npm - rxdb-server - Versions diffs - 17.1.0 → 17.2.0 - Mend

rxdb-server 17.1.0 → 17.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (53) hide show

package/dist/esm/plugins/adapter-express/index.js CHANGED Viewed

@@ -9,8 +9,17 @@ export var RxServerAdapterExpress = {
     return app;
   },
   setCors(serverApp, path, cors) {
+    /**
+     * Per the CORS spec, `Access-Control-Allow-Origin: *` cannot be combined
+     * with `Access-Control-Allow-Credentials: true` - browsers reject such
+     * responses on credentialed requests. When the caller opted into the
+     * '*' default, reflect the request origin back instead (via `origin: true`),
+     * which keeps the "allow from anywhere" semantics while staying compatible
+     * with credentials.
+     */
+    var originOption = cors === '*' ? true : cors;
     serverApp.use('/' + path + '/*splat', expressCors({
-      origin: cors,
+      origin: originOption,
       // some legacy browsers (IE11, various SmartTVs) choke on 204
       optionsSuccessStatus: 200,
       credentials: true

package/dist/esm/plugins/adapter-express/index.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.js","names":["express","expressCors","ensureNotFalsy","getFromMapOrThrow","HTTP_SERVER_BY_EXPRESS","WeakMap","RxServerAdapterExpress","create","app","use","json","setCors","serverApp","path","cors","origin","optionsSuccessStatus","credentials","getRequestBody","req","body","getRequestHeaders","headers","getRequestQuery","query","onRequestClose","fn","on","setResponseHeader","res","k","v","setHeader","responseWrite","data","write","endResponseJson","endResponse","end","closeConnection","response","code","message","error","status","set","JSON","stringify","setSSEHeaders","writeHead","flushHeaders","get","handler","post","all","listen","port","hostname","httpServer","Promise","rej","ret","close","err","setImmediate","emit","closeAllConnections"],"sources":["../../../../src/plugins/adapter-express/index.ts"],"sourcesContent":["import type { RxServerAdapter } from '../server/types';\nimport type { Express } from 'express';\nimport express, { Request, Response } from 'express';\nimport {\n Server as HttpServer\n} from 'http';\nimport expressCors from 'cors';\nimport { ensureNotFalsy, getFromMapOrThrow } from 'rxdb/plugins/core';\n\nexport const HTTP_SERVER_BY_EXPRESS = new WeakMap<Express, HttpServer>();\n\nexport const RxServerAdapterExpress: RxServerAdapter<Express, Request, Response> = {\n async create() {\n const app = express();\n app.use(express.json());\n return app;\n },\n setCors(serverApp, path, cors) {\n serverApp.use('/' + path + '/splat', expressCors({\n origin: ~~cors~~,\n // some legacy browsers (IE11, various SmartTVs) choke on 204\n optionsSuccessStatus: 200,\n credentials: true\n }));\n },\n\n getRequestBody(req: Request) {\n return req.body;\n },\n getRequestHeaders(req: Request) {\n return req.headers as any;\n },\n getRequestQuery(req: Request) {\n return req.query;\n },\n onRequestClose(req: Request, fn) {\n req.on('close', () => {\n fn();\n });\n },\n\n setResponseHeader(res: Response, k: string, v: string) {\n res.setHeader(k, v);\n },\n responseWrite(res: Response, data: string) {\n res.write(data);\n },\n endResponseJson(res: Response, data: any) {\n res.json(data);\n },\n endResponse(res: Response) {\n res.end();\n },\n async closeConnection(response: Response, code: number, message: string) {\n const responseWrite = {\n code,\n error: true,\n message\n };\n response.status(code);\n response.set(\"Connection\", \"close\");\n await response.write(JSON.stringify(responseWrite));\n response.end();\n },\n setSSEHeaders(res: Response) {\n res.writeHead(200, {\n /\n Use exact these headers to make is less likely\n * for people to have problems.\n * @link https://www.youtube.com/watch?v=0PcMuYGJPzM\n /\n 'Content-Type': 'text/event-stream; charset=utf-8',\n 'Connection': 'keep-alive',\n 'Cache-Control': 'no-cache',\n\n /\n @link https://github.com/pubkey/rxdb-server/pull/58\n /\n 'access-control-allow-credentials': 'true',\n\n /\n Required for nginx\n * @link https://stackoverflow.com/q/61029079/3443137\n /\n 'X-Accel-Buffering': 'no'\n });\n res.flushHeaders();\n },\n\n get(serverApp, path, handler) {\n serverApp.get(path, handler);\n },\n post(serverApp, path, handler) {\n serverApp.post(path, handler);\n },\n all(serverApp, path, handler) {\n serverApp.all(path, handler);\n },\n async listen(serverApp, port, hostname) {\n const httpServer: HttpServer = await new Promise((res, rej) => {\n const ret = ensureNotFalsy(serverApp).listen(port, hostname, () => {\n res(ret);\n });\n });\n HTTP_SERVER_BY_EXPRESS.set(serverApp, httpServer);\n },\n async close(serverApp) {\n const httpServer = getFromMapOrThrow(HTTP_SERVER_BY_EXPRESS, serverApp);\n await new Promise<void>((res, rej) => {\n httpServer.close((err) => {\n if (err) { rej(err); } else { res(); }\n });\n /\n By default it will await all ongoing connections\n * before it closes. So we have to close it directly.\n * @link https://stackoverflow.com/a/36830072/3443137\n */\n setImmediate(() => httpServer.emit('close'));\n });\n },\n async closeAllConnections(serverApp) {\n const httpServer = HTTP_SERVER_BY_EXPRESS.get(serverApp);\n if (httpServer) {\n await httpServer.closeAllConnections();\n }\n }\n};\n"],"mappings":"AAEA,OAAOA,OAAO,MAA6B,SAAS;AAIpD,OAAOC,WAAW,MAAM,MAAM;AAC9B,SAASC,cAAc,EAAEC,iBAAiB,QAAQ,mBAAmB;AAErE,OAAO,IAAMC,sBAAsB,GAAG,IAAIC,OAAO,CAAsB,CAAC;AAExE,OAAO,IAAMC,sBAAmE,GAAG;EAC/E,MAAMC,MAAMA,CAAA,EAAG;IACX,IAAMC,GAAG,GAAGR,OAAO,CAAC,CAAC;IACrBQ,GAAG,CAACC,GAAG,CAACT,OAAO,CAACU,IAAI,CAAC,CAAC,CAAC;IACvB,OAAOF,GAAG;EACd,CAAC;EACDG,OAAOA,CAACC,SAAS,EAAEC,IAAI,EAAEC,IAAI,EAAE;~~IAC3BF~~,SAAS,CAACH,GAAG,CAAC,GAAG,GAAGI,IAAI,GAAG,SAAS,EAAEZ,WAAW,CAAC;~~MAC9Cc~~,MAAM,EAAED,~~IAAI~~;~~MACZ~~;MACAE,oBAAoB,EAAE,GAAG;MACzBC,WAAW,EAAE;IACjB,CAAC,CAAC,CAAC;EACP,CAAC;EAEDC,cAAcA,CAACC,GAAY,EAAE;IACzB,OAAOA,GAAG,CAACC,IAAI;EACnB,CAAC;EACDC,iBAAiBA,CAACF,GAAY,EAAE;IAC5B,OAAOA,GAAG,CAACG,OAAO;EACtB,CAAC;EACDC,eAAeA,CAACJ,GAAY,EAAE;IAC1B,OAAOA,GAAG,CAACK,KAAK;EACpB,CAAC;EACDC,cAAcA,CAACN,GAAY,EAAEO,EAAE,EAAE;IAC7BP,GAAG,CAACQ,EAAE,CAAC,OAAO,EAAE,MAAM;MAClBD,EAAE,CAAC,CAAC;IACR,CAAC,CAAC;EACN,CAAC;EAEDE,iBAAiBA,CAACC,GAAa,EAAEC,CAAS,EAAEC,CAAS,EAAE;IACnDF,GAAG,CAACG,SAAS,CAACF,CAAC,EAAEC,CAAC,CAAC;EACvB,CAAC;EACDE,aAAaA,CAACJ,GAAa,EAAEK,IAAY,EAAE;IACvCL,GAAG,CAACM,KAAK,CAACD,IAAI,CAAC;EACnB,CAAC;EACDE,eAAeA,CAACP,GAAa,EAAEK,IAAS,EAAE;IACtCL,GAAG,~~CAACnB~~,IAAI,~~CAACwB~~,IAAI,CAAC;EAClB,CAAC;EACDG,WAAWA,CAACR,GAAa,EAAE;IACvBA,GAAG,CAACS,GAAG,CAAC,CAAC;EACb,CAAC;EACD,MAAMC,eAAeA,CAACC,QAAkB,EAAEC,IAAY,EAAEC,OAAe,EAAE;IACrE,IAAMT,aAAa,GAAG;MAClBQ,IAAI;MACJE,KAAK,EAAE,IAAI;MACXD;IACJ,CAAC;IACDF,QAAQ,CAACI,MAAM,CAACH,IAAI,CAAC;IACrBD,QAAQ,CAACK,GAAG,CAAC,YAAY,EAAE,OAAO,CAAC;IACnC,MAAML,QAAQ,CAACL,KAAK,CAACW,IAAI,CAACC,SAAS,CAACd,aAAa,CAAC,CAAC;IACnDO,QAAQ,CAACF,GAAG,CAAC,CAAC;EAClB,CAAC;EACDU,aAAaA,CAACnB,GAAa,EAAE;IACzBA,GAAG,CAACoB,SAAS,CAAC,GAAG,EAAE;MACf;AACZ;AACA;AACA;AACA;MACY,cAAc,EAAE,kCAAkC;MAClD,YAAY,EAAE,YAAY;MAC1B,eAAe,EAAE,UAAU;MAE3B;AACZ;AACA;MACY,kCAAkC,EAAE,MAAM;MAE1C;AACZ;AACA;AACA;MACY,mBAAmB,EAAE;IACzB,CAAC,CAAC;IACFpB,GAAG,CAACqB,YAAY,CAAC,CAAC;EACtB,CAAC;EAEDC,GAAGA,~~CAACvC~~,SAAS,EAAEC,IAAI,~~EAAEuC~~,OAAO,EAAE;~~IAC1BxC~~,SAAS,~~CAACuC~~,GAAG,~~CAACtC~~,IAAI,~~EAAEuC~~,OAAO,CAAC;EAChC,CAAC;EACDC,IAAIA,~~CAACzC~~,SAAS,EAAEC,IAAI,~~EAAEuC~~,OAAO,EAAE;~~IAC3BxC~~,SAAS,~~CAACyC~~,IAAI,~~CAACxC~~,IAAI,~~EAAEuC~~,OAAO,CAAC;EACjC,CAAC;EACDE,GAAGA,~~CAAC1C~~,SAAS,EAAEC,IAAI,~~EAAEuC~~,OAAO,EAAE;~~IAC1BxC~~,SAAS,~~CAAC0C~~,GAAG,~~CAACzC~~,IAAI,~~EAAEuC~~,OAAO,CAAC;EAChC,CAAC;EACD,MAAMG,MAAMA,~~CAAC3C~~,SAAS,~~EAAE4C~~,IAAI,EAAEC,QAAQ,EAAE;IACpC,IAAMC,UAAsB,GAAG,MAAM,IAAIC,OAAO,CAAC,CAAC9B,GAAG,EAAE+B,GAAG,KAAK;MAC3D,IAAMC,GAAG,~~GAAG3D~~,cAAc,CAACU,SAAS,CAAC,~~CAAC2C~~,MAAM,CAACC,IAAI,EAAEC,QAAQ,EAAE,MAAM;QAC/D5B,GAAG,CAACgC,GAAG,CAAC;MACZ,CAAC,CAAC;IACN,CAAC,CAAC;~~IACFzD~~,sBAAsB,~~CAACyC~~,GAAG,~~CAACjC~~,SAAS,~~EAAE8C~~,UAAU,CAAC;EACrD,CAAC;EACD,MAAMI,KAAKA,~~CAAClD~~,SAAS,EAAE;IACnB,~~IAAM8C~~,UAAU,~~GAAGvD~~,iBAAiB,CAACC,sBAAsB,EAAEQ,SAAS,CAAC;IACvE,MAAM,~~IAAI+C~~,OAAO,CAAO,CAAC9B,GAAG,EAAE+B,GAAG,KAAK;MAClCF,UAAU,CAACI,KAAK,CAAEC,GAAG,IAAK;QACtB,IAAIA,GAAG,EAAE;UAAEH,GAAG,CAACG,GAAG,CAAC;QAAE,CAAC,MAAM;UAAElC,GAAG,CAAC,CAAC;QAAE;MACzC,CAAC,CAAC;MACF;AACZ;AACA;AACA;AACA;MACYmC,YAAY,CAAC,MAAMN,UAAU,CAACO,IAAI,CAAC,OAAO,CAAC,CAAC;IAChD,CAAC,CAAC;EACN,CAAC;EACD,MAAMC,mBAAmBA,~~CAACtD~~,SAAS,EAAE;IACjC,~~IAAM8C~~,UAAU,~~GAAGtD~~,sBAAsB,~~CAAC+C~~,GAAG,~~CAACvC~~,SAAS,CAAC;IACxD,~~IAAI8C~~,UAAU,EAAE;MACZ,MAAMA,UAAU,CAACQ,mBAAmB,CAAC,CAAC;IAC1C;EACJ;AACJ,CAAC","ignoreList":[]}
1	+ {"version":3,"file":"index.js","names":["express","expressCors","ensureNotFalsy","getFromMapOrThrow","HTTP_SERVER_BY_EXPRESS","WeakMap","RxServerAdapterExpress","create","app","use","json","setCors","serverApp","path","cors","originOption","origin","optionsSuccessStatus","credentials","getRequestBody","req","body","getRequestHeaders","headers","getRequestQuery","query","onRequestClose","fn","on","setResponseHeader","res","k","v","setHeader","responseWrite","data","write","endResponseJson","endResponse","end","closeConnection","response","code","message","error","status","set","JSON","stringify","setSSEHeaders","writeHead","flushHeaders","get","handler","post","all","listen","port","hostname","httpServer","Promise","rej","ret","close","err","setImmediate","emit","closeAllConnections"],"sources":["../../../../src/plugins/adapter-express/index.ts"],"sourcesContent":["import type { RxServerAdapter } from '../server/types';\nimport type { Express } from 'express';\nimport express, { Request, Response } from 'express';\nimport {\n Server as HttpServer\n} from 'http';\nimport expressCors from 'cors';\nimport { ensureNotFalsy, getFromMapOrThrow } from 'rxdb/plugins/core';\n\nexport const HTTP_SERVER_BY_EXPRESS = new WeakMap<Express, HttpServer>();\n\nexport const RxServerAdapterExpress: RxServerAdapter<Express, Request, Response> = {\n async create() {\n const app = express();\n app.use(express.json());\n return app;\n },\n setCors(serverApp, path, cors) {\n /*\n Per the CORS spec, `Access-Control-Allow-Origin: ` cannot be combined\n with `Access-Control-Allow-Credentials: true` - browsers reject such\n * responses on credentialed requests. When the caller opted into the\n * '' default, reflect the request origin back instead (via `origin: true`),\n which keeps the \"allow from anywhere\" semantics while staying compatible\n * with credentials.\n /\n const originOption: expressCors.CorsOptions['origin'] = cors === '' ? true : cors;\n serverApp.use('/' + path + '/splat', expressCors({\n origin: originOption,\n // some legacy browsers (IE11, various SmartTVs) choke on 204\n optionsSuccessStatus: 200,\n credentials: true\n }));\n },\n\n getRequestBody(req: Request) {\n return req.body;\n },\n getRequestHeaders(req: Request) {\n return req.headers as any;\n },\n getRequestQuery(req: Request) {\n return req.query;\n },\n onRequestClose(req: Request, fn) {\n req.on('close', () => {\n fn();\n });\n },\n\n setResponseHeader(res: Response, k: string, v: string) {\n res.setHeader(k, v);\n },\n responseWrite(res: Response, data: string) {\n res.write(data);\n },\n endResponseJson(res: Response, data: any) {\n res.json(data);\n },\n endResponse(res: Response) {\n res.end();\n },\n async closeConnection(response: Response, code: number, message: string) {\n const responseWrite = {\n code,\n error: true,\n message\n };\n response.status(code);\n response.set(\"Connection\", \"close\");\n await response.write(JSON.stringify(responseWrite));\n response.end();\n },\n setSSEHeaders(res: Response) {\n res.writeHead(200, {\n /\n Use exact these headers to make is less likely\n * for people to have problems.\n * @link https://www.youtube.com/watch?v=0PcMuYGJPzM\n /\n 'Content-Type': 'text/event-stream; charset=utf-8',\n 'Connection': 'keep-alive',\n 'Cache-Control': 'no-cache',\n\n /\n @link https://github.com/pubkey/rxdb-server/pull/58\n /\n 'access-control-allow-credentials': 'true',\n\n /\n Required for nginx\n * @link https://stackoverflow.com/q/61029079/3443137\n /\n 'X-Accel-Buffering': 'no'\n });\n res.flushHeaders();\n },\n\n get(serverApp, path, handler) {\n serverApp.get(path, handler);\n },\n post(serverApp, path, handler) {\n serverApp.post(path, handler);\n },\n all(serverApp, path, handler) {\n serverApp.all(path, handler);\n },\n async listen(serverApp, port, hostname) {\n const httpServer: HttpServer = await new Promise((res, rej) => {\n const ret = ensureNotFalsy(serverApp).listen(port, hostname, () => {\n res(ret);\n });\n });\n HTTP_SERVER_BY_EXPRESS.set(serverApp, httpServer);\n },\n async close(serverApp) {\n const httpServer = getFromMapOrThrow(HTTP_SERVER_BY_EXPRESS, serverApp);\n await new Promise<void>((res, rej) => {\n httpServer.close((err) => {\n if (err) { rej(err); } else { res(); }\n });\n /\n By default it will await all ongoing connections\n * before it closes. So we have to close it directly.\n * @link https://stackoverflow.com/a/36830072/3443137\n */\n setImmediate(() => httpServer.emit('close'));\n });\n },\n async closeAllConnections(serverApp) {\n const httpServer = HTTP_SERVER_BY_EXPRESS.get(serverApp);\n if (httpServer) {\n await httpServer.closeAllConnections();\n }\n }\n};\n"],"mappings":"AAEA,OAAOA,OAAO,MAA6B,SAAS;AAIpD,OAAOC,WAAW,MAAM,MAAM;AAC9B,SAASC,cAAc,EAAEC,iBAAiB,QAAQ,mBAAmB;AAErE,OAAO,IAAMC,sBAAsB,GAAG,IAAIC,OAAO,CAAsB,CAAC;AAExE,OAAO,IAAMC,sBAAmE,GAAG;EAC/E,MAAMC,MAAMA,CAAA,EAAG;IACX,IAAMC,GAAG,GAAGR,OAAO,CAAC,CAAC;IACrBQ,GAAG,CAACC,GAAG,CAACT,OAAO,CAACU,IAAI,CAAC,CAAC,CAAC;IACvB,OAAOF,GAAG;EACd,CAAC;EACDG,OAAOA,CAACC,SAAS,EAAEC,IAAI,EAAEC,IAAI,EAAE;IAC3B;AACR;AACA;AACA;AACA;AACA;AACA;AACA;IACQ,IAAMC,YAA+C,GAAGD,IAAI,KAAK,GAAG,GAAG,IAAI,GAAGA,IAAI;IAClFF,SAAS,CAACH,GAAG,CAAC,GAAG,GAAGI,IAAI,GAAG,SAAS,EAAEZ,WAAW,CAAC;MAC9Ce,MAAM,EAAED,YAAY;MACpB;MACAE,oBAAoB,EAAE,GAAG;MACzBC,WAAW,EAAE;IACjB,CAAC,CAAC,CAAC;EACP,CAAC;EAEDC,cAAcA,CAACC,GAAY,EAAE;IACzB,OAAOA,GAAG,CAACC,IAAI;EACnB,CAAC;EACDC,iBAAiBA,CAACF,GAAY,EAAE;IAC5B,OAAOA,GAAG,CAACG,OAAO;EACtB,CAAC;EACDC,eAAeA,CAACJ,GAAY,EAAE;IAC1B,OAAOA,GAAG,CAACK,KAAK;EACpB,CAAC;EACDC,cAAcA,CAACN,GAAY,EAAEO,EAAE,EAAE;IAC7BP,GAAG,CAACQ,EAAE,CAAC,OAAO,EAAE,MAAM;MAClBD,EAAE,CAAC,CAAC;IACR,CAAC,CAAC;EACN,CAAC;EAEDE,iBAAiBA,CAACC,GAAa,EAAEC,CAAS,EAAEC,CAAS,EAAE;IACnDF,GAAG,CAACG,SAAS,CAACF,CAAC,EAAEC,CAAC,CAAC;EACvB,CAAC;EACDE,aAAaA,CAACJ,GAAa,EAAEK,IAAY,EAAE;IACvCL,GAAG,CAACM,KAAK,CAACD,IAAI,CAAC;EACnB,CAAC;EACDE,eAAeA,CAACP,GAAa,EAAEK,IAAS,EAAE;IACtCL,GAAG,CAACpB,IAAI,CAACyB,IAAI,CAAC;EAClB,CAAC;EACDG,WAAWA,CAACR,GAAa,EAAE;IACvBA,GAAG,CAACS,GAAG,CAAC,CAAC;EACb,CAAC;EACD,MAAMC,eAAeA,CAACC,QAAkB,EAAEC,IAAY,EAAEC,OAAe,EAAE;IACrE,IAAMT,aAAa,GAAG;MAClBQ,IAAI;MACJE,KAAK,EAAE,IAAI;MACXD;IACJ,CAAC;IACDF,QAAQ,CAACI,MAAM,CAACH,IAAI,CAAC;IACrBD,QAAQ,CAACK,GAAG,CAAC,YAAY,EAAE,OAAO,CAAC;IACnC,MAAML,QAAQ,CAACL,KAAK,CAACW,IAAI,CAACC,SAAS,CAACd,aAAa,CAAC,CAAC;IACnDO,QAAQ,CAACF,GAAG,CAAC,CAAC;EAClB,CAAC;EACDU,aAAaA,CAACnB,GAAa,EAAE;IACzBA,GAAG,CAACoB,SAAS,CAAC,GAAG,EAAE;MACf;AACZ;AACA;AACA;AACA;MACY,cAAc,EAAE,kCAAkC;MAClD,YAAY,EAAE,YAAY;MAC1B,eAAe,EAAE,UAAU;MAE3B;AACZ;AACA;MACY,kCAAkC,EAAE,MAAM;MAE1C;AACZ;AACA;AACA;MACY,mBAAmB,EAAE;IACzB,CAAC,CAAC;IACFpB,GAAG,CAACqB,YAAY,CAAC,CAAC;EACtB,CAAC;EAEDC,GAAGA,CAACxC,SAAS,EAAEC,IAAI,EAAEwC,OAAO,EAAE;IAC1BzC,SAAS,CAACwC,GAAG,CAACvC,IAAI,EAAEwC,OAAO,CAAC;EAChC,CAAC;EACDC,IAAIA,CAAC1C,SAAS,EAAEC,IAAI,EAAEwC,OAAO,EAAE;IAC3BzC,SAAS,CAAC0C,IAAI,CAACzC,IAAI,EAAEwC,OAAO,CAAC;EACjC,CAAC;EACDE,GAAGA,CAAC3C,SAAS,EAAEC,IAAI,EAAEwC,OAAO,EAAE;IAC1BzC,SAAS,CAAC2C,GAAG,CAAC1C,IAAI,EAAEwC,OAAO,CAAC;EAChC,CAAC;EACD,MAAMG,MAAMA,CAAC5C,SAAS,EAAE6C,IAAI,EAAEC,QAAQ,EAAE;IACpC,IAAMC,UAAsB,GAAG,MAAM,IAAIC,OAAO,CAAC,CAAC9B,GAAG,EAAE+B,GAAG,KAAK;MAC3D,IAAMC,GAAG,GAAG5D,cAAc,CAACU,SAAS,CAAC,CAAC4C,MAAM,CAACC,IAAI,EAAEC,QAAQ,EAAE,MAAM;QAC/D5B,GAAG,CAACgC,GAAG,CAAC;MACZ,CAAC,CAAC;IACN,CAAC,CAAC;IACF1D,sBAAsB,CAAC0C,GAAG,CAAClC,SAAS,EAAE+C,UAAU,CAAC;EACrD,CAAC;EACD,MAAMI,KAAKA,CAACnD,SAAS,EAAE;IACnB,IAAM+C,UAAU,GAAGxD,iBAAiB,CAACC,sBAAsB,EAAEQ,SAAS,CAAC;IACvE,MAAM,IAAIgD,OAAO,CAAO,CAAC9B,GAAG,EAAE+B,GAAG,KAAK;MAClCF,UAAU,CAACI,KAAK,CAAEC,GAAG,IAAK;QACtB,IAAIA,GAAG,EAAE;UAAEH,GAAG,CAACG,GAAG,CAAC;QAAE,CAAC,MAAM;UAAElC,GAAG,CAAC,CAAC;QAAE;MACzC,CAAC,CAAC;MACF;AACZ;AACA;AACA;AACA;MACYmC,YAAY,CAAC,MAAMN,UAAU,CAACO,IAAI,CAAC,OAAO,CAAC,CAAC;IAChD,CAAC,CAAC;EACN,CAAC;EACD,MAAMC,mBAAmBA,CAACvD,SAAS,EAAE;IACjC,IAAM+C,UAAU,GAAGvD,sBAAsB,CAACgD,GAAG,CAACxC,SAAS,CAAC;IACxD,IAAI+C,UAAU,EAAE;MACZ,MAAMA,UAAU,CAACQ,mBAAmB,CAAC,CAAC;IAC1C;EACJ;AACJ,CAAC","ignoreList":[]}

