diff --git a/backend/package-lock.json b/backend/package-lock.json index c8169657d..6b7d89b70 100644 --- a/backend/package-lock.json +++ b/backend/package-lock.json @@ -42,7 +42,7 @@ "lodash-es": "^4.17.21", "mjml": "5.0.0-alpha.6", "mongodb": "^6.15.0", - "mongoose": "7.8.6", + "mongoose": "8.13.1", "mongoose-delete": "^1.0.2", "morgan": "^1.10.0", "nanoid": "^5.1.5", @@ -8611,6 +8611,8 @@ "resolved": "https://registry.npmjs.org/ip-address/-/ip-address-9.0.5.tgz", "integrity": "sha512-zHtQzGojZXTwZTHQqra+ETKd4Sn3vgi7uBmlPoXVWZqYvuKmtI0l/VZTjqGmJY9x88GGOaZ9+G9ES8hC4T4X8g==", "license": "MIT", + "optional": true, + "peer": true, "dependencies": { "jsbn": "1.1.0", "sprintf-js": "^1.1.3" @@ -8827,7 +8829,9 @@ "version": "1.1.0", "resolved": "https://registry.npmjs.org/jsbn/-/jsbn-1.1.0.tgz", "integrity": "sha512-4bYVV3aAMtDTTu4+xsDYa6sy9GyJ69/amsu9sYF2zqjiEoZA5xJi3BrfX3uY+/IekIu7MwdObdbDWpoZdBv3/A==", - "license": "MIT" + "license": "MIT", + "optional": true, + "peer": true }, "node_modules/json-bigint": { "version": "1.0.0", @@ -9038,9 +9042,9 @@ } }, "node_modules/kareem": { - "version": "2.5.1", - "resolved": "https://registry.npmjs.org/kareem/-/kareem-2.5.1.tgz", - "integrity": "sha512-7jFxRVm+jD+rkq3kY0iZDJfsO2/t4BBPeEb2qKn2lR/9KhuksYk5hxzfRYWMPV8P/x2d0kHD306YyWLzjjH+uA==", + "version": "2.6.3", + "resolved": "https://registry.npmjs.org/kareem/-/kareem-2.6.3.tgz", + "integrity": "sha512-C3iHfuGUXK2u8/ipq9LfjFfXFxAZMQJJq7vLS45r3D9Y2xQ/m4S8zaR4zMLFWh9AsNPXmcFfUDhTEO8UIC/V6Q==", "license": "Apache-2.0", "engines": { "node": ">=12.0.0" @@ -9922,21 +9926,21 @@ } }, "node_modules/mongoose": { - "version": "7.8.6", - "resolved": "https://registry.npmjs.org/mongoose/-/mongoose-7.8.6.tgz", - "integrity": "sha512-1oVPRHvcmPVwk/zeSTEzayzQEVeYQM1D5zrkLsttfNNB7pPRUmkKeFu6gpbvyEswOuZLrWJjqB8kSTY+k2AZOA==", + "version": "8.13.1", + "resolved": "https://registry.npmjs.org/mongoose/-/mongoose-8.13.1.tgz", + "integrity": "sha512-sRqlXI+6jhr9/KicCOjet1VVPONFsOxTrh14tfueX5y3GJ2ihswc5ewUUojuwdSS/5koGXLIPmGivDSApVXflA==", "license": "MIT", "dependencies": { - "bson": "^5.5.0", - "kareem": "2.5.1", - "mongodb": "5.9.2", + "bson": "^6.10.3", + "kareem": "2.6.3", + "mongodb": "~6.15.0", "mpath": "0.9.0", "mquery": "5.0.0", "ms": "2.1.3", - "sift": "16.0.1" + "sift": "17.1.3" }, "engines": { - "node": ">=14.20.1" + "node": ">=16.20.1" }, "funding": { "type": "opencollective", @@ -9952,101 +9956,6 @@ "mongoose": "5.x || 6.x || 7.x || 8.x" } }, - "node_modules/mongoose/node_modules/@types/whatwg-url": { - "version": "8.2.2", - "resolved": "https://registry.npmjs.org/@types/whatwg-url/-/whatwg-url-8.2.2.tgz", - "integrity": "sha512-FtQu10RWgn3D9U4aazdwIE2yzphmTJREDqNdODHrbrZmmMqI0vMheC/6NE/J1Yveaj8H+ela+YwWTjq5PGmuhA==", - "license": "MIT", - "dependencies": { - "@types/node": "*", - "@types/webidl-conversions": "*" - } - }, - "node_modules/mongoose/node_modules/bson": { - "version": "5.5.1", - "resolved": "https://registry.npmjs.org/bson/-/bson-5.5.1.tgz", - "integrity": "sha512-ix0EwukN2EpC0SRWIj/7B5+A6uQMQy6KMREI9qQqvgpkV2frH63T0UDVd1SYedL6dNCmDBYB3QtXi4ISk9YT+g==", - "license": "Apache-2.0", - "engines": { - "node": ">=14.20.1" - } - }, - "node_modules/mongoose/node_modules/mongodb": { - "version": "5.9.2", - "resolved": "https://registry.npmjs.org/mongodb/-/mongodb-5.9.2.tgz", - "integrity": "sha512-H60HecKO4Bc+7dhOv4sJlgvenK4fQNqqUIlXxZYQNbfEWSALGAwGoyJd/0Qwk4TttFXUOHJ2ZJQe/52ScaUwtQ==", - "license": "Apache-2.0", - "dependencies": { - "bson": "^5.5.0", - "mongodb-connection-string-url": "^2.6.0", - "socks": "^2.7.1" - }, - "engines": { - "node": ">=14.20.1" - }, - "optionalDependencies": { - "@mongodb-js/saslprep": "^1.1.0" - }, - "peerDependencies": { - "@aws-sdk/credential-providers": "^3.188.0", - "@mongodb-js/zstd": "^1.0.0", - "kerberos": "^1.0.0 || ^2.0.0", - "mongodb-client-encryption": ">=2.3.0 <3", - "snappy": "^7.2.2" - }, - "peerDependenciesMeta": { - "@aws-sdk/credential-providers": { - "optional": true - }, - "@mongodb-js/zstd": { - "optional": true - }, - "kerberos": { - "optional": true - }, - "mongodb-client-encryption": { - "optional": true - }, - "snappy": { - "optional": true - } - } - }, - "node_modules/mongoose/node_modules/mongodb-connection-string-url": { - "version": "2.6.0", - "resolved": "https://registry.npmjs.org/mongodb-connection-string-url/-/mongodb-connection-string-url-2.6.0.tgz", - "integrity": "sha512-WvTZlI9ab0QYtTYnuMLgobULWhokRjtC7db9LtcVfJ+Hsnyr5eo6ZtNAt3Ly24XZScGMelOcGtm7lSn0332tPQ==", - "license": "Apache-2.0", - "dependencies": { - "@types/whatwg-url": "^8.2.1", - "whatwg-url": "^11.0.0" - } - }, - "node_modules/mongoose/node_modules/tr46": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/tr46/-/tr46-3.0.0.tgz", - "integrity": "sha512-l7FvfAHlcmulp8kr+flpQZmVwtu7nfRV7NZujtN0OqES8EL4O4e0qqzL0DC5gAvx/ZC/9lk6rhcUwYvkBnBnYA==", - "license": "MIT", - "dependencies": { - "punycode": "^2.1.1" - }, - "engines": { - "node": ">=12" - } - }, - "node_modules/mongoose/node_modules/whatwg-url": { - "version": "11.0.0", - "resolved": "https://registry.npmjs.org/whatwg-url/-/whatwg-url-11.0.0.tgz", - "integrity": "sha512-RKT8HExMpoYx4igMiVMY83lN6UeITKJlBQ+vR/8ZJ8OCdSiN3RwCq+9gH0+Xzj0+5IrM6i4j/6LuvzbZIQgEcQ==", - "license": "MIT", - "dependencies": { - "tr46": "^3.0.0", - "webidl-conversions": "^7.0.0" - }, - "engines": { - "node": ">=12" - } - }, "node_modules/morgan": { "version": "1.10.0", "resolved": "https://registry.npmjs.org/morgan/-/morgan-1.10.0.tgz", @@ -12075,9 +11984,9 @@ } }, "node_modules/sift": { - "version": "16.0.1", - "resolved": "https://registry.npmjs.org/sift/-/sift-16.0.1.tgz", - "integrity": "sha512-Wv6BjQ5zbhW7VFefWusVP33T/EM0vYikCaQ2qR8yULbsilAT8/wQaXvuQ3ptGLpoKx+lihJE3y2UTgKDyyNHZQ==", + "version": "17.1.3", + "resolved": "https://registry.npmjs.org/sift/-/sift-17.1.3.tgz", + "integrity": "sha512-Rtlj66/b0ICeFzYTuNvX/EF1igRbbnGSvEyT79McoZa/DeGhMyC5pWKOEsZKnpkqtSeovd5FL/bjHWC3CIIvCQ==", "license": "MIT" }, "node_modules/siginfo": { @@ -12126,6 +12035,8 @@ "resolved": "https://registry.npmjs.org/smart-buffer/-/smart-buffer-4.2.0.tgz", "integrity": "sha512-94hK0Hh8rPqQl2xXc3HsaBoOXKV20MToPkcXvwbISWLEs+64sBq5kFgn2kJDHb1Pry9yrP0dxrCI9RRci7RXKg==", "license": "MIT", + "optional": true, + "peer": true, "engines": { "node": ">= 6.0.0", "npm": ">= 3.0.0" @@ -12136,6 +12047,8 @@ "resolved": "https://registry.npmjs.org/socks/-/socks-2.8.4.tgz", "integrity": "sha512-D3YaD0aRxR3mEcqnidIs7ReYJFVzWdd6fXJYUM8ixcQcJRGTka/b3saV0KflYhyVJXKhb947GndU35SxYNResQ==", "license": "MIT", + "optional": true, + "peer": true, "dependencies": { "ip-address": "^9.0.5", "smart-buffer": "^4.2.0" @@ -12167,7 +12080,9 @@ "version": "1.1.3", "resolved": "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.1.3.tgz", "integrity": "sha512-Oo+0REFV59/rz3gfJNKQiBlwfHaSESl1pcGyABQsnnIfWOFt6JNj5gCog2U6MLZ//IGYD+nA8nI+mTShREReaA==", - "license": "BSD-3-Clause" + "license": "BSD-3-Clause", + "optional": true, + "peer": true }, "node_modules/stack-chain": { "version": "1.3.7", diff --git a/backend/package.json b/backend/package.json index 8ff8edaa9..33c341352 100644 --- a/backend/package.json +++ b/backend/package.json @@ -53,7 +53,7 @@ "lodash-es": "^4.17.21", "mjml": "5.0.0-alpha.6", "mongodb": "^6.15.0", - "mongoose": "7.8.6", + "mongoose": "8.13.1", "mongoose-delete": "^1.0.2", "morgan": "^1.10.0", "nanoid": "^5.1.5", diff --git a/backend/src/connectors/authorisation/base.ts b/backend/src/connectors/authorisation/base.ts index 2d95303bc..9b9b29ca3 100644 --- a/backend/src/connectors/authorisation/base.ts +++ b/backend/src/connectors/authorisation/base.ts @@ -1,7 +1,7 @@ import { AccessRequestDoc } from '../../models/AccessRequest.js' import { FileInterface } from '../../models/File.js' import { EntryVisibility, ModelDoc } from '../../models/Model.js' -import { ReleaseDoc } from '../../models/Release.js' +import { ReleaseDoc, ReleaseInterface } from '../../models/Release.js' import { ResponseDoc } from '../../models/Response.js' import { SchemaDoc } from '../../models/Schema.js' import { UserInterface } from '../../models/User.js' @@ -178,7 +178,7 @@ export class BasicAuthorisationConnector { async releases( user: UserInterface, model: ModelDoc, - releases: Array, + releases: Array, action: ReleaseActionKeys, ): Promise> { // We don't have any specific roles dedicated to releases, so we pass it through to the model authorisation checker. diff --git a/backend/src/models/Token.ts b/backend/src/models/Token.ts index 694b4b89c..3c52252d1 100644 --- a/backend/src/models/Token.ts +++ b/backend/src/models/Token.ts @@ -1,6 +1,6 @@ import bcrypt from 'bcryptjs' import { createHash } from 'crypto' -import { model, Schema } from 'mongoose' +import { model, ObjectId, Schema } from 'mongoose' import MongooseDelete, { SoftDeleteDocument } from 'mongoose-delete' import { BadReq } from '../utils/error.js' @@ -53,6 +53,8 @@ export type HashTypeKeys = (typeof HashType)[keyof typeof HashType] // It should be used for plain object representations, e.g. for sending to the // client. export interface TokenInterface { + _id: ObjectId + user: string description: string diff --git a/backend/src/services/token.ts b/backend/src/services/token.ts index 7f7bfe8c8..60568a839 100644 --- a/backend/src/services/token.ts +++ b/backend/src/services/token.ts @@ -127,7 +127,7 @@ export async function validateTokenForUse(token: TokenDoc | undefined, action: T if (token.scope === TokenScope.Models) { return { - id: token._id, + id: token._id.toString(), success: false, info: 'This token must not have model restrictions for this endpoint', } @@ -135,14 +135,14 @@ export async function validateTokenForUse(token: TokenDoc | undefined, action: T if (token.actions && !token.actions.includes(action)) { return { - id: token._id, + id: token._id.toString(), success: false, info: 'This token may not be used for this action', } } return { - id: token._id, + id: token._id.toString(), success: true, } }