mongodb 3.6.5 → 3.6.9

package/lib/encrypter.js

@@ -0,0 +1,163 @@
+'use strict';
+const MongoClient = require('./mongo_client');
+const BSON = require('./core/connection/utils').retrieveBSON();
+const MongoError = require('./core/error').MongoError;
+
+try {
+  require.resolve('mongodb-client-encryption');
+} catch (err) {
+  throw new MongoError(
+    'Auto-encryption requested, but the module is not installed. ' +
+      'Please add `mongodb-client-encryption` as a dependency of your project'
+  );
+}
+
+const mongodbClientEncryption = require('mongodb-client-encryption');
+if (typeof mongodbClientEncryption.extension !== 'function') {
+  throw new MongoError(
+    'loaded version of `mongodb-client-encryption` does not have property `extension`. ' +
+      'Please make sure you are loading the correct version of `mongodb-client-encryption`'
+  );
+}
+const AutoEncrypter = mongodbClientEncryption.extension(require('../index')).AutoEncrypter;
+
+const kInternalClient = Symbol('internalClient');
+
+class Encrypter {
+  /**
+   * @param {MongoClient} client
+   * @param {{autoEncryption: import('./mongo_client').AutoEncryptionOptions, bson: object}} options
+   */
+  constructor(client, options) {
+    this.bypassAutoEncryption = !!options.autoEncryption.bypassAutoEncryption;
+    this.needsConnecting = false;
+
+    if (options.maxPoolSize === 0 && options.autoEncryption.keyVaultClient == null) {
+      options.autoEncryption.keyVaultClient = client;
+    } else if (options.autoEncryption.keyVaultClient == null) {
+      options.autoEncryption.keyVaultClient = this.getInternalClient(client);
+    }
+
+    if (this.bypassAutoEncryption) {
+      options.autoEncryption.metadataClient = undefined;
+    } else if (options.maxPoolSize === 0) {
+      options.autoEncryption.metadataClient = client;
+    } else {
+      options.autoEncryption.metadataClient = this.getInternalClient(client);
+    }
+
+    options.autoEncryption.bson = Encrypter.makeBSON(options);
+
+    this.autoEncrypter = new AutoEncrypter(client, options.autoEncryption);
+  }
+
+  getInternalClient(client) {
+    if (!this[kInternalClient]) {
+      const clonedOptions = {};
+
+      for (const key of Object.keys(client.s.options)) {
+        if (
+          ['autoEncryption', 'minPoolSize', 'servers', 'caseTranslate', 'dbName'].indexOf(key) !==
+          -1
+        )
+          continue;
+        clonedOptions[key] = client.s.options[key];
+      }
+
+      clonedOptions.minPoolSize = 0;
+
+      const allEvents = [
+        // APM
+        'commandStarted',
+        'commandSucceeded',
+        'commandFailed',
+
+        // SDAM
+        'serverOpening',
+        'serverClosed',
+        'serverDescriptionChanged',
+        'serverHeartbeatStarted',
+        'serverHeartbeatSucceeded',
+        'serverHeartbeatFailed',
+        'topologyOpening',
+        'topologyClosed',
+        'topologyDescriptionChanged',
+
+        // Legacy
+        'joined',
+        'left',
+        'ping',
+        'ha',
+
+        // CMAP
+        'connectionPoolCreated',
+        'connectionPoolClosed',
+        'connectionCreated',
+        'connectionReady',
+        'connectionClosed',
+        'connectionCheckOutStarted',
+        'connectionCheckOutFailed',
+        'connectionCheckedOut',
+        'connectionCheckedIn',
+        'connectionPoolCleared'
+      ];
+
+      this[kInternalClient] = new MongoClient(client.s.url, clonedOptions);
+
+      for (const eventName of allEvents) {
+        for (const listener of client.listeners(eventName)) {
+          this[kInternalClient].on(eventName, listener);
+        }
+      }
+
+      client.on('newListener', (eventName, listener) => {
+        this[kInternalClient].on(eventName, listener);
+      });
+
+      this.needsConnecting = true;
+    }
+    return this[kInternalClient];
+  }
+
+  connectInternalClient(callback) {
+    if (this.needsConnecting) {
+      this.needsConnecting = false;
+      return this[kInternalClient].connect(callback);
+    }
+
+    return callback();
+  }
+
+  close(client, force, callback) {
+    this.autoEncrypter.teardown(e => {
+      if (this[kInternalClient] && client !== this[kInternalClient]) {
+        return this[kInternalClient].close(force, callback);
+      }
+      callback(e);
+    });
+  }
+
+  static makeBSON(options) {
+    return (
+      (options || {}).bson ||
+      new BSON([
+        BSON.Binary,
+        BSON.Code,
+        BSON.DBRef,
+        BSON.Decimal128,
+        BSON.Double,
+        BSON.Int32,
+        BSON.Long,
+        BSON.Map,
+        BSON.MaxKey,
+        BSON.MinKey,
+        BSON.ObjectId,
+        BSON.BSONRegExp,
+        BSON.Symbol,
+        BSON.Timestamp
+      ])
+    );
+  }
+}
+
+module.exports = { Encrypter };

package/lib/gridfs-stream/upload.js

@@ -284,6 +284,7 @@ function checkDone(_this, callback) {
         return __handleError(_this, error, callback);
       }
       _this.emit('finish', filesDoc);
+      _this.emit('close');
     });
 
     return true;

package/lib/mongo_client.js

@@ -71,97 +71,131 @@ const validOptions = require('./operations/connect').validOptions;
  * @property {string} [platform] Optional platform information
  */
 
