wip

Author: baileympearson

.eslintrc.js

@@ -14,7 +14,8 @@ module.exports = {
     '**/docs/js/native.js',
     '!.*',
     'node_modules',
-    '.git'
+    '.git',
+    'data'
   ],
   overrides: [
     {

lib/encryption_utils.js

@@ -0,0 +1,72 @@
+'use strict';
+
+const { Array } = require('./schema/index.js');
+const SchemaBigInt = require('./schema/bigint');
+const SchemaBoolean = require('./schema/boolean');
+const SchemaBuffer = require('./schema/buffer');
+const SchemaDate = require('./schema/date');
+const SchemaDecimal128 = require('./schema/decimal128');
+const SchemaDouble = require('./schema/double');
+const SchemaInt32 = require('./schema/int32');
+const SchemaObjectId = require('./schema/objectId');
+const SchemaString = require('./schema/string');
+
+/**
+ * Given a schema and a path to a field in the schema, this returns the
+ * BSON type of the field, if it can be determined.  This method specifically
+ * **only** handles BSON types that are used for CSFLE and QE - any other
+ * BSON types will return `null`. (example: MinKey and MaxKey).
+ *
+ * @param {import('.').Schema} schema
+ * @param {string} path
+ * @returns
+ */
+function inferBSONType(schema, path) {
+  const type = schema.path(path);
+
+  if (type instanceof SchemaString) {
+    return 'string';
+  }
+
+  if (type instanceof SchemaInt32) {
+    return 'int';
+  }
+
+  if (type instanceof SchemaBigInt) {
+    return 'long';
+  }
+
+  if (type instanceof SchemaBoolean) {
+    return 'bool';
+  }
+
+  if (type instanceof SchemaDate) {
+    return 'date';
+  }
+
+  if (type instanceof SchemaBuffer) {
+    return 'binData';
+  }
+
+  if (type instanceof SchemaObjectId) {
+    return 'objectId';
+  }
+
+  if (type instanceof SchemaDecimal128) {
+    return 'decimal';
+  }
+
+  if (type instanceof SchemaDouble) {
+    return 'double';
+  }
+
+  if (type instanceof Array) {
+    return 'array';
+  }
+
+  return null;
+}
+
+module.exports = {
+  inferBSONType
+};

lib/schema.js

@@ -25,6 +25,7 @@ const setPopulatedVirtualValue = require('./helpers/populate/setPopulatedVirtual
 const setupTimestamps = require('./helpers/timestamps/setupTimestamps');
 const utils = require('./utils');
 const validateRef = require('./helpers/populate/validateRef');
+const { inferBSONType } = require('./encryption_utils');
 
 const hasNumericSubpathRegex = /\.\d+(\.|$)/;
 
@@ -128,6 +129,8 @@ function Schema(obj, options) {
   // For internal debugging. Do not use this to try to save a schema in MDB.
   this.$id = ++id;
   this.mapPaths = [];
+  this.encryptedFields = {};
+  this._encryptionType = options?.encryptionType;
 
   this.s = {
     hooks: new Kareem()
@@ -166,7 +169,7 @@ function Schema(obj, options) {
 
   // ensure the documents get an auto _id unless disabled
   const auto_id = !this.paths['_id'] &&
-      (this.options._id) && !_idSubDoc;
+    (this.options._id) && !_idSubDoc;
 
   if (auto_id) {
     addAutoId(this);
@@ -463,6 +466,8 @@ Schema.prototype._clone = function _clone(Constructor) {
 
   s.aliases = Object.assign({}, this.aliases);
 
+  s.encryptedFields = clone(this.encryptedFields);
+
   return s;
 };
 
@@ -495,7 +500,17 @@ Schema.prototype.pick = function(paths, options) {
   }
 
   for (const path of paths) {
-    if (this.nested[path]) {
+    if (path in this.encryptedFields) {
+      const encrypt = this.encryptedFields[path];
+      const schemaType = this.path(path);
+      newSchema.add({
+        [path]: {
+          encrypt,
+          [this.options.typeKey]: schemaType
+        }
+      });
+    }
+    else if (this.nested[path]) {
       newSchema.add({ [path]: get(this.tree, path) });
     } else {
       const schematype = this.path(path);
@@ -506,6 +521,10 @@ Schema.prototype.pick = function(paths, options) {
     }
   }
 
