neo4j-driver
Advanced tools
Comparing version 1.0.4 to 1.0.5
@@ -257,3 +257,3 @@ /** | ||
* // | ||
* // TRUST_SIGNED_CERTIFICATES is the classic approach to trust verification - | ||
* // TRUST_CUSTOM_CA_SIGNED_CERTIFICATES is the classic approach to trust verification - | ||
* // whenever we establish an encrypted connection, we ensure the host is using | ||
@@ -263,6 +263,9 @@ * // an encryption certificate that is in, or is signed by, a certificate listed | ||
* // by the web browser. In NodeJS, you configure the list with the next config option. | ||
* trust: "TRUST_ON_FIRST_USE" | "TRUST_SIGNED_CERTIFICATES", | ||
* // | ||
* // TRUST_SYSTEM_CA_SIGNED_CERTIFICATES meand that you trust whatever certificates | ||
* // are in the default certificate chain of th | ||
* trust: "TRUST_ON_FIRST_USE" | "TRUST_SIGNED_CERTIFICATES" | TRUST_CUSTOM_CA_SIGNED_CERTIFICATES | TRUST_SYSTEM_CA_SIGNED_CERTIFICATES, | ||
* | ||
* // List of one or more paths to trusted encryption certificates. This only | ||
* // works in the NodeJS bundle, and only matters if you use "TRUST_SIGNED_CERTIFICATES". | ||
* // works in the NodeJS bundle, and only matters if you use "TRUST_CUSTOM_CA_SIGNED_CERTIFICATES". | ||
* // The certificate files should be in regular X.509 PEM format. | ||
@@ -269,0 +272,0 @@ * // For instance, ['./trusted.pem'] |
@@ -133,5 +133,12 @@ /** | ||
var TrustStrategy = { | ||
/** | ||
* @deprecated Since version 1.0. Will be deleted in a future version. TRUST_CUSTOM_CA_SIGNED_CERTIFICATES. | ||
*/ | ||
TRUST_SIGNED_CERTIFICATES: function TRUST_SIGNED_CERTIFICATES(opts, onSuccess, onFailure) { | ||
console.log("`TRUST_SIGNED_CERTIFICATES` has been deprecated as option and will be removed in a future version of " + "the driver. Please use `TRUST_CUSTOM_CA_SIGNED_CERTIFICATES` instead."); | ||
return TrustStrategy.TRUST_CUSTOM_CA_SIGNED_CERTIFICATES(opts, onSuccess, onFailure); | ||
}, | ||
TRUST_CUSTOM_CA_SIGNED_CERTIFICATES: function TRUST_CUSTOM_CA_SIGNED_CERTIFICATES(opts, onSuccess, onFailure) { | ||
if (!opts.trustedCertificates || opts.trustedCertificates.length == 0) { | ||
onFailure((0, _error.newError)("You are using TRUST_SIGNED_CERTIFICATES as the method " + "to verify trust for encrypted connections, but have not configured any " + "trustedCertificates. You must specify the path to at least one trusted " + "X.509 certificate for this to work. Two other alternatives is to use " + "TRUST_ON_FIRST_USE or to disable encryption by setting encrypted=false " + "in your driver configuration.")); | ||
onFailure((0, _error.newError)("You are using TRUST_CUSTOM_CA_SIGNED_CERTIFICATES as the method " + "to verify trust for encrypted connections, but have not configured any " + "trustedCertificates. You must specify the path to at least one trusted " + "X.509 certificate for this to work. Two other alternatives is to use " + "TRUST_ON_FIRST_USE or to disable encryption by setting encrypted=false " + "in your driver configuration.")); | ||
return; | ||
@@ -141,3 +148,5 @@ } | ||
var tlsOpts = { | ||
ca: opts.trustedCertificates.map(_fs2['default'].readFileSync), | ||
ca: opts.trustedCertificates.map(function (f) { | ||
return _fs2['default'].readFileSync(f); | ||
}), | ||
// Because we manually check for this in the connect callback, to give | ||
@@ -150,3 +159,3 @@ // a more helpful error to the user | ||
if (!socket.authorized) { | ||