+/**
+ * @public
+ * @typedef AutoEncryptionOptions
+ * @property {MongoClient} [keyVaultClient] A `MongoClient` used to fetch keys from a key vault
+ * @property {string} [keyVaultNamespace] The namespace where keys are stored in the key vault
+ * @property {object} [kmsProviders] Configuration options that are used by specific KMS providers during key generation, encryption, and decryption.
+ * @property {object} [schemaMap] A map of namespaces to a local JSON schema for encryption
+ *
+ * > **NOTE**: Supplying options.schemaMap provides more security than relying on JSON Schemas obtained from the server.
+ * > It protects against a malicious server advertising a false JSON Schema, which could trick the client into sending decrypted data that should be encrypted.
+ * > Schemas supplied in the schemaMap only apply to configuring automatic encryption for client side encryption.
+ * > Other validation rules in the JSON schema will not be enforced by the driver and will result in an error.
+ *
+ * @property {object} [options] An optional hook to catch logging messages from the underlying encryption engine
+ * @property {object} [extraOptions]
+ * @property {boolean} [bypassAutoEncryption]
+ */
+
+/**
+ * @typedef {object} MongoClientOptions
+ * @property {number} [poolSize] (**default**: 5) The maximum size of the individual server pool
+ * @property {boolean} [ssl] (**default**: false) Enable SSL connection. *deprecated* use `tls` variants
+ * @property {boolean} [sslValidate] (**default**: false) Validate mongod server certificate against Certificate Authority
+ * @property {buffer} [sslCA] (**default**: undefined) SSL Certificate store binary buffer *deprecated* use `tls` variants
+ * @property {buffer} [sslCert] (**default**: undefined) SSL Certificate binary buffer *deprecated* use `tls` variants
+ * @property {buffer} [sslKey] (**default**: undefined) SSL Key file binary buffer *deprecated* use `tls` variants
+ * @property {string} [sslPass] (**default**: undefined) SSL Certificate pass phrase *deprecated* use `tls` variants
+ * @property {buffer} [sslCRL] (**default**: undefined) SSL Certificate revocation list binary buffer *deprecated* use `tls` variants
+ * @property {boolean|function} [checkServerIdentity] (**default**: true) Ensure we check server identify during SSL, set to false to disable checking. Only works for Node 0.12.x or higher. You can pass in a boolean or your own checkServerIdentity override function. *deprecated* use `tls` variants
+ * @property {boolean} [tls] (**default**: false) Enable TLS connections
+ * @property {boolean} [tlsInsecure] (**default**: false) Relax TLS constraints, disabling validation
+ * @property {string} [tlsCAFile] A path to file with either a single or bundle of certificate authorities to be considered trusted when making a TLS connection
+ * @property {string} [tlsCertificateKeyFile] A path to the client certificate file or the client private key file; in the case that they both are needed, the files should be concatenated
+ * @property {string} [tlsCertificateKeyFilePassword] The password to decrypt the client private key to be used for TLS connections
+ * @property {boolean} [tlsAllowInvalidCertificates] Specifies whether or not the driver should error when the server’s TLS certificate is invalid
+ * @property {boolean} [tlsAllowInvalidHostnames] Specifies whether or not the driver should error when there is a mismatch between the server’s hostname and the hostname specified by the TLS certificate
+ * @property {boolean} [autoReconnect] (**default**: true) Enable autoReconnect for single server instances
+ * @property {boolean} [noDelay] (**default**: true) TCP Connection no delay
+ * @property {boolean} [keepAlive] (**default**: true) TCP Connection keep alive enabled
+ * @property {number} [keepAliveInitialDelay] (**default**: 120000) The number of milliseconds to wait before initiating keepAlive on the TCP socket
+ * @property {number} [connectTimeoutMS] (**default**: 10000) How long to wait for a connection to be established before timing out
+ * @property {number} [socketTimeoutMS] (**default**: 0) How long a send or receive on a socket can take before timing out
+ * @property {number} [family] Version of IP stack. Can be 4, 6 or null (default). If null, will attempt to connect with IPv6, and will fall back to IPv4 on failure
+ * @property {number} [reconnectTries] (**default**: 30) Server attempt to reconnect #times
+ * @property {number} [reconnectInterval] (**default**: 1000) Server will wait # milliseconds between retries
+ * @property {boolean} [ha] (**default**: true) Control if high availability monitoring runs for Replicaset or Mongos proxies
+ * @property {number} [haInterval] (**default**: 10000) The High availability period for replicaset inquiry
+ * @property {string} [replicaSet] (**default**: undefined) The Replicaset set name
+ * @property {number} [secondaryAcceptableLatencyMS] (**default**: 15) Cutoff latency point in MS for Replicaset member selection
+ * @property {number} [acceptableLatencyMS] (**default**: 15) Cutoff latency point in MS for Mongos proxies selection
+ * @property {boolean} [connectWithNoPrimary] (**default**: false) Sets if the driver should connect even if no primary is available
+ * @property {string} [authSource] (**default**: undefined) Define the database to authenticate against
+ * @property {(number|string)} [w] **Deprecated** The write concern. Use writeConcern instead.
+ * @property {number} [wtimeout] **Deprecated** The write concern timeout. Use writeConcern instead.
+ * @property {boolean} [j] (**default**: false) **Deprecated** Specify a journal write concern. Use writeConcern instead.
+ * @property {boolean} [fsync] (**default**: false) **Deprecated** Specify a file sync write concern. Use writeConcern instead.
+ * @property {object|WriteConcern} [writeConcern] Specify write concern settings.
+ * @property {boolean} [forceServerObjectId] (**default**: false) Force server to assign _id values instead of driver
