mongodb 5.1.0 → 5.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +25 -22
- package/lib/admin.js +2 -0
- package/lib/admin.js.map +1 -1
- package/lib/bulk/common.js +28 -7
- package/lib/bulk/common.js.map +1 -1
- package/lib/change_stream.js +1 -1
- package/lib/cmap/auth/auth_provider.js +21 -10
- package/lib/cmap/auth/auth_provider.js.map +1 -1
- package/lib/cmap/auth/gssapi.js +71 -116
- package/lib/cmap/auth/gssapi.js.map +1 -1
- package/lib/cmap/auth/mongo_credentials.js +7 -9
- package/lib/cmap/auth/mongo_credentials.js.map +1 -1
- package/lib/cmap/auth/mongocr.js +20 -29
- package/lib/cmap/auth/mongocr.js.map +1 -1
- package/lib/cmap/auth/mongodb_aws.js +125 -140
- package/lib/cmap/auth/mongodb_aws.js.map +1 -1
- package/lib/cmap/auth/mongodb_oidc/aws_service_workflow.js +28 -0
- package/lib/cmap/auth/mongodb_oidc/aws_service_workflow.js.map +1 -0
- package/lib/cmap/auth/mongodb_oidc/callback_workflow.js +178 -0
- package/lib/cmap/auth/mongodb_oidc/callback_workflow.js.map +1 -0
- package/lib/cmap/auth/mongodb_oidc/service_workflow.js +41 -0
- package/lib/cmap/auth/mongodb_oidc/service_workflow.js.map +1 -0
- package/lib/cmap/auth/mongodb_oidc/token_entry_cache.js +115 -0
- package/lib/cmap/auth/mongodb_oidc/token_entry_cache.js.map +1 -0
- package/lib/cmap/auth/mongodb_oidc/workflow.js +3 -0
- package/lib/cmap/auth/mongodb_oidc/workflow.js.map +1 -0
- package/lib/cmap/auth/mongodb_oidc.js +59 -0
- package/lib/cmap/auth/mongodb_oidc.js.map +1 -1
- package/lib/cmap/auth/plain.js +4 -5
- package/lib/cmap/auth/plain.js.map +1 -1
- package/lib/cmap/auth/providers.js +1 -1
- package/lib/cmap/auth/providers.js.map +1 -1
- package/lib/cmap/auth/scram.js +45 -73
- package/lib/cmap/auth/scram.js.map +1 -1
- package/lib/cmap/auth/x509.js +8 -11
- package/lib/cmap/auth/x509.js.map +1 -1
- package/lib/cmap/command_monitoring_events.js +14 -5
- package/lib/cmap/command_monitoring_events.js.map +1 -1
- package/lib/cmap/commands.js +1 -1
- package/lib/cmap/commands.js.map +1 -1
- package/lib/cmap/connect.js +73 -86
- package/lib/cmap/connect.js.map +1 -1
- package/lib/cmap/connection.js +19 -23
- package/lib/cmap/connection.js.map +1 -1
- package/lib/cmap/connection_pool.js +56 -14
- package/lib/cmap/connection_pool.js.map +1 -1
- package/lib/cmap/connection_pool_events.js +28 -3
- package/lib/cmap/connection_pool_events.js.map +1 -1
- package/lib/cmap/handshake/client_metadata.js +173 -0
- package/lib/cmap/handshake/client_metadata.js.map +1 -0
- package/lib/cmap/message_stream.js.map +1 -1
- package/lib/cmap/wire_protocol/shared.js +1 -16
- package/lib/cmap/wire_protocol/shared.js.map +1 -1
- package/lib/collection.js +10 -10
- package/lib/connection_string.js +50 -69
- package/lib/connection_string.js.map +1 -1
- package/lib/constants.js +11 -0
- package/lib/constants.js.map +1 -1
- package/lib/cursor/abstract_cursor.js +2 -1
- package/lib/cursor/abstract_cursor.js.map +1 -1
- package/lib/cursor/find_cursor.js +1 -1
- package/lib/db.js +4 -2
- package/lib/db.js.map +1 -1
- package/lib/error.js +2 -1
- package/lib/error.js.map +1 -1
- package/lib/mongo_client.js +23 -2
- package/lib/mongo_client.js.map +1 -1
- package/lib/mongo_logger.js +236 -23
- package/lib/mongo_logger.js.map +1 -1
- package/lib/operations/add_user.js.map +1 -1
- package/lib/operations/execute_operation.js +8 -27
- package/lib/operations/execute_operation.js.map +1 -1
- package/lib/operations/find.js +1 -8
- package/lib/operations/find.js.map +1 -1
- package/lib/operations/update.js.map +1 -1
- package/lib/read_concern.js +1 -1
- package/lib/read_preference.js +2 -2
- package/lib/sdam/srv_polling.js +1 -15
- package/lib/sdam/srv_polling.js.map +1 -1
- package/lib/sdam/topology.js +0 -16
- package/lib/sdam/topology.js.map +1 -1
- package/lib/utils.js +33 -90
- package/lib/utils.js.map +1 -1
- package/lib/write_concern.js +1 -1
- package/mongodb.d.ts +242 -93
- package/package.json +30 -31
- package/src/admin.ts +2 -0
- package/src/bulk/common.ts +29 -8
- package/src/change_stream.ts +5 -5
- package/src/cmap/auth/auth_provider.ts +29 -16
- package/src/cmap/auth/gssapi.ts +102 -149
- package/src/cmap/auth/mongo_credentials.ts +14 -23
- package/src/cmap/auth/mongocr.ts +31 -36
- package/src/cmap/auth/mongodb_aws.ts +166 -189
- package/src/cmap/auth/mongodb_oidc/aws_service_workflow.ts +26 -0
- package/src/cmap/auth/mongodb_oidc/callback_workflow.ts +259 -0
- package/src/cmap/auth/mongodb_oidc/service_workflow.ts +47 -0
- package/src/cmap/auth/mongodb_oidc/token_entry_cache.ts +166 -0
- package/src/cmap/auth/mongodb_oidc/workflow.ts +21 -0
- package/src/cmap/auth/mongodb_oidc.ts +101 -17
- package/src/cmap/auth/plain.ts +6 -6
- package/src/cmap/auth/providers.ts +2 -2
- package/src/cmap/auth/scram.ts +56 -90
- package/src/cmap/auth/x509.ts +12 -18
- package/src/cmap/command_monitoring_events.ts +18 -3
- package/src/cmap/commands.ts +1 -1
- package/src/cmap/connect.ts +92 -114
- package/src/cmap/connection.ts +39 -25
- package/src/cmap/connection_pool.ts +89 -18
- package/src/cmap/connection_pool_events.ts +68 -6
- package/src/cmap/handshake/client_metadata.ts +272 -0
- package/src/cmap/message_stream.ts +0 -2
- package/src/cmap/wire_protocol/compression.ts +1 -1
- package/src/cmap/wire_protocol/shared.ts +1 -23
- package/src/collection.ts +13 -13
- package/src/connection_string.ts +56 -72
- package/src/constants.ts +11 -0
- package/src/cursor/abstract_cursor.ts +3 -2
- package/src/cursor/change_stream_cursor.ts +5 -5
- package/src/cursor/find_cursor.ts +1 -1
- package/src/db.ts +4 -2
- package/src/deps.ts +3 -2
- package/src/error.ts +3 -2
- package/src/index.ts +21 -3
- package/src/mongo_client.ts +60 -14
- package/src/mongo_logger.ts +341 -40
- package/src/mongo_types.ts +2 -2
- package/src/operations/add_user.ts +8 -2