onFailure((0, _error.newError)("Server certificate is not trusted. If you trust the database you are connecting to, add" + " the signing certificate, or the server certificate, to the list of certificates trusted by this driver" + " using `neo4j.v1.driver(.., { trustedCertificates:['path/to/certificate.crt']}). This " + " is a security measure to protect against man-in-the-middle attacks. If you are just trying " + " Neo4j out and are not concerned about encryption, simply disable it using `encrypted=false` in the driver" + " options.")); | ||
onFailure((0, _error.newError)("Server certificate is not trusted. If you trust the database you are connecting to, add" + " the signing certificate, or the server certificate, to the list of certificates trusted by this driver" + " using `neo4j.v1.driver(.., { trustedCertificates:['path/to/certificate.crt']}). This " + " is a security measure to protect against man-in-the-middle attacks. If you are just trying " + " Neo4j out and are not concerned about encryption, simply disable it using `encrypted=false` in the driver" + " options. Socket responded with: " + socket.authorizationError)); | ||
} else { | ||
@@ -159,2 +168,19 @@ onSuccess(); | ||
}, | ||
TRUST_SYSTEM_CA_SIGNED_CERTIFICATES: function TRUST_SYSTEM_CA_SIGNED_CERTIFICATES(opts, onSuccess, onFailure) { | ||
var tlsOpts = { | ||
// Because we manually check for this in the connect callback, to give | ||
// a more helpful error to the user | ||
rejectUnauthorized: false | ||
}; | ||
var socket = _tls2['default'].connect(opts.port, opts.host, tlsOpts, function () { | ||
if (!socket.authorized) { | ||
onFailure((0, _error.newError)("Server certificate is not trusted. If you trust the database you are connecting to, use " + "TRUST_CUSTOM_CA_SIGNED_CERTIFICATES and add" + " the signing certificate, or the server certificate, to the list of certificates trusted by this driver" + " using `neo4j.v1.driver(.., { trustedCertificates:['path/to/certificate.crt']}). This " + " is a security measure to protect against man-in-the-middle attacks. If you are just trying " + " Neo4j out and are not concerned about encryption, simply disable it using `encrypted=false` in the driver" + " options.")); | ||
} else { | ||
onSuccess(); | ||
} | ||
}); | ||
socket.on('error', onFailure); | ||
return socket; | ||
}, | ||
TRUST_ON_FIRST_USE: function TRUST_ON_FIRST_USE(opts, onSuccess, onFailure) { | ||
@@ -174,3 +200,3 @@ var tlsOpts = { | ||
// do TOFU, and the safe approach is to fail. | ||
onFailure((0, _error.newError)("You are using a version of NodeJS that does not " + "support trust-on-first use encryption. You can either upgrade NodeJS to " + "a newer version, use `trust:TRUST_SIGNED_CERTIFICATES` in your driver " + "config instead, or disable encryption using `encrypted:false`.")); | ||
onFailure((0, _error.newError)("You are using a version of NodeJS that does not " + "support trust-on-first use encryption. You can either upgrade NodeJS to " + "a newer version, use `trust:TRUST_CUSTOM_CA_SIGNED_CERTIFICATES` in your driver " + "config instead, or disable encryption using `encrypted:false`.")); | ||
return; | ||
@@ -215,3 +241,3 @@ } | ||
} else { | ||
onFailure((0, _error.newError)("Unknown trust strategy: " + opts.trust + ". Please use either " + "trust:'TRUST_SIGNED_CERTIFICATES' or trust:'TRUST_ON_FIRST_USE' in your driver " + "configuration. Alternatively, you can disable encryption by setting " + "`encrypted:false`. There is no mechanism to use encryption without trust verification, " + "because this incurs the overhead of encryption without improving security. If " + "the driver does not verify that the peer it is connected to is really Neo4j, it " + "is very easy for an attacker to bypass the encryption by pretending to be Neo4j.")); | ||