+ * @property {boolean} [serializeFunctions] (**default**: false) Serialize functions on any object
+ * @property {Boolean} [ignoreUndefined] (**default**: false) Specify if the BSON serializer should ignore undefined fields
+ * @property {boolean} [raw] (**default**: false) Return document results as raw BSON buffers
+ * @property {number} [bufferMaxEntries] (**default**: -1) Sets a cap on how many operations the driver will buffer up before giving up on getting a working connection, default is -1 which is unlimited
+ * @property {(ReadPreference|string)} [readPreference] The preferred read preference (ReadPreference.PRIMARY, ReadPreference.PRIMARY_PREFERRED, ReadPreference.SECONDARY, ReadPreference.SECONDARY_PREFERRED, ReadPreference.NEAREST)
+ * @property {object} [pkFactory] A primary key factory object for generation of custom _id keys
+ * @property {object} [promiseLibrary] A Promise library class the application wishes to use such as Bluebird, must be ES6 compatible
+ * @property {object} [readConcern] Specify a read concern for the collection (only MongoDB 3.2 or higher supported)
+ * @property {ReadConcernLevel} [readConcern.level] (**default**: {Level: 'local'}) Specify a read concern level for the collection operations (only MongoDB 3.2 or higher supported)
+ * @property {number} [maxStalenessSeconds] (**default**: undefined) The max staleness to secondary reads (values under 10 seconds cannot be guaranteed)
+ * @property {string} [loggerLevel] (**default**: undefined) The logging level (error/warn/info/debug)
+ * @property {object} [logger] (**default**: undefined) Custom logger object
+ * @property {boolean} [promoteValues] (**default**: true) Promotes BSON values to native types where possible, set to false to only receive wrapper types
+ * @property {boolean} [promoteBuffers] (**default**: false) Promotes Binary BSON values to native Node Buffers
+ * @property {boolean} [promoteLongs] (**default**: true) Promotes long values to number if they fit inside the 53 bits resolution
+ * @property {boolean} [domainsEnabled] (**default**: false) Enable the wrapping of the callback in the current domain, disabled by default to avoid perf hit
+ * @property {object} [validateOptions] (**default**: false) Validate MongoClient passed in options for correctness
+ * @property {string} [appname] (**default**: undefined) The name of the application that created this MongoClient instance. MongoDB 3.4 and newer will print this value in the server log upon establishing each connection. It is also recorded in the slow query log and profile collections
+ * @property {string} [options.auth.user] (**default**: undefined) The username for auth
+ * @property {string} [options.auth.password] (**default**: undefined) The password for auth
+ * @property {string} [authMechanism] An authentication mechanism to use for connection authentication, see the {@link https://docs.mongodb.com/manual/reference/connection-string/#urioption.authMechanism|authMechanism} reference for supported options.
+ * @property {object} [compression] Type of compression to use: snappy or zlib
+ * @property {array} [readPreferenceTags] Read preference tags
+ * @property {number} [numberOfRetries] (**default**: 5) The number of retries for a tailable cursor
+ * @property {boolean} [auto_reconnect] (**default**: true) Enable auto reconnecting for single server instances
+ * @property {boolean} [monitorCommands] (**default**: false) Enable command monitoring for this client
+ * @property {number} [minSize] If present, the connection pool will be initialized with minSize connections, and will never dip below minSize connections
+ * @property {boolean} [useNewUrlParser] (**default**: true) Determines whether or not to use the new url parser. Enables the new, spec-compliant, url parser shipped in the core driver. This url parser fixes a number of problems with the original parser, and aims to outright replace that parser in the near future. Defaults to true, and must be explicitly set to false to use the legacy url parser.
+ * @property {boolean} [useUnifiedTopology] Enables the new unified topology layer
+ * @property {number} [localThresholdMS] (**default**: 15) **Only applies to the unified topology** The size of the latency window for selecting among multiple suitable servers
+ * @property {number} [serverSelectionTimeoutMS] (**default**: 30000) **Only applies to the unified topology** How long to block for server selection before throwing an error
+ * @property {number} [heartbeatFrequencyMS] (**default**: 10000) **Only applies to the unified topology** The frequency with which topology updates are scheduled
+ * @property {number} [maxPoolSize] (**default**: 10) **Only applies to the unified topology** The maximum number of connections that may be associated with a pool at a given time. This includes in use and available connections.
+ * @property {number} [minPoolSize] (**default**: 0) **Only applies to the unified topology** The minimum number of connections that MUST exist at any moment in a single connection pool.
+ * @property {number} [maxIdleTimeMS] **Only applies to the unified topology** The maximum amount of time a connection should remain idle in the connection pool before being marked idle. The default is infinity.
+ * @property {number} [waitQueueTimeoutMS] (**default**: 0) **Only applies to the unified topology** The maximum amount of time operation execution should wait for a connection to become available. The default is 0 which means there is no limit.
+ * @property {AutoEncryptionOptions} [autoEncryption] Optionally enable client side auto encryption.
+ *
+ * > Automatic encryption is an enterprise only feature that only applies to operations on a collection. Automatic encryption is not supported for operations on a database or view, and operations that are not bypassed will result in error