- package/src/operations/aggregate.ts +1 -1
- package/src/operations/create_collection.ts +1 -1
- package/src/operations/execute_operation.ts +8 -25
- package/src/operations/find.ts +1 -11
- package/src/operations/find_and_modify.ts +4 -4
- package/src/operations/set_profiling_level.ts +1 -1
- package/src/operations/stats.ts +1 -1
- package/src/operations/update.ts +8 -4
- package/src/read_concern.ts +2 -2
- package/src/read_preference.ts +3 -3
- package/src/sdam/common.ts +2 -2
- package/src/sdam/srv_polling.ts +1 -16
- package/src/sdam/topology.ts +1 -23
- package/src/transactions.ts +1 -1
- package/src/utils.ts +37 -147
- package/src/write_concern.ts +1 -1
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"gssapi.js","sourceRoot":"","sources":["../../../src/cmap/auth/gssapi.ts"],"names":[],"mappings":";;;AAAA,2BAA2B;
|
|
1
|
+
{"version":3,"file":"gssapi.js","sourceRoot":"","sources":["../../../src/cmap/auth/gssapi.ts"],"names":[],"mappings":";;;AAAA,2BAA2B;AAE3B,qCAAsD;AACtD,uCAAsF;AACtF,uCAAiC;AAEjC,mDAA4D;AAE5D,cAAc;AACD,QAAA,2BAA2B,GAAG,MAAM,CAAC,MAAM,CAAC;IACvD,EAAE,EAAE,IAAI;IACR,GAAG,EAAE,KAAK;IACV,IAAI,EAAE,MAAM;IACZ,OAAO,EAAE,SAAS;IAClB,iBAAiB,EAAE,mBAAmB;CAC9B,CAAC,CAAC;AAaZ,KAAK,UAAU,eAAe,CAC5B,UAAsB,EACtB,OAAuE;IAEvE,OAAO,UAAU,CAAC,YAAY,CAAC,IAAA,UAAE,EAAC,gBAAgB,CAAC,EAAE,OAAO,EAAE,SAAS,CAGrE,CAAC;AACL,CAAC;AAED,MAAa,MAAO,SAAQ,4BAAY;IAC7B,KAAK,CAAC,IAAI,CAAC,WAAwB;QAC1C,MAAM,EAAE,UAAU,EAAE,WAAW,EAAE,GAAG,WAAW,CAAC;QAChD,IAAI,WAAW,IAAI,IAAI,EAAE;YACvB,MAAM,IAAI,oCAA4B,CAAC,gDAAgD,CAAC,CAAC;SAC1F;QAED,MAAM,EAAE,QAAQ,EAAE,GAAG,WAAW,CAAC;QAEjC,MAAM,MAAM,GAAG,MAAM,kBAAkB,CAAC,WAAW,CAAC,CAAC;QAErD,MAAM,OAAO,GAAG,MAAM,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAEtC,MAAM,iBAAiB,GAAG,MAAM,eAAe,CAAC,UAAU,EAAE,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC;QAEhF,MAAM,iBAAiB,GAAG,MAAM,SAAS,CAAC,MAAM,EAAE,EAAE,EAAE,iBAAiB,CAAC,OAAO,CAAC,CAAC;QAEjF,MAAM,oBAAoB,GAAG,MAAM,eAAe,CAChD,UAAU,EACV,YAAY,CAAC,iBAAiB,EAAE,iBAAiB,CAAC,cAAc,CAAC,CAClE,CAAC;QAEF,MAAM,eAAe,GAAG,MAAM,QAAQ,CAAC,MAAM,EAAE,QAAQ,EAAE,oBAAoB,CAAC,OAAO,CAAC,CAAC;QAEvF,MAAM,eAAe,CAAC,UAAU,EAAE;YAChC,YAAY,EAAE,CAAC;YACf,cAAc,EAAE,oBAAoB,CAAC,cAAc;YACnD,OAAO,EAAE,eAAe;SACzB,CAAC,CAAC;IACL,CAAC;CACF;AA9BD,wBA8BC;AAED,KAAK,UAAU,kBAAkB,CAAC,WAAwB;IACxD,MAAM,EAAE,WAAW,EAAE,GAAG,WAAW,CAAC,OAAO,CAAC;IAC5C,MAAM,EAAE,WAAW,EAAE,GAAG,WAAW,CAAC;IACpC,IAAI,CAAC,WAAW,IAAI,OAAO,WAAW,CAAC,IAAI,KAAK,QAAQ,IAAI,CAAC,WAAW,EAAE;QACxE,MAAM,IAAI,iCAAyB,CACjC,6DAA6D,CAC9D,CAAC;KACH;IAED,IAAI,cAAc,IAAI,eAAQ,EAAE;QAC9B,MAAM,eAAQ,CAAC,cAAc,CAAC,CAAC;KAChC;IACD,MAAM,EAAE,gBAAgB,EAAE,GAAG,eAAQ,CAAC;IAEtC,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,GAAG,WAAW,CAAC;IAC3C,MAAM,mBAAmB,GAAG,WAAW,CAAC,mBAA0C,CAAC;IAEnF,MAAM,WAAW,GAAG,mBAAmB,CAAC,YAAY,IAAI,SAAS,CAAC;IAElE,MAAM,IAAI,GAAG,MAAM,iCAAiC,CAAC,WAAW,CAAC,IAAI,EAAE,mBAAmB,CAAC,CAAC;IAE5F,MAAM,WAAW,GAAG,EAAE,CAAC;IACvB,IAAI,QAAQ,IAAI,IAAI,EAAE;QACpB,iFAAiF;QACjF,MAAM,CAAC,MAAM,CAAC,WAAW,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAC,CAAC;KACpE;IAED,MAAM,OAAO,GAAG,mBAAmB,CAAC,YAAY,IAAI,IAAI,CAAC;IACzD,IAAI,GAAG,GAAG,GAAG,WAAW,GAAG,OAAO,CAAC,QAAQ,KAAK,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,GAAG,OAAO,EAAE,CAAC;IAChF,IAAI,eAAe,IAAI,mBAAmB,EAAE;QAC1C,GAAG,GAAG,GAAG,GAAG,IAAI,mBAAmB,CAAC,aAAa,EAAE,CAAC;KACrD;IAED,OAAO,gBAAgB,CAAC,GAAG,EAAE,WAAW,CAAC,CAAC;AAC5C,CAAC;AAED,SAAS,SAAS,CAAC,OAAe;IAChC,OAAO;QACL,SAAS,EAAE,CAAC;QACZ,SAAS,EAAE,QAAQ;QACnB,OAAO;QACP,aAAa,EAAE,CAAC;KACR,CAAC;AACb,CAAC;AAED,SAAS,YAAY,CAAC,OAAe,EAAE,cAAsB;IAC3D,OAAO;QACL,YAAY,EAAE,CAAC;QACf,cAAc;QACd,OAAO;KACC,CAAC;AACb,CAAC;AAED,KAAK,UAAU,SAAS,CACtB,MAAsB,EACtB,OAAe,EACf,OAAe;IAEf,IAAI;QACF,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAC5C,OAAO,QAAQ,IAAI,EAAE,CAAC;KACvB;IAAC,OAAO,KAAK,EAAE;QACd,IAAI,OAAO,KAAK,CAAC,EAAE;YACjB,iCAAiC;YACjC,MAAM,KAAK,CAAC;SACb;QACD,+CAA+C;QAC/C,OAAO,SAAS,CAAC,MAAM,EAAE,OAAO,GAAG,CAAC,EAAE,OAAO,CAAC,CAAC;KAChD;AACH,CAAC;AAED,KAAK,UAAU,QAAQ,CAAC,MAAsB,EAAE,IAAY,EAAE,OAAe;IAC3E,oBAAoB;IACpB,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAC9C,OAAO,MAAM,CAAC,IAAI,CAAC,QAAQ,IAAI,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC;AAC/C,CAAC;AAEM,KAAK,UAAU,iCAAiC,CACrD,IAAY,EACZ,mBAAwC;IAExC,MAAM,IAAI,GAAG,mBAAmB,CAAC,sBAAsB,CAAC;IACxD,IAAI,CAAC,IAAI,IAAI,IAAI,KAAK,mCAA2B,CAAC,IAAI,EAAE;QACtD,OAAO,IAAI,CAAC;KACb;IAED,iCAAiC;IACjC,IACE,IAAI,KAAK,mCAA2B,CAAC,EAAE;QACvC,IAAI,KAAK,mCAA2B,CAAC,iBAAiB,EACtD;QACA,wCAAwC;QACxC,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QAEpD,IAAI;YACF,kDAAkD;YAClD,MAAM,OAAO,GAAG,MAAM,GAAG,CAAC,QAAQ,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;YACvD,gEAAgE;YAChE,OAAO,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;SAC/C;QAAC,OAAO,KAAK,EAAE;YACd,wEAAwE;YACxE,iEAAiE;YACjE,SAAS;YACT,OAAO,YAAY,CAAC,IAAI,CAAC,CAAC;SAC3B;KACF;SAAM;QACL,oEAAoE;QACpE,sBAAsB;QACtB,OAAO,YAAY,CAAC,IAAI,CAAC,CAAC;KAC3B;AACH,CAAC;AAjCD,8EAiCC;AAEM,KAAK,UAAU,YAAY,CAAC,IAAY;IAC7C,mCAAmC;IACnC,IAAI;QACF,MAAM,OAAO,GAAG,MAAM,GAAG,CAAC,QAAQ,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC;QACtD,iCAAiC;QACjC,OAAO,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;KAC/C;IAAC,MAAM;QACN,OAAO,IAAI,CAAC;KACb;AACH,CAAC;AATD,oCASC"}
|
|
@@ -90,22 +90,20 @@ class MongoCredentials {
|
|
|
90
90
|
throw new error_1.MongoMissingCredentialsError(`Username required for mechanism '${this.mechanism}'`);
|
|
91
91
|
}
|
|
92
92
|
if (this.mechanism === providers_1.AuthMechanism.MONGODB_OIDC) {
|
|
93
|
-
if (this.username) {
|
|
94
|
-
throw new error_1.MongoInvalidArgumentError(`
|
|
93
|
+
if (this.username && this.mechanismProperties.PROVIDER_NAME) {
|
|
94
|
+
throw new error_1.MongoInvalidArgumentError(`username and PROVIDER_NAME may not be used together for mechanism '${this.mechanism}'.`);
|
|
95
95
|
}
|
|
96
|
-
if (this.mechanismProperties.
