ARSN-425 bump arsenal version

Fix a crash in DelimiterMaster listing without a delimiter, when a key
contains the string "undefined".

Note: a similar fix was done in ARSN-330 for DelimiterVersions. I
ported the existing unit test there to the development/7.10 branch to
enhance regression testing, even though this bug on DelimiterVersions
only existed on 7.70.

.github/workflows/codeql.yaml

@@ -14,12 +14,12 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v2
+        uses: github/codeql-action/init@v3
         with:
           languages: javascript, typescript
 
       - name: Build and analyze
-        uses: github/codeql-action/analyze@v2
+        uses: github/codeql-action/analyze@v3

.github/workflows/dependency-review.yaml

@@ -10,7 +10,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: 'Checkout Repository'
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: 'Dependency Review'
-        uses: actions/dependency-review-action@v3
+        uses: actions/dependency-review-action@v4

.github/workflows/tests.yaml

@@ -31,7 +31,8 @@ jobs:
         node-version: '16'
         cache: 'yarn'
     - name: install dependencies
-      run: yarn install --frozen-lockfile
+      run: yarn install --frozen-lockfile --prefer-offline
+      continue-on-error: true # TODO ARSN-97 Remove it when no errors in TS
     - name: lint yaml
       run: yarn --silent lint_yml
     - name: lint javascript
@@ -45,3 +46,31 @@ jobs:
     - name: run executables tests
       run: yarn install && yarn test
       working-directory: 'lib/executables/pensieveCreds/'
+
+  compile:
+    name: Compile and upload build artifacts
+    needs: test
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v4
+    - name: Install NodeJS
+      uses: actions/setup-node@v4
+      with:
+        node-version: '16'
+        cache: yarn
+    - name: Install dependencies
+      run: yarn install --frozen-lockfile --prefer-offline
+      continue-on-error: true # TODO ARSN-97 Remove it when no errors in TS
+    - name: Compile
+      run: yarn build
+      continue-on-error: true # TODO ARSN-97 Remove it when no errors in TS
+    - name: Upload artifacts
+      uses: scality/action-artifacts@v4
+      with:
+        url: https://artifacts.scality.net
+        user: ${{ secrets.ARTIFACTS_USER }}
+        password: ${{ secrets.ARTIFACTS_PASSWORD }}
+        source: ./build
+        method: upload
+      if: success()

.gitignore

@@ -10,3 +10,9 @@ node_modules/
 *-linux
 *-macos
 
+# Coverage
+coverage/
+.nyc_output/
+
+# TypeScript
+build/

babel.config.js

@@ -0,0 +1,6 @@
+module.exports = {
+    presets: [
+        ['@babel/preset-env', { targets: { node: 'current' } }],
+        '@babel/preset-typescript',
+    ],
+};

documentation/BucketInfoModelVersion.md

@@ -80,3 +80,65 @@ this._lifecycleConfiguration = lifecycleConfiguration || null;
 ### Usage
 
 Used to store the bucket lifecycle configuration info
+
+## Model version 7
+
+### Properties Added
+
+```javascript
+this._objectLockEnabled = objectLockEnabled || false;
+this._objectLockConfiguration = objectLockConfiguration || null;
+```
+
+### Usage
+
+Used to determine whether object lock capabilities are enabled on a bucket and
+to store the object lock configuration of the bucket
+
+## Model version 8
+
+### Properties Added
+
+```javascript
+this._notificationConfiguration = notificationConfiguration || null;
+```
+
+### Usage
+
+Used to store the bucket notification configuration info
+
+## Model version 9
+
+### Properties Added
+
+```javascript
+this._serverSideEncryption.configuredMasterKeyId = configuredMasterKeyId || undefined;
+```
+
+### Usage
+
+Used to store the users configured KMS key id
+
+## Model version 10
+
+### Properties Added
+
+```javascript
+this._uid = uid || uuid();
+```
+
+### Usage
+
+Used to set a unique identifier on a bucket
+
+## Model version 11
+
+### Properties Added
+
+```javascript
+this._tags = tags || null;
+```
+
+### Usage
+
+Used to store bucket tagging

documentation/listingAlgos/delimiter.md

@@ -0,0 +1,27 @@
+# Delimiter
+
+The Delimiter class handles raw listings from the database with an
+optional delimiter, and fills in a curated listing with "Contents" and
+"CommonPrefixes" as a result.
+
+## Expected Behavior
+
+- only lists keys belonging to the given **prefix** (if provided)
+
+- groups listed keys that have a common prefix ending with a delimiter
+  inside CommonPrefixes
+
+- can take a **marker** or **continuationToken** to list from a specific key
+
+- can take a **maxKeys** parameter to limit how many keys can be returned
+
+## State Chart
+
+- States with grey background are *Idle* states, which are waiting for
+  a new listing key
+
+- States with blue background are *Processing* states, which are
+  actively processing a new listing key passed by the filter()
+  function
+
+![Delimiter State Chart](./pics/delimiterStateChart.svg)

documentation/listingAlgos/delimiterMaster.md

@@ -0,0 +1,45 @@
+# DelimiterMaster
+
+The DelimiterMaster class handles raw listings from the database of a
+versioned or non-versioned bucket with an optional delimiter, and
+fills in a curated listing with "Contents" and "CommonPrefixes" as a
+result.
+
+## Expected Behavior
+
+- only lists latest versions of versioned buckets
+
+- only lists keys belonging to the given **prefix** (if provided)
+
+- does not list latest versions that are delete markers
+
+- groups listed keys that have a common prefix ending with a delimiter
+  inside CommonPrefixes
+
+- can take a **marker** or **continuationToken** to list from a specific key
+
+- can take a **maxKeys** parameter to limit how many keys can be returned
+
+- reconciles internal PHD keys with the next version (those are
+  created when a specific version that is the latest version is
+  deleted)
+
+- skips internal keys like replay keys
+
+## State Chart
+
+- States with grey background are *Idle* states, which are waiting for
+  a new listing key
+
+- States with blue background are *Processing* states, which are
+  actively processing a new listing key passed by the filter()
+  function
+
+### Bucket Vformat=v0
+
+![DelimiterMaster State Chart for v0 format](./pics/delimiterMasterV0StateChart.svg)
+
+### Bucket Vformat=v1
+
+For buckets in versioning key format **v1**, the algorithm used is the
+one from [Delimiter](delimiter.md).

documentation/listingAlgos/pics/delimiterMasterV0StateChart.dot

@@ -0,0 +1,45 @@
+digraph {
+  node [shape="box",style="filled,rounded",fontsize=16,fixedsize=true,width=3];
+  edge [fontsize=14];
+  rankdir=TB;
+
+  START [shape="circle",width=0.2,label="",style="filled",fillcolor="black"]
+  END [shape="circle",width=0.2,label="",style="filled",fillcolor="black",peripheries=2]
+
+  node [fillcolor="lightgrey"];
+  "NotSkippingPrefixNorVersions.Idle" [label="NotSkippingPrefixNorVersions",group="NotSkippingPrefixNorVersions",width=4];
+  "SkippingPrefix.Idle" [label="SkippingPrefix",group="SkippingPrefix"];
+  "SkippingVersions.Idle" [label="SkippingVersions",group="SkippingVersions"];
+  "WaitVersionAfterPHD.Idle" [label="WaitVersionAfterPHD",group="WaitVersionAfterPHD"];
+
+  node [fillcolor="lightblue"];
+  "NotSkippingPrefixNorVersions.Processing" [label="NotSkippingPrefixNorVersions",group="NotSkippingPrefixNorVersions",width=4];
+  "SkippingPrefix.Processing" [label="SkippingPrefix",group="SkippingPrefix"];
+  "SkippingVersions.Processing" [label="SkippingVersions",group="SkippingVersions"];
+  "WaitVersionAfterPHD.Processing" [label="WaitVersionAfterPHD",group="WaitVersionAfterPHD"];
+
+  START -> "SkippingVersions.Idle" [label="[marker != undefined]"]
+  START -> "NotSkippingPrefixNorVersions.Idle" [label="[marker == undefined]"]
+
+  "NotSkippingPrefixNorVersions.Idle" -> "NotSkippingPrefixNorVersions.Processing" [label="filter(key, value)"]
+  "SkippingPrefix.Idle" -> "SkippingPrefix.Processing" [label="filter(key, value)"]
+  "SkippingVersions.Idle" -> "SkippingVersions.Processing" [label="filter(key, value)"]
+  "WaitVersionAfterPHD.Idle" -> "WaitVersionAfterPHD.Processing" [label="filter(key, value)"]
+
+
+  "NotSkippingPrefixNorVersions.Processing" -> "SkippingVersions.Idle" [label="[Version.isDeleteMarker(value)]\n-> FILTER_ACCEPT"]
+  "NotSkippingPrefixNorVersions.Processing" -> "WaitVersionAfterPHD.Idle" [label="[Version.isPHD(value)]\n-> FILTER_ACCEPT"]
+  "NotSkippingPrefixNorVersions.Processing" -> "SkippingPrefix.Idle" [label="[key.startsWith(<ReplayPrefix>)]\n/ prefix <- <ReplayPrefix>\n-> FILTER_SKIP"]
+  "NotSkippingPrefixNorVersions.Processing" -> END [label="[isListableKey(key, value) and\nKeys == maxKeys]\n-> FILTER_END"]
+  "NotSkippingPrefixNorVersions.Processing" -> "SkippingPrefix.Idle" [label="[isListableKey(key, value) and\nnKeys < maxKeys and\nhasDelimiter(key)]\n/ prefix <- prefixOf(key)\n/ CommonPrefixes.append(prefixOf(key))\n-> FILTER_ACCEPT"]
+  "NotSkippingPrefixNorVersions.Processing" -> "SkippingVersions.Idle" [label="[isListableKey(key, value) and\nnKeys < maxKeys and\nnot hasDelimiter(key)]\n/ Contents.append(key, value)\n-> FILTER_ACCEPT"]
+
+  "SkippingPrefix.Processing" -> "SkippingPrefix.Idle" [label="[key.startsWith(prefix)]\n-> FILTER_SKIP"]
+  "SkippingPrefix.Processing" -> "NotSkippingPrefixNorVersions.Processing" [label="[not key.startsWith(prefix)]"]
+
+  "SkippingVersions.Processing" -> "SkippingVersions.Idle" [label="[isVersionKey(key)]\n-> FILTER_SKIP"]
+  "SkippingVersions.Processing" -> "NotSkippingPrefixNorVersions.Processing" [label="[not isVersionKey(key)]"]
+
+  "WaitVersionAfterPHD.Processing" -> "NotSkippingPrefixNorVersions.Processing" [label="[isVersionKey(key) and master(key) == PHDkey]\n/ key <- master(key)"]
+  "WaitVersionAfterPHD.Processing" -> "NotSkippingPrefixNorVersions.Processing" [label="[not isVersionKey(key) or master(key) != PHDkey]"]
+}

documentation/listingAlgos/pics/delimiterMasterV0StateChart.svg

@@ -0,0 +1,216 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN"
+ "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+<!-- Generated by graphviz version 2.43.0 (0)
+ -->
+<!-- Title: %3 Pages: 1 -->
+<svg width="2313pt" height="460pt"
+ viewBox="0.00 0.00 2313.37 460.00" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
+<g id="graph0" class="graph" transform="scale(1 1) rotate(0) translate(4 456)">
+<title>%3</title>
+<polygon fill="white" stroke="transparent" points="-4,4 -4,-456 2309.37,-456 2309.37,4 -4,4"/>
+<!-- START -->
+<g id="node1" class="node">
+<title>START</title>
+<ellipse fill="black" stroke="black" cx="35.37" cy="-445" rx="7" ry="7"/>
+</g>
+<!-- NotSkippingPrefixNorVersions.Idle -->
+<g id="node3" class="node">
+<title>NotSkippingPrefixNorVersions.Idle</title>
+<path fill="lightgrey" stroke="black" d="M925.37,-387C925.37,-387 661.37,-387 661.37,-387 655.37,-387 649.37,-381 649.37,-375 649.37,-375 649.37,-363 649.37,-363 649.37,-357 655.37,-351 661.37,-351 661.37,-351 925.37,-351 925.37,-351 931.37,-351 937.37,-357 937.37,-363 937.37,-363 937.37,-375 937.37,-375 937.37,-381 931.37,-387 925.37,-387"/>
+<text text-anchor="middle" x="793.37" y="-365.2" font-family="Times,serif" font-size="16.00">NotSkippingPrefixNorVersions</text>
+</g>
+<!-- START&#45;&gt;NotSkippingPrefixNorVersions.Idle -->
+<g id="edge2" class="edge">
+<title>START&#45;&gt;NotSkippingPrefixNorVersions.Idle</title>
+<path fill="none" stroke="black" d="M42.39,-443.31C95.3,-438.15 434.98,-404.99 638.94,-385.08"/>
+<polygon fill="black" stroke="black" points="639.54,-388.53 649.15,-384.08 638.86,-381.57 639.54,-388.53"/>
+<text text-anchor="middle" x="497.87" y="-408.8" font-family="Times,serif" font-size="14.00">[marker == undefined]</text>
+</g>
+<!-- SkippingVersions.Idle -->
+<g id="node5" class="node">
+<title>SkippingVersions.Idle</title>
+<path fill="lightgrey" stroke="black" d="M242.37,-138C242.37,-138 50.37,-138 50.37,-138 44.37,-138 38.37,-132 38.37,-126 38.37,-126 38.37,-114 38.37,-114 38.37,-108 44.37,-102 50.37,-102 50.37,-102 242.37,-102 242.37,-102 248.37,-102 254.37,-108 254.37,-114 254.37,-114 254.37,-126 254.37,-126 254.37,-132 248.37,-138 242.37,-138"/>
+<text text-anchor="middle" x="146.37" y="-116.2" font-family="Times,serif" font-size="16.00">SkippingVersions</text>
+</g>
+<!-- START&#45;&gt;SkippingVersions.Idle -->
+<g id="edge1" class="edge">
+<title>START&#45;&gt;SkippingVersions.Idle</title>
+<path fill="none" stroke="black" d="M33.04,-438.14C20.64,-405.9 -34.57,-248.17 33.37,-156 36.76,-151.4 40.74,-147.39 45.16,-143.89"/>
+<polygon fill="black" stroke="black" points="47.27,-146.68 53.53,-138.13 43.3,-140.92 47.27,-146.68"/>
+<text text-anchor="middle" x="85.87" y="-321.8" font-family="Times,serif" font-size="14.00">[marker != undefined]</text>
+</g>
+<!-- END -->
+<g id="node2" class="node">
+<title>END</title>
+<ellipse fill="black" stroke="black" cx="727.37" cy="-120" rx="7" ry="7"/>
+<ellipse fill="none" stroke="black" cx="727.37" cy="-120" rx="11" ry="11"/>
+</g>
+<!-- NotSkippingPrefixNorVersions.Processing -->
+<g id="node7" class="node">
+<title>NotSkippingPrefixNorVersions.Processing</title>
+<path fill="lightblue" stroke="black" d="M925.37,-300C925.37,-300 661.37,-300 661.37,-300 655.37,-300 649.37,-294 649.37,-288 649.37,-288 649.37,-276 649.37,-276 649.37,-270 655.37,-264 661.37,-264 661.37,-264 925.37,-264 925.37,-264 931.37,-264 937.37,-270 937.37,-276 937.37,-276 937.37,-288 937.37,-288 937.37,-294 931.37,-300 925.37,-300"/>
+<text text-anchor="middle" x="793.37" y="-278.2" font-family="Times,serif" font-size="16.00">NotSkippingPrefixNorVersions</text>
+</g>
+<!-- NotSkippingPrefixNorVersions.Idle&#45;&gt;NotSkippingPrefixNorVersions.Processing -->
+<g id="edge3" class="edge">
+<title>NotSkippingPrefixNorVersions.Idle&#45;&gt;NotSkippingPrefixNorVersions.Processing</title>
+<path fill="none" stroke="black" d="M793.37,-350.8C793.37,-339.16 793.37,-323.55 793.37,-310.24"/>
+<polygon fill="black" stroke="black" points="796.87,-310.18 793.37,-300.18 789.87,-310.18 796.87,-310.18"/>
+<text text-anchor="middle" x="851.37" y="-321.8" font-family="Times,serif" font-size="14.00">filter(key, value)</text>
+</g>
+<!-- SkippingPrefix.Idle -->
+<g id="node4" class="node">
+<title>SkippingPrefix.Idle</title>
+<path fill="lightgrey" stroke="black" d="M1209.37,-138C1209.37,-138 1017.37,-138 1017.37,-138 1011.37,-138 1005.37,-132 1005.37,-126 1005.37,-126 1005.37,-114 1005.37,-114 1005.37,-108 1011.37,-102 1017.37,-102 1017.37,-102 1209.37,-102 1209.37,-102 1215.37,-102 1221.37,-108 1221.37,-114 1221.37,-114 1221.37,-126 1221.37,-126 1221.37,-132 1215.37,-138 1209.37,-138"/>
+<text text-anchor="middle" x="1113.37" y="-116.2" font-family="Times,serif" font-size="16.00">SkippingPrefix</text>
+</g>
+<!-- SkippingPrefix.Processing -->
+<g id="node8" class="node">
+<title>SkippingPrefix.Processing</title>
+<path fill="lightblue" stroke="black" d="M1070.37,-36C1070.37,-36 878.37,-36 878.37,-36 872.37,-36 866.37,-30 866.37,-24 866.37,-24 866.37,-12 866.37,-12 866.37,-6 872.37,0 878.37,0 878.37,0 1070.37,0 1070.37,0 1076.37,0 1082.37,-6 1082.37,-12 1082.37,-12 1082.37,-24 1082.37,-24 1082.37,-30 1076.37,-36 1070.37,-36"/>
+<text text-anchor="middle" x="974.37" y="-14.2" font-family="Times,serif" font-size="16.00">SkippingPrefix</text>
+</g>
+<!-- SkippingPrefix.Idle&#45;&gt;SkippingPrefix.Processing -->
+<g id="edge4" class="edge">
+<title>SkippingPrefix.Idle&#45;&gt;SkippingPrefix.Processing</title>
+<path fill="none" stroke="black" d="M1011.89,-101.96C994.96,-97.13 981.04,-91.17 975.37,-84 967.11,-73.56 966.25,-58.93 967.72,-46.2"/>
+<polygon fill="black" stroke="black" points="971.22,-46.52 969.4,-36.09 964.31,-45.38 971.22,-46.52"/>
+<text text-anchor="middle" x="1033.37" y="-65.3" font-family="Times,serif" font-size="14.00">filter(key, value)</text>
+</g>
+<!-- SkippingVersions.Processing -->
+<g id="node9" class="node">
+<title>SkippingVersions.Processing</title>
+<path fill="lightblue" stroke="black" d="M381.37,-36C381.37,-36 189.37,-36 189.37,-36 183.37,-36 177.37,-30 177.37,-24 177.37,-24 177.37,-12 177.37,-12 177.37,-6 183.37,0 189.37,0 189.37,0 381.37,0 381.37,0 387.37,0 393.37,-6 393.37,-12 393.37,-12 393.37,-24 393.37,-24 393.37,-30 387.37,-36 381.37,-36"/>
+<text text-anchor="middle" x="285.37" y="-14.2" font-family="Times,serif" font-size="16.00">SkippingVersions</text>
+</g>
+<!-- SkippingVersions.Idle&#45;&gt;SkippingVersions.Processing -->
+<g id="edge5" class="edge">
+<title>SkippingVersions.Idle&#45;&gt;SkippingVersions.Processing</title>
+<path fill="none" stroke="black" d="M141.4,-101.91C138.35,-87.58 136.8,-67.37 147.37,-54 151.89,-48.28 161.64,-43.34 173.99,-39.12"/>
+<polygon fill="black" stroke="black" points="175.39,-42.36 183.89,-36.04 173.3,-35.67 175.39,-42.36"/>
+<text text-anchor="middle" x="205.37" y="-65.3" font-family="Times,serif" font-size="14.00">filter(key, value)</text>
+</g>
+<!-- WaitVersionAfterPHD.Idle -->
+<g id="node6" class="node">
+<title>WaitVersionAfterPHD.Idle</title>
+<path fill="lightgrey" stroke="black" d="M1534.37,-138C1534.37,-138 1342.37,-138 1342.37,-138 1336.37,-138 1330.37,-132 1330.37,-126 1330.37,-126 1330.37,-114 1330.37,-114 1330.37,-108 1336.37,-102 1342.37,-102 1342.37,-102 1534.37,-102 1534.37,-102 1540.37,-102 1546.37,-108 1546.37,-114 1546.37,-114 1546.37,-126 1546.37,-126 1546.37,-132 1540.37,-138 1534.37,-138"/>
+<text text-anchor="middle" x="1438.37" y="-116.2" font-family="Times,serif" font-size="16.00">WaitVersionAfterPHD</text>
+</g>
+<!-- WaitVersionAfterPHD.Processing -->
+<g id="node10" class="node">
+<title>WaitVersionAfterPHD.Processing</title>
+<path fill="lightblue" stroke="black" d="M1534.37,-36C1534.37,-36 1342.37,-36 1342.37,-36 1336.37,-36 1330.37,-30 1330.37,-24 1330.37,-24 1330.37,-12 1330.37,-12 1330.37,-6 1336.37,0 1342.37,0 1342.37,0 1534.37,0 1534.37,0 1540.37,0 1546.37,-6 1546.37,-12 1546.37,-12 1546.37,-24 1546.37,-24 1546.37,-30 1540.37,-36 1534.37,-36"/>
+<text text-anchor="middle" x="1438.37" y="-14.2" font-family="Times,serif" font-size="16.00">WaitVersionAfterPHD</text>
+</g>
+<!-- WaitVersionAfterPHD.Idle&#45;&gt;WaitVersionAfterPHD.Processing -->
+<g id="edge6" class="edge">
+<title>WaitVersionAfterPHD.Idle&#45;&gt;WaitVersionAfterPHD.Processing</title>
+<path fill="none" stroke="black" d="M1438.37,-101.58C1438.37,-86.38 1438.37,-64.07 1438.37,-46.46"/>
+<polygon fill="black" stroke="black" points="1441.87,-46.22 1438.37,-36.22 1434.87,-46.22 1441.87,-46.22"/>
+<text text-anchor="middle" x="1496.37" y="-65.3" font-family="Times,serif" font-size="14.00">filter(key, value)</text>
+</g>
+<!-- NotSkippingPrefixNorVersions.Processing&#45;&gt;END -->
+<g id="edge10" class="edge">
+<title>NotSkippingPrefixNorVersions.Processing&#45;&gt;END</title>
+<path fill="none" stroke="black" d="M649.15,-273.62C611.7,-268.54 578.44,-260.07 566.37,-246 540.33,-215.64 540,-186.08 566.37,-156 586.46,-133.07 673.88,-148.86 702.37,-138 705.22,-136.91 708.06,-135.44 710.76,-133.82"/>
+<polygon fill="black" stroke="black" points="712.88,-136.61 719.13,-128.05 708.91,-130.84 712.88,-136.61"/>
+<text text-anchor="middle" x="672.87" y="-212.3" font-family="Times,serif" font-size="14.00">[isListableKey(key, value) and</text>
+<text text-anchor="middle" x="672.87" y="-197.3" font-family="Times,serif" font-size="14.00">Keys == maxKeys]</text>
+<text text-anchor="middle" x="672.87" y="-182.3" font-family="Times,serif" font-size="14.00">&#45;&gt; FILTER_END</text>
+</g>
+<!-- NotSkippingPrefixNorVersions.Processing&#45;&gt;SkippingPrefix.Idle -->
+<g id="edge9" class="edge">
+<title>NotSkippingPrefixNorVersions.Processing&#45;&gt;SkippingPrefix.Idle</title>
+<path fill="none" stroke="black" d="M937.6,-274.31C1018.89,-269.01 1106.69,-260.11 1119.37,-246 1143.16,-219.51 1134.03,-175.72 1124.38,-147.62"/>
+<polygon fill="black" stroke="black" points="1127.6,-146.22 1120.86,-138.04 1121.03,-148.64 1127.6,-146.22"/>
+<text text-anchor="middle" x="1254.37" y="-212.3" font-family="Times,serif" font-size="14.00">[key.startsWith(&lt;ReplayPrefix&gt;)]</text>
+<text text-anchor="middle" x="1254.37" y="-197.3" font-family="Times,serif" font-size="14.00">/ prefix &lt;&#45; &lt;ReplayPrefix&gt;</text>
+<text text-anchor="middle" x="1254.37" y="-182.3" font-family="Times,serif" font-size="14.00">&#45;&gt; FILTER_SKIP</text>
+</g>
+<!-- NotSkippingPrefixNorVersions.Processing&#45;&gt;SkippingPrefix.Idle -->
+<g id="edge11" class="edge">
+<title>NotSkippingPrefixNorVersions.Processing&#45;&gt;SkippingPrefix.Idle</title>
+<path fill="none" stroke="black" d="M799.18,-263.65C800.96,-258.05 802.85,-251.79 804.37,-246 814.73,-206.45 793.03,-183.41 823.37,-156 851.23,-130.83 954.1,-142.59 991.37,-138 992.65,-137.84 993.94,-137.68 995.24,-137.52"/>
+<polygon fill="black" stroke="black" points="995.81,-140.98 1005.29,-136.25 994.93,-134.03 995.81,-140.98"/>
+<text text-anchor="middle" x="969.37" y="-234.8" font-family="Times,serif" font-size="14.00">[isListableKey(key, value) and</text>
+<text text-anchor="middle" x="969.37" y="-219.8" font-family="Times,serif" font-size="14.00">nKeys &lt; maxKeys and</text>
+<text text-anchor="middle" x="969.37" y="-204.8" font-family="Times,serif" font-size="14.00">hasDelimiter(key)]</text>
+<text text-anchor="middle" x="969.37" y="-189.8" font-family="Times,serif" font-size="14.00">/ prefix &lt;&#45; prefixOf(key)</text>
+<text text-anchor="middle" x="969.37" y="-174.8" font-family="Times,serif" font-size="14.00">/ CommonPrefixes.append(prefixOf(key))</text>
+<text text-anchor="middle" x="969.37" y="-159.8" font-family="Times,serif" font-size="14.00">&#45;&gt; FILTER_ACCEPT</text>
+</g>
+<!-- NotSkippingPrefixNorVersions.Processing&#45;&gt;SkippingVersions.Idle -->
+<g id="edge7" class="edge">
+<title>NotSkippingPrefixNorVersions.Processing&#45;&gt;SkippingVersions.Idle</title>
+<path fill="none" stroke="black" d="M649.11,-279.23C439.56,-275.94 73.58,-267.19 53.37,-246 25.76,-217.06 30.6,-188.89 53.37,-156 56.56,-151.39 60.44,-147.39 64.78,-143.91"/>
+<polygon fill="black" stroke="black" points="66.8,-146.76 73.04,-138.2 62.83,-141 66.8,-146.76"/>
+<text text-anchor="middle" x="167.87" y="-204.8" font-family="Times,serif" font-size="14.00">[Version.isDeleteMarker(value)]</text>
+<text text-anchor="middle" x="167.87" y="-189.8" font-family="Times,serif" font-size="14.00">&#45;&gt; FILTER_ACCEPT</text>
+</g>
+<!-- NotSkippingPrefixNorVersions.Processing&#45;&gt;SkippingVersions.Idle -->
+<g id="edge12" class="edge">
+<title>NotSkippingPrefixNorVersions.Processing&#45;&gt;SkippingVersions.Idle</title>
+<path fill="none" stroke="black" d="M649.33,-279.1C514.97,-275.99 331.4,-267.75 305.37,-246 273.69,-219.53 311.53,-185.22 282.37,-156 276.73,-150.36 270.32,-145.59 263.42,-141.56"/>
+<polygon fill="black" stroke="black" points="264.92,-138.39 254.44,-136.84 261.67,-144.59 264.92,-138.39"/>
+<text text-anchor="middle" x="411.87" y="-227.3" font-family="Times,serif" font-size="14.00">[isListableKey(key, value) and</text>
+<text text-anchor="middle" x="411.87" y="-212.3" font-family="Times,serif" font-size="14.00">nKeys &lt; maxKeys and</text>
+<text text-anchor="middle" x="411.87" y="-197.3" font-family="Times,serif" font-size="14.00">not hasDelimiter(key)]</text>
+<text text-anchor="middle" x="411.87" y="-182.3" font-family="Times,serif" font-size="14.00">/ Contents.append(key, value)</text>
+<text text-anchor="middle" x="411.87" y="-167.3" font-family="Times,serif" font-size="14.00">&#45;&gt; FILTER_ACCEPT</text>
+</g>
+<!-- NotSkippingPrefixNorVersions.Processing&#45;&gt;WaitVersionAfterPHD.Idle -->
+<g id="edge8" class="edge">
+<title>NotSkippingPrefixNorVersions.Processing&#45;&gt;WaitVersionAfterPHD.Idle</title>
+<path fill="none" stroke="black" d="M937.38,-280.87C1099.43,-279.42 1344.59,-272.74 1378.37,-246 1411.11,-220.08 1384.48,-192.16 1405.37,-156 1407.38,-152.52 1409.8,-149.11 1412.4,-145.87"/>
+<polygon fill="black" stroke="black" points="1415.16,-148.04 1419.13,-138.21 1409.9,-143.41 1415.16,-148.04"/>
+<text text-anchor="middle" x="1486.87" y="-204.8" font-family="Times,serif" font-size="14.00">[Version.isPHD(value)]</text>
+<text text-anchor="middle" x="1486.87" y="-189.8" font-family="Times,serif" font-size="14.00">&#45;&gt; FILTER_ACCEPT</text>
+</g>
+<!-- SkippingPrefix.Processing&#45;&gt;SkippingPrefix.Idle -->
+<g id="edge13" class="edge">
+<title>SkippingPrefix.Processing&#45;&gt;SkippingPrefix.Idle</title>
+<path fill="none" stroke="black" d="M1064.61,-36.08C1074.44,-40.7 1083.66,-46.57 1091.37,-54 1101.65,-63.92 1107.13,-78.81 1110.04,-91.84"/>
+<polygon fill="black" stroke="black" points="1106.62,-92.56 1111.88,-101.76 1113.5,-91.29 1106.62,-92.56"/>
+<text text-anchor="middle" x="1190.37" y="-72.8" font-family="Times,serif" font-size="14.00">[key.startsWith(prefix)]</text>
+<text text-anchor="middle" x="1190.37" y="-57.8" font-family="Times,serif" font-size="14.00">&#45;&gt; FILTER_SKIP</text>
+</g>
+<!-- SkippingPrefix.Processing&#45;&gt;NotSkippingPrefixNorVersions.Processing -->
+<g id="edge14" class="edge">
+<title>SkippingPrefix.Processing&#45;&gt;NotSkippingPrefixNorVersions.Processing</title>
+<path fill="none" stroke="black" d="M899.82,-36.01C864.18,-48.2 824.54,-68.57 802.37,-102 771.84,-148.02 779.31,-216.26 786.77,-253.8"/>
+<polygon fill="black" stroke="black" points="783.43,-254.92 788.94,-263.97 790.28,-253.46 783.43,-254.92"/>
+<text text-anchor="middle" x="899.37" y="-116.3" font-family="Times,serif" font-size="14.00">[not key.startsWith(prefix)]</text>
+</g>
+<!-- SkippingVersions.Processing&#45;&gt;SkippingVersions.Idle -->
+<g id="edge15" class="edge">
+<title>SkippingVersions.Processing&#45;&gt;SkippingVersions.Idle</title>
+<path fill="none" stroke="black" d="M283.88,-36.24C281.71,-50.87 276.4,-71.43 263.37,-84 258.07,-89.11 252.06,-93.48 245.62,-97.21"/>
+<polygon fill="black" stroke="black" points="243.85,-94.19 236.61,-101.92 247.09,-100.39 243.85,-94.19"/>
+<text text-anchor="middle" x="349.87" y="-72.8" font-family="Times,serif" font-size="14.00">[isVersionKey(key)]</text>
+<text text-anchor="middle" x="349.87" y="-57.8" font-family="Times,serif" font-size="14.00">&#45;&gt; FILTER_SKIP</text>
+</g>
+<!-- SkippingVersions.Processing&#45;&gt;NotSkippingPrefixNorVersions.Processing -->
+<g id="edge16" class="edge">
+<title>SkippingVersions.Processing&#45;&gt;NotSkippingPrefixNorVersions.Processing</title>
+<path fill="none" stroke="black" d="M382.46,-36.08C396.72,-40.7 410.82,-46.57 423.37,-54 476.67,-85.57 487.28,-102.42 518.37,-156 539.39,-192.23 514.46,-218.85 546.37,-246 561.72,-259.06 598.56,-267.25 639.23,-272.39"/>
+<polygon fill="black" stroke="black" points="639.01,-275.89 649.36,-273.59 639.84,-268.93 639.01,-275.89"/>
+<text text-anchor="middle" x="590.37" y="-116.3" font-family="Times,serif" font-size="14.00">[not isVersionKey(key)]</text>
+</g>
+<!-- WaitVersionAfterPHD.Processing&#45;&gt;NotSkippingPrefixNorVersions.Processing -->
+<g id="edge17" class="edge">
+<title>WaitVersionAfterPHD.Processing&#45;&gt;NotSkippingPrefixNorVersions.Processing</title>
+<path fill="none" stroke="black" d="M1536.41,-36.13C1544.73,-40.79 1552.27,-46.65 1558.37,-54 1585.64,-86.89 1597.89,-215.12 1568.37,-246 1547.29,-268.05 1167.71,-276.42 947.74,-279.43"/>
+<polygon fill="black" stroke="black" points="947.67,-275.93 937.71,-279.57 947.76,-282.93 947.67,-275.93"/>
+<text text-anchor="middle" x="1758.37" y="-123.8" font-family="Times,serif" font-size="14.00">[isVersionKey(key) and master(key) == PHDkey]</text>
+<text text-anchor="middle" x="1758.37" y="-108.8" font-family="Times,serif" font-size="14.00">/ key &lt;&#45; master(key)</text>
+</g>
+<!-- WaitVersionAfterPHD.Processing&#45;&gt;NotSkippingPrefixNorVersions.Processing -->
+<g id="edge18" class="edge">
+<title>WaitVersionAfterPHD.Processing&#45;&gt;NotSkippingPrefixNorVersions.Processing</title>
+<path fill="none" stroke="black" d="M1546.51,-21.25C1677.94,-26.54 1888.29,-44.09 1937.37,-102 1947.71,-114.21 1946.85,-125.11 1937.37,-138 1841.62,-268.08 1749.48,-218.23 1590.37,-246 1471.26,-266.79 1143.92,-275.5 947.77,-278.94"/>
+<polygon fill="black" stroke="black" points="947.6,-275.44 937.66,-279.11 947.72,-282.44 947.6,-275.44"/>
+<text text-anchor="middle" x="2124.87" y="-116.3" font-family="Times,serif" font-size="14.00">[not isVersionKey(key) or master(key) != PHDkey]</text>
+</g>
+</g>
+</svg>

