mongodb 6.6.2 → 6.7.0-dev.20240530.sha.f56938f

package/src/mongo_client_auth_providers.ts

@@ -1,8 +1,12 @@
 import { type AuthProvider } from './cmap/auth/auth_provider';
 import { GSSAPI } from './cmap/auth/gssapi';
+import { type AuthMechanismProperties } from './cmap/auth/mongo_credentials';
 import { MongoCR } from './cmap/auth/mongocr';
 import { MongoDBAWS } from './cmap/auth/mongodb_aws';
-import { MongoDBOIDC } from './cmap/auth/mongodb_oidc';
+import { MongoDBOIDC, OIDC_WORKFLOWS, type Workflow } from './cmap/auth/mongodb_oidc';
+import { AutomatedCallbackWorkflow } from './cmap/auth/mongodb_oidc/automated_callback_workflow';
+import { HumanCallbackWorkflow } from './cmap/auth/mongodb_oidc/human_callback_workflow';
+import { TokenCache } from './cmap/auth/mongodb_oidc/token_cache';
 import { Plain } from './cmap/auth/plain';
 import { AuthMechanism } from './cmap/auth/providers';
 import { ScramSHA1, ScramSHA256 } from './cmap/auth/scram';
@@ -10,11 +14,11 @@ import { X509 } from './cmap/auth/x509';
 import { MongoInvalidArgumentError } from './error';
 
 /** @internal */
-const AUTH_PROVIDERS = new Map<AuthMechanism | string, () => AuthProvider>([
+const AUTH_PROVIDERS = new Map<AuthMechanism | string, (workflow?: Workflow) => AuthProvider>([
   [AuthMechanism.MONGODB_AWS, () => new MongoDBAWS()],
   [AuthMechanism.MONGODB_CR, () => new MongoCR()],
   [AuthMechanism.MONGODB_GSSAPI, () => new GSSAPI()],
-  [AuthMechanism.MONGODB_OIDC, () => new MongoDBOIDC()],
+  [AuthMechanism.MONGODB_OIDC, (workflow?: Workflow) => new MongoDBOIDC(workflow)],
   [AuthMechanism.MONGODB_PLAIN, () => new Plain()],
   [AuthMechanism.MONGODB_SCRAM_SHA1, () => new ScramSHA1()],
   [AuthMechanism.MONGODB_SCRAM_SHA256, () => new ScramSHA256()],
@@ -33,22 +37,56 @@ export class MongoClientAuthProviders {
    * Get or create an authentication provider based on the provided mechanism.
    * We don't want to create all providers at once, as some providers may not be used.
    * @param name - The name of the provider to get or create.
+   * @param credentials - The credentials.
    * @returns The provider.
    * @throws MongoInvalidArgumentError if the mechanism is not supported.
    * @internal
    */
-  getOrCreateProvider(name: AuthMechanism | string): AuthProvider {
+  getOrCreateProvider(
+    name: AuthMechanism | string,
+    authMechanismProperties: AuthMechanismProperties
+  ): AuthProvider {
     const authProvider = this.existingProviders.get(name);
     if (authProvider) {
       return authProvider;
     }
 
-    const provider = AUTH_PROVIDERS.get(name)?.();
-    if (!provider) {
+    const providerFunction = AUTH_PROVIDERS.get(name);
+    if (!providerFunction) {
       throw new MongoInvalidArgumentError(`authMechanism ${name} not supported`);
     }
 
+    let provider;
+    if (name === AuthMechanism.MONGODB_OIDC) {
+      provider = providerFunction(this.getWorkflow(authMechanismProperties));
+    } else {
+      provider = providerFunction();
+    }
+
     this.existingProviders.set(name, provider);
     return provider;
   }
+
+  /**
+   * Gets either a device workflow or callback workflow.
+   */
+  getWorkflow(authMechanismProperties: AuthMechanismProperties): Workflow {
+    if (authMechanismProperties.OIDC_HUMAN_CALLBACK) {
+      return new HumanCallbackWorkflow(
+        new TokenCache(),
+        authMechanismProperties.OIDC_HUMAN_CALLBACK
+      );
+    } else if (authMechanismProperties.OIDC_CALLBACK) {
+      return new AutomatedCallbackWorkflow(new TokenCache(), authMechanismProperties.OIDC_CALLBACK);
+    } else {
+      const environment = authMechanismProperties.ENVIRONMENT;
+      const workflow = OIDC_WORKFLOWS.get(environment)?.();
+      if (!workflow) {
+        throw new MongoInvalidArgumentError(
+          `Could not load workflow for environment ${authMechanismProperties.ENVIRONMENT}`
+        );
+      }
+      return workflow;
+    }
+  }
 }

