hopfma
/
om
Watch 4
Star 1
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Ohm-Management - Projektarbeit B-ME
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
115 Commits
2 Branches
Tree: 56f4a3f940
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '56f4a3f940'
${ noResults }
om/node_modules/mongoose/node_modules/mongodb-core/lib/uri_parser.js

uri_parser.js 17KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536 
  1. 'use strict';

  2. const URL = require('url');

  3. const qs = require('querystring');

  4. const dns = require('dns');

  5. const MongoParseError = require('./error').MongoParseError;

  6. const ReadPreference = require('./topologies/read_preference');

  7. 

  8. /**

  9.  * The following regular expression validates a connection string and breaks the

  10.  * provide string into the following capture groups: [protocol, username, password, hosts]

  11.  */

  12. const HOSTS_RX = /(mongodb(?:\+srv|)):\/\/(?: (?:[^:]*) (?: : ([^@]*) )? @ )?([^/?]*)(?:\/|)(.*)/;

  13. 

  14. /**

  15.  * Determines whether a provided address matches the provided parent domain in order

  16.  * to avoid certain attack vectors.

  17.  *

  18.  * @param {String} srvAddress The address to check against a domain

  19.  * @param {String} parentDomain The domain to check the provided address against

  20.  * @return {Boolean} Whether the provided address matches the parent domain

  21.  */

  22. function matchesParentDomain(srvAddress, parentDomain) {

  23.   const regex = /^.*?\./;

  24.   const srv = `.${srvAddress.replace(regex, '')}`;

  25.   const parent = `.${parentDomain.replace(regex, '')}`;

  26.   return srv.endsWith(parent);

  27. }

  28. 

  29. /**

  30.  * Lookup a `mongodb+srv` connection string, combine the parts and reparse it as a normal

  31.  * connection string.

  32.  *

  33.  * @param {string} uri The connection string to parse

  34.  * @param {object} options Optional user provided connection string options

  35.  * @param {function} callback

  36.  */

  37. function parseSrvConnectionString(uri, options, callback) {

  38.   const result = URL.parse(uri, true);

  39. 

  40.   if (result.hostname.split('.').length < 3) {

  41.     return callback(new MongoParseError('URI does not have hostname, domain name and tld'));

  42.   }

  43. 

  44.   result.domainLength = result.hostname.split('.').length;

  45.   if (result.pathname && result.pathname.match(',')) {

  46.     return callback(new MongoParseError('Invalid URI, cannot contain multiple hostnames'));

  47.   }

  48. 

  49.   if (result.port) {

  50.     return callback(new MongoParseError(`Ports not accepted with '${PROTOCOL_MONGODB_SRV}' URIs`));

  51.   }

  52. 

  53.   // Resolve the SRV record and use the result as the list of hosts to connect to.

  54.   const lookupAddress = result.host;

  55.   dns.resolveSrv(`_mongodb._tcp.${lookupAddress}`, (err, addresses) => {

  56.     if (err) return callback(err);

  57. 

  58.     if (addresses.length === 0) {

  59.       return callback(new MongoParseError('No addresses found at host'));

  60.     }

  61. 

  62.     for (let i = 0; i < addresses.length; i++) {

  63.       if (!matchesParentDomain(addresses[i].name, result.hostname, result.domainLength)) {

  64.         return callback(

  65.           new MongoParseError('Server record does not share hostname with parent URI')

  66.         );

  67.       }

  68.     }

  69. 

  70.     // Convert the original URL to a non-SRV URL.

  71.     result.protocol = 'mongodb';

  72.     result.host = addresses.map(address => `${address.name}:${address.port}`).join(',');

  73. 

  74.     // Default to SSL true if it's not specified.

  75.     if (

  76.       !('ssl' in options) &&

  77.       (!result.search || !('ssl' in result.query) || result.query.ssl === null)

  78.     ) {

  79.       result.query.ssl = true;

  80.     }

  81. 

  82.     // Resolve TXT record and add options from there if they exist.

  83.     dns.resolveTxt(lookupAddress, (err, record) => {

  84.       if (err) {

  85.         if (err.code !== 'ENODATA') {

  86.           return callback(err);

  87.         }

  88.         record = null;

  89.       }

  90. 

  91.       if (record) {

  92.         if (record.length > 1) {

  93.           return callback(new MongoParseError('Multiple text records not allowed'));

  94.         }

  95. 

  96.         record = qs.parse(record[0].join(''));

  97.         if (Object.keys(record).some(key => key !== 'authSource' && key !== 'replicaSet')) {

  98.           return callback(

  99.             new MongoParseError('Text record must only set `authSource` or `replicaSet`')

  100.           );

  101.         }

  102. 

