: {
+        includeToken?: boolean;
+    }): any;
+}
+import BaseModel = require("./baseModel");

package/dist/lib/model/storage/apiKey.js ADDED Viewed

@@ -0,0 +1,126 @@
+/*
+ * Kuzzle, a backend software, self-hostable and ready to use
+ * to power modern apps
+ *
+ * Copyright 2015-2022 Kuzzle
+ * mailto: support AT kuzzle.io
+ * website: http://kuzzle.io
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+"use strict";
+const { sha256 } = require("../../util/crypto");
+const debug = require("../../util/debug")("models:storage:apiKey");
+const kerror = require("../../kerror");
+const BaseModel = require("./baseModel");
+class ApiKey extends BaseModel {
+    constructor(_source, _id = null) {
+        super(_source, _id);
+    }
+    /**
+     * @override
+     */
+    async _afterDelete() {
+        const token = await global.kuzzle.ask("core:security:token:get", this.userId, this.token);
+        if (token) {
+            await global.kuzzle.ask("core:security:token:delete", token);
+        }
+    }
+    serialize({ includeToken = false } = {}) {
+        const serialized = super.serialize();
+        if (!includeToken && this.token) {
+            delete serialized._source.token;
+        }
+        return serialized;
+    }
+    // Static public methods =====================================================
+    /**
+     * @override
+     */
+    static get collection() {
+        return "api-keys";
+    }
+    /**
+     * @override
+     */
+    static get fields() {
+        return [
+            "userId",
+            "description",
+            "expiresAt",
+            "ttl",
+            "token",
+            "fingerprint",
+        ];
+    }
+    /**
+     * Creates a new API key for an user
+     *
+     * @param {User} user
+     * @param {String} expiresIn - API key expiration date in ms format
+     * @param {String} description
+     * @param {Object} options - creatorId (null), apiKeyId (null), refresh (null), bypassMaxTTL (false)
+     *
+     * @returns {Promise<ApiKey>}
+     */
+    static async create(user, expiresIn, description, { creatorId = null, apiKeyId = null, refresh, bypassMaxTTL = false } = {}) {
+        const token = await global.kuzzle.ask("core:security:token:create", user, {
+            bypassMaxTTL,
+            expiresIn,
+            type: "apiKey",
+        });
+        const fingerprint = sha256(token.jwt);
+        const apiKey = new ApiKey({
+            description,
+            expiresAt: token.expiresAt,
+            fingerprint,
+            ttl: token.ttl,
+            userId: user._id,
+        }, apiKeyId || fingerprint);
+        await apiKey.save({ refresh, userId: creatorId });
+        apiKey.token = token.jwt;
+        return apiKey;
+    }
+    /**
+     * Loads an user API key from the database
+     *
+     * @param {String} userId - User ID
+     * @param {String} id - API key ID
+     *
+     * @returns {Promise<ApiKey>}
+     */
+    static async load(userId, id) {
+        const apiKey = await super.load(id);
+        if (userId !== apiKey.userId) {
+            throw kerror.get("services", "storage", "not_found", id, {
+                message: `ApiKey "${id}" not found for user "${userId}".`,
+            });
+        }
+        return apiKey;
+    }
+    /**
+     * Deletes API keys for an user
+     *
+     * @param {User} user
+     * @param {Object} options - refresh (null)
+     *
+     * @returns {Promise}
+     */
+    static deleteByUser(user, { refresh } = {}) {
+        debug("Delete ApiKeys for user %a", user);
+        return this.deleteByQuery({ term: { userId: user._id } }, { refresh });
+    }
+}
+BaseModel.register(ApiKey);
+module.exports = ApiKey;
+//# sourceMappingURL=apiKey.js.map