onFailure((0, _error.newError)("Unknown trust strategy: " + opts.trust + ". Please use either " + "trust:'TRUST_CUSTOM_CA_SIGNED_CERTIFICATES' or trust:'TRUST_ON_FIRST_USE' in your driver " + "configuration. Alternatively, you can disable encryption by setting " + "`encrypted:false`. There is no mechanism to use encryption without trust verification, " + "because this incurs the overhead of encryption without improving security. If " + "the driver does not verify that the peer it is connected to is really Neo4j, it " + "is very easy for an attacker to bypass the encryption by pretending to be Neo4j.")); | ||
} | ||
@@ -259,2 +285,3 @@ } | ||
self._conn.on('error', self._handleConnectionError); | ||
self._conn.on('end', self._handleConnectionTerminated); | ||
@@ -278,2 +305,10 @@ // Drain all pending messages | ||
} | ||
}, { | ||
key: '_handleConnectionTerminated', | ||
value: function _handleConnectionTerminated() { | ||
this._error = new Error('Connection was closed by server'); | ||
if (this.onerror) { | ||
this.onerror(this._error); | ||
} | ||
} | ||
@@ -313,2 +348,3 @@ /** | ||
this._conn.end(); | ||
this._conn.removeListener('end', this._handleConnectionTerminated); | ||
this._conn.on('end', cb); | ||
@@ -315,0 +351,0 @@ } else { |
@@ -60,6 +60,6 @@ /** | ||
if (opts.encrypted) { | ||
if (!opts.trust || opts.trust === "TRUST_SIGNED_CERTIFICATES") { | ||
if (!opts.trust || opts.trust === "TRUST_SIGNED_CERTIFICATES" || opts.trust === "TRUST_CUSTOM_CA_SIGNED_CERTIFICATES") { | ||
scheme = "wss"; | ||
} else { | ||
this._error = (0, _error.newError)("The browser version of this driver only supports one trust " + "strategy, 'TRUST_SIGNED_CERTIFICATES'. " + opts.trust + " is not supported. Please " + "either use TRUST_SIGNED_CERTIFICATES or disable encryption by setting " + "`encrypted:false` in the driver configuration."); | ||
this._error = (0, _error.newError)("The browser version of this driver only supports one trust " + "strategy, 'TRUST_CUSTOM_CA_SIGNED_CERTIFICATES'. " + opts.trust + " is not supported. Please " + "either use TRUST_CUSTOM_CA_SIGNED_CERTIFICATES or disable encryption by setting " + "`encrypted:false` in the driver configuration."); | ||
return; | ||
@@ -66,0 +66,0 @@ } |
@@ -101,3 +101,4 @@ /** | ||
//sent before version negotiation | ||
MAGIC_PREAMBLE = 0x6060B017; | ||
MAGIC_PREAMBLE = 0x6060B017, | ||
DEBUG = false; | ||
@@ -113,2 +114,16 @@ var URLREGEX = new RegExp(["[^/]+//", // scheme | ||
/** | ||
* Very rudimentary log handling, should probably be replaced by something proper at some point. | ||
* @param actor the part that sent the message, 'S' for server and 'C' for client | ||
* @param msg the bolt message | ||
*/ | ||
function log(actor, msg) { | ||
if (DEBUG) { | ||
for (var i = 2; i < arguments.length; i++) { | ||
msg += " " + JSON.stringify(arguments[i]); | ||
} | ||
console.log(actor + ":" + msg); | ||
} | ||
} | ||
function port(url) { | ||
@@ -322,5 +337,7 @@ return url.match(URLREGEX)[3]; | ||
case RECORD: | ||
log("S", "RECORD", msg.fields[0]); | ||
this._currentObserver.onNext(msg.fields[0]); | ||
break; | ||
case SUCCESS: | ||
log("S", "SUCCESS", msg.fields[0]); | ||
try { | ||
@@ -333,2 +350,3 @@ this._currentObserver.onCompleted(msg.fields[0]); | ||
case FAILURE: | ||
log("S", "FAILURE", msg); | ||
try { | ||
@@ -363,2 +381,3 @@ this._currentObserver.onError(msg); | ||
case IGNORED: | ||
log("S", "IGNORED"); | ||
try { | ||
@@ -381,2 +400,3 @@ if (this._errorMsg && this._currentObserver.onError) this._currentObserver.onError(this._errorMsg);else if (this._currentObserver.onError) this._currentObserver.onError(msg); | ||
log("C", "INIT", clientName, token); | ||
this._queueObserver(observer); | ||
@@ -396,2 +416,3 @@ this._packer.packStruct(INIT, [this._packable(clientName), this._packable(token)], function (err) { | ||