  103.         Object.assign(result.query, record);

  104.       }

  105. 

  106.       // Set completed options back into the URL object.

  107.       result.search = qs.stringify(result.query);

  108. 

  109.       const finalString = URL.format(result);

  110.       parseConnectionString(finalString, options, callback);

  111.     });

  112.   });

  113. }

  114. 

  115. /**

  116.  * Parses a query string item according to the connection string spec

  117.  *

  118.  * @param {string} key The key for the parsed value

  119.  * @param {Array|String} value The value to parse

  120.  * @return {Array|Object|String} The parsed value

  121.  */

  122. function parseQueryStringItemValue(key, value) {

  123.   if (Array.isArray(value)) {

  124.     // deduplicate and simplify arrays

  125.     value = value.filter((v, idx) => value.indexOf(v) === idx);

  126.     if (value.length === 1) value = value[0];

  127.   } else if (value.indexOf(':') > 0) {

  128.     value = value.split(',').reduce((result, pair) => {

  129.       const parts = pair.split(':');

  130.       result[parts[0]] = parseQueryStringItemValue(key, parts[1]);

  131.       return result;

  132.     }, {});

  133.   } else if (value.indexOf(',') > 0) {

  134.     value = value.split(',').map(v => {

  135.       return parseQueryStringItemValue(key, v);

  136.     });

  137.   } else if (value.toLowerCase() === 'true' || value.toLowerCase() === 'false') {

  138.     value = value.toLowerCase() === 'true';

  139.   } else if (!Number.isNaN(value) && !STRING_OPTIONS.has(key)) {

  140.     const numericValue = parseFloat(value);

  141.     if (!Number.isNaN(numericValue)) {

  142.       value = parseFloat(value);

  143.     }

  144.   }

  145. 

  146.   return value;

  147. }

  148. 

  149. // Options that are known boolean types

  150. const BOOLEAN_OPTIONS = new Set([

  151.   'slaveok',

  152.   'slave_ok',

  153.   'sslvalidate',

  154.   'fsync',

  155.   'safe',

  156.   'retrywrites',

  157.   'j'

  158. ]);

  159. 

  160. // Known string options, only used to bypass Number coercion in `parseQueryStringItemValue`

  161. const STRING_OPTIONS = new Set(['authsource', 'replicaset']);

  162. 

  163. // Supported text representations of auth mechanisms

  164. // NOTE: this list exists in native already, if it is merged here we should deduplicate

  165. const AUTH_MECHANISMS = new Set([

  166.   'GSSAPI',

  167.   'MONGODB-X509',

  168.   'MONGODB-CR',

  169.   'DEFAULT',

  170.   'SCRAM-SHA-1',

  171.   'SCRAM-SHA-256',

  172.   'PLAIN'

  173. ]);

  174. 

  175. // Lookup table used to translate normalized (lower-cased) forms of connection string

  176. // options to their expected camelCase version

  177. const CASE_TRANSLATION = {

  178.   replicaset: 'replicaSet',

  179.   connecttimeoutms: 'connectTimeoutMS',

  180.   sockettimeoutms: 'socketTimeoutMS',

  181.   maxpoolsize: 'maxPoolSize',

  182.   minpoolsize: 'minPoolSize',

  183.   maxidletimems: 'maxIdleTimeMS',

  184.   waitqueuemultiple: 'waitQueueMultiple',

  185.   waitqueuetimeoutms: 'waitQueueTimeoutMS',

  186.   wtimeoutms: 'wtimeoutMS',

  187.   readconcern: 'readConcern',

  188.   readconcernlevel: 'readConcernLevel',

  189.   readpreference: 'readPreference',

  190.   maxstalenessseconds: 'maxStalenessSeconds',

  191.   readpreferencetags: 'readPreferenceTags',

  192.   authsource: 'authSource',

  193.   authmechanism: 'authMechanism',

  194.   authmechanismproperties: 'authMechanismProperties',

  195.   gssapiservicename: 'gssapiServiceName',

  196.   localthresholdms: 'localThresholdMS',

  197.   serverselectiontimeoutms: 'serverSelectionTimeoutMS',

  198.   serverselectiontryonce: 'serverSelectionTryOnce',

  199.   heartbeatfrequencyms: 'heartbeatFrequencyMS',

  200.   appname: 'appName',

  201.   retrywrites: 'retryWrites',

  202.   uuidrepresentation: 'uuidRepresentation',

  203.   zlibcompressionlevel: 'zlibCompressionLevel'

  204. };

  205. 