package/src/sdam/server_description.ts

@@ -258,10 +258,19 @@ export function compareTopologyVersion(
   }
 
   // TODO(NODE-2674): Preserve int64 sent from MongoDB
-  const currentCounter = Long.isLong(currentTv.counter)
-    ? currentTv.counter
-    : Long.fromNumber(currentTv.counter);
-  const newCounter = Long.isLong(newTv.counter) ? newTv.counter : Long.fromNumber(newTv.counter);
+  const currentCounter =
+    typeof currentTv.counter === 'bigint'
+      ? Long.fromBigInt(currentTv.counter)
+      : Long.isLong(currentTv.counter)
+      ? currentTv.counter
+      : Long.fromNumber(currentTv.counter);
+
+  const newCounter =
+    typeof newTv.counter === 'bigint'
+      ? Long.fromBigInt(newTv.counter)
+      : Long.isLong(newTv.counter)
+      ? newTv.counter
+      : Long.fromNumber(newTv.counter);
 
   return currentCounter.compare(newCounter);
 }

package/src/sessions.ts

@@ -369,6 +369,11 @@ export class ClientSession extends TypedEventEmitter<ClientSessionEvents> {
   /**
    * Starts a new transaction with the given options.
    *
+   * @remarks
+   * **IMPORTANT**: Running operations in parallel is not supported during a transaction. The use of `Promise.all`,
+   * `Promise.allSettled`, `Promise.race`, etc to parallelize operations inside a transaction is
+   * undefined behaviour.
+   *
    * @param options - Options for the transaction
    */
   startTransaction(options?: TransactionOptions): void {
@@ -443,6 +448,11 @@ export class ClientSession extends TypedEventEmitter<ClientSessionEvents> {
    *
    * **IMPORTANT:** This method requires the function passed in to return a Promise. That promise must be made by `await`-ing all operations in such a way that rejections are propagated to the returned promise.
    *
+   * **IMPORTANT:** Running operations in parallel is not supported during a transaction. The use of `Promise.all`,
+   * `Promise.allSettled`, `Promise.race`, etc to parallelize operations inside a transaction is
+   * undefined behaviour.
+   *
+   *
    * @remarks
    * - If all operations successfully complete and the `commitTransaction` operation is successful, then the provided function will return the result of the provided function.
    * - If the transaction is unable to complete or an error is thrown from within the provided function, then the provided function will throw an error.

package/src/utils.ts

@@ -3,6 +3,7 @@ import type { SrvRecord } from 'dns';
 import { type EventEmitter } from 'events';
 import { promises as fs } from 'fs';
 import * as http from 'http';
+import { clearTimeout, setTimeout } from 'timers';
 import * as url from 'url';
 import { URL } from 'url';
 import { promisify } from 'util';
@@ -1157,6 +1158,38 @@ interface RequestOptions {
   headers?: http.OutgoingHttpHeaders;
 }
 
+/**
+ * Perform a get request that returns status and body.
+ * @internal
+ */
+export function get(
+  url: URL | string,
+  options: http.RequestOptions = {}
+): Promise<{ body: string; status: number | undefined }> {
+  return new Promise((resolve, reject) => {
+    /* eslint-disable prefer-const */
+    let timeoutId: NodeJS.Timeout;
+    const request = http
+      .get(url, options, response => {
+        response.setEncoding('utf8');
+        let body = '';
+        response.on('data', chunk => (body += chunk));
+        response.on('end', () => {
+          clearTimeout(timeoutId);
+          resolve({ status: response.statusCode, body });
+        });
+      })
+      .on('error', error => {
+        clearTimeout(timeoutId);
+        reject(error);
+      })
+      .end();
+    timeoutId = setTimeout(() => {
+      request.destroy(new MongoNetworkTimeoutError(`request timed out after 10 seconds`));
+    }, 10000);
+  });
+}
+
 export async function request(uri: string): Promise<Record<string, any>>;
 export async function request(
   uri: string,

package/lib/client-side-encryption/providers/utils.js

@@ -1,35 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.get = void 0;
-const http = require("http");
-const timers_1 = require("timers");
-const errors_1 = require("../errors");
-/**
- * @internal
- */
-function get(url, options = {}) {
-    return new Promise((resolve, reject) => {
-        /* eslint-disable prefer-const */
-        let timeoutId;
-        const request = http
-            .get(url, options, response => {
-            response.setEncoding('utf8');
-            let body = '';
-            response.on('data', chunk => (body += chunk));
-            response.on('end', () => {
-                (0, timers_1.clearTimeout)(timeoutId);
-                resolve({ status: response.statusCode, body });
-            });
-        })
-            .on('error', error => {
-            (0, timers_1.clearTimeout)(timeoutId);
-            reject(error);
-        })
-            .end();
-        timeoutId = (0, timers_1.setTimeout)(() => {
-            request.destroy(new errors_1.MongoCryptKMSRequestNetworkTimeoutError(`request timed out after 10 seconds`));
-        }, 10000);
-    });
-}
-exports.get = get;
-//# sourceMappingURL=utils.js.map