documentation/listingAlgos/pics/delimiterStateChart.dot

@@ -0,0 +1,35 @@
+digraph {
+  node [shape="box",style="filled,rounded",fontsize=16,fixedsize=true,width=3];
+  edge [fontsize=14];
+  rankdir=TB;
+
+  START [shape="circle",width=0.2,label="",style="filled",fillcolor="black"]
+  END [shape="circle",width=0.2,label="",style="filled",fillcolor="black",peripheries=2]
+
+  node [fillcolor="lightgrey"];
+  "NotSkipping.Idle" [label="NotSkipping",group="NotSkipping"];
+  "NeverSkipping.Idle" [label="NeverSkipping",group="NeverSkipping"];
+  "NotSkippingPrefix.Idle" [label="NotSkippingPrefix",group="NotSkippingPrefix"];
+  "SkippingPrefix.Idle" [label="SkippingPrefix",group="SkippingPrefix"];
+
+  node [fillcolor="lightblue"];
+  "NeverSkipping.Processing" [label="NeverSkipping",group="NeverSkipping"];
+  "NotSkippingPrefix.Processing" [label="NotSkippingPrefix",group="NotSkippingPrefix"];
+  "SkippingPrefix.Processing" [label="SkippingPrefix",group="SkippingPrefix"];
+
+  START -> "NotSkipping.Idle"
+  "NotSkipping.Idle" -> "NeverSkipping.Idle" [label="[delimiter == undefined]"]
+  "NotSkipping.Idle" -> "NotSkippingPrefix.Idle" [label="[delimiter == '/']"]
+
+  "NeverSkipping.Idle" -> "NeverSkipping.Processing" [label="filter(key, value)"]
+  "NotSkippingPrefix.Idle" -> "NotSkippingPrefix.Processing" [label="filter(key, value)"]
+  "SkippingPrefix.Idle" -> "SkippingPrefix.Processing" [label="filter(key, value)"]
+
+  "NeverSkipping.Processing" -> END [label="[nKeys == maxKeys]\n-> FILTER_END"]
+  "NeverSkipping.Processing" -> "NeverSkipping.Idle" [label="[nKeys < maxKeys]\n/ Contents.append(key, value)\n -> FILTER_ACCEPT"]
+  "NotSkippingPrefix.Processing" -> END [label="[nKeys == maxKeys]\n -> FILTER_END"]
+  "NotSkippingPrefix.Processing" -> "SkippingPrefix.Idle" [label="[nKeys < maxKeys and hasDelimiter(key)]\n/ prefix <- prefixOf(key)\n/ CommonPrefixes.append(prefixOf(key))\n-> FILTER_ACCEPT"]
+  "NotSkippingPrefix.Processing" -> "NotSkippingPrefix.Idle" [label="[nKeys < maxKeys and not hasDelimiter(key)]\n/ Contents.append(key, value)\n -> FILTER_ACCEPT"]
+  "SkippingPrefix.Processing" -> "SkippingPrefix.Idle" [label="[key.startsWith(prefix)]\n-> FILTER_SKIP"]
+  "SkippingPrefix.Processing" -> "NotSkippingPrefix.Processing" [label="[not key.startsWith(prefix)]"]
+}

documentation/listingAlgos/pics/delimiterStateChart.svg

@@ -0,0 +1,166 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN"
+ "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+<!-- Generated by graphviz version 2.43.0 (0)
+ -->
+<!-- Title: %3 Pages: 1 -->
+<svg width="975pt" height="533pt"
+ viewBox="0.00 0.00 975.00 533.00" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
+<g id="graph0" class="graph" transform="scale(1 1) rotate(0) translate(4 529)">
+<title>%3</title>
+<polygon fill="white" stroke="transparent" points="-4,4 -4,-529 971,-529 971,4 -4,4"/>
+<!-- START -->
+<g id="node1" class="node">
+<title>START</title>
+<ellipse fill="black" stroke="black" cx="283" cy="-518" rx="7" ry="7"/>
+</g>
+<!-- NotSkipping.Idle -->
+<g id="node3" class="node">
+<title>NotSkipping.Idle</title>
+<path fill="lightgrey" stroke="black" d="M379,-474C379,-474 187,-474 187,-474 181,-474 175,-468 175,-462 175,-462 175,-450 175,-450 175,-444 181,-438 187,-438 187,-438 379,-438 379,-438 385,-438 391,-444 391,-450 391,-450 391,-462 391,-462 391,-468 385,-474 379,-474"/>
+<text text-anchor="middle" x="283" y="-452.2" font-family="Times,serif" font-size="16.00">NotSkipping</text>
+</g>
+<!-- START&#45;&gt;NotSkipping.Idle -->
+<g id="edge1" class="edge">
+<title>START&#45;&gt;NotSkipping.Idle</title>
+<path fill="none" stroke="black" d="M283,-510.58C283,-504.23 283,-494.07 283,-484.3"/>
+<polygon fill="black" stroke="black" points="286.5,-484.05 283,-474.05 279.5,-484.05 286.5,-484.05"/>
+</g>
+<!-- END -->
+<g id="node2" class="node">
+<title>END</title>
+<ellipse fill="black" stroke="black" cx="196" cy="-120" rx="7" ry="7"/>
+<ellipse fill="none" stroke="black" cx="196" cy="-120" rx="11" ry="11"/>
+</g>
+<!-- NeverSkipping.Idle -->
+<g id="node4" class="node">
+<title>NeverSkipping.Idle</title>
+<path fill="lightgrey" stroke="black" d="M262,-387C262,-387 70,-387 70,-387 64,-387 58,-381 58,-375 58,-375 58,-363 58,-363 58,-357 64,-351 70,-351 70,-351 262,-351 262,-351 268,-351 274,-357 274,-363 274,-363 274,-375 274,-375 274,-381 268,-387 262,-387"/>
+<text text-anchor="middle" x="166" y="-365.2" font-family="Times,serif" font-size="16.00">NeverSkipping</text>
+</g>
+<!-- NotSkipping.Idle&#45;&gt;NeverSkipping.Idle -->
+<g id="edge2" class="edge">
+<title>NotSkipping.Idle&#45;&gt;NeverSkipping.Idle</title>
+<path fill="none" stroke="black" d="M216.5,-437.82C206.51,-433.18 196.91,-427.34 189,-420 182.25,-413.74 177.33,-405.11 173.81,-396.79"/>
+<polygon fill="black" stroke="black" points="177.05,-395.47 170.3,-387.31 170.49,-397.9 177.05,-395.47"/>
+<text text-anchor="middle" x="279.5" y="-408.8" font-family="Times,serif" font-size="14.00">[delimiter == undefined]</text>
+</g>
+<!-- NotSkippingPrefix.Idle -->
+<g id="node5" class="node">
+<title>NotSkippingPrefix.Idle</title>
+<path fill="lightgrey" stroke="black" d="M496,-387C496,-387 304,-387 304,-387 298,-387 292,-381 292,-375 292,-375 292,-363 292,-363 292,-357 298,-351 304,-351 304,-351 496,-351 496,-351 502,-351 508,-357 508,-363 508,-363 508,-375 508,-375 508,-381 502,-387 496,-387"/>
+<text text-anchor="middle" x="400" y="-365.2" font-family="Times,serif" font-size="16.00">NotSkippingPrefix</text>
+</g>
+<!-- NotSkipping.Idle&#45;&gt;NotSkippingPrefix.Idle -->
+<g id="edge3" class="edge">
+<title>NotSkipping.Idle&#45;&gt;NotSkippingPrefix.Idle</title>
+<path fill="none" stroke="black" d="M340.77,-437.93C351.2,-433.2 361.45,-427.29 370,-420 377.58,-413.53 383.76,-404.65 388.51,-396.16"/>
+<polygon fill="black" stroke="black" points="391.63,-397.74 393.08,-387.24 385.4,-394.54 391.63,-397.74"/>
+<text text-anchor="middle" x="442.5" y="-408.8" font-family="Times,serif" font-size="14.00">[delimiter == &#39;/&#39;]</text>
+</g>
+<!-- NeverSkipping.Processing -->
+<g id="node7" class="node">
+<title>NeverSkipping.Processing</title>
+<path fill="lightblue" stroke="black" d="M204,-270C204,-270 12,-270 12,-270 6,-270 0,-264 0,-258 0,-258 0,-246 0,-246 0,-240 6,-234 12,-234 12,-234 204,-234 204,-234 210,-234 216,-240 216,-246 216,-246 216,-258 216,-258 216,-264 210,-270 204,-270"/>
+<text text-anchor="middle" x="108" y="-248.2" font-family="Times,serif" font-size="16.00">NeverSkipping</text>
+</g>
+<!-- NeverSkipping.Idle&#45;&gt;NeverSkipping.Processing -->
+<g id="edge4" class="edge">
+<title>NeverSkipping.Idle&#45;&gt;NeverSkipping.Processing</title>
+<path fill="none" stroke="black" d="M64.1,-350.93C47.33,-346.11 33.58,-340.17 28,-333 15.72,-317.21 17.05,-304.74 28,-288 30.93,-283.52 34.58,-279.6 38.69,-276.19"/>
+<polygon fill="black" stroke="black" points="40.97,-278.86 47.1,-270.22 36.92,-273.16 40.97,-278.86"/>
+<text text-anchor="middle" x="86" y="-306.8" font-family="Times,serif" font-size="14.00">filter(key, value)</text>
+</g>
+<!-- NotSkippingPrefix.Processing -->
+<g id="node8" class="node">
+<title>NotSkippingPrefix.Processing</title>
+<path fill="lightblue" stroke="black" d="M554,-270C554,-270 362,-270 362,-270 356,-270 350,-264 350,-258 350,-258 350,-246 350,-246 350,-240 356,-234 362,-234 362,-234 554,-234 554,-234 560,-234 566,-240 566,-246 566,-246 566,-258 566,-258 566,-264 560,-270 554,-270"/>
+<text text-anchor="middle" x="458" y="-248.2" font-family="Times,serif" font-size="16.00">NotSkippingPrefix</text>
+</g>
+<!-- NotSkippingPrefix.Idle&#45;&gt;NotSkippingPrefix.Processing -->
+<g id="edge5" class="edge">
+<title>NotSkippingPrefix.Idle&#45;&gt;NotSkippingPrefix.Processing</title>
+<path fill="none" stroke="black" d="M395.69,-350.84C392.38,-333.75 390.03,-307.33 401,-288 403.42,-283.74 406.58,-279.94 410.19,-276.55"/>
+<polygon fill="black" stroke="black" points="412.5,-279.18 418.1,-270.18 408.11,-273.73 412.5,-279.18"/>
+<text text-anchor="middle" x="459" y="-306.8" font-family="Times,serif" font-size="14.00">filter(key, value)</text>
+</g>
+<!-- SkippingPrefix.Idle -->
+<g id="node6" class="node">
+<title>SkippingPrefix.Idle</title>
+<path fill="lightgrey" stroke="black" d="M554,-138C554,-138 362,-138 362,-138 356,-138 350,-132 350,-126 350,-126 350,-114 350,-114 350,-108 356,-102 362,-102 362,-102 554,-102 554,-102 560,-102 566,-108 566,-114 566,-114 566,-126 566,-126 566,-132 560,-138 554,-138"/>
+<text text-anchor="middle" x="458" y="-116.2" font-family="Times,serif" font-size="16.00">SkippingPrefix</text>
+</g>
+<!-- SkippingPrefix.Processing -->
+<g id="node9" class="node">
+<title>SkippingPrefix.Processing</title>
+<path fill="lightblue" stroke="black" d="M691,-36C691,-36 499,-36 499,-36 493,-36 487,-30 487,-24 487,-24 487,-12 487,-12 487,-6 493,0 499,0 499,0 691,0 691,0 697,0 703,-6 703,-12 703,-12 703,-24 703,-24 703,-30 697,-36 691,-36"/>
+<text text-anchor="middle" x="595" y="-14.2" font-family="Times,serif" font-size="16.00">SkippingPrefix</text>
+</g>
+<!-- SkippingPrefix.Idle&#45;&gt;SkippingPrefix.Processing -->
+<g id="edge6" class="edge">
+<title>SkippingPrefix.Idle&#45;&gt;SkippingPrefix.Processing</title>
+<path fill="none" stroke="black" d="M452.35,-101.95C448.76,-87.65 446.54,-67.45 457,-54 461.44,-48.29 471.08,-43.36 483.3,-39.15"/>
+<polygon fill="black" stroke="black" points="484.61,-42.41 493.1,-36.07 482.51,-35.73 484.61,-42.41"/>
+<text text-anchor="middle" x="515" y="-65.3" font-family="Times,serif" font-size="14.00">filter(key, value)</text>
+</g>
+<!-- NeverSkipping.Processing&#45;&gt;END -->
+<g id="edge7" class="edge">
+<title>NeverSkipping.Processing&#45;&gt;END</title>
+<path fill="none" stroke="black" d="M102.91,-233.88C97.93,-213.45 93.18,-179.15 109,-156 123.79,-134.35 154.41,-126.09 175.08,-122.94"/>
+<polygon fill="black" stroke="black" points="175.62,-126.4 185.11,-121.69 174.76,-119.45 175.62,-126.4"/>
+<text text-anchor="middle" x="185" y="-189.8" font-family="Times,serif" font-size="14.00">[nKeys == maxKeys]</text>
+<text text-anchor="middle" x="185" y="-174.8" font-family="Times,serif" font-size="14.00">&#45;&gt; FILTER_END</text>
+</g>
+<!-- NeverSkipping.Processing&#45;&gt;NeverSkipping.Idle -->
+<g id="edge8" class="edge">
+<title>NeverSkipping.Processing&#45;&gt;NeverSkipping.Idle</title>
+<path fill="none" stroke="black" d="M129.49,-270.27C134.87,-275.48 140.18,-281.55 144,-288 153.56,-304.17 159.09,-324.63 162.21,-340.81"/>
+<polygon fill="black" stroke="black" points="158.78,-341.49 163.94,-350.74 165.68,-340.29 158.78,-341.49"/>
+<text text-anchor="middle" x="265.5" y="-321.8" font-family="Times,serif" font-size="14.00">[nKeys &lt; maxKeys]</text>
+<text text-anchor="middle" x="265.5" y="-306.8" font-family="Times,serif" font-size="14.00">/ Contents.append(key, value)</text>
+<text text-anchor="middle" x="265.5" y="-291.8" font-family="Times,serif" font-size="14.00"> &#45;&gt; FILTER_ACCEPT</text>
+</g>
+<!-- NotSkippingPrefix.Processing&#45;&gt;END -->
+<g id="edge9" class="edge">
+<title>NotSkippingPrefix.Processing&#45;&gt;END</title>
+<path fill="none" stroke="black" d="M349.96,-237.93C333,-232.81 316.36,-225.74 302,-216 275.27,-197.87 285.01,-177.6 261,-156 247.64,-143.98 229.41,-134.62 215.65,-128.62"/>
+<polygon fill="black" stroke="black" points="216.74,-125.28 206.16,-124.7 214.07,-131.75 216.74,-125.28"/>
+<text text-anchor="middle" x="378" y="-189.8" font-family="Times,serif" font-size="14.00">[nKeys == maxKeys]</text>
+<text text-anchor="middle" x="378" y="-174.8" font-family="Times,serif" font-size="14.00"> &#45;&gt; FILTER_END</text>
+</g>
+<!-- NotSkippingPrefix.Processing&#45;&gt;NotSkippingPrefix.Idle -->
+<g id="edge11" class="edge">
+<title>NotSkippingPrefix.Processing&#45;&gt;NotSkippingPrefix.Idle</title>
+<path fill="none" stroke="black" d="M499.64,-270.11C506.59,-274.86 512.87,-280.76 517,-288 526.9,-305.38 528.94,-316.96 517,-333 513.56,-337.62 509.53,-341.66 505.07,-345.18"/>
+<polygon fill="black" stroke="black" points="502.89,-342.43 496.63,-350.98 506.85,-348.2 502.89,-342.43"/>
+<text text-anchor="middle" x="690.5" y="-321.8" font-family="Times,serif" font-size="14.00">[nKeys &lt; maxKeys and not hasDelimiter(key)]</text>
+<text text-anchor="middle" x="690.5" y="-306.8" font-family="Times,serif" font-size="14.00">/ Contents.append(key, value)</text>
+<text text-anchor="middle" x="690.5" y="-291.8" font-family="Times,serif" font-size="14.00"> &#45;&gt; FILTER_ACCEPT</text>
+</g>
+<!-- NotSkippingPrefix.Processing&#45;&gt;SkippingPrefix.Idle -->
+<g id="edge10" class="edge">
+<title>NotSkippingPrefix.Processing&#45;&gt;SkippingPrefix.Idle</title>
+<path fill="none" stroke="black" d="M458,-233.74C458,-211.98 458,-174.32 458,-148.56"/>
+<polygon fill="black" stroke="black" points="461.5,-148.33 458,-138.33 454.5,-148.33 461.5,-148.33"/>
+<text text-anchor="middle" x="609.5" y="-204.8" font-family="Times,serif" font-size="14.00">[nKeys &lt; maxKeys and hasDelimiter(key)]</text>
+<text text-anchor="middle" x="609.5" y="-189.8" font-family="Times,serif" font-size="14.00">/ prefix &lt;&#45; prefixOf(key)</text>
+<text text-anchor="middle" x="609.5" y="-174.8" font-family="Times,serif" font-size="14.00">/ CommonPrefixes.append(prefixOf(key))</text>
+<text text-anchor="middle" x="609.5" y="-159.8" font-family="Times,serif" font-size="14.00">&#45;&gt; FILTER_ACCEPT</text>
+</g>
+<!-- SkippingPrefix.Processing&#45;&gt;SkippingPrefix.Idle -->
+<g id="edge12" class="edge">
+<title>SkippingPrefix.Processing&#45;&gt;SkippingPrefix.Idle</title>
+<path fill="none" stroke="black" d="M593.49,-36.23C591.32,-50.84 586,-71.39 573,-84 567.75,-89.09 561.77,-93.45 555.38,-97.17"/>
+<polygon fill="black" stroke="black" points="553.66,-94.12 546.43,-101.87 556.91,-100.32 553.66,-94.12"/>
+<text text-anchor="middle" x="672" y="-72.8" font-family="Times,serif" font-size="14.00">[key.startsWith(prefix)]</text>
+<text text-anchor="middle" x="672" y="-57.8" font-family="Times,serif" font-size="14.00">&#45;&gt; FILTER_SKIP</text>
+</g>
+<!-- SkippingPrefix.Processing&#45;&gt;NotSkippingPrefix.Processing -->
+<g id="edge13" class="edge">
+<title>SkippingPrefix.Processing&#45;&gt;NotSkippingPrefix.Processing</title>
+<path fill="none" stroke="black" d="M703.16,-31.64C728.6,-36.87 750.75,-44.11 759,-54 778.46,-77.34 776.26,-200.01 762,-216 749.37,-230.17 656.13,-239.42 576.2,-244.84"/>
+<polygon fill="black" stroke="black" points="575.77,-241.36 566.03,-245.51 576.24,-248.34 575.77,-241.36"/>
+<text text-anchor="middle" x="870" y="-116.3" font-family="Times,serif" font-size="14.00">[not key.startsWith(prefix)]</text>
+</g>
+</g>
+</svg>

