kuzzle 2.52.0 → 2.53.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. package/dist/lib/api/request/kuzzleRequest.d.ts +1 -1
  2. package/dist/lib/api/request/requestInput.d.ts +2 -2
  3. package/dist/lib/api/request/requestInput.js +1 -1
  4. package/dist/lib/kuzzle/dumpGenerator.js +7 -1
  5. package/dist/lib/util/assertType.d.ts +10 -0
  6. package/dist/lib/util/assertType.js +19 -0
  7. package/dist/package.json +1 -1
  8. package/package.json +1 -1
package/dist/lib/api/request/kuzzleRequest.d.ts CHANGED
@@ -121,7 +121,7 @@ export declare class KuzzleRequest {
121
121
  input: {
122
122
  action: string;
123
123
  args: JSONObject;
124
- body: JSONObject;
124
+ body: any[] | JSONObject;
125
125
  controller: string;
126
126
  jwt: string;
127
127
  volatile: JSONObject;
package/dist/lib/api/request/requestInput.d.ts CHANGED
@@ -155,8 +155,8 @@ export declare class RequestInput {
155
155
  * body <== that
156
156
  * }
157
157
  */
158
- get body(): JSONObject | null;
159
- set body(obj: JSONObject);
158
+ get body(): JSONObject | Array<any> | null;
159
+ set body(obj: JSONObject | Array<any>);
160
160
  /**
161
161
  * Request headers (Http only).
162
162
  *
package/dist/lib/api/request/requestInput.js CHANGED
@@ -254,7 +254,7 @@ class RequestInput {
254
254
  return this[_body];
255
255
  }
256
256
  set body(obj) {
257
- this[_body] = assert.assertObject("body", obj);
257
+ this[_body] = assert.assertArrayOrObject("body", obj);
258
258
  }
259
259
  /**
260
260
  * Request headers (Http only).
package/dist/lib/kuzzle/dumpGenerator.js CHANGED
@@ -28,6 +28,7 @@ const dumpme = require("dumpme");
28
28
  const zlib = require("zlib");
29
29
  const { Request } = require("../api/request");
30
30
  const kerror = require("../kerror");
31
+ const { BadRequestError } = require("../kerror/errors");
31
32
  class DumpGenerator {
32
33
  constructor() {
33
34
  this._dump = false;
@@ -44,10 +45,15 @@ class DumpGenerator {
44
45
  throw kerror.get("api", "process", "action_locked", "dump");
45
46
  }
46
47
  this._dump = true;
47
- const dumpPath = path.join(path.normalize(global.kuzzle.config.dump.path), moment()
48
+ const basePath = path.normalize(global.kuzzle.config.dump.path);
49
+ const dumpPath = path.join(basePath, moment()
48
50
  .format(global.kuzzle.config.dump.dateFormat)
49
51
  .concat(`-${suffix}`)
50
52
  .substring(0, 200));
53
+ const resolvedPath = path.resolve(dumpPath);
54
+ if (!resolvedPath.startsWith(path.resolve(basePath))) {
55
+ throw new BadRequestError(`Dump path '${dumpPath}' is outside of designated dump directory '${basePath}'`);
56
+ }
51
57
  this.logger.info("=".repeat(79));
52
58
  this.logger.info(`Generating dump in ${dumpPath}`);
53
59
  this._cleanUpHistory();
package/dist/lib/util/assertType.d.ts CHANGED
@@ -9,6 +9,16 @@
9
9
  * @return {array}
10
10
  */
11
11
  export function assertArray(attr: string, data: any, type: any): any[];
12
+ /**
13
+ * Throws if the provided data is not an object or an array.
14
+ * Returns the unmodified data if validated
15
+ *
16
+ * @throws
17
+ * @param {string} attr - tested attribute name
18
+ * @param {*} data
19
+ * @return {object|array}
20
+ */
21
+ export function assertArrayOrObject(attr: string, data: any): object | any[];
12
22
  /**
13
23
  * Throws if the provided data is not an integer
14
24
  * Returns the unmodified data if validated
package/dist/lib/util/assertType.js CHANGED
@@ -38,6 +38,24 @@ function assertObject(attr, data) {
38
38
  }
39
39
  return data;
40
40
  }
41
+ /**
42
+ * Throws if the provided data is not an object or an array.
43
+ * Returns the unmodified data if validated
44
+ *
45
+ * @throws
46
+ * @param {string} attr - tested attribute name
47
+ * @param {*} data
48
+ * @return {object|array}
49
+ */
50
+ function assertArrayOrObject(attr, data) {
51
+ if (data === null || data === undefined) {
52
+ return null;
53
+ }
54
+ if (typeof data !== "object") {
55
+ throw new BadRequestError(`Attribute ${attr} must be of type "object" or "array"`);
56
+ }
57
+ return data;
58
+ }
41
59
  /**
42
60
  * Throws if the provided data is not an array containing exclusively
43
61
  * values of the specified "type"
@@ -101,6 +119,7 @@ function assertInteger(attr, data) {
101
119
  }
102
120
  module.exports = {
103
121
  assertArray,
122
+ assertArrayOrObject,
104
123
  assertInteger,
105
124
  assertObject,
106
125
  assertString,
package/dist/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "kuzzle",
3
3
  "author": "The Kuzzle Team <support@kuzzle.io>",
4
- "version": "2.52.0",
4
+ "version": "2.53.0",
5
5
  "description": "Kuzzle is an open-source solution that handles all the data management through a secured API, with a large choice of protocols.",
6
6
  "scripts": {
7
7
  "build": "rm -Rf ./dist && tsc && node ./bin/copy-protobuf.js",
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "kuzzle",
3
3
  "author": "The Kuzzle Team <support@kuzzle.io>",
4
- "version": "2.52.0",
4
+ "version": "2.53.0",
5
5
  "description": "Kuzzle is an open-source solution that handles all the data management through a secured API, with a large choice of protocols.",
6
6
  "scripts": {
7
7
  "build": "rm -Rf ./dist && tsc && node ./bin/copy-protobuf.js",