|
|
97
|
-
|
|
98
|
-
|
|
99
|
-
if (this.mechanismProperties.DEVICE_NAME && this.mechanismProperties.DEVICE_NAME !== 'aws') {
|
|
100
|
-
throw new error_1.MongoInvalidArgumentError(`Currently only a DEVICE_NAME of 'aws' is supported for mechanism '${this.mechanism}'.`);
|
|
96
|
+
if (this.mechanismProperties.PROVIDER_NAME &&
|
|
97
|
+
this.mechanismProperties.PROVIDER_NAME !== 'aws') {
|
|
98
|
+
throw new error_1.MongoInvalidArgumentError(`Currently only a PROVIDER_NAME of 'aws' is supported for mechanism '${this.mechanism}'.`);
|
|
101
99
|
}
|
|
102
100
|
if (this.mechanismProperties.REFRESH_TOKEN_CALLBACK &&
|
|
103
101
|
!this.mechanismProperties.REQUEST_TOKEN_CALLBACK) {
|
|
104
102
|
throw new error_1.MongoInvalidArgumentError(`A REQUEST_TOKEN_CALLBACK must be provided when using a REFRESH_TOKEN_CALLBACK for mechanism '${this.mechanism}'`);
|
|
105
103
|
}
|
|
106
|
-
if (!this.mechanismProperties.
|
|
104
|
+
if (!this.mechanismProperties.PROVIDER_NAME &&
|
|
107
105
|
!this.mechanismProperties.REQUEST_TOKEN_CALLBACK) {
|
|
108
|
-
throw new error_1.MongoInvalidArgumentError(`Either a
|
|
106
|
+
throw new error_1.MongoInvalidArgumentError(`Either a PROVIDER_NAME or a REQUEST_TOKEN_CALLBACK must be specified for mechanism '${this.mechanism}'.`);
|
|
109
107
|
}
|
|
110
108
|
}
|
|
111
109
|
if (providers_1.AUTH_MECHS_AUTH_SRC_EXTERNAL.has(this.mechanism)) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"mongo_credentials.js","sourceRoot":"","sources":["../../../src/cmap/auth/mongo_credentials.ts"],"names":[],"mappings":";;;AAEA,uCAIqB;AACrB,qCAAuD;AAEvD,2CAA0E;AAE1E,6EAA6E;AAC7E,SAAS,uBAAuB,CAAC,KAAgB;IAC/C,IAAI,KAAK,EAAE;QACT,0DAA0D;QAC1D,uCAAuC;QACvC,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,kBAAkB,CAAC,EAAE;YAC3C,OAAO,KAAK,CAAC,kBAAkB,CAAC,QAAQ,CAAC,yBAAa,CAAC,oBAAoB,CAAC;gBAC1E,CAAC,CAAC,yBAAa,CAAC,oBAAoB;gBACpC,CAAC,CAAC,yBAAa,CAAC,kBAAkB,CAAC;SACtC;QAED,6EAA6E;QAC7E,IAAI,KAAK,CAAC,cAAc,IAAI,CAAC,EAAE;YAC7B,OAAO,yBAAa,CAAC,kBAAkB,CAAC;SACzC;KACF;IAED,+BAA+B;IAC/B,OAAO,yBAAa,CAAC,UAAU,CAAC;AAClC,CAAC;
|
|
1
|
+
{"version":3,"file":"mongo_credentials.js","sourceRoot":"","sources":["../../../src/cmap/auth/mongo_credentials.ts"],"names":[],"mappings":";;;AAEA,uCAIqB;AACrB,qCAAuD;AAEvD,2CAA0E;AAE1E,6EAA6E;AAC7E,SAAS,uBAAuB,CAAC,KAAgB;IAC/C,IAAI,KAAK,EAAE;QACT,0DAA0D;QAC1D,uCAAuC;QACvC,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,kBAAkB,CAAC,EAAE;YAC3C,OAAO,KAAK,CAAC,kBAAkB,CAAC,QAAQ,CAAC,yBAAa,CAAC,oBAAoB,CAAC;gBAC1E,CAAC,CAAC,yBAAa,CAAC,oBAAoB;gBACpC,CAAC,CAAC,yBAAa,CAAC,kBAAkB,CAAC;SACtC;QAED,6EAA6E;QAC7E,IAAI,KAAK,CAAC,cAAc,IAAI,CAAC,EAAE;YAC7B,OAAO,yBAAa,CAAC,kBAAkB,CAAC;SACzC;KACF;IAED,+BAA+B;IAC/B,OAAO,yBAAa,CAAC,UAAU,CAAC;AAClC,CAAC;AA2BD;;;GAGG;AACH,MAAa,gBAAgB;IAY3B,YAAY,OAAgC;QAC1C,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;QACjC,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;QACjC,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;QAC7B,IAAI,CAAC,IAAI,CAAC,MAAM,IAAI,OAAO,CAAC,EAAE,EAAE;YAC9B,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,EAAE,CAAC;SAC1B;QACD,IAAI,CAAC,SAAS,GAAG,OAAO,CAAC,SAAS,IAAI,yBAAa,CAAC,eAAe,CAAC;QACpE,IAAI,CAAC,mBAAmB,GAAG,OAAO,CAAC,mBAAmB,IAAI,EAAE,CAAC;QAE7D,IAAI,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,cAAc,CAAC,EAAE;YACxC,IAAI,CAAC,IAAI,CAAC,QAAQ,IAAI,OAAO,CAAC,GAAG,CAAC,iBAAiB,EAAE;gBACnD,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC;aAC/C;YAED,IAAI,CAAC,IAAI,CAAC,QAAQ,IAAI,OAAO,CAAC,GAAG,CAAC,qBAAqB,EAAE;gBACvD,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC;aACnD;YAED,IACE,IAAI,CAAC,mBAAmB,CAAC,iBAAiB,IAAI,IAAI;gBAClD,OAAO,CAAC,GAAG,CAAC,iBAAiB,IAAI,IAAI,EACrC;gBACA,IAAI,CAAC,mBAAmB,GAAG;oBACzB,GAAG,IAAI,CAAC,mBAAmB;oBAC3B,iBAAiB,EAAE,OAAO,CAAC,GAAG,CAAC,iBAAiB;iBACjD,CAAC;aACH;SACF;QAED,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;QACxC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IACtB,CAAC;IAED,gEAAgE;IAChE,MAAM,CAAC,KAAuB;QAC5B,OAAO,CACL,IAAI,CAAC,SAAS,KAAK,KAAK,CAAC,SAAS;YAClC,IAAI,CAAC,QAAQ,KAAK,KAAK,CAAC,QAAQ;YAChC,IAAI,CAAC,QAAQ,KAAK,KAAK,CAAC,QAAQ;YAChC,IAAI,CAAC,MAAM,KAAK,KAAK,CAAC,MAAM,CAC7B,CAAC;IACJ,CAAC;IAED;;;;;OAKG;IACH,oBAAoB,CAAC,KAAgB;QACnC,0EAA0E;QAC1E,IAAI,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,UAAU,CAAC,EAAE;YACpC,OAAO,IAAI,gBAAgB,CAAC;gBAC1B,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBACvB,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBACvB,MAAM,EAAE,IAAI,CAAC,MAAM;gBACnB,SAAS,EAAE,uBAAuB,CAAC,KAAK,CAAC;gBACzC,mBAAmB,EAAE,IAAI,CAAC,mBAAmB;aAC9C,CAAC,CAAC;SACJ;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAED,QAAQ;QACN,IACE,CAAC,IAAI,CAAC,SAAS,KAAK,yBAAa,CAAC,cAAc;YAC9C,IAAI,CAAC,SAAS,KAAK,yBAAa,CAAC,UAAU;YAC3C,IAAI,CAAC,SAAS,KAAK,yBAAa,CAAC,aAAa;YAC9C,IAAI,CAAC,SAAS,KAAK,yBAAa,CAAC,kBAAkB;YACnD,IAAI,CAAC,SAAS,KAAK,yBAAa,CAAC,oBAAoB,CAAC;YACxD,CAAC,IAAI,CAAC,QAAQ,EACd;YACA,MAAM,IAAI,oCAA4B,CAAC,oCAAoC,IAAI,CAAC,SAAS,GAAG,CAAC,CAAC;SAC/F;QAED,IAAI,IAAI,CAAC,SAAS