+ * > (see [libmongocrypt: Auto Encryption Allow-List](https://github.com/mongodb/specifications/blob/master/source/client-side-encryption/client-side-encryption.rst#libmongocrypt-auto-encryption-allow-list)). To bypass automatic encryption for all operations, set bypassAutoEncryption=true in AutoEncryptionOpts.
+ * >
+ * > Automatic encryption requires the authenticated user to have the [listCollections privilege action](https://docs.mongodb.com/manual/reference/command/listCollections/#dbcmd.listCollections).
+ * >
+ * > If a MongoClient with a limited connection pool size (i.e a non-zero maxPoolSize) is configured with AutoEncryptionOptions, a separate internal MongoClient is created if any of the following are true:
+ * > - AutoEncryptionOptions.keyVaultClient is not passed.
+ * > - AutoEncryptionOptions.bypassAutomaticEncryption is false.
+ * > If an internal MongoClient is created, it is configured with the same options as the parent MongoClient except minPoolSize is set to 0 and AutoEncryptionOptions is omitted.
+ *
+ * @property {DriverInfoOptions} [driverInfo] Allows a wrapping driver to amend the client metadata generated by the driver to include information about the wrapping driver
+ * @property {boolean} [directConnection] (**default**: false) Enable directConnection
+ * @property {function} [callback] The command result callback
+ */
+
 /**
  * Creates a new MongoClient instance
- * @class
+ * @constructor
+ * @extends {EventEmitter}
  * @param {string} url The connection URI string
- * @param {object} [options] Optional settings
- * @param {number} [options.poolSize=5] The maximum size of the individual server pool
- * @param {boolean} [options.ssl=false] Enable SSL connection. *deprecated* use `tls` variants
- * @param {boolean} [options.sslValidate=false] Validate mongod server certificate against Certificate Authority
- * @param {buffer} [options.sslCA=undefined] SSL Certificate store binary buffer *deprecated* use `tls` variants
- * @param {buffer} [options.sslCert=undefined] SSL Certificate binary buffer *deprecated* use `tls` variants
- * @param {buffer} [options.sslKey=undefined] SSL Key file binary buffer *deprecated* use `tls` variants
- * @param {string} [options.sslPass=undefined] SSL Certificate pass phrase *deprecated* use `tls` variants
- * @param {buffer} [options.sslCRL=undefined] SSL Certificate revocation list binary buffer *deprecated* use `tls` variants
- * @param {boolean|function} [options.checkServerIdentity=true] Ensure we check server identify during SSL, set to false to disable checking. Only works for Node 0.12.x or higher. You can pass in a boolean or your own checkServerIdentity override function. *deprecated* use `tls` variants
- * @param {boolean} [options.tls=false] Enable TLS connections
- * @param {boolean} [options.tlsInsecure=false] Relax TLS constraints, disabling validation
- * @param {string} [options.tlsCAFile] A path to file with either a single or bundle of certificate authorities to be considered trusted when making a TLS connection
- * @param {string} [options.tlsCertificateKeyFile] A path to the client certificate file or the client private key file; in the case that they both are needed, the files should be concatenated
- * @param {string} [options.tlsCertificateKeyFilePassword] The password to decrypt the client private key to be used for TLS connections
- * @param {boolean} [options.tlsAllowInvalidCertificates] Specifies whether or not the driver should error when the server’s TLS certificate is invalid
- * @param {boolean} [options.tlsAllowInvalidHostnames] Specifies whether or not the driver should error when there is a mismatch between the server’s hostname and the hostname specified by the TLS certificate
- * @param {boolean} [options.autoReconnect=true] Enable autoReconnect for single server instances
- * @param {boolean} [options.noDelay=true] TCP Connection no delay
- * @param {boolean} [options.keepAlive=true] TCP Connection keep alive enabled
- * @param {number} [options.keepAliveInitialDelay=120000] The number of milliseconds to wait before initiating keepAlive on the TCP socket
- * @param {number} [options.connectTimeoutMS=10000] How long to wait for a connection to be established before timing out
- * @param {number} [options.socketTimeoutMS=0] How long a send or receive on a socket can take before timing out
- * @param {number} [options.family] Version of IP stack. Can be 4, 6 or null (default).
- * If null, will attempt to connect with IPv6, and will fall back to IPv4 on failure
- * @param {number} [options.reconnectTries=30] Server attempt to reconnect #times
- * @param {number} [options.reconnectInterval=1000] Server will wait # milliseconds between retries
- * @param {boolean} [options.ha=true] Control if high availability monitoring runs for Replicaset or Mongos proxies
- * @param {number} [options.haInterval=10000] The High availability period for replicaset inquiry
- * @param {string} [options.replicaSet=undefined] The Replicaset set name
- * @param {number} [options.secondaryAcceptableLatencyMS=15] Cutoff latency point in MS for Replicaset member selection
- * @param {number} [options.acceptableLatencyMS=15] Cutoff latency point in MS for Mongos proxies selection
- * @param {boolean} [options.connectWithNoPrimary=false] Sets if the driver should connect even if no primary is available
- * @param {string} [options.authSource=undefined] Define the database to authenticate against
- * @param {(number|string)} [options.w] **Deprecated** The write concern. Use writeConcern instead.
- * @param {number} [options.wtimeout] **Deprecated** The write concern timeout. Use writeConcern instead.
- * @param {boolean} [options.j=false] **Deprecated** Specify a journal write concern. Use writeConcern instead.
- * @param {boolean} [options.fsync=false] **Deprecated** Specify a file sync write concern. Use writeConcern instead.
- * @param {object|WriteConcern} [options.writeConcern] Specify write concern settings.
- * @param {boolean} [options.forceServerObjectId=false] Force server to assign _id values instead of driver
