JS driver v1.1.0-M02: Checking in transpiled files for bower

Author: Neo Technology Build Agent

lib/browser/neo4j-web.js

@@ -213,6 +213,13 @@ var _ConnectionStreamObserver = (function (_StreamObserver) {
         this._hasFailed = true;
       }
     }
+  }, {
+    key: 'onCompleted',
+    value: function onCompleted(message) {
+      if (this._driver.onCompleted) {
+        this._driver.onCompleted(message);
+      }
+    }
   }]);
 
   return _ConnectionStreamObserver;
@@ -248,15 +255,18 @@ var USER_AGENT = "neo4j-javascript/" + _version.VERSION;
  *       // This means that by default, connections "just work" while still giving you
  *       // good encrypted protection.
  *       //
- *       // TRUST_SIGNED_CERTIFICATES is the classic approach to trust verification -
+ *       // TRUST_CUSTOM_CA_SIGNED_CERTIFICATES is the classic approach to trust verification -
  *       // whenever we establish an encrypted connection, we ensure the host is using
  *       // an encryption certificate that is in, or is signed by, a certificate listed
  *       // as trusted. In the web bundle, this list of trusted certificates is maintained
  *       // by the web browser. In NodeJS, you configure the list with the next config option.
- *       trust: "TRUST_ON_FIRST_USE" | "TRUST_SIGNED_CERTIFICATES",
+ *       //
+ *       // TRUST_SYSTEM_CA_SIGNED_CERTIFICATES meand that you trust whatever certificates
+ *       // are in the default certificate chain of th
+ *       trust: "TRUST_ON_FIRST_USE" | "TRUST_SIGNED_CERTIFICATES" | TRUST_CUSTOM_CA_SIGNED_CERTIFICATES | TRUST_SYSTEM_CA_SIGNED_CERTIFICATES,
  *
  *       // List of one or more paths to trusted encryption certificates. This only
- *       // works in the NodeJS bundle, and only matters if you use "TRUST_SIGNED_CERTIFICATES".
+ *       // works in the NodeJS bundle, and only matters if you use "TRUST_CUSTOM_CA_SIGNED_CERTIFICATES".
  *       // The certificate files should be in regular X.509 PEM format.
  *       // For instance, ['./trusted.pem']
  *       trustedCertificates: [],

lib/browser/neo4j-web.min.js

@@ -23,6 +23,8 @@ Object.defineProperty(exports, '__esModule', {
   value: true
 });
 
+function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { 'default': obj }; }
+
 var _integer = require('./integer');
 
 var _driver = require('./driver');
@@ -31,22 +33,51 @@ var _graphTypes = require('./graph-types');
 
 var _error = require('./error');
 
+var _result = require('./result');
+
+var _result2 = _interopRequireDefault(_result);
+
+var _resultSummary = require('./result-summary');
+
+var _resultSummary2 = _interopRequireDefault(_resultSummary);
+
+var _record = require('./record');
+
 exports['default'] = {
   driver: _driver.driver,
   int: _integer.int,
   isInt: _integer.isInt,
   Neo4jError: _error.Neo4jError,
   auth: {
     basic: function basic(username, password) {
-      return { scheme: "basic", principal: username, credentials: password };
+      var realm = arguments.length <= 2 || arguments[2] === undefined ? undefined : arguments[2];
+
+      if (realm) {
+        return { scheme: "basic", principal: username, credentials: password, realm: realm };
+      } else {
+        return { scheme: "basic", principal: username, credentials: password };
+      }
+    },
+    custom: function custom(principal, credentials, realm, scheme) {
+      var parameters = arguments.length <= 4 || arguments[4] === undefined ? undefined : arguments[4];
+
+      if (parameters) {
+        return { scheme: scheme, principal: principal, credentials: credentials, realm: realm,
+          parameters: parameters };
+      } else {
+        return { scheme: scheme, principal: principal, credentials: credentials, realm: realm };
+      }
     }
   },
   types: {
     Node: _graphTypes.Node,
     Relationship: _graphTypes.Relationship,
     UnboundRelationship: _graphTypes.UnboundRelationship,
     PathSegment: _graphTypes.PathSegment,
-    Path: _graphTypes.Path
+    Path: _graphTypes.Path,
+    Result: _result2['default'],
+    ResultSummary: _resultSummary2['default'],
+    Record: _record.Record
   }
 };
 module.exports = exports['default'];

lib/browser/neo4j-web.test.js

@@ -64,16 +64,35 @@ function userHome() {
   return process.env[process.platform == 'win32' ? 'USERPROFILE' : 'HOME'];
 }
 
