more input validation

Author: toptobes

src/client/data-api-client.ts

@@ -12,13 +12,20 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-import { Db, mkDb } from '@/src/data-api/db';
-import { AstraAdmin, mkAdmin } from '@/src/devops/astra-admin';
-import { AdminSpawnOptions, DbSpawnOptions, InternalRootClientOpts, RootClientOptions } from '@/src/client/types';
+import { Db, mkDb, validateDbOpts } from '@/src/data-api/db';
+import { AstraAdmin, mkAdmin, validateAdminOpts } from '@/src/devops/astra-admin';
+import {
+  AdminSpawnOptions,
+  Caller,
+  DbSpawnOptions,
+  InternalRootClientOpts,
+  RootClientOptions,
+} from '@/src/client/types';
 import TypedEmitter from 'typed-emitter';
 import EventEmitter from 'events';
 import { DataAPICommandEvents } from '@/src/data-api/events';
 import { AdminCommandEvents } from '@/src/devops';
+import { validateOption } from '@/src/data-api';
 
 export type DataAPIClientEvents =
   & DataAPICommandEvents
@@ -59,13 +66,15 @@ export class DataAPIClient extends (EventEmitter as new () => TypedEmitter<DataA
    * @param token - The default token to use when spawning new instances of {@link Db} or {@link AstraAdmin}.
    * @param options - The default options to use when spawning new instances of {@link Db} or {@link AstraAdmin}.
    */
-  constructor(token: string, options?: RootClientOptions) {
+  constructor(token: string, options?: RootClientOptions | null) {
     super();
 
     if (!token || typeof token as any !== 'string') {
       throw new Error('A valid token is required to use the DataAPIClient');
     }
 
+    validateRootOpts(options);
+
     this.#options = {
       ...options,
       dbOptions: {
@@ -180,3 +189,53 @@ export class DataAPIClient extends (EventEmitter as new () => TypedEmitter<DataA
     return mkAdmin(this.#options, options);
   }
 }
+
+function validateRootOpts(opts: RootClientOptions | undefined | null) {
+  validateOption('root client options', opts, 'object');
+
+  if (!opts) {
+    return;
+  }
+
+  validateOption('caller', opts.caller, 'object', validateCaller);
+
+  validateDbOpts(opts.dbOptions);
+
+  validateAdminOpts(opts.adminOptions);
+}
+
+function validateCaller(caller: Caller | Caller[]) {
+  if (!Array.isArray(caller)) {
+    throw new TypeError('Invalid caller; expected an array, or undefined/null');
+  }
+
+  const isCallerArr = Array.isArray(caller[0]);
+
+  const callers = (
+    (isCallerArr)
+      ?  caller
+      : [caller]
+  ) as Caller[];
+
+  callers.forEach((c, i) => {
+    const idxMessage = (isCallerArr)
+      ? ` at index ${i}`
+      : '';
+
+    if (!Array.isArray(c)) {
+      throw new TypeError(`Invalid caller; expected [name, version?], or an array of such${idxMessage}`);
+    }
+
+    if (c.length < 1 || 2 < c.length) {
+      throw new Error(`Invalid caller; expected [name, version?], or an array of such${idxMessage}`);
+    }
+
+    if (typeof c[0] !== 'string') {
+      throw new Error(`Invalid caller; expected a string name${idxMessage}`);
+    }
+
+    if (c.length === 2 && typeof c[1] !== 'string') {
+      throw new Error(`Invalid caller; expected a string version${idxMessage}`);
+    }
+  });
+}

src/data-api/db.ts

@@ -12,7 +12,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-import { Collection, CollectionAlreadyExistsError, extractDbIdFromUrl, SomeDoc } from '@/src/data-api';
+import { Collection, CollectionAlreadyExistsError, extractDbIdFromUrl, SomeDoc, validateOption } from '@/src/data-api';
 import { DataAPIHttpClient, DEFAULT_DATA_API_PATH, DEFAULT_NAMESPACE, RawDataAPIResponse } from '@/src/api';
 import {
   CreateCollectionCommand,
@@ -115,10 +115,6 @@ export class Db implements Disposable {
 
     this.#defaultOpts = options;
 