package/dist/esm/plugins/client-rest/index.js CHANGED Viewed

@@ -24,7 +24,12 @@ export var RxRestClient = /*#__PURE__*/function () {
   };
   _proto.observeQuery = function observeQuery(query) {
     var result = new Subject();
-    var queryAsBase64 = btoa(JSON.stringify(query));
+    // Standard base64 uses '+' and '/'; both are URL-reserved and a raw
+    // '+' in the query string is decoded as a space by the server's
+    // URL parser. Without encoding, the server's atob() then rejects
+    // the corrupted string with "Invalid character" and the SSE
+    // connection silently never delivers any document.
+    var queryAsBase64 = encodeURIComponent(btoa(JSON.stringify(query)));
     var eventSource = new this.eventSource(this.endpointUrl + '/query/observe?query=' + queryAsBase64, {
       withCredentials: true,
       /**
@@ -41,18 +46,18 @@ export var RxRestClient = /*#__PURE__*/function () {
     };
     return result.asObservable();
   };
-  _proto.get = function get(ids) {
-    var response = postRequest(this.endpointUrl + '/get', ids, this.headers);
+  _proto.get = async function get(ids) {
+    var response = await postRequest(this.endpointUrl + '/get', ids, this.headers);
     this.handleError(response);
     return response;
   };
-  _proto.set = function set(docs) {
-    var response = postRequest(this.endpointUrl + '/set', docs, this.headers);
+  _proto.set = async function set(docs) {
+    var response = await postRequest(this.endpointUrl + '/set', docs, this.headers);
     this.handleError(response);
     return response;
   };
-  _proto.delete = function _delete(ids) {
-    var response = postRequest(this.endpointUrl + '/delete', ids, this.headers);
+  _proto.delete = async function _delete(ids) {
+    var response = await postRequest(this.endpointUrl + '/delete', ids, this.headers);
     this.handleError(response);
     return response;
   };

package/dist/esm/plugins/client-rest/index.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.js","names":["postRequest","Subject","EventSource","customFetchWithFixedHeaders","RxRestClient","endpointUrl","headers","eventSource","_proto","prototype","setHeaders","handleError","response","error","Error","JSON","stringify","query","observeQuery","result","queryAsBase64","btoa","withCredentials","fetch","onmessage","event","eventData","parse","data","next","asObservable","get","ids","set","docs","delete","createRestClient"],"sources":["../../../../src/plugins/client-rest/index.ts"],"sourcesContent":["import { ById, MangoQuery } from 'rxdb/plugins/core';\nimport { postRequest } from './utils.ts';\nimport { Observable, Subject } from 'rxjs';\nimport { EventSource } from 'eventsource';\nimport { customFetchWithFixedHeaders } from '../../utils.ts';\n\nexport class RxRestClient<RxDocType> {\n constructor(\n public readonly endpointUrl: string,\n public headers: ById<string> = {},\n public readonly eventSource: typeof EventSource \| any = EventSource\n ) { }\n\n setHeaders(headers: ById<string>) {\n this.headers = headers;\n }\n\n handleError(response: any) {\n if (response.error) {\n throw new Error('Server returned an error ' + JSON.stringify(response));\n }\n }\n\n async query(query: MangoQuery<RxDocType>): Promise<{ documents: RxDocType[] }> {\n const response = await postRequest(\n this.endpointUrl + '/query',\n query,\n this.headers\n );\n this.handleError(response);\n return response;\n }\n\n observeQuery(query: MangoQuery<RxDocType>): Observable<RxDocType[]> {\n const result = new Subject<RxDocType[]>;\n const queryAsBase64 = btoa(JSON.stringify(query));\n const eventSource: EventSource = new this.eventSource(\n this.endpointUrl + '/query/observe?query=' + queryAsBase64,\n {\n withCredentials: true,\n /*\n Sending headers is not supported by the Browser EventSource API,\n * only by the npm module we use. In react-native you might have\n * to set another EventSource implementation.\n * @link https://www.npmjs.com/package/eventsource\n /\n fetch: customFetchWithFixedHeaders(this.headers)\n }\n );\n eventSource.onmessage = event => {\n const eventData = JSON.parse(event.data);\n result.next(eventData);\n };\n return result.asObservable();\n }\n\n get(ids: string[]): Promise<{ documents: RxDocType[] }> {\n const response = postRequest(\n this.endpointUrl + '/get',\n ids,\n this.headers\n );\n this.handleError(response);\n return response;\n }\n\n set(docs: RxDocType[]) {\n const response = postRequest(\n this.endpointUrl + '/set',\n docs,\n this.headers\n );\n this.handleError(response);\n return response;\n }\n\n delete(ids: string[]) {\n const response = postRequest(\n this.endpointUrl + '/delete',\n ids,\n this.headers\n );\n this.handleError(response);\n return response;\n }\n}\n\nexport function createRestClient<RxDocType>(\n endpointUrl: string,\n headers: ById<string>,\n eventSource: typeof EventSource \| any = EventSource\n) {\n\n return new RxRestClient<RxDocType>(\n endpointUrl,\n headers,\n eventSource\n );\n}\n\n\nexport from './utils.ts';\n"],"mappings":"AACA,SAASA,WAAW,QAAQ,YAAY;AACxC,SAAqBC,OAAO,QAAQ,MAAM;AAC1C,SAASC,WAAW,QAAQ,aAAa;AACzC,SAASC,2BAA2B,QAAQ,gBAAgB;AAE5D,WAAaC,YAAY;EACrB,SAAAA,aACoBC,WAAmB,EAC5BC,OAAqB,GAAG,CAAC,CAAC,EACjBC,WAAqC,GAAGL,WAAW,EACrE;IAAA,KAHkBG,WAAmB,GAAnBA,WAAmB;IAAA,KAC5BC,OAAqB,GAArBA,OAAqB;IAAA,KACZC,WAAqC,GAArCA,WAAqC;EACrD;EAAC,IAAAC,MAAA,GAAAJ,YAAA,CAAAK,SAAA;EAAAD,MAAA,CAELE,UAAU,GAAV,SAAAA,UAAUA,CAACJ,OAAqB,EAAE;IAC9B,IAAI,CAACA,OAAO,GAAGA,OAAO;EAC1B,CAAC;EAAAE,MAAA,CAEDG,WAAW,GAAX,SAAAA,WAAWA,CAACC,QAAa,EAAE;IACvB,IAAIA,QAAQ,CAACC,KAAK,EAAE;MAChB,MAAM,IAAIC,KAAK,CAAC,2BAA2B,GAAGC,IAAI,CAACC,SAAS,CAACJ,QAAQ,CAAC,CAAC;IAC3E;EACJ,CAAC;EAAAJ,MAAA,CAEKS,KAAK,GAAX,eAAMA,KAAKA,CAACA,MAA4B,EAAuC;IAC3E,IAAML,QAAQ,GAAG,MAAMZ,WAAW,CAC9B,IAAI,CAACK,WAAW,GAAG,QAAQ,EAC3BY,MAAK,EACL,IAAI,CAACX,OACT,CAAC;IACD,IAAI,CAACK,WAAW,CAACC,QAAQ,CAAC;IAC1B,OAAOA,QAAQ;EACnB,CAAC;EAAAJ,MAAA,CAEDU,YAAY,GAAZ,SAAAA,YAAYA,CAACD,KAA4B,EAA2B;IAChE,IAAME,MAAM,GAAG,IAAIlB,OAAO,CAAY,CAAC;IACvC,IAAMmB,aAAa,GAAGC,IAAI,~~CAACN~~,IAAI,CAACC,SAAS,CAACC,KAAK,CAAC,CAAC;~~IACjD~~,IAAMV,WAAwB,GAAG,IAAI,IAAI,CAACA,WAAW,CACjD,IAAI,CAACF,WAAW,GAAG,uBAAuB,GAAGe,aAAa,EAC1D;~~MACIE~~,eAAe,EAAE,IAAI;MACrB;AAChB;AACA;AACA;AACA;AACA;MACgBC,KAAK,~~EAAEpB~~,2BAA2B,CAAC,IAAI,CAACG,OAAO;IACnD,CACJ,CAAC;IACDC,WAAW,~~CAACiB~~,SAAS,GAAGC,KAAK,IAAI;MAC7B,IAAMC,SAAS,~~GAAGX~~,IAAI,~~CAACY~~,KAAK,CAACF,KAAK,CAACG,IAAI,CAAC;~~MACxCT~~,MAAM,~~CAACU~~,IAAI,CAACH,SAAS,CAAC;IAC1B,CAAC;IACD,~~OAAOP~~,MAAM,~~CAACW~~,YAAY,CAAC,CAAC;EAChC,CAAC;~~EAAAtB~~,MAAA,~~CAEDuB~~,GAAG,~~GAAH~~,~~SAAAA~~,GAAGA,CAACC,GAAa,EAAuC;~~IACpD~~,~~IAAMpB~~,QAAQ,~~GAAGZ~~,WAAW,~~CACxB~~,IAAI,CAACK,WAAW,GAAG,MAAM,~~EACzB2B~~,GAAG,EACH,IAAI,~~CAAC1B~~,OACT,CAAC;IACD,IAAI,CAACK,WAAW,CAACC,QAAQ,CAAC;IAC1B,OAAOA,QAAQ;EACnB,CAAC;EAAAJ,MAAA,~~CAEDyB~~,GAAG,~~GAAH~~,~~SAAAA~~,GAAGA,CAACC,IAAiB,EAAE;~~IACnB~~,~~IAAMtB~~,QAAQ,~~GAAGZ~~,WAAW,~~CACxB~~,IAAI,CAACK,WAAW,GAAG,MAAM,~~EACzB6B~~,IAAI,EACJ,IAAI,~~CAAC5B~~,OACT,CAAC;IACD,IAAI,CAACK,WAAW,CAACC,QAAQ,CAAC;IAC1B,OAAOA,QAAQ;EACnB,CAAC;EAAAJ,MAAA,~~CAED2B~~,MAAM,~~GAAN~~,~~SAAAA~~,OAAMA,CAACH,GAAa,EAAE;~~IAClB~~,~~IAAMpB~~,QAAQ,~~GAAGZ~~,WAAW,~~CACxB~~,IAAI,CAACK,WAAW,GAAG,SAAS,~~EAC5B2B~~,GAAG,EACH,IAAI,~~CAAC1B~~,OACT,CAAC;IACD,IAAI,CAACK,WAAW,CAACC,QAAQ,CAAC;IAC1B,OAAOA,QAAQ;EACnB,CAAC;EAAA,OAAAR,YAAA;AAAA;AAGL,OAAO,~~SAASgC~~,gBAAgBA,~~CAC5B/B~~,WAAmB,EACnBC,OAAqB,EACrBC,WAAqC,GAAGL,WAAW,EACrD;EAEE,OAAO,IAAIE,YAAY,CACnBC,WAAW,EACXC,OAAO,EACPC,WACJ,CAAC;AACL;AAGA,cAAc,YAAY","ignoreList":[]}
1	+ {"version":3,"file":"index.js","names":["postRequest","Subject","EventSource","customFetchWithFixedHeaders","RxRestClient","endpointUrl","headers","eventSource","_proto","prototype","setHeaders","handleError","response","error","Error","JSON","stringify","query","observeQuery","result","queryAsBase64","encodeURIComponent","btoa","withCredentials","fetch","onmessage","event","eventData","parse","data","next","asObservable","get","ids","set","docs","delete","createRestClient"],"sources":["../../../../src/plugins/client-rest/index.ts"],"sourcesContent":["import { ById, MangoQuery } from 'rxdb/plugins/core';\nimport { postRequest } from './utils.ts';\nimport { Observable, Subject } from 'rxjs';\nimport { EventSource } from 'eventsource';\nimport { customFetchWithFixedHeaders } from '../../utils.ts';\n\nexport class RxRestClient<RxDocType> {\n constructor(\n public readonly endpointUrl: string,\n public headers: ById<string> = {},\n public readonly eventSource: typeof EventSource \| any = EventSource\n ) { }\n\n setHeaders(headers: ById<string>) {\n this.headers = headers;\n }\n\n handleError(response: any) {\n if (response.error) {\n throw new Error('Server returned an error ' + JSON.stringify(response));\n }\n }\n\n async query(query: MangoQuery<RxDocType>): Promise<{ documents: RxDocType[] }> {\n const response = await postRequest(\n this.endpointUrl + '/query',\n query,\n this.headers\n );\n this.handleError(response);\n return response;\n }\n\n observeQuery(query: MangoQuery<RxDocType>): Observable<RxDocType[]> {\n const result = new Subject<RxDocType[]>;\n // Standard base64 uses '+' and '/'; both are URL-reserved and a raw\n // '+' in the query string is decoded as a space by the server's\n // URL parser. Without encoding, the server's atob() then rejects\n // the corrupted string with \"Invalid character\" and the SSE\n // connection silently never delivers any document.\n const queryAsBase64 = encodeURIComponent(btoa(JSON.stringify(query)));\n const eventSource: EventSource = new this.eventSource(\n this.endpointUrl + '/query/observe?query=' + queryAsBase64,\n {\n withCredentials: true,\n /*\n Sending headers is not supported by the Browser EventSource API,\n * only by the npm module we use. In react-native you might have\n * to set another EventSource implementation.\n * @link https://www.npmjs.com/package/eventsource\n /\n fetch: customFetchWithFixedHeaders(this.headers)\n }\n );\n eventSource.onmessage = event => {\n const eventData = JSON.parse(event.data);\n result.next(eventData);\n };\n return result.asObservable();\n }\n\n async get(ids: string[]): Promise<{ documents: RxDocType[] }> {\n const response = await postRequest(\n this.endpointUrl + '/get',\n ids,\n this.headers\n );\n this.handleError(response);\n return response;\n }\n\n async set(docs: RxDocType[]) {\n const response = await postRequest(\n this.endpointUrl + '/set',\n docs,\n this.headers\n );\n this.handleError(response);\n return response;\n }\n\n async delete(ids: string[]) {\n const response = await postRequest(\n this.endpointUrl + '/delete',\n ids,\n this.headers\n );\n this.handleError(response);\n return response;\n }\n}\n\nexport function createRestClient<RxDocType>(\n endpointUrl: string,\n headers: ById<string>,\n eventSource: typeof EventSource \| any = EventSource\n) {\n\n return new RxRestClient<RxDocType>(\n endpointUrl,\n headers,\n eventSource\n );\n}\n\n\nexport from './utils.ts';\n"],"mappings":"AACA,SAASA,WAAW,QAAQ,YAAY;AACxC,SAAqBC,OAAO,QAAQ,MAAM;AAC1C,SAASC,WAAW,QAAQ,aAAa;AACzC,SAASC,2BAA2B,QAAQ,gBAAgB;AAE5D,WAAaC,YAAY;EACrB,SAAAA,aACoBC,WAAmB,EAC5BC,OAAqB,GAAG,CAAC,CAAC,EACjBC,WAAqC,GAAGL,WAAW,EACrE;IAAA,KAHkBG,WAAmB,GAAnBA,WAAmB;IAAA,KAC5BC,OAAqB,GAArBA,OAAqB;IAAA,KACZC,WAAqC,GAArCA,WAAqC;EACrD;EAAC,IAAAC,MAAA,GAAAJ,YAAA,CAAAK,SAAA;EAAAD,MAAA,CAELE,UAAU,GAAV,SAAAA,UAAUA,CAACJ,OAAqB,EAAE;IAC9B,IAAI,CAACA,OAAO,GAAGA,OAAO;EAC1B,CAAC;EAAAE,MAAA,CAEDG,WAAW,GAAX,SAAAA,WAAWA,CAACC,QAAa,EAAE;IACvB,IAAIA,QAAQ,CAACC,KAAK,EAAE;MAChB,MAAM,IAAIC,KAAK,CAAC,2BAA2B,GAAGC,IAAI,CAACC,SAAS,CAACJ,QAAQ,CAAC,CAAC;IAC3E;EACJ,CAAC;EAAAJ,MAAA,CAEKS,KAAK,GAAX,eAAMA,KAAKA,CAACA,MAA4B,EAAuC;IAC3E,IAAML,QAAQ,GAAG,MAAMZ,WAAW,CAC9B,IAAI,CAACK,WAAW,GAAG,QAAQ,EAC3BY,MAAK,EACL,IAAI,CAACX,OACT,CAAC;IACD,IAAI,CAACK,WAAW,CAACC,QAAQ,CAAC;IAC1B,OAAOA,QAAQ;EACnB,CAAC;EAAAJ,MAAA,CAEDU,YAAY,GAAZ,SAAAA,YAAYA,CAACD,KAA4B,EAA2B;IAChE,IAAME,MAAM,GAAG,IAAIlB,OAAO,CAAY,CAAC;IACvC;IACA;IACA;IACA;IACA;IACA,IAAMmB,aAAa,GAAGC,kBAAkB,CAACC,IAAI,CAACP,IAAI,CAACC,SAAS,CAACC,KAAK,CAAC,CAAC,CAAC;IACrE,IAAMV,WAAwB,GAAG,IAAI,IAAI,CAACA,WAAW,CACjD,IAAI,CAACF,WAAW,GAAG,uBAAuB,GAAGe,aAAa,EAC1D;MACIG,eAAe,EAAE,IAAI;MACrB;AAChB;AACA;AACA;AACA;AACA;MACgBC,KAAK,EAAErB,2BAA2B,CAAC,IAAI,CAACG,OAAO;IACnD,CACJ,CAAC;IACDC,WAAW,CAACkB,SAAS,GAAGC,KAAK,IAAI;MAC7B,IAAMC,SAAS,GAAGZ,IAAI,CAACa,KAAK,CAACF,KAAK,CAACG,IAAI,CAAC;MACxCV,MAAM,CAACW,IAAI,CAACH,SAAS,CAAC;IAC1B,CAAC;IACD,OAAOR,MAAM,CAACY,YAAY,CAAC,CAAC;EAChC,CAAC;EAAAvB,MAAA,CAEKwB,GAAG,GAAT,eAAMA,GAAGA,CAACC,GAAa,EAAuC;IAC1D,IAAMrB,QAAQ,GAAG,MAAMZ,WAAW,CAC9B,IAAI,CAACK,WAAW,GAAG,MAAM,EACzB4B,GAAG,EACH,IAAI,CAAC3B,OACT,CAAC;IACD,IAAI,CAACK,WAAW,CAACC,QAAQ,CAAC;IAC1B,OAAOA,QAAQ;EACnB,CAAC;EAAAJ,MAAA,CAEK0B,GAAG,GAAT,eAAMA,GAAGA,CAACC,IAAiB,EAAE;IACzB,IAAMvB,QAAQ,GAAG,MAAMZ,WAAW,CAC9B,IAAI,CAACK,WAAW,GAAG,MAAM,EACzB8B,IAAI,EACJ,IAAI,CAAC7B,OACT,CAAC;IACD,IAAI,CAACK,WAAW,CAACC,QAAQ,CAAC;IAC1B,OAAOA,QAAQ;EACnB,CAAC;EAAAJ,MAAA,CAEK4B,MAAM,GAAZ,eAAMA,OAAMA,CAACH,GAAa,EAAE;IACxB,IAAMrB,QAAQ,GAAG,MAAMZ,WAAW,CAC9B,IAAI,CAACK,WAAW,GAAG,SAAS,EAC5B4B,GAAG,EACH,IAAI,CAAC3B,OACT,CAAC;IACD,IAAI,CAACK,WAAW,CAACC,QAAQ,CAAC;IAC1B,OAAOA,QAAQ;EACnB,CAAC;EAAA,OAAAR,YAAA;AAAA;AAGL,OAAO,SAASiC,gBAAgBA,CAC5BhC,WAAmB,EACnBC,OAAqB,EACrBC,WAAqC,GAAGL,WAAW,EACrD;EAEE,OAAO,IAAIE,YAAY,CACnBC,WAAW,EACXC,OAAO,EACPC,WACJ,CAAC;AACL;AAGA,cAAc,YAAY","ignoreList":[]}