+function mkFullPath(pathToCreate) {
+  try {
+    _fs2['default'].mkdirSync(pathToCreate);
+  } catch (e) {
+    if (e.code === 'ENOENT') {
+      // Create parent dir
+      mkFullPath(_path2['default'].dirname(pathToCreate));
+      // And now try again
+      mkFullPath(pathToCreate);
+      return;
+    }
+    if (e.code === 'EEXIST') {
+      return;
+    }
+    throw e;
+  }
+}
+
 function loadFingerprint(serverId, knownHostsPath, cb) {
-  if (!_fs2['default'].existsSync(knownHostsPath)) {
-    cb(null);
-    return;
+  try {
+    _fs2['default'].accessSync(knownHostsPath);
+  } catch (e) {
+    return cb(null);
   }
   var found = false;
   require('readline').createInterface({
     input: _fs2['default'].createReadStream(knownHostsPath)
   }).on('line', function (line) {
-    if (line.startsWith(serverId)) {
+    if (!found && line.startsWith(serverId)) {
       found = true;
       cb(line.split(" ")[1]);
     }
@@ -84,31 +103,77 @@ function loadFingerprint(serverId, knownHostsPath, cb) {
   });
 }
 
-function storeFingerprint(serverId, knownHostsPath, fingerprint) {
+var _lockFingerprintFromAppending = {};
+function storeFingerprint(serverId, knownHostsPath, fingerprint, cb) {
+  // we check if the serverId has been appended
+  if (!!_lockFingerprintFromAppending[serverId]) {
+    // if it has, we ignore it
+    return cb(null);
+  }
+
+  // we make the line as appended
+  // ( 1 is more efficient to store than true because true is an oddball )
+  _lockFingerprintFromAppending[serverId] = 1;
+
+  // If file doesn't exist, create full path to it
+  try {
+    _fs2['default'].accessSync(knownHostsPath);
+  } catch (_) {
+    mkFullPath(_path2['default'].dirname(knownHostsPath));
+  }
+
   _fs2['default'].appendFile(knownHostsPath, serverId + " " + fingerprint + _os.EOL, "utf8", function (err) {
+    delete _lockFingerprintFromAppending[serverId];
     if (err) {
       console.log(err);
     }
+    return cb(err);
   });
 }
 
 var TrustStrategy = {
+  /**
+   * @deprecated Since version 1.0. Will be deleted in a future version. TRUST_CUSTOM_CA_SIGNED_CERTIFICATES.
+   */
   TRUST_SIGNED_CERTIFICATES: function TRUST_SIGNED_CERTIFICATES(opts, onSuccess, onFailure) {
+    console.log("`TRUST_SIGNED_CERTIFICATES` has been deprecated as option and will be removed in a future version of " + "the driver. Pleas use `TRUST_CUSTOM_CA_SIGNED_CERTIFICATES` instead.");
+    return TrustStrategy.TRUST_CUSTOM_CA_SIGNED_CERTIFICATES(opts, onSuccess, onFailure);
+  },
+  TRUST_CUSTOM_CA_SIGNED_CERTIFICATES: function TRUST_CUSTOM_CA_SIGNED_CERTIFICATES(opts, onSuccess, onFailure) {
     if (!opts.trustedCertificates || opts.trustedCertificates.length == 0) {
-      onFailure((0, _error.newError)("You are using TRUST_SIGNED_CERTIFICATES as the method " + "to verify trust for encrypted  connections, but have not configured any " + "trustedCertificates. You  must specify the path to at least one trusted " + "X.509 certificate for this to work. Two other alternatives is to use " + "TRUST_ON_FIRST_USE or to disable encryption by setting encrypted=\"" + _util.ENCRYPTION_OFF + "\"" + "in your driver configuration."));
+      onFailure((0, _error.newError)("You are using TRUST_CUSTOM_CA_SIGNED_CERTIFICATES as the method " + "to verify trust for encrypted  connections, but have not configured any " + "trustedCertificates. You  must specify the path to at least one trusted " + "X.509 certificate for this to work. Two other alternatives is to use " + "TRUST_ON_FIRST_USE or to disable encryption by setting encrypted=\"" + _util.ENCRYPTION_OFF + "\"" + "in your driver configuration."));
       return;
     }
 
