Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(NODE-4136): adjust Node.js bindings for shared library spec #306

Merged
merged 2 commits into from
Apr 21, 2022
Merged

feat(NODE-4136): adjust Node.js bindings for shared library spec #306

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
aec6790
feat(NODE-4136): adjust Node.js bindings for shared library spec
addaleax Apr 19, 2022
95984c3
fixup: add bindings for bypassQueryAnalysis and encryptedFieldsMap
addaleax Apr 21, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
25 changes: 23 additions & 2 deletions bindings/node/lib/autoEncrypter.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -108,6 +108,12 @@ module.exports = function (modules) {
: this._bson.serialize(options.schemaMap);
}

if (options.encryptedFieldsMap) {
mongoCryptOptions.encryptedFieldsMap = Buffer.isBuffer(options.encryptedFieldsMap)
? options.encryptedFieldsMap
: this._bson.serialize(options.encryptedFieldsMap);
}

if (options.kmsProviders) {
mongoCryptOptions.kmsProviders = !Buffer.isBuffer(options.kmsProviders)
? this._bson.serialize(options.kmsProviders)
Expand All @@ -125,16 +131,27 @@ module.exports = function (modules) {
}

if (options.extraOptions && options.extraOptions.csfleSearchPaths) {
// Only for driver testing
mongoCryptOptions.csfleSearchPaths = options.extraOptions.csfleSearchPaths;
} else if (!this._bypassEncryption) {
mongoCryptOptions.csfleSearchPaths = ['$SYSTEM'];
addaleax marked this conversation as resolved.
Show resolved Hide resolved
}

if (options.bypassQueryAnalysis) {
mongoCryptOptions.bypassQueryAnalysis = options.bypassQueryAnalysis;
}

Object.assign(mongoCryptOptions, { cryptoCallbacks });
this._mongocrypt = new mc.MongoCrypt(mongoCryptOptions);
this._contextCounter = 0;

if (options.extraOptions && options.extraOptions.csfleRequired && !this.csfleVersionInfo) {
throw new MongoError('`csfleRequired` set but no csfle shared library loaded');
}

// Only instantiate mongocryptd manager/client once we know for sure
// that we are not using the CSFLE shared library.
if (!this._bypassAutoEncryption && !this.csfleVersionInfo) {
if (!this._bypassEncryption && !this.csfleVersionInfo) {
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I didn’t realize in efad8b6 that this condition (before the addition of csfleVersionInfo) would never actually have been hit due to the typo.

Obviously it would be possible to go the other way here as well, i.e. drop the conditional entirely and always create _mongocryptdManager and _mongocryptdClient. Let me know if you have a specific preference 🙂

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it makes sense to not have the cryptdManager exist when we are using the lib. Good catch!

this._mongocryptdManager = new MongocryptdManager(options.extraOptions);
this._mongocryptdClient = new MongoClient(this._mongocryptdManager.uri, {
useNewUrlParser: true,
Expand Down Expand Up @@ -181,7 +198,11 @@ module.exports = function (modules) {
* @param {Function} callback Invoked when the mongocryptd client either successfully disconnects or errors
*/
teardown(force, callback) {
this._mongocryptdClient.close(force, callback);
if (this._mongocryptdClient) {
this._mongocryptdClient.close(force, callback);
} else {
callback();
}
}

/**
Expand Down
18 changes: 18 additions & 0 deletions bindings/node/src/mongocrypt.cc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -395,6 +395,20 @@ MongoCrypt::MongoCrypt(const CallbackInfo& info)
}
}

if (options.Has("encryptedFieldsMap")) {
Napi::Value encryptedFieldsMapBuffer = options["encryptedFieldsMap"];

if (!encryptedFieldsMapBuffer.IsBuffer()) {
throw TypeError::New(Env(), "Option `encryptedFieldsMap` must be a Buffer");
}

std::unique_ptr<mongocrypt_binary_t, MongoCryptBinaryDeleter> encryptedFieldsMapBinary(
BufferToBinary(encryptedFieldsMapBuffer.As<Uint8Array>()));
if (!mongocrypt_setopt_encrypted_field_config_map(_mongo_crypt.get(), encryptedFieldsMapBinary.get())) {
throw TypeError::New(Env(), errorStringFromStatus(_mongo_crypt.get()));
}
}

if (options.Has("logger")) {
SetCallback("logger", options["logger"]);
if (!mongocrypt_setopt_log_handler(
Expand Down Expand Up @@ -438,6 +452,10 @@ MongoCrypt::MongoCrypt(const CallbackInfo& info)
options.Get("csflePath").ToString().Utf8Value().c_str());
}

if (options.Get("bypassQueryAnalysis").ToBoolean()) {
mongocrypt_setopt_bypass_query_analysis(_mongo_crypt.get());
}

mongocrypt_setopt_use_need_kms_credentials_state(_mongo_crypt.get());

// Initialize after all options are set.
Expand Down
33 changes: 30 additions & 3 deletions bindings/node/test/autoEncrypter.test.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -585,7 +585,7 @@ describe('AutoEncrypter', function () {
const client = new MockClient();
this.mc = new AutoEncrypter(client, encryptionOptions);

const localMcdm = this.mc._mongocryptdManager;
const localMcdm = this.mc._mongocryptdManager || { spawn: () => {} };
sandbox.spy(localMcdm, 'spawn');

this.mc.init(err => {
Expand Down Expand Up @@ -640,7 +640,30 @@ describe('AutoEncrypter', function () {
});

describe('CSFLE shared library', function () {
it('should load a shared library by specifying its path', function () {
it('should fail if no library can be found in the search path and csfleRequired is set', function () {
// NB: This test has to be run before the tests/without having previously
// loaded a CSFLE shared library below to get the right error path.
const client = new MockClient();
try {
new AutoEncrypter(client, {
keyVaultNamespace: 'admin.datakeys',
logger: () => {},
kmsProviders: {
aws: { accessKeyId: 'example', secretAccessKey: 'example' },
local: { key: Buffer.alloc(96) }
},
extraOptions: {
csfleSearchPaths: ['/nonexistent'],
csfleRequired: true
}
});
expect.fail('missed exception');
} catch (err) {
expect(err.message).to.include('`csfleRequired` set but no csfle shared library loaded');
}
});

it('should load a shared library by specifying its path', function (done) {
const client = new MockClient();
this.mc = new AutoEncrypter(client, {
keyVaultNamespace: 'admin.datakeys',
Expand All @@ -661,9 +684,11 @@ describe('AutoEncrypter', function () {
version: BigInt(0x000600020001000),
versionStr: 'stubbed-mongo_csfle'
});

this.mc.teardown(true, done);
});

it('should load a shared library by specifying a search path', function () {
it('should load a shared library by specifying a search path', function (done) {
const client = new MockClient();
this.mc = new AutoEncrypter(client, {
keyVaultNamespace: 'admin.datakeys',
Expand All @@ -684,6 +709,8 @@ describe('AutoEncrypter', function () {
version: BigInt(0x000600020001000),
versionStr: 'stubbed-mongo_csfle'
});

this.mc.teardown(true, done);
});
});
});