mongodb 5.6.0 → 5.7.0

package/src/cmap/auth/mongodb_oidc/callback_lock_cache.ts

@@ -39,7 +39,7 @@ export class CallbackLockCache extends Cache<CallbacksEntry> {
    * Get the callbacks for the connection and credentials. If an entry does not
    * exist a new one will get set.
    */
-  getCallbacks(connection: Connection, credentials: MongoCredentials): CallbacksEntry {
+  getEntry(connection: Connection, credentials: MongoCredentials): CallbacksEntry {
     const requestCallback = credentials.mechanismProperties.REQUEST_TOKEN_CALLBACK;
     const refreshCallback = credentials.mechanismProperties.REFRESH_TOKEN_CALLBACK;
     if (!requestCallback) {
@@ -51,13 +51,13 @@ export class CallbackLockCache extends Cache<CallbacksEntry> {
     if (entry) {
       return entry;
     }
-    return this.setCallbacks(key, callbackHash, requestCallback, refreshCallback);
+    return this.addEntry(key, callbackHash, requestCallback, refreshCallback);
   }
 
   /**
    * Set locked callbacks on for connection and credentials.
    */
-  private setCallbacks(
+  private addEntry(
     key: string,
     callbackHash: string,
     requestCallback: OIDCRequestFunction,
@@ -71,6 +71,13 @@ export class CallbackLockCache extends Cache<CallbacksEntry> {
     this.entries.set(key, entry);
     return entry;
   }
+
+  /**
+   * Create a cache key from the address and username.
+   */
+  cacheKey(address: string, username: string, callbackHash: string): string {
+    return this.hashedCacheKey(address, username, callbackHash);
+  }
 }
 
 /**

package/src/cmap/auth/mongodb_oidc/callback_workflow.ts

@@ -65,7 +65,7 @@ export class CallbackWorkflow implements Workflow {
     response?: Document
   ): Promise<Document> {
     // Get the callbacks with locks from the callback lock cache.
-    const { requestCallback, refreshCallback, callbackHash } = this.callbackCache.getCallbacks(
+    const { requestCallback, refreshCallback, callbackHash } = this.callbackCache.getEntry(
       connection,
       credentials
     );

package/src/cmap/auth/mongodb_oidc/service_workflow.ts

@@ -16,7 +16,7 @@ export abstract class ServiceWorkflow implements Workflow {
    * and then attempts to read the token from that path.
    */
   async execute(connection: Connection, credentials: MongoCredentials): Promise<Document> {
-    const token = await this.getToken();
+    const token = await this.getToken(credentials);
     const command = commandDocument(token);
     return connection.commandAsync(ns(credentials.source), command, undefined);
   }
@@ -25,7 +25,7 @@ export abstract class ServiceWorkflow implements Workflow {
    * Get the document to add for speculative authentication.
    */
   async speculativeAuth(credentials: MongoCredentials): Promise<Document> {
-    const token = await this.getToken();
+    const token = await this.getToken(credentials);
     const document = commandDocument(token);
     document.db = credentials.source;
     return { speculativeAuthenticate: document };
@@ -34,7 +34,7 @@ export abstract class ServiceWorkflow implements Workflow {
   /**
    * Get the token from the environment or endpoint.
    */
-  abstract getToken(): Promise<string>;
+  abstract getToken(credentials: MongoCredentials): Promise<string>;
 }
 
 /**

package/src/cmap/auth/mongodb_oidc/token_entry_cache.ts

@@ -1,31 +1,21 @@
 import type { IdPServerInfo, IdPServerResponse } from '../mongodb_oidc';
-import { Cache } from './cache';
+import { Cache, ExpiringCacheEntry } from './cache';
 
-/* 5 minutes in milliseconds */
-const EXPIRATION_BUFFER_MS = 300000;
 /* Default expiration is now for when no expiration provided */
 const DEFAULT_EXPIRATION_SECS = 0;
+
 /** @internal */
-export class TokenEntry {
+export class TokenEntry extends ExpiringCacheEntry {
   tokenResult: IdPServerResponse;
   serverInfo: IdPServerInfo;
-  expiration: number;
 