     var tlsOpts = {
-      ca: opts.trustedCertificates.map(_fs2['default'].readFileSync),
+      ca: opts.trustedCertificates.map(function (f) {
+        return _fs2['default'].readFileSync(f);
+      }),
       // Because we manually check for this in the connect callback, to give
       // a more helpful error to the user
       rejectUnauthorized: false
     };
 
     var socket = _tls2['default'].connect(opts.port, opts.host, tlsOpts, function () {
       if (!socket.authorized) {
-        onFailure((0, _error.newError)("Server certificate is not trusted. If you trust the database you are connecting to, add" + " the signing certificate, or the server certificate, to the list of certificates trusted by this driver" + " using `neo4j.v1.driver(.., { trustedCertificates:['path/to/certificate.crt']}). This " + " is a security measure to protect against man-in-the-middle attacks. If you are just trying " + " Neo4j out and are not concerned about encryption, simply disable it using `encrypted=\"" + _util.ENCRYPTION_OFF + "\"` in the driver" + " options."));
+        onFailure((0, _error.newError)("Server certificate is not trusted. If you trust the database you are connecting to, add" + " the signing certificate, or the server certificate, to the list of certificates trusted by this driver" + " using `neo4j.v1.driver(.., { trustedCertificates:['path/to/certificate.crt']}). This " + " is a security measure to protect against man-in-the-middle attacks. If you are just trying " + " Neo4j out and are not concerned about encryption, simply disable it using `encrypted=\"" + _util.ENCRYPTION_OFF + "\"`" + " in the driver options. Socket responded with: " + socket.authorizationError));
+      } else {
+        onSuccess();
+      }
+    });
+    socket.on('error', onFailure);
+    return socket;
+  },
+  TRUST_SYSTEM_CA_SIGNED_CERTIFICATES: function TRUST_SYSTEM_CA_SIGNED_CERTIFICATES(opts, onSuccess, onFailure) {
+
+    var tlsOpts = {
+      // Because we manually check for this in the connect callback, to give
+      // a more helpful error to the user
+      rejectUnauthorized: false
+    };
+    var socket = _tls2['default'].connect(opts.port, opts.host, tlsOpts, function () {
+      if (!socket.authorized) {
+        onFailure((0, _error.newError)("Server certificate is not trusted. If you trust the database you are connecting to, use " + "TRUST_CUSTOM_CA_SIGNED_CERTIFICATES and add" + " the signing certificate, or the server certificate, to the list of certificates trusted by this driver" + " using `neo4j.v1.driver(.., { trustedCertificates:['path/to/certificate.crt']}). This " + " is a security measure to protect against man-in-the-middle attacks. If you are just trying " + " Neo4j out and are not concerned about encryption, simply disable it using `encrypted=\"" + _util.ENCRYPTION_OFF + "\"`" + " in the driver options. Socket responded with: " + socket.authorizationError));
       } else {
         onSuccess();
       }
@@ -130,7 +195,7 @@ var TrustStrategy = {
         // the raw cert cannot be accessed (or, at least I couldn't find a way to)
         // therefore, we can't generate a SHA512 fingerprint, meaning we can't
         // do TOFU, and the safe approach is to fail.
-        onFailure((0, _error.newError)("You are using a version of NodeJS that does not " + "support trust-on-first use encryption. You can either upgrade NodeJS to " + "a newer version, use `trust:TRUST_SIGNED_CERTIFICATES` in your driver " + "config instead, or disable encryption using `encrypted:\"" + _util.ENCRYPTION_OFF + "\"`."));
+        onFailure((0, _error.newError)("You are using a version of NodeJS that does not " + "support trust-on-first use encryption. You can either upgrade NodeJS to " + "a newer version, use `trust:TRUST_CUSTOM_CA_SIGNED_CERTIFICATES` in your driver " + "config instead, or disable encryption using `encrypted:\"" + _util.ENCRYPTION_OFF + "\"`."));
         return;
       }
 
