npm - mongodb - Versions diffs - 3.5.11 → 3.6.2 - Mend

mongodb 3.5.11 → 3.6.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (68) hide show

package/HISTORY.md +42 -21
package/lib/admin.js +1 -0
package/lib/bulk/common.js +48 -4
package/lib/change_stream.js +0 -1
package/lib/cmap/connection.js +9 -6
package/lib/cmap/connection_pool.js +4 -10
package/lib/collection.js +59 -81
package/lib/core/auth/auth_provider.js +29 -132
package/lib/core/auth/defaultAuthProviders.js +2 -2
package/lib/core/auth/gssapi.js +124 -214
package/lib/core/auth/mongo_credentials.js +29 -3
package/lib/core/auth/mongocr.js +6 -12
package/lib/core/auth/mongodb_aws.js +256 -0
package/lib/core/auth/plain.js +5 -12
package/lib/core/auth/scram.js +229 -212
package/lib/core/auth/x509.js +25 -16
package/lib/core/connection/connect.js +97 -161
package/lib/core/connection/connection.js +71 -3
package/lib/core/connection/pool.js +2 -2
package/lib/core/cursor.js +18 -11
package/lib/core/error.js +82 -8
package/lib/core/sdam/common.js +8 -0
package/lib/core/sdam/monitor.js +240 -78
package/lib/core/sdam/server.js +81 -15
package/lib/core/sdam/server_description.js +37 -2
package/lib/core/sdam/topology.js +41 -8
package/lib/core/sdam/topology_description.js +21 -3
package/lib/core/sessions.js +38 -51
package/lib/core/topologies/mongos.js +18 -6
package/lib/core/topologies/read_preference.js +15 -3
package/lib/core/topologies/replset.js +4 -4
package/lib/core/topologies/server.js +1 -1
package/lib/core/topologies/shared.js +39 -16
package/lib/core/uri_parser.js +41 -6
package/lib/core/utils.js +30 -0
package/lib/core/wireprotocol/command.js +1 -4
package/lib/core/wireprotocol/constants.js +2 -2
package/lib/core/wireprotocol/query.js +4 -0
package/lib/cursor.js +0 -1
package/lib/db.js +6 -5
package/lib/error.js +6 -1
package/lib/gridfs-stream/download.js +13 -2
package/lib/mongo_client.js +6 -4
package/lib/operations/collection_ops.js +0 -20
package/lib/operations/command_v2.js +1 -1
package/lib/operations/common_functions.js +3 -0
package/lib/operations/connect.js +11 -14
package/lib/operations/create_collection.js +37 -52
package/lib/operations/create_indexes.js +111 -35
package/lib/operations/find.js +7 -1
package/lib/operations/find_and_modify.js +17 -0
package/lib/operations/find_one_and_delete.js +5 -0
package/lib/operations/find_one_and_replace.js +13 -0
package/lib/operations/find_one_and_update.js +13 -0
package/lib/operations/map_reduce.js +1 -1
package/lib/operations/re_index.js +22 -17
package/lib/operations/replace_one.js +11 -4
package/lib/operations/update_many.js +5 -0
package/lib/operations/update_one.js +5 -0
package/lib/operations/validate_collection.js +1 -2
package/lib/topologies/mongos.js +1 -1
package/lib/topologies/replset.js +1 -1
package/lib/topologies/server.js +1 -1
package/lib/utils.js +18 -1
package/lib/write_concern.js +10 -0
package/package.json +1 -1
package/lib/core/auth/sspi.js +0 -131
package/lib/operations/create_index.js +0 -92