-    if (!this.namespace.match(/^[a-zA-Z0-9_]{1,222}$/)) {
-      throw new Error('Invalid namespace format; either pass a valid namespace name, or don\'t pass one at all to use the default namespace');
-    }
-
     Object.defineProperty(this, '_httpClient', {
       value: new DataAPIHttpClient({
         baseUrl: endpoint,
@@ -523,9 +519,11 @@ export class Db implements Disposable {
  */
 export function mkDb(rootOpts: InternalRootClientOpts, endpointOrId: string, regionOrOptions?: string | DbSpawnOptions, maybeOptions?: DbSpawnOptions) {
   const options = (typeof regionOrOptions === 'string')
-    ? maybeOptions!
+    ? maybeOptions
     : regionOrOptions;
 
+  validateDbOpts(options);
+
   const endpoint = (typeof regionOrOptions === 'string')
     ? 'https://' + endpointOrId + '-' + regionOrOptions + '.apps.astra.datastax.com'
     : endpointOrId;
@@ -538,3 +536,28 @@ export function mkDb(rootOpts: InternalRootClientOpts, endpointOrId: string, reg
     },
   });
 }
+
+/**
+ * @internal
+ */
+export function validateDbOpts(opts: DbSpawnOptions | undefined) {
+  validateOption('db options', opts, 'object');
+
+  if (!opts) {
+    return;
+  }
+
+  validateOption<string>('namespace option', opts.namespace, 'string', (namespace) => {
+    if (!namespace.match(/^\w{1,48}$/)) {
+      throw new Error('Invalid namespace option; expected a string of 1-48 alphanumeric characters');
+    }
+  });
+
+  validateOption('monitorCommands option', opts.monitorCommands, 'boolean');
+
+  validateOption('token option', opts.token, 'string');
+
+  validateOption('dataApiPath option', opts.dataApiPath, 'string');
+
+  validateOption('useHttp2 option', opts.useHttp2, 'boolean');
+}

src/data-api/utils.ts

@@ -62,3 +62,25 @@ export function replaceAstraUrlIdAndRegion(uri: string, id: string, region: stri
   url.hostname = parts.join('.');
   return url.toString().slice(0, -1);
 }
+
+/**
+ * @internal
+ */
+export function validateOption<T = unknown>(name: string, obj: unknown, type: string, test?: (obj: T) => void): void {
+  if (isUndefOrNull(obj)) {
+    return;
+  }
+
+  if (typeof obj !== type) {
+    throw new TypeError(`Invalid ${name}; expected a ${type} value, or undefined/null`);
+  }
+
+  test?.(obj as T);
+}
+
+/**
+ * @internal
+ */
+export function isUndefOrNull<T>(x: T | null | undefined): x is null | undefined {
+  return x === null || x === undefined;
+}

src/devops/astra-admin.ts

@@ -5,7 +5,7 @@ import {
   FullDatabaseInfo,
   ListDatabasesOptions,
 } from '@/src/devops/types';
-import { Db, mkDb } from '@/src/data-api';
+import { Db, mkDb, validateOption } from '@/src/data-api';
 import { DEFAULT_DEVOPS_API_ENDPOINT, DEFAULT_NAMESPACE, DevOpsAPIHttpClient, HttpMethods } from '@/src/api';
 import { AstraDbAdmin } from '@/src/devops/astra-db-admin';
 import { AdminSpawnOptions, DbSpawnOptions, InternalRootClientOpts } from '@/src/client/types';
@@ -376,6 +376,8 @@ export class AstraAdmin {
  * @internal
  */
 export function mkAdmin(rootOpts: InternalRootClientOpts, options?: AdminSpawnOptions): AstraAdmin {
+  validateAdminOpts(options);
+
   return new AstraAdmin({
     ...rootOpts,
     adminOptions: {
@@ -384,3 +386,20 @@ export function mkAdmin(rootOpts: InternalRootClientOpts, options?: AdminSpawnOp
     },
   });
 }
+
+/**
+ * @internal
+ */
+export function validateAdminOpts(opts: AdminSpawnOptions | undefined) {
+  validateOption('admin options', opts, 'object');
+
+  if (!opts) {
+    return;
+  }
+
+  validateOption('monitorCommands option', opts.monitorCommands, 'boolean');
+
+  validateOption('adminToken option', opts.adminToken, 'string');
+
+  validateOption('endpointUrl option', opts.endpointUrl, 'string');
+}

src/devops/astra-db-admin.ts

@@ -4,6 +4,7 @@ import { Db } from '@/src/data-api';
 import { AdminSpawnOptions, InternalRootClientOpts } from '@/src/client';
 import { DbAdmin } from '@/src/devops/db-admin';
 import { WithTimeout } from '@/src/common/types';
+import { validateAdminOpts } from '@/src/devops/astra-admin';
 