errors/arsenalErrors.json

@@ -1,732 +0,0 @@
-{
-  "_comment": "------------------- Amazon errors ------------------",
-  "AccessDenied": {
-    "code": 403,
-    "description": "Access Denied"
-  },
-  "AccessForbidden": {
-    "code": 403,
-    "description": "Access Forbidden"
-  },
-  "AccountProblem": {
-    "code": 403,
-    "description": "There is a problem with your AWS account that prevents the operation from completing successfully. Please use Contact Us."
-  },
-  "AmbiguousGrantByEmailAddress": {
-    "code": 400,
-    "description": "The email address you provided is associated with more than one account."
-  },
-  "BadDigest": {
-    "code": 400,
-    "description": "The Content-MD5 you specified did not match what we received."
-  },
-  "BucketAlreadyExists": {
-    "code": 409,
-    "description": "The requested bucket name is not available. The bucket namespace is shared by all users of the system. Please select a different name and try again."
-  },
-  "BucketAlreadyOwnedByYou": {
-    "code": 409,
-    "description": "Your previous request to create the named bucket succeeded and you already own it. You get this error in all AWS regions except US Standard, us-east-1. In us-east-1 region, you will get 200 OK, but it is no-op (if bucket exists S3 will not do anything)."
-  },
-  "BucketNotEmpty": {
-    "code": 409,
-    "description": "The bucket you tried to delete is not empty."
-  },
-  "CredentialsNotSupported": {
-    "code": 400,
-    "description": "This request does not support credentials."
-  },
-  "CrossLocationLoggingProhibited": {
-    "code": 403,
-    "description": "Cross-location logging not allowed. Buckets in one geographic location cannot log information to a bucket in another location."
-  },
-  "DeleteConflict": {
-    "code": 409,
-    "description": "The request was rejected because it attempted to delete a resource that has attached subordinate entities. The error message describes these entities."
-  },
-  "EntityTooSmall": {
-    "code": 400,
-    "description": "Your proposed upload is smaller than the minimum allowed object size."
-  },
-  "EntityTooLarge": {
-    "code": 400,
-    "description": "Your proposed upload exceeds the maximum allowed object size."
-  },
-  "ExpiredToken": {
-    "code": 400,
-    "description": "The provided token has expired."
-  },
-  "HttpHeadersTooLarge": {
-    "code": 400,
-    "description": "Your http headers exceed the maximum allowed http headers size."
-  },
-  "IllegalVersioningConfigurationException": {
-    "code": 400,
-    "description": "Indicates that the versioning configuration specified in the request is invalid."
-  },
-  "IncompleteBody": {
-    "code": 400,
-    "description": "You did not provide the number of bytes specified by the Content-Length HTTP header."
-  },
-  "IncorrectNumberOfFilesInPostRequest": {
-    "code": 400,
-    "description": "POST requires exactly one file upload per request."
-  },
-  "InlineDataTooLarge": {
-    "code": 400,
-    "description": "Inline data exceeds the maximum allowed size."
-  },
-  "InternalError": {
-    "code": 500,
-    "description": "We encountered an internal error. Please try again."
-  },
-  "InvalidAccessKeyId": {
-    "code": 403,
-    "description": "The AWS access key Id you provided does not exist in our records."
-  },
-  "InvalidAddressingHeader": {
-    "code": 400,
-    "description": "You must specify the Anonymous role."
-  },
-  "InvalidArgument": {
-    "code": 400,
-    "description": "Invalid Argument"
-  },
-  "InvalidBucketName": {
-    "code": 400,
-    "description": "The specified bucket is not valid."
-  },
-  "InvalidBucketState": {
-    "code": 409,
-    "description": "The request is not valid with the current state of the bucket."
-  },
-  "InvalidDigest": {
-    "code": 400,
-    "description": "The Content-MD5 you specified is not valid."
-  },
-  "InvalidEncryptionAlgorithmError": {
-    "code": 400,
-    "description": "The encryption request you specified is not valid. The valid value is AES256."
-  },
-  "InvalidLocationConstraint": {
-    "code": 400,
-    "description": "The specified location constraint is not valid."
-  },
-  "InvalidObjectState": {
-    "code": 403,
-    "description": "The operation is not valid for the current state of the object."
-  },
-  "InvalidPart": {
-    "code": 400,
-    "description": "One or more of the specified parts could not be found. The part might not have been uploaded, or the specified entity tag might not have matched the part's entity tag."
-  },
-  "InvalidPartOrder": {
-    "code": 400,
-    "description": "The list of parts was not in ascending order.Parts list must specified in order by part number."
-  },
-  "InvalidPartNumber": {
-    "code": 416,
-    "description": "The requested partnumber is not satisfiable."
-  },
-  "InvalidPayer": {
-    "code": 403,
-    "description": "All access to this object has been disabled."
-  },
-  "InvalidPolicyDocument": {
-    "code": 400,
-    "description": "The content of the form does not meet the conditions specified in the policy document."
-  },
-  "InvalidRange": {
-    "code": 416,
-    "description": "The requested range cannot be satisfied."
-  },
-  "InvalidRedirectLocation": {
-    "code": 400,
-    "description": "The website redirect location must have a prefix of 'http://' or 'https://' or '/'."
-  },
-  "InvalidRequest": {
-    "code": 400,
-    "description": "SOAP requests must be made over an HTTPS connection."
-  },
-  "InvalidSecurity": {
-    "code": 403,
-    "description": "The provided security credentials are not valid."
-  },
-  "InvalidSOAPRequest": {
-    "code": 400,
-    "description": "The SOAP request body is invalid."
-  },
-  "InvalidStorageClass": {
-    "code": 400,
-    "description": "The storage class you specified is not valid."
-  },
-  "InvalidTag": {
-    "code": 400,
-    "description": "The Tag you have provided is invalid"
-  },
-  "InvalidTargetBucketForLogging": {
-    "code": 400,
-    "description": "The target bucket for logging does not exist, is not owned by you, or does not have the appropriate grants for the log-delivery group."
-  },
-  "InvalidToken": {
-    "code": 400,
-    "description": "The provided token is malformed or otherwise invalid."
-  },
-  "InvalidURI": {
-    "code": 400,
-    "description": "Couldn't parse the specified URI."
-  },
-  "KeyTooLong": {
-    "code": 400,
-    "description": "Your key is too long."
-  },
-  "LimitExceeded": {
-    "code": 409,
-    "description": "    The request was rejected because it attempted to create resources beyond the current AWS account limits. The error message describes the limit exceeded."
-  },
-  "MalformedACLError": {
-    "code": 400,
-    "description": "The XML you provided was not well-formed or did not validate against our published schema."
-  },
-  "MalformedPOSTRequest": {
-    "code": 400,
-    "description": "The body of your POST request is not well-formed multipart/form-data."
-  },
-  "MalformedXML": {
-    "code": 400,
-    "description": "The XML you provided was not well-formed or did not validate against our published schema."
-  },
-  "MaxMessageLengthExceeded": {
-    "code": 400,
-    "description": "Your request was too big."
-  },
-  "MaxPostPreDataLengthExceededError": {
-    "code": 400,
-    "description": "Your POST request fields preceding the upload file were too large."
-  },
-  "MetadataTooLarge": {
-    "code": 400,
-    "description": "Your metadata headers exceed the maximum allowed metadata size."
-  },
-  "MethodNotAllowed": {
-    "code": 405,
-    "description": "The specified method is not allowed against this resource."
-  },
-  "MissingAttachment": {
-    "code": 400,
-    "description": "A SOAP attachment was expected, but none were found."
-  },
-  "MissingContentLength": {
-    "code": 411,
-    "description": "You must provide the Content-Length HTTP header."
-  },
-  "MissingRequestBodyError": {
-    "code": 400,
-    "description": "Request body is empty"
-  },
-  "MissingRequiredParameter": {
-    "code": 400,
-    "description": "Your request is missing a required parameter."
-  },
-  "MissingSecurityElement": {
-    "code": 400,
-    "description": "The SOAP 1.1 request is missing a security element."
-  },
-  "MissingSecurityHeader": {
-    "code": 400,
-    "description": "Your request is missing a required header."
-  },
-  "NoLoggingStatusForKey": {
-    "code": 400,
-    "description": "There is no such thing as a logging status subresource for a key."
-  },
-  "NoSuchBucket": {
-    "code": 404,
-    "description": "The specified bucket does not exist."
-  },
-  "NoSuchCORSConfiguration": {
-    "code": 404,
-    "description": "The CORS configuration does not exist"
-  },
-  "NoSuchKey": {
-    "code": 404,
-    "description": "The specified key does not exist."
-  },
-  "NoSuchLifecycleConfiguration": {
-    "code": 404,
-    "description": "The lifecycle configuration does not exist."
-  },
-  "NoSuchWebsiteConfiguration": {
-    "code": 404,
-    "description": "The specified bucket does not have a website configuration"
-  },
-  "NoSuchUpload": {
-    "code": 404,
-    "description": "The specified multipart upload does not exist. The upload ID might be invalid, or the multipart upload might have been aborted or completed."
-  },
-  "NoSuchVersion": {
-    "code": 404,
-    "description": "Indicates that the version ID specified in the request does not match an existing version."
-  },
-  "ReplicationConfigurationNotFoundError": {
-    "code": 404,
-    "description": "The replication configuration was not found"
-  },
-  "NotImplemented": {
-    "code": 501,
-    "description": "A header you provided implies functionality that is not implemented."
-  },
-  "NotModified": {
-    "code": 304,
-    "description": "Not Modified."
-  },
-  "NotSignedUp": {
-    "code": 403,
-    "description": "Your account is not signed up for the S3 service. You must sign up before you can use S3. "
-  },
-  "NoSuchBucketPolicy": {
-    "code": 404,
-    "description": "The specified bucket does not have a bucket policy."
-  },
-  "OperationAborted": {
-    "code": 409,
-    "description": "A conflicting conditional operation is currently in progress against this resource. Try again."
-  },
-  "PermanentRedirect": {
-    "code": 301,
-    "description": "The bucket you are attempting to access must be addressed using the specified endpoint. Send all future requests to this endpoint."
-  },
-  "PreconditionFailed": {
-    "code": 412,
-    "description": "At least one of the preconditions you specified did not hold."
-  },
-  "Redirect": {
-    "code": 307,
-    "description": "Temporary redirect."
-  },
-  "RestoreAlreadyInProgress": {
-    "code": 409,
-    "description": "Object restore is already in progress."
-  },
-  "RequestIsNotMultiPartContent": {
-    "code": 400,
-    "description": "Bucket POST must be of the enclosure-type multipart/form-data."
-  },
-  "RequestTimeout": {
-    "code": 400,
-    "description": "Your socket connection to the server was not read from or written to within the timeout period."
-  },
-  "RequestTimeTooSkewed": {
-    "code": 403,
-    "description": "The difference between the request time and the server's time is too large."
-  },
-  "RequestTorrentOfBucketError": {
-    "code": 400,
-    "description": "Requesting the torrent file of a bucket is not permitted."
-  },
-  "SignatureDoesNotMatch": {
-    "code": 403,
-    "description": "The request signature we calculated does not match the signature you provided."
-  },
-  "_comment" : {
-    "note" : "This is an AWS S3 specific error. We are opting to use the more general 'ServiceUnavailable' error used throughout AWS (IAM/EC2) to have uniformity of error messages even though we are potentially compromising S3 compatibility.",
-    "ServiceUnavailable": {
-      "code": 503,
-      "description": "Reduce your request rate."
-    }
-  },
-  "ServiceUnavailable": {
-    "code": 503,
-    "description": "The request has failed due to a temporary failure of the server."
-  },
-  "SlowDown": {
-    "code": 503,
-    "description": "Reduce your request rate."
-  },
-  "TemporaryRedirect": {
-    "code": 307,
-    "description": "You are being redirected to the bucket while DNS updates."
-  },
-  "TokenRefreshRequired": {
-    "code": 400,
-    "description": "The provided token must be refreshed."
-  },
-  "TooManyBuckets": {
-    "code": 400,
-    "description": "You have attempted to create more buckets than allowed."
-  },
-  "TooManyParts": {
-    "code": 400,
-    "description": "You have attempted to upload more parts than allowed."
-  },
-  "UnexpectedContent": {
-    "code": 400,
-    "description": "This request does not support content."
-  },
-  "UnresolvableGrantByEmailAddress": {
-    "code": 400,
-    "description": "The email address you provided does not match any account on record."
-  },
-  "UserKeyMustBeSpecified": {
-    "code": 400,
-    "description": "The bucket POST must contain the specified field name. If it is specified, check the order of the fields."
-  },
-  "NoSuchEntity": {
-    "code": 404,
-    "description": "The request was rejected because it referenced an entity that does not exist. The error message describes the entity."
-  },
-  "WrongFormat": {
-    "code": 400,
-    "description": "Data entered by the user has a wrong format."
-  },
-  "Forbidden": {
-    "code": 403,
-    "description": "Authentication failed."
-  },
-  "EntityDoesNotExist": {
-    "code": 404,
-    "description": "Not found."
-  },
-  "EntityAlreadyExists": {
-    "code": 409,
-    "description": "The request was rejected because it attempted to create a resource that already exists."
-  },
-  "ServiceFailure": {
-    "code": 500,
-    "description": "Server error: the request processing has failed because of an unknown error, exception or failure."
-  },
-  "IncompleteSignature": {
-    "code": 400,
-    "description": "The request signature does not conform to AWS standards."
-  },
-  "InternalFailure": {
-    "code": 500,
-    "description": "The request processing has failed because of an unknown error, exception or failure."
-  },
-  "InvalidAction": {
-    "code": 400,
-    "description": "The action or operation requested is invalid. Verify that the action is typed correctly."
-  },
-  "InvalidClientTokenId": {
-    "code": 403,
-    "description": "The X.509 certificate or AWS access key ID provided does not exist in our records."
-  },
-  "InvalidParameterCombination": {
-    "code": 400,
-    "description": "Parameters that must not be used together were used together."
-  },
-  "InvalidParameterValue": {
-    "code": 400,
-    "description": "An invalid or out-of-range value was supplied for the input parameter."
-  },
-  "InvalidQueryParameter": {
-    "code": 400,
-    "description": "The AWS query string is malformed or does not adhere to AWS standards."
-  },
-  "MalformedQueryString": {
-    "code": 404,
-    "description": "The query string contains a syntax error."
-  },
-  "MissingAction": {
-    "code": 400,
-    "description": "The request is missing an action or a required parameter."
-  },
-  "MissingAuthenticationToken": {
-    "code": 403,
-    "description": "The request must contain either a valid (registered) AWS access key ID or X.509 certificate."
-  },
-  "MissingParameter": {
-    "code": 400,
-    "description": "A required parameter for the specified action is not supplied."
-  },
-  "OptInRequired": {
-    "code": 403,
-    "description": "The AWS access key ID needs a subscription for the service."
-  },
-  "RequestExpired": {
-    "code": 400,
-    "description": "The request reached the service more than 15 minutes after the date stamp on the request or more than 15 minutes after the request expiration date (such as for pre-signed URLs), or the date stamp on the request is more than 15 minutes in the future."
-  },
-  "Throttling": {
-    "code": 400,
-    "description": "The request was denied due to request throttling."
-  },
-  "AccountNotFound": {
-    "code": 404,
-    "description": "No account was found in Vault, please contact your system administrator."
-  },
-  "ValidationError": {
-    "code": 400,
-    "description": "The specified value is invalid."
-  },
-  "MalformedPolicyDocument": {
-     "code": 400,
-     "description": "Syntax errors in policy."
-  },
-  "InvalidInput": {
-     "code": 400,
-     "description": "The request was rejected because an invalid or out-of-range value was supplied for an input parameter."
-  },
-  "_comment": "-------------- Special non-AWS S3 errors --------------",
-  "MPUinProgress": {
-    "code": 409,
-    "description": "The bucket you tried to delete has an ongoing multipart upload."
-  },
-  "_comment": "-------------- Internal project errors --------------",
-  "_comment": "----------------------- Vault -----------------------",
-  "_comment": "#### formatErrors ####",
-  "BadName": {
-    "description": "name not ok",
-    "code": 5001
-  },
-  "BadAccount": {
-    "description": "account not ok",
-    "code": 5002
-  },
-  "BadGroup": {
-    "description": "group not ok",
-    "code": 5003
-  },
-  "BadId": {
-    "description": "id not ok",
-    "code": 5004
-  },
-  "BadAccountName": {
-    "description": "accountName not ok",
-    "code": 5005
-  },
-  "BadNameFriendly": {
-    "description": "nameFriendly not ok",
-    "code": 5006
-  },
-  "BadEmailAddress": {
-    "description": "email address not ok",
-    "code": 5007
-  },
-  "BadPath": {
-    "description": "path not ok",
-    "code": 5008
-  },
-  "BadArn": {
-    "description": "arn not ok",
-    "code": 5009
-  },
-  "BadCreateDate": {
-    "description": "createDate not ok",
-    "code": 5010
-  },
-  "BadLastUsedDate": {
-    "description": "lastUsedDate not ok",
-    "code": 5011
-  },
-  "BadNotBefore": {
-    "description": "notBefore not ok",
-    "code": 5012
-  },
-  "BadNotAfter": {
-    "description": "notAfter not ok",
-    "code": 5013
-  },
-  "BadSaltedPwd": {
-    "description": "salted password not ok",
-    "code": 5014
-  },
-  "ok": {
-    "description": "No error",
-    "code": 200
-  },
-  "BadUser": {
-    "description": "user not ok",
-    "code": 5016
-  },
-  "BadSaltedPasswd": {
-    "description": "salted password not ok",
-    "code": 5017
-  },
-  "BadPasswdDate": {
-    "description": "password date not ok",
-    "code": 5018
-  },
-  "BadCanonicalId": {
-    "description": "canonicalId not ok",
-    "code": 5019
-  },
-  "BadAlias": {
-    "description": "alias not ok",
-    "code": 5020
-  },
-  "_comment": "#### internalErrors ####",
-  "DBPutFailed": {
-    "description": "DB put failed",
-    "code": 5021
-  },
-  "_comment": "#### alreadyExistErrors ####",
-  "AccountEmailAlreadyUsed": {
-    "description": "an other account already uses that email",
-    "code": 5022
-  },
-  "AccountNameAlreadyUsed": {
-    "description": "an other account already uses that name",
-    "code": 5023
-  },
-  "UserEmailAlreadyUsed": {
-    "description": "an other user already uses that email",
-    "code": 5024
-  },
-  "UserNameAlreadyUsed": {
-    "description": "an other user already uses that name",
-    "code": 5025
-  },
-  "_comment": "#### doesntExistErrors ####",
-  "NoParentAccount": {
-    "description": "parent account does not exist",
-    "code": 5026
-  },
-  "_comment": "#### authErrors ####",
-  "BadStringToSign": {
-    "description": "stringToSign not ok'",
-    "code": 5027
-  },
-  "BadSignatureFromRequest": {
-    "description": "signatureFromRequest not ok",
-    "code": 5028
-  },
-  "BadAlgorithm": {
-    "description": "hashAlgorithm not ok",
-    "code": 5029
-  },
-  "SecretKeyDoesNotExist": {
-    "description": "secret key does not exist",
-    "code": 5030
-  },
-  "InvalidRegion": {
-    "description": "Region was not provided or is not recognized by the system",
-    "code": 5031
-  },
-  "ScopeDate": {
-    "description": "scope date is missing, or format is invalid",
-    "code": 5032
-  },
-  "BadAccessKey": {
-    "description": "access key not ok",
-    "code": 5033
-  },
-  "NoDict": {
-    "description": "no dictionary of params provided for signature verification",
-    "code": 5034
-  },
-  "BadSecretKey": {
-    "description": "secretKey not ok",
-    "code": 5035
-  },
-  "BadSecretKeyValue": {
-    "description": "secretKey value not ok",
-    "code": 5036
-  },
-  "BadSecretKeyStatus": {
-    "description": "secretKey status not ok",
-    "code": 5037
-  },
-  "_comment": "#### OidcpErrors ####",
-  "BadUrl": {
-    "description": "url not ok",
-    "code": 5038
-  },
-  "BadClientIdList": {
-    "description": "client id list not ok'",
-    "code": 5039
-  },
-  "BadThumbprintList": {
-    "description": "thumbprint list not ok'",
-    "code": 5040
-  },
-  "BadObject": {
-    "description": "Object not ok'",
-    "code": 5041
-  },
-  "_comment": "#### RoleErrors ####",
-  "BadRole": {
-    "description": "role not ok",
-    "code": 5042
-  },
-  "_comment": "#### SamlpErrors ####",
-  "BadSamlp": {
-    "description": "samlp not ok",
-    "code": 5043
-  },
-  "BadMetadataDocument": {
-    "description": "metadata document not ok",
-    "code": 5044
-  },
-  "BadSessionIndex": {
-    "description": "session index not ok",
-    "code": 5045
-  },
-  "Unauthorized": {
-    "description": "not authenticated",
-    "code": 401
-  },
-  "_comment": "---------------------  MetaData ---------------------",
-  "_comment": "#### formatErrors ####",
-  "CacheUpdated": {
-    "description": "The cache has been updated",
-    "code": 500
-  },
-  "DBNotFound": {
-    "description": "This DB does not exist",
-    "code": 404
-  },
-  "DBAlreadyExists": {
-    "description": "This DB already exist",
-    "code": 409
-  },
-  "ObjNotFound": {
-    "description": "This object does not exist",
-    "code": 404
-  },
-  "PermissionDenied": {
-    "description": "Permission denied",
-    "code": 403
-  },
-  "BadRequest": {
-    "description": "BadRequest",
-    "code": 400
-  },
-  "RaftSessionNotLeader": {
-    "description": "NotLeader",
-    "code": 500
-  },
-  "RaftSessionLeaderNotConnected": {
-    "description": "RaftSessionLeaderNotConnected",
-    "code": 400
-  },
-  "NoLeaderForDB": {
-    "description": "NoLeaderForDB",
-    "code": 400
-  },
-  "RouteNotFound": {
-    "description": "RouteNotFound",
-    "code": 404
-  },
-  "NoMapsInConfig": {
-    "description": "NoMapsInConfig",
-    "code": 404
-  },
-  "DBAPINotReady": {
-    "message": "DBAPINotReady",
-    "code": 500
-  },
-  "NotEnoughMapsInConfig:": {
-    "description": "NotEnoughMapsInConfig",
-    "code": 400
-  },
-  "TooManyRequests": {
-    "description": "TooManyRequests",
-    "code": 429
-  },
-  "_comment": "----------------------- cdmiclient -----------------------",
-  "ReadOnly": {
-    "description": "trying to write to read only back-end",
-    "code": 403
-  }
-}