package/lib/core/auth/mongodb_aws.js ADDED Viewed

@@ -0,0 +1,256 @@
+'use strict';
+const AuthProvider = require('./auth_provider').AuthProvider;
+const MongoCredentials = require('./mongo_credentials').MongoCredentials;
+const MongoError = require('../error').MongoError;
+const crypto = require('crypto');
+const http = require('http');
+const maxWireVersion = require('../utils').maxWireVersion;
+const url = require('url');
+let aws4;
+try {
+  aws4 = require('aws4');
+} catch (e) {
+  // don't do anything;
+}
+const ASCII_N = 110;
+const AWS_RELATIVE_URI = 'http://169.254.170.2';
+const AWS_EC2_URI = 'http://169.254.169.254';
+const AWS_EC2_PATH = '/latest/meta-data/iam/security-credentials';
+class MongoDBAWS extends AuthProvider {
+  auth(authContext, callback) {
+    const connection = authContext.connection;
+    const credentials = authContext.credentials;
+    if (maxWireVersion(connection) < 9) {
+      callback(new MongoError('MONGODB-AWS authentication requires MongoDB version 4.4 or later'));
+      return;
+    }
+    if (aws4 == null) {
+      callback(
+        new MongoError(
+          'MONGODB-AWS authentication requires the `aws4` module, please install it as a dependency of your project'
+        )
+      );
+      return;
+    }
+    if (credentials.username == null) {
+      makeTempCredentials(credentials, (err, tempCredentials) => {
+        if (err) return callback(err);
+        authContext.credentials = tempCredentials;
+        this.auth(authContext, callback);
+      });
+      return;
+    }
+    const username = credentials.username;
+    const password = credentials.password;
+    const db = credentials.source;
+    const token = credentials.mechanismProperties.AWS_SESSION_TOKEN;
+    const bson = this.bson;
+    crypto.randomBytes(32, (err, nonce) => {
+      if (err) {
+        callback(err);
+        return;
+      }
+      const saslStart = {
+        saslStart: 1,
+        mechanism: 'MONGODB-AWS',
+        payload: bson.serialize({ r: nonce, p: ASCII_N })
+      };
+      connection.command(`${db}.$cmd`, saslStart, (err, result) => {
+        if (err) return callback(err);
+        const res = result.result;
+        const serverResponse = bson.deserialize(res.payload.buffer);
+        const host = serverResponse.h;
+        const serverNonce = serverResponse.s.buffer;
+        if (serverNonce.length !== 64) {
+          callback(
+            new MongoError(`Invalid server nonce length ${serverNonce.length}, expected 64`)
+          );
+          return;
+        }
+        if (serverNonce.compare(nonce, 0, nonce.length, 0, nonce.length) !== 0) {
+          callback(new MongoError('Server nonce does not begin with client nonce'));
+          return;
+        }
+        if (host.length < 1 || host.length > 255 || host.indexOf('..') !== -1) {
+          callback(new MongoError(`Server returned an invalid host: "${host}"`));
+          return;
+        }
+        const body = 'Action=GetCallerIdentity&Version=2011-06-15';
+        const options = aws4.sign(
+          {
+            method: 'POST',
+            host,
+            region: deriveRegion(serverResponse.h),
+            service: 'sts',
+            headers: {
+              'Content-Type': 'application/x-www-form-urlencoded',
+              'Content-Length': body.length,
+              'X-MongoDB-Server-Nonce': serverNonce.toString('base64'),
+              'X-MongoDB-GS2-CB-Flag': 'n'
+            },
+            path: '/',
+            body
+          },
+          {
+            accessKeyId: username,
+            secretAccessKey: password,
+            token
+          }
+        );
+        const authorization = options.headers.Authorization;
+        const date = options.headers['X-Amz-Date'];
+        const payload = { a: authorization, d: date };
+        if (token) {
+          payload.t = token;
+        }
+        const saslContinue = {
+          saslContinue: 1,
+          conversationId: 1,
+          payload: bson.serialize(payload)
+        };
+        connection.command(`${db}.$cmd`, saslContinue, err => {
+          if (err) return callback(err);
+          callback();