@@ -142,8 +207,12 @@ var TrustStrategy = {
         if (knownFingerprint === serverFingerprint) {
           onSuccess();
         } else if (knownFingerprint == null) {
-          storeFingerprint(serverId, knownHostsPath, serverFingerprint);
-          onSuccess();
+          storeFingerprint(serverId, knownHostsPath, serverFingerprint, function (err) {
+            if (err) {
+              return onFailure(err);
+            }
+            return onSuccess();
+          });
         } else {
           onFailure((0, _error.newError)("Database encryption certificate has changed, and no longer " + "matches the certificate stored for " + serverId + " in `" + knownHostsPath + "`. As a security precaution, this driver will not automatically trust the new " + "certificate, because doing so would allow an attacker to pretend to be the Neo4j " + "instance we want to connect to. The certificate provided by the server looks like: " + serverCert + ". If you trust that this certificate is valid, simply remove the line " + "starting with " + serverId + " in `" + knownHostsPath + "`, and the driver will " + "update the file with the new certificate. You can configure which file the driver " + "should use to store this information by setting `knownHosts` to another path in " + "your driver configuration - and you can disable encryption there as well using " + "`encrypted:\"" + _util.ENCRYPTION_OFF + "\"`."));
         }
@@ -167,7 +236,7 @@ function connect(opts, onSuccess) {
   } else if (TrustStrategy[opts.trust]) {
     return TrustStrategy[opts.trust](opts, onSuccess, onFailure);
   } else {
-    onFailure((0, _error.newError)("Unknown trust strategy: " + opts.trust + ". Please use either " + "trust:'TRUST_SIGNED_CERTIFICATES' or trust:'TRUST_ON_FIRST_USE' in your driver " + "configuration. Alternatively, you can disable encryption by setting " + "`encrypted:\"" + _util.ENCRYPTION_OFF + "\"`. There is no mechanism to use encryption without trust verification, " + "because this incurs the overhead of encryption without improving security. If " + "the driver does not verify that the peer it is connected to is really Neo4j, it " + "is very easy for an attacker to bypass the encryption by pretending to be Neo4j."));
+    onFailure((0, _error.newError)("Unknown trust strategy: " + opts.trust + ". Please use either " + "trust:'TRUST_CUSTOM_CA_SIGNED_CERTIFICATES' or trust:'TRUST_ON_FIRST_USE' in your driver " + "configuration. Alternatively, you can disable encryption by setting " + "`encrypted:\"" + _util.ENCRYPTION_OFF + "\"`. There is no mechanism to use encryption without trust verification, " + "because this incurs the overhead of encryption without improving security. If " + "the driver does not verify that the peer it is connected to is really Neo4j, it " + "is very easy for an attacker to bypass the encryption by pretending to be Neo4j."));
   }
 }
 
@@ -211,6 +280,7 @@ var NodeChannel = (function () {
       });
 
       self._conn.on('error', self._handleConnectionError);
+      self._conn.on('end', self._handleConnectionTerminated);
 
       // Drain all pending messages
       var pending = self._pending;
@@ -229,6 +299,14 @@ var NodeChannel = (function () {
         this.onerror(err);
       }
     }
+  }, {
+    key: '_handleConnectionTerminated',
+    value: function _handleConnectionTerminated() {
+      this._error = new Error('Connection was closed by server');
+      if (this.onerror) {
+        this.onerror(this._error);
+      }
+    }
   }, {
     key: 'isEncrypted',
     value: function isEncrypted() {
@@ -268,6 +346,7 @@ var NodeChannel = (function () {
       this._open = false;
       if (this._conn) {
         this._conn.end();
+        this._conn.removeListener('end', this._handleConnectionTerminated);
         this._conn.on('end', cb);
       } else {
         cb();

