From babf7d13663002a76ddb7bffbbb87957d99923f1 Mon Sep 17 00:00:00 2001 From: Durran Jordan Date: Wed, 7 May 2025 18:27:45 +0200 Subject: [PATCH 1/5] feat(NODE-6947): add keyExpirationMS to bindings --- addon/mongocrypt.cc | 5 +++++ package.json | 2 +- src/index.ts | 2 ++ 3 files changed, 8 insertions(+), 1 deletion(-) diff --git a/addon/mongocrypt.cc b/addon/mongocrypt.cc index 32f1a60..a711e70 100644 --- a/addon/mongocrypt.cc +++ b/addon/mongocrypt.cc @@ -571,6 +571,11 @@ MongoCrypt::MongoCrypt(const CallbackInfo& info) : ObjectWrap(info) { mongocrypt_setopt_bypass_query_analysis(mongo_crypt()); } + if (options.Has("keyExpirationMS")) { + mongocrypt_setopt_key_expiration( + mongo_crypt(), options.Get("keyExpirationMS").ToNumber().Int64Value()); + } + mongocrypt_setopt_use_range_v2(mongo_crypt()); mongocrypt_setopt_use_need_kms_credentials_state(mongo_crypt()); diff --git a/package.json b/package.json index 3ab508a..11cd597 100644 --- a/package.json +++ b/package.json @@ -35,7 +35,7 @@ }, "license": "Apache-2.0", "gypfile": true, - "mongodb:libmongocrypt": "1.13.0", + "mongodb:libmongocrypt": "1.14.0", "dependencies": { "node-addon-api": "^4.3.0", "prebuild-install": "^7.1.3" diff --git a/src/index.ts b/src/index.ts index d75449a..75320d1 100644 --- a/src/index.ts +++ b/src/index.ts @@ -67,6 +67,8 @@ type MongoCryptConstructorOptions = { cryptSharedLibSearchPaths?: string[]; cryptSharedLibPath?: string; bypassQueryAnalysis?: boolean; + /** Configure the time to expire the DEK from the cache. */ + keyExpirationMS: number; /** TODO(NODE-6793): remove this option and have it always set in the next major */ enableMultipleCollinfo?: boolean; }; From 7c1e83e04c09c7289573915b4d420b12855a6b0a Mon Sep 17 00:00:00 2001 From: Durran Jordan Date: Wed, 7 May 2025 18:50:42 +0200 Subject: [PATCH 2/5] fix: clang format --- addon/mongocrypt.cc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/addon/mongocrypt.cc b/addon/mongocrypt.cc index a711e70..b4c6dfc 100644 --- a/addon/mongocrypt.cc +++ b/addon/mongocrypt.cc @@ -572,8 +572,8 @@ MongoCrypt::MongoCrypt(const CallbackInfo& info) : ObjectWrap(info) { } if (options.Has("keyExpirationMS")) { - mongocrypt_setopt_key_expiration( - mongo_crypt(), options.Get("keyExpirationMS").ToNumber().Int64Value()); + mongocrypt_setopt_key_expiration(mongo_crypt(), + options.Get("keyExpirationMS").ToNumber().Int64Value()); } mongocrypt_setopt_use_range_v2(mongo_crypt()); From cbcfac2446ec647481aa2ad6461a59125b66a53d Mon Sep 17 00:00:00 2001 From: Durran Jordan Date: Wed, 7 May 2025 19:09:02 +0200 Subject: [PATCH 3/5] fix: option is optional --- src/index.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/index.ts b/src/index.ts index 75320d1..ad03fab 100644 --- a/src/index.ts +++ b/src/index.ts @@ -68,7 +68,7 @@ type MongoCryptConstructorOptions = { cryptSharedLibPath?: string; bypassQueryAnalysis?: boolean; /** Configure the time to expire the DEK from the cache. */ - keyExpirationMS: number; + keyExpirationMS?: number; /** TODO(NODE-6793): remove this option and have it always set in the next major */ enableMultipleCollinfo?: boolean; }; From b9699de1e1514de37150241c3c438aadf75711ca Mon Sep 17 00:00:00 2001 From: Durran Jordan Date: Wed, 7 May 2025 19:47:58 +0200 Subject: [PATCH 4/5] test: add unit test --- test/unit/bindings.test.ts | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/test/unit/bindings.test.ts b/test/unit/bindings.test.ts index 7ee2243..38dcf3d 100644 --- a/test/unit/bindings.test.ts +++ b/test/unit/bindings.test.ts @@ -97,6 +97,24 @@ describe('MongoCryptConstructor', () => { }); }); + describe('options.keyExpirationMS', () => { + context('when the number is positive', () => { + it('does not error', () => { + expect( + new MongoCrypt({ kmsProviders: serialize({ aws: {} }), keyExpirationMS: 1000000 }) + ).to.be.instanceOf(MongoCrypt); + }); + }); + + context('when the number is negative', () => { + it('throws an error', () => { + expect(() => { + new MongoCrypt({ kmsProviders: serialize({ aws: {} }), keyExpirationMS: -1000000 }); + }).to.throw(TypeError); + }); + }); + }); + describe('options.encryptedFieldsMap', () => { it('throws when provided and not a Uint8Array', () => { expect( From 2105790ab5a7191bf6e669e64e8ac2dbb0638843 Mon Sep 17 00:00:00 2001 From: Durran Jordan Date: Wed, 7 May 2025 21:42:43 +0200 Subject: [PATCH 5/5] fix: check for non negative value --- addon/mongocrypt.cc | 7 +++++-- test/unit/bindings.test.ts | 2 +- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/addon/mongocrypt.cc b/addon/mongocrypt.cc index b4c6dfc..37c58da 100644 --- a/addon/mongocrypt.cc +++ b/addon/mongocrypt.cc @@ -572,8 +572,11 @@ MongoCrypt::MongoCrypt(const CallbackInfo& info) : ObjectWrap(info) { } if (options.Has("keyExpirationMS")) { - mongocrypt_setopt_key_expiration(mongo_crypt(), - options.Get("keyExpirationMS").ToNumber().Int64Value()); + int64_t keyExpirationMS = options.Get("keyExpirationMS").ToNumber().Int64Value(); + if (keyExpirationMS < 0) { + throw TypeError::New(Env(), "Option `keyExpirationMS` must be a non-negative number"); + } + mongocrypt_setopt_key_expiration(mongo_crypt(), keyExpirationMS); } mongocrypt_setopt_use_range_v2(mongo_crypt()); diff --git a/test/unit/bindings.test.ts b/test/unit/bindings.test.ts index 38dcf3d..75604c4 100644 --- a/test/unit/bindings.test.ts +++ b/test/unit/bindings.test.ts @@ -110,7 +110,7 @@ describe('MongoCryptConstructor', () => { it('throws an error', () => { expect(() => { new MongoCrypt({ kmsProviders: serialize({ aws: {} }), keyExpirationMS: -1000000 }); - }).to.throw(TypeError); + }).to.throw(/must be a non-negative number/); }); }); });