package/lib/client-side-encryption/providers/utils.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"utils.js","sourceRoot":"","sources":["../../../src/client-side-encryption/providers/utils.ts"],"names":[],"mappings":";;;AAAA,6BAA6B;AAC7B,mCAAkD;AAElD,sCAAoE;AAEpE;;GAEG;AACH,SAAgB,GAAG,CACjB,GAAiB,EACjB,UAA+B,EAAE;IAEjC,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,iCAAiC;QACjC,IAAI,SAAyB,CAAC;QAC9B,MAAM,OAAO,GAAG,IAAI;aACjB,GAAG,CAAC,GAAG,EAAE,OAAO,EAAE,QAAQ,CAAC,EAAE;YAC5B,QAAQ,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;YAC7B,IAAI,IAAI,GAAG,EAAE,CAAC;YACd,QAAQ,CAAC,EAAE,CAAC,MAAM,EAAE,KAAK,CAAC,EAAE,CAAC,CAAC,IAAI,IAAI,KAAK,CAAC,CAAC,CAAC;YAC9C,QAAQ,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE;gBACtB,IAAA,qBAAY,EAAC,SAAS,CAAC,CAAC;gBACxB,OAAO,CAAC,EAAE,MAAM,EAAE,QAAQ,CAAC,UAAU,EAAE,IAAI,EAAE,CAAC,CAAC;YACjD,CAAC,CAAC,CAAC;QACL,CAAC,CAAC;aACD,EAAE,CAAC,OAAO,EAAE,KAAK,CAAC,EAAE;YACnB,IAAA,qBAAY,EAAC,SAAS,CAAC,CAAC;YACxB,MAAM,CAAC,KAAK,CAAC,CAAC;QAChB,CAAC,CAAC;aACD,GAAG,EAAE,CAAC;QACT,SAAS,GAAG,IAAA,mBAAU,EAAC,GAAG,EAAE;YAC1B,OAAO,CAAC,OAAO,CACb,IAAI,gDAAuC,CAAC,oCAAoC,CAAC,CAClF,CAAC;QACJ,CAAC,EAAE,KAAK,CAAC,CAAC;IACZ,CAAC,CAAC,CAAC;AACL,CAAC;AA5BD,kBA4BC"}

package/lib/cmap/auth/mongodb_oidc/aws_service_workflow.js

@@ -1,30 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.AwsServiceWorkflow = void 0;
-const fs = require("fs");
-const error_1 = require("../../../error");
-const service_workflow_1 = require("./service_workflow");
-/** Error for when the token is missing in the environment. */
-const TOKEN_MISSING_ERROR = 'AWS_WEB_IDENTITY_TOKEN_FILE must be set in the environment.';
-/**
- * Device workflow implementation for AWS.
- *
- * @internal
- */
-class AwsServiceWorkflow extends service_workflow_1.ServiceWorkflow {
-    constructor() {
-        super();
-    }
-    /**
-     * Get the token from the environment.
-     */
-    async getToken() {
-        const tokenFile = process.env.AWS_WEB_IDENTITY_TOKEN_FILE;
-        if (!tokenFile) {
-            throw new error_1.MongoAWSError(TOKEN_MISSING_ERROR);
-        }
-        return await fs.promises.readFile(tokenFile, 'utf8');
-    }
-}
-exports.AwsServiceWorkflow = AwsServiceWorkflow;
-//# sourceMappingURL=aws_service_workflow.js.map

package/lib/cmap/auth/mongodb_oidc/aws_service_workflow.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"aws_service_workflow.js","sourceRoot":"","sources":["../../../../src/cmap/auth/mongodb_oidc/aws_service_workflow.ts"],"names":[],"mappings":";;;AAAA,yBAAyB;AAEzB,0CAA+C;AAC/C,yDAAqD;AAErD,8DAA8D;AAC9D,MAAM,mBAAmB,GAAG,6DAA6D,CAAC;AAE1F;;;;GAIG;AACH,MAAa,kBAAmB,SAAQ,kCAAe;IACrD;QACE,KAAK,EAAE,CAAC;IACV,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,QAAQ;QACZ,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,2BAA2B,CAAC;QAC1D,IAAI,CAAC,SAAS,EAAE;YACd,MAAM,IAAI,qBAAa,CAAC,mBAAmB,CAAC,CAAC;SAC9C;QACD,OAAO,MAAM,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;IACvD,CAAC;CACF;AAfD,gDAeC"}