,KAAK,yBAAa,CAAC,YAAY,EAAE;YACjD,IAAI,IAAI,CAAC,QAAQ,IAAI,IAAI,CAAC,mBAAmB,CAAC,aAAa,EAAE;gBAC3D,MAAM,IAAI,iCAAyB,CACjC,sEAAsE,IAAI,CAAC,SAAS,IAAI,CACzF,CAAC;aACH;YAED,IACE,IAAI,CAAC,mBAAmB,CAAC,aAAa;gBACtC,IAAI,CAAC,mBAAmB,CAAC,aAAa,KAAK,KAAK,EAChD;gBACA,MAAM,IAAI,iCAAyB,CACjC,uEAAuE,IAAI,CAAC,SAAS,IAAI,CAC1F,CAAC;aACH;YAED,IACE,IAAI,CAAC,mBAAmB,CAAC,sBAAsB;gBAC/C,CAAC,IAAI,CAAC,mBAAmB,CAAC,sBAAsB,EAChD;gBACA,MAAM,IAAI,iCAAyB,CACjC,gGAAgG,IAAI,CAAC,SAAS,GAAG,CAClH,CAAC;aACH;YAED,IACE,CAAC,IAAI,CAAC,mBAAmB,CAAC,aAAa;gBACvC,CAAC,IAAI,CAAC,mBAAmB,CAAC,sBAAsB,EAChD;gBACA,MAAM,IAAI,iCAAyB,CACjC,uFAAuF,IAAI,CAAC,SAAS,IAAI,CAC1G,CAAC;aACH;SACF;QAED,IAAI,wCAA4B,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE;YACpD,IAAI,IAAI,CAAC,MAAM,IAAI,IAAI,IAAI,IAAI,CAAC,MAAM,KAAK,WAAW,EAAE;gBACtD,gEAAgE;gBAChE,MAAM,IAAI,qBAAa,CACrB,mBAAmB,IAAI,CAAC,MAAM,oBAAoB,IAAI,CAAC,SAAS,cAAc,CAC/E,CAAC;aACH;SACF;QAED,IAAI,IAAI,CAAC,SAAS,KAAK,yBAAa,CAAC,aAAa,IAAI,IAAI,CAAC,MAAM,IAAI,IAAI,EAAE;YACzE,gEAAgE;YAChE,MAAM,IAAI,qBAAa,CAAC,qDAAqD,CAAC,CAAC;SAChF;QAED,IAAI,IAAI,CAAC,SAAS,KAAK,yBAAa,CAAC,YAAY,IAAI,IAAI,CAAC,QAAQ,IAAI,IAAI,EAAE;YAC1E,IAAI,IAAI,CAAC,QAAQ,KAAK,EAAE,EAAE;gBACxB,OAAO,CAAC,GAAG,CAAC,IAAI,EAAE,UAAU,EAAE,SAAS,CAAC,CAAC;gBACzC,OAAO;aACR;YACD,gEAAgE;YAChE,MAAM,IAAI,qBAAa,CAAC,iDAAiD,CAAC,CAAC;SAC5E;QAED,MAAM,gBAAgB,GAAG,IAAI,CAAC,mBAAmB,CAAC,sBAAsB,IAAI,KAAK,CAAC;QAClF,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,oCAA2B,CAAC,CAAC,QAAQ,CAAC,gBAAgB,CAAC,EAAE;YAC1E,MAAM,IAAI,qBAAa,CAAC,yCAAyC,gBAAgB,EAAE,CAAC,CAAC;SACtF;IACH,CAAC;IAED,MAAM,CAAC,KAAK,CACV,KAAmC,EACnC,OAAyC;QAEzC,OAAO,IAAI,gBAAgB,CAAC;YAC1B,QAAQ,EAAE,OAAO,CAAC,QAAQ,IAAI,KAAK,EAAE,QAAQ,IAAI,EAAE;YACnD,QAAQ,EAAE,OAAO,CAAC,QAAQ,IAAI,KAAK,EAAE,QAAQ,IAAI,EAAE;YACnD,SAAS,EAAE,OAAO,CAAC,SAAS,IAAI,KAAK,EAAE,SAAS,IAAI,yBAAa,CAAC,eAAe;YACjF,mBAAmB,EAAE,OAAO,CAAC,mBAAmB,IAAI,KAAK,EAAE,mBAAmB,IAAI,EAAE;YACpF,MAAM,EAAE,OAAO,CAAC,MAAM,IAAI,OAAO,CAAC,EAAE,IAAI,KAAK,EAAE,MAAM,IAAI,OAAO;SACjE,CAAC,CAAC;IACL,CAAC;CACF;AArKD,4CAqKC"}
|
package/lib/cmap/auth/mongocr.js
CHANGED
|
@@ -6,38 +6,29 @@ const error_1 = require("../../error");
|
|
|
6
6
|
const utils_1 = require("../../utils");
|
|
7
7
|
const auth_provider_1 = require("./auth_provider");
|
|
8
8
|
class MongoCR extends auth_provider_1.AuthProvider {
|
|
9
|
-
auth(authContext
|
|
9
|
+
async auth(authContext) {
|
|
10
10
|
const { connection, credentials } = authContext;
|
|
11
11
|
if (!credentials) {
|
|
12
|
-
|
|
12
|
+
throw new error_1.MongoMissingCredentialsError('AuthContext must provide credentials.');
|
|
13
13
|
}
|
|
14
|
-
const username = credentials
|
|
15
|
-
const
|
|
16
|
-
const
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
}
|
|
33
|
-
const authenticateCommand = {
|
|
34
|
-
authenticate: 1,
|
|
35
|
-
user: username,
|
|
36
|
-
nonce,
|
|
37
|
-
key
|
|
38
|
-
};
|
|
39
|
-
connection.command((0, utils_1.ns)(`${source}.$cmd`), authenticateCommand, undefined, callback);
|
|
40
|
-
});
|
|
14
|
+
const { username, password, source } = credentials;
|
|
15
|
+
const { nonce } = await connection.commandAsync((0, utils_1.ns)(`${source}.$cmd`), { getnonce: 1 }, undefined);
|
|
16
|
+
const hashPassword = crypto
|
|
17
|
+
.createHash('md5')
|
|
18
|
+
.update(`${username}:mongo:${password}`, 'utf8')
|
|
19
|
+
.digest('hex');
|
|
20
|
+
// Final key
|
|
21
|
+
const key = crypto
|
|
22
|
+
.createHash('md5')
|
|
23
|
+
.update(`${nonce}${username}${hashPassword}`, 'utf8')
|
|
24
|
+
.digest('hex');
|
|
25
|
+
const authenticateCommand = {
|
|
26
|
+
authenticate: 1,
|
|
27
|
+
user: username,
|
|
28
|
+
nonce,
|
|
29
|
+
key
|
|
30
|
+
};
|
|
31
|
+
await connection.commandAsync((0, utils_1.ns)(`${source}.$cmd`), authenticateCommand, undefined);
|
|
41
32
|
}
|
|
42
33
|
}
|
|
43
34
|
exports.MongoCR = MongoCR;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"mongocr.js","sourceRoot":"","sources":["../../../src/cmap/auth/mongocr.ts"],"names":[],"mappings":";;;AAAA,iCAAiC;AAEjC,uCAA2D;AAC3D,
|
|
1
|
+
{"version":3,"file":"mongocr.js","sourceRoot":"","sources":["../../../src/cmap/auth/mongocr.ts"],"names":[],"mappings":";;;AAAA,iCAAiC;AAEjC,uCAA2D;AAC3D,uCAAiC;AACjC,mDAA4D;AAE5D,MAAa,OAAQ,SAAQ,4BAAY;IAC9B,KAAK,CAAC,IAAI,CAAC,WAAwB;QAC1C,MAAM,EAAE,UAAU,EAAE,WAAW,EAAE,GAAG,WAAW,CAAC;QAChD,IAAI,CAAC,WAAW,EAAE;YAChB,MAAM,IAAI,oCAA4B,CAAC,uCAAuC,CAAC,CAAC;SACjF;QAED,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,WAAW,CAAC;QAEnD,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,UAAU,CAAC,YAAY,CAC7C,IAAA,UAAE,EAAC,GAAG,MAAM,OAAO,CAAC,EACpB,EAAE,QAAQ,EAAE,CAAC,EAAE,EACf,SAAS,CACV,CAAC;QAEF,MAAM,YAAY,GAAG,MAAM;aACxB,UAAU,CAAC,KAAK,CAAC;aACjB,MAAM,CAAC,GAAG,QAAQ,UAAU,QAAQ,EAAE,EAAE,MAAM,CAAC;aAC/C,MAAM,CAAC,KAAK,CAAC,CAAC;QAEjB,YAAY;QACZ,MAAM,GAAG,GAAG,MAAM;aACf,UAAU,CAAC,KAAK,CAAC;aACjB,MAAM,CAAC,GAAG,KAAK,GAAG,QAAQ,GAAG,YAAY,EAAE,EAAE,MAAM,CAAC;aACpD,MAAM,CAAC,KAAK,CAAC,CAAC;QAEjB,MAAM,mBAAmB,GAAG;YAC1B,YAAY,EAAE,CAAC;YACf,IAAI,EAAE,QAAQ;YACd,KAAK;YACL,GAAG;SACJ,CAAC;QAEF,MAAM,UAAU,CAAC,YAAY,CAAC,IAAA,UAAE,EAAC,GAAG,MAAM,OAAO,CAAC,EAAE,mBAAmB,EAAE,SAAS,CAAC,CAAC;IACtF,CAAC;CACF;AAnCD,0BAmCC"}