package/dist/esm/plugins/replication-server/index.js CHANGED Viewed

@@ -56,7 +56,7 @@ export function replicateServer(options) {
       async handler(checkpointOrNull, batchSize) {
         var lwt = checkpointOrNull && checkpointOrNull.lwt ? checkpointOrNull.lwt : 0;
         var id = checkpointOrNull && checkpointOrNull.id ? checkpointOrNull.id : '';
-        var url = options.url + ("/pull?lwt=" + lwt + "&id=" + id + "&limit=" + batchSize);
+        var url = options.url + ("/pull?lwt=" + lwt + "&id=" + encodeURIComponent(id) + "&limit=" + batchSize);
         var response = await fetch(url, {
           method: 'GET',
           credentials: 'include',

package/dist/esm/plugins/replication-server/index.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.js","names":["ensureNotFalsy","flatClone","promiseWait","addRxPlugin","newRxError","RxDBLeaderElectionPlugin","RxReplicationState","startReplicationOnLeaderShip","Subject","parseResponse","EventSource","customFetchWithFixedHeaders","RxServerReplicationState","_RxReplicationState","replicationIdentifier","collection","pull","push","live","retryTime","autoStart","headers","_this","call","outdatedClient$","unauthorized$","forbidden$","onCancel","complete","_inheritsLoose","_proto","prototype","setHeaders","replicateServer","options","name","args","waitForLeadership","pullStream$","replicationPrimitivesPull","handler","checkpointOrNull","batchSize","lwt","id","url","response","fetch","method","credentials","Object","assign","replicationState","data","documents","checkpoint","modifier","stream$","asObservable","replicationPrimitivesPush","changeRows","body","JSON","stringify","conflictsArray","startBefore","start","bind","useEventSource","eventSource","refreshEventSource","withCredentials","onerror","err","code","next","close","then","onopen","x","onmessage","event","eventData","parse"],"sources":["../../../../src/plugins/replication-server/index.ts"],"sourcesContent":["import {\n ensureNotFalsy,\n flatClone,\n promiseWait,\n RxCollection,\n ReplicationPullOptions,\n ReplicationPushOptions,\n RxReplicationPullStreamItem,\n ById,\n addRxPlugin,\n newRxError,\n WithDeletedAndAttachments\n} from 'rxdb/plugins/core';\nimport { RxDBLeaderElectionPlugin } from 'rxdb/plugins/leader-election';\nimport {\n RxReplicationState,\n startReplicationOnLeaderShip\n} from 'rxdb/plugins/replication';\n\nimport { Subject } from 'rxjs';\nimport type {\n RxServerCheckpoint,\n ServerSyncOptions\n} from './types.ts';\nimport { parseResponse } from './helpers.ts';\nimport { EventSource } from 'eventsource';\nimport { customFetchWithFixedHeaders } from '../../utils.ts';\n\nexport * from './types.ts';\n\nexport class RxServerReplicationState<RxDocType> extends RxReplicationState<RxDocType, RxServerCheckpoint> {\n public readonly outdatedClient$ = new Subject<void>();\n public readonly unauthorized$ = new Subject<void>();\n public readonly forbidden$ = new Subject<void>();\n\n constructor(\n public readonly replicationIdentifier: string,\n public readonly collection: RxCollection<RxDocType, unknown, unknown, unknown>,\n public readonly pull?: ReplicationPullOptions<RxDocType, RxServerCheckpoint>,\n public readonly push?: ReplicationPushOptions<RxDocType>,\n public readonly live: boolean = true,\n public retryTime: number = 1000 * 5,\n public autoStart: boolean = true,\n public headers: ById<string> = {}\n ) {\n super(\n replicationIdentifier,\n collection,\n '_deleted',\n pull,\n push,\n live,\n retryTime,\n autoStart\n );\n\n this.onCancel.push(() => {\n this.outdatedClient$.complete();\n this.unauthorized$.complete();\n this.forbidden$.complete();\n });\n }\n\n setHeaders(headers: ById<string>): void {\n this.headers = flatClone(headers);\n }\n}\n\nexport function replicateServer<RxDocType>(\n options: ServerSyncOptions<RxDocType>\n): RxServerReplicationState<RxDocType> {\n\n if (!options.pull && !options.push) {\n throw newRxError('UT3', {\n collection: options.collection.name,\n args: {\n replicationIdentifier: options.replicationIdentifier\n }\n });\n }\n\n options.live = typeof options.live === 'undefined' ? true : options.live;\n options.waitForLeadership = typeof options.waitForLeadership === 'undefined' ? true : options.waitForLeadership;\n\n const collection = options.collection;\n addRxPlugin(RxDBLeaderElectionPlugin);\n\n const pullStream$: Subject<RxReplicationPullStreamItem<RxDocType, RxServerCheckpoint>> = new Subject();\n\n let replicationPrimitivesPull: ReplicationPullOptions<RxDocType, RxServerCheckpoint> \| undefined;\n if (options.pull) {\n replicationPrimitivesPull = {\n async handler(checkpointOrNull, batchSize) {\n const lwt = checkpointOrNull && checkpointOrNull.lwt ? checkpointOrNull.lwt : 0;\n const id = checkpointOrNull && checkpointOrNull.id ? checkpointOrNull.id : '';\n const url = options.url + `/pull?lwt=${lwt}&id=${id}&limit=${batchSize}`;\n const response = await fetch(url, {\n method: 'GET',\n credentials: 'include',\n headers: Object.assign({\n 'Accept': 'application/json',\n 'Content-Type': 'application/json'\n }, replicationState.headers),\n });\n const data = await parseResponse(replicationState, response);\n return {\n documents: data.documents,\n checkpoint: data.checkpoint\n };\n },\n batchSize: ensureNotFalsy(options.pull).batchSize,\n modifier: ensureNotFalsy(options.pull).modifier,\n stream$: pullStream$.asObservable()\n };\n }\n\n let replicationPrimitivesPush: ReplicationPushOptions<RxDocType> \| undefined;\n if (options.push) {\n replicationPrimitivesPush = {\n async handler(changeRows) {\n const response = await fetch(options.url + '/push', {\n method: 'POST',\n credentials: 'include',\n headers: Object.assign({\n 'Accept': 'application/json',\n 'Content-Type': 'application/json'\n }, replicationState.headers),\n body: JSON.stringify(changeRows)\n });\n const conflictsArray = await parseResponse(replicationState, response);\n return conflictsArray;\n },\n batchSize: options.push.batchSize,\n modifier: options.push.modifier\n };\n }\n\n const replicationState = new RxServerReplicationState<RxDocType>(\n options.replicationIdentifier,\n collection,\n replicationPrimitivesPull,\n replicationPrimitivesPush,\n options.live,\n options.retryTime,\n options.autoStart,\n options.headers\n );\n\n /*\n Use long polling to get live changes for the pull.stream$\n /\n if (options.live && options.pull) {\n const startBefore = replicationState.start.bind(replicationState);\n replicationState.start = async () => {\n const useEventSource: typeof EventSource = options.eventSource ? options.eventSource : EventSource;\n let eventSource: EventSource;\n const refreshEventSource = () => {\n eventSource = new useEventSource(options.url + '/pullStream', {\n withCredentials: true,\n /\n Sending headers is not supported by the Browser EventSource API,\n * only by the npm module we use. In react-native you might have\n * to set another EventSource implementation.\n * @link https://www.npmjs.com/package/eventsource\n */\n fetch: customFetchWithFixedHeaders(replicationState.headers)\n });\n // TODO check for 426 errors and handle them\n eventSource.onerror = (err) => {\n if (err.code === 401) {\n replicationState.unauthorized$.next();\n eventSource.close();\n promiseWait(replicationState.retryTime).then(() => refreshEventSource());\n } else {\n pullStream$.next('RESYNC');\n }\n };\n eventSource.onopen = (x) => {\n pullStream$.next('RESYNC');\n }\n eventSource.onmessage = event => {\n const eventData: { documents: WithDeletedAndAttachments<RxDocType>[]; checkpoint: RxServerCheckpoint; } = JSON.parse(event.data);\n pullStream$.next({\n documents: eventData.documents,\n checkpoint: eventData.checkpoint\n });\n };\n }\n refreshEventSource();\n\n replicationState.onCancel.push(() => eventSource && eventSource.close());\n return startBefore();\n };\n }\n\n startReplicationOnLeaderShip(options.waitForLeadership, replicationState);\n\n return replicationState;\n}\n"],"mappings":";AAAA,SACIA,cAAc,EACdC,SAAS,EACTC,WAAW,EAMXC,WAAW,EACXC,UAAU,QAEP,mBAAmB;AAC1B,SAASC,wBAAwB,QAAQ,8BAA8B;AACvE,SACIC,kBAAkB,EAClBC,4BAA4B,QACzB,0BAA0B;AAEjC,SAASC,OAAO,QAAQ,MAAM;AAK9B,SAASC,aAAa,QAAQ,cAAc;AAC5C,SAASC,WAAW,QAAQ,aAAa;AACzC,SAASC,2BAA2B,QAAQ,gBAAgB;AAE5D,cAAc,YAAY;AAE1B,WAAaC,wBAAwB,0BAAAC,mBAAA;EAKjC,SAAAD,yBACoBE,qBAA6B,EAC7BC,UAA8D,EAC9DC,IAA4D,EAC5DC,IAAwC,EACxCC,IAAa,GAAG,IAAI,EAC7BC,SAAiB,GAAG,IAAI,GAAG,CAAC,EAC5BC,SAAkB,GAAG,IAAI,EACzBC,OAAqB,GAAG,CAAC,CAAC,EACnC;IAAA,IAAAC,KAAA;IACEA,KAAA,GAAAT,mBAAA,CAAAU,IAAA,OACIT,qBAAqB,EACrBC,UAAU,EACV,UAAU,EACVC,IAAI,EACJC,IAAI,EACJC,IAAI,EACJC,SAAS,EACTC,SACJ,CAAC;IAACE,KAAA,CAvBUE,eAAe,GAAG,IAAIhB,OAAO,CAAO,CAAC;IAAAc,KAAA,CACrCG,aAAa,GAAG,IAAIjB,OAAO,CAAO,CAAC;IAAAc,KAAA,CACnCI,UAAU,GAAG,IAAIlB,OAAO,CAAO,CAAC;IAAAc,KAAA,CAG5BR,qBAA6B,GAA7BA,qBAA6B;IAAAQ,KAAA,CAC7BP,UAA8D,GAA9DA,UAA8D;IAAAO,KAAA,CAC9DN,IAA4D,GAA5DA,IAA4D;IAAAM,KAAA,CAC5DL,IAAwC,GAAxCA,IAAwC;IAAAK,KAAA,CACxCJ,IAAa,GAAbA,IAAa;IAAAI,KAAA,CACtBH,SAAiB,GAAjBA,SAAiB;IAAAG,KAAA,CACjBF,SAAkB,GAAlBA,SAAkB;IAAAE,KAAA,CAClBD,OAAqB,GAArBA,OAAqB;IAa5BC,KAAA,CAAKK,QAAQ,CAACV,IAAI,CAAC,MAAM;MACrBK,KAAA,CAAKE,eAAe,CAACI,QAAQ,CAAC,CAAC;MAC/BN,KAAA,CAAKG,aAAa,CAACG,QAAQ,CAAC,CAAC;MAC7BN,KAAA,CAAKI,UAAU,CAACE,QAAQ,CAAC,CAAC;IAC9B,CAAC,CAAC;IAAC,OAAAN,KAAA;EACP;EAACO,cAAA,CAAAjB,wBAAA,EAAAC,mBAAA;EAAA,IAAAiB,MAAA,GAAAlB,wBAAA,CAAAmB,SAAA;EAAAD,MAAA,CAEDE,UAAU,GAAV,SAAAA,UAAUA,CAACX,OAAqB,EAAQ;IACpC,IAAI,CAACA,OAAO,GAAGpB,SAAS,CAACoB,OAAO,CAAC;EACrC,CAAC;EAAA,OAAAT,wBAAA;AAAA,EAnCoDN,kBAAkB;AAsC3E,OAAO,SAAS2B,eAAeA,CAC3BC,OAAqC,EACF;EAEnC,IAAI,CAACA,OAAO,CAAClB,IAAI,IAAI,CAACkB,OAAO,CAACjB,IAAI,EAAE;IAChC,MAAMb,UAAU,CAAC,KAAK,EAAE;MACpBW,UAAU,EAAEmB,OAAO,CAACnB,UAAU,CAACoB,IAAI;MACnCC,IAAI,EAAE;QACFtB,qBAAqB,EAAEoB,OAAO,CAACpB;MACnC;IACJ,CAAC,CAAC;EACN;EAEAoB,OAAO,CAAChB,IAAI,GAAG,OAAOgB,OAAO,CAAChB,IAAI,KAAK,WAAW,GAAG,IAAI,GAAGgB,OAAO,CAAChB,IAAI;EACxEgB,OAAO,CAACG,iBAAiB,GAAG,OAAOH,OAAO,CAACG,iBAAiB,KAAK,WAAW,GAAG,IAAI,GAAGH,OAAO,CAACG,iBAAiB;EAE/G,IAAMtB,UAAU,GAAGmB,OAAO,CAACnB,UAAU;EACrCZ,WAAW,CAACE,wBAAwB,CAAC;EAErC,IAAMiC,WAAgF,GAAG,IAAI9B,OAAO,CAAC,CAAC;EAEtG,IAAI+B,yBAA4F;EAChG,IAAIL,OAAO,CAAClB,IAAI,EAAE;IACduB,yBAAyB,GAAG;MACxB,MAAMC,OAAOA,CAACC,gBAAgB,EAAEC,SAAS,EAAE;QACvC,IAAMC,GAAG,GAAGF,gBAAgB,IAAIA,gBAAgB,CAACE,GAAG,GAAGF,gBAAgB,CAACE,GAAG,GAAG,CAAC;QAC/E,IAAMC,EAAE,GAAGH,gBAAgB,IAAIA,gBAAgB,CAACG,EAAE,GAAGH,gBAAgB,CAACG,EAAE,GAAG,EAAE;QAC7E,IAAMC,GAAG,GAAGX,OAAO,CAACW,GAAG,mBAAgBF,GAAG,YAAOC,EAAE,eAAUF,SAAS,CAAE;QACxE,IAAMI,QAAQ,GAAG,MAAMC,KAAK,CAACF,GAAG,EAAE;UAC9BG,MAAM,EAAE,KAAK;UACbC,WAAW,EAAE,SAAS;UACtB5B,OAAO,EAAE6B,MAAM,CAACC,MAAM,CAAC;YACnB,QAAQ,EAAE,kBAAkB;YAC5B,cAAc,EAAE;UACpB,CAAC,EAAEC,gBAAgB,CAAC/B,OAAO;QAC/B,CAAC,CAAC;QACF,IAAMgC,IAAI,GAAG,MAAM5C,aAAa,CAAC2C,gBAAgB,EAAEN,QAAQ,CAAC;QAC5D,OAAO;UACHQ,SAAS,EAAED,IAAI,CAACC,SAAS;UACzBC,UAAU,EAAEF,IAAI,CAACE;QACrB,CAAC;MACL,CAAC;MACDb,SAAS,EAAE1C,cAAc,CAACkC,OAAO,CAAClB,IAAI,CAAC,CAAC0B,SAAS;MACjDc,QAAQ,EAAExD,cAAc,CAACkC,OAAO,CAAClB,IAAI,CAAC,CAACwC,QAAQ;MAC/CC,OAAO,EAAEnB,WAAW,CAACoB,YAAY,CAAC;IACtC,CAAC;EACL;EAEA,IAAIC,yBAAwE;EAC5E,IAAIzB,OAAO,CAACjB,IAAI,EAAE;IACd0C,yBAAyB,GAAG;MACxB,MAAMnB,OAAOA,CAACoB,UAAU,EAAE;QACtB,IAAMd,QAAQ,GAAG,MAAMC,KAAK,CAACb,OAAO,CAACW,GAAG,GAAG,OAAO,EAAE;UAChDG,MAAM,EAAE,MAAM;UACdC,WAAW,EAAE,SAAS;UACtB5B,OAAO,EAAE6B,MAAM,CAACC,MAAM,CAAC;YACnB,QAAQ,EAAE,kBAAkB;YAC5B,cAAc,EAAE;UACpB,CAAC,EAAEC,gBAAgB,CAAC/B,OAAO,CAAC;UAC5BwC,IAAI,EAAEC,IAAI,CAACC,SAAS,CAACH,UAAU;QACnC,CAAC,CAAC;QACF,IAAMI,cAAc,GAAG,MAAMvD,aAAa,CAAC2C,gBAAgB,EAAEN,QAAQ,CAAC;QACtE,OAAOkB,cAAc;MACzB,CAAC;MACDtB,SAAS,EAAER,OAAO,CAACjB,IAAI,CAACyB,SAAS;MACjCc,QAAQ,EAAEtB,OAAO,CAACjB,IAAI,CAACuC;IAC3B,CAAC;EACL;EAEA,IAAMJ,gBAAgB,GAAG,IAAIxC,wBAAwB,CACjDsB,OAAO,CAACpB,qBAAqB,EAC7BC,UAAU,EACVwB,yBAAyB,EACzBoB,yBAAyB,EACzBzB,OAAO,CAAChB,IAAI,EACZgB,OAAO,CAACf,SAAS,EACjBe,OAAO,CAACd,SAAS,EACjBc,OAAO,CAACb,OACZ,CAAC;;EAED;AACJ;AACA;EACI,IAAIa,OAAO,CAAChB,IAAI,IAAIgB,OAAO,CAAClB,IAAI,EAAE;IAC9B,IAAMiD,WAAW,GAAGb,gBAAgB,CAACc,KAAK,CAACC,IAAI,CAACf,gBAAgB,CAAC;IACjEA,gBAAgB,CAACc,KAAK,GAAG,YAAY;MACjC,IAAME,cAAkC,GAAGlC,OAAO,CAACmC,WAAW,GAAGnC,OAAO,CAACmC,WAAW,GAAG3D,WAAW;MAClG,IAAI2D,WAAwB;MAC5B,IAAMC,kBAAkB,GAAGA,CAAA,KAAM;QAC7BD,WAAW,GAAG,IAAID,cAAc,CAAClC,OAAO,CAACW,GAAG,GAAG,aAAa,EAAE;UAC1D0B,eAAe,EAAE,IAAI;UACrB;AACpB;AACA;AACA;AACA;AACA;UACoBxB,KAAK,EAAEpC,2BAA2B,CAACyC,gBAAgB,CAAC/B,OAAO;QAC/D,CAAC,CAAC;QACF;QACAgD,WAAW,CAACG,OAAO,GAAIC,GAAG,IAAK;UAC3B,IAAIA,GAAG,CAACC,IAAI,KAAK,GAAG,EAAE;YAClBtB,gBAAgB,CAAC3B,aAAa,CAACkD,IAAI,CAAC,CAAC;YACrCN,WAAW,CAACO,KAAK,CAAC,CAAC;YACnB1E,WAAW,CAACkD,gBAAgB,CAACjC,SAAS,CAAC,CAAC0D,IAAI,CAAC,MAAMP,kBAAkB,CAAC,CAAC,CAAC;UAC5E,CAAC,MAAM;YACHhC,WAAW,CAACqC,IAAI,CAAC,QAAQ,CAAC;UAC9B;QACJ,CAAC;QACDN,WAAW,CAACS,MAAM,GAAIC,CAAC,IAAK;UACxBzC,WAAW,CAACqC,IAAI,CAAC,QAAQ,CAAC;QAC9B,CAAC;QACDN,WAAW,CAACW,SAAS,GAAGC,KAAK,IAAI;UAC7B,IAAMC,SAAiG,GAAGpB,IAAI,CAACqB,KAAK,CAACF,KAAK,CAAC5B,IAAI,CAAC;UAChIf,WAAW,CAACqC,IAAI,CAAC;YACbrB,SAAS,EAAE4B,SAAS,CAAC5B,SAAS;YAC9BC,UAAU,EAAE2B,SAAS,CAAC3B;UAC1B,CAAC,CAAC;QACN,CAAC;MACL,CAAC;MACDe,kBAAkB,CAAC,CAAC;MAEpBlB,gBAAgB,CAACzB,QAAQ,CAACV,IAAI,CAAC,MAAMoD,WAAW,IAAIA,WAAW,CAACO,KAAK,CAAC,CAAC,CAAC;MACxE,OAAOX,WAAW,CAAC,CAAC;IACxB,CAAC;EACL;EAEA1D,4BAA4B,CAAC2B,OAAO,CAACG,iBAAiB,EAAEe,gBAAgB,CAAC;EAEzE,OAAOA,gBAAgB;AAC3B","ignoreList":[]}
1	+ {"version":3,"file":"index.js","names":["ensureNotFalsy","flatClone","promiseWait","addRxPlugin","newRxError","RxDBLeaderElectionPlugin","RxReplicationState","startReplicationOnLeaderShip","Subject","parseResponse","EventSource","customFetchWithFixedHeaders","RxServerReplicationState","_RxReplicationState","replicationIdentifier","collection","pull","push","live","retryTime","autoStart","headers","_this","call","outdatedClient$","unauthorized$","forbidden$","onCancel","complete","_inheritsLoose","_proto","prototype","setHeaders","replicateServer","options","name","args","waitForLeadership","pullStream$","replicationPrimitivesPull","handler","checkpointOrNull","batchSize","lwt","id","url","encodeURIComponent","response","fetch","method","credentials","Object","assign","replicationState","data","documents","checkpoint","modifier","stream$","asObservable","replicationPrimitivesPush","changeRows","body","JSON","stringify","conflictsArray","startBefore","start","bind","useEventSource","eventSource","refreshEventSource","withCredentials","onerror","err","code","next","close","then","onopen","x","onmessage","event","eventData","parse"],"sources":["../../../../src/plugins/replication-server/index.ts"],"sourcesContent":["import {\n ensureNotFalsy,\n flatClone,\n promiseWait,\n RxCollection,\n ReplicationPullOptions,\n ReplicationPushOptions,\n RxReplicationPullStreamItem,\n ById,\n addRxPlugin,\n newRxError,\n WithDeletedAndAttachments\n} from 'rxdb/plugins/core';\nimport { RxDBLeaderElectionPlugin } from 'rxdb/plugins/leader-election';\nimport {\n RxReplicationState,\n startReplicationOnLeaderShip\n} from 'rxdb/plugins/replication';\n\nimport { Subject } from 'rxjs';\nimport type {\n RxServerCheckpoint,\n ServerSyncOptions\n} from './types.ts';\nimport { parseResponse } from './helpers.ts';\nimport { EventSource } from 'eventsource';\nimport { customFetchWithFixedHeaders } from '../../utils.ts';\n\nexport * from './types.ts';\n\nexport class RxServerReplicationState<RxDocType> extends RxReplicationState<RxDocType, RxServerCheckpoint> {\n public readonly outdatedClient$ = new Subject<void>();\n public readonly unauthorized$ = new Subject<void>();\n public readonly forbidden$ = new Subject<void>();\n\n constructor(\n public readonly replicationIdentifier: string,\n public readonly collection: RxCollection<RxDocType, unknown, unknown, unknown>,\n public readonly pull?: ReplicationPullOptions<RxDocType, RxServerCheckpoint>,\n public readonly push?: ReplicationPushOptions<RxDocType>,\n public readonly live: boolean = true,\n public retryTime: number = 1000 * 5,\n public autoStart: boolean = true,\n public headers: ById<string> = {}\n ) {\n super(\n replicationIdentifier,\n collection,\n '_deleted',\n pull,\n push,\n live,\n retryTime,\n autoStart\n );\n\n this.onCancel.push(() => {\n this.outdatedClient$.complete();\n this.unauthorized$.complete();\n this.forbidden$.complete();\n });\n }\n\n setHeaders(headers: ById<string>): void {\n this.headers = flatClone(headers);\n }\n}\n\nexport function replicateServer<RxDocType>(\n options: ServerSyncOptions<RxDocType>\n): RxServerReplicationState<RxDocType> {\n\n if (!options.pull && !options.push) {\n throw newRxError('UT3', {\n collection: options.collection.name,\n args: {\n replicationIdentifier: options.replicationIdentifier\n }\n });\n }\n\n options.live = typeof options.live === 'undefined' ? true : options.live;\n options.waitForLeadership = typeof options.waitForLeadership === 'undefined' ? true : options.waitForLeadership;\n\n const collection = options.collection;\n addRxPlugin(RxDBLeaderElectionPlugin);\n\n const pullStream$: Subject<RxReplicationPullStreamItem<RxDocType, RxServerCheckpoint>> = new Subject();\n\n let replicationPrimitivesPull: ReplicationPullOptions<RxDocType, RxServerCheckpoint> \| undefined;\n if (options.pull) {\n replicationPrimitivesPull = {\n async handler(checkpointOrNull, batchSize) {\n const lwt = checkpointOrNull && checkpointOrNull.lwt ? checkpointOrNull.lwt : 0;\n const id = checkpointOrNull && checkpointOrNull.id ? checkpointOrNull.id : '';\n const url = options.url + `/pull?lwt=${lwt}&id=${encodeURIComponent(id)}&limit=${batchSize}`;\n const response = await fetch(url, {\n method: 'GET',\n credentials: 'include',\n headers: Object.assign({\n 'Accept': 'application/json',\n 'Content-Type': 'application/json'\n }, replicationState.headers),\n });\n const data = await parseResponse(replicationState, response);\n return {\n documents: data.documents,\n checkpoint: data.checkpoint\n };\n },\n batchSize: ensureNotFalsy(options.pull).batchSize,\n modifier: ensureNotFalsy(options.pull).modifier,\n stream$: pullStream$.asObservable()\n };\n }\n\n let replicationPrimitivesPush: ReplicationPushOptions<RxDocType> \| undefined;\n if (options.push) {\n replicationPrimitivesPush = {\n async handler(changeRows) {\n const response = await fetch(options.url + '/push', {\n method: 'POST',\n credentials: 'include',\n headers: Object.assign({\n 'Accept': 'application/json',\n 'Content-Type': 'application/json'\n }, replicationState.headers),\n body: JSON.stringify(changeRows)\n });\n const conflictsArray = await parseResponse(replicationState, response);\n return conflictsArray;\n },\n batchSize: options.push.batchSize,\n modifier: options.push.modifier\n };\n }\n\n const replicationState = new RxServerReplicationState<RxDocType>(\n options.replicationIdentifier,\n collection,\n replicationPrimitivesPull,\n replicationPrimitivesPush,\n options.live,\n options.retryTime,\n options.autoStart,\n options.headers\n );\n\n /*\n Use long polling to get live changes for the pull.stream$\n /\n if (options.live && options.pull) {\n const startBefore = replicationState.start.bind(replicationState);\n replicationState.start = async () => {\n const useEventSource: typeof EventSource = options.eventSource ? options.eventSource : EventSource;\n let eventSource: EventSource;\n const refreshEventSource = () => {\n eventSource = new useEventSource(options.url + '/pullStream', {\n withCredentials: true,\n /\n Sending headers is not supported by the Browser EventSource API,\n * only by the npm module we use. In react-native you might have\n * to set another EventSource implementation.\n * @link https://www.npmjs.com/package/eventsource\n */\n fetch: customFetchWithFixedHeaders(replicationState.headers)\n });\n // TODO check for 426 errors and handle them\n eventSource.onerror = (err) => {\n if (err.code === 401) {\n replicationState.unauthorized$.next();\n eventSource.close();\n promiseWait(replicationState.retryTime).then(() => refreshEventSource());\n } else {\n pullStream$.next('RESYNC');\n }\n };\n eventSource.onopen = (x) => {\n pullStream$.next('RESYNC');\n }\n eventSource.onmessage = event => {\n const eventData: { documents: WithDeletedAndAttachments<RxDocType>[]; checkpoint: RxServerCheckpoint; } = JSON.parse(event.data);\n pullStream$.next({\n documents: eventData.documents,\n checkpoint: eventData.checkpoint\n });\n };\n }\n refreshEventSource();\n\n replicationState.onCancel.push(() => eventSource && eventSource.close());\n return startBefore();\n };\n }\n\n startReplicationOnLeaderShip(options.waitForLeadership, replicationState);\n\n return replicationState;\n}\n"],"mappings":";AAAA,SACIA,cAAc,EACdC,SAAS,EACTC,WAAW,EAMXC,WAAW,EACXC,UAAU,QAEP,mBAAmB;AAC1B,SAASC,wBAAwB,QAAQ,8BAA8B;AACvE,SACIC,kBAAkB,EAClBC,4BAA4B,QACzB,0BAA0B;AAEjC,SAASC,OAAO,QAAQ,MAAM;AAK9B,SAASC,aAAa,QAAQ,cAAc;AAC5C,SAASC,WAAW,QAAQ,aAAa;AACzC,SAASC,2BAA2B,QAAQ,gBAAgB;AAE5D,cAAc,YAAY;AAE1B,WAAaC,wBAAwB,0BAAAC,mBAAA;EAKjC,SAAAD,yBACoBE,qBAA6B,EAC7BC,UAA8D,EAC9DC,IAA4D,EAC5DC,IAAwC,EACxCC,IAAa,GAAG,IAAI,EAC7BC,SAAiB,GAAG,IAAI,GAAG,CAAC,EAC5BC,SAAkB,GAAG,IAAI,EACzBC,OAAqB,GAAG,CAAC,CAAC,EACnC;IAAA,IAAAC,KAAA;IACEA,KAAA,GAAAT,mBAAA,CAAAU,IAAA,OACIT,qBAAqB,EACrBC,UAAU,EACV,UAAU,EACVC,IAAI,EACJC,IAAI,EACJC,IAAI,EACJC,SAAS,EACTC,SACJ,CAAC;IAACE,KAAA,CAvBUE,eAAe,GAAG,IAAIhB,OAAO,CAAO,CAAC;IAAAc,KAAA,CACrCG,aAAa,GAAG,IAAIjB,OAAO,CAAO,CAAC;IAAAc,KAAA,CACnCI,UAAU,GAAG,IAAIlB,OAAO,CAAO,CAAC;IAAAc,KAAA,CAG5BR,qBAA6B,GAA7BA,qBAA6B;IAAAQ,KAAA,CAC7BP,UAA8D,GAA9DA,UAA8D;IAAAO,KAAA,CAC9DN,IAA4D,GAA5DA,IAA4D;IAAAM,KAAA,CAC5DL,IAAwC,GAAxCA,IAAwC;IAAAK,KAAA,CACxCJ,IAAa,GAAbA,IAAa;IAAAI,KAAA,CACtBH,SAAiB,GAAjBA,SAAiB;IAAAG,KAAA,CACjBF,SAAkB,GAAlBA,SAAkB;IAAAE,KAAA,CAClBD,OAAqB,GAArBA,OAAqB;IAa5BC,KAAA,CAAKK,QAAQ,CAACV,IAAI,CAAC,MAAM;MACrBK,KAAA,CAAKE,eAAe,CAACI,QAAQ,CAAC,CAAC;MAC/BN,KAAA,CAAKG,aAAa,CAACG,QAAQ,CAAC,CAAC;MAC7BN,KAAA,CAAKI,UAAU,CAACE,QAAQ,CAAC,CAAC;IAC9B,CAAC,CAAC;IAAC,OAAAN,KAAA;EACP;EAACO,cAAA,CAAAjB,wBAAA,EAAAC,mBAAA;EAAA,IAAAiB,MAAA,GAAAlB,wBAAA,CAAAmB,SAAA;EAAAD,MAAA,CAEDE,UAAU,GAAV,SAAAA,UAAUA,CAACX,OAAqB,EAAQ;IACpC,IAAI,CAACA,OAAO,GAAGpB,SAAS,CAACoB,OAAO,CAAC;EACrC,CAAC;EAAA,OAAAT,wBAAA;AAAA,EAnCoDN,kBAAkB;AAsC3E,OAAO,SAAS2B,eAAeA,CAC3BC,OAAqC,EACF;EAEnC,IAAI,CAACA,OAAO,CAAClB,IAAI,IAAI,CAACkB,OAAO,CAACjB,IAAI,EAAE;IAChC,MAAMb,UAAU,CAAC,KAAK,EAAE;MACpBW,UAAU,EAAEmB,OAAO,CAACnB,UAAU,CAACoB,IAAI;MACnCC,IAAI,EAAE;QACFtB,qBAAqB,EAAEoB,OAAO,CAACpB;MACnC;IACJ,CAAC,CAAC;EACN;EAEAoB,OAAO,CAAChB,IAAI,GAAG,OAAOgB,OAAO,CAAChB,IAAI,KAAK,WAAW,GAAG,IAAI,GAAGgB,OAAO,CAAChB,IAAI;EACxEgB,OAAO,CAACG,iBAAiB,GAAG,OAAOH,OAAO,CAACG,iBAAiB,KAAK,WAAW,GAAG,IAAI,GAAGH,OAAO,CAACG,iBAAiB;EAE/G,IAAMtB,UAAU,GAAGmB,OAAO,CAACnB,UAAU;EACrCZ,WAAW,CAACE,wBAAwB,CAAC;EAErC,IAAMiC,WAAgF,GAAG,IAAI9B,OAAO,CAAC,CAAC;EAEtG,IAAI+B,yBAA4F;EAChG,IAAIL,OAAO,CAAClB,IAAI,EAAE;IACduB,yBAAyB,GAAG;MACxB,MAAMC,OAAOA,CAACC,gBAAgB,EAAEC,SAAS,EAAE;QACvC,IAAMC,GAAG,GAAGF,gBAAgB,IAAIA,gBAAgB,CAACE,GAAG,GAAGF,gBAAgB,CAACE,GAAG,GAAG,CAAC;QAC/E,IAAMC,EAAE,GAAGH,gBAAgB,IAAIA,gBAAgB,CAACG,EAAE,GAAGH,gBAAgB,CAACG,EAAE,GAAG,EAAE;QAC7E,IAAMC,GAAG,GAAGX,OAAO,CAACW,GAAG,mBAAgBF,GAAG,YAAOG,kBAAkB,CAACF,EAAE,CAAC,eAAUF,SAAS,CAAE;QAC5F,IAAMK,QAAQ,GAAG,MAAMC,KAAK,CAACH,GAAG,EAAE;UAC9BI,MAAM,EAAE,KAAK;UACbC,WAAW,EAAE,SAAS;UACtB7B,OAAO,EAAE8B,MAAM,CAACC,MAAM,CAAC;YACnB,QAAQ,EAAE,kBAAkB;YAC5B,cAAc,EAAE;UACpB,CAAC,EAAEC,gBAAgB,CAAChC,OAAO;QAC/B,CAAC,CAAC;QACF,IAAMiC,IAAI,GAAG,MAAM7C,aAAa,CAAC4C,gBAAgB,EAAEN,QAAQ,CAAC;QAC5D,OAAO;UACHQ,SAAS,EAAED,IAAI,CAACC,SAAS;UACzBC,UAAU,EAAEF,IAAI,CAACE;QACrB,CAAC;MACL,CAAC;MACDd,SAAS,EAAE1C,cAAc,CAACkC,OAAO,CAAClB,IAAI,CAAC,CAAC0B,SAAS;MACjDe,QAAQ,EAAEzD,cAAc,CAACkC,OAAO,CAAClB,IAAI,CAAC,CAACyC,QAAQ;MAC/CC,OAAO,EAAEpB,WAAW,CAACqB,YAAY,CAAC;IACtC,CAAC;EACL;EAEA,IAAIC,yBAAwE;EAC5E,IAAI1B,OAAO,CAACjB,IAAI,EAAE;IACd2C,yBAAyB,GAAG;MACxB,MAAMpB,OAAOA,CAACqB,UAAU,EAAE;QACtB,IAAMd,QAAQ,GAAG,MAAMC,KAAK,CAACd,OAAO,CAACW,GAAG,GAAG,OAAO,EAAE;UAChDI,MAAM,EAAE,MAAM;UACdC,WAAW,EAAE,SAAS;UACtB7B,OAAO,EAAE8B,MAAM,CAACC,MAAM,CAAC;YACnB,QAAQ,EAAE,kBAAkB;YAC5B,cAAc,EAAE;UACpB,CAAC,EAAEC,gBAAgB,CAAChC,OAAO,CAAC;UAC5ByC,IAAI,EAAEC,IAAI,CAACC,SAAS,CAACH,UAAU;QACnC,CAAC,CAAC;QACF,IAAMI,cAAc,GAAG,MAAMxD,aAAa,CAAC4C,gBAAgB,EAAEN,QAAQ,CAAC;QACtE,OAAOkB,cAAc;MACzB,CAAC;MACDvB,SAAS,EAAER,OAAO,CAACjB,IAAI,CAACyB,SAAS;MACjCe,QAAQ,EAAEvB,OAAO,CAACjB,IAAI,CAACwC;IAC3B,CAAC;EACL;EAEA,IAAMJ,gBAAgB,GAAG,IAAIzC,wBAAwB,CACjDsB,OAAO,CAACpB,qBAAqB,EAC7BC,UAAU,EACVwB,yBAAyB,EACzBqB,yBAAyB,EACzB1B,OAAO,CAAChB,IAAI,EACZgB,OAAO,CAACf,SAAS,EACjBe,OAAO,CAACd,SAAS,EACjBc,OAAO,CAACb,OACZ,CAAC;;EAED;AACJ;AACA;EACI,IAAIa,OAAO,CAAChB,IAAI,IAAIgB,OAAO,CAAClB,IAAI,EAAE;IAC9B,IAAMkD,WAAW,GAAGb,gBAAgB,CAACc,KAAK,CAACC,IAAI,CAACf,gBAAgB,CAAC;IACjEA,gBAAgB,CAACc,KAAK,GAAG,YAAY;MACjC,IAAME,cAAkC,GAAGnC,OAAO,CAACoC,WAAW,GAAGpC,OAAO,CAACoC,WAAW,GAAG5D,WAAW;MAClG,IAAI4D,WAAwB;MAC5B,IAAMC,kBAAkB,GAAGA,CAAA,KAAM;QAC7BD,WAAW,GAAG,IAAID,cAAc,CAACnC,OAAO,CAACW,GAAG,GAAG,aAAa,EAAE;UAC1D2B,eAAe,EAAE,IAAI;UACrB;AACpB;AACA;AACA;AACA;AACA;UACoBxB,KAAK,EAAErC,2BAA2B,CAAC0C,gBAAgB,CAAChC,OAAO;QAC/D,CAAC,CAAC;QACF;QACAiD,WAAW,CAACG,OAAO,GAAIC,GAAG,IAAK;UAC3B,IAAIA,GAAG,CAACC,IAAI,KAAK,GAAG,EAAE;YAClBtB,gBAAgB,CAAC5B,aAAa,CAACmD,IAAI,CAAC,CAAC;YACrCN,WAAW,CAACO,KAAK,CAAC,CAAC;YACnB3E,WAAW,CAACmD,gBAAgB,CAAClC,SAAS,CAAC,CAAC2D,IAAI,CAAC,MAAMP,kBAAkB,CAAC,CAAC,CAAC;UAC5E,CAAC,MAAM;YACHjC,WAAW,CAACsC,IAAI,CAAC,QAAQ,CAAC;UAC9B;QACJ,CAAC;QACDN,WAAW,CAACS,MAAM,GAAIC,CAAC,IAAK;UACxB1C,WAAW,CAACsC,IAAI,CAAC,QAAQ,CAAC;QAC9B,CAAC;QACDN,WAAW,CAACW,SAAS,GAAGC,KAAK,IAAI;UAC7B,IAAMC,SAAiG,GAAGpB,IAAI,CAACqB,KAAK,CAACF,KAAK,CAAC5B,IAAI,CAAC;UAChIhB,WAAW,CAACsC,IAAI,CAAC;YACbrB,SAAS,EAAE4B,SAAS,CAAC5B,SAAS;YAC9BC,UAAU,EAAE2B,SAAS,CAAC3B;UAC1B,CAAC,CAAC;QACN,CAAC;MACL,CAAC;MACDe,kBAAkB,CAAC,CAAC;MAEpBlB,gBAAgB,CAAC1B,QAAQ,CAACV,IAAI,CAAC,MAAMqD,WAAW,IAAIA,WAAW,CAACO,KAAK,CAAC,CAAC,CAAC;MACxE,OAAOX,WAAW,CAAC,CAAC;IACxB,CAAC;EACL;EAEA3D,4BAA4B,CAAC2B,OAAO,CAACG,iBAAiB,EAAEgB,gBAAgB,CAAC;EAEzE,OAAOA,gBAAgB;AAC3B","ignoreList":[]}