package/lib/cmap/auth/mongodb_oidc/azure_service_workflow.js

@@ -1,73 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.AzureServiceWorkflow = void 0;
-const error_1 = require("../../../error");
-const utils_1 = require("../../../utils");
-const azure_token_cache_1 = require("./azure_token_cache");
-const service_workflow_1 = require("./service_workflow");
-/** Base URL for getting Azure tokens. */
-const AZURE_BASE_URL = 'http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01';
-/** Azure request headers. */
-const AZURE_HEADERS = Object.freeze({ Metadata: 'true', Accept: 'application/json' });
-/** Invalid endpoint result error. */
-const ENDPOINT_RESULT_ERROR = 'Azure endpoint did not return a value with only access_token and expires_in properties';
-/** Error for when the token audience is missing in the environment. */
-const TOKEN_AUDIENCE_MISSING_ERROR = 'TOKEN_AUDIENCE must be set in the auth mechanism properties when PROVIDER_NAME is azure.';
-/**
- * Device workflow implementation for Azure.
- *
- * @internal
- */
-class AzureServiceWorkflow extends service_workflow_1.ServiceWorkflow {
-    constructor() {
-        super(...arguments);
-        this.cache = new azure_token_cache_1.AzureTokenCache();
-    }
-    /**
-     * Get the token from the environment.
-     */
-    async getToken(credentials) {
-        const tokenAudience = credentials?.mechanismProperties.TOKEN_AUDIENCE;
-        if (!tokenAudience) {
-            throw new error_1.MongoAzureError(TOKEN_AUDIENCE_MISSING_ERROR);
-        }
-        let token;
-        const entry = this.cache.getEntry(tokenAudience);
-        if (entry?.isValid()) {
-            token = entry.token;
-        }
-        else {
-            this.cache.deleteEntry(tokenAudience);
-            const response = await getAzureTokenData(tokenAudience);
-            if (!isEndpointResultValid(response)) {
-                throw new error_1.MongoAzureError(ENDPOINT_RESULT_ERROR);
-            }
-            this.cache.addEntry(tokenAudience, response);
-            token = response.access_token;
-        }
-        return token;
-    }
-}
-exports.AzureServiceWorkflow = AzureServiceWorkflow;
-/**
- * Hit the Azure endpoint to get the token data.
- */
-async function getAzureTokenData(tokenAudience) {
-    const url = `${AZURE_BASE_URL}&resource=${tokenAudience}`;
-    const data = await (0, utils_1.request)(url, {
-        json: true,
-        headers: AZURE_HEADERS
-    });
-    return data;
-}
-/**
- * Determines if a result returned from the endpoint is valid.
- * This means the result is not nullish, contains the access_token required field
- * and the expires_in required field.
- */
-function isEndpointResultValid(token) {
-    if (token == null || typeof token !== 'object')
-        return false;
-    return 'access_token' in token && 'expires_in' in token;
-}
-//# sourceMappingURL=azure_service_workflow.js.map

package/lib/cmap/auth/mongodb_oidc/azure_service_workflow.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"azure_service_workflow.js","sourceRoot":"","sources":["../../../../src/cmap/auth/mongodb_oidc/azure_service_workflow.ts"],"names":[],"mappings":";;;AAAA,0CAAiD;AACjD,0CAAyC;AAEzC,2DAAsD;AACtD,yDAAqD;AAErD,yCAAyC;AACzC,MAAM,cAAc,GAClB,8EAA8E,CAAC;AAEjF,6BAA6B;AAC7B,MAAM,aAAa,GAAG,MAAM,CAAC,MAAM,CAAC,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,kBAAkB,EAAE,CAAC,CAAC;AAEtF,qCAAqC;AACrC,MAAM,qBAAqB,GACzB,wFAAwF,CAAC;AAE3F,uEAAuE;AACvE,MAAM,4BAA4B,GAChC,0FAA0F,CAAC;AAW7F;;;;GAIG;AACH,MAAa,oBAAqB,SAAQ,kCAAe;IAAzD;;QACE,UAAK,GAAG,IAAI,mCAAe,EAAE,CAAC;IAyBhC,CAAC;IAvBC;;OAEG;IACH,KAAK,CAAC,QAAQ,CAAC,WAA8B;QAC3C,MAAM,aAAa,GAAG,WAAW,EAAE,mBAAmB,CAAC,cAAc,CAAC;QACtE,IAAI,CAAC,aAAa,EAAE;YAClB,MAAM,IAAI,uBAAe,CAAC,4BAA4B,CAAC,CAAC;SACzD;QACD,IAAI,KAAK,CAAC;QACV,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;QACjD,IAAI,KAAK,EAAE,OAAO,EAAE,EAAE;YACpB,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC;SACrB;aAAM;YACL,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,aAAa,CAAC,CAAC;YACtC,MAAM,QAAQ,GAAG,MAAM,iBAAiB,CAAC,aAAa,CAAC,CAAC;YACxD,IAAI,CAAC,qBAAqB,CAAC,QAAQ,CAAC,EAAE;gBACpC,MAAM,IAAI,uBAAe,CAAC,qBAAqB,CAAC,CAAC;aAClD;YACD,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,aAAa,EAAE,QAAQ,CAAC,CAAC;YAC7C,KAAK,GAAG,QAAQ,CAAC,YAAY,CAAC;SAC/B;QACD,OAAO,KAAK,CAAC;IACf,CAAC;CACF;AA1BD,oDA0BC;AAED;;GAEG;AACH,KAAK,UAAU,iBAAiB,CAAC,aAAqB;IACpD,MAAM,GAAG,GAAG,GAAG,cAAc,aAAa,aAAa,EAAE,CAAC;IAC1D,MAAM,IAAI,GAAG,MAAM,IAAA,eAAO,EAAC,GAAG,EAAE;QAC9B,IAAI,EAAE,IAAI;QACV,OAAO,EAAE,aAAa;KACvB,CAAC,CAAC;IACH,OAAO,IAAwB,CAAC;AAClC,CAAC;AAED;;;;GAIG;AACH,SAAS,qBAAqB,CAC5B,KAAc;IAEd,IAAI,KAAK,IAAI,IAAI,IAAI,OAAO,KAAK,KAAK,QAAQ;QAAE,OAAO,KAAK,CAAC;IAC7D,OAAO,cAAc,IAAI,KAAK,IAAI,YAAY,IAAI,KAAK,CAAC;AAC1D,CAAC"}

