npm - kuzzle - Versions diffs - 2.49.1 → 2.50.0-beta.4 - Mend

kuzzle 2.49.1 → 2.50.0-beta.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (591) hide show

package/lib/kuzzle/internalIndexHandler.js DELETED Viewed

@@ -1,234 +0,0 @@
-/*
- * Kuzzle, a backend software, self-hostable and ready to use
- * to power modern apps
- *
- * Copyright 2015-2022 Kuzzle
- * mailto: support AT kuzzle.io
- * website: http://kuzzle.io
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-"use strict";
-const crypto = require("crypto");
-const Bluebird = require("bluebird");
-const debug = require("../util/debug")("kuzzle:bootstrap:internalIndex");
-const { Store } = require("../core/shared/store");
-const { Mutex } = require("../util/mutex");
-const { storeScopeEnum } = require("../core/storage/storeScopeEnum");
-const kerror = require("../kerror");
-const securitiesBootstrap = {
-  profiles: {
-    admin: {
-      policies: [{ roleId: "admin" }],
-      rateLimit: 0,
-    },
-    anonymous: {
-      policies: [{ roleId: "anonymous" }],
-    },
-    default: {
-      policies: [{ roleId: "default" }],
-    },
-  },
-  roles: {
-    admin: {
-      controllers: {
-        "*": {
-          actions: {
-            "*": true,
-          },
-        },
-      },
-    },
-    anonymous: {
-      controllers: {
-        "*": {
-          actions: {
-            "*": true,
-          },
-        },
-      },
-    },
-    default: {
-      controllers: {
-        "*": {
-          actions: {
-            "*": true,
-          },
-        },
-      },
-    },
-  },
-};
-const dataModelVersion = "2.0.0";
-class InternalIndexHandler extends Store {
-  constructor() {
-    super(
-      global.kuzzle.config.services.storageEngine.internalIndex.name,
-      storeScopeEnum.PRIVATE,
-    );
-    this.timeout =
-      global.kuzzle.config.services.internalIndex.bootstrapLockTimeout;
-    this.config = global.kuzzle.config.services.storageEngine.internalIndex;
-    // IDs for config documents
-    this._BOOTSTRAP_DONE_ID = `${this.index}.done`;
-    this._DATAMODEL_VERSION_ID = "internalIndex.dataModelVersion";
-    this._JWT_SECRET_ID = "security.jwt.secret";
-    this.logger = global.kuzzle.log.child("internalIndexHandler");
-  }
-  /**
-   * @returns {Promise}
-   */
-  async init() {
-    await super.init(this.config.collections);
-    const mutex = new Mutex("InternalIndexBootstrap", {
-      timeout: -1,
-      ttl: 30000,
-    });
-    await mutex.lock();
-    try {
-      const bootstrapped = await this.exists("config", this._BOOTSTRAP_DONE_ID);
-      if (bootstrapped) {
-        await this._initSecret();
-        return;
-      }
-      await Bluebird.resolve(this._bootstrapSequence()).timeout(this.timeout);
-      await this.create(
-        "config",
-        { timestamp: Date.now() },
-        {
-          id: this._BOOTSTRAP_DONE_ID,
-        },
-      );
-    } catch (error) {
-      if (error instanceof Bluebird.TimeoutError) {
-        throw kerror.get(
-          "services",
-          "storage",
-          "bootstrap_timeout",
-          "internalIndex",
-        );
-      }
-      throw error;
-    } finally {
-      await mutex.unlock();
-    }
-  }
-  /**
-   * @override
-   */
-  async _bootstrapSequence() {
-    debug("Bootstrapping security structure");
-    await this.createInitialSecurities();
-    debug("Bootstrapping document validation structure");
-    await this.createInitialValidations();
-    debug("Bootstrapping JWT secret");
-    await this._initSecret();
-    // Create datamodel version
-    await this.create(
-      "config",
-      { version: dataModelVersion },
-      {
-        id: this._DATAMODEL_VERSION_ID,
-      },
-    );
-  }
-  /**
-   * Creates initial roles and profiles as specified in Kuzzle configuration
-   */
-  async createInitialSecurities() {
-    await Bluebird.map(
-      Object.entries(securitiesBootstrap.roles),
-      ([roleId, content]) => {
-        return this.createOrReplace("roles", roleId, content, {
-          refresh: "wait_for",
-        });
-      },
-    );
-    await Bluebird.map(
-      Object.entries(securitiesBootstrap.profiles),
-      ([profileId, content]) => {
-        return this.createOrReplace("profiles", profileId, content, {
-          refresh: "wait_for",
-        });
-      },
-    );
-  }
-  async createInitialValidations() {
-    const initialValidations = global.kuzzle.config.validation;
-    const promises = [];
-    for (const [index, collection] of Object.entries(initialValidations)) {
-      for (const [collectionName, validation] of Object.entries(collection)) {
-        const validationId = `${index}#${collectionName}`;
-        promises.push(
-          this.createOrReplace("validations", validationId, validation),
-        );
-      }
-    }
-    await Bluebird.all(promises);
-  }
-  async _initSecret() {
-    const { authToken, jwt } = global.kuzzle.config.security;
-    const configSeed = authToken?.secret ?? jwt?.secret;
-    let storedSeed = await this.exists("config", this._JWT_SECRET_ID);
-    if (!configSeed) {
-      if (!storedSeed) {
-        storedSeed = crypto.randomBytes(512).toString("hex");
-        await this.create(
-          "config",
-          { seed: storedSeed },
-          { id: this._JWT_SECRET_ID },
-        );
-      }
-      this.logger.warn(
-        "[!] Kuzzle is using a generated seed for authentication. This is suitable for development but should NEVER be used in production. See https://docs.kuzzle.io/core/2/guides/getting-started/deploy-your-application/",
-      );
-    }
-    global.kuzzle.secret = configSeed
-      ? configSeed
-      : (await this.get("config", this._JWT_SECRET_ID))._source.seed;
-  }
-}
-module.exports = InternalIndexHandler;