log("C", "RUN", statement, params); | ||
this._queueObserver(observer); | ||
@@ -410,2 +431,3 @@ this._packer.packStruct(RUN, [this._packable(statement), this._packable(params)], function (err) { | ||
log("C", "PULL_ALL"); | ||
this._queueObserver(observer); | ||
@@ -424,2 +446,3 @@ this._packer.packStruct(PULL_ALL, [], function (err) { | ||
log("C", "DISCARD_ALL"); | ||
this._queueObserver(observer); | ||
@@ -438,2 +461,3 @@ this._packer.packStruct(DISCARD_ALL, [], function (err) { | ||
log("C", "RESET"); | ||
this._isHandlingFailure = true; | ||
@@ -464,2 +488,3 @@ var self = this; | ||
log("C", "ACK_FAILURE"); | ||
this._queueObserver(observer); | ||
@@ -541,3 +566,3 @@ this._packer.packStruct(ACK_FAILURE, [], function (err) { | ||
// Default to using trust-on-first-use if it is available | ||
trust: config.trust || ((0, _features2["default"])("trust_on_first_use") ? "TRUST_ON_FIRST_USE" : "TRUST_SIGNED_CERTIFICATES"), | ||
trust: config.trust || ((0, _features2["default"])("trust_on_first_use") ? "TRUST_ON_FIRST_USE" : "TRUST_CUSTOM_CA_SIGNED_CERTIFICATES"), | ||
trustedCertificates: config.trustedCertificates || [], | ||
@@ -544,0 +569,0 @@ knownHosts: config.knownHosts |
@@ -66,7 +66,12 @@ /** | ||
value: function acquire() { | ||
if (this._pool.length > 0) { | ||
return this._pool.pop(); | ||
} else { | ||
return this._create(this._release); | ||
var resource = undefined; | ||
while (this._pool.length) { | ||
resource = this._pool.pop(); | ||
if (this._validate(resource)) { | ||
return resource; | ||
} | ||
} | ||
return this._create(this._release); | ||
} | ||
@@ -73,0 +78,0 @@ }, { |
@@ -50,6 +50,11 @@ /** | ||
this.statementType = metadata.type; | ||
this.updateStatistics = new StatementStatistics(metadata.stats || {}); | ||
var counters = new StatementStatistics(metadata.stats || {}); | ||
this.counters = counters; | ||
//for backwards compatibility, remove in future version | ||
this.updateStatistics = counters; | ||
this.plan = metadata.plan || metadata.profile ? new Plan(metadata.plan || metadata.profile) : false; | ||
this.profile = metadata.profile ? new ProfiledPlan(metadata.profile) : false; | ||
this.notifications = this._buildNotifications(metadata.notifications); | ||
this.resultConsumedAfter = metadata.result_consumed_after; | ||
this.resultAvailableAfter = metadata.result_available_after; | ||
} | ||
@@ -56,0 +61,0 @@ |
@@ -51,5 +51,6 @@ /** | ||
* @param {Object} parameters - Map with parameters to use in statement | ||
* @param metaSupplier function, when called provides metadata | ||
*/ | ||
function Result(streamObserver, statement, parameters) { | ||
function Result(streamObserver, statement, parameters, metaSupplier) { | ||
_classCallCheck(this, Result); | ||
@@ -61,2 +62,5 @@ | ||
this._parameters = parameters || {}; | ||
this._metaSupplier = metaSupplier || function () { | ||
return {}; | ||
}; | ||
} | ||
@@ -138,3 +142,11 @@ | ||
var onCompletedOriginal = observer.onCompleted; | ||
var self = this; | ||
var onCompletedWrapper = function onCompletedWrapper(metadata) { | ||
var additionalMeta = self._metaSupplier(); | ||
for (var key in additionalMeta) { | ||
if (additionalMeta.hasOwnProperty(key)) { | ||
metadata[key] = additionalMeta[key]; | ||
} | ||
} | ||
var sum = new _resultSummary.ResultSummary(_this._statement, _this._parameters, metadata); | ||
@@ -141,0 +153,0 @@ onCompletedOriginal.call(observer, sum); |
@@ -26,2 +26,4 @@ /** | ||