package/lib/cmap/auth/mongodb_oidc/azure_token_cache.js

@@ -1,49 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.AzureTokenCache = exports.AzureTokenEntry = void 0;
-const cache_1 = require("./cache");
-/** @internal */
-class AzureTokenEntry extends cache_1.ExpiringCacheEntry {
-    /**
-     * Instantiate the entry.
-     */
-    constructor(token, expiration) {
-        super(expiration);
-        this.token = token;
-    }
-}
-exports.AzureTokenEntry = AzureTokenEntry;
-/**
- * A cache of access tokens from Azure.
- * @internal
- */
-class AzureTokenCache extends cache_1.Cache {
-    /**
-     * Add an entry to the cache.
-     */
-    addEntry(tokenAudience, token) {
-        const entry = new AzureTokenEntry(token.access_token, token.expires_in);
-        this.entries.set(tokenAudience, entry);
-        return entry;
-    }
-    /**
-     * Create a cache key.
-     */
-    cacheKey(tokenAudience) {
-        return tokenAudience;
-    }
-    /**
-     * Delete an entry from the cache.
-     */
-    deleteEntry(tokenAudience) {
-        this.entries.delete(tokenAudience);
-    }
-    /**
-     * Get an Azure token entry from the cache.
-     */
-    getEntry(tokenAudience) {
-        return this.entries.get(tokenAudience);
-    }
-}
-exports.AzureTokenCache = AzureTokenCache;
-//# sourceMappingURL=azure_token_cache.js.map

package/lib/cmap/auth/mongodb_oidc/azure_token_cache.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"azure_token_cache.js","sourceRoot":"","sources":["../../../../src/cmap/auth/mongodb_oidc/azure_token_cache.ts"],"names":[],"mappings":";;;AACA,mCAAoD;AAEpD,gBAAgB;AAChB,MAAa,eAAgB,SAAQ,0BAAkB;IAGrD;;OAEG;IACH,YAAY,KAAa,EAAE,UAAkB;QAC3C,KAAK,CAAC,UAAU,CAAC,CAAC;QAClB,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;IACrB,CAAC;CACF;AAVD,0CAUC;AAED;;;GAGG;AACH,MAAa,eAAgB,SAAQ,aAAsB;IACzD;;OAEG;IACH,QAAQ,CAAC,aAAqB,EAAE,KAAuB;QACrD,MAAM,KAAK,GAAG,IAAI,eAAe,CAAC,KAAK,CAAC,YAAY,EAAE,KAAK,CAAC,UAAU,CAAC,CAAC;QACxE,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,aAAa,EAAE,KAAK,CAAC,CAAC;QACvC,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;OAEG;IACH,QAAQ,CAAC,aAAqB;QAC5B,OAAO,aAAa,CAAC;IACvB,CAAC;IAED;;OAEG;IACH,WAAW,CAAC,aAAqB;QAC/B,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;IACrC,CAAC;IAED;;OAEG;IACH,QAAQ,CAAC,aAAqB;QAC5B,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;IACzC,CAAC;CACF;AA9BD,0CA8BC"}

package/lib/cmap/auth/mongodb_oidc/cache.js

@@ -1,55 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.Cache = exports.ExpiringCacheEntry = void 0;
-/* 5 minutes in milliseconds */
-const EXPIRATION_BUFFER_MS = 300000;
-/**
- * An entry in a cache that can expire in a certain amount of time.
- */
-class ExpiringCacheEntry {
-    /**
-     * Create a new expiring token entry.
-     */
-    constructor(expiration) {
-        this.expiration = this.expirationTime(expiration);
-    }
-    /**
-     * The entry is still valid if the expiration is more than
-     * 5 minutes from the expiration time.
-     */
-    isValid() {
-        return this.expiration - Date.now() > EXPIRATION_BUFFER_MS;
-    }
-    /**
-     * Get an expiration time in milliseconds past epoch.
-     */
-    expirationTime(expiresInSeconds) {
-        return Date.now() + expiresInSeconds * 1000;
-    }
-}
-exports.ExpiringCacheEntry = ExpiringCacheEntry;
-/**
- * Base class for OIDC caches.
- */
-class Cache {
-    /**
-     * Create a new cache.
-     */
-    constructor() {
-        this.entries = new Map();
-    }
-    /**
-     * Clear the cache.
-     */
-    clear() {
-        this.entries.clear();
-    }
-    /**
-     * Create a cache key from the address and username.
-     */
-    hashedCacheKey(address, username, callbackHash) {
-        return JSON.stringify([address, username, callbackHash]);
-    }
-}
-exports.Cache = Cache;
-//# sourceMappingURL=cache.js.map