- * @param {boolean} [options.serializeFunctions=false] Serialize functions on any object
- * @param {Boolean} [options.ignoreUndefined=false] Specify if the BSON serializer should ignore undefined fields
- * @param {boolean} [options.raw=false] Return document results as raw BSON buffers
- * @param {number} [options.bufferMaxEntries=-1] Sets a cap on how many operations the driver will buffer up before giving up on getting a working connection, default is -1 which is unlimited
- * @param {(ReadPreference|string)} [options.readPreference] The preferred read preference (ReadPreference.PRIMARY, ReadPreference.PRIMARY_PREFERRED, ReadPreference.SECONDARY, ReadPreference.SECONDARY_PREFERRED, ReadPreference.NEAREST)
- * @param {object} [options.pkFactory] A primary key factory object for generation of custom _id keys
- * @param {object} [options.promiseLibrary] A Promise library class the application wishes to use such as Bluebird, must be ES6 compatible
- * @param {object} [options.readConcern] Specify a read concern for the collection (only MongoDB 3.2 or higher supported)
- * @param {ReadConcernLevel} [options.readConcern.level='local'] Specify a read concern level for the collection operations (only MongoDB 3.2 or higher supported)
- * @param {number} [options.maxStalenessSeconds=undefined] The max staleness to secondary reads (values under 10 seconds cannot be guaranteed)
- * @param {string} [options.loggerLevel=undefined] The logging level (error/warn/info/debug)
- * @param {object} [options.logger=undefined] Custom logger object
- * @param {boolean} [options.promoteValues=true] Promotes BSON values to native types where possible, set to false to only receive wrapper types
- * @param {boolean} [options.promoteBuffers=false] Promotes Binary BSON values to native Node Buffers
- * @param {boolean} [options.promoteLongs=true] Promotes long values to number if they fit inside the 53 bits resolution
- * @param {boolean} [options.domainsEnabled=false] Enable the wrapping of the callback in the current domain, disabled by default to avoid perf hit
- * @param {object} [options.validateOptions=false] Validate MongoClient passed in options for correctness
- * @param {string} [options.appname=undefined] The name of the application that created this MongoClient instance. MongoDB 3.4 and newer will print this value in the server log upon establishing each connection. It is also recorded in the slow query log and profile collections
- * @param {string} [options.auth.user=undefined] The username for auth
- * @param {string} [options.auth.password=undefined] The password for auth
- * @param {string} [options.authMechanism] An authentication mechanism to use for connection authentication, see the {@link https://docs.mongodb.com/manual/reference/connection-string/#urioption.authMechanism|authMechanism} reference for supported options.
- * @param {object} [options.compression] Type of compression to use: snappy or zlib
- * @param {array} [options.readPreferenceTags] Read preference tags
- * @param {number} [options.numberOfRetries=5] The number of retries for a tailable cursor
- * @param {boolean} [options.auto_reconnect=true] Enable auto reconnecting for single server instances
- * @param {boolean} [options.monitorCommands=false] Enable command monitoring for this client
- * @param {number} [options.minSize] If present, the connection pool will be initialized with minSize connections, and will never dip below minSize connections
- * @param {boolean} [options.useNewUrlParser=true] Determines whether or not to use the new url parser. Enables the new, spec-compliant, url parser shipped in the core driver. This url parser fixes a number of problems with the original parser, and aims to outright replace that parser in the near future. Defaults to true, and must be explicitly set to false to use the legacy url parser.
- * @param {boolean} [options.useUnifiedTopology] Enables the new unified topology layer
- * @param {Number} [options.localThresholdMS=15] **Only applies to the unified topology** The size of the latency window for selecting among multiple suitable servers
- * @param {Number} [options.serverSelectionTimeoutMS=30000] **Only applies to the unified topology** How long to block for server selection before throwing an error
- * @param {Number} [options.heartbeatFrequencyMS=10000] **Only applies to the unified topology** The frequency with which topology updates are scheduled
- * @param {number} [options.maxPoolSize=10] **Only applies to the unified topology** The maximum number of connections that may be associated with a pool at a given time. This includes in use and available connections.
- * @param {number} [options.minPoolSize=0] **Only applies to the unified topology** The minimum number of connections that MUST exist at any moment in a single connection pool.
- * @param {number} [options.maxIdleTimeMS] **Only applies to the unified topology** The maximum amount of time a connection should remain idle in the connection pool before being marked idle. The default is infinity.
- * @param {number} [options.waitQueueTimeoutMS=0] **Only applies to the unified topology** The maximum amount of time operation execution should wait for a connection to become available. The default is 0 which means there is no limit.
- * @param {AutoEncrypter~AutoEncryptionOptions} [options.autoEncryption] Optionally enable client side auto encryption
- * @param {DriverInfoOptions} [options.driverInfo] Allows a wrapping driver to amend the client metadata generated by the driver to include information about the wrapping driver
- * @param {boolean} [options.directConnection=false] Enable directConnection
- * @param {MongoClient~connectCallback} [callback] The command result callback
- * @return {MongoClient} a MongoClient instance
+ * @param {MongoClientOptions} [options] Optional settings
  */
 function MongoClient(url, options) {
   if (!(this instanceof MongoClient)) return new MongoClient(url, options);
   // Set up event emitter
   EventEmitter.call(this);
 