var _get = function get(_x3, _x4, _x5) { var _again = true; _function: while (_again) { var object = _x3, property = _x4, receiver = _x5; _again = false; if (object === null) object = Function.prototype; var desc = Object.getOwnPropertyDescriptor(object, property); if (desc === undefined) { var parent = Object.getPrototypeOf(object); if (parent === null) { return undefined; } else { _x3 = parent; _x4 = property; _x5 = receiver; _again = true; desc = parent = undefined; continue _function; } } else if ('value' in desc) { return desc.value; } else { var getter = desc.get; if (getter === undefined) { return undefined; } return getter.call(receiver); } } }; | ||
var _createClass = (function () { function defineProperties(target, props) { for (var i = 0; i < props.length; i++) { var descriptor = props[i]; descriptor.enumerable = descriptor.enumerable || false; descriptor.configurable = true; if ('value' in descriptor) descriptor.writable = true; Object.defineProperty(target, descriptor.key, descriptor); } } return function (Constructor, protoProps, staticProps) { if (protoProps) defineProperties(Constructor.prototype, protoProps); if (staticProps) defineProperties(Constructor, staticProps); return Constructor; }; })(); | ||
@@ -31,2 +33,4 @@ | ||
function _inherits(subClass, superClass) { if (typeof superClass !== 'function' && superClass !== null) { throw new TypeError('Super expression must either be null or a function, not ' + typeof superClass); } subClass.prototype = Object.create(superClass && superClass.prototype, { constructor: { value: subClass, enumerable: false, writable: true, configurable: true } }); if (superClass) Object.setPrototypeOf ? Object.setPrototypeOf(subClass, superClass) : subClass.__proto__ = superClass; } | ||
function _classCallCheck(instance, Constructor) { if (!(instance instanceof Constructor)) { throw new TypeError('Cannot call a class as a function'); } } | ||
@@ -46,2 +50,4 @@ | ||
var _integer = require("./integer"); | ||
var _error = require("./error"); | ||
@@ -70,2 +76,4 @@ | ||
/** Internal stream observer used for transactional results*/ | ||
/** | ||
@@ -89,3 +97,3 @@ * Run Cypher statement | ||
} | ||
var streamObserver = new _internalStreamObserver2['default'](); | ||
var streamObserver = new _RunObserver(); | ||
if (!this._hasTx) { | ||
@@ -98,3 +106,5 @@ this._conn.run(statement, parameters, streamObserver); | ||
} | ||
return new _result2['default'](streamObserver, statement, parameters); | ||
return new _result2['default'](streamObserver, statement, parameters, function () { | ||
return streamObserver.meta(); | ||
}); | ||
} | ||
@@ -152,3 +162,33 @@ | ||
var _RunObserver = (function (_StreamObserver) { | ||
_inherits(_RunObserver, _StreamObserver); | ||
function _RunObserver() { | ||
_classCallCheck(this, _RunObserver); | ||
_get(Object.getPrototypeOf(_RunObserver.prototype), 'constructor', this).call(this); | ||
this._meta = {}; | ||
} | ||
_createClass(_RunObserver, [{ | ||
key: 'onCompleted', | ||
value: function onCompleted(meta) { | ||
_get(Object.getPrototypeOf(_RunObserver.prototype), 'onCompleted', this).call(this, meta); | ||
for (var key in meta) { | ||
if (meta.hasOwnProperty(key)) { | ||
this._meta[key] = meta[key]; | ||
} | ||
} | ||
} | ||
}, { | ||
key: 'meta', | ||
value: function meta() { | ||
return this._meta; | ||
} | ||
}]); | ||
return _RunObserver; | ||
})(_internalStreamObserver2['default']); | ||
exports['default'] = Session; | ||
module.exports = exports['default']; |
{ | ||
"name": "neo4j-driver", | ||
"version": "1.0.4", | ||
"version": "1.0.5", | ||
"description": "Connect to Neo4j 3.0.0 and up from JavaScript", | ||
@@ -5,0 +5,0 @@ "author": "Neo Technology Inc.", |
Sorry, the diff of this file is too big to display
Sorry, the diff of this file is too big to display
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
3271310
43359