package/dist/esm/plugins/server/endpoint-replication.js CHANGED Viewed

@@ -2,7 +2,7 @@ import { prepareQuery, getChangedDocumentsSinceQuery } from 'rxdb/plugins/core';
 import { getReplicationHandlerByCollection } from 'rxdb/plugins/replication-websocket';
 import { filter, mergeMap } from 'rxjs';
 import { ensureNotFalsy, lastOfArray } from 'rxdb/plugins/utils';
-import { docContainsServerOnlyFields, doesContainRegexQuerySelector, getAuthDataByRequest, getDocAllowedMatcher, mergeServerDocumentFieldsMonad, removeServerOnlyFieldsMonad, setCors } from "./helper.js";
+import { docContainsServerOnlyFields, doesContainRegexQuerySelector, getAuthDataByRequest, getDocAllowedMatcher, mergeServerDocumentFieldsMonad, removeServerOnlyFieldsMonad, setCors, stripServerOnlyFieldsMonad } from "./helper.js";
 export var RxServerReplicationEndpoint = function RxServerReplicationEndpoint(server, name, collection, queryModifier, changeValidator, serverOnlyFields, cors) {
   this.type = 'replication';
   this.server = server;
@@ -30,6 +30,7 @@ export var RxServerReplicationEndpoint = function RxServerReplicationEndpoint(se
   };
   var removeServerOnlyFields = removeServerOnlyFieldsMonad(this.serverOnlyFields);
   var mergeServerDocumentFields = mergeServerDocumentFieldsMonad(this.serverOnlyFields);
+  var stripServerOnlyFields = stripServerOnlyFieldsMonad(this.serverOnlyFields);
   this.server.adapter.get(this.server.serverApp, '/' + this.urlPath + '/pull', async (req, res) => {
     var authData = await getAuthDataByRequest(this.server, req, res);
     if (!authData) {
@@ -100,8 +101,14 @@ export var RxServerReplicationEndpoint = function RxServerReplicationEndpoint(se
         hasInvalidChange = true;
       }
       var serverDoc = currentStateDocs.get(id);
+      // When the document does not yet exist on the server, strip
+      // server-only fields from the new document state so a client
+      // cannot populate them on insert. Updates of existing docs
+      // are already protected because mergeServerDocumentFields
+      // overwrites those fields with the stored server value.
+      var newDocumentState = serverDoc ? mergeServerDocumentFields(row.newDocumentState, serverDoc) : stripServerOnlyFields(row.newDocumentState);
       return {
-        newDocumentState: mergeServerDocumentFields(row.newDocumentState, serverDoc),
+        newDocumentState,
         assumedMasterState: mergeServerDocumentFields(row.assumedMasterState, serverDoc)
       };
     });
@@ -111,7 +118,7 @@ export var RxServerReplicationEndpoint = function RxServerReplicationEndpoint(se
     }
     var conflicts = await replicationHandler.masterWrite(useRows);
     adapter.setResponseHeader(res, 'Content-Type', 'application/json');
-    adapter.endResponseJson(res, conflicts);
+    adapter.endResponseJson(res, conflicts.map(c => removeServerOnlyFields(c)));
   });
   this.server.adapter.get(this.server.serverApp, '/' + this.urlPath + '/pullStream', async (req, res) => {
     var authData = await getAuthDataByRequest(this.server, req, res);