 /**
  * An administrative class for managing Astra databases, including creating, listing, and deleting databases.
@@ -259,6 +260,8 @@ export class AstraDbAdmin extends DbAdmin {
  * @internal
  */
 export function mkDbAdmin(db: Db, httpClient: HttpClient, rootOpts: InternalRootClientOpts, options?: AdminSpawnOptions): AstraDbAdmin {
+  validateAdminOpts(options);
+
   return new AstraDbAdmin(db, httpClient, {
     ...rootOpts.adminOptions,
     ...options,

tests/unit/client/data-api-client.test.ts

@@ -16,7 +16,7 @@
 import { DataAPIClient } from '@/src/client';
 import * as process from 'process';
 import assert from 'assert';
-import { DEFAULT_DATA_API_PATH } from '@/src/api';
+import { DEFAULT_DATA_API_PATH, HTTP1Strategy } from '@/src/api';
 
 describe('unit.client.data-api-client', () => {
   const endpoint = process.env.ASTRA_URI!;
@@ -42,6 +42,40 @@ describe('unit.client.data-api-client', () => {
       // @ts-expect-error - testing invalid input
       assert.throws(() => new DataAPIClient({ logLevel: 'warn' }));
     });
+
+    it('should accept null/undefined/{} for options', () => {
+      assert.doesNotThrow(() => new DataAPIClient('dummy-token', null));
+      assert.doesNotThrow(() => new DataAPIClient('dummy-token', undefined));
+      assert.doesNotThrow(() => new DataAPIClient('dummy-token', {}));
+    });
+
+    it('should accept valid callers', () => {
+      // @ts-expect-error - null technically allowed
+      assert.doesNotThrow(() => new DataAPIClient('dummy-token', { caller: null }));
+      assert.doesNotThrow(() => new DataAPIClient('dummy-token', { caller: undefined }));
+      assert.doesNotThrow(() => new DataAPIClient('dummy-token', { caller: ['a', 'b'] }));
+      assert.doesNotThrow(() => new DataAPIClient('dummy-token', { caller: [['a', 'b'], ['c', 'd']] }));
+    });
+
+    it('should throw on invalid caller', () => {
+      assert.throws(() => new DataAPIClient('dummy-token', { caller: [] }));
+      // @ts-expect-error - testing invalid input
+      assert.throws(() => new DataAPIClient('dummy-token', { caller: 'invalid-type' }));
+      // @ts-expect-error - testing invalid input
+      assert.throws(() => new DataAPIClient('dummy-token', { caller: [1, 'b'] }));
+      // @ts-expect-error - testing invalid input
+      assert.throws(() => new DataAPIClient('dummy-token', { caller: ['a', 2] }));
+      // @ts-expect-error - testing invalid input
+      assert.throws(() => new DataAPIClient('dummy-token', { caller: [[1]] }));
+      // @ts-expect-error - testing invalid input
+      assert.throws(() => new DataAPIClient('dummy-token', { caller: [['a', 'b', 'c']] }));
+      // @ts-expect-error - testing invalid input
+      assert.throws(() => new DataAPIClient('dummy-token', { caller: [[]] }));
+      // @ts-expect-error - testing invalid input
+      assert.throws(() => new DataAPIClient('dummy-token', { caller: [{}] }));
+      // @ts-expect-error - testing invalid input
+      assert.throws(() => new DataAPIClient('dummy-token', { caller: { 0: ['name', 'version'] } }));
+    });
   });
 
   describe('db tests', () => {
@@ -66,4 +100,13 @@ describe('unit.client.data-api-client', () => {
       assert.notStrictEqual(db1['_httpClient'], db2['_httpClient']);
     });
   });
+
+  describe('admin tests', () => {
+    it('should spawn an AstraAdmin instance', () => {
+      const admin = new DataAPIClient('dummy-token').admin();
+      assert.ok(admin);
+      assert.strictEqual(admin['_httpClient'].unsafeGetToken(), 'dummy-token');
+      assert.ok(admin['_httpClient'].requestStrategy instanceof HTTP1Strategy);
+    });
+  });
 });

tests/unit/data-api/db.test.ts

@@ -11,6 +11,7 @@
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
+// noinspection DuplicatedCode
 