  206. /**

  207.  * Sets the value for `key`, allowing for any required translation

  208.  *

  209.  * @param {object} obj The object to set the key on

  210.  * @param {string} key The key to set the value for

  211.  * @param {*} value The value to set

  212.  * @param {object} options The options used for option parsing

  213.  */

  214. function applyConnectionStringOption(obj, key, value, options) {

  215.   // simple key translation

  216.   if (key === 'journal') {

  217.     key = 'j';

  218.   } else if (key === 'wtimeoutms') {

  219.     key = 'wtimeout';

  220.   }

  221. 

  222.   // more complicated translation

  223.   if (BOOLEAN_OPTIONS.has(key)) {

  224.     value = value === 'true' || value === true;

  225.   } else if (key === 'appname') {

  226.     value = decodeURIComponent(value);

  227.   } else if (key === 'readconcernlevel') {

  228.     key = 'readconcern';

  229.     value = { level: value };

  230.   }

  231. 

  232.   // simple validation

  233.   if (key === 'compressors') {

  234.     value = Array.isArray(value) ? value : [value];

  235. 

  236.     if (!value.every(c => c === 'snappy' || c === 'zlib')) {

  237.       throw new MongoParseError(

  238.         'Value for `compressors` must be at least one of: `snappy`, `zlib`'

  239.       );

  240.     }

  241.   }

  242. 

  243.   if (key === 'authmechanism' && !AUTH_MECHANISMS.has(value)) {

  244.     throw new MongoParseError(

  245.       'Value for `authMechanism` must be one of: `DEFAULT`, `GSSAPI`, `PLAIN`, `MONGODB-X509`, `SCRAM-SHA-1`, `SCRAM-SHA-256`'

  246.     );

  247.   }

  248. 

  249.   if (key === 'readpreference' && !ReadPreference.isValid(value)) {

  250.     throw new MongoParseError(

  251.       'Value for `readPreference` must be one of: `primary`, `primaryPreferred`, `secondary`, `secondaryPreferred`, `nearest`'

  252.     );

  253.   }

  254. 

  255.   if (key === 'zlibcompressionlevel' && (value < -1 || value > 9)) {

  256.     throw new MongoParseError('zlibCompressionLevel must be an integer between -1 and 9');

  257.   }

  258. 

  259.   // special cases

  260.   if (key === 'compressors' || key === 'zlibcompressionlevel') {

  261.     obj.compression = obj.compression || {};

  262.     obj = obj.compression;

  263.   }

  264. 

  265.   if (key === 'authmechanismproperties') {

  266.     if (typeof value.SERVICE_NAME === 'string') obj.gssapiServiceName = value.SERVICE_NAME;

  267.     if (typeof value.SERVICE_REALM === 'string') obj.gssapiServiceRealm = value.SERVICE_REALM;

  268.     if (typeof value.CANONICALIZE_HOST_NAME !== 'undefined') {

  269.       obj.gssapiCanonicalizeHostName = value.CANONICALIZE_HOST_NAME;

  270.     }

  271.   }

  272. 

  273.   // set the actual value

  274.   if (options.caseTranslate && CASE_TRANSLATION[key]) {

  275.     obj[CASE_TRANSLATION[key]] = value;

  276.     return;

  277.   }

  278. 

  279.   obj[key] = value;

  280. }

  281. 

  282. const USERNAME_REQUIRED_MECHANISMS = new Set([

  283.   'GSSAPI',

  284.   'MONGODB-CR',

  285.   'PLAIN',

  286.   'SCRAM-SHA-1',

  287.   'SCRAM-SHA-256'

  288. ]);

  289. 

  290. /**

  291.  * Modifies the parsed connection string object taking into account expectations we

  292.  * have for authentication-related options.

  293.  *

  294.  * @param {object} parsed The parsed connection string result

  295.  * @return The parsed connection string result possibly modified for auth expectations

  296.  */

  297. function applyAuthExpectations(parsed) {

  298.   if (parsed.options == null) {

  299.     return;

  300.   }

  301. 

  302.   const options = parsed.options;

  303.   const authSource = options.authsource || options.authSource;

  304.   if (authSource != null) {

  305.     parsed.auth = Object.assign({}, parsed.auth, { db: authSource });

  306.   }

  307. 