+  if (!this._hasEncryptedFields()) {
+    newSchema._encryptionType = null;
+  }
+
   return newSchema;
 };
 
@@ -534,9 +553,9 @@ Schema.prototype.omit = function(paths, options) {
   if (!Array.isArray(paths)) {
     throw new MongooseError(
       'Schema#omit() only accepts an array argument, ' +
-        'got "' +
-        typeof paths +
-        '"'
+      'got "' +
+      typeof paths +
+      '"'
     );
   }
 
@@ -667,6 +686,20 @@ Schema.prototype._defaultToObjectOptions = function(json) {
   return defaultOptions;
 };
 
+/**
+ * Sets the encryption type of the schema, if a value is provided, otherwise
+ * returns the encryption type.
+ *
+ * @param {'csfle' | 'queryable encryption' | undefined} encryptionType plain object with paths to add, or another schema
+ */
+Schema.prototype.encryptionType = function encryptionType(encryptionType) {
+  if (typeof encryptionType === 'string' || encryptionType === null) {
+    this._encryptionType = encryptionType;
+  } else {
+    return this._encryptionType;
+  }
+};
+
 /**
  * Adds key path / schema type pairs to this schema.
  *
@@ -735,7 +768,7 @@ Schema.prototype.add = function add(obj, prefix) {
     if (
       key !== '_id' &&
       ((typeof val !== 'object' && typeof val !== 'function' && !isMongooseTypeString) ||
-      val == null)
+        val == null)
     ) {
       throw new TypeError(`Invalid schema configuration: \`${val}\` is not ` +
         `a valid type at path \`${key}\`. See ` +
@@ -818,15 +851,64 @@ Schema.prototype.add = function add(obj, prefix) {
         }
       }
     }
+
+    if (val.instanceOfSchema && val.encryptionType() != null) {
+      // schema.add({ field: <instance of encrypted schema> })
+      if (this.encryptionType() != val.encryptionType()) {
+        throw new Error('encryptionType of a nested schema must match the encryption type of the parent schema.');
+      }
+
+      for (const [encryptedField, encryptedFieldConfig] of Object.entries(val.encryptedFields)) {
+        const path = fullPath + '.' + encryptedField;
+        this._addEncryptedField(path, encryptedFieldConfig);
+      }
+    }
+    else if (typeof val === 'object' && 'encrypt' in val) {
+      // schema.add({ field: { type: <schema type>, encrypt: { ... }}})
+      const { encrypt } = val;
+
+      if (this.encryptionType() == null) {
+        throw new Error('encryptionType must be provided');
+      }
+
+      this._addEncryptedField(fullPath, encrypt);
+    } else {
+      // if the field was already encrypted and we re-configure it to be unencrypted, remove
+      // the encrypted field configuration
+      this._removeEncryptedField(fullPath);
+    }
   }
 
   const aliasObj = Object.fromEntries(
     Object.entries(obj).map(([key]) => ([prefix + key, null]))
   );
   aliasFields(this, aliasObj);
+
   return this;
 };
 