|
|
@@ -4,6 +4,7 @@ exports.MongoDBAWS = void 0;
|
|
|
4
4
|
const crypto = require("crypto");
|
|
5
5
|
const http = require("http");
|
|
6
6
|
const url = require("url");
|
|
7
|
+
const util_1 = require("util");
|
|
7
8
|
const BSON = require("../../bson");
|
|
8
9
|
const deps_1 = require("../../deps");
|
|
9
10
|
const error_1 = require("../../error");
|
|
@@ -23,28 +24,26 @@ const bsonOptions = {
|
|
|
23
24
|
bsonRegExp: false
|
|
24
25
|
};
|
|
25
26
|
class MongoDBAWS extends auth_provider_1.AuthProvider {
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
27
|
+
constructor() {
|
|
28
|
+
super();
|
|
29
|
+
this.randomBytesAsync = (0, util_1.promisify)(crypto.randomBytes);
|
|
30
|
+
}
|
|
31
|
+
async auth(authContext) {
|
|
32
|
+
const { connection } = authContext;
|
|
33
|
+
if (!authContext.credentials) {
|
|
34
|
+
throw new error_1.MongoMissingCredentialsError('AuthContext must provide credentials.');
|
|
30
35
|
}
|
|
31
36
|
if ('kModuleError' in deps_1.aws4) {
|
|
32
|
-
|
|
37
|
+
throw deps_1.aws4['kModuleError'];
|
|
33
38
|
}
|
|
34
39
|
const { sign } = deps_1.aws4;
|
|
35
40
|
if ((0, utils_1.maxWireVersion)(connection) < 9) {
|
|
36
|
-
|
|
37
|
-
return;
|
|
41
|
+
throw new error_1.MongoCompatibilityError('MONGODB-AWS authentication requires MongoDB version 4.4 or later');
|
|
38
42
|
}
|
|
39
|
-
if (!credentials.username) {
|
|
40
|
-
makeTempCredentials(credentials
|
|
41
|
-
if (err || !tempCredentials)
|
|
42
|
-
return callback(err);
|
|
43
|
-
authContext.credentials = tempCredentials;
|
|
44
|
-
this.auth(authContext, callback);
|
|
45
|
-
});
|
|
46
|
-
return;
|
|
43
|
+
if (!authContext.credentials.username) {
|
|
44
|
+
authContext.credentials = await makeTempCredentials(authContext.credentials);
|
|
47
45
|
}
|
|
46
|
+
const { credentials } = authContext;
|
|
48
47
|
const accessKeyId = credentials.username;
|
|
49
48
|
const secretAccessKey = credentials.password;
|
|
50
49
|
const sessionToken = credentials.mechanismProperties.AWS_SESSION_TOKEN;
|
|
@@ -55,80 +54,67 @@ class MongoDBAWS extends auth_provider_1.AuthProvider {
|
|
|
55
54
|
? { accessKeyId, secretAccessKey }
|
|
56
55
|
: undefined;
|
|
57
56
|
const db = credentials.source;
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
}
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
|
|
91
|
-
|
|
92
|
-
|
|
93
|
-
|
|
94
|
-
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
|
|
99
|
-
|
|
100
|
-
|
|
101
|
-
|
|
102
|
-
|
|
103
|
-
|
|
104
|
-
|
|
105
|
-
|
|
106
|
-
|
|
107
|
-
|
|
108
|
-
|
|
109
|
-
|
|
110
|
-
};
|
|
111
|
-
if (sessionToken) {
|
|
112
|
-
payload.t = sessionToken;
|
|
113
|
-
}
|
|
114
|
-
const saslContinue = {
|
|
115
|
-
saslContinue: 1,
|
|
116
|
-
conversationId: 1,
|
|
117
|
-
payload: BSON.serialize(payload, bsonOptions)
|
|
118
|
-
};
|
|
119
|
-
connection.command((0, utils_1.ns)(`${db}.$cmd`), saslContinue, undefined, callback);
|
|
120
|
-
});
|
|
121
|
-
});
|
|
57
|
+
const nonce = await this.randomBytesAsync(32);
|
|
58
|
+
const saslStart = {
|
|
59
|
+
saslStart: 1,
|
|
60
|
+
mechanism: 'MONGODB-AWS',
|
|
61
|
+
payload: BSON.serialize({ r: nonce, p: ASCII_N }, bsonOptions)
|
|
62
|
+
};
|
|
63
|
+
const saslStartResponse = await connection.commandAsync((0, utils_1.ns)(`${db}.$cmd`), saslStart, undefined);
|
|
64
|
+
const serverResponse = BSON.deserialize(saslStartResponse.payload.buffer, bsonOptions);
|
|
65
|
+
const host = serverResponse.h;
|
|
66
|
+
const serverNonce = serverResponse.s.buffer;
|
|
67
|
+
if (serverNonce.length !== 64) {
|
|
68
|
+
// TODO(NODE-3483)
|
|
69
|
+
throw new error_1.MongoRuntimeError(`Invalid server nonce length ${serverNonce.length}, expected 64`);
|
|
70
|
+
}
|
|
71
|
+
if (!utils_1.ByteUtils.equals(serverNonce.subarray(0, nonce.byteLength), nonce)) {
|
|
72
|
+
// throw because the serverNonce's leading 32 bytes must equal the client nonce's 32 bytes
|
|
73
|
+
// https://github.com/mongodb/specifications/blob/875446db44aade414011731840831f38a6c668df/source/auth/auth.rst#id11
|
|
74
|
+
// TODO(NODE-3483)
|
|
75
|
+
throw new error_1.MongoRuntimeError('Server nonce does not begin with client nonce');
|
|
76
|
+
}
|
|
77
|
+
if (host.length < 1 || host.length > 255 || host.indexOf('..') !== -1) {
|
|
78
|
+
// TODO(NODE-3483)
|
|
79
|
+
throw new error_1.MongoRuntimeError(`Server returned an invalid host: "${host}"`);
|
|
80
|
+
}
|
|
81
|
+
const body = 'Action=GetCallerIdentity&Version=2011-06-15';
|
|
82
|
+
const options = sign({
|
|
83
|
+
method: 'POST',
|
|
84
|
+
host,
|
|
85
|
+
region: deriveRegion(serverResponse.h),
|
|
86
|
+
service: 'sts',
|
|
87
|
+
headers: {
|
|
88
|
+
'Content-Type': 'application/x-www-form-urlencoded',
|
|
89
|
+
'Content-Length': body.length,
|
|
90
|
+
'X-MongoDB-Server-Nonce': utils_1.ByteUtils.toBase64(serverNonce),
