mongodb 6.14.2 → 6.15.0-dev.20250320.sha.af30db93

package/src/cursor/abstract_cursor.ts

@@ -1146,50 +1146,59 @@ class ReadableCursorStream extends Readable {
       return;
     }
 
-    this._cursor.next().then(
-      result => {
-        if (result == null) {
-          this.push(null);
-        } else if (this.destroyed) {
-          this._cursor.close().then(undefined, squashError);
-        } else {
-          if (this.push(result)) {
-            return this._readNext();
+    this._cursor
+      .next()
+      .then(
+        // result from next()
+        result => {
+          if (result == null) {
+            this.push(null);
+          } else if (this.destroyed) {
+            this._cursor.close().then(undefined, squashError);
+          } else {
+            if (this.push(result)) {
+              return this._readNext();
+            }
+
+            this._readInProgress = false;
+          }
+        },
+        // error from next()
+        err => {
+          // NOTE: This is questionable, but we have a test backing the behavior. It seems the
+          //       desired behavior is that a stream ends cleanly when a user explicitly closes
+          //       a client during iteration. Alternatively, we could do the "right" thing and
+          //       propagate the error message by removing this special case.
+          if (err.message.match(/server is closed/)) {
+            this._cursor.close().then(undefined, squashError);
+            return this.push(null);
           }
 
-          this._readInProgress = false;
-        }
-      },
-      err => {
-        // NOTE: This is questionable, but we have a test backing the behavior. It seems the
-        //       desired behavior is that a stream ends cleanly when a user explicitly closes
-        //       a client during iteration. Alternatively, we could do the "right" thing and
-        //       propagate the error message by removing this special case.
-        if (err.message.match(/server is closed/)) {
-          this._cursor.close().then(undefined, squashError);
-          return this.push(null);
-        }
+          // NOTE: This is also perhaps questionable. The rationale here is that these errors tend
+          //       to be "operation was interrupted", where a cursor has been closed but there is an
+          //       active getMore in-flight. This used to check if the cursor was killed but once
+          //       that changed to happen in cleanup legitimate errors would not destroy the
+          //       stream. There are change streams test specifically test these cases.
+          if (err.message.match(/operation was interrupted/)) {
+            return this.push(null);
+          }
 
-        // NOTE: This is also perhaps questionable. The rationale here is that these errors tend
-        //       to be "operation was interrupted", where a cursor has been closed but there is an
-        //       active getMore in-flight. This used to check if the cursor was killed but once
-        //       that changed to happen in cleanup legitimate errors would not destroy the
-        //       stream. There are change streams test specifically test these cases.
-        if (err.message.match(/operation was interrupted/)) {
-          return this.push(null);
+          // NOTE: The two above checks on the message of the error will cause a null to be pushed
+          //       to the stream, thus closing the stream before the destroy call happens. This means
+          //       that either of those error messages on a change stream will not get a proper
+          //       'error' event to be emitted (the error passed to destroy). Change stream resumability
+          //       relies on that error event to be emitted to create its new cursor and thus was not
+          //       working on 4.4 servers because the error emitted on failover was "interrupted at
+          //       shutdown" while on 5.0+ it is "The server is in quiesce mode and will shut down".
+          //       See NODE-4475.
+          return this.destroy(err);
         }
-
-        // NOTE: The two above checks on the message of the error will cause a null to be pushed
-        //       to the stream, thus closing the stream before the destroy call happens. This means
-        //       that either of those error messages on a change stream will not get a proper
-        //       'error' event to be emitted (the error passed to destroy). Change stream resumability
-        //       relies on that error event to be emitted to create its new cursor and thus was not
-        //       working on 4.4 servers because the error emitted on failover was "interrupted at
-        //       shutdown" while on 5.0+ it is "The server is in quiesce mode and will shut down".
-        //       See NODE-4475.
-        return this.destroy(err);
-      }
-    );
+      )
+      // if either of the above handlers throw
+      .catch(error => {
+        this._readInProgress = false;
+        this.destroy(error);
+      });
   }
 }
 

package/src/deps.ts

@@ -78,14 +78,14 @@ export function getZstdLibrary(): ZStandardLib | { kModuleError: MongoMissingDep
 }
 