index.js

@@ -1,135 +0,0 @@
-module.exports = {
-    auth: require('./lib/auth/auth'),
-    constants: require('./lib/constants'),
-    db: require('./lib/db'),
-    errors: require('./lib/errors.js'),
-    shuffle: require('./lib/shuffle'),
-    stringHash: require('./lib/stringHash'),
-    ipCheck: require('./lib/ipCheck'),
-    jsutil: require('./lib/jsutil'),
-    https: {
-        ciphers: require('./lib/https/ciphers.js'),
-        dhparam: require('./lib/https/dh2048.js'),
-    },
-    algorithms: {
-        list: {
-            Basic: require('./lib/algos/list/basic').List,
-            Delimiter: require('./lib/algos/list/delimiter').Delimiter,
-            DelimiterVersions: require('./lib/algos/list/delimiterVersions')
-                .DelimiterVersions,
-            DelimiterMaster: require('./lib/algos/list/delimiterMaster')
-                .DelimiterMaster,
-            MPU: require('./lib/algos/list/MPU').MultipartUploads,
-        },
-        listTools: {
-            DelimiterTools: require('./lib/algos/list/tools'),
-        },
-        cache: {
-            LRUCache: require('./lib/algos/cache/LRUCache'),
-        },
-        stream: {
-            MergeStream: require('./lib/algos/stream/MergeStream'),
-        },
-    },
-    policies: {
-        evaluators: require('./lib/policyEvaluator/evaluator.js'),
-        validateUserPolicy: require('./lib/policy/policyValidator')
-            .validateUserPolicy,
-        evaluatePrincipal: require('./lib/policyEvaluator/principal'),
-        RequestContext: require('./lib/policyEvaluator/RequestContext.js'),
-        requestUtils: require('./lib/policyEvaluator/requestUtils'),
-        actionMaps: require('./lib/policyEvaluator/utils/actionMaps'),
-    },
-    Clustering: require('./lib/Clustering'),
-    testing: {
-        matrix: require('./lib/testing/matrix.js'),
-    },
-    versioning: {
-        VersioningConstants: require('./lib/versioning/constants.js')
-            .VersioningConstants,
-        Version: require('./lib/versioning/Version.js').Version,
-        VersionID: require('./lib/versioning/VersionID.js'),
-        WriteGatheringManager: require('./lib/versioning/WriteGatheringManager.js'),
-        WriteCache: require('./lib/versioning/WriteCache.js'),
-        VersioningRequestProcessor: require('./lib/versioning/VersioningRequestProcessor.js'),
-    },
-    network: {
-        http: {
-            server: require('./lib/network/http/server'),
-        },
-        rpc: require('./lib/network/rpc/rpc'),
-        level: require('./lib/network/rpc/level-net'),
-        rest: {
-            RESTServer: require('./lib/network/rest/RESTServer'),
-            RESTClient: require('./lib/network/rest/RESTClient'),
-        },
-        probe: {
-            ProbeServer: require('./lib/network/probe/ProbeServer'),
-        },
-        RoundRobin: require('./lib/network/RoundRobin'),
-    },
-    s3routes: {
-        routes: require('./lib/s3routes/routes'),
-        routesUtils: require('./lib/s3routes/routesUtils'),
-    },
-    s3middleware: {
-        userMetadata: require('./lib/s3middleware/userMetadata'),
-        convertToXml: require('./lib/s3middleware/convertToXml'),
-        escapeForXml: require('./lib/s3middleware/escapeForXml'),
-        tagging: require('./lib/s3middleware/tagging'),
-        validateConditionalHeaders:
-            require('./lib/s3middleware/validateConditionalHeaders')
-            .validateConditionalHeaders,
-        MD5Sum: require('./lib/s3middleware/MD5Sum'),
-        NullStream: require('./lib/s3middleware/nullStream'),
-        objectUtils: require('./lib/s3middleware/objectUtils'),
-        azureHelper: {
-            mpuUtils:
-                require('./lib/s3middleware/azureHelpers/mpuUtils'),
-            ResultsCollector:
-                require('./lib/s3middleware/azureHelpers/ResultsCollector'),
-            SubStreamInterface:
-                require('./lib/s3middleware/azureHelpers/SubStreamInterface'),
-        },
-    },
-    storage: {
-        metadata: {
-            MetadataFileServer:
-            require('./lib/storage/metadata/file/MetadataFileServer'),
-            MetadataFileClient:
-            require('./lib/storage/metadata/file/MetadataFileClient'),
-            LogConsumer:
-            require('./lib/storage/metadata/bucketclient/LogConsumer'),
-        },
-        data: {
-            file: {
-                DataFileStore:
-                require('./lib/storage/data/file/DataFileStore'),
-            },
-        },
-        utils: require('./lib/storage/utils'),
-    },
-    models: {
-        BucketInfo: require('./lib/models/BucketInfo'),
-        ObjectMD: require('./lib/models/ObjectMD'),
-        ObjectMDLocation: require('./lib/models/ObjectMDLocation'),
-        ARN: require('./lib/models/ARN'),
-        WebsiteConfiguration: require('./lib/models/WebsiteConfiguration'),
-        ReplicationConfiguration:
-          require('./lib/models/ReplicationConfiguration'),
-        LifecycleConfiguration:
-            require('./lib/models/LifecycleConfiguration'),
-    },
-    metrics: {
-        StatsClient: require('./lib/metrics/StatsClient'),
-        StatsModel: require('./lib/metrics/StatsModel'),
-        RedisClient: require('./lib/metrics/RedisClient'),
-        ZenkoMetrics: require('./lib/metrics/ZenkoMetrics'),
-    },
-    pensieve: {
-        credentialUtils: require('./lib/executables/pensieveCreds/utils'),
-    },
-    stream: {
-        readJSONStreamObject: require('./lib/stream/readJSONStreamObject'),
-    },
-};

index.ts

@@ -0,0 +1,159 @@
+import * as evaluators from './lib/policyEvaluator/evaluator';
+import evaluatePrincipal from './lib/policyEvaluator/principal';
+import RequestContext from './lib/policyEvaluator/RequestContext';
+import * as requestUtils from './lib/policyEvaluator/requestUtils';
+import * as actionMaps from './lib/policyEvaluator/utils/actionMaps';
+import { validateUserPolicy } from './lib/policy/policyValidator'
+import * as userMetadata from './lib/s3middleware/userMetadata';
+import convertToXml from './lib/s3middleware/convertToXml';
+import escapeForXml from './lib/s3middleware/escapeForXml';
+import * as objectLegalHold from './lib/s3middleware/objectLegalHold';
+import * as tagging from './lib/s3middleware/tagging';
+import { validateConditionalHeaders } from './lib/s3middleware/validateConditionalHeaders';
+import MD5Sum from './lib/s3middleware/MD5Sum';
+import NullStream from './lib/s3middleware/nullStream';
+import * as objectUtils from './lib/s3middleware/objectUtils';
+import * as mpuUtils from './lib/s3middleware/azureHelpers/mpuUtils';
+import ResultsCollector from './lib/s3middleware/azureHelpers/ResultsCollector';
+import SubStreamInterface from './lib/s3middleware/azureHelpers/SubStreamInterface';
+import * as processMpuParts from './lib/s3middleware/processMpuParts';
+import * as retention from './lib/s3middleware/objectRetention';
+import * as lifecycleHelpers from './lib/s3middleware/lifecycleHelpers';
+export { default as errors } from './lib/errors';
+export { default as Clustering } from './lib/Clustering';
+export * as ipCheck from './lib/ipCheck';
+export * as auth from './lib/auth/auth';
+export * as constants from './lib/constants';
+export * as https from './lib/https';
+export * as metrics from './lib/metrics';
+export * as network from './lib/network';
+export * as s3routes from './lib/s3routes';
+export * as versioning from './lib/versioning';
+export * as stream from './lib/stream';
+export * as jsutil from './lib/jsutil';
+export { default as stringHash } from './lib/stringHash';
+export * as db from './lib/db';
+export { default as shuffle } from './lib/shuffle';
+export * as models from './lib/models';
+
+export const algorithms = {
+    list: {
+        Basic: require('./lib/algos/list/basic').List,
+        Delimiter: require('./lib/algos/list/delimiter').Delimiter,
+        DelimiterVersions: require('./lib/algos/list/delimiterVersions').DelimiterVersions,
+        DelimiterMaster: require('./lib/algos/list/delimiterMaster').DelimiterMaster,
+        MPU: require('./lib/algos/list/MPU').MultipartUploads,
+    },
+    listTools: {
+        DelimiterTools: require('./lib/algos/list/tools'),
+    },
+    cache: {
+        LRUCache: require('./lib/algos/cache/LRUCache'),
+    },
+    stream: {
+        MergeStream: require('./lib/algos/stream/MergeStream'),
+    },
+    SortedSet: require('./lib/algos/set/SortedSet'),
+    Heap: require('./lib/algos/heap/Heap'),
+};
+
+export const policies = {
+    evaluators,
+    validateUserPolicy,
+    evaluatePrincipal,
+    RequestContext,
+    requestUtils,
+    actionMaps,
+};
+
+export const testing = {
+    matrix: require('./lib/testing/matrix.js'),
+};
+
+export const s3middleware = {
+    userMetadata,
+    convertToXml,
+    escapeForXml,
+    objectLegalHold,
+    tagging,
+    validateConditionalHeaders,
+    MD5Sum,
+    NullStream,
+    objectUtils,
+    azureHelper: {
+        mpuUtils,
+        ResultsCollector,
+        SubStreamInterface,
+    },
+    processMpuParts,
+    retention,
+    lifecycleHelpers,
+};
+
+export const storage = {
+    metadata: {
+        MetadataWrapper: require('./lib/storage/metadata/MetadataWrapper'),
+        bucketclient: {
+            BucketClientInterface:
+            require('./lib/storage/metadata/bucketclient/' +
+                'BucketClientInterface'),
+            LogConsumer:
+            require('./lib/storage/metadata/bucketclient/LogConsumer'),
+        },
+        file: {
+            BucketFileInterface:
+            require('./lib/storage/metadata/file/BucketFileInterface'),
+            MetadataFileServer:
+            require('./lib/storage/metadata/file/MetadataFileServer'),
+            MetadataFileClient:
+            require('./lib/storage/metadata/file/MetadataFileClient'),
+        },
+        inMemory: {
+            metastore:
+            require('./lib/storage/metadata/in_memory/metastore'),
+            metadata: require('./lib/storage/metadata/in_memory/metadata'),
+            bucketUtilities:
+            require('./lib/storage/metadata/in_memory/bucket_utilities'),
+        },
+        mongoclient: {
+            MongoClientInterface:
+            require('./lib/storage/metadata/mongoclient/' +
+                'MongoClientInterface'),
+            LogConsumer:
+            require('./lib/storage/metadata/mongoclient/LogConsumer'),
+        },
+        proxy: {
+            Server: require('./lib/storage/metadata/proxy/Server'),
+        },
+    },
+    data: {
+        DataWrapper: require('./lib/storage/data/DataWrapper'),
+        MultipleBackendGateway:
+        require('./lib/storage/data/MultipleBackendGateway'),
+        parseLC: require('./lib/storage/data/LocationConstraintParser'),
+        file: {
+            DataFileStore:
+            require('./lib/storage/data/file/DataFileStore'),
+            DataFileInterface:
+            require('./lib/storage/data/file/DataFileInterface'),
+        },
+        external: {
+            AwsClient: require('./lib/storage/data/external/AwsClient'),
+            AzureClient: require('./lib/storage/data/external/AzureClient'),
+            GcpClient: require('./lib/storage/data/external/GcpClient'),
+            GCP: require('./lib/storage/data/external/GCP/GcpService'),
+            GcpUtils: require('./lib/storage/data/external/GCP/GcpUtils'),
+            GcpSigner: require('./lib/storage/data/external/GCP/GcpSigner'),
+            PfsClient: require('./lib/storage/data/external/PfsClient'),
+            backendUtils: require('./lib/storage/data/external/utils'),
+        },
+        inMemory: {
+            datastore: require('./lib/storage/data/in_memory/datastore'),
+        },
+    },
+    utils: require('./lib/storage/utils'),
+};
+
+export const pensieve = {
+    credentialUtils: require('./lib/executables/pensieveCreds/utils'),
+};

lib/Clustering.ts

@@ -1,18 +1,28 @@
-'use strict'; // eslint-disable-line
+import cluster, { Worker } from 'cluster';
+import * as werelogs from 'werelogs';
 
-const cluster = require('cluster');
+export default class Clustering {
+    _size: number;
+    _shutdownTimeout: number;
+    _logger: werelogs.Logger;
+    _shutdown: boolean;
+    _workers: (Worker | undefined)[];
+    _workersTimeout: (NodeJS.Timeout | undefined)[];
+    _workersStatus: (number | string | undefined)[];
+    _status: number;
+    _exitCb?: (clustering: Clustering, exitSignal?: string) => void;
+    _index?: number;
 
-class Clustering {
     /**
      * Constructor
      *
-     * @param {number} size Cluster size
-     * @param {Logger} logger Logger object
-     * @param {number} [shutdownTimeout=5000] Change default shutdown timeout
+     * @param size Cluster size
+     * @param logger Logger object
+     * @param [shutdownTimeout=5000] Change default shutdown timeout
      * releasing ressources
-     * @return {Clustering} itself
+     * @return itself
      */
-    constructor(size, logger, shutdownTimeout) {
+    constructor(size: number, logger: werelogs.Logger, shutdownTimeout?: number) {
         this._size = size;
         if (size < 1) {
             throw new Error('Cluster size must be greater than or equal to 1');
@@ -32,7 +42,6 @@ class Clustering {
      * Method called after a stop() call
      *
      * @private
-     * @return {undefined}
      */
     _afterStop() {
         // Asuming all workers shutdown gracefully
@@ -41,10 +50,11 @@ class Clustering {
         for (let i = 0; i < size; ++i) {
             // If the process return an error code or killed by a signal,
             // set the status
-            if (typeof this._workersStatus[i] === 'number') {
-                this._status = this._workersStatus[i];
+            const status = this._workersStatus[i];
+            if (typeof status === 'number') {
+                this._status = status;
                 break;
-            } else if (typeof this._workersStatus[i] === 'string') {
+            } else if (typeof status === 'string') {
                 this._status = 1;
                 break;
             }
@@ -58,13 +68,17 @@ class Clustering {
     /**
      * Method called when a worker exited
      *
-     * @param {Cluster.worker} worker - Current worker
-     * @param {number} i - Worker index
-     * @param {number} code - Exit code
-     * @param {string} signal - Exit signal
-     * @return {undefined}
+     * @param worker - Current worker
+     * @param i - Worker index
+     * @param code - Exit code
+     * @param signal - Exit signal
      */
-    _workerExited(worker, i, code, signal) {
+    _workerExited(
+        worker: Worker,
+        i: number,
+        code: number,
+        signal: string,
+    ) {
         // If the worker:
         //   - was killed by a signal
         //   - return an error code
@@ -91,8 +105,9 @@ class Clustering {
             this._workersStatus[i] = undefined;
         }
         this._workers[i] = undefined;
-        if (this._workersTimeout[i]) {
-            clearTimeout(this._workersTimeout[i]);
+        const timeout = this._workersTimeout[i];
+        if (timeout) {
+            clearTimeout(timeout);
             this._workersTimeout[i] = undefined;
         }
         // If we don't trigger the stop method, the watchdog
@@ -110,29 +125,28 @@ class Clustering {
     /**
      * Method to start a worker
      *
-     * @param {number} i Index of the starting worker
-     * @return {undefined}
+     * @param i Index of the starting worker
      */
-    startWorker(i) {
-        if (!cluster.isMaster) {
+    startWorker(i: number) {
+        if (!cluster.isPrimary) {
             return;
         }
         // Fork a new worker
         this._workers[i] = cluster.fork();
         // Listen for message from the worker
-        this._workers[i].on('message', msg => {
+        this._workers[i]!.on('message', msg => {
             // If the worker is ready, send him his id
             if (msg === 'ready') {
-                this._workers[i].send({ msg: 'setup', id: i });
+                this._workers[i]!.send({ msg: 'setup', id: i });
             }
         });
-        this._workers[i].on('exit', (code, signal) =>
-            this._workerExited(this._workers[i], i, code, signal));
+        this._workers[i]!.on('exit', (code, signal) =>
+            this._workerExited(this._workers[i]!, i, code, signal));
         // Trigger when the worker was started
-        this._workers[i].on('online', () => {
+        this._workers[i]!.on('online', () => {
             this._logger.info('Worker started', {
                 id: i,
-                childPid: this._workers[i].process.pid,
+                childPid: this._workers[i]!.process.pid,
             });
         });
     }
@@ -140,10 +154,10 @@ class Clustering {
     /**
      * Method to put handler on cluster exit
      *
-     * @param {function} cb - Callback(Clustering, [exitSignal])
-     * @return {Clustering} Itself
+     * @param cb - Callback(Clustering, [exitSignal])
+     * @return Itself
      */
-    onExit(cb) {
+    onExit(cb: (clustering: Clustering, exitSignal?: string) => void) {
         this._exitCb = cb;
         return this;
     }
@@ -152,33 +166,33 @@ class Clustering {
      * Method to start the cluster (if master) or to start the callback
      * (worker)
      *
-     * @param {function} cb - Callback to run the worker
-     * @return {Clustering} itself
+     * @param cb - Callback to run the worker
+     * @return itself
      */
-    start(cb) {
+    start(cb: (clustering: Clustering) => void) {
         process.on('SIGINT', () => this.stop('SIGINT'));
         process.on('SIGHUP', () => this.stop('SIGHUP'));
         process.on('SIGQUIT', () => this.stop('SIGQUIT'));
         process.on('SIGTERM', () => this.stop('SIGTERM'));
         process.on('SIGPIPE', () => {});
-        process.on('exit', (code, signal) => {
+        process.on('exit', (code?: number, signal?: string) => {
             if (this._exitCb) {
                 this._status = code || 0;
                 return this._exitCb(this, signal);
             }
             return process.exit(code || 0);
         });
-        process.on('uncaughtException', err => {
+        process.on('uncaughtException', (err: Error) => {
             this._logger.fatal('caught error', {
                 error: err.message,
-                stack: err.stack.split('\n').map(str => str.trim()),
+                stack: err.stack?.split('\n')?.map(str => str.trim()),
             });
             process.exit(1);
         });
-        if (!cluster.isMaster) {
+        if (!cluster.isPrimary) {
             // Waiting for message from master to
             // know the id of the slave cluster
-            process.on('message', msg => {
+            process.on('message', (msg: any) => {
                 if (msg.msg === 'setup') {
                     this._index = msg.id;
                     cb(this);
@@ -186,7 +200,7 @@ class Clustering {
             });
             // Send message to the master, to let him know
             // the worker has started
-            process.send('ready');
+            process.send?.('ready');
         } else {
             for (let i = 0; i < this._size; ++i) {
                 this.startWorker(i);
@@ -198,7 +212,7 @@ class Clustering {
     /**
      * Method to get workers
      *
-     * @return {Cluster.Worker[]} Workers
+     * @return Workers
      */
     getWorkers() {
         return this._workers;
@@ -207,7 +221,7 @@ class Clustering {
     /**
      * Method to get the status of the cluster
      *
-     * @return {number} Status code
+     * @return Status code
      */
     getStatus() {
         return this._status;
@@ -216,7 +230,7 @@ class Clustering {
     /**
      * Method to return if it's the master process
      *
-     * @return {boolean} - True if master, false otherwise
+     * @return - True if master, false otherwise
      */
     isMaster() {
         return this._index === undefined;
@@ -225,7 +239,7 @@ class Clustering {
     /**
      * Method to get index of the worker
      *
-     * @return {number|undefined} Worker index, undefined if it's master
+     * @return Worker index, undefined if it's master
      */
     getIndex() {
         return this._index;
@@ -234,11 +248,10 @@ class Clustering {
     /**
      * Method to stop the cluster
      *
-     * @param {string} signal - Set internally when processes killed by signal
-     * @return {undefined}
+     * @param signal - Set internally when processes killed by signal
      */
-    stop(signal) {
-        if (!cluster.isMaster) {
+    stop(signal?: string) {
+        if (!cluster.isPrimary) {
             if (this._exitCb) {
                 return this._exitCb(this, signal);
             }
@@ -251,13 +264,17 @@ class Clustering {
             }
             this._workersTimeout[i] = setTimeout(() => {
                 // Kill the worker if the sigterm was ignored or take too long
-                process.kill(worker.process.pid, 'SIGKILL');
+                if (worker.process.pid) {
+                  process.kill(worker.process.pid, 'SIGKILL');
+                }
             }, this._shutdownTimeout);
             // Send sigterm to the process, allowing to release ressources
             // and save some states
-            return process.kill(worker.process.pid, 'SIGTERM');
+            if (worker.process.pid) {
+              return process.kill(worker.process.pid, 'SIGTERM');
+            } else {
+              return true;
+            }
         });
     }
 }
-
-module.exports = Clustering;

