-
Notifications
You must be signed in to change notification settings - Fork 1.8k
/
add_user.ts
118 lines (101 loc) · 3.44 KB
/
add_user.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
import * as crypto from 'crypto';
import type { Document } from '../bson';
import type { Db } from '../db';
import { MongoInvalidArgumentError } from '../error';
import type { Server } from '../sdam/server';
import type { ClientSession } from '../sessions';
import { Callback, emitWarningOnce, getTopology } from '../utils';
import { CommandOperation, CommandOperationOptions } from './command';
import { Aspect, defineAspects } from './operation';
/** @public */
export interface RoleSpecification {
/**
* A role grants privileges to perform sets of actions on defined resources.
* A given role applies to the database on which it is defined and can grant access down to a collection level of granularity.
*/
role: string;
/** The database this user's role should effect. */
db: string;
}
/** @public */
export interface AddUserOptions extends CommandOperationOptions {
/** @deprecated Please use db.command('createUser', ...) instead for this option */
digestPassword?: null;
/** Roles associated with the created user */
roles?: string | string[] | RoleSpecification | RoleSpecification[];
/** Custom data associated with the user (only Mongodb 2.6 or higher) */
customData?: Document;
}
/** @internal */
export class AddUserOperation extends CommandOperation<Document> {
override options: AddUserOptions;
db: Db;
username: string;
password?: string;
constructor(db: Db, username: string, password: string | undefined, options?: AddUserOptions) {
super(db, options);
this.db = db;
this.username = username;
this.password = password;
this.options = options ?? {};
}
override execute(
server: Server,
session: ClientSession | undefined,
callback: Callback<Document>
): void {
const db = this.db;
const username = this.username;
const password = this.password;
const options = this.options;
// Error out if digestPassword set
if (options.digestPassword != null) {
return callback(
new MongoInvalidArgumentError(
'Option "digestPassword" not supported via addUser, use db.command(...) instead'
)
);
}
let roles;
if (!options.roles || (Array.isArray(options.roles) && options.roles.length === 0)) {
emitWarningOnce(
'Creating a user without roles is deprecated. Defaults to "root" if db is "admin" or "dbOwner" otherwise'
);
if (db.databaseName.toLowerCase() === 'admin') {
roles = ['root'];
} else {
roles = ['dbOwner'];
}
} else {
roles = Array.isArray(options.roles) ? options.roles : [options.roles];
}
let topology;
try {
topology = getTopology(db);
} catch (error) {
return callback(error);
}
const digestPassword = topology.lastHello().maxWireVersion >= 7;
let userPassword = password;
if (!digestPassword) {
// Use node md5 generator
const md5 = crypto.createHash('md5');
// Generate keys used for authentication
md5.update(`${username}:mongo:${password}`);
userPassword = md5.digest('hex');
}
// Build the command to execute
const command: Document = {
createUser: username,
customData: options.customData || {},
roles: roles,
digestPassword
};
// No password
if (typeof password === 'string') {
command.pwd = userPassword;
}
super.executeCommand(server, session, command, callback);
}
}
defineAspects(AddUserOperation, [Aspect.WRITE_OPERATION]);