+  if (options && options.autoEncryption) require('./encrypter'); // Does CSFLE lib check
+
   // The internal state
   this.s = {
     url: url,
@@ -268,13 +302,13 @@ MongoClient.prototype.close = function(force, callback) {
     }
 
     client.topology.close(force, err => {
-      const autoEncrypter = client.topology.s.options.autoEncrypter;
-      if (!autoEncrypter) {
-        completeClose(err);
-        return;
+      const encrypter = client.topology.s.options.encrypter;
+      if (encrypter) {
+        return encrypter.close(client, force, err2 => {
+          completeClose(err || err2);
+        });
       }
-
-      autoEncrypter.teardown(force, err2 => completeClose(err || err2));
+      completeClose(err);
     });
   });
 };
@@ -351,86 +385,7 @@ MongoClient.prototype.isConnected = function(options) {
  * @method
  * @static
  * @param {string} url The connection URI string
- * @param {object} [options] Optional settings
- * @param {number} [options.poolSize=5] The maximum size of the individual server pool
- * @param {boolean} [options.ssl=false] Enable SSL connection. *deprecated* use `tls` variants
- * @param {boolean} [options.sslValidate=false] Validate mongod server certificate against Certificate Authority
- * @param {buffer} [options.sslCA=undefined] SSL Certificate store binary buffer *deprecated* use `tls` variants
- * @param {buffer} [options.sslCert=undefined] SSL Certificate binary buffer *deprecated* use `tls` variants
- * @param {buffer} [options.sslKey=undefined] SSL Key file binary buffer *deprecated* use `tls` variants
- * @param {string} [options.sslPass=undefined] SSL Certificate pass phrase *deprecated* use `tls` variants
- * @param {buffer} [options.sslCRL=undefined] SSL Certificate revocation list binary buffer *deprecated* use `tls` variants
- * @param {boolean|function} [options.checkServerIdentity=true] Ensure we check server identify during SSL, set to false to disable checking. Only works for Node 0.12.x or higher. You can pass in a boolean or your own checkServerIdentity override function. *deprecated* use `tls` variants
- * @param {boolean} [options.tls=false] Enable TLS connections
- * @param {boolean} [options.tlsInsecure=false] Relax TLS constraints, disabling validation
- * @param {string} [options.tlsCAFile] A path to file with either a single or bundle of certificate authorities to be considered trusted when making a TLS connection
- * @param {string} [options.tlsCertificateKeyFile] A path to the client certificate file or the client private key file; in the case that they both are needed, the files should be concatenated
- * @param {string} [options.tlsCertificateKeyFilePassword] The password to decrypt the client private key to be used for TLS connections
- * @param {boolean} [options.tlsAllowInvalidCertificates] Specifies whether or not the driver should error when the server’s TLS certificate is invalid
- * @param {boolean} [options.tlsAllowInvalidHostnames] Specifies whether or not the driver should error when there is a mismatch between the server’s hostname and the hostname specified by the TLS certificate
- * @param {boolean} [options.autoReconnect=true] Enable autoReconnect for single server instances
- * @param {boolean} [options.noDelay=true] TCP Connection no delay
- * @param {boolean} [options.keepAlive=true] TCP Connection keep alive enabled
- * @param {number} [options.keepAliveInitialDelay=120000] The number of milliseconds to wait before initiating keepAlive on the TCP socket
- * @param {number} [options.connectTimeoutMS=10000] How long to wait for a connection to be established before timing out
- * @param {number} [options.socketTimeoutMS=0] How long a send or receive on a socket can take before timing out
- * @param {number} [options.family] Version of IP stack. Can be 4, 6 or null (default).
- * If null, will attempt to connect with IPv6, and will fall back to IPv4 on failure
- * @param {number} [options.reconnectTries=30] Server attempt to reconnect #times
- * @param {number} [options.reconnectInterval=1000] Server will wait # milliseconds between retries
- * @param {boolean} [options.ha=true] Control if high availability monitoring runs for Replicaset or Mongos proxies
- * @param {number} [options.haInterval=10000] The High availability period for replicaset inquiry
- * @param {string} [options.replicaSet=undefined] The Replicaset set name
- * @param {number} [options.secondaryAcceptableLatencyMS=15] Cutoff latency point in MS for Replicaset member selection
- * @param {number} [options.acceptableLatencyMS=15] Cutoff latency point in MS for Mongos proxies selection
- * @param {boolean} [options.connectWithNoPrimary=false] Sets if the driver should connect even if no primary is available
- * @param {string} [options.authSource=undefined] Define the database to authenticate against
- * @param {(number|string)} [options.w] **Deprecated** The write concern. Use writeConcern instead.
- * @param {number} [options.wtimeout] **Deprecated** The write concern timeout. Use writeConcern instead.
- * @param {boolean} [options.j=false] **Deprecated** Specify a journal write concern. Use writeConcern instead.
- * @param {boolean} [options.fsync=false] **Deprecated** Specify a file sync write concern. Use writeConcern instead.
- * @param {object|WriteConcern} [options.writeConcern] Specify write concern settings.
- * @param {boolean} [options.forceServerObjectId=false] Force server to assign _id values instead of driver
- * @param {boolean} [options.serializeFunctions=false] Serialize functions on any object
- * @param {Boolean} [options.ignoreUndefined=false] Specify if the BSON serializer should ignore undefined fields