+/**
+ * @param {string} path
+ * @param {object} fieldConfig
+ * @returns
+ */
+Schema.prototype._addEncryptedField = function _addEncryptedField(path, fieldConfig) {
+  const type = inferBSONType(this, path);
+  if (type == null) {
+    throw new Error('unable to determine bson type for field `' + path + '`');
+  }
+
+  this.encryptedFields[path] = clone(fieldConfig);
+};
+
+Schema.prototype._removeEncryptedField = function _removeEncryptedField(path) {
+  delete this.encryptedFields[path];
+};
+
+Schema.prototype._hasEncryptedFields = function _hasEncryptedFields() {
+  return Object.keys(this.encryptedFields).length > 0;
+};
+
 /**
  * Add an alias for `path`. This means getting or setting the `alias`
  * is equivalent to getting or setting the `path`.
@@ -1008,23 +1090,23 @@ Schema.prototype.reserved = Schema.reserved;
 const reserved = Schema.reserved;
 // Core object
 reserved['prototype'] =
-// EventEmitter
-reserved.emit =
-reserved.listeners =
-reserved.removeListener =
-
-// document properties and functions
-reserved.collection =
-reserved.errors =
-reserved.get =
-reserved.init =
-reserved.isModified =
-reserved.isNew =
-reserved.populated =
-reserved.remove =
-reserved.save =
-reserved.toObject =
-reserved.validate = 1;
+  // EventEmitter
+  reserved.emit =
+  reserved.listeners =
+  reserved.removeListener =
+
+  // document properties and functions
+  reserved.collection =
+  reserved.errors =
+  reserved.get =
+  reserved.init =
+  reserved.isModified =
+  reserved.isNew =
+  reserved.populated =
+  reserved.remove =
+  reserved.save =
+  reserved.toObject =
+  reserved.validate = 1;
 reserved.collection = 1;
 
 /**
@@ -1104,10 +1186,10 @@ Schema.prototype.path = function(path, obj) {
     }
     if (typeof branch[sub] !== 'object') {
       const msg = 'Cannot set nested path `' + path + '`. '
-          + 'Parent path `'
-          + fullPath
-          + '` already set to type ' + branch[sub].name
-          + '.';
+        + 'Parent path `'
+        + fullPath
+        + '` already set to type ' + branch[sub].name
+        + '.';
       throw new Error(msg);
     }
     branch = branch[sub];
@@ -1375,6 +1457,16 @@ Schema.prototype.interpretAsType = function(path, obj, options) {
   let type = obj[options.typeKey] && (obj[options.typeKey] instanceof Function || options.typeKey !== 'type' || !obj.type.type)
     ? obj[options.typeKey]
     : {};
+
+  if (type instanceof SchemaType) {
+    if (type.path === path) {
+      return type;
+    }
+    const clone = type.clone();
+    clone.path = path;
+    return clone;
+  }
+
   let name;
 
   if (utils.isPOJO(type) || type === 'mixed') {
@@ -1404,8 +1496,8 @@ Schema.prototype.interpretAsType = function(path, obj, options) {
       return new MongooseTypes.DocumentArray(path, cast, obj);
     }
     if (cast &&
-        cast[options.typeKey] &&
-        cast[options.typeKey].instanceOfSchema) {
+      cast[options.typeKey] &&
+      cast[options.typeKey].instanceOfSchema) {
       if (!(cast[options.typeKey] instanceof Schema)) {
         if (this.options._isMerging) {
           cast[options.typeKey] = new Schema(cast[options.typeKey]);
@@ -1739,7 +1831,7 @@ Schema.prototype.hasMixedParent = function(path) {
   for (let i = 0; i < subpaths.length; ++i) {
     path = i > 0 ? path + '.' + subpaths[i] : subpaths[i];
     if (this.paths.hasOwnProperty(path) &&
-        this.paths[path] instanceof MongooseTypes.Mixed) {
+      this.paths[path] instanceof MongooseTypes.Mixed) {
       return this.paths[path];
     }
   }
@@ -2516,6 +2608,8 @@ Schema.prototype.remove = function(path) {
 
       delete this.paths[name];
       _deletePath(this, name);
+
+      this._removeEncryptedField(name);
     }, this);
   }
   return this;
@@ -2611,9 +2705,9 @@ Schema.prototype.removeVirtual = function(path) {
 Schema.prototype.loadClass = function(model, virtualsOnly) {
   // Stop copying when hit certain base classes
   if (model === Object.prototype ||
-      model === Function.prototype ||
-      model.prototype.hasOwnProperty('$isMongooseModelPrototype') ||
-      model.prototype.hasOwnProperty('$isMongooseDocumentPrototype')) {
+    model === Function.prototype ||
+    model.prototype.hasOwnProperty('$isMongooseModelPrototype') ||
+    model.prototype.hasOwnProperty('$isMongooseDocumentPrototype')) {
     return this;
   }