   /**
    * Instantiate the entry.
    */
   constructor(tokenResult: IdPServerResponse, serverInfo: IdPServerInfo, expiration: number) {
+    super(expiration);
     this.tokenResult = tokenResult;
     this.serverInfo = serverInfo;
-    this.expiration = expiration;
-  }
-
-  /**
-   * The entry is still valid if the expiration is more than
-   * 5 minutes from the expiration time.
-   */
-  isValid() {
-    return this.expiration - Date.now() > EXPIRATION_BUFFER_MS;
   }
 }
 
@@ -47,7 +37,7 @@ export class TokenEntryCache extends Cache<TokenEntry> {
     const entry = new TokenEntry(
       tokenResult,
       serverInfo,
-      expirationTime(tokenResult.expiresInSeconds)
+      tokenResult.expiresInSeconds ?? DEFAULT_EXPIRATION_SECS
     );
     this.entries.set(this.cacheKey(address, username, callbackHash), entry);
     return entry;
@@ -77,11 +67,11 @@ export class TokenEntryCache extends Cache<TokenEntry> {
       }
     }
   }
-}
 
-/**
- * Get an expiration time in milliseconds past epoch. Defaults to immediate.
- */
-function expirationTime(expiresInSeconds?: number): number {
-  return Date.now() + (expiresInSeconds ?? DEFAULT_EXPIRATION_SECS) * 1000;
+  /**
+   * Create a cache key from the address and username.
+   */
+  cacheKey(address: string, username: string, callbackHash: string): string {
+    return this.hashedCacheKey(address, username, callbackHash);
+  }
 }

package/src/cmap/auth/mongodb_oidc.ts

@@ -3,9 +3,10 @@ import type { Document } from 'bson';
 import { MongoInvalidArgumentError, MongoMissingCredentialsError } from '../../error';
 import type { HandshakeDocument } from '../connect';
 import type { Connection } from '../connection';
-import { AuthContext, AuthProvider } from './auth_provider';
+import { type AuthContext, AuthProvider } from './auth_provider';
 import type { MongoCredentials } from './mongo_credentials';
 import { AwsServiceWorkflow } from './mongodb_oidc/aws_service_workflow';
+import { AzureServiceWorkflow } from './mongodb_oidc/azure_service_workflow';
 import { CallbackWorkflow } from './mongodb_oidc/callback_workflow';
 
 /** Error when credentials are missing. */
@@ -60,7 +61,7 @@ export type OIDCRefreshFunction = (
   context: OIDCCallbackContext
 ) => Promise<IdPServerResponse>;
 
-type ProviderName = 'aws' | 'callback';
+type ProviderName = 'aws' | 'azure' | 'callback';
 
 export interface Workflow {
   /**
@@ -84,6 +85,7 @@ export interface Workflow {
 export const OIDC_WORKFLOWS: Map<ProviderName, Workflow> = new Map();
 OIDC_WORKFLOWS.set('callback', new CallbackWorkflow());
 OIDC_WORKFLOWS.set('aws', new AwsServiceWorkflow());
+OIDC_WORKFLOWS.set('azure', new AzureServiceWorkflow());
 
 /**
  * OIDC auth provider.

package/src/cmap/auth/plain.ts

@@ -1,7 +1,7 @@
 import { Binary } from '../../bson';
 import { MongoMissingCredentialsError } from '../../error';
 import { ns } from '../../utils';
-import { AuthContext, AuthProvider } from './auth_provider';
+import { type AuthContext, AuthProvider } from './auth_provider';
 
 export class Plain extends AuthProvider {
   override async auth(authContext: AuthContext): Promise<void> {

package/src/cmap/auth/scram.ts

@@ -1,7 +1,7 @@
 import * as crypto from 'crypto';
 import { promisify } from 'util';
 