lib/algos/heap/Heap.ts

@@ -0,0 +1,124 @@
+export enum HeapOrder {
+    Min = -1,
+    Max = 1,
+}
+
+export enum CompareResult {
+    LT = -1,
+    EQ = 0,
+    GT = 1,
+}
+
+export type CompareFunction = (x: any, y: any) => CompareResult;
+
+export class Heap {
+    size: number;
+    _maxSize: number;
+    _order: HeapOrder;
+    _heap: any[];
+    _cmpFn: CompareFunction;
+    
+    constructor(size: number, order: HeapOrder, cmpFn: CompareFunction) {
+        this.size = 0;
+        this._maxSize = size;
+        this._order = order;
+        this._cmpFn = cmpFn;
+        this._heap = new Array<any>(this._maxSize);
+    }
+
+    _parent(i: number): number {
+        return Math.floor((i - 1) / 2);
+    }
+
+    _left(i: number): number {
+        return Math.floor((2 * i) + 1);
+    }
+
+    _right(i: number): number {
+        return Math.floor((2 * i) + 2);
+    }
+
+    _shouldSwap(childIdx: number, parentIdx: number): boolean {
+        return this._cmpFn(this._heap[childIdx], this._heap[parentIdx]) as number === this._order as number;
+    }
+
+    _swap(i: number, j: number) {
+        const tmp = this._heap[i];
+        this._heap[i] = this._heap[j];
+        this._heap[j] = tmp;
+    }
+
+    _heapify(i: number) {
+        const l = this._left(i);
+        const r = this._right(i);
+        let c = i;
+
+        if (l < this.size && this._shouldSwap(l, c)) {
+            c = l;
+        }
+
+        if (r < this.size && this._shouldSwap(r, c)) {
+            c = r;
+        }
+
+        if (c != i) {
+            this._swap(c, i);
+            this._heapify(c);
+        }
+    }
+
+    add(item: any): any {
+        if (this.size >= this._maxSize) {
+            return new Error('Max heap size reached');
+        }
+
+        ++this.size;
+        let c = this.size - 1;
+        this._heap[c] = item;
+
+        while (c > 0) {
+            if (!this._shouldSwap(c, this._parent(c))) {
+                return null;
+            }
+
+            this._swap(c, this._parent(c));
+            c = this._parent(c);
+        }
+
+        return null;
+    };
+
+    remove(): any {
+        if (this.size <= 0) {
+            return null;
+        }
+
+        const ret = this._heap[0];
+        this._heap[0] = this._heap[this.size - 1];
+        this._heapify(0);
+        --this.size;
+
+        return ret;
+    };
+
+    peek(): any {
+        if (this.size <= 0) {
+            return null;
+        }
+
+        return this._heap[0];
+    };
+}
+
+export class MinHeap extends Heap {
+    constructor(size: number, cmpFn: CompareFunction) {
+        super(size, HeapOrder.Min, cmpFn);
+    }
+}
+
+export class MaxHeap extends Heap {
+    constructor(size: number, cmpFn: CompareFunction) {
+        super(size, HeapOrder.Max, cmpFn);
+    }
+} 
+

lib/algos/list/MPU.js

@@ -1,7 +1,7 @@
 'use strict'; // eslint-disable-line strict
 
 const { inc, checkLimit, listingParamsMasterKeysV0ToV1,
-        FILTER_END, FILTER_ACCEPT } = require('./tools');
+    FILTER_END, FILTER_ACCEPT } = require('./tools');
 const DEFAULT_MAX_KEYS = 1000;
 const VSConst = require('../../versioning/constants').VersioningConstants;
 const { DbPrefixes, BucketVersioningKeyFormat } = VSConst;

lib/algos/list/basic.js

@@ -2,7 +2,7 @@
 
 const Extension = require('./Extension').default;
 
-const { checkLimit, FILTER_END, FILTER_ACCEPT } = require('./tools');
+const { checkLimit, FILTER_END, FILTER_ACCEPT, FILTER_SKIP } = require('./tools');
 const DEFAULT_MAX_KEYS = 10000;
 
 /**
@@ -21,6 +21,8 @@ class List extends Extension {
         this.res = [];
         if (parameters) {
             this.maxKeys = checkLimit(parameters.maxKeys, DEFAULT_MAX_KEYS);
+            this.filterKey = parameters.filterKey;
+            this.filterKeyStartsWith = parameters.filterKeyStartsWith;
         } else {
             this.maxKeys = DEFAULT_MAX_KEYS;
         }
@@ -44,6 +46,43 @@ class List extends Extension {
         return params;
     }
 
+    /**
+     * Filters customAttributes sub-object if present
+     *
+     * @param {String} value - The JSON value of a listing item
+     *
+     * @return {Boolean} Returns true if matches, else false.
+     */
+    customFilter(value) {
+        let _value;
+        try {
+            _value = JSON.parse(value);
+        } catch (e) {
+            // Prefer returning an unfiltered data rather than
+            // stopping the service in case of parsing failure.
+            // The risk of this approach is a potential
+            // reproduction of MD-692, where too much memory is
+            // used by repd.
+            this.logger.warn(
+                'Could not parse Object Metadata while listing',
+                { err: e.toString() });
+            return false;
+        }
+        if (_value.customAttributes !== undefined) {
+            for (const key of Object.keys(_value.customAttributes)) {
+                if (this.filterKey !== undefined &&
+                    key === this.filterKey) {
+                    return true;
+                }
+                if (this.filterKeyStartsWith !== undefined &&
+                    key.startsWith(this.filterKeyStartsWith)) {
+                    return true;
+                }
+            }
+        }
+        return false;
+    }
+
     /**
      *  Function apply on each element
      *  Just add it to the array
@@ -56,6 +95,12 @@ class List extends Extension {
         if (this.keys >= this.maxKeys) {
             return FILTER_END;
         }
+        if ((this.filterKey !== undefined ||
+             this.filterKeyStartsWith !== undefined) &&
+            typeof elem === 'object' &&
+            !this.customFilter(elem.value)) {
+            return FILTER_SKIP;
+        }
         if (typeof elem === 'object') {
             this.res.push({
                 key: elem.key,

lib/algos/list/delimiter.js

@@ -1,274 +0,0 @@
-'use strict'; // eslint-disable-line strict
-
-const Extension = require('./Extension').default;
-const { inc, listingParamsMasterKeysV0ToV1,
-        FILTER_END, FILTER_ACCEPT, FILTER_SKIP } = require('./tools');
-const VSConst = require('../../versioning/constants').VersioningConstants;
-const { DbPrefixes, BucketVersioningKeyFormat } = VSConst;
-
-/**
- * Find the common prefix in the path
- *
- * @param {String} key            - path of the object
- * @param {String} delimiter      - separator
- * @param {Number} delimiterIndex - 'folder' index in the path
- * @return {String}               - CommonPrefix
- */
-function getCommonPrefix(key, delimiter, delimiterIndex) {
-    return key.substring(0, delimiterIndex + delimiter.length);
-}
-
-/**
- * Handle object listing with parameters
- *
- * @prop {String[]} CommonPrefixes     - 'folders' defined by the delimiter
- * @prop {String[]} Contents           - 'files' to list
- * @prop {Boolean} IsTruncated         - truncated listing flag
- * @prop {String|undefined} NextMarker - marker per amazon format
- * @prop {Number} keys                 - count of listed keys
- * @prop {String|undefined} delimiter  - separator per amazon format
- * @prop {String|undefined} prefix     - prefix per amazon format
- * @prop {Number} maxKeys              - number of keys to list
- */
-class Delimiter extends Extension {
-    /**
-     * Create a new Delimiter instance
-     * @constructor
-     * @param {Object}  parameters                     - listing parameters
-     * @param {String}  [parameters.delimiter]         - delimiter per amazon
-     *                                                   format
-     * @param {String}  [parameters.prefix]            - prefix per amazon
-     *                                                   format
-     * @param {String}  [parameters.marker]            - marker per amazon
-     *                                                   format
-     * @param {Number}  [parameters.maxKeys]           - number of keys to list
-     * @param {Boolean} [parameters.v2]                - indicates whether v2
-     *                                                   format
-     * @param {String}  [parameters.startAfter]        - marker per amazon
-     *                                                   format
-     * @param {String}  [parameters.continuationToken] - obfuscated amazon
-     *                                                   token
-     * @param {Boolean} [parameters.alphabeticalOrder] - Either the result is
-     *                                                   alphabetically ordered
-     *                                                   or not
-     * @param {RequestLogger} logger                   - The logger of the
-     *                                                   request
-     * @param {String} [vFormat]                       - versioning key format
-     */
-    constructor(parameters, logger, vFormat) {
-        super(parameters, logger);
-        // original listing parameters
-        this.delimiter = parameters.delimiter;
-        this.prefix = parameters.prefix;
-        this.marker = parameters.marker;
-        this.maxKeys = parameters.maxKeys || 1000;
-        this.startAfter = parameters.startAfter;
-        this.continuationToken = parameters.continuationToken;
-        this.alphabeticalOrder =
-          typeof parameters.alphabeticalOrder !== 'undefined' ?
-                                 parameters.alphabeticalOrder : true;
-
-        this.vFormat = vFormat || BucketVersioningKeyFormat.v0;
-        // results
-        this.CommonPrefixes = [];
-        this.Contents = [];
-        this.IsTruncated = false;
-        this.NextMarker = parameters.marker;
-        this.NextContinuationToken =
-            parameters.continuationToken || parameters.startAfter;
-
-        this.startMarker = parameters.v2 ? 'startAfter' : 'marker';
-        this.continueMarker = parameters.v2 ? 'continuationToken' : 'marker';
-        this.nextContinueMarker = parameters.v2 ?
-            'NextContinuationToken' : 'NextMarker';
-
-        if (this.delimiter !== undefined &&
-            this[this.nextContinueMarker] !== undefined &&
-            this[this.nextContinueMarker].startsWith(this.prefix || '')) {
-            const nextDelimiterIndex =
-                this[this.nextContinueMarker].indexOf(this.delimiter,
-                                        this.prefix ? this.prefix.length : 0);
-            this[this.nextContinueMarker] =
-                this[this.nextContinueMarker].slice(0, nextDelimiterIndex +
-                                        this.delimiter.length);
-        }
-
-        Object.assign(this, {
-            [BucketVersioningKeyFormat.v0]: {
-                genMDParams: this.genMDParamsV0,
-                getObjectKey: this.getObjectKeyV0,
-                skipping: this.skippingV0,
-            },
-            [BucketVersioningKeyFormat.v1]: {
-                genMDParams: this.genMDParamsV1,
-                getObjectKey: this.getObjectKeyV1,
-                skipping: this.skippingV1,
-            },
-        }[this.vFormat]);
-    }
-
-    genMDParamsV0() {
-        const params = {};
-        if (this.prefix) {
-            params.gte = this.prefix;
-            params.lt = inc(this.prefix);
-        }
-        const startVal = this[this.continueMarker] || this[this.startMarker];
-        if (startVal) {
-            if (params.gte && params.gte > startVal) {
-                return params;
-            }
-            delete params.gte;
-            params.gt = startVal;
-        }
-        return params;
-    }
-
-    genMDParamsV1() {
-        const params = this.genMDParamsV0();
-        return listingParamsMasterKeysV0ToV1(params);
-    }
-
-    /**
-     * check if the max keys count has been reached and set the
-     * final state of the result if it is the case
-     * @return {Boolean} - indicates if the iteration has to stop
-     */
-    _reachedMaxKeys() {
-        if (this.keys >= this.maxKeys) {
-            // In cases of maxKeys <= 0 -> IsTruncated = false
-            this.IsTruncated = this.maxKeys > 0;
-            return true;
-        }
-        return false;
-    }
-
-    /**
-     *  Add a (key, value) tuple to the listing
-     *  Set the NextMarker to the current key
-     *  Increment the keys counter
-     *  @param {String} key   - The key to add
-     *  @param {String} value - The value of the key
-     *  @return {number}      - indicates if iteration should continue
-     */
-    addContents(key, value) {
-        if (this._reachedMaxKeys()) {
-            return FILTER_END;
-        }
-        this.Contents.push({ key, value: this.trimMetadata(value) });
-        this[this.nextContinueMarker] = key;
-        ++this.keys;
-        return FILTER_ACCEPT;
-    }
-
-    getObjectKeyV0(obj) {
-        return obj.key;
-    }
-
-    getObjectKeyV1(obj) {
-        return obj.key.slice(DbPrefixes.Master.length);
-    }
-
-    /**
-     *  Filter to apply on each iteration, based on:
-     *  - prefix
-     *  - delimiter
-     *  - maxKeys
-     *  The marker is being handled directly by levelDB
-     *  @param {Object} obj       - The key and value of the element
-     *  @param {String} obj.key   - The key of the element
-     *  @param {String} obj.value - The value of the element
-     *  @return {number}          - indicates if iteration should continue
-     */
-    filter(obj) {
-        const key = this.getObjectKey(obj);
-        const value = obj.value;
-        if ((this.prefix && !key.startsWith(this.prefix))
-            || (this.alphabeticalOrder
-                && typeof this[this.nextContinueMarker] === 'string'
-                && key <= this[this.nextContinueMarker])) {
-            return FILTER_SKIP;
-        }
-        if (this.delimiter) {
-            const baseIndex = this.prefix ? this.prefix.length : 0;
-            const delimiterIndex = key.indexOf(this.delimiter, baseIndex);
-            if (delimiterIndex === -1) {
-                return this.addContents(key, value);
-            }
-            return this.addCommonPrefix(key, delimiterIndex);
-        }
-        return this.addContents(key, value);
-    }
-
-    /**
-     * Add a Common Prefix in the list
-     * @param {String} key   - object name
-     * @param {Number} index - after prefix starting point
-     * @return {Boolean}     - indicates if iteration should continue
-     */
-    addCommonPrefix(key, index) {
-        const commonPrefix = getCommonPrefix(key, this.delimiter, index);
-        if (this.CommonPrefixes.indexOf(commonPrefix) === -1
-                && this[this.nextContinueMarker] !== commonPrefix) {
-            if (this._reachedMaxKeys()) {
-                return FILTER_END;
-            }
-            this.CommonPrefixes.push(commonPrefix);
-            this[this.nextContinueMarker] = commonPrefix;
-            ++this.keys;
-            return FILTER_ACCEPT;
-        }
-        return FILTER_SKIP;
-    }
-
-    /**
-     * If repd happens to want to skip listing on a bucket in v0
-     * versioning key format, here is an idea.
-     *
-     * @return {string} - the present range (NextMarker) if repd believes
-     *                    that it's enough and should move on
-     */
-    skippingV0() {
-        return this[this.nextContinueMarker];
-    }
-
-    /**
-     * If repd happens to want to skip listing on a bucket in v1
-     * versioning key format, here is an idea.
-     *
-     * @return {string} - the present range (NextMarker) if repd believes
-     *                    that it's enough and should move on
-     */
-    skippingV1() {
-        return DbPrefixes.Master + this[this.nextContinueMarker];
-    }
-
-    /**
-     *  Return an object containing all mandatory fields to use once the
-     *  iteration is done, doesn't show a NextMarker field if the output
-     *  isn't truncated
-     *  @return {Object} - following amazon format
-     */
-    result() {
-        /* NextMarker is only provided when delimiter is used.
-         * specified in v1 listing documentation
-         * http://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketGET.html
-         */
-        const result = {
-            CommonPrefixes: this.CommonPrefixes,
-            Contents: this.Contents,
-            IsTruncated: this.IsTruncated,
-            Delimiter: this.delimiter,
-        };
-        if (this.parameters.v2) {
-            result.NextContinuationToken = this.IsTruncated
-                ? this.NextContinuationToken : undefined;
-        } else {
-            result.NextMarker = (this.IsTruncated && this.delimiter)
-                ? this.NextMarker : undefined;
-        }
-        return result;
-    }
-}
-
-module.exports = { Delimiter };