 /**
- * @internal
+ * @public
  * Copy of the AwsCredentialIdentityProvider interface from [`smithy/types`](https://socket.dev/npm/package/\@smithy/types/files/1.1.1/dist-types/identity/awsCredentialIdentity.d.ts),
  * the return type of the aws-sdk's `fromNodeProviderChain().provider()`.
  */
 export interface AWSCredentials {
   accessKeyId: string;
   secretAccessKey: string;
-  sessionToken: string;
+  sessionToken?: string;
   expiration?: Date;
 }
 

package/src/index.ts

@@ -128,10 +128,11 @@ export { ReadPreferenceMode } from './read_preference';
 export { ServerType, TopologyType } from './sdam/common';
 
 // Helper classes
+export type { AWSCredentialProvider } from './cmap/auth/aws_temporary_credentials';
+export type { AWSCredentials } from './deps';
 export { ReadConcern } from './read_concern';
 export { ReadPreference } from './read_preference';
 export { WriteConcern } from './write_concern';
-
 // events
 export {
   CommandFailedEvent,
@@ -255,6 +256,7 @@ export type {
   AWSKMSProviderConfiguration,
   AzureKMSProviderConfiguration,
   ClientEncryptionDataKeyProvider,
+  CredentialProviders,
   GCPKMSProviderConfiguration,
   KMIPKMSProviderConfiguration,
   KMSProviders,

package/src/mongo_client_auth_providers.ts

@@ -13,8 +13,14 @@ import { X509 } from './cmap/auth/x509';
 import { MongoInvalidArgumentError } from './error';
 
 /** @internal */
-const AUTH_PROVIDERS = new Map<AuthMechanism | string, (workflow?: Workflow) => AuthProvider>([
-  [AuthMechanism.MONGODB_AWS, () => new MongoDBAWS()],
+const AUTH_PROVIDERS = new Map<
+  AuthMechanism | string,
+  (authMechanismProperties: AuthMechanismProperties) => AuthProvider
+>([
+  [
+    AuthMechanism.MONGODB_AWS,
+    ({ AWS_CREDENTIAL_PROVIDER }) => new MongoDBAWS(AWS_CREDENTIAL_PROVIDER)
+  ],
   [
     AuthMechanism.MONGODB_CR,
     () => {
@@ -24,7 +30,7 @@ const AUTH_PROVIDERS = new Map<AuthMechanism | string, (workflow?: Workflow) =>
     }
   ],
   [AuthMechanism.MONGODB_GSSAPI, () => new GSSAPI()],
-  [AuthMechanism.MONGODB_OIDC, (workflow?: Workflow) => new MongoDBOIDC(workflow)],
+  [AuthMechanism.MONGODB_OIDC, properties => new MongoDBOIDC(getWorkflow(properties))],
   [AuthMechanism.MONGODB_PLAIN, () => new Plain()],
   [AuthMechanism.MONGODB_SCRAM_SHA1, () => new ScramSHA1()],
   [AuthMechanism.MONGODB_SCRAM_SHA256, () => new ScramSHA256()],
@@ -62,37 +68,28 @@ export class MongoClientAuthProviders {
       throw new MongoInvalidArgumentError(`authMechanism ${name} not supported`);
     }
 
-    let provider;
-    if (name === AuthMechanism.MONGODB_OIDC) {
-      provider = providerFunction(this.getWorkflow(authMechanismProperties));
-    } else {
-      provider = providerFunction();
-    }
-
+    const provider = providerFunction(authMechanismProperties);
     this.existingProviders.set(name, provider);
     return provider;
   }
+}
 
