mongodb 6.16.0 → 6.17.0-dev.20250605.sha.57ef31be

package/lib/cmap/auth/mongodb_oidc/machine_workflow.js

@@ -1,110 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.MachineWorkflow = void 0;
-const promises_1 = require("timers/promises");
-const utils_1 = require("../../../utils");
-const command_builders_1 = require("./command_builders");
-/** The time to throttle callback calls. */
-const THROTTLE_MS = 100;
-/**
- * Common behaviour for OIDC machine workflows.
- * @internal
- */
-class MachineWorkflow {
-    /**
-     * Instantiate the machine workflow.
-     */
-    constructor(cache) {
-        this.cache = cache;
-        this.callback = this.withLock(this.getToken.bind(this));
-        this.lastExecutionTime = Date.now() - THROTTLE_MS;
-    }
-    /**
-     * Execute the workflow. Gets the token from the subclass implementation.
-     */
-    async execute(connection, credentials) {
-        const token = await this.getTokenFromCacheOrEnv(connection, credentials);
-        const command = (0, command_builders_1.finishCommandDocument)(token);
-        await connection.command((0, utils_1.ns)(credentials.source), command, undefined);
-    }
-    /**
-     * Reauthenticate on a machine workflow just grabs the token again since the server
-     * has said the current access token is invalid or expired.
-     */
-    async reauthenticate(connection, credentials) {
-        if (this.cache.hasAccessToken) {
-            // Reauthentication implies the token has expired.
-            if (connection.accessToken === this.cache.getAccessToken()) {
-                // If connection's access token is the same as the cache's, remove
-                // the token from the cache and connection.
-                this.cache.removeAccessToken();
-                delete connection.accessToken;
-            }
-            else {
-                // If the connection's access token is different from the cache's, set
-                // the cache's token on the connection and do not remove from the
-                // cache.
-                connection.accessToken = this.cache.getAccessToken();
-            }
-        }
-        await this.execute(connection, credentials);
-    }
-    /**
-     * Get the document to add for speculative authentication.
-     */
-    async speculativeAuth(connection, credentials) {
-        // The spec states only cached access tokens can use speculative auth.
-        if (!this.cache.hasAccessToken) {
-            return {};
-        }
-        const token = await this.getTokenFromCacheOrEnv(connection, credentials);
-        const document = (0, command_builders_1.finishCommandDocument)(token);
-        document.db = credentials.source;
-        return { speculativeAuthenticate: document };
-    }
-    /**
-     * Get the token from the cache or environment.
-     */
-    async getTokenFromCacheOrEnv(connection, credentials) {
-        if (this.cache.hasAccessToken) {
-            const token = this.cache.getAccessToken();
-            // New connections won't have an access token so ensure we set here.
-            if (!connection.accessToken) {
-                connection.accessToken = token;
-            }
-            return token;
-        }
-        else {
-            const token = await this.callback(credentials);
-            this.cache.put({ accessToken: token.access_token, expiresInSeconds: token.expires_in });
-            // Put the access token on the connection as well.
-            connection.accessToken = token.access_token;
-            return token.access_token;
-        }
-    }
-    /**
-     * Ensure the callback is only executed one at a time, and throttled to
-     * only once per 100ms.
-     */
-    withLock(callback) {
-        let lock = Promise.resolve();
-        return async (credentials) => {
-            // We do this to ensure that we would never return the result of the
-            // previous lock, only the current callback's value would get returned.
-            await lock;
-            lock = lock
-                .catch(() => null)
-                .then(async () => {
-                const difference = Date.now() - this.lastExecutionTime;
-                if (difference <= THROTTLE_MS) {
-                    await (0, promises_1.setTimeout)(THROTTLE_MS - difference);
-                }
-                this.lastExecutionTime = Date.now();
-                return await callback(credentials);
-            });
-            return await lock;
-        };
-    }
-}
-exports.MachineWorkflow = MachineWorkflow;
-//# sourceMappingURL=machine_workflow.js.map

