Merge pull request #2129 from kuzzleio/2.14.0-proposal

Release 2.14.0

.eslintignore

@@ -19,6 +19,7 @@ lib/core/backend/backendVault.js
 lib/core/backend/index.js
 lib/core/backend/internalLogger.js
 lib/core/shared/sdk/embeddedSdk.js
+lib/core/shared/KoncordeWrapper.js
 lib/core/plugin/pluginContext.js
 lib/api/request/index.js
 lib/api/request/kuzzle-request.js
@@ -60,4 +61,5 @@ lib/types/Global.js
 lib/util/interfaces.js
 lib/util/mutex.js
 lib/util/inflector.js
+lib/util/koncordeCompat.js
 features/support/application/functional-tests-app.js

.gitignore

@@ -83,13 +83,15 @@ lib/core/backend/backendCluster.js
 lib/core/backend/backendConfig.js
 lib/core/backend/backendController.js
 lib/core/backend/backendHook.js
+lib/core/backend/backendImport.js
 lib/core/backend/backendPipe.js
 lib/core/backend/backendPlugin.js
 lib/core/backend/backendStorage.js
 lib/core/backend/backendVault.js
 lib/core/backend/internalLogger.js
 lib/core/backend/index.js
 lib/core/shared/sdk/embeddedSdk.js
+lib/core/shared/KoncordeWrapper.js
 lib/core/plugin/pluginContext.js
 lib/api/request/index.js
 lib/api/request/kuzzleRequest.js
@@ -131,6 +133,7 @@ lib/types/Global.js
 lib/util/interfaces.js
 lib/util/mutex.js
 lib/util/inflector.js
+lib/util/koncordeCompat.js
 features-sdk/support/application/functional-tests-app.js
 docker/scripts/functional-tests-controller.js
 docker/scripts/start-kuzzle-dev.js

.kuzzlerc.sample

@@ -12,14 +12,25 @@
     // * accessControlAllowOrigin:
     //    sets the default Access-Control-Allow-Origin HTTP
     //    header used to send responses to the client
+    // * accessControlAllowOriginUseRegExp
+    //    Allow the usage of Regular Expressions to verify the origin
+    //    based on Access-Control-Allow-Origin.
+    //    /!\ This convert every string in Access-Control-Allow-Origin into Regular Expressions
+    //    be careful with the Regular Expressions that you use.
     // * accessControlAllowMethods:
     //    sets the default Access-Control-Allow-Method header
     // * accessControlAllowHeaders:
     //    sets the default Access-Control-Allow-Headers
     // (see https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS)
+    // * cookieAuthentication:
+    //    Allows browser clients to connect to Kuzzle with cookies.
+    //    /!\ This should not be allowed if the "http.accessControlAllowOrigin"
+    //    configuration contains a wildcard ("*").
     "accessControlAllowOrigin": "*",
+    "accessControlAllowOriginUseRegExp": false,
     "accessControlAllowMethods": "GET,POST,PUT,PATCH,DELETE,OPTIONS,HEAD",
-    "accessControlAllowHeaders": "Content-Type, Access-Control-Allow-Headers, Authorization, X-Requested-With, Content-Encoding, Content-Length, X-Kuzzle-Volatile"
+    "accessControlAllowHeaders": "Content-Type, Access-Control-Allow-Headers, Authorization, X-Requested-With, Content-Encoding, Content-Length, X-Kuzzle-Volatile",
+    "cookieAuthentication": true
   },
 