- * @param {boolean} [options.raw=false] Return document results as raw BSON buffers
- * @param {number} [options.bufferMaxEntries=-1] Sets a cap on how many operations the driver will buffer up before giving up on getting a working connection, default is -1 which is unlimited
- * @param {(ReadPreference|string)} [options.readPreference] The preferred read preference (ReadPreference.PRIMARY, ReadPreference.PRIMARY_PREFERRED, ReadPreference.SECONDARY, ReadPreference.SECONDARY_PREFERRED, ReadPreference.NEAREST)
- * @param {object} [options.pkFactory] A primary key factory object for generation of custom _id keys
- * @param {object} [options.promiseLibrary] A Promise library class the application wishes to use such as Bluebird, must be ES6 compatible
- * @param {object} [options.readConcern] Specify a read concern for the collection (only MongoDB 3.2 or higher supported)
- * @param {ReadConcernLevel} [options.readConcern.level='local'] Specify a read concern level for the collection operations (only MongoDB 3.2 or higher supported)
- * @param {number} [options.maxStalenessSeconds=undefined] The max staleness to secondary reads (values under 10 seconds cannot be guaranteed)
- * @param {string} [options.loggerLevel=undefined] The logging level (error/warn/info/debug)
- * @param {object} [options.logger=undefined] Custom logger object
- * @param {boolean} [options.promoteValues=true] Promotes BSON values to native types where possible, set to false to only receive wrapper types
- * @param {boolean} [options.promoteBuffers=false] Promotes Binary BSON values to native Node Buffers
- * @param {boolean} [options.promoteLongs=true] Promotes long values to number if they fit inside the 53 bits resolution
- * @param {boolean} [options.domainsEnabled=false] Enable the wrapping of the callback in the current domain, disabled by default to avoid perf hit
- * @param {object} [options.validateOptions=false] Validate MongoClient passed in options for correctness
- * @param {string} [options.appname=undefined] The name of the application that created this MongoClient instance. MongoDB 3.4 and newer will print this value in the server log upon establishing each connection. It is also recorded in the slow query log and profile collections
- * @param {string} [options.auth.user=undefined] The username for auth
- * @param {string} [options.auth.password=undefined] The password for auth
- * @param {string} [options.authMechanism] An authentication mechanism to use for connection authentication, see the {@link https://docs.mongodb.com/manual/reference/connection-string/#urioption.authMechanism|authMechanism} reference for supported options.
- * @param {object} [options.compression] Type of compression to use: snappy or zlib
- * @param {array} [options.readPreferenceTags] Read preference tags
- * @param {number} [options.numberOfRetries=5] The number of retries for a tailable cursor
- * @param {boolean} [options.auto_reconnect=true] Enable auto reconnecting for single server instances
- * @param {boolean} [options.monitorCommands=false] Enable command monitoring for this client
- * @param {number} [options.minSize] If present, the connection pool will be initialized with minSize connections, and will never dip below minSize connections
- * @param {boolean} [options.directConnection=false] Enable directConnection
- * @param {boolean} [options.useNewUrlParser=true] Determines whether or not to use the new url parser. Enables the new, spec-compliant, url parser shipped in the core driver. This url parser fixes a number of problems with the original parser, and aims to outright replace that parser in the near future. Defaults to true, and must be explicitly set to false to use the legacy url parser.
- * @param {boolean} [options.useUnifiedTopology] Enables the new unified topology layer
- * @param {Number} [options.localThresholdMS=15] **Only applies to the unified topology** The size of the latency window for selecting among multiple suitable servers
- * @param {Number} [options.serverSelectionTimeoutMS=30000] **Only applies to the unified topology** How long to block for server selection before throwing an error
- * @param {Number} [options.heartbeatFrequencyMS=10000] **Only applies to the unified topology** The frequency with which topology updates are scheduled
- * @param {number} [options.maxPoolSize=10] **Only applies to the unified topology** The maximum number of connections that may be associated with a pool at a given time. This includes in use and available connections.
- * @param {number} [options.minPoolSize=0] **Only applies to the unified topology** The minimum number of connections that MUST exist at any moment in a single connection pool.
- * @param {number} [options.maxIdleTimeMS] **Only applies to the unified topology** The maximum amount of time a connection should remain idle in the connection pool before being marked idle. The default is infinity.
- * @param {number} [options.waitQueueTimeoutMS=0] **Only applies to the unified topology** The maximum amount of time operation execution should wait for a connection to become available. The default is 0 which means there is no limit.
- * @param {AutoEncrypter~AutoEncryptionOptions} [options.autoEncryption] Optionally enable client side auto encryption
- * @param {DriverInfoOptions} [options.driverInfo] Allows a wrapping driver to amend the client metadata generated by the driver to include information about the wrapping driver
- * @param {MongoClient~connectCallback} [callback] The command result callback
+ * @param {MongoClientOptions} [options] Optional settings
  * @return {Promise<MongoClient>} returns Promise if no callback passed
  */
 MongoClient.connect = function(url, options, callback) {