-import { Binary, Document } from '../../bson';
+import { Binary, type Document } from '../../bson';
 import { saslprep } from '../../deps';
 import {
   MongoInvalidArgumentError,
@@ -10,7 +10,7 @@ import {
 } from '../../error';
 import { emitWarning, ns } from '../../utils';
 import type { HandshakeDocument } from '../connect';
-import { AuthContext, AuthProvider } from './auth_provider';
+import { type AuthContext, AuthProvider } from './auth_provider';
 import type { MongoCredentials } from './mongo_credentials';
 import { AuthMechanism } from './providers';
 
@@ -34,7 +34,10 @@ class ScramSHA extends AuthProvider {
     if (!credentials) {
       throw new MongoMissingCredentialsError('AuthContext must provide credentials.');
     }
-    if (cryptoMethod === 'sha256' && saslprep == null) {
+    if (
+      cryptoMethod === 'sha256' &&
+      ('kModuleError' in saslprep || typeof saslprep !== 'function')
+    ) {
       emitWarning('Warning: no saslprep library specified. Passwords will not be sanitized');
     }
 
@@ -140,7 +143,8 @@ async function continueScramConversation(
 
   let processedPassword;
   if (cryptoMethod === 'sha256') {
-    processedPassword = 'kModuleError' in saslprep ? password : saslprep(password);
+    processedPassword =
+      'kModuleError' in saslprep || typeof saslprep !== 'function' ? password : saslprep(password);
   } else {
     processedPassword = passwordDigest(username, password);
   }

package/src/cmap/auth/x509.ts

@@ -2,7 +2,7 @@ import type { Document } from '../../bson';
 import { MongoMissingCredentialsError } from '../../error';
 import { ns } from '../../utils';
 import type { HandshakeDocument } from '../connect';
-import { AuthContext, AuthProvider } from './auth_provider';
+import { type AuthContext, AuthProvider } from './auth_provider';
 import type { MongoCredentials } from './mongo_credentials';
 
 export class X509 extends AuthProvider {

package/src/cmap/command_monitoring_events.ts

@@ -7,7 +7,7 @@ import {
   LEGACY_HELLO_COMMAND_CAMEL_CASE
 } from '../constants';
 import { calculateDurationInMs, deepCopy } from '../utils';
-import { Msg, WriteProtocolMessageType } from './commands';
+import { Msg, type WriteProtocolMessageType } from './commands';
 import type { Connection } from './connection';
 
 /**

package/src/cmap/connect.ts

@@ -5,7 +5,6 @@ import type { ConnectionOptions as TLSConnectionOpts, TLSSocket } from 'tls';
 import * as tls from 'tls';
 
 import type { Document } from '../bson';
-import { Int32 } from '../bson';
 import { LEGACY_HELLO_COMMAND } from '../constants';
 import {
   MongoCompatibilityError,
@@ -17,8 +16,8 @@ import {
   MongoRuntimeError,
   needsRetryableWriteLabel
 } from '../error';
-import { Callback, HostAddress, ns } from '../utils';
-import { AuthContext, AuthProvider } from './auth/auth_provider';
+import { type Callback, HostAddress, ns } from '../utils';
+import { AuthContext, type AuthProvider } from './auth/auth_provider';
 import { GSSAPI } from './auth/gssapi';
 import { MongoCR } from './auth/mongocr';
 import { MongoDBAWS } from './auth/mongodb_aws';
@@ -27,7 +26,12 @@ import { Plain } from './auth/plain';
 import { AuthMechanism } from './auth/providers';
 import { ScramSHA1, ScramSHA256 } from './auth/scram';
 import { X509 } from './auth/x509';
-import { CommandOptions, Connection, ConnectionOptions, CryptoConnection } from './connection';
+import {
+  type CommandOptions,
+  Connection,
+  type ConnectionOptions,
+  CryptoConnection
+} from './connection';
 import type { ClientMetadata } from './handshake/client_metadata';
 import {
   MAX_SUPPORTED_SERVER_VERSION,
@@ -75,14 +79,12 @@ export function connect(options: ConnectionOptions, callback: Callback<Connectio
 }
 