   // Kuzzle configured limits
@@ -55,18 +66,14 @@
     //      NB: A condition is either a "simple" operator (anything but "and",
     //          "or" and "bool"), or a boolean condition that contains only
     //          simple operators.
-    // * subscriptionMinterms
-    //      Maximum number of minterms (AND) clauses after the filters are
-    //      transformed in their Canonical Disjunctive Normal Form (CDNF).
-    //      Set to 0 for no limit.
     // * subscriptionRooms
     //      Maximum number of different subscription rooms
     //      (i.e. different index+collection+filters subscription
     //      configurations)
     //      Depends primarily on available memory.
     //      If set to 0, an unlimited number of rooms can be created
     // * subscriptionDocumentTTL
-    //      Maximum time (in seconds) a document will be kept in cache for
+    //      Maximum time (in milliseconds) a document will be kept in cache for
     //      real-time subscriptions.
     //      This cache is used to notify subscriber when a document enters or
     //      leaves a scope after an update.
@@ -83,10 +90,9 @@
     "loginsPerSecond": 1,
     "requestsBufferSize": 50000,
     "requestsBufferWarningThreshold": 5000,
-    "subscriptionConditionsCount": 16,
-    "subscriptionMinterms": 0,
+    "subscriptionConditionsCount": 100,
     "subscriptionRooms": 1000000,
-    "subscriptionDocumentTTL": 259200 // 72 * 60 * 60
+    "subscriptionDocumentTTL": 259200000 // 72 * 60 * 60 * 1000
   },
 
   // The application section lets you configure your application
@@ -196,12 +202,12 @@
   "repositories": {
     // [Common]
     //   * cacheTTL:
-    //      Time to live (in seconds) of cached objects.
+    //      Time to live (in milliseconds) of cached objects.
     //      Decreasing this value will lower Redis memory and
     //      disk consumption, at the cost of increasing
     //      queries rate to the database and response times
     "common": {
-      "cacheTTL": 1440
+      "cacheTTL": 1440000
     }
   },
 
@@ -420,6 +426,8 @@
         // * server
         //    Constructor options passed to underlying MQTT server.
         //    See aedes documentation for further reference: https://github.com/moscajs/aedes
+        // * realtimeNotifications:
+        //    Set to "true" to enable realtime notifications like "TokenExpired" notifications
         "enabled": false,
         "allowPubSub": false,
         "developmentMode": false,
@@ -428,7 +436,8 @@
         "responseTopic": "Kuzzle/response",
         "server": {
           "port": 1883
-        }
+        },
+        "realtimeNotifications": true
       },
       "websocket": {
         // * compression:
@@ -448,10 +457,13 @@
         //    submit to the server.
         //    Requests exceeding that rate limit are rejected.
         //    Disabled if set to 0.
+        // * realtimeNotifications:
+        //    Set to "true" to enable realtime notifications like "TokenExpired" notifications
         "compression": false,
         "enabled": true,
         "idleTimeout": 60000,
-        "rateLimit": 0
+        "rateLimit": 0,
+        "realtimeNotifications": true
       }
     }
   },

doc/2/api/controllers/auth/logout/index.md

@@ -8,7 +8,8 @@ title: logout
 
 
 
-Revokes the provided authentication token.
+Revokes the provided authentication token if it's not an API key.
+If you are trying to delete an API key, see [auth:deleteApiKey](/core/2/api/controllers/auth/delete-api-key).
 
 If there were any, real-time subscriptions are cancelled.
 
@@ -43,7 +44,7 @@ Headers: Authorization: "Bearer <authentication token>"
 
 ### Optional:
 
-* `global`: if `true`, also revokes all other active sessions instead of just the current one (default: `false`)
+* `global`: if `true`, also revokes all other active sessions that aren't using an API key, instead of just the current one (default: `false`)
 
 * `cookieAuth`: Erase of the token in the [HTTP Cookie](https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies)
   - This only works in a Browser and only if Kuzzle CORS is properly configured. see [Authentication Token in the Browser](/core/2/guides/main-concepts/authentication)