package/dist/esm/plugins/server/endpoint-replication.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"endpoint-replication.js","names":["prepareQuery","getChangedDocumentsSinceQuery","getReplicationHandlerByCollection","filter","mergeMap","ensureNotFalsy","lastOfArray","docContainsServerOnlyFields","doesContainRegexQuerySelector","getAuthDataByRequest","getDocAllowedMatcher","mergeServerDocumentFieldsMonad","removeServerOnlyFieldsMonad","setCors","RxServerReplicationEndpoint","server","name","collection","queryModifier","changeValidator","serverOnlyFields","cors","type","adapter","join","blockPreviousReplicationVersionPaths","schema","version","urlPath","primaryPath","replicationHandler","database","authData","query","selector","Error","change","assumedMasterState","newDocumentState","removeServerOnlyFields","mergeServerDocumentFields","get","serverApp","req","res","urlQuery","getRequestQuery","id","lwt","parseFloat","limit","parseInt","plainQuery","storageInstance","useQueryChanges","prepared","jsonSchema","result","newCheckpoint","documents","length","_meta","responseDocuments","map","d","setResponseHeader","endResponseJson","checkpoint","post","docDataMatcherWrite","rows","getRequestBody","ids","forEach","row","push","nonAllowedRow","find","closeConnection","hasInvalidChange","currentStateDocsArray","findDocumentsById","currentStateDocs","Map","set","useRows","isChangeValid","serverDoc","conflicts","masterWrite","setSSEHeaders","docDataMatcherStream","subscription","masterChangeStream$","pipe","changes","authHandler","getRequestHeaders","err","useDocs","f","subscribe","filteredAndModified","responseWrite","JSON","stringify","onRequestClose","unsubscribe","endResponse","path","currentVersion","v","_loop","subPath","all"],"sources":["../../../../src/plugins/server/endpoint-replication.ts"],"sourcesContent":["import {\n FilledMangoQuery,\n RxCollection,\n RxReplicationHandler,\n RxReplicationWriteToMasterRow,\n StringKeys,\n prepareQuery,\n getChangedDocumentsSinceQuery,\n RxDocumentData\n} from 'rxdb/plugins/core';\nimport { getReplicationHandlerByCollection } from 'rxdb/plugins/replication-websocket';\nimport type { RxServer } from './rx-server.ts';\nimport type {\n RxServerAuthData,\n RxServerChangeValidator,\n RxServerEndpoint,\n RxServerQueryModifier\n} from './types.ts';\nimport { filter, mergeMap } from 'rxjs';\nimport {\n ensureNotFalsy,\n lastOfArray\n} from 'rxdb/plugins/utils';\n\nimport {\n docContainsServerOnlyFields,\n doesContainRegexQuerySelector,\n getAuthDataByRequest,\n getDocAllowedMatcher,\n mergeServerDocumentFieldsMonad,\n removeServerOnlyFieldsMonad,\n setCors\n} from './helper.ts';\nimport type { RxServerCheckpoint } from '../replication-server/types.ts';\n\nexport type RxReplicationEndpointMessageType = {\n id: string;\n method: StringKeys<RxReplicationHandler<any, any>> \| 'auth';\n params: any[];\n};\n\nexport class RxServerReplicationEndpoint<ServerAppType, AuthType, RxDocType> implements RxServerEndpoint<AuthType, RxDocType> {\n readonly type = 'replication';\n readonly urlPath: string;\n readonly changeValidator: RxServerChangeValidator<AuthType, RxDocType>;\n readonly queryModifier: RxServerQueryModifier<AuthType, RxDocType>;\n constructor(\n public readonly server: RxServer<ServerAppType, AuthType>,\n public readonly name: string,\n public readonly collection: RxCollection<RxDocType>,\n queryModifier: RxServerQueryModifier<AuthType, RxDocType>,\n changeValidator: RxServerChangeValidator<AuthType, RxDocType>,\n public readonly serverOnlyFields: string[],\n public readonly cors?: string,\n ) {\n const adapter = this.server.adapter;\n\n setCors(this.server, [this.name].join('/'), cors);\n blockPreviousReplicationVersionPaths(this.server, [this.name].join('/'), collection.schema.version);\n\n this.urlPath = [this.name, collection.schema.version].join('/');\n\n const primaryPath = this.collection.schema.primaryPath;\n const replicationHandler: RxReplicationHandler<RxDocType, RxServerCheckpoint> = getReplicationHandlerByCollection<RxDocType>(this.server.database, collection.name);\n this.queryModifier = (authData, query) => {\n if (doesContainRegexQuerySelector(query.selector)) {\n throw new Error('$regex queries not allowed because of DOS-attacks');\n }\n return queryModifier(authData, query);\n }\n this.changeValidator = (authData, change) => {\n if (\n (change.assumedMasterState && docContainsServerOnlyFields(serverOnlyFields, change.assumedMasterState)) \|\|\n docContainsServerOnlyFields(serverOnlyFields, change.newDocumentState)\n ) {\n return false;\n }\n return changeValidator(authData, change);\n }\n const removeServerOnlyFields = removeServerOnlyFieldsMonad<RxDocType>(this.serverOnlyFields);\n const mergeServerDocumentFields = mergeServerDocumentFieldsMonad<RxDocType>(this.serverOnlyFields);\n\n this.server.adapter.get(this.server.serverApp, '/' + this.urlPath + '/pull', async (req: any, res: any) => {\n const authData = await getAuthDataByRequest(this.server, req, res);\n if (!authData) { return; }\n\n const urlQuery = adapter.getRequestQuery(req);\n const id = urlQuery.id ? urlQuery.id as string : '';\n const lwt = urlQuery.lwt ? parseFloat(urlQuery.lwt as string) : 0;\n const limit = urlQuery.limit ? parseInt(urlQuery.limit as string, 10) : 1;\n const plainQuery = getChangedDocumentsSinceQuery<RxDocType, RxServerCheckpoint>(\n this.collection.storageInstance,\n limit,\n { id, lwt }\n );\n const useQueryChanges: FilledMangoQuery<RxDocType> = this.queryModifier(\n ensureNotFalsy(authData),\n plainQuery\n );\n const prepared = prepareQuery<RxDocType>(\n this.collection.schema.jsonSchema,\n useQueryChanges\n );\n const result = await this.collection.storageInstance.query(prepared);\n\n const newCheckpoint: RxServerCheckpoint = result.documents.length === 0 ? { id, lwt } : {\n id: ensureNotFalsy(lastOfArray(result.documents))[primaryPath] as string,\n lwt: ensureNotFalsy(lastOfArray(result.documents))._meta.lwt\n };\n const responseDocuments = result.documents.map(d => removeServerOnlyFields(d));\n adapter.setResponseHeader(res, 'Content-Type', 'application/json');\n adapter.endResponseJson(res, {\n documents: responseDocuments,\n checkpoint: newCheckpoint\n });\n });\n\n this.server.adapter.post(this.server.serverApp, '/' + this.urlPath + '/push', async (req: any, res: any) => {\n const authData = await getAuthDataByRequest(this.server, req, res);\n if (!authData) { return; }\n\n const docDataMatcherWrite = getDocAllowedMatcher(this, ensureNotFalsy(authData as any));\n const rows: RxReplicationWriteToMasterRow<RxDocType>[] = adapter.getRequestBody(req);\n const ids: string[] = [];\n rows.forEach(row => ids.push((row.newDocumentState as any)[primaryPath]));\n\n for (const row of rows) {\n // TODO remove this check\n if (row.assumedMasterState && (row.assumedMasterState as any)._meta) {\n throw new Error('body document contains meta!');\n }\n }\n\n // ensure all writes are allowed\n const nonAllowedRow = rows.find(row => {\n if (\n !docDataMatcherWrite(row.newDocumentState as any) \|\|\n (row.assumedMasterState && !docDataMatcherWrite(row.assumedMasterState as any))\n ) {\n return true;\n }\n });\n if (nonAllowedRow) {\n adapter.closeConnection(res, 403, 'Forbidden');\n return;\n }\n let hasInvalidChange = false;\n\n const currentStateDocsArray = await this.collection.storageInstance.findDocumentsById(ids, true);\n const currentStateDocs = new Map<string, RxDocumentData<RxDocType>>();\n currentStateDocsArray.forEach(d => currentStateDocs.set((d as any)[primaryPath], d));\n\n const useRows: typeof rows = rows.map((row) => {\n const id = (row.newDocumentState as any)[primaryPath];\n const isChangeValid = this.changeValidator(ensureNotFalsy(authData), {\n newDocumentState: removeServerOnlyFields(row.newDocumentState),\n assumedMasterState: removeServerOnlyFields(row.assumedMasterState)\n });\n if (!isChangeValid) {\n hasInvalidChange = true;\n }\n\n const serverDoc = currentStateDocs.get(id);\n return {\n newDocumentState: mergeServerDocumentFields(row.newDocumentState, serverDoc),\n assumedMasterState: mergeServerDocumentFields(row.assumedMasterState as any, serverDoc)\n } as typeof row;\n });\n if (hasInvalidChange) {\n adapter.closeConnection(res, 403, 'Forbidden');\n return;\n }\n\n const conflicts = await replicationHandler.masterWrite(useRows);\n\n adapter.setResponseHeader(res, 'Content-Type', 'application/json');\n adapter.endResponseJson(res, conflicts);\n });\n this.server.adapter.get(this.server.serverApp, '/' + this.urlPath + '/pullStream', async (req, res) => {\n\n const authData = await getAuthDataByRequest<AuthType, any, any>(this.server, req, res);\n if (!authData) { return; }\n\n adapter.setSSEHeaders(res);\n const docDataMatcherStream = getDocAllowedMatcher(this, ensureNotFalsy(authData));\n const subscription = replicationHandler.masterChangeStream$.pipe(\n mergeMap(async (changes) => {\n /*\n The auth-data might be expired\n * so we re-run the auth parsing each time\n * before emitting an event.\n /\n let authData: RxServerAuthData<AuthType>;\n try {\n authData = await server.authHandler(adapter.getRequestHeaders(req));\n } catch (err) {\n adapter.closeConnection(res, 401, 'Unauthorized');\n return null;\n }\n\n if (changes === 'RESYNC') {\n return changes;\n } else {\n const useDocs = changes.documents.filter(d => docDataMatcherStream(d as any));\n return {\n documents: useDocs,\n checkpoint: changes.checkpoint\n };\n }\n }),\n filter(f => f !== null && (f === 'RESYNC' \|\| f.documents.length > 0))\n ).subscribe(filteredAndModified => {\n if (filteredAndModified === 'RESYNC') {\n adapter.responseWrite(res, 'data: ' + JSON.stringify(filteredAndModified) + '\\n\\n');\n } else {\n const responseDocuments = ensureNotFalsy(filteredAndModified).documents.map(d => removeServerOnlyFields(d as any));\n adapter.responseWrite(\n res,\n 'data: ' + JSON.stringify({\n documents: responseDocuments,\n checkpoint: ensureNotFalsy(filteredAndModified).checkpoint\n }) + '\\n\\n'\n );\n }\n\n });\n\n /\n @link https://youtu.be/0PcMuYGJPzM?si=AxkczxcMaUwhh8k9&t=363\n /\n adapter.onRequestClose(req, () => {\n subscription.unsubscribe();\n adapter.endResponse(res);\n });\n });\n }\n}\n\n\n/\n \"block\" the previous version urls and send a 426 on them so that\n * the clients know they must update.\n /\nexport function blockPreviousReplicationVersionPaths(\n server: RxServer<any, any>,\n path: string,\n currentVersion: number\n\n) {\n let v = 0;\n while (v < currentVersion) {\n const version = v;\n /\n Some adapters do not allow regex or handle them property (like Koa),\n * so to make it easier, use the hard-coded array of path parts.\n */\n [\n '',\n 'pull',\n 'push',\n 'pullStream'\n ].forEach(subPath => {\n server.adapter.all(server.serverApp, '/' + path + '/' + version + '/' + subPath, (req, res) => {\n server.adapter.closeConnection(res, 426, 'Outdated version ' + version + ' (newest is ' + currentVersion + ')');\n });\n });\n v++;\n }\n}\n"],"mappings":"AAAA,SAMIA,YAAY,EACZC,6BAA6B,QAE1B,mBAAmB;AAC1B,SAASC,iCAAiC,QAAQ,oCAAoC;AAQtF,SAASC,MAAM,EAAEC,QAAQ,QAAQ,MAAM;AACvC,SACIC,cAAc,EACdC,WAAW,QACR,oBAAoB;AAE3B,SACIC,2BAA2B,EAC3BC,6BAA6B,EAC7BC,oBAAoB,EACpBC,oBAAoB,EACpBC,8BAA8B,EAC9BC,2BAA2B,EAC3BC,OAAO,QACJ,aAAa;AASpB,WAAaC,2BAA2B,GAKpC,SAAAA,4BACoBC,MAAyC,EACzCC,IAAY,EACZC,UAAmC,EACnDC,aAAyD,EACzDC,eAA6D,EAC7CC,gBAA0B,EAC1BC,IAAa,EAC/B;EAAA,KAZOC,IAAI,GAAG,aAAa;EAAA,KAKTP,MAAyC,GAAzCA,MAAyC;EAAA,KACzCC,IAAY,GAAZA,IAAY;EAAA,KACZC,UAAmC,GAAnCA,UAAmC;EAAA,KAGnCG,gBAA0B,GAA1BA,gBAA0B;EAAA,KAC1BC,IAAa,GAAbA,IAAa;EAE7B,IAAME,OAAO,GAAG,IAAI,CAACR,MAAM,CAACQ,OAAO;EAEnCV,OAAO,CAAC,IAAI,CAACE,MAAM,EAAE,CAAC,IAAI,CAACC,IAAI,CAAC,CAACQ,IAAI,CAAC,GAAG,CAAC,EAAEH,IAAI,CAAC;EACjDI,oCAAoC,CAAC,IAAI,CAACV,MAAM,EAAE,CAAC,IAAI,CAACC,IAAI,CAAC,CAACQ,IAAI,CAAC,GAAG,CAAC,EAAEP,UAAU,CAACS,MAAM,CAACC,OAAO,CAAC;EAEnG,IAAI,CAACC,OAAO,GAAG,CAAC,IAAI,CAACZ,IAAI,EAAEC,UAAU,CAACS,MAAM,CAACC,OAAO,CAAC,CAACH,IAAI,CAAC,GAAG,CAAC;EAE/D,IAAMK,WAAW,GAAG,IAAI,CAACZ,UAAU,CAACS,MAAM,CAACG,WAAW;EACtD,IAAMC,kBAAuE,GAAG5B,iCAAiC,CAAY,IAAI,CAACa,MAAM,CAACgB,QAAQ,EAAEd,UAAU,CAACD,IAAI,CAAC;EACnK,IAAI,CAACE,aAAa,GAAG,CAACc,QAAQ,EAAEC,KAAK,KAAK;IACtC,IAAIzB,6BAA6B,CAACyB,KAAK,CAACC,QAAQ,CAAC,EAAE;MAC/C,MAAM,IAAIC,KAAK,CAAC,mDAAmD,CAAC;IACxE;IACA,OAAOjB,aAAa,CAACc,QAAQ,EAAEC,KAAK,CAAC;EACzC,CAAC;EACD,IAAI,CAACd,eAAe,GAAG,CAACa,QAAQ,EAAEI,MAAM,KAAK;IACzC,IACKA,MAAM,CAACC,kBAAkB,IAAI9B,2BAA2B,CAACa,gBAAgB,EAAEgB,MAAM,CAACC,kBAAkB,CAAC,IACtG9B,2BAA2B,CAACa,gBAAgB,EAAEgB,MAAM,CAACE,gBAAgB,CAAC,EACxE;MACE,OAAO,KAAK;IAChB;IACA,OAAOnB,eAAe,CAACa,QAAQ,EAAEI,MAAM,CAAC;EAC5C,CAAC;EACD,IAAMG,sBAAsB,GAAG3B,2BAA2B,CAAY,IAAI,CAACQ,gBAAgB,CAAC;EAC5F,IAAMoB,yBAAyB,GAAG7B,8BAA8B,CAAY,IAAI,CAACS,gBAAgB,CAAC;EAElG,IAAI,CAACL,MAAM,CAACQ,OAAO,CAACkB,GAAG,CAAC,IAAI,CAAC1B,MAAM,CAAC2B,SAAS,EAAE,GAAG,GAAG,IAAI,CAACd,OAAO,GAAG,OAAO,EAAE,OAAOe,GAAQ,EAAEC,GAAQ,KAAK;IACvG,IAAMZ,QAAQ,GAAG,MAAMvB,oBAAoB,CAAC,IAAI,CAACM,MAAM,EAAE4B,GAAG,EAAEC,GAAG,CAAC;IAClE,IAAI,CAACZ,QAAQ,EAAE;MAAE;IAAQ;IAEzB,IAAMa,QAAQ,GAAGtB,OAAO,CAACuB,eAAe,CAACH,GAAG,CAAC;IAC7C,IAAMI,EAAE,GAAGF,QAAQ,CAACE,EAAE,GAAGF,QAAQ,CAACE,EAAE,GAAa,EAAE;IACnD,IAAMC,GAAG,GAAGH,QAAQ,CAACG,GAAG,GAAGC,UAAU,CAACJ,QAAQ,CAACG,GAAa,CAAC,GAAG,CAAC;IACjE,IAAME,KAAK,GAAGL,QAAQ,CAACK,KAAK,GAAGC,QAAQ,CAACN,QAAQ,CAACK,KAAK,EAAY,EAAE,CAAC,GAAG,CAAC;IACzE,IAAME,UAAU,GAAGnD,6BAA6B,CAC5C,IAAI,CAACgB,UAAU,CAACoC,eAAe,EAC/BH,KAAK,EACL;MAAEH,EAAE;MAAEC;IAAI,CACd,CAAC;IACD,IAAMM,eAA4C,GAAG,IAAI,CAACpC,aAAa,CACnEb,cAAc,CAAC2B,QAAQ,CAAC,EACxBoB,UACJ,CAAC;IACD,IAAMG,QAAQ,GAAGvD,YAAY,CACzB,IAAI,CAACiB,UAAU,CAACS,MAAM,CAAC8B,UAAU,EACjCF,eACJ,CAAC;IACD,IAAMG,MAAM,GAAG,MAAM,IAAI,CAACxC,UAAU,CAACoC,eAAe,CAACpB,KAAK,CAACsB,QAAQ,CAAC;IAEpE,IAAMG,aAAiC,GAAGD,MAAM,CAACE,SAAS,CAACC,MAAM,KAAK,CAAC,GAAG;MAAEb,EAAE;MAAEC;IAAI,CAAC,GAAG;MACpFD,EAAE,EAAE1C,cAAc,CAACC,WAAW,CAACmD,MAAM,CAACE,SAAS,CAAC,CAAC,CAAC9B,WAAW,CAAW;MACxEmB,GAAG,EAAE3C,cAAc,CAACC,WAAW,CAACmD,MAAM,CAACE,SAAS,CAAC,CAAC,CAACE,KAAK,CAACb;IAC7D,CAAC;IACD,IAAMc,iBAAiB,GAAGL,MAAM,CAACE,SAAS,CAACI,GAAG,CAACC,CAAC,IAAIzB,sBAAsB,CAACyB,CAAC,CAAC,CAAC;IAC9EzC,OAAO,CAAC0C,iBAAiB,CAACrB,GAAG,EAAE,cAAc,EAAE,kBAAkB,CAAC;IAClErB,OAAO,CAAC2C,eAAe,CAACtB,GAAG,EAAE;MACzBe,SAAS,EAAEG,iBAAiB;MAC5BK,UAAU,EAAET;IAChB,CAAC,CAAC;EACN,CAAC,CAAC;EAEF,IAAI,CAAC3C,MAAM,CAACQ,OAAO,CAAC6C,IAAI,CAAC,IAAI,CAACrD,MAAM,CAAC2B,SAAS,EAAE,GAAG,GAAG,IAAI,CAACd,OAAO,GAAG,OAAO,EAAE,OAAOe,GAAQ,EAAEC,GAAQ,KAAK;IACxG,IAAMZ,QAAQ,GAAG,MAAMvB,oBAAoB,CAAC,IAAI,CAACM,MAAM,EAAE4B,GAAG,EAAEC,GAAG,CAAC;IAClE,IAAI,CAACZ,QAAQ,EAAE;MAAE;IAAQ;IAEzB,IAAMqC,mBAAmB,GAAG3D,oBAAoB,CAAC,IAAI,EAAEL,cAAc,CAAC2B,QAAe,CAAC,CAAC;IACvF,IAAMsC,IAAgD,GAAG/C,OAAO,CAACgD,cAAc,CAAC5B,GAAG,CAAC;IACpF,IAAM6B,GAAa,GAAG,EAAE;IACxBF,IAAI,CAACG,OAAO,CAACC,GAAG,IAAIF,GAAG,CAACG,IAAI,CAAED,GAAG,CAACpC,gBAAgB,CAAST,WAAW,CAAC,CAAC,CAAC;IAEzE,KAAK,IAAM6C,GAAG,IAAIJ,IAAI,EAAE;MACpB;MACA,IAAII,GAAG,CAACrC,kBAAkB,IAAKqC,GAAG,CAACrC,kBAAkB,CAASwB,KAAK,EAAE;QACjE,MAAM,IAAI1B,KAAK,CAAC,8BAA8B,CAAC;MACnD;IACJ;;IAEA;IACA,IAAMyC,aAAa,GAAGN,IAAI,CAACO,IAAI,CAACH,GAAG,IAAI;MACnC,IACI,CAACL,mBAAmB,CAACK,GAAG,CAACpC,gBAAuB,CAAC,IAChDoC,GAAG,CAACrC,kBAAkB,IAAI,CAACgC,mBAAmB,CAACK,GAAG,CAACrC,kBAAyB,CAAE,EACjF;QACE,OAAO,IAAI;MACf;IACJ,CAAC,CAAC;IACF,IAAIuC,aAAa,EAAE;MACfrD,OAAO,CAACuD,eAAe,CAAClC,GAAG,EAAE,GAAG,EAAE,WAAW,CAAC;MAC9C;IACJ;IACA,IAAImC,gBAAgB,GAAG,KAAK;IAE5B,IAAMC,qBAAqB,GAAG,MAAM,IAAI,CAAC/D,UAAU,CAACoC,eAAe,CAAC4B,iBAAiB,CAACT,GAAG,EAAE,IAAI,CAAC;IAChG,IAAMU,gBAAgB,GAAG,IAAIC,GAAG,CAAoC,CAAC;IACrEH,qBAAqB,CAACP,OAAO,CAACT,CAAC,IAAIkB,gBAAgB,CAACE,GAAG,CAAEpB,CAAC,CAASnC,WAAW,CAAC,EAAEmC,CAAC,CAAC,CAAC;IAEpF,IAAMqB,OAAoB,GAAGf,IAAI,CAACP,GAAG,CAAEW,GAAG,IAAK;MAC3C,IAAM3B,EAAE,GAAI2B,GAAG,CAACpC,gBAAgB,CAAST,WAAW,CAAC;MACrD,IAAMyD,aAAa,GAAG,IAAI,CAACnE,eAAe,CAACd,cAAc,CAAC2B,QAAQ,CAAC,EAAE;QACjEM,gBAAgB,EAAEC,sBAAsB,CAACmC,GAAG,CAACpC,gBAAgB,CAAC;QAC9DD,kBAAkB,EAAEE,sBAAsB,CAACmC,GAAG,CAACrC,kBAAkB;MACrE,CAAC,CAAC;MACF,IAAI,CAACiD,aAAa,EAAE;QAChBP,gBAAgB,GAAG,IAAI;MAC3B;MAEA,IAAMQ,SAAS,GAAGL,gBAAgB,CAACzC,GAAG,CAACM,EAAE,CAAC;MAC1C,OAAO;QACHT,gBAAgB,EAAEE,yBAAyB,CAACkC,GAAG,CAACpC,gBAAgB,EAAEiD,SAAS,CAAC;QAC5ElD,kBAAkB,EAAEG,yBAAyB,CAACkC,GAAG,CAACrC,kBAAkB,EAASkD,SAAS;MAC1F,CAAC;IACL,CAAC,CAAC;IACF,IAAIR,gBAAgB,EAAE;MAClBxD,OAAO,CAACuD,eAAe,CAAClC,GAAG,EAAE,GAAG,EAAE,WAAW,CAAC;MAC9C;IACJ;IAEA,IAAM4C,SAAS,GAAG,MAAM1D,kBAAkB,CAAC2D,WAAW,CAACJ,OAAO,CAAC;IAE/D9D,OAAO,CAAC0C,iBAAiB,CAACrB,GAAG,EAAE,cAAc,EAAE,kBAAkB,CAAC;IAClErB,OAAO,CAAC2C,eAAe,CAACtB,GAAG,EAAE4C,SAAS,CAAC;EAC3C,CAAC,CAAC;EACF,IAAI,CAACzE,MAAM,CAACQ,OAAO,CAACkB,GAAG,CAAC,IAAI,CAAC1B,MAAM,CAAC2B,SAAS,EAAE,GAAG,GAAG,IAAI,CAACd,OAAO,GAAG,aAAa,EAAE,OAAOe,GAAG,EAAEC,GAAG,KAAK;IAEnG,IAAMZ,QAAQ,GAAG,MAAMvB,oBAAoB,CAAqB,IAAI,CAACM,MAAM,EAAE4B,GAAG,EAAEC,GAAG,CAAC;IACtF,IAAI,CAACZ,QAAQ,EAAE;MAAE;IAAQ;IAEzBT,OAAO,CAACmE,aAAa,CAAC9C,GAAG,CAAC;IAC1B,IAAM+C,oBAAoB,GAAGjF,oBAAoB,CAAC,IAAI,EAAEL,cAAc,CAAC2B,QAAQ,CAAC,CAAC;IACjF,IAAM4D,YAAY,GAAG9D,kBAAkB,CAAC+D,mBAAmB,CAACC,IAAI,CAC5D1F,QAAQ,CAAC,MAAO2F,OAAO,IAAK;MACxB;AACpB;AACA;AACA;AACA;MACoB,IAAI/D,QAAoC;MACxC,IAAI;QACAA,QAAQ,GAAG,MAAMjB,MAAM,CAACiF,WAAW,CAACzE,OAAO,CAAC0E,iBAAiB,CAACtD,GAAG,CAAC,CAAC;MACvE,CAAC,CAAC,OAAOuD,GAAG,EAAE;QACV3E,OAAO,CAACuD,eAAe,CAAClC,GAAG,EAAE,GAAG,EAAE,cAAc,CAAC;QACjD,OAAO,IAAI;MACf;MAEA,IAAImD,OAAO,KAAK,QAAQ,EAAE;QACtB,OAAOA,OAAO;MAClB,CAAC,MAAM;QACH,IAAMI,OAAO,GAAGJ,OAAO,CAACpC,SAAS,CAACxD,MAAM,CAAC6D,CAAC,IAAI2B,oBAAoB,CAAC3B,CAAQ,CAAC,CAAC;QAC7E,OAAO;UACHL,SAAS,EAAEwC,OAAO;UAClBhC,UAAU,EAAE4B,OAAO,CAAC5B;QACxB,CAAC;MACL;IACJ,CAAC,CAAC,EACFhE,MAAM,CAACiG,CAAC,IAAIA,CAAC,KAAK,IAAI,KAAKA,CAAC,KAAK,QAAQ,IAAIA,CAAC,CAACzC,SAAS,CAACC,MAAM,GAAG,CAAC,CAAC,CACxE,CAAC,CAACyC,SAAS,CAACC,mBAAmB,IAAI;MAC/B,IAAIA,mBAAmB,KAAK,QAAQ,EAAE;QAClC/E,OAAO,CAACgF,aAAa,CAAC3D,GAAG,EAAE,QAAQ,GAAG4D,IAAI,CAACC,SAAS,CAACH,mBAAmB,CAAC,GAAG,MAAM,CAAC;MACvF,CAAC,MAAM;QACH,IAAMxC,iBAAiB,GAAGzD,cAAc,CAACiG,mBAAmB,CAAC,CAAC3C,SAAS,CAACI,GAAG,CAACC,CAAC,IAAIzB,sBAAsB,CAACyB,CAAQ,CAAC,CAAC;QAClHzC,OAAO,CAACgF,aAAa,CACjB3D,GAAG,EACH,QAAQ,GAAG4D,IAAI,CAACC,SAAS,CAAC;UACtB9C,SAAS,EAAEG,iBAAiB;UAC5BK,UAAU,EAAE9D,cAAc,CAACiG,mBAAmB,CAAC,CAACnC;QACpD,CAAC,CAAC,GAAG,MACT,CAAC;MACL;IAEJ,CAAC,CAAC;;IAEF;AACZ;AACA;IACY5C,OAAO,CAACmF,cAAc,CAAC/D,GAAG,EAAE,MAAM;MAC9BiD,YAAY,CAACe,WAAW,CAAC,CAAC;MAC1BpF,OAAO,CAACqF,WAAW,CAAChE,GAAG,CAAC;IAC5B,CAAC,CAAC;EACN,CAAC,CAAC;AACN,CAAC;;AAIL;AACA;AACA;AACA;AACA,OAAO,SAASnB,oCAAoCA,CAChDV,MAA0B,EAC1B8F,IAAY,EACZC,cAAsB,EAExB;EACE,IAAIC,CAAC,GAAG,CAAC;EAAC,IAAAC,KAAA,YAAAA,CAAA,EACiB;IACvB,IAAMrF,OAAO,GAAGoF,CAAC;IACjB;AACR;AACA;AACA;IACQ,CACI,EAAE,EACF,MAAM,EACN,MAAM,EACN,YAAY,CACf,CAACtC,OAAO,CAACwC,OAAO,IAAI;MACjBlG,MAAM,CAACQ,OAAO,CAAC2F,GAAG,CAACnG,MAAM,CAAC2B,SAAS,EAAE,GAAG,GAAGmE,IAAI,GAAG,GAAG,GAAGlF,OAAO,GAAG,GAAG,GAAGsF,OAAO,EAAE,CAACtE,GAAG,EAAEC,GAAG,KAAK;QAC3F7B,MAAM,CAACQ,OAAO,CAACuD,eAAe,CAAClC,GAAG,EAAE,GAAG,EAAE,mBAAmB,GAAGjB,OAAO,GAAG,cAAc,GAAGmF,cAAc,GAAG,GAAG,CAAC;MACnH,CAAC,CAAC;IACN,CAAC,CAAC;IACFC,CAAC,EAAE;EACP,CAAC;EAjBD,OAAOA,CAAC,GAAGD,cAAc;IAAAE,KAAA;EAAA;AAkB7B","ignoreList":[]}
1	+ {"version":3,"file":"endpoint-replication.js","names":["prepareQuery","getChangedDocumentsSinceQuery","getReplicationHandlerByCollection","filter","mergeMap","ensureNotFalsy","lastOfArray","docContainsServerOnlyFields","doesContainRegexQuerySelector","getAuthDataByRequest","getDocAllowedMatcher","mergeServerDocumentFieldsMonad","removeServerOnlyFieldsMonad","setCors","stripServerOnlyFieldsMonad","RxServerReplicationEndpoint","server","name","collection","queryModifier","changeValidator","serverOnlyFields","cors","type","adapter","join","blockPreviousReplicationVersionPaths","schema","version","urlPath","primaryPath","replicationHandler","database","authData","query","selector","Error","change","assumedMasterState","newDocumentState","removeServerOnlyFields","mergeServerDocumentFields","stripServerOnlyFields","get","serverApp","req","res","urlQuery","getRequestQuery","id","lwt","parseFloat","limit","parseInt","plainQuery","storageInstance","useQueryChanges","prepared","jsonSchema","result","newCheckpoint","documents","length","_meta","responseDocuments","map","d","setResponseHeader","endResponseJson","checkpoint","post","docDataMatcherWrite","rows","getRequestBody","ids","forEach","row","push","nonAllowedRow","find","closeConnection","hasInvalidChange","currentStateDocsArray","findDocumentsById","currentStateDocs","Map","set","useRows","isChangeValid","serverDoc","conflicts","masterWrite","c","setSSEHeaders","docDataMatcherStream","subscription","masterChangeStream$","pipe","changes","authHandler","getRequestHeaders","err","useDocs","f","subscribe","filteredAndModified","responseWrite","JSON","stringify","onRequestClose","unsubscribe","endResponse","path","currentVersion","v","_loop","subPath","all"],"sources":["../../../../src/plugins/server/endpoint-replication.ts"],"sourcesContent":["import {\n FilledMangoQuery,\n RxCollection,\n RxReplicationHandler,\n RxReplicationWriteToMasterRow,\n StringKeys,\n prepareQuery,\n getChangedDocumentsSinceQuery,\n RxDocumentData\n} from 'rxdb/plugins/core';\nimport { getReplicationHandlerByCollection } from 'rxdb/plugins/replication-websocket';\nimport type { RxServer } from './rx-server.ts';\nimport type {\n RxServerAuthData,\n RxServerChangeValidator,\n RxServerEndpoint,\n RxServerQueryModifier\n} from './types.ts';\nimport { filter, mergeMap } from 'rxjs';\nimport {\n ensureNotFalsy,\n lastOfArray\n} from 'rxdb/plugins/utils';\n\nimport {\n docContainsServerOnlyFields,\n doesContainRegexQuerySelector,\n getAuthDataByRequest,\n getDocAllowedMatcher,\n mergeServerDocumentFieldsMonad,\n removeServerOnlyFieldsMonad,\n setCors,\n stripServerOnlyFieldsMonad\n} from './helper.ts';\nimport type { RxServerCheckpoint } from '../replication-server/types.ts';\n\nexport type RxReplicationEndpointMessageType = {\n id: string;\n method: StringKeys<RxReplicationHandler<any, any>> \| 'auth';\n params: any[];\n};\n\nexport class RxServerReplicationEndpoint<ServerAppType, AuthType, RxDocType> implements RxServerEndpoint<AuthType, RxDocType> {\n readonly type = 'replication';\n readonly urlPath: string;\n readonly changeValidator: RxServerChangeValidator<AuthType, RxDocType>;\n readonly queryModifier: RxServerQueryModifier<AuthType, RxDocType>;\n constructor(\n public readonly server: RxServer<ServerAppType, AuthType>,\n public readonly name: string,\n public readonly collection: RxCollection<RxDocType>,\n queryModifier: RxServerQueryModifier<AuthType, RxDocType>,\n changeValidator: RxServerChangeValidator<AuthType, RxDocType>,\n public readonly serverOnlyFields: string[],\n public readonly cors?: string,\n ) {\n const adapter = this.server.adapter;\n\n setCors(this.server, [this.name].join('/'), cors);\n blockPreviousReplicationVersionPaths(this.server, [this.name].join('/'), collection.schema.version);\n\n this.urlPath = [this.name, collection.schema.version].join('/');\n\n const primaryPath = this.collection.schema.primaryPath;\n const replicationHandler: RxReplicationHandler<RxDocType, RxServerCheckpoint> = getReplicationHandlerByCollection<RxDocType>(this.server.database, collection.name);\n this.queryModifier = (authData, query) => {\n if (doesContainRegexQuerySelector(query.selector)) {\n throw new Error('$regex queries not allowed because of DOS-attacks');\n }\n return queryModifier(authData, query);\n }\n this.changeValidator = (authData, change) => {\n if (\n (change.assumedMasterState && docContainsServerOnlyFields(serverOnlyFields, change.assumedMasterState)) \|\|\n docContainsServerOnlyFields(serverOnlyFields, change.newDocumentState)\n ) {\n return false;\n }\n return changeValidator(authData, change);\n }\n const removeServerOnlyFields = removeServerOnlyFieldsMonad<RxDocType>(this.serverOnlyFields);\n const mergeServerDocumentFields = mergeServerDocumentFieldsMonad<RxDocType>(this.serverOnlyFields);\n const stripServerOnlyFields = stripServerOnlyFieldsMonad<RxDocType>(this.serverOnlyFields);\n\n this.server.adapter.get(this.server.serverApp, '/' + this.urlPath + '/pull', async (req: any, res: any) => {\n const authData = await getAuthDataByRequest(this.server, req, res);\n if (!authData) { return; }\n\n const urlQuery = adapter.getRequestQuery(req);\n const id = urlQuery.id ? urlQuery.id as string : '';\n const lwt = urlQuery.lwt ? parseFloat(urlQuery.lwt as string) : 0;\n const limit = urlQuery.limit ? parseInt(urlQuery.limit as string, 10) : 1;\n const plainQuery = getChangedDocumentsSinceQuery<RxDocType, RxServerCheckpoint>(\n this.collection.storageInstance,\n limit,\n { id, lwt }\n );\n const useQueryChanges: FilledMangoQuery<RxDocType> = this.queryModifier(\n ensureNotFalsy(authData),\n plainQuery\n );\n const prepared = prepareQuery<RxDocType>(\n this.collection.schema.jsonSchema,\n useQueryChanges\n );\n const result = await this.collection.storageInstance.query(prepared);\n\n const newCheckpoint: RxServerCheckpoint = result.documents.length === 0 ? { id, lwt } : {\n id: ensureNotFalsy(lastOfArray(result.documents))[primaryPath] as string,\n lwt: ensureNotFalsy(lastOfArray(result.documents))._meta.lwt\n };\n const responseDocuments = result.documents.map(d => removeServerOnlyFields(d));\n adapter.setResponseHeader(res, 'Content-Type', 'application/json');\n adapter.endResponseJson(res, {\n documents: responseDocuments,\n checkpoint: newCheckpoint\n });\n });\n\n this.server.adapter.post(this.server.serverApp, '/' + this.urlPath + '/push', async (req: any, res: any) => {\n const authData = await getAuthDataByRequest(this.server, req, res);\n if (!authData) { return; }\n\n const docDataMatcherWrite = getDocAllowedMatcher(this, ensureNotFalsy(authData as any));\n const rows: RxReplicationWriteToMasterRow<RxDocType>[] = adapter.getRequestBody(req);\n const ids: string[] = [];\n rows.forEach(row => ids.push((row.newDocumentState as any)[primaryPath]));\n\n for (const row of rows) {\n // TODO remove this check\n if (row.assumedMasterState && (row.assumedMasterState as any)._meta) {\n throw new Error('body document contains meta!');\n }\n }\n\n // ensure all writes are allowed\n const nonAllowedRow = rows.find(row => {\n if (\n !docDataMatcherWrite(row.newDocumentState as any) \|\|\n (row.assumedMasterState && !docDataMatcherWrite(row.assumedMasterState as any))\n ) {\n return true;\n }\n });\n if (nonAllowedRow) {\n adapter.closeConnection(res, 403, 'Forbidden');\n return;\n }\n let hasInvalidChange = false;\n\n const currentStateDocsArray = await this.collection.storageInstance.findDocumentsById(ids, true);\n const currentStateDocs = new Map<string, RxDocumentData<RxDocType>>();\n currentStateDocsArray.forEach(d => currentStateDocs.set((d as any)[primaryPath], d));\n\n const useRows: typeof rows = rows.map((row) => {\n const id = (row.newDocumentState as any)[primaryPath];\n const isChangeValid = this.changeValidator(ensureNotFalsy(authData), {\n newDocumentState: removeServerOnlyFields(row.newDocumentState),\n assumedMasterState: removeServerOnlyFields(row.assumedMasterState)\n });\n if (!isChangeValid) {\n hasInvalidChange = true;\n }\n\n const serverDoc = currentStateDocs.get(id);\n // When the document does not yet exist on the server, strip\n // server-only fields from the new document state so a client\n // cannot populate them on insert. Updates of existing docs\n // are already protected because mergeServerDocumentFields\n // overwrites those fields with the stored server value.