|
|
91
|
+
'X-MongoDB-GS2-CB-Flag': 'n'
|
|
92
|
+
},
|
|
93
|
+
path: '/',
|
|
94
|
+
body
|
|
95
|
+
}, awsCredentials);
|
|
96
|
+
const payload = {
|
|
97
|
+
a: options.headers.Authorization,
|
|
98
|
+
d: options.headers['X-Amz-Date']
|
|
99
|
+
};
|
|
100
|
+
if (sessionToken) {
|
|
101
|
+
payload.t = sessionToken;
|
|
102
|
+
}
|
|
103
|
+
const saslContinue = {
|
|
104
|
+
saslContinue: 1,
|
|
105
|
+
conversationId: 1,
|
|
106
|
+
payload: BSON.serialize(payload, bsonOptions)
|
|
107
|
+
};
|
|
108
|
+
await connection.commandAsync((0, utils_1.ns)(`${db}.$cmd`), saslContinue, undefined);
|
|
122
109
|
}
|
|
123
110
|
}
|
|
124
111
|
exports.MongoDBAWS = MongoDBAWS;
|
|
125
|
-
function makeTempCredentials(credentials
|
|
126
|
-
function
|
|
112
|
+
async function makeTempCredentials(credentials) {
|
|
113
|
+
function makeMongoCredentialsFromAWSTemp(creds) {
|
|
127
114
|
if (!creds.AccessKeyId || !creds.SecretAccessKey || !creds.Token) {
|
|
128
|
-
|
|
129
|
-
return;
|
|
115
|
+
throw new error_1.MongoMissingCredentialsError('Could not obtain temporary MONGODB-AWS credentials');
|
|
130
116
|
}
|
|
131
|
-
|
|
117
|
+
return new mongo_credentials_1.MongoCredentials({
|
|
132
118
|
username: creds.AccessKeyId,
|
|
133
119
|
password: creds.SecretAccessKey,
|
|
134
120
|
source: credentials.source,
|
|
@@ -136,7 +122,7 @@ function makeTempCredentials(credentials, callback) {
|
|
|
136
122
|
mechanismProperties: {
|
|
137
123
|
AWS_SESSION_TOKEN: creds.Token
|
|
138
124
|
}
|
|
139
|
-
})
|
|
125
|
+
});
|
|
140
126
|
}
|
|
141
127
|
const credentialProvider = (0, deps_1.getAwsCredentialProvider)();
|
|
142
128
|
// Check if the AWS credential provider from the SDK is present. If not,
|
|
@@ -145,30 +131,25 @@ function makeTempCredentials(credentials, callback) {
|
|
|
145
131
|
// If the environment variable AWS_CONTAINER_CREDENTIALS_RELATIVE_URI
|
|
146
132
|
// is set then drivers MUST assume that it was set by an AWS ECS agent
|
|
147
133
|
if (process.env.AWS_CONTAINER_CREDENTIALS_RELATIVE_URI) {
|
|
148
|
-
request(`${AWS_RELATIVE_URI}${process.env.AWS_CONTAINER_CREDENTIALS_RELATIVE_URI}
|
|
149
|
-
if (err)
|
|
150
|
-
return callback(err);
|
|
151
|
-
done(res);
|
|
152
|
-
});
|
|
153
|
-
return;
|
|
134
|
+
return makeMongoCredentialsFromAWSTemp(await request(`${AWS_RELATIVE_URI}${process.env.AWS_CONTAINER_CREDENTIALS_RELATIVE_URI}`));
|
|
154
135
|
}
|
|
155
136
|
// Otherwise assume we are on an EC2 instance
|
|
156
137
|
// get a token
|
|
157
|
-
request(`${AWS_EC2_URI}/latest/api/token`, {
|
|
158
|
-
|
|
159
|
-
|
|
160
|
-
|
|
161
|
-
|
|
162
|
-
|
|
163
|
-
|
|
164
|
-
|
|
165
|
-
|
|
166
|
-
|
|
167
|
-
|
|
168
|
-
|
|
169
|
-
|
|
170
|
-
});
|
|
138
|
+
const token = await request(`${AWS_EC2_URI}/latest/api/token`, {
|
|
139
|
+
method: 'PUT',
|
|
140
|
+
json: false,
|
|
141
|
+
headers: { 'X-aws-ec2-metadata-token-ttl-seconds': 30 }
|
|
142
|
+
});
|
|
143
|
+
// get role name
|
|
144
|
+
const roleName = await request(`${AWS_EC2_URI}/${AWS_EC2_PATH}`, {
|
|
145
|
+
json: false,
|
|
146
|
+
headers: { 'X-aws-ec2-metadata-token': token }
|
|
147
|
+
});
|
|
148
|
+
// get temp credentials
|
|
149
|
+
const creds = await request(`${AWS_EC2_URI}/${AWS_EC2_PATH}/${roleName}`, {
|
|
150
|
+
headers: { 'X-aws-ec2-metadata-token': token }
|
|
171
151
|
});
|
|
152
|
+
return makeMongoCredentialsFromAWSTemp(creds);
|
|
172
153
|
}
|
|
173
154
|
else {
|
|
174
155
|
/*
|
|
@@ -183,18 +164,18 @@ function makeTempCredentials(credentials, callback) {
|
|
|
183
164
|
*/
|
|
184
165
|
const { fromNodeProviderChain } = credentialProvider;
|
|
185
166
|
const provider = fromNodeProviderChain();
|
|
186
|
-
|
|
187
|
-
|
|
188
|
-
|
|
167
|
+
try {
|
|
168
|
+
const creds = await provider();
|
|
169
|
+
return makeMongoCredentialsFromAWSTemp({
|
|
189
170
|
AccessKeyId: creds.accessKeyId,
|
|
190
171
|
SecretAccessKey: creds.secretAccessKey,
|
|
191
172
|
Token: creds.sessionToken,
|
|
192
173
|
Expiration: creds.expiration
|
|
193
174
|
});
|
|
194
|
-
}
|
|
195
|
-
|
|
196
|
-
|
|
197
|
-
}
|
|
175
|
+
}
|
|
176
|
+
catch (error) {
|
|
177
|
+
throw new error_1.MongoAWSError(error.message);
|
|
178
|
+
}
|
|
198
179
|
}
|
|
199
180
|
}
|
|
200
181
|
function deriveRegion(host) {
|
|
@@ -204,35 +185,39 @@ function deriveRegion(host) {
|
|
|
204
185
|
}
|
|
205
186
|
return parts[1];
|
|
206
187
|
}
|
|
207
|
-
function request(uri,
|
|
208
|
-
|
|
209
|
-
|
|
210
|
-
|
|
211
|
-
|
|
212
|
-
|
|
213
|
-
|
|
214
|
-
|
|
215
|
-
|
|
216
|
-
|
|
217
|
-
|
|
218
|
-
|
|
219
|
-
|
|
220
|
-
|
|
221
|
-
}
|
|
222
|
-
|
|
223
|
-
|
|
224
|
-
|
|
225
|
-
|
|
226
|
-
|
|
227
|
-
|
|
228
|
-
|
|
229
|
-
|
|
188
|
+
async function request(uri, options = {}) {
|
|
189
|
+
return new Promise((resolve, reject) => {
|
|
190
|
+
const requestOptions = {
|
|
191
|
+
method: 'GET',
|
|
192
|
+
timeout: 10000,
|
|
193
|
+
json: true,
|
|