doc/2/api/errors/error-codes/core/index.md

@@ -34,7 +34,7 @@ description: Error codes definitions
 | core.realtime.invalid_state<br/><pre>0x00010003</pre> <DeprecatedBadge version="2.0.0"/> | [BadRequestError](/core/2/api/errors/error-codes#badrequesterror) <pre>(400)</pre> | Invalid value for the "state" parameter (allowed: "all", "done", "pending"). | An invalid value has been provided to the "state" argument |
 | core.realtime.invalid_scope<br/><pre>0x00010004</pre>  | [BadRequestError](/core/2/api/errors/error-codes#badrequesterror) <pre>(400)</pre> | Invalid value for the "scope" parameter (allowed: "all", "in", "out", "none"). | An invalid value has been provided to the "scope" argument |
 | core.realtime.invalid_users<br/><pre>0x00010005</pre>  | [BadRequestError](/core/2/api/errors/error-codes#badrequesterror) <pre>(400)</pre> | Invalid value for the "users" parameter (allowed: "all", "in", "out", "none"). | An invalid value has been provided to the "users" argument |
-| core.realtime.too_many_terms<br/><pre>0x00010006</pre>  | [SizeLimitError](/core/2/api/errors/error-codes#sizelimiterror) <pre>(413)</pre> | Unable to subscribe: maximum number of terms exceeded (max %s, received %s). | The number of filter terms exceeds the configured server limit |
+| core.realtime.too_many_terms<br/><pre>0x00010006</pre> <DeprecatedBadge version="2.12.3"/> | [SizeLimitError](/core/2/api/errors/error-codes#sizelimiterror) <pre>(413)</pre> | Unable to subscribe: maximum number of terms exceeded (max %s, received %s). | The number of filter terms exceeds the configured server limit |
 | core.realtime.too_many_rooms<br/><pre>0x00010007</pre>  | [SizeLimitError](/core/2/api/errors/error-codes#sizelimiterror) <pre>(413)</pre> | Unable to subscribe: maximum number of unique rooms reached. | The configured number of unique rooms has been reached |
 | core.realtime.not_subscribed<br/><pre>0x00010008</pre>  | [PreconditionError](/core/2/api/errors/error-codes#preconditionerror) <pre>(412)</pre> | User "%s" has not subscribed to "%s". | Tried to manage a room while not having subscribed to it |
 

doc/2/api/errors/error-codes/plugin/index.md

@@ -47,6 +47,7 @@ description: Error codes definitions
 | plugin.runtime.unavailable_before_start<br/><pre>0x04020006</pre>  | [PluginImplementationError](/core/2/api/errors/error-codes#pluginimplementationerror) <pre>(500)</pre> | Cannot use property "%s" before application startup | The property is only accessible after application startup. |
 | plugin.runtime.unknown_pipe<br/><pre>0x04020007</pre>  | [PluginImplementationError](/core/2/api/errors/error-codes#pluginimplementationerror) <pre>(500)</pre> | Unknown pipe ID "%s" | The provided pipe identifier is unknown. |
 | plugin.runtime.unexpected_installation_error<br/><pre>0x04020008</pre>  | [PluginImplementationError](/core/2/api/errors/error-codes#pluginimplementationerror) <pre>(500)</pre> | Caught an unexpected error while executing installation "%s": %s | Embeds an unexpected installation error into a standardized KuzzleError object. |
+| plugin.runtime.incompatible<br/><pre>0x04020009</pre>  | [PluginImplementationError](/core/2/api/errors/error-codes#pluginimplementationerror) <pre>(500)</pre> | "%s" and "%s" are incompatible. Please use only one of these features at the same time. | Some features incompatible are being used at the same time |
 
 ---
 

doc/2/api/errors/error-codes/services/index.md

@@ -60,6 +60,7 @@ description: Error codes definitions
 | services.storage.unknown_query_keyword<br/><pre>0x0101002d</pre>  | [BadRequestError](/core/2/api/errors/error-codes#badrequesterror) <pre>(400)</pre> | The keyword "%s" is not part of Elasticsearch Query DSL. Are you trying to use a Koncorde query? | An unknown keyword has been provided in the search query |
 | services.storage.incomplete_update<br/><pre>0x0101002e</pre>  | [MultipleErrorsError](/core/2/api/errors/error-codes#multipleerrorserror) <pre>(400)</pre> | %s documents were successfully updated before an error occured | Couldn't update all the requested documents |
 | services.storage.invalid_query_keyword<br/><pre>0x0101002f</pre>  | [BadRequestError](/core/2/api/errors/error-codes#badrequesterror) <pre>(400)</pre> | The "%s" keyword is not allowed in this query. | A forbidden keyword has been provided in the query |
+| services.storage.multiple_indice_alias<br/><pre>0x01010030</pre>  | [PreconditionError](/core/2/api/errors/error-codes#preconditionerror) <pre>(412)</pre> | An "%s" is not allowed to be associated with multiple "%". This is probably not linked to this request but rather the consequence of previous actions on ElasticSearch. | The unique association between an indice and its alias has not been respected |
 