+        });
+      });
+    });
+  }
+}
+function makeTempCredentials(credentials, callback) {
+  function done(creds) {
+    if (creds.AccessKeyId == null || creds.SecretAccessKey == null || creds.Token == null) {
+      callback(new MongoError('Could not obtain temporary MONGODB-AWS credentials'));
+      return;
+    }
+    callback(
+      undefined,
+      new MongoCredentials({
+        username: creds.AccessKeyId,
+        password: creds.SecretAccessKey,
+        source: credentials.source,
+        mechanism: 'MONGODB-AWS',
+        mechanismProperties: {
+          AWS_SESSION_TOKEN: creds.Token
+        }
+      })
+    );
+  }
+  // If the environment variable AWS_CONTAINER_CREDENTIALS_RELATIVE_URI
+  // is set then drivers MUST assume that it was set by an AWS ECS agent
+  if (process.env.AWS_CONTAINER_CREDENTIALS_RELATIVE_URI) {
+    request(
+      `${AWS_RELATIVE_URI}${process.env.AWS_CONTAINER_CREDENTIALS_RELATIVE_URI}`,
+      (err, res) => {
+        if (err) return callback(err);
+        done(res);
+      }
+    );
+    return;
+  }
+  // Otherwise assume we are on an EC2 instance
+  // get a token
+  request(
+    `${AWS_EC2_URI}/latest/api/token`,
+    { method: 'PUT', json: false, headers: { 'X-aws-ec2-metadata-token-ttl-seconds': 30 } },
+    (err, token) => {
+      if (err) return callback(err);
+      // get role name
+      request(
+        `${AWS_EC2_URI}/${AWS_EC2_PATH}`,
+        { json: false, headers: { 'X-aws-ec2-metadata-token': token } },
+        (err, roleName) => {
+          if (err) return callback(err);
+          // get temp credentials
+          request(
+            `${AWS_EC2_URI}/${AWS_EC2_PATH}/${roleName}`,
+            { headers: { 'X-aws-ec2-metadata-token': token } },
+            (err, creds) => {
+              if (err) return callback(err);
+              done(creds);
+            }
+          );
+        }
+      );
+    }
+  );
+}
+function deriveRegion(host) {
+  const parts = host.split('.');
+  if (parts.length === 1 || parts[1] === 'amazonaws') {
+    return 'us-east-1';
+  }
+  return parts[1];
+}
+function request(uri, options, callback) {
+  if (typeof options === 'function') {
+    callback = options;
+    options = {};
+  }
+  options = Object.assign(
+    {
+      method: 'GET',
+      timeout: 10000,
+      json: true
+    },
+    url.parse(uri),
+    options
+  );
+  const req = http.request(options, res => {
+    res.setEncoding('utf8');
+    let data = '';
+    res.on('data', d => (data += d));
+    res.on('end', () => {
+      if (options.json === false) {
+        callback(undefined, data);
+        return;
+      }
+      try {
+        const parsed = JSON.parse(data);
+        callback(undefined, parsed);
+      } catch (err) {
+        callback(new MongoError(`Invalid JSON response: "${data}"`));
+      }
+    });
+  });
+  req.on('error', err => callback(err));
+  req.end();
+}
+module.exports = MongoDBAWS;

package/lib/core/auth/plain.js CHANGED Viewed

@@ -1,5 +1,4 @@
 'use strict';
 const retrieveBSON = require('../connection/utils').retrieveBSON;
 const AuthProvider = require('./auth_provider').AuthProvider;
@@ -7,19 +6,13 @@ const AuthProvider = require('./auth_provider').AuthProvider;
 const BSON = retrieveBSON();
 const Binary = BSON.Binary;
-/**
- * Creates a new Plain authentication mechanism
- *
- * @extends AuthProvider
- */
 class Plain extends AuthProvider {
-  /**
-   * Implementation of authentication for a single connection
-   * @override
-   */
-  _authenticateSingleConnection(sendAuthCommand, connection, credentials, callback) {
+  auth(authContext, callback) {
+    const connection = authContext.connection;
+    const credentials = authContext.credentials;
     const username = credentials.username;
     const password = credentials.password;
     const payload = new Binary(`\x00${username}\x00${password}`);
     const command = {
       saslStart: 1,
@@ -28,7 +21,7 @@ class Plain extends AuthProvider {
       autoAuthorize: 1
     };
-    sendAuthCommand(connection, '$external.$cmd', command, callback);
+    connection.command('$external.$cmd', command, callback);
   }
 }