\n const newDocumentState = serverDoc\n ? mergeServerDocumentFields(row.newDocumentState, serverDoc)\n : stripServerOnlyFields(row.newDocumentState);\n return {\n newDocumentState,\n assumedMasterState: mergeServerDocumentFields(row.assumedMasterState as any, serverDoc)\n } as typeof row;\n });\n if (hasInvalidChange) {\n adapter.closeConnection(res, 403, 'Forbidden');\n return;\n }\n\n const conflicts = await replicationHandler.masterWrite(useRows);\n\n adapter.setResponseHeader(res, 'Content-Type', 'application/json');\n adapter.endResponseJson(res, conflicts.map(c => removeServerOnlyFields(c)));\n });\n this.server.adapter.get(this.server.serverApp, '/' + this.urlPath + '/pullStream', async (req, res) => {\n\n const authData = await getAuthDataByRequest<AuthType, any, any>(this.server, req, res);\n if (!authData) { return; }\n\n adapter.setSSEHeaders(res);\n const docDataMatcherStream = getDocAllowedMatcher(this, ensureNotFalsy(authData));\n const subscription = replicationHandler.masterChangeStream$.pipe(\n mergeMap(async (changes) => {\n /*\n The auth-data might be expired\n * so we re-run the auth parsing each time\n * before emitting an event.\n /\n let authData: RxServerAuthData<AuthType>;\n try {\n authData = await server.authHandler(adapter.getRequestHeaders(req));\n } catch (err) {\n adapter.closeConnection(res, 401, 'Unauthorized');\n return null;\n }\n\n if (changes === 'RESYNC') {\n return changes;\n } else {\n const useDocs = changes.documents.filter(d => docDataMatcherStream(d as any));\n return {\n documents: useDocs,\n checkpoint: changes.checkpoint\n };\n }\n }),\n filter(f => f !== null && (f === 'RESYNC' \|\| f.documents.length > 0))\n ).subscribe(filteredAndModified => {\n if (filteredAndModified === 'RESYNC') {\n adapter.responseWrite(res, 'data: ' + JSON.stringify(filteredAndModified) + '\\n\\n');\n } else {\n const responseDocuments = ensureNotFalsy(filteredAndModified).documents.map(d => removeServerOnlyFields(d as any));\n adapter.responseWrite(\n res,\n 'data: ' + JSON.stringify({\n documents: responseDocuments,\n checkpoint: ensureNotFalsy(filteredAndModified).checkpoint\n }) + '\\n\\n'\n );\n }\n\n });\n\n /\n @link https://youtu.be/0PcMuYGJPzM?si=AxkczxcMaUwhh8k9&t=363\n /\n adapter.onRequestClose(req, () => {\n subscription.unsubscribe();\n adapter.endResponse(res);\n });\n });\n }\n}\n\n\n/\n \"block\" the previous version urls and send a 426 on them so that\n * the clients know they must update.\n /\nexport function blockPreviousReplicationVersionPaths(\n server: RxServer<any, any>,\n path: string,\n currentVersion: number\n\n) {\n let v = 0;\n while (v < currentVersion) {\n const version = v;\n /\n Some adapters do not allow regex or handle them property (like Koa),\n * so to make it easier, use the hard-coded array of path parts.\n */\n [\n '',\n 'pull',\n 'push',\n 'pullStream'\n ].forEach(subPath => {\n server.adapter.all(server.serverApp, '/' + path + '/' + version + '/' + subPath, (req, res) => {\n server.adapter.closeConnection(res, 426, 'Outdated version ' + version + ' (newest is ' + currentVersion + ')');\n });\n });\n v++;\n }\n}\n"],"mappings":"AAAA,SAMIA,YAAY,EACZC,6BAA6B,QAE1B,mBAAmB;AAC1B,SAASC,iCAAiC,QAAQ,oCAAoC;AAQtF,SAASC,MAAM,EAAEC,QAAQ,QAAQ,MAAM;AACvC,SACIC,cAAc,EACdC,WAAW,QACR,oBAAoB;AAE3B,SACIC,2BAA2B,EAC3BC,6BAA6B,EAC7BC,oBAAoB,EACpBC,oBAAoB,EACpBC,8BAA8B,EAC9BC,2BAA2B,EAC3BC,OAAO,EACPC,0BAA0B,QACvB,aAAa;AASpB,WAAaC,2BAA2B,GAKpC,SAAAA,4BACoBC,MAAyC,EACzCC,IAAY,EACZC,UAAmC,EACnDC,aAAyD,EACzDC,eAA6D,EAC7CC,gBAA0B,EAC1BC,IAAa,EAC/B;EAAA,KAZOC,IAAI,GAAG,aAAa;EAAA,KAKTP,MAAyC,GAAzCA,MAAyC;EAAA,KACzCC,IAAY,GAAZA,IAAY;EAAA,KACZC,UAAmC,GAAnCA,UAAmC;EAAA,KAGnCG,gBAA0B,GAA1BA,gBAA0B;EAAA,KAC1BC,IAAa,GAAbA,IAAa;EAE7B,IAAME,OAAO,GAAG,IAAI,CAACR,MAAM,CAACQ,OAAO;EAEnCX,OAAO,CAAC,IAAI,CAACG,MAAM,EAAE,CAAC,IAAI,CAACC,IAAI,CAAC,CAACQ,IAAI,CAAC,GAAG,CAAC,EAAEH,IAAI,CAAC;EACjDI,oCAAoC,CAAC,IAAI,CAACV,MAAM,EAAE,CAAC,IAAI,CAACC,IAAI,CAAC,CAACQ,IAAI,CAAC,GAAG,CAAC,EAAEP,UAAU,CAACS,MAAM,CAACC,OAAO,CAAC;EAEnG,IAAI,CAACC,OAAO,GAAG,CAAC,IAAI,CAACZ,IAAI,EAAEC,UAAU,CAACS,MAAM,CAACC,OAAO,CAAC,CAACH,IAAI,CAAC,GAAG,CAAC;EAE/D,IAAMK,WAAW,GAAG,IAAI,CAACZ,UAAU,CAACS,MAAM,CAACG,WAAW;EACtD,IAAMC,kBAAuE,GAAG7B,iCAAiC,CAAY,IAAI,CAACc,MAAM,CAACgB,QAAQ,EAAEd,UAAU,CAACD,IAAI,CAAC;EACnK,IAAI,CAACE,aAAa,GAAG,CAACc,QAAQ,EAAEC,KAAK,KAAK;IACtC,IAAI1B,6BAA6B,CAAC0B,KAAK,CAACC,QAAQ,CAAC,EAAE;MAC/C,MAAM,IAAIC,KAAK,CAAC,mDAAmD,CAAC;IACxE;IACA,OAAOjB,aAAa,CAACc,QAAQ,EAAEC,KAAK,CAAC;EACzC,CAAC;EACD,IAAI,CAACd,eAAe,GAAG,CAACa,QAAQ,EAAEI,MAAM,KAAK;IACzC,IACKA,MAAM,CAACC,kBAAkB,IAAI/B,2BAA2B,CAACc,gBAAgB,EAAEgB,MAAM,CAACC,kBAAkB,CAAC,IACtG/B,2BAA2B,CAACc,gBAAgB,EAAEgB,MAAM,CAACE,gBAAgB,CAAC,EACxE;MACE,OAAO,KAAK;IAChB;IACA,OAAOnB,eAAe,CAACa,QAAQ,EAAEI,MAAM,CAAC;EAC5C,CAAC;EACD,IAAMG,sBAAsB,GAAG5B,2BAA2B,CAAY,IAAI,CAACS,gBAAgB,CAAC;EAC5F,IAAMoB,yBAAyB,GAAG9B,8BAA8B,CAAY,IAAI,CAACU,gBAAgB,CAAC;EAClG,IAAMqB,qBAAqB,GAAG5B,0BAA0B,CAAY,IAAI,CAACO,gBAAgB,CAAC;EAE1F,IAAI,CAACL,MAAM,CAACQ,OAAO,CAACmB,GAAG,CAAC,IAAI,CAAC3B,MAAM,CAAC4B,SAAS,EAAE,GAAG,GAAG,IAAI,CAACf,OAAO,GAAG,OAAO,EAAE,OAAOgB,GAAQ,EAAEC,GAAQ,KAAK;IACvG,IAAMb,QAAQ,GAAG,MAAMxB,oBAAoB,CAAC,IAAI,CAACO,MAAM,EAAE6B,GAAG,EAAEC,GAAG,CAAC;IAClE,IAAI,CAACb,QAAQ,EAAE;MAAE;IAAQ;IAEzB,IAAMc,QAAQ,GAAGvB,OAAO,CAACwB,eAAe,CAACH,GAAG,CAAC;IAC7C,IAAMI,EAAE,GAAGF,QAAQ,CAACE,EAAE,GAAGF,QAAQ,CAACE,EAAE,GAAa,EAAE;IACnD,IAAMC,GAAG,GAAGH,QAAQ,CAACG,GAAG,GAAGC,UAAU,CAACJ,QAAQ,CAACG,GAAa,CAAC,GAAG,CAAC;IACjE,IAAME,KAAK,GAAGL,QAAQ,CAACK,KAAK,GAAGC,QAAQ,CAACN,QAAQ,CAACK,KAAK,EAAY,EAAE,CAAC,GAAG,CAAC;IACzE,IAAME,UAAU,GAAGrD,6BAA6B,CAC5C,IAAI,CAACiB,UAAU,CAACqC,eAAe,EAC/BH,KAAK,EACL;MAAEH,EAAE;MAAEC;IAAI,CACd,CAAC;IACD,IAAMM,eAA4C,GAAG,IAAI,CAACrC,aAAa,CACnEd,cAAc,CAAC4B,QAAQ,CAAC,EACxBqB,UACJ,CAAC;IACD,IAAMG,QAAQ,GAAGzD,YAAY,CACzB,IAAI,CAACkB,UAAU,CAACS,MAAM,CAAC+B,UAAU,EACjCF,eACJ,CAAC;IACD,IAAMG,MAAM,GAAG,MAAM,IAAI,CAACzC,UAAU,CAACqC,eAAe,CAACrB,KAAK,CAACuB,QAAQ,CAAC;IAEpE,IAAMG,aAAiC,GAAGD,MAAM,CAACE,SAAS,CAACC,MAAM,KAAK,CAAC,GAAG;MAAEb,EAAE;MAAEC;IAAI,CAAC,GAAG;MACpFD,EAAE,EAAE5C,cAAc,CAACC,WAAW,CAACqD,MAAM,CAACE,SAAS,CAAC,CAAC,CAAC/B,WAAW,CAAW;MACxEoB,GAAG,EAAE7C,cAAc,CAACC,WAAW,CAACqD,MAAM,CAACE,SAAS,CAAC,CAAC,CAACE,KAAK,CAACb;IAC7D,CAAC;IACD,IAAMc,iBAAiB,GAAGL,MAAM,CAACE,SAAS,CAACI,GAAG,CAACC,CAAC,IAAI1B,sBAAsB,CAAC0B,CAAC,CAAC,CAAC;IAC9E1C,OAAO,CAAC2C,iBAAiB,CAACrB,GAAG,EAAE,cAAc,EAAE,kBAAkB,CAAC;IAClEtB,OAAO,CAAC4C,eAAe,CAACtB,GAAG,EAAE;MACzBe,SAAS,EAAEG,iBAAiB;MAC5BK,UAAU,EAAET;IAChB,CAAC,CAAC;EACN,CAAC,CAAC;EAEF,IAAI,CAAC5C,MAAM,CAACQ,OAAO,CAAC8C,IAAI,CAAC,IAAI,CAACtD,MAAM,CAAC4B,SAAS,EAAE,GAAG,GAAG,IAAI,CAACf,OAAO,GAAG,OAAO,EAAE,OAAOgB,GAAQ,EAAEC,GAAQ,KAAK;IACxG,IAAMb,QAAQ,GAAG,MAAMxB,oBAAoB,CAAC,IAAI,CAACO,MAAM,EAAE6B,GAAG,EAAEC,GAAG,CAAC;IAClE,IAAI,CAACb,QAAQ,EAAE;MAAE;IAAQ;IAEzB,IAAMsC,mBAAmB,GAAG7D,oBAAoB,CAAC,IAAI,EAAEL,cAAc,CAAC4B,QAAe,CAAC,CAAC;IACvF,IAAMuC,IAAgD,GAAGhD,OAAO,CAACiD,cAAc,CAAC5B,GAAG,CAAC;IACpF,IAAM6B,GAAa,GAAG,EAAE;IACxBF,IAAI,CAACG,OAAO,CAACC,GAAG,IAAIF,GAAG,CAACG,IAAI,CAAED,GAAG,CAACrC,gBAAgB,CAAST,WAAW,CAAC,CAAC,CAAC;IAEzE,KAAK,IAAM8C,GAAG,IAAIJ,IAAI,EAAE;MACpB;MACA,IAAII,GAAG,CAACtC,kBAAkB,IAAKsC,GAAG,CAACtC,kBAAkB,CAASyB,KAAK,EAAE;QACjE,MAAM,IAAI3B,KAAK,CAAC,8BAA8B,CAAC;MACnD;IACJ;;IAEA;IACA,IAAM0C,aAAa,GAAGN,IAAI,CAACO,IAAI,CAACH,GAAG,IAAI;MACnC,IACI,CAACL,mBAAmB,CAACK,GAAG,CAACrC,gBAAuB,CAAC,IAChDqC,GAAG,CAACtC,kBAAkB,IAAI,CAACiC,mBAAmB,CAACK,GAAG,CAACtC,kBAAyB,CAAE,EACjF;QACE,OAAO,IAAI;MACf;IACJ,CAAC,CAAC;IACF,IAAIwC,aAAa,EAAE;MACftD,OAAO,CAACwD,eAAe,CAAClC,GAAG,EAAE,GAAG,EAAE,WAAW,CAAC;MAC9C;IACJ;IACA,IAAImC,gBAAgB,GAAG,KAAK;IAE5B,IAAMC,qBAAqB,GAAG,MAAM,IAAI,CAAChE,UAAU,CAACqC,eAAe,CAAC4B,iBAAiB,CAACT,GAAG,EAAE,IAAI,CAAC;IAChG,IAAMU,gBAAgB,GAAG,IAAIC,GAAG,CAAoC,CAAC;IACrEH,qBAAqB,CAACP,OAAO,CAACT,CAAC,IAAIkB,gBAAgB,CAACE,GAAG,CAAEpB,CAAC,CAASpC,WAAW,CAAC,EAAEoC,CAAC,CAAC,CAAC;IAEpF,IAAMqB,OAAoB,GAAGf,IAAI,CAACP,GAAG,CAAEW,GAAG,IAAK;MAC3C,IAAM3B,EAAE,GAAI2B,GAAG,CAACrC,gBAAgB,CAAST,WAAW,CAAC;MACrD,IAAM0D,aAAa,GAAG,IAAI,CAACpE,eAAe,CAACf,cAAc,CAAC4B,QAAQ,CAAC,EAAE;QACjEM,gBAAgB,EAAEC,sBAAsB,CAACoC,GAAG,CAACrC,gBAAgB,CAAC;QAC9DD,kBAAkB,EAAEE,sBAAsB,CAACoC,GAAG,CAACtC,kBAAkB;MACrE,CAAC,CAAC;MACF,IAAI,CAACkD,aAAa,EAAE;QAChBP,gBAAgB,GAAG,IAAI;MAC3B;MAEA,IAAMQ,SAAS,GAAGL,gBAAgB,CAACzC,GAAG,CAACM,EAAE,CAAC;MAC1C;MACA;MACA;MACA;MACA;MACA,IAAMV,gBAAgB,GAAGkD,SAAS,GAC5BhD,yBAAyB,CAACmC,GAAG,CAACrC,gBAAgB,EAAEkD,SAAS,CAAC,GAC1D/C,qBAAqB,CAACkC,GAAG,CAACrC,gBAAgB,CAAC;MACjD,OAAO;QACHA,gBAAgB;QAChBD,kBAAkB,EAAEG,yBAAyB,CAACmC,GAAG,CAACtC,kBAAkB,EAASmD,SAAS;MAC1F,CAAC;IACL,CAAC,CAAC;IACF,IAAIR,gBAAgB,EAAE;MAClBzD,OAAO,CAACwD,eAAe,CAAClC,GAAG,EAAE,GAAG,EAAE,WAAW,CAAC;MAC9C;IACJ;IAEA,IAAM4C,SAAS,GAAG,MAAM3D,kBAAkB,CAAC4D,WAAW,CAACJ,OAAO,CAAC;IAE/D/D,OAAO,CAAC2C,iBAAiB,CAACrB,GAAG,EAAE,cAAc,EAAE,kBAAkB,CAAC;IAClEtB,OAAO,CAAC4C,eAAe,CAACtB,GAAG,EAAE4C,SAAS,CAACzB,GAAG,CAAC2B,CAAC,IAAIpD,sBAAsB,CAACoD,CAAC,CAAC,CAAC,CAAC;EAC/E,CAAC,CAAC;EACF,IAAI,CAAC5E,MAAM,CAACQ,OAAO,CAACmB,GAAG,CAAC,IAAI,CAAC3B,MAAM,CAAC4B,SAAS,EAAE,GAAG,GAAG,IAAI,CAACf,OAAO,GAAG,aAAa,EAAE,OAAOgB,GAAG,EAAEC,GAAG,KAAK;IAEnG,IAAMb,QAAQ,GAAG,MAAMxB,oBAAoB,CAAqB,IAAI,CAACO,MAAM,EAAE6B,GAAG,EAAEC,GAAG,CAAC;IACtF,IAAI,CAACb,QAAQ,EAAE;MAAE;IAAQ;IAEzBT,OAAO,CAACqE,aAAa,CAAC/C,GAAG,CAAC;IAC1B,IAAMgD,oBAAoB,GAAGpF,oBAAoB,CAAC,IAAI,EAAEL,cAAc,CAAC4B,QAAQ,CAAC,CAAC;IACjF,IAAM8D,YAAY,GAAGhE,kBAAkB,CAACiE,mBAAmB,CAACC,IAAI,CAC5D7F,QAAQ,CAAC,MAAO8F,OAAO,IAAK;MACxB;AACpB;AACA;AACA;AACA;MACoB,IAAIjE,QAAoC;MACxC,IAAI;QACAA,QAAQ,GAAG,MAAMjB,MAAM,CAACmF,WAAW,CAAC3E,OAAO,CAAC4E,iBAAiB,CAACvD,GAAG,CAAC,CAAC;MACvE,CAAC,CAAC,OAAOwD,GAAG,EAAE;QACV7E,OAAO,CAACwD,eAAe,CAAClC,GAAG,EAAE,GAAG,EAAE,cAAc,CAAC;QACjD,OAAO,IAAI;MACf;MAEA,IAAIoD,OAAO,KAAK,QAAQ,EAAE;QACtB,OAAOA,OAAO;MAClB,CAAC,MAAM;QACH,IAAMI,OAAO,GAAGJ,OAAO,CAACrC,SAAS,CAAC1D,MAAM,CAAC+D,CAAC,IAAI4B,oBAAoB,CAAC5B,CAAQ,CAAC,CAAC;QAC7E,OAAO;UACHL,SAAS,EAAEyC,OAAO;UAClBjC,UAAU,EAAE6B,OAAO,CAAC7B;QACxB,CAAC;MACL;IACJ,CAAC,CAAC,EACFlE,MAAM,CAACoG,CAAC,IAAIA,CAAC,KAAK,IAAI,KAAKA,CAAC,KAAK,QAAQ,IAAIA,CAAC,CAAC1C,SAAS,CAACC,MAAM,GAAG,CAAC,CAAC,CACxE,CAAC,CAAC0C,SAAS,CAACC,mBAAmB,IAAI;MAC/B,IAAIA,mBAAmB,KAAK,QAAQ,EAAE;QAClCjF,OAAO,CAACkF,aAAa,CAAC5D,GAAG,EAAE,QAAQ,GAAG6D,IAAI,CAACC,SAAS,CAACH,mBAAmB,CAAC,GAAG,MAAM,CAAC;MACvF,CAAC,MAAM;QACH,IAAMzC,iBAAiB,GAAG3D,cAAc,CAACoG,mBAAmB,CAAC,CAAC5C,SAAS,CAACI,GAAG,CAACC,CAAC,IAAI1B,sBAAsB,CAAC0B,CAAQ,CAAC,CAAC;QAClH1C,OAAO,CAACkF,aAAa,CACjB5D,GAAG,EACH,QAAQ,GAAG6D,IAAI,CAACC,SAAS,CAAC;UACtB/C,SAAS,EAAEG,iBAAiB;UAC5BK,UAAU,EAAEhE,cAAc,CAACoG,mBAAmB,CAAC,CAACpC;QACpD,CAAC,CAAC,GAAG,MACT,CAAC;MACL;IAEJ,CAAC,CAAC;;IAEF;AACZ;AACA;IACY7C,OAAO,CAACqF,cAAc,CAAChE,GAAG,EAAE,MAAM;MAC9BkD,YAAY,CAACe,WAAW,CAAC,CAAC;MAC1BtF,OAAO,CAACuF,WAAW,CAACjE,GAAG,CAAC;IAC5B,CAAC,CAAC;EACN,CAAC,CAAC;AACN,CAAC;;AAIL;AACA;AACA;AACA;AACA,OAAO,SAASpB,oCAAoCA,CAChDV,MAA0B,EAC1BgG,IAAY,EACZC,cAAsB,EAExB;EACE,IAAIC,CAAC,GAAG,CAAC;EAAC,IAAAC,KAAA,YAAAA,CAAA,EACiB;IACvB,IAAMvF,OAAO,GAAGsF,CAAC;IACjB;AACR;AACA;AACA;IACQ,CACI,EAAE,EACF,MAAM,EACN,MAAM,EACN,YAAY,CACf,CAACvC,OAAO,CAACyC,OAAO,IAAI;MACjBpG,MAAM,CAACQ,OAAO,CAAC6F,GAAG,CAACrG,MAAM,CAAC4B,SAAS,EAAE,GAAG,GAAGoE,IAAI,GAAG,GAAG,GAAGpF,OAAO,GAAG,GAAG,GAAGwF,OAAO,EAAE,CAACvE,GAAG,EAAEC,GAAG,KAAK;QAC3F9B,MAAM,CAACQ,OAAO,CAACwD,eAAe,CAAClC,GAAG,EAAE,GAAG,EAAE,mBAAmB,GAAGlB,OAAO,GAAG,cAAc,GAAGqF,cAAc,GAAG,GAAG,CAAC;MACnH,CAAC,CAAC;IACN,CAAC,CAAC;IACFC,CAAC,EAAE;EACP,CAAC;EAjBD,OAAOA,CAAC,GAAGD,cAAc;IAAAE,KAAA;EAAA;AAkB7B","ignoreList":[]}