  308.   const authMechanism = options.authmechanism || options.authMechanism;

  309.   if (authMechanism != null) {

  310.     if (

  311.       USERNAME_REQUIRED_MECHANISMS.has(authMechanism) &&

  312.       (!parsed.auth || parsed.auth.username == null)

  313.     ) {

  314.       throw new MongoParseError(`Username required for mechanism \`${authMechanism}\``);

  315.     }

  316. 

  317.     if (authMechanism === 'GSSAPI') {

  318.       if (authSource != null && authSource !== '$external') {

  319.         throw new MongoParseError(

  320.           `Invalid source \`${authSource}\` for mechanism \`${authMechanism}\` specified.`

  321.         );

  322.       }

  323. 

  324.       parsed.auth = Object.assign({}, parsed.auth, { db: '$external' });

  325.     }

  326. 

  327.     if (authMechanism === 'MONGODB-X509') {

  328.       if (parsed.auth && parsed.auth.password != null) {

  329.         throw new MongoParseError(`Password not allowed for mechanism \`${authMechanism}\``);

  330.       }

  331. 

  332.       if (authSource != null && authSource !== '$external') {

  333.         throw new MongoParseError(

  334.           `Invalid source \`${authSource}\` for mechanism \`${authMechanism}\` specified.`

  335.         );

  336.       }

  337. 

  338.       parsed.auth = Object.assign({}, parsed.auth, { db: '$external' });

  339.     }

  340. 

  341.     if (authMechanism === 'PLAIN') {

  342.       if (parsed.auth && parsed.auth.db == null) {

  343.         parsed.auth = Object.assign({}, parsed.auth, { db: '$external' });

  344.       }

  345.     }

  346.   }

  347. 

  348.   // default to `admin` if nothing else was resolved

  349.   if (parsed.auth && parsed.auth.db == null) {

  350.     parsed.auth = Object.assign({}, parsed.auth, { db: 'admin' });

  351.   }

  352. 

  353.   return parsed;

  354. }

  355. 

  356. /**

  357.  * Parses a query string according the connection string spec.

  358.  *

  359.  * @param {String} query The query string to parse

  360.  * @param {object} [options] The options used for options parsing

  361.  * @return {Object|Error} The parsed query string as an object, or an error if one was encountered

  362.  */

  363. function parseQueryString(query, options) {

  364.   const result = {};

  365.   let parsedQueryString = qs.parse(query);

  366. 

  367.   for (const key in parsedQueryString) {

  368.     const value = parsedQueryString[key];

  369.     if (value === '' || value == null) {

  370.       throw new MongoParseError('Incomplete key value pair for option');

  371.     }

  372. 

  373.     const normalizedKey = key.toLowerCase();

  374.     const parsedValue = parseQueryStringItemValue(normalizedKey, value);

  375.     applyConnectionStringOption(result, normalizedKey, parsedValue, options);

  376.   }

  377. 

  378.   // special cases for known deprecated options

  379.   if (result.wtimeout && result.wtimeoutms) {

  380.     delete result.wtimeout;

  381.     console.warn('Unsupported option `wtimeout` specified');

  382.   }

  383. 

  384.   return Object.keys(result).length ? result : null;

  385. }

  386. 

  387. const PROTOCOL_MONGODB = 'mongodb';

  388. const PROTOCOL_MONGODB_SRV = 'mongodb+srv';

  389. const SUPPORTED_PROTOCOLS = [PROTOCOL_MONGODB, PROTOCOL_MONGODB_SRV];

  390. 

  391. /**

  392.  * Parses a MongoDB connection string

  393.  *

  394.  * @param {*} uri the MongoDB connection string to parse

  395.  * @param {object} [options] Optional settings.

  396.  * @param {boolean} [options.caseTranslate] Whether the parser should translate options back into camelCase after normalization

  397.  * @param {parseCallback} callback

  398.  */

  399. function parseConnectionString(uri, options, callback) {

  400.   if (typeof options === 'function') (callback = options), (options = {});

  401.   options = Object.assign({}, { caseTranslate: true }, options);

  402. 

  403.   // Check for bad uris before we parse

  404.   try {

  405.     URL.parse(uri);

  406.   } catch (e) {

  407.     return callback(new MongoParseError('URI malformed, cannot be parsed'));

  408.   }

  409. 

  410.   const cap = uri.match(HOSTS_RX);

  411.   if (!cap) {

  412.     return callback(new MongoParseError('Invalid connection string'));

  413.   }

  414. 

  415.   const protocol = cap[1];

  416.   if (SUPPORTED_PROTOCOLS.indexOf(protocol) === -1) {

  417.     return callback(new MongoParseError('Invalid protocol provided'));

  418.   }

  419. 

