JS driver v1.0.5: Checking in transpiled files for bower

Author: lutovich

lib/browser/neo4j-web.js

@@ -254,15 +254,18 @@ var USER_AGENT = "neo4j-javascript/" + _version.VERSION;
  *       // This means that by default, connections "just work" while still giving you
  *       // good encrypted protection.
  *       //
- *       // TRUST_SIGNED_CERTIFICATES is the classic approach to trust verification -
+ *       // TRUST_CUSTOM_CA_SIGNED_CERTIFICATES is the classic approach to trust verification -
  *       // whenever we establish an encrypted connection, we ensure the host is using
  *       // an encryption certificate that is in, or is signed by, a certificate listed
  *       // as trusted. In the web bundle, this list of trusted certificates is maintained
  *       // by the web browser. In NodeJS, you configure the list with the next config option.
- *       trust: "TRUST_ON_FIRST_USE" | "TRUST_SIGNED_CERTIFICATES",
+ *       //
+ *       // TRUST_SYSTEM_CA_SIGNED_CERTIFICATES meand that you trust whatever certificates
+ *       // are in the default certificate chain of th
+ *       trust: "TRUST_ON_FIRST_USE" | "TRUST_SIGNED_CERTIFICATES" | TRUST_CUSTOM_CA_SIGNED_CERTIFICATES | TRUST_SYSTEM_CA_SIGNED_CERTIFICATES,
  *
  *       // List of one or more paths to trusted encryption certificates. This only
- *       // works in the NodeJS bundle, and only matters if you use "TRUST_SIGNED_CERTIFICATES".
+ *       // works in the NodeJS bundle, and only matters if you use "TRUST_CUSTOM_CA_SIGNED_CERTIFICATES".
  *       // The certificate files should be in regular X.509 PEM format.
  *       // For instance, ['./trusted.pem']
  *       trustedCertificates: [],

lib/browser/neo4j-web.min.js

@@ -130,22 +130,48 @@ function storeFingerprint(serverId, knownHostsPath, fingerprint, cb) {
 }
 
 var TrustStrategy = {
+  /**
+   * @deprecated Since version 1.0. Will be deleted in a future version. TRUST_CUSTOM_CA_SIGNED_CERTIFICATES.
+   */
   TRUST_SIGNED_CERTIFICATES: function TRUST_SIGNED_CERTIFICATES(opts, onSuccess, onFailure) {
+    console.log("`TRUST_SIGNED_CERTIFICATES` has been deprecated as option and will be removed in a future version of " + "the driver. Please use `TRUST_CUSTOM_CA_SIGNED_CERTIFICATES` instead.");
+    return TrustStrategy.TRUST_CUSTOM_CA_SIGNED_CERTIFICATES(opts, onSuccess, onFailure);
+  },
+  TRUST_CUSTOM_CA_SIGNED_CERTIFICATES: function TRUST_CUSTOM_CA_SIGNED_CERTIFICATES(opts, onSuccess, onFailure) {
     if (!opts.trustedCertificates || opts.trustedCertificates.length == 0) {
-      onFailure((0, _error.newError)("You are using TRUST_SIGNED_CERTIFICATES as the method " + "to verify trust for encrypted  connections, but have not configured any " + "trustedCertificates. You  must specify the path to at least one trusted " + "X.509 certificate for this to work. Two other alternatives is to use " + "TRUST_ON_FIRST_USE or to disable encryption by setting encrypted=false " + "in your driver configuration."));
+      onFailure((0, _error.newError)("You are using TRUST_CUSTOM_CA_SIGNED_CERTIFICATES as the method " + "to verify trust for encrypted  connections, but have not configured any " + "trustedCertificates. You  must specify the path to at least one trusted " + "X.509 certificate for this to work. Two other alternatives is to use " + "TRUST_ON_FIRST_USE or to disable encryption by setting encrypted=false " + "in your driver configuration."));
       return;
     }
 
     var tlsOpts = {
-      ca: opts.trustedCertificates.map(_fs2['default'].readFileSync),
+      ca: opts.trustedCertificates.map(function (f) {
+        return _fs2['default'].readFileSync(f);
+      }),
       // Because we manually check for this in the connect callback, to give
       // a more helpful error to the user
       rejectUnauthorized: false
     };
 