package/dist/esm/plugins/server/endpoint-rest.js CHANGED Viewed

@@ -1,7 +1,7 @@
 import { normalizeMangoQuery } from 'rxdb/plugins/core';
 import { filter, mergeMap } from 'rxjs';
 import { ensureNotFalsy } from 'rxdb/plugins/utils';
-import { docContainsServerOnlyFields, doesContainRegexQuerySelector, getAuthDataByRequest, getDocAllowedMatcher, removeServerOnlyFieldsMonad, setCors } from "./helper.js";
+import { docContainsServerOnlyFields, doesContainRegexQuerySelector, getAuthDataByRequest, getDocAllowedMatcher, mergeServerDocumentFieldsMonad, removeServerOnlyFieldsMonad, setCors, stripServerOnlyFieldsMonad } from "./helper.js";
 export var REST_PATHS = ['query', 'query/observe', 'get', 'set', 'delete'
 // TODO
@@ -36,6 +36,8 @@ export var RxServerRestEndpoint = function RxServerRestEndpoint(server, name, co
     return changeValidator(authData, change);
   };
   var removeServerOnlyFields = removeServerOnlyFieldsMonad(this.serverOnlyFields);
+  var mergeServerDocumentFields = mergeServerDocumentFieldsMonad(this.serverOnlyFields);
+  var stripServerOnlyFields = stripServerOnlyFieldsMonad(this.serverOnlyFields);
   this.server.adapter.post(this.server.serverApp, '/' + this.urlPath + '/query', async (req, res) => {
     ensureNotFalsy(adapter.getRequestBody(req), 'req body is empty');
     var authData = await getAuthDataByRequest(this.server, req, res);
@@ -67,8 +69,19 @@ export var RxServerRestEndpoint = function RxServerRestEndpoint(server, name, co
     if (!authData) {
       return;
     }
+    // Run the queryModifier BEFORE setSSEHeaders so that a bad
+    // request (e.g. a $regex query that the modifier wrapper
+    // rejects to prevent DOS attacks) can still be answered
+    // with a proper 400 response, mirroring the /query endpoint.
+    var useQuery;
+    try {
+      useQuery = this.queryModifier(ensureNotFalsy(authData), normalizeMangoQuery(this.collection.schema.jsonSchema, JSON.parse(atob(adapter.getRequestQuery(req).query))));
+    } catch (err) {
+      adapter.closeConnection(res, 400, 'Bad Request');
+      return;
+    }
     adapter.setSSEHeaders(res);
-    var useQuery = this.queryModifier(ensureNotFalsy(authData), normalizeMangoQuery(this.collection.schema.jsonSchema, JSON.parse(atob(adapter.getRequestQuery(req).query))));
     var rxQuery = this.collection.find(useQuery);
     var subscription = rxQuery.$.pipe(mergeMap(async result => {
       var resultData = result.map(doc => removeServerOnlyFields(doc.toJSON()));
@@ -143,15 +156,20 @@ export var RxServerRestEndpoint = function RxServerRestEndpoint(server, name, co
       var docs = await collection.findByIds(docsData.map(d => d[primaryPath])).exec();
       var useDocsData = docsData.slice();
       docsData = [];
-      var _loop = async function (_docData) {
+      var _loop = async function () {
           var id = _docData[primaryPath];
           var doc = docs.get(id);
           if (!doc) {
-            promises.push(_this.collection.insert(_docData).catch(err => onWriteError(err, _docData)));
-          } else {
+            // Run the changeValidator for new document inserts as
+            // well. Previously the validator was only invoked for
+            // updates, so a changeValidator that rejected writes
+            // had no effect on inserts via /set, which is
+            // inconsistent with the replication endpoint and the
+            // documented contract that the validator gates all
+            // changes.
             var isAllowed = _this.changeValidator(authData, {
               newDocumentState: removeServerOnlyFields(_docData),
-              assumedMasterState: removeServerOnlyFields(doc.toJSON(true))
+              assumedMasterState: undefined
             });
             if (!isAllowed) {
               adapter.closeConnection(res, 403, 'Forbidden');
@@ -159,12 +177,43 @@ export var RxServerRestEndpoint = function RxServerRestEndpoint(server, name, co
                 v: void 0
               };
             }
-            promises.push(doc.patch(_docData).catch(err => onWriteError(err, _docData)));
+            // Strip server-only fields from the client doc before
+            // inserting. Without this, a client could populate
+            // server-only ("readonly") fields when creating a new
+            // document via /set, which contradicts the documented
+            // behavior that clients cannot do writes where one of
+            // the serverOnlyFields is set.
+            var mergedDocData = stripServerOnlyFields(mergeServerDocumentFields(_docData, undefined));
+            promises.push(_this.collection.insert(mergedDocData).catch(err => onWriteError(err, mergedDocData)));
+          } else {
+            // The user must also be allowed to access the existing document.
+            // Without this check, a client could overwrite arbitrary
+            // documents by sending a write whose new state matches the
+            // queryModifier while targeting a foreign document's primary.
+            var isExistingDocAllowed = docDataMatcherWrite(doc.toJSON(true));
+            if (!isExistingDocAllowed) {
+              adapter.closeConnection(res, 403, 'Forbidden');
+              return {
+                v: void 0
+              };
+            }
+            var _isAllowed = _this.changeValidator(authData, {
+              newDocumentState: removeServerOnlyFields(_docData),
+              assumedMasterState: removeServerOnlyFields(doc.toJSON(true))
+            });
+            if (!_isAllowed) {
+              adapter.closeConnection(res, 403, 'Forbidden');
+              return {
+                v: void 0
+              };
+            }
+            var _mergedDocData = mergeServerDocumentFields(_docData, doc.toJSON(true));
+            promises.push(doc.patch(_mergedDocData).catch(err => onWriteError(err, _mergedDocData)));
           }
         },
         _ret;
       for (var _docData of useDocsData) {
-        _ret = await _loop(_docData);
+        _ret = await _loop();
         if (_ret) return _ret.v;
       }
       await Promise.all(promises);
@@ -195,8 +244,8 @@ export var RxServerRestEndpoint = function RxServerRestEndpoint(server, name, co
               };
             }
             var isAllowedChange = _this.changeValidator(authData, {
-              newDocumentState: doc.toJSON(true),
-              assumedMasterState: doc.toJSON(true)
+              newDocumentState: removeServerOnlyFields(doc.toJSON(true)),
+              assumedMasterState: removeServerOnlyFields(doc.toJSON(true))
             });
             if (!isAllowedChange) {
               adapter.closeConnection(res, 403, 'Forbidden');