lib/algos/list/delimiter.ts

@@ -0,0 +1,356 @@
+'use strict'; // eslint-disable-line strict
+
+const Extension = require('./Extension').default;
+const { inc, listingParamsMasterKeysV0ToV1,
+    FILTER_END, FILTER_ACCEPT, FILTER_SKIP, SKIP_NONE } = require('./tools');
+const VSConst = require('../../versioning/constants').VersioningConstants;
+const { DbPrefixes, BucketVersioningKeyFormat } = VSConst;
+
+export interface FilterState {
+    id: number,
+};
+
+export interface FilterReturnValue {
+    FILTER_ACCEPT,
+    FILTER_SKIP,
+    FILTER_END,
+};
+
+export const enum DelimiterFilterStateId {
+    NotSkipping = 1,
+    SkippingPrefix = 2,
+};
+
+export interface DelimiterFilterState_NotSkipping extends FilterState {
+    id: DelimiterFilterStateId.NotSkipping,
+};
+
+export interface DelimiterFilterState_SkippingPrefix extends FilterState {
+    id: DelimiterFilterStateId.SkippingPrefix,
+    prefix: string;
+};
+
+type KeyHandler = (key: string, value: string) => FilterReturnValue;
+
+type ResultObject = {
+    CommonPrefixes: string[];
+    Contents: {
+        key: string;
+        value: string;
+    }[];
+    IsTruncated: boolean;
+    Delimiter ?: string;
+    NextMarker ?: string;
+    NextContinuationToken ?: string;
+};
+
+/**
+ * Handle object listing with parameters
+ *
+ * @prop {String[]} CommonPrefixes     - 'folders' defined by the delimiter
+ * @prop {String[]} Contents           - 'files' to list
+ * @prop {Boolean} IsTruncated         - truncated listing flag
+ * @prop {String|undefined} NextMarker - marker per amazon format
+ * @prop {Number} keys                 - count of listed keys
+ * @prop {String|undefined} delimiter  - separator per amazon format
+ * @prop {String|undefined} prefix     - prefix per amazon format
+ * @prop {Number} maxKeys              - number of keys to list
+ */
+export class Delimiter extends Extension {
+
+    state: FilterState;
+    keyHandlers: { [id: number]: KeyHandler };
+
+    /**
+     * Create a new Delimiter instance
+     * @constructor
+     * @param {Object}  parameters                     - listing parameters
+     * @param {String}  [parameters.delimiter]         - delimiter per amazon
+     *                                                   format
+     * @param {String}  [parameters.prefix]            - prefix per amazon
+     *                                                   format
+     * @param {String}  [parameters.marker]            - marker per amazon
+     *                                                   format
+     * @param {Number}  [parameters.maxKeys]           - number of keys to list
+     * @param {Boolean} [parameters.v2]                - indicates whether v2
+     *                                                   format
+     * @param {String}  [parameters.startAfter]        - marker per amazon
+     *                                                   format
+     * @param {String}  [parameters.continuationToken] - obfuscated amazon
+     *                                                   token
+     * @param {RequestLogger} logger                   - The logger of the
+     *                                                   request
+     * @param {String} [vFormat]                       - versioning key format
+     */
+    constructor(parameters, logger, vFormat) {
+        super(parameters, logger);
+        // original listing parameters
+        this.delimiter = parameters.delimiter;
+        this.prefix = parameters.prefix;
+        this.maxKeys = parameters.maxKeys || 1000;
+
+        if (parameters.v2) {
+            this.marker = parameters.continuationToken || parameters.startAfter;
+        } else {
+            this.marker = parameters.marker;
+        }
+        this.nextMarker = this.marker;
+
+        this.vFormat = vFormat || BucketVersioningKeyFormat.v0;
+        // results
+        this.CommonPrefixes = [];
+        this.Contents = [];
+        this.IsTruncated = false;
+        this.keyHandlers = {};
+
+        Object.assign(this, {
+            [BucketVersioningKeyFormat.v0]: {
+                genMDParams: this.genMDParamsV0,
+                getObjectKey: this.getObjectKeyV0,
+                skipping: this.skippingV0,
+            },
+            [BucketVersioningKeyFormat.v1]: {
+                genMDParams: this.genMDParamsV1,
+                getObjectKey: this.getObjectKeyV1,
+                skipping: this.skippingV1,
+            },
+        }[this.vFormat]);
+
+        // if there is a delimiter, we may skip ranges by prefix,
+        // hence using the NotSkippingPrefix flavor that checks the
+        // subprefix up to the delimiter for the NotSkipping state
+        if (this.delimiter) {
+            this.setKeyHandler(
+                DelimiterFilterStateId.NotSkipping,
+                this.keyHandler_NotSkippingPrefix.bind(this));
+        } else {
+            // listing without a delimiter never has to skip over any
+            // prefix -> use NeverSkipping flavor for the NotSkipping
+            // state
+            this.setKeyHandler(
+                DelimiterFilterStateId.NotSkipping,
+                this.keyHandler_NeverSkipping.bind(this));
+        }
+        this.setKeyHandler(
+            DelimiterFilterStateId.SkippingPrefix,
+            this.keyHandler_SkippingPrefix.bind(this));
+
+        this.state = <DelimiterFilterState_NotSkipping> {
+            id: DelimiterFilterStateId.NotSkipping,
+        };
+    }
+
+    genMDParamsV0() {
+        const params: { gt ?: string, gte ?: string, lt ?: string } = {};
+        if (this.prefix) {
+            params.gte = this.prefix;
+            params.lt = inc(this.prefix);
+        }
+        if (this.marker && this.delimiter) {
+            const commonPrefix = this.getCommonPrefix(this.marker);
+            if (commonPrefix) {
+                const afterPrefix = inc(commonPrefix);
+                if (!params.gte || afterPrefix > params.gte) {
+                    params.gte = afterPrefix;
+                }
+            }
+        }
+        if (this.marker && (!params.gte || this.marker >= params.gte)) {
+            delete params.gte;
+            params.gt = this.marker;
+        }
+        return params;
+    }
+
+    genMDParamsV1() {
+        const params = this.genMDParamsV0();
+        return listingParamsMasterKeysV0ToV1(params);
+    }
+
+    /**
+     * check if the max keys count has been reached and set the
+     * final state of the result if it is the case
+     * @return {Boolean} - indicates if the iteration has to stop
+     */
+    _reachedMaxKeys(): boolean {
+        if (this.keys >= this.maxKeys) {
+            // In cases of maxKeys <= 0 -> IsTruncated = false
+            this.IsTruncated = this.maxKeys > 0;
+            return true;
+        }
+        return false;
+    }
+
+    /**
+     *  Add a (key, value) tuple to the listing
+     *  Set the NextMarker to the current key
+     *  Increment the keys counter
+     *  @param {String} key   - The key to add
+     *  @param {String} value - The value of the key
+     *  @return {number}      - indicates if iteration should continue
+     */
+    addContents(key: string, value: string): void {
+        this.Contents.push({ key, value: this.trimMetadata(value) });
+        ++this.keys;
+        this.nextMarker = key;
+    }
+
+    getCommonPrefix(key: string): string | undefined {
+        if (!this.delimiter) {
+            return undefined;
+        }
+        const baseIndex = this.prefix ? this.prefix.length : 0;
+        const delimiterIndex = key.indexOf(this.delimiter, baseIndex);
+        if (delimiterIndex === -1) {
+            return undefined;
+        }
+        return key.substring(0, delimiterIndex + this.delimiter.length);
+    }
+
+    /**
+     * Add a Common Prefix in the list
+     * @param {String} commonPrefix   - common prefix to add
+     * @param {String} key            - full key starting with commonPrefix
+     * @return {Boolean}     - indicates if iteration should continue
+     */
+    addCommonPrefix(commonPrefix: string, key: string): void {
+        // add the new prefix to the list
+        this.CommonPrefixes.push(commonPrefix);
+        ++this.keys;
+        this.nextMarker = commonPrefix;
+    }
+
+    addCommonPrefixOrContents(key: string, value: string): string | undefined {
+        // add the subprefix to the common prefixes if the key has the delimiter
+        const commonPrefix = this.getCommonPrefix(key);
+        if (commonPrefix) {
+            this.addCommonPrefix(commonPrefix, key);
+            return commonPrefix;
+        }
+        this.addContents(key, value);
+        return undefined;
+    }
+
+    getObjectKeyV0(obj: { key: string }): string {
+        return obj.key;
+    }
+
+    getObjectKeyV1(obj: { key: string }): string {
+        return obj.key.slice(DbPrefixes.Master.length);
+    }
+
+    /**
+     *  Filter to apply on each iteration, based on:
+     *  - prefix
+     *  - delimiter
+     *  - maxKeys
+     *  The marker is being handled directly by levelDB
+     *  @param {Object} obj       - The key and value of the element
+     *  @param {String} obj.key   - The key of the element
+     *  @param {String} obj.value - The value of the element
+     *  @return {number}          - indicates if iteration should continue
+     */
+    filter(obj: { key: string, value: string }): FilterReturnValue {
+        const key = this.getObjectKey(obj);
+        const value = obj.value;
+
+        return this.handleKey(key, value);
+    }
+
+    setState(state: FilterState): void {
+        this.state = state;
+    }
+
+    setKeyHandler(stateId: number, keyHandler: KeyHandler): void {
+        this.keyHandlers[stateId] = keyHandler;
+    }
+
+    handleKey(key: string, value: string): FilterReturnValue {
+        return this.keyHandlers[this.state.id](key, value);
+    }
+
+    keyHandler_NeverSkipping(key: string, value: string): FilterReturnValue {
+        if (this._reachedMaxKeys()) {
+            return FILTER_END;
+        }
+        this.addContents(key, value);
+        return FILTER_ACCEPT;
+    }
+
+    keyHandler_NotSkippingPrefix(key: string, value: string): FilterReturnValue {
+        if (this._reachedMaxKeys()) {
+            return FILTER_END;
+        }
+        const commonPrefix = this.addCommonPrefixOrContents(key, value);
+        if (commonPrefix) {
+            // transition into SkippingPrefix state to skip all following keys
+            // while they start with the same prefix
+            this.setState(<DelimiterFilterState_SkippingPrefix> {
+                id: DelimiterFilterStateId.SkippingPrefix,
+                prefix: commonPrefix,
+            });
+        }
+        return FILTER_ACCEPT;
+    }
+
+    keyHandler_SkippingPrefix(key: string, value: string): FilterReturnValue {
+        const { prefix } = <DelimiterFilterState_SkippingPrefix> this.state;
+        if (key.startsWith(prefix)) {
+            return FILTER_SKIP;
+        }
+        this.setState(<DelimiterFilterState_NotSkipping> {
+            id: DelimiterFilterStateId.NotSkipping,
+        });
+        return this.handleKey(key, value);
+    }
+
+    skippingBase(): string | undefined {
+        switch (this.state.id) {
+        case DelimiterFilterStateId.SkippingPrefix:
+            const { prefix } = <DelimiterFilterState_SkippingPrefix> this.state;
+            return prefix;
+
+        default:
+            return SKIP_NONE;
+        }
+    }
+
+    skippingV0() {
+        return this.skippingBase();
+    }
+
+    skippingV1() {
+        const skipTo = this.skippingBase();
+        if (skipTo === SKIP_NONE) {
+            return SKIP_NONE;
+        }
+        return DbPrefixes.Master + skipTo;
+    }
+
+    /**
+     *  Return an object containing all mandatory fields to use once the
+     *  iteration is done, doesn't show a NextMarker field if the output
+     *  isn't truncated
+     *  @return {Object} - following amazon format
+     */
+    result(): ResultObject {
+        /* NextMarker is only provided when delimiter is used.
+         * specified in v1 listing documentation
+         * http://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketGET.html
+         */
+        const result: ResultObject = {
+            CommonPrefixes: this.CommonPrefixes,
+            Contents: this.Contents,
+            IsTruncated: this.IsTruncated,
+            Delimiter: this.delimiter,
+        };
+        if (this.parameters.v2) {
+            result.NextContinuationToken = this.IsTruncated
+                ? this.nextMarker : undefined;
+        } else {
+            result.NextMarker = (this.IsTruncated && this.delimiter)
+                ? this.nextMarker : undefined;
+        }
+        return result;
+    }
+}

lib/algos/list/delimiterMaster.js

@@ -1,196 +0,0 @@
-'use strict'; // eslint-disable-line strict
-
-const Delimiter = require('./delimiter').Delimiter;
-const Version = require('../../versioning/Version').Version;
-const VSConst = require('../../versioning/constants').VersioningConstants;
-const { BucketVersioningKeyFormat } = VSConst;
-const { FILTER_ACCEPT, FILTER_SKIP, SKIP_NONE } = require('./tools');
-
-const VID_SEP = VSConst.VersionId.Separator;
-const { DbPrefixes } = VSConst;
-
-/**
- * Handle object listing with parameters. This extends the base class Delimiter
- * to return the raw master versions of existing objects.
- */
-class DelimiterMaster extends Delimiter {
-    /**
-     * Delimiter listing of master versions.
-     * @param {Object}  parameters            - listing parameters
-     * @param {String}  parameters.delimiter  - delimiter per amazon format
-     * @param {String}  parameters.prefix     - prefix per amazon format
-     * @param {String}  parameters.marker     - marker per amazon format
-     * @param {Number}  parameters.maxKeys    - number of keys to list
-     * @param {Boolean} parameters.v2         - indicates whether v2 format
-     * @param {String}  parameters.startAfter - marker per amazon v2 format
-     * @param {String}  parameters.continuationToken - obfuscated amazon token
-     * @param {RequestLogger} logger          - The logger of the request
-     * @param {String} [vFormat]              - versioning key format
-     */
-    constructor(parameters, logger, vFormat) {
-        super(parameters, logger, vFormat);
-        // non-PHD master version or a version whose master is a PHD version
-        this.prvKey = undefined;
-        this.prvPHDKey = undefined;
-        this.inReplayPrefix = false;
-
-        Object.assign(this, {
-            [BucketVersioningKeyFormat.v0]: {
-                filter: this.filterV0,
-                skipping: this.skippingV0,
-            },
-            [BucketVersioningKeyFormat.v1]: {
-                filter: this.filterV1,
-                skipping: this.skippingV1,
-            },
-        }[this.vFormat]);
-    }
-
-    /**
-     *  Filter to apply on each iteration for buckets in v0 format,
-     *  based on:
-     *  - prefix
-     *  - delimiter
-     *  - maxKeys
-     *  The marker is being handled directly by levelDB
-     *  @param {Object} obj       - The key and value of the element
-     *  @param {String} obj.key   - The key of the element
-     *  @param {String} obj.value - The value of the element
-     *  @return {number}          - indicates if iteration should continue
-     */
-    filterV0(obj) {
-        let key = obj.key;
-        const value = obj.value;
-
-        if (key.startsWith(DbPrefixes.Replay)) {
-            this.inReplayPrefix = true;
-            return FILTER_SKIP;
-        }
-        this.inReplayPrefix = false;
-
-        /* Skip keys not starting with the prefix or not alphabetically
-         * ordered. */
-        if ((this.prefix && !key.startsWith(this.prefix))
-                || (typeof this[this.nextContinueMarker] === 'string' &&
-                    key <= this[this.nextContinueMarker])) {
-            return FILTER_SKIP;
-        }
-
-        /* Skip version keys (<key><versionIdSeparator><version>) if we already
-         * have a master version. */
-        const versionIdIndex = key.indexOf(VID_SEP);
-        if (versionIdIndex >= 0) {
-            key = key.slice(0, versionIdIndex);
-            /* - key === this.prvKey is triggered when a master version has
-             *   been accepted for this key,
-             * - key === this.NextMarker or this.NextContinueToken is triggered
-             *   when a listing page ends on an accepted obj and the next page
-             *   starts with a version of this object.
-             *   In that case prvKey is default set to undefined
-             *   in the constructor and comparing to NextMarker is the only
-             *   way to know  we should not accept this version. This test is
-             *   not redundant with the one at the beginning of this function,
-             *   we are comparing here the key without the version suffix,
-             * - key startsWith the previous NextMarker happens because we set
-             *   NextMarker to the common prefix instead of the whole key
-             *   value. (TODO: remove this test once ZENKO-1048 is fixed)
-             *   */
-            if (key === this.prvKey || key === this[this.nextContinueMarker] ||
-                (this.delimiter &&
-                key.startsWith(this[this.nextContinueMarker]))) {
-                /* master version already filtered */
-                return FILTER_SKIP;
-            }
-        }
-        if (Version.isPHD(value)) {
-            /* master version is a PHD version, we want to wait for the next
-             * one:
-             * - Set the prvKey to undefined to not skip the next version,
-             * - return accept to avoid users to skip the next values in range
-             *   (skip scan mechanism in metadata backend like Metadata or
-             *   MongoClient). */
-            this.prvKey = undefined;
-            this.prvPHDKey = key;
-            return FILTER_ACCEPT;
-        }
-        if (Version.isDeleteMarker(value)) {
-            /* This entry is a deleteMarker which has not been filtered by the
-             * version test. Either :
-             * - it is a deleteMarker on the master version, we want to SKIP
-             *   all the following entries with this key (no master version),
-             * - or a deleteMarker following a PHD (setting prvKey to undefined
-             *   when an entry is a PHD avoids the skip on version for the
-             *   next entry). In that case we expect the master version to
-             *   follow. */
-            if (key === this.prvPHDKey) {
-                this.prvKey = undefined;
-                return FILTER_ACCEPT;
-            }
-            this.prvKey = key;
-            return FILTER_SKIP;
-        }
-
-        this.prvKey = key;
-        if (this.delimiter) {
-            // check if the key has the delimiter
-            const baseIndex = this.prefix ? this.prefix.length : 0;
-            const delimiterIndex = key.indexOf(this.delimiter, baseIndex);
-            if (delimiterIndex >= 0) {
-                // try to add the prefix to the list
-                return this.addCommonPrefix(key, delimiterIndex);
-            }
-        }
-        return this.addContents(key, value);
-    }
-
-    /**
-     *  Filter to apply on each iteration for buckets in v1 format,
-     *  based on:
-     *  - prefix
-     *  - delimiter
-     *  - maxKeys
-     *  The marker is being handled directly by levelDB
-     *  @param {Object} obj       - The key and value of the element
-     *  @param {String} obj.key   - The key of the element
-     *  @param {String} obj.value - The value of the element
-     *  @return {number}          - indicates if iteration should continue
-     */
-    filterV1(obj) {
-        // Filtering master keys in v1 is simply listing the master
-        // keys, as the state of version keys do not change the
-        // result, so we can use Delimiter method directly.
-        return super.filter(obj);
-    }
-
-    skippingBase() {
-        if (this[this.nextContinueMarker]) {
-            // next marker or next continuation token:
-            // - foo/ : skipping foo/
-            // - foo  : skipping foo.
-            const index = this[this.nextContinueMarker].
-                lastIndexOf(this.delimiter);
-            if (index === this[this.nextContinueMarker].length - 1) {
-                return this[this.nextContinueMarker];
-            }
-            return this[this.nextContinueMarker] + VID_SEP;
-        }
-        return SKIP_NONE;
-    }
-
-    skippingV0() {
-        if (this.inReplayPrefix) {
-            return DbPrefixes.Replay;
-        }
-        return this.skippingBase();
-    }
-
-    skippingV1() {
-        const skipTo = this.skippingBase();
-        if (skipTo === SKIP_NONE) {
-            return SKIP_NONE;
-        }
-        return DbPrefixes.Master + skipTo;
-    }
-}
-
-module.exports = { DelimiterMaster };

lib/algos/list/delimiterMaster.ts

@@ -0,0 +1,190 @@
+import {
+    Delimiter,
+    FilterState,
+    FilterReturnValue,
+    DelimiterFilterStateId,
+    DelimiterFilterState_NotSkipping,
+    DelimiterFilterState_SkippingPrefix,
+} from './delimiter';
+const Version = require('../../versioning/Version').Version;
+const VSConst = require('../../versioning/constants').VersioningConstants;
+const { BucketVersioningKeyFormat } = VSConst;
+const { FILTER_ACCEPT, FILTER_SKIP, FILTER_END } = require('./tools');
+
+const VID_SEP = VSConst.VersionId.Separator;
+const { DbPrefixes } = VSConst;
+
+const enum DelimiterMasterFilterStateId {
+    SkippingVersionsV0 = 101,
+    WaitVersionAfterPHDV0 = 102,
+};
+
+interface DelimiterMasterFilterState_SkippingVersionsV0 extends FilterState {
+    id: DelimiterMasterFilterStateId.SkippingVersionsV0,
+    masterKey: string,
+};
+
+interface DelimiterMasterFilterState_WaitVersionAfterPHDV0 extends FilterState {
+    id: DelimiterMasterFilterStateId.WaitVersionAfterPHDV0,
+    masterKey: string,
+};
+
+/**
+ * Handle object listing with parameters. This extends the base class Delimiter
+ * to return the raw master versions of existing objects.
+ */
+export class DelimiterMaster extends Delimiter {
+
+    /**
+     * Delimiter listing of master versions.
+     * @param {Object}  parameters            - listing parameters
+     * @param {String}  parameters.delimiter  - delimiter per amazon format
+     * @param {String}  parameters.prefix     - prefix per amazon format
+     * @param {String}  parameters.marker     - marker per amazon format
+     * @param {Number}  parameters.maxKeys    - number of keys to list
+     * @param {Boolean} parameters.v2         - indicates whether v2 format
+     * @param {String}  parameters.startAfter - marker per amazon v2 format
+     * @param {String}  parameters.continuationToken - obfuscated amazon token
+     * @param {RequestLogger} logger          - The logger of the request
+     * @param {String} [vFormat]              - versioning key format
+     */
+    constructor(parameters, logger, vFormat) {
+        super(parameters, logger, vFormat);
+
+        Object.assign(this, {
+            [BucketVersioningKeyFormat.v0]: {
+                skipping: this.skippingV0,
+            },
+            [BucketVersioningKeyFormat.v1]: {
+                skipping: this.skippingV1,
+            },
+        }[this.vFormat]);
+
+        if (this.vFormat === BucketVersioningKeyFormat.v0) {
+            // override Delimiter's implementation of NotSkipping for
+            // DelimiterMaster logic (skipping versions and special
+            // handling of delete markers and PHDs)
+            this.setKeyHandler(
+                DelimiterFilterStateId.NotSkipping,
+                this.keyHandler_NotSkippingPrefixNorVersionsV0.bind(this));
+
+            // add extra state handlers specific to DelimiterMaster with v0 format
+            this.setKeyHandler(
+                DelimiterMasterFilterStateId.SkippingVersionsV0,
+                this.keyHandler_SkippingVersionsV0.bind(this));
+
+            this.setKeyHandler(
+                DelimiterMasterFilterStateId.WaitVersionAfterPHDV0,
+                this.keyHandler_WaitVersionAfterPHDV0.bind(this));
+
+            if (this.marker) {
+                // distinct initial state to include some special logic
+                // before the first master key is found that does not have
+                // to be checked afterwards
+                this.state = <DelimiterMasterFilterState_SkippingVersionsV0> {
+                    id: DelimiterMasterFilterStateId.SkippingVersionsV0,
+                    masterKey: this.marker,
+                };
+            } else {
+                this.state = <DelimiterFilterState_NotSkipping> {
+                    id: DelimiterFilterStateId.NotSkipping,
+                };
+            }
+        }
+        // in v1, we can directly use Delimiter's implementation,
+        // which is already set to the proper state
+    }
+
+    filter_onNewMasterKeyV0(key: string, value: string): FilterReturnValue {
+        // if this master key is a delete marker, accept it without
+        // adding the version to the contents
+        if (Version.isDeleteMarker(value)) {
+            // update the state to start skipping versions of the new master key
+            this.setState(<DelimiterMasterFilterState_SkippingVersionsV0> {
+                id: DelimiterMasterFilterStateId.SkippingVersionsV0,
+                masterKey: key,
+            });
+            return FILTER_ACCEPT;
+        }
+        if (Version.isPHD(value)) {
+            // master version is a PHD version: wait for the first
+            // following version that will be considered as the actual
+            // master key
+            this.setState(<DelimiterMasterFilterState_WaitVersionAfterPHDV0> {
+                id: DelimiterMasterFilterStateId.WaitVersionAfterPHDV0,
+                masterKey: key,
+            });
+            return FILTER_ACCEPT;
+        }
+        if (key.startsWith(DbPrefixes.Replay)) {
+            // skip internal replay prefix entirely
+            this.setState(<DelimiterFilterState_SkippingPrefix> {
+                id: DelimiterFilterStateId.SkippingPrefix,
+                prefix: DbPrefixes.Replay,
+            });
+            return FILTER_SKIP;
+        }
+        if (this._reachedMaxKeys()) {
+            return FILTER_END;
+        }
+        const commonPrefix = this.addCommonPrefixOrContents(key, value);
+        if (commonPrefix) {
+            // transition into SkippingPrefix state to skip all following keys
+            // while they start with the same prefix
+            this.setState(<DelimiterFilterState_SkippingPrefix> {
+                id: DelimiterFilterStateId.SkippingPrefix,
+                prefix: commonPrefix,
+            });
+            return FILTER_ACCEPT;
+        }
+        // update the state to start skipping versions of the new master key
+        this.setState(<DelimiterMasterFilterState_SkippingVersionsV0> {
+            id: DelimiterMasterFilterStateId.SkippingVersionsV0,
+            masterKey: key,
+        });
+        return FILTER_ACCEPT;
+    }
+
+    keyHandler_NotSkippingPrefixNorVersionsV0(key: string, value: string): FilterReturnValue {
+        return this.filter_onNewMasterKeyV0(key, value);
+    }
+
+    keyHandler_SkippingVersionsV0(key: string, value: string): FilterReturnValue {
+        /* In the SkippingVersionsV0 state, skip all version keys
+         * (<key><versionIdSeparator><version>) */
+        const versionIdIndex = key.indexOf(VID_SEP);
+        if (versionIdIndex !== -1) {
+            return FILTER_SKIP;
+        }
+        return this.filter_onNewMasterKeyV0(key, value);
+    }
+
+    keyHandler_WaitVersionAfterPHDV0(key: string, value: string): FilterReturnValue {
+        // After a PHD key is encountered, the next version key of the
+        // same object if it exists is the new master key, hence
+        // consider it as such and call 'onNewMasterKeyV0' (the test
+        // 'masterKey == phdKey' is probably redundant when we already
+        // know we have a versioned key, since all objects in v0 have
+        // a master key, but keeping it in doubt)
+        const { masterKey: phdKey } = <DelimiterMasterFilterState_WaitVersionAfterPHDV0> this.state;
+        const versionIdIndex = key.indexOf(VID_SEP);
+        if (versionIdIndex !== -1) {
+            const masterKey = key.slice(0, versionIdIndex);
+            if (masterKey === phdKey) {
+                return this.filter_onNewMasterKeyV0(masterKey, value);
+            }
+        }
+        return this.filter_onNewMasterKeyV0(key, value);
+    }
+
+    skippingBase(): string | undefined {
+        switch (this.state.id) {
+        case DelimiterMasterFilterStateId.SkippingVersionsV0:
+            const { masterKey } = <DelimiterMasterFilterState_SkippingVersionsV0> this.state;
+            return masterKey + VID_SEP;
+
+        default:
+            return super.skippingBase();
+        }
+    }
+}

lib/algos/list/delimiterVersions.js

@@ -151,6 +151,27 @@ class DelimiterVersions extends Delimiter {
         return FILTER_ACCEPT;
     }
 