lib/v1/driver.js

@@ -62,10 +62,10 @@ var WebSocketChannel = (function () {
     var scheme = "ws";
     //Allow boolean for backwards compatibility
     if (opts.encrypted === true || opts.encrypted === _util.ENCRYPTION_ON || opts.encrypted === _util.ENCRYPTION_NON_LOCAL && !(0, _util.isLocalHost)(opts.host)) {
-      if (!opts.trust || opts.trust === "TRUST_SIGNED_CERTIFICATES") {
+      if (!opts.trust || opts.trust === "TRUST_CUSTOM_CA_SIGNED_CERTIFICATES") {
         scheme = "wss";
       } else {
-        this._error = (0, _error.newError)("The browser version of this driver only supports one trust " + "strategy, 'TRUST_SIGNED_CERTIFICATES'. " + opts.trust + " is not supported. Please " + "either use TRUST_SIGNED_CERTIFICATES or disable encryption by setting " + "`encrypted:\"" + _util.ENCRYPTION_OFF + "\"` in the driver configuration.");
+        this._error = (0, _error.newError)("The browser version of this driver only supports one trust " + "strategy, 'TRUST_CUSTOM_CA_SIGNED_CERTIFICATES'. " + opts.trust + " is not supported. Please " + "either use TRUST_CUSTOM_CA_SIGNED_CERTIFICATES or disable encryption by setting " + "`encrypted:\"" + _util.ENCRYPTION_OFF + "\"` in the driver configuration.");
         return;
       }
     }

lib/v1/index.js

@@ -380,6 +380,7 @@ var Connection = (function () {
         return _this2._handleFatalError(err);
       });
       this._chunker.messageBoundary();
+      this.sync();
     }
 
     /** Queue a RUN-message to be sent to the database */
@@ -533,7 +534,7 @@ function connect(url) {
     // Default to using ENCRYPTION_NON_LOCAL if trust-on-first-use is available
     encrypted: (0, _util.shouldEncrypt)(config.encrypted, (0, _features2["default"])("trust_on_first_use") ? _util.ENCRYPTION_NON_LOCAL : _util.ENCRYPTION_OFF, host(url)),
     // Default to using TRUST_ON_FIRST_USE if it is available
-    trust: config.trust || ((0, _features2["default"])("trust_on_first_use") ? "TRUST_ON_FIRST_USE" : "TRUST_SIGNED_CERTIFICATES"),
+    trust: config.trust || ((0, _features2["default"])("trust_on_first_use") ? "TRUST_ON_FIRST_USE" : "TRUST_CUSTOM_CA_SIGNED_CERTIFICATES"),
     trustedCertificates: config.trustedCertificates || [],
     knownHosts: config.knownHosts
   }));

lib/v1/internal/ch-node.js

@@ -63,11 +63,16 @@ var Pool = (function () {
   _createClass(Pool, [{
     key: "acquire",
     value: function acquire() {
-      if (this._pool.length > 0) {
-        return this._pool.pop();
-      } else {
-        return this._create(this._release);
+      var resource = undefined;
+      while (this._pool.length) {
+        resource = this._pool.pop();
+
+        if (this._validate(resource)) {
+          return resource;
+        }
       }
+
+      return this._create(this._release);
     }
   }, {
     key: "_release",

lib/v1/internal/ch-websocket.js

@@ -47,10 +47,15 @@ var ResultSummary = (function () {
 
     this.statement = { text: statement, parameters: parameters };
     this.statementType = metadata.type;
-    this.updateStatistics = new StatementStatistics(metadata.stats || {});
+    var counters = new StatementStatistics(metadata.stats || {});
+    this.counters = counters;
+    //for backwards compatibility, remove in future version
+    this.updateStatistics = counters;
     this.plan = metadata.plan || metadata.profile ? new Plan(metadata.plan || metadata.profile) : false;
     this.profile = metadata.profile ? new ProfiledPlan(metadata.profile) : false;
     this.notifications = this._buildNotifications(metadata.notifications);
+    this.resultConsumedAfter = metadata.result_consumed_after;
+    this.resultAvailableAfter = metadata.result_available_after;
   }
 
   /**