package/lib/cmap/auth/mongodb_oidc/cache.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"cache.js","sourceRoot":"","sources":["../../../../src/cmap/auth/mongodb_oidc/cache.ts"],"names":[],"mappings":";;;AAAA,+BAA+B;AAC/B,MAAM,oBAAoB,GAAG,MAAM,CAAC;AAEpC;;GAEG;AACH,MAAsB,kBAAkB;IAGtC;;OAEG;IACH,YAAY,UAAkB;QAC5B,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,cAAc,CAAC,UAAU,CAAC,CAAC;IACpD,CAAC;IACD;;;OAGG;IACH,OAAO;QACL,OAAO,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,oBAAoB,CAAC;IAC7D,CAAC;IAED;;OAEG;IACK,cAAc,CAAC,gBAAwB;QAC7C,OAAO,IAAI,CAAC,GAAG,EAAE,GAAG,gBAAgB,GAAG,IAAI,CAAC;IAC9C,CAAC;CACF;AAvBD,gDAuBC;AAED;;GAEG;AACH,MAAsB,KAAK;IAGzB;;OAEG;IACH;QACE,IAAI,CAAC,OAAO,GAAG,IAAI,GAAG,EAAa,CAAC;IACtC,CAAC;IAED;;OAEG;IACH,KAAK;QACH,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;IACvB,CAAC;IAOD;;OAEG;IACH,cAAc,CAAC,OAAe,EAAE,QAAgB,EAAE,YAAoB;QACpE,OAAO,IAAI,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE,QAAQ,EAAE,YAAY,CAAC,CAAC,CAAC;IAC3D,CAAC;CACF;AA5BD,sBA4BC"}

package/lib/cmap/auth/mongodb_oidc/callback_lock_cache.js

@@ -1,90 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.CallbackLockCache = void 0;
-const error_1 = require("../../../error");
-const cache_1 = require("./cache");
-/** Error message for when request callback is missing. */
-const REQUEST_CALLBACK_REQUIRED_ERROR = 'Auth mechanism property REQUEST_TOKEN_CALLBACK is required.';
-/* Counter for function "hashes".*/
-let FN_HASH_COUNTER = 0;
-/* No function present function */
-const NO_FUNCTION = async () => ({ accessToken: 'test' });
-/* The map of function hashes */
-const FN_HASHES = new WeakMap();
-/* Put the no function hash in the map. */
-FN_HASHES.set(NO_FUNCTION, FN_HASH_COUNTER);
-/**
- * A cache of request and refresh callbacks per server/user.
- */
-class CallbackLockCache extends cache_1.Cache {
-    /**
-     * Get the callbacks for the connection and credentials. If an entry does not
-     * exist a new one will get set.
-     */
-    getEntry(connection, credentials) {
-        const requestCallback = credentials.mechanismProperties.REQUEST_TOKEN_CALLBACK;
-        const refreshCallback = credentials.mechanismProperties.REFRESH_TOKEN_CALLBACK;
-        if (!requestCallback) {
-            throw new error_1.MongoInvalidArgumentError(REQUEST_CALLBACK_REQUIRED_ERROR);
-        }
-        const callbackHash = hashFunctions(requestCallback, refreshCallback);
-        const key = this.cacheKey(connection.address, credentials.username, callbackHash);
-        const entry = this.entries.get(key);
-        if (entry) {
-            return entry;
-        }
-        return this.addEntry(key, callbackHash, requestCallback, refreshCallback);
-    }
-    /**
-     * Set locked callbacks on for connection and credentials.
-     */
-    addEntry(key, callbackHash, requestCallback, refreshCallback) {
-        const entry = {
-            requestCallback: withLock(requestCallback),
-            refreshCallback: refreshCallback ? withLock(refreshCallback) : undefined,
-            callbackHash: callbackHash
-        };
-        this.entries.set(key, entry);
-        return entry;
-    }
-    /**
-     * Create a cache key from the address and username.
-     */
-    cacheKey(address, username, callbackHash) {
-        return this.hashedCacheKey(address, username, callbackHash);
-    }
-}
-exports.CallbackLockCache = CallbackLockCache;
-/**
- * Ensure the callback is only executed one at a time.
- */
-function withLock(callback) {
-    let lock = Promise.resolve();
-    return async (info, context) => {
-        await lock;
-        // eslint-disable-next-line github/no-then
-        lock = lock.then(() => callback(info, context));
-        return await lock;
-    };
-}
-/**
- * Get the hash string for the request and refresh functions.
- */
-function hashFunctions(requestFn, refreshFn) {
-    let requestHash = FN_HASHES.get(requestFn);
-    let refreshHash = FN_HASHES.get(refreshFn ?? NO_FUNCTION);
-    if (requestHash == null) {
-        // Create a new one for the function and put it in the map.
-        FN_HASH_COUNTER++;
-        requestHash = FN_HASH_COUNTER;
-        FN_HASHES.set(requestFn, FN_HASH_COUNTER);
-    }
-    if (refreshHash == null && refreshFn) {
-        // Create a new one for the function and put it in the map.
-        FN_HASH_COUNTER++;
-        refreshHash = FN_HASH_COUNTER;
-        FN_HASHES.set(refreshFn, FN_HASH_COUNTER);
-    }
-    return `${requestHash}-${refreshHash}`;
-}
-//# sourceMappingURL=callback_lock_cache.js.map