 import assert from 'assert';
 import { Db, mkDb } from '@/src/data-api';
@@ -127,6 +128,60 @@ describe('unit.data-api.db', () => {
       const db = mkDb(mkOptions(), process.env.ASTRA_URI!, { token: 'new' });
       assert.strictEqual(db['_httpClient'].unsafeGetToken(), 'new');
     });
+
+    it('should accept valid monitorCommands', () => {
+      assert.doesNotThrow(() => mkDb(mkOptions(), process.env.ASTRA_URI!, {}));
+      assert.doesNotThrow(() => mkDb(mkOptions(), process.env.ASTRA_URI!, { monitorCommands: true }));
+      assert.doesNotThrow(() => mkDb(mkOptions(), process.env.ASTRA_URI!, { monitorCommands: false }));
+      assert.doesNotThrow(() => mkDb(mkOptions(), process.env.ASTRA_URI!, { monitorCommands: null! }));
+      assert.doesNotThrow(() => mkDb(mkOptions(), process.env.ASTRA_URI!, { monitorCommands: undefined }));
+    });
+
+    it('should throw on invalid monitorCommands', () => {
+      // @ts-expect-error - testing invalid input
+      assert.throws(() => mkDb(mkOptions(), process.env.ASTRA_URI!, { monitorCommands: 'invalid' }));
+      // @ts-expect-error - testing invalid input
+      assert.throws(() => mkDb(mkOptions(), process.env.ASTRA_URI!, { monitorCommands: 1 }));
+      // @ts-expect-error - testing invalid input
+      assert.throws(() => mkDb(mkOptions(), process.env.ASTRA_URI!, { monitorCommands: [] }));
+      // @ts-expect-error - testing invalid input
+      assert.throws(() => mkDb(mkOptions(), process.env.ASTRA_URI!, { monitorCommands: {} }));
+    });
+
+    it('should accept valid useHttp2', () => {
+      assert.doesNotThrow(() => mkDb(mkOptions(), process.env.ASTRA_URI!, {}));
+      assert.doesNotThrow(() => mkDb(mkOptions(), process.env.ASTRA_URI!, { useHttp2: true }));
+      assert.doesNotThrow(() => mkDb(mkOptions(), process.env.ASTRA_URI!, { useHttp2: false }));
+      assert.doesNotThrow(() => mkDb(mkOptions(), process.env.ASTRA_URI!, { useHttp2: null! }));
+      assert.doesNotThrow(() => mkDb(mkOptions(), process.env.ASTRA_URI!, { useHttp2: undefined }));
+    });
+
+    it('should throw on invalid useHttp2', () => {
+      // @ts-expect-error - testing invalid input
+      assert.throws(() => mkDb(mkOptions(), process.env.ASTRA_URI!, { useHttp2: 'invalid' }));
+      // @ts-expect-error - testing invalid input
+      assert.throws(() => mkDb(mkOptions(), process.env.ASTRA_URI!, { useHttp2: 1 }));
+      // @ts-expect-error - testing invalid input
+      assert.throws(() => mkDb(mkOptions(), process.env.ASTRA_URI!, { useHttp2: [] }));
+      // @ts-expect-error - testing invalid input
+      assert.throws(() => mkDb(mkOptions(), process.env.ASTRA_URI!, { useHttp2: {} }));
+    });
+
+    it('should accept valid dataApiPath', () => {
+      assert.doesNotThrow(() => mkDb(mkOptions(), process.env.ASTRA_URI!, {}));
+      assert.doesNotThrow(() => mkDb(mkOptions(), process.env.ASTRA_URI!, { dataApiPath: 'api/json/v2' }));
+      assert.doesNotThrow(() => mkDb(mkOptions(), process.env.ASTRA_URI!, { dataApiPath: null! }));
+      assert.doesNotThrow(() => mkDb(mkOptions(), process.env.ASTRA_URI!, { dataApiPath: undefined }));
+    });
+
+    it('should throw on invalid dataApiPath', () => {
+      // @ts-expect-error - testing invalid input
+      assert.throws(() => mkDb(mkOptions(), process.env.ASTRA_URI!, { dataApiPath: 1 }));
+      // @ts-expect-error - testing invalid input
+      assert.throws(() => mkDb(mkOptions(), process.env.ASTRA_URI!, { dataApiPath: [] }));
+      // @ts-expect-error - testing invalid input
+      assert.throws(() => mkDb(mkOptions(), process.env.ASTRA_URI!, { dataApiPath: {} }));
+    });
   });
 
   describe('http-related tests', () => {