  420.   if (protocol === PROTOCOL_MONGODB_SRV) {

  421.     return parseSrvConnectionString(uri, options, callback);

  422.   }

  423. 

  424.   const dbAndQuery = cap[4].split('?');

  425.   const db = dbAndQuery.length > 0 ? dbAndQuery[0] : null;

  426.   const query = dbAndQuery.length > 1 ? dbAndQuery[1] : null;

  427. 

  428.   let parsedOptions;

  429.   try {

  430.     parsedOptions = parseQueryString(query, options);

  431.   } catch (parseError) {

  432.     return callback(parseError);

  433.   }

  434. 

  435.   parsedOptions = Object.assign({}, parsedOptions, options);

  436.   const auth = { username: null, password: null, db: db && db !== '' ? qs.unescape(db) : null };

  437.   if (parsedOptions.auth) {

  438.     // maintain support for legacy options passed into `MongoClient`

  439.     if (parsedOptions.auth.username) auth.username = parsedOptions.auth.username;

  440.     if (parsedOptions.auth.user) auth.username = parsedOptions.auth.user;

  441.     if (parsedOptions.auth.password) auth.password = parsedOptions.auth.password;

  442.   }

  443. 

  444.   if (cap[4].split('?')[0].indexOf('@') !== -1) {

  445.     return callback(new MongoParseError('Unescaped slash in userinfo section'));

  446.   }

  447. 

  448.   const authorityParts = cap[3].split('@');

  449.   if (authorityParts.length > 2) {

  450.     return callback(new MongoParseError('Unescaped at-sign in authority section'));

  451.   }

  452. 

  453.   if (authorityParts.length > 1) {

  454.     const authParts = authorityParts.shift().split(':');

  455.     if (authParts.length > 2) {

  456.       return callback(new MongoParseError('Unescaped colon in authority section'));

  457.     }

  458. 

  459.     auth.username = qs.unescape(authParts[0]);

  460.     auth.password = authParts[1] ? qs.unescape(authParts[1]) : null;

  461.   }

  462. 

  463.   let hostParsingError = null;

  464.   const hosts = authorityParts

  465.     .shift()

  466.     .split(',')

  467.     .map(host => {

  468.       let parsedHost = URL.parse(`mongodb://${host}`);

  469.       if (parsedHost.path === '/:') {

  470.         hostParsingError = new MongoParseError('Double colon in host identifier');

  471.         return null;

  472.       }

  473. 

  474.       // heuristically determine if we're working with a domain socket

  475.       if (host.match(/\.sock/)) {

  476.         parsedHost.hostname = qs.unescape(host);

  477.         parsedHost.port = null;

  478.       }

  479. 

  480.       if (Number.isNaN(parsedHost.port)) {

  481.         hostParsingError = new MongoParseError('Invalid port (non-numeric string)');

  482.         return;

  483.       }

  484. 

  485.       const result = {

  486.         host: parsedHost.hostname,

  487.         port: parsedHost.port ? parseInt(parsedHost.port) : 27017

  488.       };

  489. 

  490.       if (result.port === 0) {

  491.         hostParsingError = new MongoParseError('Invalid port (zero) with hostname');

  492.         return;

  493.       }

  494. 

  495.       if (result.port > 65535) {

  496.         hostParsingError = new MongoParseError('Invalid port (larger than 65535) with hostname');

  497.         return;

  498.       }

  499. 

  500.       if (result.port < 0) {

  501.         hostParsingError = new MongoParseError('Invalid port (negative number)');

  502.         return;

  503.       }

  504. 

  505.       return result;

  506.     })

  507.     .filter(host => !!host);

  508. 

  509.   if (hostParsingError) {

  510.     return callback(hostParsingError);

  511.   }

  512. 

  513.   if (hosts.length === 0 || hosts[0].host === '' || hosts[0].host === null) {

  514.     return callback(new MongoParseError('No hostname or hostnames provided in connection string'));

  515.   }

  516. 

  517.   const result = {

  518.     hosts: hosts,

  519.     auth: auth.db || auth.username ? auth : null,

  520.     options: Object.keys(parsedOptions).length ? parsedOptions : null

  521.   };

  522. 

  523.   if (result.auth && result.auth.db) {

  524.     result.defaultDatabase = result.auth.db;

  525.   }

  526. 

  527.   try {

  528.     applyAuthExpectations(result);

  529.   } catch (authError) {

  530.     return callback(authError);

  531.   }

  532. 

  533.   callback(null, result);

  534. }

  535. 

  536. module.exports = parseConnectionString;