     var socket = _tls2['default'].connect(opts.port, opts.host, tlsOpts, function () {
       if (!socket.authorized) {
-        onFailure((0, _error.newError)("Server certificate is not trusted. If you trust the database you are connecting to, add" + " the signing certificate, or the server certificate, to the list of certificates trusted by this driver" + " using `neo4j.v1.driver(.., { trustedCertificates:['path/to/certificate.crt']}). This " + " is a security measure to protect against man-in-the-middle attacks. If you are just trying " + " Neo4j out and are not concerned about encryption, simply disable it using `encrypted=false` in the driver" + " options."));
+        onFailure((0, _error.newError)("Server certificate is not trusted. If you trust the database you are connecting to, add" + " the signing certificate, or the server certificate, to the list of certificates trusted by this driver" + " using `neo4j.v1.driver(.., { trustedCertificates:['path/to/certificate.crt']}). This " + " is a security measure to protect against man-in-the-middle attacks. If you are just trying " + " Neo4j out and are not concerned about encryption, simply disable it using `encrypted=false` in the driver" + " options. Socket responded with: " + socket.authorizationError));
+      } else {
+        onSuccess();
+      }
+    });
+    socket.on('error', onFailure);
+    return socket;
+  },
+  TRUST_SYSTEM_CA_SIGNED_CERTIFICATES: function TRUST_SYSTEM_CA_SIGNED_CERTIFICATES(opts, onSuccess, onFailure) {
+
+    var tlsOpts = {
+      // Because we manually check for this in the connect callback, to give
+      // a more helpful error to the user
+      rejectUnauthorized: false
+    };
+    var socket = _tls2['default'].connect(opts.port, opts.host, tlsOpts, function () {
+      if (!socket.authorized) {
+        onFailure((0, _error.newError)("Server certificate is not trusted. If you trust the database you are connecting to, use " + "TRUST_CUSTOM_CA_SIGNED_CERTIFICATES and add" + " the signing certificate, or the server certificate, to the list of certificates trusted by this driver" + " using `neo4j.v1.driver(.., { trustedCertificates:['path/to/certificate.crt']}). This " + " is a security measure to protect against man-in-the-middle attacks. If you are just trying " + " Neo4j out and are not concerned about encryption, simply disable it using `encrypted=false` in the driver" + " options."));
       } else {
         onSuccess();
       }
@@ -167,7 +193,7 @@ var TrustStrategy = {
         // the raw cert cannot be accessed (or, at least I couldn't find a way to)
         // therefore, we can't generate a SHA512 fingerprint, meaning we can't
         // do TOFU, and the safe approach is to fail.
-        onFailure((0, _error.newError)("You are using a version of NodeJS that does not " + "support trust-on-first use encryption. You can either upgrade NodeJS to " + "a newer version, use `trust:TRUST_SIGNED_CERTIFICATES` in your driver " + "config instead, or disable encryption using `encrypted:false`."));
+        onFailure((0, _error.newError)("You are using a version of NodeJS that does not " + "support trust-on-first use encryption. You can either upgrade NodeJS to " + "a newer version, use `trust:TRUST_CUSTOM_CA_SIGNED_CERTIFICATES` in your driver " + "config instead, or disable encryption using `encrypted:false`."));
         return;
       }
 
@@ -207,7 +233,7 @@ function connect(opts, onSuccess) {
   } else if (TrustStrategy[opts.trust]) {
     return TrustStrategy[opts.trust](opts, onSuccess, onFailure);
   } else {
-    onFailure((0, _error.newError)("Unknown trust strategy: " + opts.trust + ". Please use either " + "trust:'TRUST_SIGNED_CERTIFICATES' or trust:'TRUST_ON_FIRST_USE' in your driver " + "configuration. Alternatively, you can disable encryption by setting " + "`encrypted:false`. There is no mechanism to use encryption without trust verification, " + "because this incurs the overhead of encryption without improving security. If " + "the driver does not verify that the peer it is connected to is really Neo4j, it " + "is very easy for an attacker to bypass the encryption by pretending to be Neo4j."));
+    onFailure((0, _error.newError)("Unknown trust strategy: " + opts.trust + ". Please use either " + "trust:'TRUST_CUSTOM_CA_SIGNED_CERTIFICATES' or trust:'TRUST_ON_FIRST_USE' in your driver " + "configuration. Alternatively, you can disable encryption by setting " + "`encrypted:false`. There is no mechanism to use encryption without trust verification, " + "because this incurs the overhead of encryption without improving security. If " + "the driver does not verify that the peer it is connected to is really Neo4j, it " + "is very easy for an attacker to bypass the encryption by pretending to be Neo4j."));
   }
 }
 
@@ -250,6 +276,7 @@ var NodeChannel = (function () {
       });
 
       self._conn.on('error', self._handleConnectionError);
+      self._conn.on('end', self._handleConnectionTerminated);
 