+    /**
+     * Add a Common Prefix in the list
+     * @param {String} key   - object name
+     * @param {Number} index - after prefix starting point
+     * @return {Boolean}     - indicates if iteration should continue
+     */
+    addCommonPrefix(key, index) {
+        const commonPrefix = key.substring(0, index + this.delimiter.length);
+        if (this.CommonPrefixes.indexOf(commonPrefix) === -1
+                && this.NextMarker !== commonPrefix) {
+            if (this._reachedMaxKeys()) {
+                return FILTER_END;
+            }
+            this.CommonPrefixes.push(commonPrefix);
+            this.NextMarker = commonPrefix;
+            ++this.keys;
+            return FILTER_ACCEPT;
+        }
+        return FILTER_SKIP;
+    }
+
     /**
      *  Filter to apply on each iteration if bucket is in v0
      *  versioning key format, based on:
@@ -190,11 +211,15 @@ class DelimiterVersions extends Delimiter {
      *  @return {number}          - indicates if iteration should continue
      */
     filterV1(obj) {
+        if (Version.isPHD(obj.value)) {
+            // return accept to avoid skipping the next values in range
+            return FILTER_ACCEPT;
+        }
         // this function receives both M and V keys, but their prefix
         // length is the same so we can remove their prefix without
         // looking at the type of key
         return this.filterCommon(obj.key.slice(DbPrefixes.Master.length),
-                                 obj.value);
+            obj.value);
     }
 
     filterCommon(key, value) {
@@ -250,7 +275,7 @@ class DelimiterVersions extends Delimiter {
         }
         // skip to the same object key in both M and V range listings
         return [DbPrefixes.Master + skipV0,
-                DbPrefixes.Version + skipV0];
+            DbPrefixes.Version + skipV0];
     }
 
     /**

lib/algos/list/exportAlgos.js

@@ -0,0 +1,9 @@
+module.exports = {
+    Basic: require('./basic').List,
+    Delimiter: require('./delimiter').Delimiter,
+    DelimiterVersions: require('./delimiterVersions')
+        .DelimiterVersions,
+    DelimiterMaster: require('./delimiterMaster')
+        .DelimiterMaster,
+    MPU: require('./MPU').MultipartUploads,
+};

lib/algos/list/skip.js

@@ -0,0 +1,95 @@
+const assert = require('assert');
+
+const { FILTER_END, FILTER_SKIP, SKIP_NONE } = require('./tools');
+
+
+const MAX_STREAK_LENGTH = 100;
+
+/**
+ * Handle the filtering and the skip mechanism of a listing result.
+ */
+class Skip {
+    /**
+     * @param {Object} params           - skip parameters
+     * @param {Object} params.extension - delimiter extension used (required)
+     * @param {String} params.gte       - current range gte (greater than or
+     *                                    equal) used by the client code
+     */
+    constructor(params) {
+        assert(params.extension);
+
+        this.extension = params.extension;
+        this.gteParams = params.gte;
+
+        this.listingEndCb = null;
+        this.skipRangeCb = null;
+
+        /* Used to count consecutive FILTER_SKIP returned by the extension
+         * filter method. Once this counter reaches MAX_STREAK_LENGTH, the
+         * filter function tries to skip unwanted values by defining a new
+         * range. */
+        this.streakLength = 0;
+    }
+
+    setListingEndCb(cb) {
+        this.listingEndCb = cb;
+    }
+
+    setSkipRangeCb(cb) {
+        this.skipRangeCb = cb;
+    }
+
+    /**
+     * Filter an entry.
+     * @param {Object} entry - entry to filter.
+     * @return {undefined}
+     *
+     * This function calls the listing end or the skip range callbacks if
+     * needed.
+     */
+    filter(entry) {
+        assert(this.listingEndCb);
+        assert(this.skipRangeCb);
+
+        const filteringResult = this.extension.filter(entry);
+        const skippingRange = this.extension.skipping();
+
+        if (filteringResult === FILTER_END) {
+            this.listingEndCb();
+        } else if (filteringResult === FILTER_SKIP
+                   && skippingRange !== SKIP_NONE) {
+            if (++this.streakLength >= MAX_STREAK_LENGTH) {
+                let newRange;
+                if (Array.isArray(skippingRange)) {
+                    newRange = [];
+                    for (let i = 0; i < skippingRange.length; ++i) {
+                        newRange.push(this._inc(skippingRange[i]));
+                    }
+                } else {
+                    newRange = this._inc(skippingRange);
+                }
+                /* Avoid to loop on the same range again and again. */
+                if (newRange === this.gteParams) {
+                    this.streakLength = 1;
+                } else {
+                    this.skipRangeCb(newRange);
+                }
+            }
+        } else {
+            this.streakLength = 0;
+        }
+    }
+
+    _inc(str) {
+        if (!str) {
+            return str;
+        }
+        const lastCharValue = str.charCodeAt(str.length - 1);
+        const lastCharNewValue = String.fromCharCode(lastCharValue + 1);
+
+        return `${str.slice(0, str.length - 1)}${lastCharNewValue}`;
+    }
+}
+
+
+module.exports = Skip;

lib/algos/set/ArrayUtils.js

@@ -0,0 +1,87 @@
+function indexOf(arr, value) {
+    if (!arr.length) {
+        return -1;
+    }
+    let lo = 0;
+    let hi = arr.length - 1;
+
+    while (hi - lo > 1) {
+        const i = lo + ((hi - lo) >> 1);
+        if (arr[i] > value) {
+            hi = i;
+        } else {
+            lo = i;
+        }
+    }
+    if (arr[lo] === value) {
+        return lo;
+    }
+    if (arr[hi] === value) {
+        return hi;
+    }
+    return -1;
+}
+
+function indexAtOrBelow(arr, value) {
+    let i;
+    let lo;
+    let hi;
+
+    if (!arr.length || arr[0] > value) {
+        return -1;
+    }
+    if (arr[arr.length - 1] <= value) {
+        return arr.length - 1;
+    }
+
+    lo = 0;
+    hi = arr.length - 1;
+
+    while (hi - lo > 1) {
+        i = lo + ((hi - lo) >> 1);
+        if (arr[i] > value) {
+            hi = i;
+        } else {
+            lo = i;
+        }
+    }
+
+    return lo;
+}
+
+/*
+ * perform symmetric diff in O(m + n)
+ */
+function symDiff(k1, k2, v1, v2, cb) {
+    let i = 0;
+    let j = 0;
+    const n = k1.length;
+    const m = k2.length;
+
+    while (i < n && j < m) {
+        if (k1[i] < k2[j]) {
+            cb(v1[i]);
+            i++;
+        } else if (k2[j] < k1[i]) {
+            cb(v2[j]);
+            j++;
+        } else {
+            i++;
+            j++;
+        }
+    }
+    while (i < n) {
+        cb(v1[i]);
+        i++;
+    }
+    while (j < m) {
+        cb(v2[j]);
+        j++;
+    }
+}
+
+module.exports = {
+    indexOf,
+    indexAtOrBelow,
+    symDiff,
+};

lib/algos/set/SortedSet.js

@@ -0,0 +1,51 @@
+const ArrayUtils = require('./ArrayUtils');
+
+class SortedSet {
+    constructor(obj) {
+        if (obj) {
+            this.keys = obj.keys;
+            this.values = obj.values;
+        } else {
+            this.clear();
+        }
+    }
+
+    clear() {
+        this.keys = [];
+        this.values = [];
+    }
+
+    get size() {
+        return this.keys.length;
+    }
+
+    set(key, value) {
+        const index = ArrayUtils.indexAtOrBelow(this.keys, key);
+        if (this.keys[index] === key) {
+            this.values[index] = value;
+            return;
+        }
+        this.keys.splice(index + 1, 0, key);
+        this.values.splice(index + 1, 0, value);
+    }
+
+    isSet(key) {
+        const index = ArrayUtils.indexOf(this.keys, key);
+        return index >= 0;
+    }
+
+    get(key) {
+        const index = ArrayUtils.indexOf(this.keys, key);
+        return index >= 0 ? this.values[index] : undefined;
+    }
+
+    del(key) {
+        const index = ArrayUtils.indexOf(this.keys, key);
+        if (index >= 0) {
+            this.keys.splice(index, 1);
+            this.values.splice(index, 1);
+        }
+    }
+}
+
+module.exports = SortedSet;

lib/auth/AuthInfo.ts

@@ -1,6 +1,4 @@
-'use strict'; // eslint-disable-line strict
-
-const constants = require('../constants');
+import * as constants from '../constants';
 
 /**
  * Class containing requester's information received from Vault
@@ -8,9 +6,15 @@ const constants = require('../constants');
  * shortid, email, accountDisplayName and IAMdisplayName (if applicable)
  * @return {AuthInfo} an AuthInfo instance
  */
+export default class AuthInfo {
+    arn: string;
+    canonicalID: string;
+    shortid: string;
+    email: string;
+    accountDisplayName: string;
+    IAMdisplayName: string;
 
-class AuthInfo {
-    constructor(objectFromVault) {
+    constructor(objectFromVault: any) {
         // amazon resource name for IAM user (if applicable)
         this.arn = objectFromVault.arn;
         // account canonicalID
@@ -53,10 +57,8 @@ class AuthInfo {
         return this.canonicalID.startsWith(
             `${constants.zenkoServiceAccount}/`);
     }
-    isRequesterThisServiceAccount(serviceName) {
-        return this.canonicalID ===
-            `${constants.zenkoServiceAccount}/${serviceName}`;
+    isRequesterThisServiceAccount(serviceName: string) {
+        const computedCanonicalID = `${constants.zenkoServiceAccount}/${serviceName}`;
+        return this.canonicalID === computedCanonicalID;
     }
 }
-
-module.exports = AuthInfo;

lib/auth/Vault.ts

@@ -1,16 +1,22 @@
-const errors = require('../errors');
-const AuthInfo = require('./AuthInfo');
+import { Logger } from 'werelogs';
+import errors from '../errors';
+import AuthInfo from './AuthInfo';
 
 /** vaultSignatureCb parses message from Vault and instantiates
- * @param {object} err - error from vault
- * @param {object} authInfo - info from vault
- * @param {object} log - log for request
- * @param {function} callback - callback to authCheck functions
- * @param {object} [streamingV4Params] - present if v4 signature;
+ * @param err - error from vault
+ * @param authInfo - info from vault
+ * @param log - log for request
+ * @param callback - callback to authCheck functions
+ * @param [streamingV4Params] - present if v4 signature;
  * items used to calculate signature on chunks if streaming auth
- * @return {undefined}
  */
-function vaultSignatureCb(err, authInfo, log, callback, streamingV4Params) {
+function vaultSignatureCb(
+    err: Error | null,
+    authInfo: { message: { body: any } },
+    log: Logger,
+    callback: (err: Error | null, data?: any, results?: any, params?: any) => void,
+    streamingV4Params?: any
+) {
     // vaultclient API guarantees that it returns:
     // - either `err`, an Error object with `code` and `message` properties set
     // - or `err == null` and `info` is an object with `message.code` and
@@ -24,58 +30,99 @@ function vaultSignatureCb(err, authInfo, log, callback, streamingV4Params) {
     const info = authInfo.message.body;
     const userInfo = new AuthInfo(info.userInfo);
     const authorizationResults = info.authorizationResults;
-    const auditLog = { accountDisplayName: userInfo.getAccountDisplayName() };
+    const auditLog: { accountDisplayName: string, IAMdisplayName?: string } =
+        { accountDisplayName: userInfo.getAccountDisplayName() };
     const iamDisplayName = userInfo.getIAMdisplayName();
     if (iamDisplayName) {
         auditLog.IAMdisplayName = iamDisplayName;
     }
+    // @ts-ignore
     log.addDefaultFields(auditLog);
     return callback(null, userInfo, authorizationResults, streamingV4Params);
 }
 
+export type AuthV4RequestParams = {
+    version: 4;
+    log: Logger;
+    data: {
+        accessKey: string;
+        signatureFromRequest: string;
+        region: string;
+        stringToSign: string;
+        scopeDate: string;
+        authType: 'query' | 'header';
+        signatureVersion: string;
+        signatureAge?: number;
+        timestamp: number;
+        credentialScope: string;
+        securityToken: string;
+        algo: string;
+        log: Logger;
+    };
+};
 
 /**
  * Class that provides common authentication methods against different
  * authentication backends.
  * @class Vault
  */
-class Vault {
+export default class Vault {
+    client: any;
+    implName: string;
+
     /**
      * @constructor
      * @param {object} client - authentication backend or vault client
      * @param {string} implName - implementation name for auth backend
      */
-    constructor(client, implName) {
+    constructor(client: any, implName: string) {
         this.client = client;
         this.implName = implName;
     }
     /**
      * authenticateV2Request
      *
-     * @param {string} params - the authentication parameters as returned by
+     * @param params - the authentication parameters as returned by
      *                          auth.extractParams
-     * @param {number} params.version - shall equal 2
-     * @param {string} params.data.accessKey - the user's accessKey
-     * @param {string} params.data.signatureFromRequest - the signature read
+     * @param params.version - shall equal 2
+     * @param params.data.accessKey - the user's accessKey
+     * @param params.data.signatureFromRequest - the signature read
      *                                                    from the request
-     * @param {string} params.data.stringToSign - the stringToSign
-     * @param {string} params.data.algo - the hashing algorithm used for the
+     * @param params.data.stringToSign - the stringToSign
+     * @param params.data.algo - the hashing algorithm used for the
      *                                    signature
-     * @param {string} params.data.authType - the type of authentication (query
+     * @param params.data.authType - the type of authentication (query
      *                                        or header)
-     * @param {string} params.data.signatureVersion - the version of the
+     * @param params.data.signatureVersion - the version of the
      *                                                signature (AWS or AWS4)
-     * @param {number} [params.data.signatureAge] - the age of the signature in
+     * @param [params.data.signatureAge] - the age of the signature in
      *                                              ms
-     * @param {string} params.data.log - the logger object
+     * @param params.data.log - the logger object
      * @param {RequestContext []} requestContexts - an array of RequestContext
      * instances which contain information for policy authorization check
-     * @param {function} callback - callback with either error or user info
-     * @returns {undefined}
+     * @param callback - callback with either error or user info
      */
-    authenticateV2Request(params, requestContexts, callback) {
+    authenticateV2Request(
+        params: {
+            version: 2;
+            log: Logger;
+            data: {
+                securityToken: string;
+                accessKey: string;
+                signatureFromRequest: string;
+                stringToSign: string;
+                algo: string;
+                authType: 'query' | 'header';
+                signatureVersion: string;
+                signatureAge?: number;
+                log: Logger;
+            };
+        },
+        requestContexts: any[],
+        callback: (err: Error | null, data?: any) => void
+    ) {
         params.log.debug('authenticating V2 request');
-        let serializedRCsArr;
+        let serializedRCsArr: any;
         if (requestContexts) {
             serializedRCsArr = requestContexts.map(rc => rc.serialize());
         }
@@ -85,44 +132,48 @@ class Vault {
             params.data.accessKey,
             {
                 algo: params.data.algo,
+                // @ts-ignore
                 reqUid: params.log.getSerializedUids(),
                 logger: params.log,
                 securityToken: params.data.securityToken,
                 requestContext: serializedRCsArr,
             },
-            (err, userInfo) => vaultSignatureCb(err, userInfo,
-                                                params.log, callback)
+            (err: Error | null, userInfo?: any) => vaultSignatureCb(err, userInfo,
+                params.log, callback),
         );
     }
 
     /** authenticateV4Request
-     * @param {object} params - the authentication parameters as returned by
+     * @param params - the authentication parameters as returned by
      *                          auth.extractParams
-     * @param {number} params.version - shall equal 4
-     * @param {string} params.data.log - the logger object
-     * @param {string} params.data.accessKey - the user's accessKey
-     * @param {string} params.data.signatureFromRequest - the signature read
+     * @param params.version - shall equal 4
+     * @param params.data.log - the logger object
+     * @param params.data.accessKey - the user's accessKey
+     * @param params.data.signatureFromRequest - the signature read
      *                                                    from the request
-     * @param {string} params.data.region - the AWS region
-     * @param {string} params.data.stringToSign - the stringToSign
-     * @param {string} params.data.scopeDate - the timespan to allow the request
-     * @param {string} params.data.authType - the type of authentication (query
+     * @param params.data.region - the AWS region
+     * @param params.data.stringToSign - the stringToSign
+     * @param params.data.scopeDate - the timespan to allow the request
+     * @param params.data.authType - the type of authentication (query
      *                                        or header)
-     * @param {string} params.data.signatureVersion - the version of the
+     * @param params.data.signatureVersion - the version of the
      *                                                signature (AWS or AWS4)
-     * @param {number} params.data.signatureAge - the age of the signature in ms
-     * @param {number} params.data.timestamp - signaure timestamp
-     * @param {string} params.credentialScope - credentialScope for signature
+     * @param params.data.signatureAge - the age of the signature in ms
+     * @param params.data.timestamp - signaure timestamp
+     * @param params.credentialScope - credentialScope for signature
      * @param {RequestContext [] | null} requestContexts -
      * an array of RequestContext or null if authenticaiton of a chunk
      * in streamingv4 auth
      * instances which contain information for policy authorization check
-     * @param {function} callback - callback with either error or user info
-     * @return {undefined}
+     * @param callback - callback with either error or user info
     */
-    authenticateV4Request(params, requestContexts, callback) {
+    authenticateV4Request(
+        params: AuthV4RequestParams,
+        requestContexts: any[] | null,
+        callback: (err: Error | null, data?: any) => void
+    ) {
         params.log.debug('authenticating V4 request');
-        let serializedRCs;
+        let serializedRCs: any;
         if (requestContexts) {
             serializedRCs = requestContexts.map(rc => rc.serialize());
         }
@@ -140,31 +191,39 @@ class Vault {
             params.data.region,
             params.data.scopeDate,
             {
+                // @ts-ignore
                 reqUid: params.log.getSerializedUids(),
                 logger: params.log,
                 securityToken: params.data.securityToken,
                 requestContext: serializedRCs,
             },
-            (err, userInfo) => vaultSignatureCb(err, userInfo,
-                params.log, callback, streamingV4Params)
+            (err: Error | null, userInfo?: any) => vaultSignatureCb(err, userInfo,
+                params.log, callback, streamingV4Params),
         );
     }
 
     /** getCanonicalIds -- call Vault to get canonicalIDs based on email
      * addresses
-     * @param {array} emailAddresses - list of emailAddresses
-     * @param {object} log - log object
-     * @param {function} callback - callback with either error or an array
+     * @param emailAddresses - list of emailAddresses
+     * @param log - log object
+     * @param callback - callback with either error or an array
      * of objects with each object containing the canonicalID and emailAddress
      * of an account as properties
-     * @return {undefined}
     */
-    getCanonicalIds(emailAddresses, log, callback) {
+    getCanonicalIds(
+        emailAddresses: string[],
+        log: Logger,
+        callback: (
+            err: Error | null,
+            data?: { canonicalID: string; email: string }[]
+        ) => void
+    ) {
         log.trace('getting canonicalIDs from Vault based on emailAddresses',
             { emailAddresses });
         this.client.getCanonicalIds(emailAddresses,
+            // @ts-ignore
             { reqUid: log.getSerializedUids() },
-            (err, info) => {
+            (err: Error | null, info?: any) => {
                 if (err) {
                     log.debug('received error message from auth provider',
                         { errorMessage: err });
@@ -172,17 +231,17 @@ class Vault {
                 }
                 const infoFromVault = info.message.body;
                 log.trace('info received from vault', { infoFromVault });
-                const foundIds = [];
+                const foundIds: { canonicalID: string; email: string }[] = [];
                 for (let i = 0; i < Object.keys(infoFromVault).length; i++) {
                     const key = Object.keys(infoFromVault)[i];
                     if (infoFromVault[key] === 'WrongFormat'
                     || infoFromVault[key] === 'NotFound') {
                         return callback(errors.UnresolvableGrantByEmailAddress);
                     }
-                    const obj = {};
-                    obj.email = key;
-                    obj.canonicalID = infoFromVault[key];
-                    foundIds.push(obj);
+                    foundIds.push({
+                        email: key,
+                        canonicalID: infoFromVault[key],
+                    })
                 }
                 return callback(null, foundIds);
             });
@@ -190,18 +249,22 @@ class Vault {
 
     /** getEmailAddresses -- call Vault to get email addresses based on
      * canonicalIDs
-     * @param {array} canonicalIDs - list of canonicalIDs
-     * @param {object} log - log object
-     * @param {function} callback - callback with either error or an object
+     * @param canonicalIDs - list of canonicalIDs
+     * @param log - log object
+     * @param callback - callback with either error or an object
      * with canonicalID keys and email address values
-     * @return {undefined}
     */
-    getEmailAddresses(canonicalIDs, log, callback) {
+    getEmailAddresses(
+        canonicalIDs: string[],
+        log: Logger,
+        callback: (err: Error | null, data?: { [key: string]: any }) => void
+    ) {
         log.trace('getting emailAddresses from Vault based on canonicalIDs',
             { canonicalIDs });
         this.client.getEmailAddresses(canonicalIDs,
+            // @ts-ignore
             { reqUid: log.getSerializedUids() },
-            (err, info) => {
+            (err: Error | null, info?: any) => {
                 if (err) {
                     log.debug('received error message from vault',
                         { errorMessage: err });
@@ -222,6 +285,44 @@ class Vault {
             });
     }
 
+    /** getAccountIds -- call Vault to get accountIds based on
+     * canonicalIDs
+     * @param canonicalIDs - list of canonicalIDs
+     * @param log - log object
+     * @param callback - callback with either error or an object
+     * with canonicalID keys and accountId values
+    */
+    getAccountIds(
+        canonicalIDs: string[],
+        log: Logger,
+        callback: (err: Error | null, data?: { [key: string]: string }) => void
+    ) {
+        log.trace('getting accountIds from Vault based on canonicalIDs',
+        { canonicalIDs });
+        this.client.getAccountIds(canonicalIDs,
+            // @ts-expect-error
+            { reqUid: log.getSerializedUids() },
+            (err: Error | null, info?: any) => {
+                if (err) {
+                    log.debug('received error message from vault',
+                        { errorMessage: err });
+                    return callback(err);
+                }
+                const infoFromVault = info.message.body;
+                log.trace('info received from vault', { infoFromVault });
+                const result = {};
+                /* If the accountId was not found in Vault, do not
+            send the canonicalID back to the API */
+            Object.keys(infoFromVault).forEach(key => {
+                if (infoFromVault[key] !== 'NotFound' &&
+                infoFromVault[key] !== 'WrongFormat') {
+                    result[key] = infoFromVault[key];
+                }
+            });
+            return callback(null, result);
+        });
+    }
+
     /** checkPolicies -- call Vault to evaluate policies
      * @param {object} requestContextParams - parameters needed to construct
      * requestContext in Vault
@@ -234,14 +335,19 @@ class Vault {
      * @param {object} log - log object
      * @param {function} callback - callback with either error or an array
      * of authorization results
-     * @return {undefined}
     */
-    checkPolicies(requestContextParams, userArn, log, callback) {
+    checkPolicies(
+        requestContextParams: any[],
+        userArn: string,
+        log: Logger,
+        callback: (err: Error | null, data?: any[]) => void
+    ) {
         log.trace('sending request context params to vault to evaluate' +
         'policies');
         this.client.checkPolicies(requestContextParams, userArn, {
+            // @ts-ignore
             reqUid: log.getSerializedUids(),
-        }, (err, info) => {
+        }, (err: Error | null, info?: any) => {
             if (err) {
                 log.debug('received error message from auth provider',
                     { error: err });
@@ -252,13 +358,14 @@ class Vault {
         });
     }
 
-    checkHealth(log, callback) {
+    checkHealth(log: Logger, callback: (err: Error | null, data?: any) => void) {
         if (!this.client.healthcheck) {
             const defResp = {};
             defResp[this.implName] = { code: 200, message: 'OK' };
             return callback(null, defResp);
         }
-        return this.client.healthcheck(log.getSerializedUids(), (err, obj) => {
+        // @ts-ignore
+        return this.client.healthcheck(log.getSerializedUids(), (err: Error | null, obj?: any) => {
             const respBody = {};
             if (err) {
                 log.debug(`error from ${this.implName}`, { error: err });
@@ -278,5 +385,3 @@ class Vault {
         });
     }
 }
-
-module.exports = Vault;

lib/auth/auth.ts

@@ -1,22 +1,21 @@
-'use strict'; // eslint-disable-line strict
+import * as crypto from 'crypto';
+import { Logger } from 'werelogs';
+import errors from '../errors';
+import * as queryString from 'querystring';
+import AuthInfo from './AuthInfo';
+import * as v2 from './v2/authV2';
+import * as v4 from './v4/authV4';
+import * as constants from '../constants';
+import constructStringToSignV2 from './v2/constructStringToSign';
+import constructStringToSignV4 from './v4/constructStringToSign';
+import { convertUTCtoISO8601 } from './v4/timeUtils';
+import * as vaultUtilities from './in_memory/vaultUtilities';
+import * as backend from './in_memory/Backend';
+import validateAuthConfig from './in_memory/validateAuthConfig';
+import AuthLoader from './in_memory/AuthLoader';
+import Vault from './Vault';
 