package/lib/cmap/auth/mongodb_oidc/callback_lock_cache.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"callback_lock_cache.js","sourceRoot":"","sources":["../../../../src/cmap/auth/mongodb_oidc/callback_lock_cache.ts"],"names":[],"mappings":";;;AAAA,0CAA2D;AAU3D,mCAAgC;AAEhC,0DAA0D;AAC1D,MAAM,+BAA+B,GACnC,6DAA6D,CAAC;AAChE,mCAAmC;AACnC,IAAI,eAAe,GAAG,CAAC,CAAC;AACxB,kCAAkC;AAClC,MAAM,WAAW,GAAwB,KAAK,IAAI,EAAE,CAAC,CAAC,EAAE,WAAW,EAAE,MAAM,EAAE,CAAC,CAAC;AAC/E,gCAAgC;AAChC,MAAM,SAAS,GAAG,IAAI,OAAO,EAAqD,CAAC;AACnF,0CAA0C;AAC1C,SAAS,CAAC,GAAG,CAAC,WAAW,EAAE,eAAe,CAAC,CAAC;AAW5C;;GAEG;AACH,MAAa,iBAAkB,SAAQ,aAAqB;IAC1D;;;OAGG;IACH,QAAQ,CAAC,UAAsB,EAAE,WAA6B;QAC5D,MAAM,eAAe,GAAG,WAAW,CAAC,mBAAmB,CAAC,sBAAsB,CAAC;QAC/E,MAAM,eAAe,GAAG,WAAW,CAAC,mBAAmB,CAAC,sBAAsB,CAAC;QAC/E,IAAI,CAAC,eAAe,EAAE;YACpB,MAAM,IAAI,iCAAyB,CAAC,+BAA+B,CAAC,CAAC;SACtE;QACD,MAAM,YAAY,GAAG,aAAa,CAAC,eAAe,EAAE,eAAe,CAAC,CAAC;QACrE,MAAM,GAAG,GAAG,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,OAAO,EAAE,WAAW,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;QAClF,MAAM,KAAK,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACpC,IAAI,KAAK,EAAE;YACT,OAAO,KAAK,CAAC;SACd;QACD,OAAO,IAAI,CAAC,QAAQ,CAAC,GAAG,EAAE,YAAY,EAAE,eAAe,EAAE,eAAe,CAAC,CAAC;IAC5E,CAAC;IAED;;OAEG;IACK,QAAQ,CACd,GAAW,EACX,YAAoB,EACpB,eAAoC,EACpC,eAAqC;QAErC,MAAM,KAAK,GAAG;YACZ,eAAe,EAAE,QAAQ,CAAC,eAAe,CAAC;YAC1C,eAAe,EAAE,eAAe,CAAC,CAAC,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,SAAS;YACxE,YAAY,EAAE,YAAY;SAC3B,CAAC;QACF,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;QAC7B,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;OAEG;IACH,QAAQ,CAAC,OAAe,EAAE,QAAgB,EAAE,YAAoB;QAC9D,OAAO,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE,QAAQ,EAAE,YAAY,CAAC,CAAC;IAC9D,CAAC;CACF;AA5CD,8CA4CC;AAED;;GAEG;AACH,SAAS,QAAQ,CAAC,QAAmD;IACnE,IAAI,IAAI,GAAiB,OAAO,CAAC,OAAO,EAAE,CAAC;IAC3C,OAAO,KAAK,EAAE,IAAmB,EAAE,OAA4B,EAA8B,EAAE;QAC7F,MAAM,IAAI,CAAC;QACX,0CAA0C;QAC1C,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC,CAAC;QAChD,OAAO,MAAM,IAAI,CAAC;IACpB,CAAC,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,aAAa,CAAC,SAA8B,EAAE,SAA+B;IACpF,IAAI,WAAW,GAAG,SAAS,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;IAC3C,IAAI,WAAW,GAAG,SAAS,CAAC,GAAG,CAAC,SAAS,IAAI,WAAW,CAAC,CAAC;IAC1D,IAAI,WAAW,IAAI,IAAI,EAAE;QACvB,2DAA2D;QAC3D,eAAe,EAAE,CAAC;QAClB,WAAW,GAAG,eAAe,CAAC;QAC9B,SAAS,CAAC,GAAG,CAAC,SAAS,EAAE,eAAe,CAAC,CAAC;KAC3C;IACD,IAAI,WAAW,IAAI,IAAI,IAAI,SAAS,EAAE;QACpC,2DAA2D;QAC3D,eAAe,EAAE,CAAC;QAClB,WAAW,GAAG,eAAe,CAAC;QAC9B,SAAS,CAAC,GAAG,CAAC,SAAS,EAAE,eAAe,CAAC,CAAC;KAC3C;IACD,OAAO,GAAG,WAAW,IAAI,WAAW,EAAE,CAAC;AACzC,CAAC"}