 ---
 

doc/2/framework/classes/backend-import/index.md

@@ -0,0 +1,6 @@
+---
+type: branch
+title: BackendImport
+description: BackendImport class definition
+code: true
+---

doc/2/framework/classes/backend-import/mappings/index.md

@@ -0,0 +1,80 @@
+---
+code: true
+type: page
+title: mappings
+description: BackendImport.mappings method
+---
+
+# `mappings()`
+
+<SinceBadge version="2.14.0" />
+<CustomBadge type="error" text="Experimental: non-backward compatible changes or removal may occur in any future release."/>
+
+Loads mappings into the app.
+
+This method is idempotent. If a collection mappings is defined multiple times, only the last definition will be retained.
+
+::: info
+This method can only be used before the application is started.
+:::
+
+```ts
+mappings(mappings: JSONObject): void
+```
+
+<br/>
+
+| Argument   | Type                  | Description                   |
+|------------|-----------------------|-------------------------------|
+| `mappings` | <pre>JSONObject</pre> | Object containing index and their collection [mappings](/core/2/guides/main-concepts/data-storage#mappings-properties). |
+
+## Usage
+
+```js
+app.import.mappings({
+  index1: {
+    collection1: {
+      mappings: {
+        dynamic: 'strict',
+        _meta: {
+          field: 'value',
+        },
+        properties: {
+          fieldA: { type: 'keyword'},
+          fieldB: { type: 'integer'}
+        },
+      },
+      settings: {
+        analysis : {
+          analyzer:{
+            content:{
+              type:'custom',
+              tokenizer:'whitespace'
+            }
+          }
+        }
+      }
+    },
+    collection2: {
+      mappings: {
+        properties: {
+          fieldC: {
+            type: 'keyword'
+          }
+        }
+      }
+    },
+  },
+  index2: {
+    collection1: {
+      mappings: {
+        properties: {
+          fieldD: {
+            type: 'integer'
+          }
+        }
+      }
+    },
+  },
+})
+```

doc/2/framework/classes/backend-import/profiles/index.md

@@ -0,0 +1,61 @@
+---
+code: true
+type: page
+title: profiles
+description: BackendImport.profiles method
+---
+
+# `profiles()`
+
+<SinceBadge version="2.14.0" />
+<CustomBadge type="error" text="Experimental: non-backward compatible changes or removal may occur in any future release."/>
+
+Loads profiles into the app.
+
+This method is idempotent. If a profile is defined multiple times, only the last definition will be retained.
+
+::: info
+This method can only be used before the application is started.
+:::
+
+```ts
+profiles(profiles: JSONObject): void
+```
+
+<br/>
+
+| Argument   | Type                  | Description                   |
+|------------|-----------------------|-------------------------------|
+| `profiles` | <pre>JSONObject</pre> | Object containing profiles and their [definitions](/core/2/guides/main-concepts/permissions#profiles). |
+
+## Usage
+
+```js
+app.import.profiles({
+  profileA: {
+    rateLimit: 50,
+    policies: [
+      {
+        roleId: 'roleA'
+      },
+      {
+        roleId: 'roleB',
+        restrictedTo: [
+          {
+            index: 'index1'
+          },
+          {
+            index: 'index2',
+            collections: [ 'collectionA', 'collectionB']
+          }
+        ]
+      }
+    ]
+  },
+  profileB: {
+    policies: [
+      { roleId: 'roleA' }
+    ]
+  },
+})
+```

doc/2/framework/classes/backend-import/properties/index.md

@@ -0,0 +1,16 @@
+---
+code: false
+type: page
+title: Properties
+description: BackendImport class properties
+---
+
+# BackendImport
+
+The `BackendImport` class handles mappings, permissions and users import.
+
+It is accessible from the [Backend.import](/core/2/framework/classes/backend/properties#import) property.
+
+::: info
+This class does not have any properties.
+:::