194
|
+
...url.parse(uri),
|
|
195
|
+
...options
|
|
196
|
+
};
|
|
197
|
+
const req = http.request(requestOptions, res => {
|
|
198
|
+
res.setEncoding('utf8');
|
|
199
|
+
let data = '';
|
|
200
|
+
res.on('data', d => {
|
|
201
|
+
data += d;
|
|
202
|
+
});
|
|
203
|
+
res.once('end', () => {
|
|
204
|
+
if (options.json === false) {
|
|
205
|
+
resolve(data);
|
|
206
|
+
return;
|
|
207
|
+
}
|
|
208
|
+
try {
|
|
209
|
+
const parsed = JSON.parse(data);
|
|
210
|
+
resolve(parsed);
|
|
211
|
+
}
|
|
212
|
+
catch {
|
|
213
|
+
// TODO(NODE-3483)
|
|
214
|
+
reject(new error_1.MongoRuntimeError(`Invalid JSON response: "${data}"`));
|
|
215
|
+
}
|
|
216
|
+
});
|
|
230
217
|
});
|
|
218
|
+
req.once('timeout', () => req.destroy(new error_1.MongoAWSError(`AWS request to ${uri} timed out after ${options.timeout} ms`)));
|
|
219
|
+
req.once('error', error => reject(error));
|
|
220
|
+
req.end();
|
|
231
221
|
});
|
|
232
|
-
req.on('timeout', () => {
|
|
233
|
-
req.destroy(new error_1.MongoAWSError(`AWS request to ${uri} timed out after ${options.timeout} ms`));
|
|
234
|
-
});
|
|
235
|
-
req.on('error', err => callback(err));
|
|
236
|
-
req.end();
|
|
237
222
|
}
|
|
238
223
|
//# sourceMappingURL=mongodb_aws.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"mongodb_aws.js","sourceRoot":"","sources":["../../../src/cmap/auth/mongodb_aws.ts"],"names":[],"mappings":";;;AAAA,iCAAiC;AACjC,6BAA6B;AAC7B,2BAA2B;
|
|
1
|
+
{"version":3,"file":"mongodb_aws.js","sourceRoot":"","sources":["../../../src/cmap/auth/mongodb_aws.ts"],"names":[],"mappings":";;;AAAA,iCAAiC;AACjC,6BAA6B;AAC7B,2BAA2B;AAC3B,+BAAiC;AAGjC,mCAAmC;AACnC,qCAA4D;AAC5D,uCAKqB;AACrB,uCAA4D;AAC5D,mDAA4D;AAC5D,2DAAuD;AACvD,2CAA4C;AAE5C,MAAM,OAAO,GAAG,GAAG,CAAC;AACpB,MAAM,gBAAgB,GAAG,sBAAsB,CAAC;AAChD,MAAM,WAAW,GAAG,wBAAwB,CAAC;AAC7C,MAAM,YAAY,GAAG,4CAA4C,CAAC;AAClE,MAAM,WAAW,GAAyB;IACxC,WAAW,EAAE,KAAK;IAClB,YAAY,EAAE,IAAI;IAClB,aAAa,EAAE,IAAI;IACnB,cAAc,EAAE,KAAK;IACrB,UAAU,EAAE,KAAK;CAClB,CAAC;AAQF,MAAa,UAAW,SAAQ,4BAAY;IAG1C;QACE,KAAK,EAAE,CAAC;QACR,IAAI,CAAC,gBAAgB,GAAG,IAAA,gBAAS,EAAC,MAAM,CAAC,WAAW,CAAC,CAAC;IACxD,CAAC;IAEQ,KAAK,CAAC,IAAI,CAAC,WAAwB;QAC1C,MAAM,EAAE,UAAU,EAAE,GAAG,WAAW,CAAC;QACnC,IAAI,CAAC,WAAW,CAAC,WAAW,EAAE;YAC5B,MAAM,IAAI,oCAA4B,CAAC,uCAAuC,CAAC,CAAC;SACjF;QAED,IAAI,cAAc,IAAI,WAAI,EAAE;YAC1B,MAAM,WAAI,CAAC,cAAc,CAAC,CAAC;SAC5B;QACD,MAAM,EAAE,IAAI,EAAE,GAAG,WAAI,CAAC;QAEtB,IAAI,IAAA,sBAAc,EAAC,UAAU,CAAC,GAAG,CAAC,EAAE;YAClC,MAAM,IAAI,+BAAuB,CAC/B,kEAAkE,CACnE,CAAC;SACH;QAED,IAAI,CAAC,WAAW,CAAC,WAAW,CAAC,QAAQ,EAAE;YACrC,WAAW,CAAC,WAAW,GAAG,MAAM,mBAAmB,CAAC,WAAW,CAAC,WAAW,CAAC,CAAC;SAC9E;QAED,MAAM,EAAE,WAAW,EAAE,GAAG,WAAW,CAAC;QAEpC,MAAM,WAAW,GAAG,WAAW,CAAC,QAAQ,CAAC;QACzC,MAAM,eAAe,GAAG,WAAW,CAAC,QAAQ,CAAC;QAC7C,MAAM,YAAY,GAAG,WAAW,CAAC,mBAAmB,CAAC,iBAAiB,CAAC;QAEvE,kGAAkG;QAClG,MAAM,cAAc,GAClB,WAAW,IAAI,eAAe,IAAI,YAAY;YAC5C,CAAC,CAAC,EAAE,WAAW,EAAE,eAAe,EAAE,YAAY,EAAE;YAChD,CAAC,CAAC,WAAW,IAAI,eAAe;gBAChC,CAAC,CAAC,EAAE,WAAW,EAAE,eAAe,EAAE;gBAClC,CAAC,CAAC,SAAS,CAAC;QAEhB,MAAM,EAAE,GAAG,WAAW,CAAC,MAAM,CAAC;QAC9B,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,EAAE,CAAC,CAAC;QAE9C,MAAM,SAAS,GAAG;YAChB,SAAS,EAAE,CAAC;YACZ,SAAS,EAAE,aAAa;YACxB,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,OAAO,EAAE,EAAE,WAAW,CAAC;SAC/D,CAAC;QAEF,MAAM,iBAAiB,GAAG,MAAM,UAAU,CAAC,YAAY,CAAC,IAAA,UAAE,EAAC,GAAG,EAAE,OAAO,CAAC,EAAE,SAAS,EAAE,SAAS,CAAC,CAAC;QAEhG,MAAM,cAAc,GAAG,IAAI,CAAC,WAAW,CAAC,iBAAiB,CAAC,OAAO,CAAC,MAAM,EAAE,WAAW,CAGpF,CAAC;QACF,MAAM,IAAI,GAAG,cAAc,CAAC,CAAC,CAAC;QAC9B,MAAM,WAAW,GAAG,cAAc,CAAC,CAAC,CAAC,MAAM,CAAC;QAC5C,IAAI,WAAW,CAAC,MAAM,KAAK,EAAE,EAAE;YAC7B,kBAAkB;YAClB,MAAM,IAAI,yBAAiB,CAAC,+BAA+B,WAAW,CAAC,MAAM,eAAe,CAAC,CAAC;SAC/F;QAED,IAAI,CAAC,iBAAS,CAAC,MAAM,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC,EAAE,KAAK,CAAC,UAAU,CAAC,EAAE,KAAK,CAAC,EAAE;YACvE,0FAA0F;YAC1F,oHAAoH;YAEpH,kBAAkB;YAClB,MAAM,IAAI,yBAAiB,CAAC,+CAA+C,CAAC,CAAC;SAC9E;QAED,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,IAAI,IAAI,CAAC,MAAM,GAAG,GAAG,IAAI,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE;YACrE,kBAAkB;YAClB,MAAM,IAAI,yBAAiB,CAAC,qCAAqC,IAAI,GAAG,CAAC,CAAC;SAC3E;QAED,MAAM,IAAI,GAAG,6CAA6C,CAAC;QAC3D,MAAM,OAAO,GAAG,IAAI,CAClB;YACE,MAAM,EAAE,MAAM;YACd,IAAI;YACJ,MAAM,EAAE,YAAY,CAAC,cAAc,CAAC,CAAC,CAAC;YACtC,OAAO,EAAE,KAAK;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,mCAAmC;gBACnD,gBAAgB,EAAE,IAAI,CAAC,MAAM;gBAC7B,wBAAwB,EAAE,iBAAS,CAAC,QAAQ,CAAC,WAAW,CAAC;gBACzD,uBAAuB,EAAE,GAAG;aAC7B;YACD,IAAI,EAAE,GAAG;YACT,IAAI;SACL,EACD,cAAc,CACf,CAAC;QAEF,MAAM,OAAO,GAA2B;YACtC,CAAC,EAAE,OAAO,CAAC,OAAO,CAAC,aAAa;YAChC,CAAC,EAAE,OAAO,CAAC,OAAO,CAAC,YAAY,CAAC;SACjC,CAAC;QAEF,IAAI,YAAY,EAAE;YAChB,OAAO,CAAC,CAAC,GAAG,YAAY,CAAC;SAC1B;QAED,MAAM,YAAY,GAAG;YACnB,YAAY,EAAE,CAAC;YACf,cAAc,EAAE,CAAC;YACjB,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,WAAW,CAAC;SAC9C,CAAC;QAEF,MAAM,UAAU,CAAC,YAAY,CAAC,IAAA,UAAE,EAAC,GAAG,EAAE,OAAO,CAAC,EAAE,YAAY,EAAE,SAAS,CAAC,CAAC;IAC3E,CAAC