package/lib/cmap/auth/mongodb_oidc/machine_workflow.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"machine_workflow.js","sourceRoot":"","sources":["../../../../src/cmap/auth/mongodb_oidc/machine_workflow.ts"],"names":[],"mappings":";;;AAAA,8CAA6C;AAG7C,0CAAoC;AAIpC,yDAA2D;AAG3D,2CAA2C;AAC3C,MAAM,WAAW,GAAG,GAAG,CAAC;AAcxB;;;GAGG;AACH,MAAsB,eAAe;IAKnC;;OAEG;IACH,YAAY,KAAiB;QAC3B,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;QACnB,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;QACxD,IAAI,CAAC,iBAAiB,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,WAAW,CAAC;IACpD,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,OAAO,CAAC,UAAsB,EAAE,WAA6B;QACjE,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,sBAAsB,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;QACzE,MAAM,OAAO,GAAG,IAAA,wCAAqB,EAAC,KAAK,CAAC,CAAC;QAC7C,MAAM,UAAU,CAAC,OAAO,CAAC,IAAA,UAAE,EAAC,WAAW,CAAC,MAAM,CAAC,EAAE,OAAO,EAAE,SAAS,CAAC,CAAC;IACvE,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,cAAc,CAAC,UAAsB,EAAE,WAA6B;QACxE,IAAI,IAAI,CAAC,KAAK,CAAC,cAAc,EAAE,CAAC;YAC9B,kDAAkD;YAClD,IAAI,UAAU,CAAC,WAAW,KAAK,IAAI,CAAC,KAAK,CAAC,cAAc,EAAE,EAAE,CAAC;gBAC3D,kEAAkE;gBAClE,2CAA2C;gBAC3C,IAAI,CAAC,KAAK,CAAC,iBAAiB,EAAE,CAAC;gBAC/B,OAAO,UAAU,CAAC,WAAW,CAAC;YAChC,CAAC;iBAAM,CAAC;gBACN,sEAAsE;gBACtE,iEAAiE;gBACjE,SAAS;gBACT,UAAU,CAAC,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,cAAc,EAAE,CAAC;YACvD,CAAC;QACH,CAAC;QACD,MAAM,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;IAC9C,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,eAAe,CAAC,UAAsB,EAAE,WAA6B;QACzE,sEAAsE;QACtE,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,cAAc,EAAE,CAAC;YAC/B,OAAO,EAAE,CAAC;QACZ,CAAC;QACD,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,sBAAsB,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;QACzE,MAAM,QAAQ,GAAG,IAAA,wCAAqB,EAAC,KAAK,CAAC,CAAC;QAC9C,QAAQ,CAAC,EAAE,GAAG,WAAW,CAAC,MAAM,CAAC;QACjC,OAAO,EAAE,uBAAuB,EAAE,QAAQ,EAAE,CAAC;IAC/C,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,sBAAsB,CAClC,UAAsB,EACtB,WAA6B;QAE7B,IAAI,IAAI,CAAC,KAAK,CAAC,cAAc,EAAE,CAAC;YAC9B,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,cAAc,EAAE,CAAC;YAC1C,oEAAoE;YACpE,IAAI,CAAC,UAAU,CAAC,WAAW,EAAE,CAAC;gBAC5B,UAAU,CAAC,WAAW,GAAG,KAAK,CAAC;YACjC,CAAC;YACD,OAAO,KAAK,CAAC;QACf,CAAC;aAAM,CAAC;YACN,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;YAC/C,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,WAAW,EAAE,KAAK,CAAC,YAAY,EAAE,gBAAgB,EAAE,KAAK,CAAC,UAAU,EAAE,CAAC,CAAC;YACxF,kDAAkD;YAClD,UAAU,CAAC,WAAW,GAAG,KAAK,CAAC,YAAY,CAAC;YAC5C,OAAO,KAAK,CAAC,YAAY,CAAC;QAC5B,CAAC;IACH,CAAC;IAED;;;OAGG;IACK,QAAQ,CAAC,QAA2B;QAC1C,IAAI,IAAI,GAAiB,OAAO,CAAC,OAAO,EAAE,CAAC;QAC3C,OAAO,KAAK,EAAE,WAA6B,EAAwB,EAAE;YACnE,oEAAoE;YACpE,uEAAuE;YACvE,MAAM,IAAI,CAAC;YACX,IAAI,GAAG,IAAI;iBAER,KAAK,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC;iBAEjB,IAAI,CAAC,KAAK,IAAI,EAAE;gBACf,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,iBAAiB,CAAC;gBACvD,IAAI,UAAU,IAAI,WAAW,EAAE,CAAC;oBAC9B,MAAM,IAAA,qBAAU,EAAC,WAAW,GAAG,UAAU,CAAC,CAAC;gBAC7C,CAAC;gBACD,IAAI,CAAC,iBAAiB,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;gBACpC,OAAO,MAAM,QAAQ,CAAC,WAAW,CAAC,CAAC;YACrC,CAAC,CAAC,CAAC;YACL,OAAO,MAAM,IAAI,CAAC;QACpB,CAAC,CAAC;IACJ,CAAC;CAMF;AAhHD,0CAgHC"}