 function checkSupportedServer(hello: Document, options: ConnectionOptions) {
+  const maxWireVersion = Number(hello.maxWireVersion);
+  const minWireVersion = Number(hello.minWireVersion);
   const serverVersionHighEnough =
-    hello &&
-    (typeof hello.maxWireVersion === 'number' || hello.maxWireVersion instanceof Int32) &&
-    hello.maxWireVersion >= MIN_SUPPORTED_WIRE_VERSION;
+    !Number.isNaN(maxWireVersion) && maxWireVersion >= MIN_SUPPORTED_WIRE_VERSION;
   const serverVersionLowEnough =
-    hello &&
-    (typeof hello.minWireVersion === 'number' || hello.minWireVersion instanceof Int32) &&
-    hello.minWireVersion <= MAX_SUPPORTED_WIRE_VERSION;
+    !Number.isNaN(minWireVersion) && minWireVersion <= MAX_SUPPORTED_WIRE_VERSION;
 
   if (serverVersionHighEnough) {
     if (serverVersionLowEnough) {

package/src/cmap/connection.ts

@@ -23,15 +23,15 @@ import {
   MongoWriteConcernError
 } from '../error';
 import type { ServerApi, SupportedNodeConnectionOptions } from '../mongo_client';
-import { CancellationToken, TypedEventEmitter } from '../mongo_types';
+import { type CancellationToken, TypedEventEmitter } from '../mongo_types';
 import type { ReadPreferenceLike } from '../read_preference';
-import { applySession, ClientSession, updateSessionFromResponse } from '../sessions';
+import { applySession, type ClientSession, updateSessionFromResponse } from '../sessions';
 import {
   calculateDurationInMs,
-  Callback,
+  type Callback,
   HostAddress,
   maxWireVersion,
-  MongoDBNamespace,
+  type MongoDBNamespace,
   now,
   uuidV4
 } from '../utils';
@@ -43,11 +43,11 @@ import {
   CommandStartedEvent,
   CommandSucceededEvent
 } from './command_monitoring_events';
-import { BinMsg, Msg, Query, Response, WriteProtocolMessageType } from './commands';
+import { type BinMsg, Msg, Query, type Response, type WriteProtocolMessageType } from './commands';
 import type { Stream } from './connect';
 import type { ClientMetadata } from './handshake/client_metadata';
-import { MessageStream, OperationDescription } from './message_stream';
-import { StreamDescription, StreamDescriptionOptions } from './stream_description';
+import { MessageStream, type OperationDescription } from './message_stream';
+import { StreamDescription, type StreamDescriptionOptions } from './stream_description';
 import { getReadPreference, isSharded } from './wire_protocol/shared';
 
 /** @internal */

package/src/cmap/connection_pool.ts

@@ -16,7 +16,7 @@ import {
   CONNECTION_READY
 } from '../constants';
 import {
-  AnyError,
+  type AnyError,
   MONGODB_ERROR_CODES,
   MongoError,
   MongoInvalidArgumentError,
@@ -27,9 +27,9 @@ import {
 } from '../error';
 import { CancellationToken, TypedEventEmitter } from '../mongo_types';
 import type { Server } from '../sdam/server';
-import { Callback, eachAsync, List, makeCounter } from '../utils';
+import { type Callback, eachAsync, List, makeCounter } from '../utils';
 import { AUTH_PROVIDERS, connect } from './connect';
-import { Connection, ConnectionEvents, ConnectionOptions } from './connection';
+import { Connection, type ConnectionEvents, type ConnectionOptions } from './connection';
 import {
   ConnectionCheckedInEvent,
   ConnectionCheckedOutEvent,

package/src/cmap/message_stream.ts

@@ -1,14 +1,20 @@
-import { Duplex, DuplexOptions } from 'stream';
+import { Duplex, type DuplexOptions } from 'stream';
 
 import type { BSONSerializeOptions, Document } from '../bson';
 import { MongoDecompressionError, MongoParseError } from '../error';
 import type { ClientSession } from '../sessions';
-import { BufferPool, Callback } from '../utils';
-import { BinMsg, MessageHeader, Msg, Response, WriteProtocolMessageType } from './commands';
+import { BufferPool, type Callback } from '../utils';
+import {
+  BinMsg,
+  type MessageHeader,
+  Msg,
+  Response,
+  type WriteProtocolMessageType
+} from './commands';
 import {
   compress,
   Compressor,
-  CompressorName,
+  type CompressorName,
   decompress,
   uncompressibleCommands
 } from './wire_protocol/compression';