package/lib/operations/bulk_write.js

@@ -70,31 +70,6 @@ class BulkWriteOperation extends OperationBase {
         return callback(err, null);
       }
 
-      r.insertedCount = r.nInserted;
-      r.matchedCount = r.nMatched;
-      r.modifiedCount = r.nModified || 0;
-      r.deletedCount = r.nRemoved;
-      r.upsertedCount = r.getUpsertedIds().length;
-      r.upsertedIds = {};
-      r.insertedIds = {};
-
-      // Update the n
-      r.n = r.insertedCount;
-
-      // Inserted documents
-      const inserted = r.getInsertedIds();
-      // Map inserted ids
-      for (let i = 0; i < inserted.length; i++) {
-        r.insertedIds[inserted[i].index] = inserted[i]._id;
-      }
-
-      // Upserted documents
-      const upserted = r.getUpsertedIds();
-      // Map upserted ids
-      for (let i = 0; i < upserted.length; i++) {
-        r.upsertedIds[upserted[i].index] = upserted[i]._id;
-      }
-
       // Return the results
       callback(null, r);
     });

package/lib/operations/connect.js

@@ -16,7 +16,6 @@ const emitDeprecationWarning = require('../utils').emitDeprecationWarning;
 const emitWarningOnce = require('../utils').emitWarningOnce;
 const fs = require('fs');
 const WriteConcern = require('../write_concern');
-const BSON = require('../core/connection/utils').retrieveBSON();
 const CMAP_EVENT_NAMES = require('../cmap/events').CMAP_EVENT_NAMES;
 
 let client;
@@ -496,58 +495,9 @@ function createTopology(mongoClient, topologyType, options, callback) {
 
   // determine CSFLE support
   if (options.autoEncryption != null) {
-    let AutoEncrypter;
-    try {
-      require.resolve('mongodb-client-encryption');
-    } catch (err) {
-      callback(
-        new MongoError(
-          'Auto-encryption requested, but the module is not installed. Please add `mongodb-client-encryption` as a dependency of your project'
-        )
-      );
-      return;
-    }
-
-    try {
-      let mongodbClientEncryption = require('mongodb-client-encryption');
-      if (typeof mongodbClientEncryption.extension !== 'function') {
-        callback(
-          new MongoError(
-            'loaded version of `mongodb-client-encryption` does not have property `extension`. Please make sure you are loading the correct version of `mongodb-client-encryption`'
-          )
-        );
-      }
-      AutoEncrypter = mongodbClientEncryption.extension(require('../../index')).AutoEncrypter;
-    } catch (err) {
-      callback(err);
-      return;
-    }
-
-    const mongoCryptOptions = Object.assign(
-      {
-        bson:
-          options.bson ||
-          new BSON([
-            BSON.Binary,
-            BSON.Code,
-            BSON.DBRef,
-            BSON.Decimal128,
-            BSON.Double,
-            BSON.Int32,
-            BSON.Long,
-            BSON.Map,
-            BSON.MaxKey,
-            BSON.MinKey,
-            BSON.ObjectId,
-            BSON.BSONRegExp,
-            BSON.Symbol,
-            BSON.Timestamp
-          ])
-      },
-      options.autoEncryption
-    );
-
-    options.autoEncrypter = new AutoEncrypter(mongoClient, mongoCryptOptions);
+    const Encrypter = require('../encrypter').Encrypter;
+    options.encrypter = new Encrypter(mongoClient, options);
+    options.autoEncrypter = options.encrypter.autoEncrypter;
   }
 
   // Create the topology
@@ -585,7 +535,10 @@ function createTopology(mongoClient, topologyType, options, callback) {
           return;
         }
 
-        callback(undefined, topology);
+        options.encrypter.connectInternalClient(error => {
+          if (error) return callback(error);
+          callback(undefined, topology);
+        });
       });
     });
 
@@ -616,7 +569,7 @@ function createUnifiedOptions(finalOptions, options) {
     'mongos_options'
   ];
   const noMerge = ['readconcern', 'compression', 'autoencryption'];
-  const skip = ['w', 'wtimeout', 'j', 'journal', 'fsync', 'writeConcern'];
+  const skip = ['w', 'wtimeout', 'j', 'journal', 'fsync', 'writeconcern'];
 
   for (const name in options) {
     if (skip.indexOf(name.toLowerCase()) !== -1) {

package/lib/operations/find.js

@@ -20,6 +20,9 @@ class FindOperation extends OperationBase {
     // copied from `CommandOperationV2`, to be subclassed in the future
     this.server = server;
 
+    // updates readPreference if setReadPreference was called on the cursor
+    this.readPreference = ReadPreference.resolve(this, this.options);
+
     if (typeof this.cmd.allowDiskUse !== 'undefined' && maxWireVersion(server) < 4) {
       callback(new MongoError('The `allowDiskUse` option is not supported on MongoDB < 3.2'));
       return;