       // Drain all pending messages
       var pending = self._pending;
@@ -268,6 +295,14 @@ var NodeChannel = (function () {
         this.onerror(err);
       }
     }
+  }, {
+    key: '_handleConnectionTerminated',
+    value: function _handleConnectionTerminated() {
+      this._error = new Error('Connection was closed by server');
+      if (this.onerror) {
+        this.onerror(this._error);
+      }
+    }
 
     /**
      * Write the passed in buffer to connection
@@ -302,6 +337,7 @@ var NodeChannel = (function () {
       this._open = false;
       if (this._conn) {
         this._conn.end();
+        this._conn.removeListener('end', this._handleConnectionTerminated);
         this._conn.on('end', cb);
       } else {
         cb();

lib/browser/neo4j-web.test.js

@@ -57,10 +57,10 @@ var WebSocketChannel = (function () {
 
     var scheme = "ws";
     if (opts.encrypted) {
-      if (!opts.trust || opts.trust === "TRUST_SIGNED_CERTIFICATES") {
+      if (!opts.trust || opts.trust === "TRUST_SIGNED_CERTIFICATES" || opts.trust === "TRUST_CUSTOM_CA_SIGNED_CERTIFICATES") {
         scheme = "wss";
       } else {
-        this._error = (0, _error.newError)("The browser version of this driver only supports one trust " + "strategy, 'TRUST_SIGNED_CERTIFICATES'. " + opts.trust + " is not supported. Please " + "either use TRUST_SIGNED_CERTIFICATES or disable encryption by setting " + "`encrypted:false` in the driver configuration.");
+        this._error = (0, _error.newError)("The browser version of this driver only supports one trust " + "strategy, 'TRUST_CUSTOM_CA_SIGNED_CERTIFICATES'. " + opts.trust + " is not supported. Please " + "either use TRUST_CUSTOM_CA_SIGNED_CERTIFICATES or disable encryption by setting " + "`encrypted:false` in the driver configuration.");
         return;
       }
     }

lib/v1/driver.js

@@ -98,7 +98,8 @@ NODE = 0x4E,
     PATH = 0x50,
 
 //sent before version negotiation
-MAGIC_PREAMBLE = 0x6060B017;
+MAGIC_PREAMBLE = 0x6060B017,
+    DEBUG = false;
 
 var URLREGEX = new RegExp(["[^/]+//", // scheme
 "(([^:/?#]*)", // hostname
@@ -109,6 +110,20 @@ function host(url) {
   return url.match(URLREGEX)[2];
 }
 
+/**
+ * Very rudimentary log handling, should probably be replaced by something proper at some point.
+ * @param actor the part that sent the message, 'S' for server and 'C' for client
+ * @param msg the bolt message
+ */
+function log(actor, msg) {
+  if (DEBUG) {
+    for (var i = 2; i < arguments.length; i++) {
+      msg += " " + JSON.stringify(arguments[i]);
+    }
+    console.log(actor + ":" + msg);
+  }
+}
+
 function port(url) {
   return url.match(URLREGEX)[3];
 }
@@ -317,16 +332,19 @@ var Connection = (function () {
 
       switch (msg.signature) {
         case RECORD:
+          log("S", "RECORD", msg.fields[0]);
           this._currentObserver.onNext(msg.fields[0]);
           break;
         case SUCCESS:
+          log("S", "SUCCESS", msg.fields[0]);
           try {
             this._currentObserver.onCompleted(msg.fields[0]);
           } finally {
             this._currentObserver = this._pendingObservers.shift();
           }
           break;
         case FAILURE:
+          log("S", "FAILURE", msg);
           try {
             this._currentObserver.onError(msg);
             this._errorMsg = msg;
@@ -356,6 +374,7 @@ var Connection = (function () {
           }
           break;
         case IGNORED:
+          log("S", "IGNORED");
           try {
             if (this._errorMsg && this._currentObserver.onError) this._currentObserver.onError(this._errorMsg);else if (this._currentObserver.onError) this._currentObserver.onError(msg);
           } finally {
@@ -373,6 +392,7 @@ var Connection = (function () {
     value: function initialize(clientName, token, observer) {
       var _this2 = this;
 
+      log("C", "INIT", clientName, token);
       this._queueObserver(observer);
       this._packer.packStruct(INIT, [this._packable(clientName), this._packable(token)], function (err) {
         return _this2._handleFatalError(err);
@@ -387,6 +407,7 @@ var Connection = (function () {
     value: function run(statement, params, observer) {
       var _this3 = this;
 
+      log("C", "RUN", statement, params);
       this._queueObserver(observer);
       this._packer.packStruct(RUN, [this._packable(statement), this._packable(params)], function (err) {
         return _this3._handleFatalError(err);
@@ -400,6 +421,7 @@ var Connection = (function () {
     value: function pullAll(observer) {
       var _this4 = this;
 