package/lib/cmap/auth/mongodb_oidc/service_workflow.js

@@ -1,43 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.commandDocument = exports.ServiceWorkflow = void 0;
-const bson_1 = require("bson");
-const utils_1 = require("../../../utils");
-const providers_1 = require("../providers");
-/**
- * Common behaviour for OIDC device workflows.
- * @internal
- */
-class ServiceWorkflow {
-    /**
-     * Execute the workflow. Looks for AWS_WEB_IDENTITY_TOKEN_FILE in the environment
-     * and then attempts to read the token from that path.
-     */
-    async execute(connection, credentials) {
-        const token = await this.getToken(credentials);
-        const command = commandDocument(token);
-        return await connection.command((0, utils_1.ns)(credentials.source), command, undefined);
-    }
-    /**
-     * Get the document to add for speculative authentication.
-     */
-    async speculativeAuth(credentials) {
-        const token = await this.getToken(credentials);
-        const document = commandDocument(token);
-        document.db = credentials.source;
-        return { speculativeAuthenticate: document };
-    }
-}
-exports.ServiceWorkflow = ServiceWorkflow;
-/**
- * Create the saslStart command document.
- */
-function commandDocument(token) {
-    return {
-        saslStart: 1,
-        mechanism: providers_1.AuthMechanism.MONGODB_OIDC,
-        payload: bson_1.BSON.serialize({ jwt: token })
-    };
-}
-exports.commandDocument = commandDocument;
-//# sourceMappingURL=service_workflow.js.map

package/lib/cmap/auth/mongodb_oidc/service_workflow.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"service_workflow.js","sourceRoot":"","sources":["../../../../src/cmap/auth/mongodb_oidc/service_workflow.ts"],"names":[],"mappings":";;;AAAA,+BAA2C;AAE3C,0CAAoC;AAIpC,4CAA6C;AAE7C;;;GAGG;AACH,MAAsB,eAAe;IACnC;;;OAGG;IACH,KAAK,CAAC,OAAO,CAAC,UAAsB,EAAE,WAA6B;QACjE,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;QAC/C,MAAM,OAAO,GAAG,eAAe,CAAC,KAAK,CAAC,CAAC;QACvC,OAAO,MAAM,UAAU,CAAC,OAAO,CAAC,IAAA,UAAE,EAAC,WAAW,CAAC,MAAM,CAAC,EAAE,OAAO,EAAE,SAAS,CAAC,CAAC;IAC9E,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,eAAe,CAAC,WAA6B;QACjD,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;QAC/C,MAAM,QAAQ,GAAG,eAAe,CAAC,KAAK,CAAC,CAAC;QACxC,QAAQ,CAAC,EAAE,GAAG,WAAW,CAAC,MAAM,CAAC;QACjC,OAAO,EAAE,uBAAuB,EAAE,QAAQ,EAAE,CAAC;IAC/C,CAAC;CAMF;AAzBD,0CAyBC;AAED;;GAEG;AACH,SAAgB,eAAe,CAAC,KAAa;IAC3C,OAAO;QACL,SAAS,EAAE,CAAC;QACZ,SAAS,EAAE,yBAAa,CAAC,YAAY;QACrC,OAAO,EAAE,WAAI,CAAC,SAAS,CAAC,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC;KACxC,CAAC;AACJ,CAAC;AAND,0CAMC"}

package/lib/cmap/auth/mongodb_oidc/token_entry_cache.js

@@ -1,62 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.TokenEntryCache = exports.TokenEntry = void 0;
-const cache_1 = require("./cache");
-/* Default expiration is now for when no expiration provided */
-const DEFAULT_EXPIRATION_SECS = 0;
-/** @internal */
-class TokenEntry extends cache_1.ExpiringCacheEntry {
-    /**
-     * Instantiate the entry.
-     */
-    constructor(tokenResult, serverInfo, expiration) {
-        super(expiration);
-        this.tokenResult = tokenResult;
-        this.serverInfo = serverInfo;
-    }
-}
-exports.TokenEntry = TokenEntry;
-/**
- * Cache of OIDC token entries.
- * @internal
- */
-class TokenEntryCache extends cache_1.Cache {
-    /**
-     * Set an entry in the token cache.
-     */
-    addEntry(address, username, callbackHash, tokenResult, serverInfo) {
-        const entry = new TokenEntry(tokenResult, serverInfo, tokenResult.expiresInSeconds ?? DEFAULT_EXPIRATION_SECS);
-        this.entries.set(this.cacheKey(address, username, callbackHash), entry);
-        return entry;
-    }
-    /**
-     * Delete an entry from the cache.
-     */
-    deleteEntry(address, username, callbackHash) {
-        this.entries.delete(this.cacheKey(address, username, callbackHash));
-    }
-    /**
-     * Get an entry from the cache.
-     */
-    getEntry(address, username, callbackHash) {
-        return this.entries.get(this.cacheKey(address, username, callbackHash));
-    }
-    /**
-     * Delete all expired entries from the cache.
-     */
-    deleteExpiredEntries() {
-        for (const [key, entry] of this.entries) {
-            if (!entry.isValid()) {
-                this.entries.delete(key);
-            }
-        }
-    }
-    /**
-     * Create a cache key from the address and username.
-     */
-    cacheKey(address, username, callbackHash) {
-        return this.hashedCacheKey(address, username, callbackHash);
-    }
-}
-exports.TokenEntryCache = TokenEntryCache;
-//# sourceMappingURL=token_entry_cache.js.map