-  /**
-   * Gets either a device workflow or callback workflow.
-   */
-  getWorkflow(authMechanismProperties: AuthMechanismProperties): Workflow {
-    if (authMechanismProperties.OIDC_HUMAN_CALLBACK) {
-      return new HumanCallbackWorkflow(
-        new TokenCache(),
-        authMechanismProperties.OIDC_HUMAN_CALLBACK
+/**
+ * Gets either a device workflow or callback workflow.
+ */
+function getWorkflow(authMechanismProperties: AuthMechanismProperties): Workflow {
+  if (authMechanismProperties.OIDC_HUMAN_CALLBACK) {
+    return new HumanCallbackWorkflow(new TokenCache(), authMechanismProperties.OIDC_HUMAN_CALLBACK);
+  } else if (authMechanismProperties.OIDC_CALLBACK) {
+    return new AutomatedCallbackWorkflow(new TokenCache(), authMechanismProperties.OIDC_CALLBACK);
+  } else {
+    const environment = authMechanismProperties.ENVIRONMENT;
+    const workflow = OIDC_WORKFLOWS.get(environment)?.();
+    if (!workflow) {
+      throw new MongoInvalidArgumentError(
+        `Could not load workflow for environment ${authMechanismProperties.ENVIRONMENT}`
       );
-    } else if (authMechanismProperties.OIDC_CALLBACK) {
-      return new AutomatedCallbackWorkflow(new TokenCache(), authMechanismProperties.OIDC_CALLBACK);
-    } else {
-      const environment = authMechanismProperties.ENVIRONMENT;
-      const workflow = OIDC_WORKFLOWS.get(environment)?.();
-      if (!workflow) {
-        throw new MongoInvalidArgumentError(
-          `Could not load workflow for environment ${authMechanismProperties.ENVIRONMENT}`
-        );
-      }
-      return workflow;
     }
+    return workflow;
   }
 }

package/src/sdam/server.ts

@@ -48,6 +48,7 @@ import {
   maxWireVersion,
   type MongoDBNamespace,
   noop,
+  squashError,
   supportsRetryableWrites
 } from '../utils';
 import { throwIfWriteConcernError } from '../write_concern';
@@ -345,9 +346,10 @@ export class Server extends TypedEventEmitter<ServerEvents> {
         operationError instanceof MongoError &&
         operationError.code === MONGODB_ERROR_CODES.Reauthenticate
       ) {
-        reauthPromise = this.pool.reauthenticate(conn).catch(error => {
+        reauthPromise = this.pool.reauthenticate(conn);
+        reauthPromise.then(undefined, error => {
           reauthPromise = null;
-          throw error;
+          squashError(error);
         });
 
         await abortable(reauthPromise, options);
@@ -368,9 +370,10 @@ export class Server extends TypedEventEmitter<ServerEvents> {
       if (session?.pinnedConnection !== conn) {
         if (reauthPromise != null) {
           // The reauth promise only exists if it hasn't thrown.
-          void reauthPromise.finally(() => {
+          const checkBackIn = () => {
             this.pool.checkIn(conn);
-          });
+          };
+          void reauthPromise.then(checkBackIn, checkBackIn);
         } else {
           this.pool.checkIn(conn);
         }

package/src/timeout.ts

@@ -3,7 +3,7 @@ import { clearTimeout, setTimeout } from 'timers';
 import { type Document } from './bson';
 import { MongoInvalidArgumentError, MongoOperationTimeoutError, MongoRuntimeError } from './error';
 import { type ClientSession } from './sessions';
-import { csotMin, noop } from './utils';
+import { csotMin, noop, squashError } from './utils';
 
 /** @internal */
 export class TimeoutError extends Error {
@@ -102,7 +102,13 @@ export class Timeout extends Promise<never> {
   }
 
   throwIfExpired(): void {
-    if (this.timedOut) throw new TimeoutError('Timed out', { duration: this.duration });
+    if (this.timedOut) {
+      // This method is invoked when someone wants to throw immediately instead of await the result of this promise
+      // Since they won't be handling the rejection from the promise (because we're about to throw here)
+      // attach handling to prevent this from bubbling up to Node.js
+      this.then(undefined, squashError);
+      throw new TimeoutError('Timed out', { duration: this.duration });
+    }
   }
 
   public static expires(duration: number, unref?: true): Timeout {