package/lib/kuzzle/vault.js DELETED Viewed

@@ -1,89 +0,0 @@
-/*
- * Kuzzle, a backend software, self-hostable and ready to use
- * to power modern apps
- *
- * Copyright 2015-2022 Kuzzle
- * mailto: support AT kuzzle.io
- * website: http://kuzzle.io
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-"use strict";
-const assert = require("assert");
-const fs = require("fs");
-const path = require("path");
-const _ = require("lodash");
-const { Vault } = require("kuzzle-vault");
-// The Vault package remove the variable from env after reading it and we have
-// to instantiate the Vault two times with Kaaf (one before init and one after)
-let ENV_VAULT_KEY;
-function load(vaultKey, secretsFile) {
-  // Using KaaF kuzzle is an npm package and is located under node_modules folder
-  // We need to get back to root folder of the project to get the secret file
-  const defaultEncryptedSecretsFile = __dirname.endsWith(
-    "/node_modules/kuzzle/lib/kuzzle",
-  )
-    ? path.resolve(`${__dirname}/../../../../config/secrets.enc.json`)
-    : path.resolve(`${__dirname}/../../config/secrets.enc.json`);
-  const encryptedSecretsFile =
-    secretsFile ||
-    process.env.KUZZLE_SECRETS_FILE ||
-    defaultEncryptedSecretsFile;
-  let key = vaultKey;
-  if (
-    _.isEmpty(vaultKey) &&
-    (!_.isEmpty(process.env.KUZZLE_VAULT_KEY) || !_.isEmpty(ENV_VAULT_KEY))
-  ) {
-    // Keep the vault key value when reading it from the env
-    key = ENV_VAULT_KEY = process.env.KUZZLE_VAULT_KEY || ENV_VAULT_KEY;
-  }
-  const fileExists = fs.existsSync(encryptedSecretsFile);
-  // Abort if a custom secrets file has been provided but Kuzzle can't load it
-  if (!_.isEmpty(process.env.KUZZLE_SECRETS_FILE) || !_.isEmpty(secretsFile)) {
-    assert(
-      fileExists,
-      `A secret file has been provided but Kuzzle cannot find it at "${encryptedSecretsFile}".`,
-    );
-  }
-  // Abort if a secret file is found (default or custom)
-  // but no vault key has been provided
-  assert(
-    !(fileExists && _.isEmpty(key)),
-    "A secret file has been provided but Kuzzle cannot find the Vault key. Aborting.",
-  );
-  // Abort if a vault key has been provided
-  // but no secrets file can be loaded (default or custom)
-  assert(
-    !(!_.isEmpty(key) && !fileExists),
-    `A Vault key is present but Kuzzle cannot find the secret file at "${encryptedSecretsFile}". Aborting.`,
-  );
-  const vault = new Vault(key);
-  if (key) {
-    vault.decrypt(encryptedSecretsFile);
-  }
-  return vault;
-}
-module.exports = { load };