+      log("C", "PULL_ALL");
       this._queueObserver(observer);
       this._packer.packStruct(PULL_ALL, [], function (err) {
         return _this4._handleFatalError(err);
@@ -413,6 +435,7 @@ var Connection = (function () {
     value: function discardAll(observer) {
       var _this5 = this;
 
+      log("C", "DISCARD_ALL");
       this._queueObserver(observer);
       this._packer.packStruct(DISCARD_ALL, [], function (err) {
         return _this5._handleFatalError(err);
@@ -426,6 +449,7 @@ var Connection = (function () {
     value: function reset(observer) {
       var _this6 = this;
 
+      log("C", "RESET");
       this._isHandlingFailure = true;
       var self = this;
       var wrappedObs = {
@@ -451,6 +475,7 @@ var Connection = (function () {
     value: function _ackFailure(observer) {
       var _this7 = this;
 
+      log("C", "ACK_FAILURE");
       this._queueObserver(observer);
       this._packer.packStruct(ACK_FAILURE, [], function (err) {
         return _this7._handleFatalError(err);
@@ -527,7 +552,7 @@ function connect(url) {
     // Default to using encryption if trust-on-first-use is available
     encrypted: config.encrypted == null ? (0, _features2["default"])("trust_on_first_use") : config.encrypted,
     // Default to using trust-on-first-use if it is available
-    trust: config.trust || ((0, _features2["default"])("trust_on_first_use") ? "TRUST_ON_FIRST_USE" : "TRUST_SIGNED_CERTIFICATES"),
+    trust: config.trust || ((0, _features2["default"])("trust_on_first_use") ? "TRUST_ON_FIRST_USE" : "TRUST_CUSTOM_CA_SIGNED_CERTIFICATES"),
     trustedCertificates: config.trustedCertificates || [],
     knownHosts: config.knownHosts
   }));

lib/v1/internal/ch-node.js

@@ -63,11 +63,16 @@ var Pool = (function () {
   _createClass(Pool, [{
     key: "acquire",
     value: function acquire() {
-      if (this._pool.length > 0) {
-        return this._pool.pop();
-      } else {
-        return this._create(this._release);
+      var resource = undefined;
+      while (this._pool.length) {
+        resource = this._pool.pop();
+
+        if (this._validate(resource)) {
+          return resource;
+        }
       }
+
+      return this._create(this._release);
     }
   }, {
     key: "_release",

lib/v1/internal/ch-websocket.js

@@ -47,10 +47,15 @@ var ResultSummary = (function () {
 
     this.statement = { text: statement, parameters: parameters };
     this.statementType = metadata.type;
-    this.updateStatistics = new StatementStatistics(metadata.stats || {});
+    var counters = new StatementStatistics(metadata.stats || {});
+    this.counters = counters;
+    //for backwards compatibility, remove in future version
+    this.updateStatistics = counters;
     this.plan = metadata.plan || metadata.profile ? new Plan(metadata.plan || metadata.profile) : false;
     this.profile = metadata.profile ? new ProfiledPlan(metadata.profile) : false;
     this.notifications = this._buildNotifications(metadata.notifications);
+    this.resultConsumedAfter = metadata.result_consumed_after;
+    this.resultAvailableAfter = metadata.result_available_after;
   }
 
   /**

lib/v1/internal/connector.js

@@ -48,15 +48,19 @@ var Result = (function () {
    * @param {StreamObserver} streamObserver
    * @param {mixed} statement - Cypher statement to execute
    * @param {Object} parameters - Map with parameters to use in statement
+   * @param metaSupplier function, when called provides metadata
    */
 
-  function Result(streamObserver, statement, parameters) {
+  function Result(streamObserver, statement, parameters, metaSupplier) {
     _classCallCheck(this, Result);
 
     this._streamObserver = streamObserver;
     this._p = null;
     this._statement = statement;
     this._parameters = parameters || {};
+    this._metaSupplier = metaSupplier || function () {
+      return {};
+    };
   }
 
   /**
@@ -133,7 +137,15 @@ var Result = (function () {
       var _this = this;
 
       var onCompletedOriginal = observer.onCompleted;
+      var self = this;
       var onCompletedWrapper = function onCompletedWrapper(metadata) {
+
+        var additionalMeta = self._metaSupplier();
+        for (var key in additionalMeta) {
+          if (additionalMeta.hasOwnProperty(key)) {
+            metadata[key] = additionalMeta[key];
+          }
+        }
         var sum = new _resultSummary.ResultSummary(_this._statement, _this._parameters, metadata);
         onCompletedOriginal.call(observer, sum);
       };