package/src/cmap/wire_protocol/compression.ts

@@ -2,7 +2,7 @@ import { promisify } from 'util';
 import * as zlib from 'zlib';
 
 import { LEGACY_HELLO_COMMAND } from '../../constants';
-import { Snappy, ZStandard } from '../../deps';
+import { getSnappy, getZstdLibrary, type SnappyLib, type ZStandard } from '../../deps';
 import { MongoDecompressionError, MongoInvalidArgumentError } from '../../error';
 
 /** @public */
@@ -37,6 +37,19 @@ const ZSTD_COMPRESSION_LEVEL = 3;
 const zlibInflate = promisify(zlib.inflate.bind(zlib));
 const zlibDeflate = promisify(zlib.deflate.bind(zlib));
 
+let zstd: typeof ZStandard;
+let Snappy: SnappyLib | null = null;
+function loadSnappy() {
+  if (Snappy == null) {
+    const snappyImport = getSnappy();
+    if ('kModuleError' in snappyImport) {
+      throw snappyImport.kModuleError;
+    }
+    Snappy = snappyImport;
+  }
+  return Snappy;
+}
+
 // Facilitate compressing a message using an agreed compressor
 export async function compress(
   options: { zlibCompressionLevel: number; agreedCompressor: CompressorName },
@@ -44,28 +57,28 @@ export async function compress(
 ): Promise<Buffer> {
   const zlibOptions = {} as zlib.ZlibOptions;
   switch (options.agreedCompressor) {
-    case 'snappy':
-      if ('kModuleError' in Snappy) {
-        throw Snappy['kModuleError'];
-      }
+    case 'snappy': {
+      Snappy ??= loadSnappy();
       return Snappy.compress(dataToBeCompressed);
-
-    case 'zstd':
-      if ('kModuleError' in ZStandard) {
-        throw ZStandard['kModuleError'];
+    }
+    case 'zstd': {
+      loadZstd();
+      if ('kModuleError' in zstd) {
+        throw zstd['kModuleError'];
       }
-      return ZStandard.compress(dataToBeCompressed, ZSTD_COMPRESSION_LEVEL);
-
-    case 'zlib':
+      return zstd.compress(dataToBeCompressed, ZSTD_COMPRESSION_LEVEL);
+    }
+    case 'zlib': {
       if (options.zlibCompressionLevel) {
         zlibOptions.level = options.zlibCompressionLevel;
       }
       return zlibDeflate(dataToBeCompressed, zlibOptions);
-
-    default:
+    }
+    default: {
       throw new MongoInvalidArgumentError(
         `Unknown compressor ${options.agreedCompressor} failed to compress`
       );
+    }
   }
 }
 
@@ -83,22 +96,31 @@ export async function decompress(compressorID: number, compressedData: Buffer):
   }
 
   switch (compressorID) {
-    case Compressor.snappy:
-      if ('kModuleError' in Snappy) {
-        throw Snappy['kModuleError'];
-      }
+    case Compressor.snappy: {
+      Snappy ??= loadSnappy();
       return Snappy.uncompress(compressedData, { asBuffer: true });
-
-    case Compressor.zstd:
-      if ('kModuleError' in ZStandard) {
-        throw ZStandard['kModuleError'];
+    }
+    case Compressor.zstd: {
+      loadZstd();
+      if ('kModuleError' in zstd) {
+        throw zstd['kModuleError'];
       }
-      return ZStandard.decompress(compressedData);
-
-    case Compressor.zlib:
+      return zstd.decompress(compressedData);
+    }
+    case Compressor.zlib: {
       return zlibInflate(compressedData);
-
-    default:
+    }
+    default: {
       return compressedData;
+    }
+  }
+}
+
+/**
+ * Load ZStandard if it is not already set.
+ */
+function loadZstd() {
+  if (!zstd) {
+    zstd = getZstdLibrary();
   }
 }