package/lib/model/storage/apiKey.js DELETED Viewed

@@ -1,158 +0,0 @@
-/*
- * Kuzzle, a backend software, self-hostable and ready to use
- * to power modern apps
- *
- * Copyright 2015-2022 Kuzzle
- * mailto: support AT kuzzle.io
- * website: http://kuzzle.io
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-"use strict";
-const { sha256 } = require("../../util/crypto");
-const debug = require("../../util/debug")("models:storage:apiKey");
-const kerror = require("../../kerror");
-const BaseModel = require("./baseModel");
-class ApiKey extends BaseModel {
-  constructor(_source, _id = null) {
-    super(_source, _id);
-  }
-  /**
-   * @override
-   */
-  async _afterDelete() {
-    const token = await global.kuzzle.ask(
-      "core:security:token:get",
-      this.userId,
-      this.token,
-    );
-    if (token) {
-      await global.kuzzle.ask("core:security:token:delete", token);
-    }
-  }
-  serialize({ includeToken = false } = {}) {
-    const serialized = super.serialize();
-    if (!includeToken && this.token) {
-      delete serialized._source.token;
-    }
-    return serialized;
-  }
-  // Static public methods =====================================================
-  /**
-   * @override
-   */
-  static get collection() {
-    return "api-keys";
-  }
-  /**
-   * @override
-   */
-  static get fields() {
-    return [
-      "userId",
-      "description",
-      "expiresAt",
-      "ttl",
-      "token",
-      "fingerprint",
-    ];
-  }
-  /**
-   * Creates a new API key for an user
-   *
-   * @param {User} user
-   * @param {String} expiresIn - API key expiration date in ms format
-   * @param {String} description
-   * @param {Object} options - creatorId (null), apiKeyId (null), refresh (null), bypassMaxTTL (false)
-   *
-   * @returns {ApiKey}
-   */
-  static async create(
-    user,
-    expiresIn,
-    description,
-    { creatorId = null, apiKeyId = null, refresh, bypassMaxTTL = false } = {},
-  ) {
-    const token = await global.kuzzle.ask("core:security:token:create", user, {
-      bypassMaxTTL,
-      expiresIn,
-      type: "apiKey",
-    });
-    const fingerprint = sha256(token.jwt);
-    const apiKey = new ApiKey(
-      {
-        description,
-        expiresAt: token.expiresAt,
-        fingerprint,
-        ttl: token.ttl,
-        userId: user._id,
-      },
-      apiKeyId || fingerprint,
-    );
-    await apiKey.save({ refresh, userId: creatorId });
-    apiKey.token = token.jwt;
-    return apiKey;
-  }
-  /**
-   * Loads an user API key from the database
-   *
-   * @param {String} userId - User ID
-   * @param {String} id - API key ID
-   *
-   * @returns {ApiKey}
-   */
-  static async load(userId, id) {
-    const apiKey = await super.load(id);
-    if (userId !== apiKey.userId) {
-      throw kerror.get("services", "storage", "not_found", id, {
-        message: `ApiKey "${id}" not found for user "${userId}".`,
-      });
-    }
-    return apiKey;
-  }
-  /**
-   * Deletes API keys for an user
-   *
-   * @param {User} user
-   * @param {Object} options - refresh (null)
-   *
-   * @returns {Promise}
-   */
-  static deleteByUser(user, { refresh } = {}) {
-    debug("Delete ApiKeys for user %a", user);
-    return this.deleteByQuery({ term: { userId: user._id } }, { refresh });
-  }
-}
-BaseModel.register(ApiKey);
-module.exports = ApiKey;