package/src/cmap/auth/mongodb_oidc/machine_workflow.ts

@@ -1,142 +0,0 @@
-import { setTimeout } from 'timers/promises';
-
-import { type Document } from '../../../bson';
-import { ns } from '../../../utils';
-import type { Connection } from '../../connection';
-import type { MongoCredentials } from '../mongo_credentials';
-import type { Workflow } from '../mongodb_oidc';
-import { finishCommandDocument } from './command_builders';
-import { type TokenCache } from './token_cache';
-
-/** The time to throttle callback calls. */
-const THROTTLE_MS = 100;
-
-/**
- * The access token format.
- * @internal
- */
-export interface AccessToken {
-  access_token: string;
-  expires_in?: number;
-}
-
-/** @internal */
-export type OIDCTokenFunction = (credentials: MongoCredentials) => Promise<AccessToken>;
-
-/**
- * Common behaviour for OIDC machine workflows.
- * @internal
- */
-export abstract class MachineWorkflow implements Workflow {
-  cache: TokenCache;
-  callback: OIDCTokenFunction;
-  lastExecutionTime: number;
-
-  /**
-   * Instantiate the machine workflow.
-   */
-  constructor(cache: TokenCache) {
-    this.cache = cache;
-    this.callback = this.withLock(this.getToken.bind(this));
-    this.lastExecutionTime = Date.now() - THROTTLE_MS;
-  }
-
-  /**
-   * Execute the workflow. Gets the token from the subclass implementation.
-   */
-  async execute(connection: Connection, credentials: MongoCredentials): Promise<void> {
-    const token = await this.getTokenFromCacheOrEnv(connection, credentials);
-    const command = finishCommandDocument(token);
-    await connection.command(ns(credentials.source), command, undefined);
-  }
-
-  /**
-   * Reauthenticate on a machine workflow just grabs the token again since the server
-   * has said the current access token is invalid or expired.
-   */
-  async reauthenticate(connection: Connection, credentials: MongoCredentials): Promise<void> {
-    if (this.cache.hasAccessToken) {
-      // Reauthentication implies the token has expired.
-      if (connection.accessToken === this.cache.getAccessToken()) {
-        // If connection's access token is the same as the cache's, remove
-        // the token from the cache and connection.
-        this.cache.removeAccessToken();
-        delete connection.accessToken;
-      } else {
-        // If the connection's access token is different from the cache's, set
-        // the cache's token on the connection and do not remove from the
-        // cache.
-        connection.accessToken = this.cache.getAccessToken();
-      }
-    }
-    await this.execute(connection, credentials);
-  }
-
-  /**
-   * Get the document to add for speculative authentication.
-   */
-  async speculativeAuth(connection: Connection, credentials: MongoCredentials): Promise<Document> {
-    // The spec states only cached access tokens can use speculative auth.
-    if (!this.cache.hasAccessToken) {
-      return {};
-    }
-    const token = await this.getTokenFromCacheOrEnv(connection, credentials);
-    const document = finishCommandDocument(token);
-    document.db = credentials.source;
-    return { speculativeAuthenticate: document };
-  }
-
-  /**
-   * Get the token from the cache or environment.
-   */
-  private async getTokenFromCacheOrEnv(
-    connection: Connection,
-    credentials: MongoCredentials
-  ): Promise<string> {
-    if (this.cache.hasAccessToken) {
-      const token = this.cache.getAccessToken();
-      // New connections won't have an access token so ensure we set here.
-      if (!connection.accessToken) {
-        connection.accessToken = token;
-      }
-      return token;
-    } else {
-      const token = await this.callback(credentials);
-      this.cache.put({ accessToken: token.access_token, expiresInSeconds: token.expires_in });
-      // Put the access token on the connection as well.
-      connection.accessToken = token.access_token;
-      return token.access_token;
-    }
-  }
-
-  /**
-   * Ensure the callback is only executed one at a time, and throttled to
-   * only once per 100ms.
-   */
-  private withLock(callback: OIDCTokenFunction): OIDCTokenFunction {
-    let lock: Promise<any> = Promise.resolve();
-    return async (credentials: MongoCredentials): Promise<AccessToken> => {
-      // We do this to ensure that we would never return the result of the
-      // previous lock, only the current callback's value would get returned.
-      await lock;
-      lock = lock
-
-        .catch(() => null)
-
-        .then(async () => {
-          const difference = Date.now() - this.lastExecutionTime;
-          if (difference <= THROTTLE_MS) {
-            await setTimeout(THROTTLE_MS - difference);
-          }
-          this.lastExecutionTime = Date.now();
-          return await callback(credentials);
-        });
-      return await lock;
-    };
-  }
-
-  /**
-   * Get the token from the environment or endpoint.
-   */
-  abstract getToken(credentials: MongoCredentials): Promise<AccessToken>;
-}