;CACF;AAlHD,gCAkHC;AAkBD,KAAK,UAAU,mBAAmB,CAAC,WAA6B;IAC9D,SAAS,+BAA+B,CAAC,KAAyB;QAChE,IAAI,CAAC,KAAK,CAAC,WAAW,IAAI,CAAC,KAAK,CAAC,eAAe,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE;YAChE,MAAM,IAAI,oCAA4B,CAAC,oDAAoD,CAAC,CAAC;SAC9F;QAED,OAAO,IAAI,oCAAgB,CAAC;YAC1B,QAAQ,EAAE,KAAK,CAAC,WAAW;YAC3B,QAAQ,EAAE,KAAK,CAAC,eAAe;YAC/B,MAAM,EAAE,WAAW,CAAC,MAAM;YAC1B,SAAS,EAAE,yBAAa,CAAC,WAAW;YACpC,mBAAmB,EAAE;gBACnB,iBAAiB,EAAE,KAAK,CAAC,KAAK;aAC/B;SACF,CAAC,CAAC;IACL,CAAC;IAED,MAAM,kBAAkB,GAAG,IAAA,+BAAwB,GAAE,CAAC;IAEtD,wEAAwE;IACxE,sBAAsB;IACtB,IAAI,cAAc,IAAI,kBAAkB,EAAE;QACxC,qEAAqE;QACrE,sEAAsE;QACtE,IAAI,OAAO,CAAC,GAAG,CAAC,sCAAsC,EAAE;YACtD,OAAO,+BAA+B,CACpC,MAAM,OAAO,CAAC,GAAG,gBAAgB,GAAG,OAAO,CAAC,GAAG,CAAC,sCAAsC,EAAE,CAAC,CAC1F,CAAC;SACH;QAED,6CAA6C;QAE7C,cAAc;QACd,MAAM,KAAK,GAAG,MAAM,OAAO,CAAC,GAAG,WAAW,mBAAmB,EAAE;YAC7D,MAAM,EAAE,KAAK;YACb,IAAI,EAAE,KAAK;YACX,OAAO,EAAE,EAAE,sCAAsC,EAAE,EAAE,EAAE;SACxD,CAAC,CAAC;QAEH,gBAAgB;QAChB,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,GAAG,WAAW,IAAI,YAAY,EAAE,EAAE;YAC/D,IAAI,EAAE,KAAK;YACX,OAAO,EAAE,EAAE,0BAA0B,EAAE,KAAK,EAAE;SAC/C,CAAC,CAAC;QAEH,uBAAuB;QACvB,MAAM,KAAK,GAAG,MAAM,OAAO,CAAC,GAAG,WAAW,IAAI,YAAY,IAAI,QAAQ,EAAE,EAAE;YACxE,OAAO,EAAE,EAAE,0BAA0B,EAAE,KAAK,EAAE;SAC/C,CAAC,CAAC;QAEH,OAAO,+BAA+B,CAAC,KAAK,CAAC,CAAC;KAC/C;SAAM;QACL;;;;;;;;;WASG;QACH,MAAM,EAAE,qBAAqB,EAAE,GAAG,kBAAkB,CAAC;QACrD,MAAM,QAAQ,GAAG,qBAAqB,EAAE,CAAC;QACzC,IAAI;YACF,MAAM,KAAK,GAAG,MAAM,QAAQ,EAAE,CAAC;YAC/B,OAAO,+BAA+B,CAAC;gBACrC,WAAW,EAAE,KAAK,CAAC,WAAW;gBAC9B,eAAe,EAAE,KAAK,CAAC,eAAe;gBACtC,KAAK,EAAE,KAAK,CAAC,YAAY;gBACzB,UAAU,EAAE,KAAK,CAAC,UAAU;aAC7B,CAAC,CAAC;SACJ;QAAC,OAAO,KAAK,EAAE;YACd,MAAM,IAAI,qBAAa,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;SACxC;KACF;AACH,CAAC;AAED,SAAS,YAAY,CAAC,IAAY;IAChC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC9B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,WAAW,EAAE;QAClD,OAAO,WAAW,CAAC;KACpB;IAED,OAAO,KAAK,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC;AAeD,KAAK,UAAU,OAAO,CACpB,GAAW,EACX,UAA0B,EAAE;IAE5B,OAAO,IAAI,OAAO,CAA+B,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACnE,MAAM,cAAc,GAAG;YACrB,MAAM,EAAE,KAAK;YACb,OAAO,EAAE,KAAK;YACd,IAAI,EAAE,IAAI;YACV,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC;YACjB,GAAG,OAAO;SACX,CAAC;QAEF,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,cAAc,EAAE,GAAG,CAAC,EAAE;YAC7C,GAAG,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;YAExB,IAAI,IAAI,GAAG,EAAE,CAAC;YACd,GAAG,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,CAAC,EAAE;gBACjB,IAAI,IAAI,CAAC,CAAC;YACZ,CAAC,CAAC,CAAC;YAEH,GAAG,CAAC,IAAI,CAAC,KAAK,EAAE,GAAG,EAAE;gBACnB,IAAI,OAAO,CAAC,IAAI,KAAK,KAAK,EAAE;oBAC1B,OAAO,CAAC,IAAI,CAAC,CAAC;oBACd,OAAO;iBACR;gBAED,IAAI;oBACF,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;oBAChC,OAAO,CAAC,MAAM,CAAC,CAAC;iBACjB;gBAAC,MAAM;oBACN,kBAAkB;oBAClB,MAAM,CAAC,IAAI,yBAAiB,CAAC,2BAA2B,IAAI,GAAG,CAAC,CAAC,CAAC;iBACnE;YACH,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QAEH,GAAG,CAAC,IAAI,CAAC,SAAS,EAAE,GAAG,EAAE,CACvB,GAAG,CAAC,OAAO,CAAC,IAAI,qBAAa,CAAC,kBAAkB,GAAG,oBAAoB,OAAO,CAAC,OAAO,KAAK,CAAC,CAAC,CAC9F,CAAC;QACF,GAAG,CAAC,IAAI,CAAC,OAAO,EAAE,KAAK,CAAC,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;QAC1C,GAAG,CAAC,GAAG,EAAE,CAAC;IACZ,CAAC,CAAC,CAAC;AACL,CAAC"}
|
|
@@ -0,0 +1,28 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.AwsServiceWorkflow = void 0;
|
|
4
|
+
const promises_1 = require("fs/promises");
|
|
5
|
+
const error_1 = require("../../../error");
|
|
6
|
+
const service_workflow_1 = require("./service_workflow");
|
|
7
|
+
/**
|
|
8
|
+
* Device workflow implementation for AWS.
|
|
9
|
+
*
|
|
10
|
+
* @internal
|
|
11
|
+
*/
|
|
12
|
+
class AwsServiceWorkflow extends service_workflow_1.ServiceWorkflow {
|
|
13
|
+
constructor() {
|
|
14
|
+
super();
|
|
15
|
+
}
|
|
16
|
+
/**
|
|
17
|
+
* Get the token from the environment.
|
|
18
|
+
*/
|
|
19
|
+
async getToken() {
|
|
20
|
+
const tokenFile = process.env.AWS_WEB_IDENTITY_TOKEN_FILE;
|
|
21
|
+
if (!tokenFile) {
|
|
22
|
+
throw new error_1.MongoAWSError('AWS_WEB_IDENTITY_TOKEN_FILE must be set in the environment.');
|
|
23
|
+
}
|
|
24
|
+
return (0, promises_1.readFile)(tokenFile, 'utf8');
|
|
25
|
+
}
|
|
26
|
+
}
|
|
27
|
+
exports.AwsServiceWorkflow = AwsServiceWorkflow;
|
|
28
|
+
//# sourceMappingURL=aws_service_workflow.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"aws_service_workflow.js","sourceRoot":"","sources":["../../../../src/cmap/auth/mongodb_oidc/aws_service_workflow.ts"],"names":[],"mappings":";;;AAAA,0CAAuC;AAEvC,0CAA+C;AAC/C,yDAAqD;AAErD;;;;GAIG;AACH,MAAa,kBAAmB,SAAQ,kCAAe;IACrD;QACE,KAAK,EAAE,CAAC;IACV,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,QAAQ;QACZ,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,2BAA2B,CAAC;QAC1D,IAAI,CAAC,SAAS,EAAE;YACd,MAAM,IAAI,qBAAa,CAAC,6DAA6D,CAAC,CAAC;SACxF;QACD,OAAO,IAAA,mBAAQ,EAAC,SAAS,EAAE,MAAM,CAAC,CAAC;IACrC,CAAC;CACF;AAfD,gDAeC"}
|