-const crypto = require('crypto');
-const errors = require('../errors');
-const queryString = require('querystring');
-const AuthInfo = require('./AuthInfo');
-const v2 = require('./v2/authV2');
-const v4 = require('./v4/authV4');
-const constants = require('../constants');
-const constructStringToSignV2 = require('./v2/constructStringToSign');
-const constructStringToSignV4 = require('./v4/constructStringToSign');
-const convertUTCtoISO8601 = require('./v4/timeUtils').convertUTCtoISO8601;
-const vaultUtilities = require('./in_memory/vaultUtilities');
-const backend = require('./in_memory/Backend');
-const validateAuthConfig = require('./in_memory/validateAuthConfig');
-const AuthLoader = require('./in_memory/AuthLoader');
-const Vault = require('./Vault');
-
-let vault = null;
+let vault: Vault | null = null;
 const auth = {};
 const checkFunctions = {
     v2: {
@@ -33,7 +32,7 @@ const checkFunctions = {
 // 'All Users Group' so use this group as the canonicalID for the publicUser
 const publicUserInfo = new AuthInfo({ canonicalID: constants.publicId });
 
-function setAuthHandler(handler) {
+function setAuthHandler(handler: Vault) {
     vault = handler;
     return auth;
 }
@@ -41,25 +40,30 @@ function setAuthHandler(handler) {
 /**
  * This function will check validity of request parameters to authenticate
  *
- * @param {Http.Request} request - Http request object
- * @param {object} log - Logger object
- * @param {string} awsService - Aws service related
- * @param {object} data - Parameters from queryString parsing or body of
+ * @param request - Http request object
+ * @param log - Logger object
+ * @param awsService - Aws service related
+ * @param data - Parameters from queryString parsing or body of
  *      POST request
  *
- * @return {object} ret
- * @return {object} ret.err - arsenal.errors object if any error was found
- * @return {object} ret.params - auth parameters to use later on for signature
+ * @return ret
+ * @return ret.err - arsenal.errors object if any error was found
+ * @return ret.params - auth parameters to use later on for signature
  *                               computation and check
- * @return {object} ret.params.version - the auth scheme version
+ * @return ret.params.version - the auth scheme version
  *                                       (undefined, 2, 4)
- * @return {object} ret.params.data - the auth scheme's specific data
+ * @return ret.params.data - the auth scheme's specific data
  */
-function extractParams(request, log, awsService, data) {
+function extractParams(
+    request: any,
+    log: Logger,
+    awsService: string,
+    data: { [key: string]: string }
+) {
     log.trace('entered', { method: 'Arsenal.auth.server.extractParams' });
     const authHeader = request.headers.authorization;
-    let version = null;
-    let method = null;
+    let version: 'v2' |'v4' | null = null;
+    let method: 'query' | 'headers' | null = null;
 
     // Identify auth version and method to dispatch to the right check function
     if (authHeader) {
@@ -102,16 +106,21 @@ function extractParams(request, log, awsService, data) {
 /**
  * This function will check validity of request parameters to authenticate
  *
- * @param {Http.Request} request - Http request object
- * @param {object} log - Logger object
- * @param {function} cb - the callback
- * @param {string} awsService - Aws service related
+ * @param request - Http request object
+ * @param log - Logger object
+ * @param cb - the callback
+ * @param awsService - Aws service related
  * @param {RequestContext[] | null} requestContexts - array of RequestContext
  * or null if no requestContexts to be sent to Vault (for instance,
  * in multi-object delete request)
- * @return {undefined}
  */
-function doAuth(request, log, cb, awsService, requestContexts) {
+function doAuth(
+    request: any,
+    log: Logger,
+    cb: (err: Error | null, data?: any) => void,
+    awsService: string,
+    requestContexts: any[] | null
+) {
     const res = extractParams(request, log, awsService, request.query);
     if (res.err) {
         return cb(res.err);
@@ -119,23 +128,31 @@ function doAuth(request, log, cb, awsService, requestContexts) {
         return cb(null, res.params);
     }
     if (requestContexts) {
-        requestContexts.forEach(requestContext => {
-            requestContext.setAuthType(res.params.data.authType);
-            requestContext.setSignatureVersion(res.params
-                .data.signatureVersion);
-            requestContext.setSignatureAge(res.params.data.signatureAge);
-            requestContext.setSecurityToken(res.params.data.securityToken);
+        requestContexts.forEach((requestContext) => {
+            const { params } = res
+            if ('data' in params) {
+                const { data } = params
+                requestContext.setAuthType(data.authType);
+                requestContext.setSignatureVersion(data.signatureVersion);
+                requestContext.setSecurityToken(data.securityToken);
+                if ('signatureAge' in data) {
+                    requestContext.setSignatureAge(data.signatureAge);
+                }
+            }
         });
     }
 
     // Corner cases managed, we're left with normal auth
+    // TODO What's happening here?
+    // @ts-ignore
     res.params.log = log;
     if (res.params.version === 2) {
-        return vault.authenticateV2Request(res.params, requestContexts, cb);
+        // @ts-ignore
+        return vault!.authenticateV2Request(res.params, requestContexts, cb);
     }
     if (res.params.version === 4) {
-        return vault.authenticateV4Request(res.params, requestContexts, cb,
-            awsService);
+        // @ts-ignore
+        return vault!.authenticateV4Request(res.params, requestContexts, cb);
     }
 
     log.error('authentication method not found', {
@@ -144,20 +161,44 @@ function doAuth(request, log, cb, awsService, requestContexts) {
     return cb(errors.InternalError);
 }
 
+/**
+ * This function will generate a version 4 content-md5 header
+ * It looks at the request path to determine what kind of header encoding is required
+ *
+ * @param path - the request path
+ * @param payload - the request payload to hash
+ */
+function generateContentMD5Header(
+    path: string,
+    payload: string,
+) {
+    const encoding = path && path.startsWith('/_/backbeat/') ? 'hex' : 'base64';
+    return crypto.createHash('md5').update(payload, 'binary').digest(encoding);
+}
 /**
  * This function will generate a version 4 header
  *
- * @param {Http.Request} request - Http request object
- * @param {object} data - Parameters from queryString parsing or body of
+ * @param request - Http request object
+ * @param data - Parameters from queryString parsing or body of
  *                        POST request
- * @param {string} accessKey - the accessKey
- * @param {string} secretKeyValue - the secretKey
- * @param {string} awsService - Aws service related
- * @param {sting} [proxyPath] - path that gets proxied by reverse proxy
- * @return {undefined}
+ * @param accessKey - the accessKey
+ * @param secretKeyValue - the secretKey
+ * @param awsService - Aws service related
+ * @param [proxyPath] - path that gets proxied by reverse proxy
+ * @param [sessionToken] - security token if the access/secret keys
+ *                                are temporary credentials from STS
+ * @param [payload] - body of the request if any
  */
-function generateV4Headers(request, data, accessKey, secretKeyValue,
-                           awsService, proxyPath) {
+function generateV4Headers(
+    request: any,
+    data: { [key: string]: string },
+    accessKey: string,
+    secretKeyValue: string,
+    awsService: string,
+    proxyPath?: string,
+    sessionToken?: string,
+    payload?: string,
+) {
     Object.assign(request, { headers: {} });
     const amzDate = convertUTCtoISO8601(Date.now());
     // get date without time
@@ -169,9 +210,9 @@ function generateV4Headers(request, data, accessKey, secretKeyValue,
     const timestamp = amzDate;
     const algorithm = 'AWS4-HMAC-SHA256';
 
-    let payload = '';
+    payload = payload || '';
     if (request.method === 'POST') {
-        payload = queryString.stringify(data, null, null, {
+        payload = queryString.stringify(data, undefined, undefined, {
             encodeURIComponent,
         });
     }
@@ -180,11 +221,18 @@ function generateV4Headers(request, data, accessKey, secretKeyValue,
     request.setHeader('host', request._headers.host);
     request.setHeader('x-amz-date', amzDate);
     request.setHeader('x-amz-content-sha256', payloadChecksum);
+    request.setHeader('content-md5', generateContentMD5Header(request.path, payload));
+
+    if (sessionToken) {
+        request.setHeader('x-amz-security-token', sessionToken);
+    }
+
     Object.assign(request.headers, request._headers);
     const signedHeaders = Object.keys(request._headers)
         .filter(headerName =>
             headerName.startsWith('x-amz-')
             || headerName.startsWith('x-scal-')
+            || headerName === 'content-md5'
             || headerName === 'host'
         ).sort().join(';');
     const params = { request, signedHeaders, payloadChecksum,
@@ -196,7 +244,7 @@ function generateV4Headers(request, data, accessKey, secretKeyValue,
                                                           scopeDate,
                                                           service);
     const signature = crypto.createHmac('sha256', signingKey)
-        .update(stringToSign, 'binary').digest('hex');
+        .update(stringToSign as string, 'binary').digest('hex');
     const authorizationHeader = `${algorithm} Credential=${accessKey}` +
         `/${credentialScope}, SignedHeaders=${signedHeaders}, ` +
         `Signature=${signature}`;
@@ -204,21 +252,11 @@ function generateV4Headers(request, data, accessKey, secretKeyValue,
     Object.assign(request, { headers: {} });
 }
 
-module.exports = {
-    setHandler: setAuthHandler,
-    server: {
-        extractParams,
-        doAuth,
-    },
-    client: {
-        generateV4Headers,
-        constructStringToSignV2,
-    },
-    inMemory: {
-        backend,
-        validateAuthConfig,
-        AuthLoader,
-    },
+export const server = { extractParams, doAuth }
+export const client = { generateV4Headers, constructStringToSignV2 }
+export const inMemory = { backend, validateAuthConfig, AuthLoader }
+export {
+    setAuthHandler as setHandler,
     AuthInfo,
-    Vault,
-};
+    Vault
+}

lib/auth/in_memory/AuthLoader.js

@@ -1,223 +0,0 @@
-const fs = require('fs');
-const glob = require('simple-glob');
-const joi = require('@hapi/joi');
-const werelogs = require('werelogs');
-
-const ARN = require('../../models/ARN');
-
-/**
- * Load authentication information from files or pre-loaded account
- * objects
- *
- * @class AuthLoader
- */
-class AuthLoader {
-    constructor(logApi) {
-        this._log = new (logApi || werelogs).Logger('S3');
-        this._authData = { accounts: [] };
-        // null: unknown validity, true/false: valid or invalid
-        this._isValid = null;
-
-        this._joiKeysValidator = joi.array()
-            .items({
-                access: joi.string().required(),
-                secret: joi.string().required(),
-            })
-            .required();
-
-        const accountsJoi = joi.array()
-                .items({
-                    name: joi.string().required(),
-                    email: joi.string().email().required(),
-                    arn: joi.string().required(),
-                    canonicalID: joi.string().required(),
-                    shortid: joi.string().regex(/^[0-9]{12}$/).required(),
-                    keys: this._joiKeysValidator,
-                    // backward-compat
-                    users: joi.array(),
-                })
-                .required()
-                .unique('arn')
-                .unique('email')
-                .unique('canonicalID');
-        this._joiValidator = joi.object({ accounts: accountsJoi });
-    }
-
-    /**
-     * add one or more accounts to the authentication info
-     *
-     * @param {object} authData - authentication data
-     * @param {object[]} authData.accounts - array of account data
-     * @param {string} authData.accounts[].name - account name
-     * @param {string} authData.accounts[].email: email address
-     * @param {string} authData.accounts[].arn: account ARN,
-     *   e.g. 'arn:aws:iam::123456789012:root'
-     * @param {string} authData.accounts[].canonicalID account
-     *   canonical ID
-     * @param {string} authData.accounts[].shortid account ID number,
-     *   e.g. '123456789012'
-     * @param {object[]} authData.accounts[].keys array of
-     *   access/secret keys
-     * @param {object[]} authData.accounts[].keys[].access access key
-     * @param {object[]} authData.accounts[].keys[].secret secret key
-     * @param {string} [filePath] - optional file path info for
-     *   logging purpose
-     * @return {undefined}
-     */
-    addAccounts(authData, filePath) {
-        const isValid = this._validateData(authData, filePath);
-        if (isValid) {
-            this._authData.accounts =
-                this._authData.accounts.concat(authData.accounts);
-            // defer validity checking when getting data to avoid
-            // logging multiple times the errors (we need to validate
-            // all accounts at once to detect duplicate values)
-            if (this._isValid) {
-                this._isValid = null;
-            }
-        } else {
-            this._isValid = false;
-        }
-    }
-
-    /**
-     * add account information from a file
-     *
-     * @param {string} filePath - file path containing JSON
-     *   authentication info (see {@link addAccounts()} for format)
-     * @return {undefined}
-     */
-    addFile(filePath) {
-        const authData = JSON.parse(fs.readFileSync(filePath));
-        this.addAccounts(authData, filePath);
-    }
-
-    /**
-     * add account information from a filesystem path
-     *
-     * @param {string|string[]} globPattern - filesystem glob pattern,
-     *   can be a single string or an array of glob patterns. Globs
-     *   can be simple file paths or can contain glob matching
-     *   characters, like '/a/b/*.json'. The matching files are
-     *   individually loaded as JSON and accounts are added. See
-     *   {@link addAccounts()} for JSON format.
-     * @return {undefined}
-     */
-    addFilesByGlob(globPattern) {
-        const files = glob(globPattern);
-        files.forEach(filePath => this.addFile(filePath));
-    }
-
-    /**
-     * perform validation on authentication info previously
-     * loaded. Note that it has to be done on the entire set after an
-     * update to catch duplicate account IDs or access keys.
-     *
-     * @return {boolean} true if authentication info is valid
-     *                   false otherwise
-     */
-    validate() {
-        if (this._isValid === null) {
-            this._isValid = this._validateData(this._authData);
-        }
-        return this._isValid;
-    }
-
-    /**
-     * get authentication info as a plain JS object containing all accounts
-     * under the "accounts" attribute, with validation.
-     *
-     * @return {object|null} the validated authentication data
-     *                       null if invalid
-     */
-    getData() {
-        return this.validate() ? this._authData : null;
-    }
-
-    _validateData(authData, filePath) {
-        const res = joi.validate(authData, this._joiValidator,
-                                 { abortEarly: false });
-        if (res.error) {
-            this._dumpJoiErrors(res.error.details, filePath);
-            return false;
-        }
-        let allKeys = [];
-        let arnError = false;
-        const validatedAuth = res.value;
-        validatedAuth.accounts.forEach(account => {
-            // backward-compat: ignore arn if starts with 'aws:' and log a
-            // warning
-            if (account.arn.startsWith('aws:')) {
-                this._log.error(
-                    'account must have a valid AWS ARN, legacy examples ' +
-                        'starting with \'aws:\' are not supported anymore. ' +
-                        'Please convert to a proper account entry (see ' +
-                        'examples at https://github.com/scality/S3/blob/' +
-                        'master/conf/authdata.json). Also note that support ' +
-                        'for account users has been dropped.',
-                    { accountName: account.name, accountArn: account.arn,
-                      filePath });
-                arnError = true;
-                return;
-            }
-            if (account.users) {
-                this._log.error(
-                    'support for account users has been dropped, consider ' +
-                        'turning users into account entries (see examples at ' +
-                        'https://github.com/scality/S3/blob/master/conf/' +
-                        'authdata.json)',
-                    { accountName: account.name, accountArn: account.arn,
-                      filePath });
-                arnError = true;
-                return;
-            }
-            const arnObj = ARN.createFromString(account.arn);
-            if (arnObj.error) {
-                this._log.error(
-                    'authentication config validation error',
-                    { reason: arnObj.error.description,
-                      accountName: account.name, accountArn: account.arn,
-                      filePath });
-                arnError = true;
-                return;
-            }
-            if (!arnObj.isIAMAccount()) {
-                this._log.error(
-                    'authentication config validation error',
-                    { reason: 'not an IAM account ARN',
-                      accountName: account.name, accountArn: account.arn,
-                      filePath });
-                arnError = true;
-                return;
-            }
-            allKeys = allKeys.concat(account.keys);
-        });
-        if (arnError) {
-            return false;
-        }
-        const uniqueKeysRes = joi.validate(
-            allKeys, this._joiKeysValidator.unique('access'));
-        if (uniqueKeysRes.error) {
-            this._dumpJoiErrors(uniqueKeysRes.error.details, filePath);
-            return false;
-        }
-        return true;
-    }
-
-    _dumpJoiErrors(errors, filePath) {
-        errors.forEach(err => {
-            const logInfo = { item: err.path, filePath };
-            if (err.type === 'array.unique') {
-                logInfo.reason = `duplicate value '${err.context.path}'`;
-                logInfo.dupValue = err.context.value[err.context.path];
-            } else {
-                logInfo.reason = err.message;
-                logInfo.context = err.context;
-            }
-            this._log.error('authentication config validation error',
-                            logInfo);
-        });
-    }
-}
-
-module.exports = AuthLoader;

lib/auth/in_memory/AuthLoader.ts

@@ -0,0 +1,204 @@
+import * as fs from 'fs';
+import glob from 'simple-glob';
+import joi from 'joi';
+import werelogs from 'werelogs';
+import * as types from './types';
+import { Account, Accounts } from './types';
+import ARN from '../../models/ARN';
+
+/** Load authentication information from files or pre-loaded account objects */
+export default class AuthLoader {
+    #log: werelogs.Logger;
+    #authData: Accounts;
+    #isValid: 'waiting-for-validation' | 'valid' | 'invalid';
+
+    constructor(logApi: { Logger: typeof werelogs.Logger } = werelogs) {
+        this.#log = new logApi.Logger('S3');
+        this.#authData = { accounts: [] };
+        this.#isValid = 'waiting-for-validation';
+    }
+
+    /** Add one or more accounts to the authentication info */
+    addAccounts(authData: Accounts, filePath?: string) {
+        const isValid = this.#isAuthDataValid(authData, filePath);
+        if (isValid) {
+            this.#authData.accounts = [
+                ...this.#authData.accounts,
+                ...authData.accounts,
+            ];
+            // defer validity checking when getting data to avoid
+            // logging multiple times the errors (we need to validate
+            // all accounts at once to detect duplicate values)
+            if (this.#isValid === 'valid') {
+                this.#isValid = 'waiting-for-validation';
+            }
+        } else {
+            this.#isValid = 'invalid';
+        }
+    }
+
+    /**
+     * Add account information from a file. Use { legacy: false } as an option
+     *  to use the new, Promise-based version.
+     *
+     * @param filePath - file path containing JSON
+     *   authentication info (see {@link addAccounts()} for format)
+     */
+    addFile(filePath: string, options: { legacy: false }): Promise<void>;
+    /** @deprecated Please use Promise-version instead. */
+    addFile(filePath: string, options?: { legacy: true }): void;
+    addFile(filePath: string, options = { legacy: true }) {
+        // On deprecation, remove the legacy part and keep the promises.
+        const readFunc: any = options.legacy ? fs.readFileSync : fs.promises.readFile;
+        const readResult = readFunc(filePath, 'utf8') as Promise<string> | string;
+        const prom = Promise.resolve(readResult).then((data) => {
+            const authData = JSON.parse(data);
+            this.addAccounts(authData, filePath);
+        });
+        return options.legacy ? undefined : prom;
+    }
+
+    /**
+     * Add account information from a filesystem path
+     *
+     * @param globPattern - filesystem glob pattern,
+     *   can be a single string or an array of glob patterns. Globs
+     *   can be simple file paths or can contain glob matching
+     *   characters, like '/a/b/*.json'. The matching files are
+     *   individually loaded as JSON and accounts are added. See
+     *   {@link addAccounts()} for JSON format.
+     */
+    addFilesByGlob(globPattern: string | string[]) {
+        // FIXME switch glob to async version
+        const files = glob(globPattern);
+        files.forEach((filePath) => this.addFile(filePath));
+    }
+
+    /**
+     * Perform validation on authentication info previously
+     * loaded. Note that it has to be done on the entire set after an
+     * update to catch duplicate account IDs or access keys.
+     */
+    validate() {
+        if (this.#isValid === 'waiting-for-validation') {
+            const isValid = this.#isAuthDataValid(this.#authData);
+            this.#isValid = isValid ? 'valid' : 'invalid';
+        }
+        return this.#isValid === 'valid';
+    }
+
+    /**
+     * Get authentication info as a plain JS object containing all accounts
+     * under the "accounts" attribute, with validation.
+     */
+    get data() {
+        return this.validate() ? this.#authData : null;
+    }
+
+    /** backward-compat: ignore arn if starts with 'aws:' and log a warning */
+    #isNotLegacyAWSARN(account: Account, filePath?: string) {
+        if (account.arn.startsWith('aws:')) {
+            const { name: accountName, arn: accountArn } = account;
+            this.#log.error(
+                'account must have a valid AWS ARN, legacy examples ' +
+                    "starting with 'aws:' are not supported anymore. " +
+                    'Please convert to a proper account entry (see ' +
+                    'examples at https://github.com/scality/S3/blob/' +
+                    'master/conf/authdata.json). Also note that support ' +
+                    'for account users has been dropped.',
+                { accountName, accountArn, filePath }
+            );
+            return false;
+        }
+        return true;
+    }
+
+    #isValidUsers(account: Account, filePath?: string) {
+        if (account.users) {
+            const { name: accountName, arn: accountArn } = account;
+            this.#log.error(
+                'support for account users has been dropped, consider ' +
+                    'turning users into account entries (see examples at ' +
+                    'https://github.com/scality/S3/blob/master/conf/' +
+                    'authdata.json)',
+                { accountName, accountArn, filePath }
+            );
+            return false;
+        }
+        return true;
+    }
+
+    #isValidARN(account: Account, filePath?: string) {
+        const arnObj = ARN.createFromString(account.arn);
+        const { name: accountName, arn: accountArn } = account;
+        if (arnObj instanceof ARN) {
+            if (!arnObj.isIAMAccount()) {
+                this.#log.error('authentication config validation error', {
+                    reason: 'not an IAM account ARN',
+                    accountName,
+                    accountArn,
+                    filePath,
+                });
+                return false;
+            }
+        } else {
+            this.#log.error('authentication config validation error', {
+                reason: arnObj.error.description,
+                accountName,
+                accountArn,
+                filePath,
+            });
+            return false;
+        }
+        return true;
+    }
+
+    #isAuthDataValid(authData: any, filePath?: string) {
+        const options = { abortEarly: true };
+        const response = types.validators.accounts.validate(authData, options);
+        if (response.error) {
+            this.#dumpJoiErrors(response.error.details, filePath);
+            return false;
+        }
+        const validAccounts = response.value.accounts.filter(
+            (account: Account) =>
+                this.#isNotLegacyAWSARN(account, filePath) &&
+                this.#isValidUsers(account, filePath) &&
+                this.#isValidARN(account, filePath)
+        );
+        const areSomeInvalidAccounts =
+            validAccounts.length !== response.value.accounts.length;
+        if (areSomeInvalidAccounts) {
+            return false;
+        }
+        const keys = validAccounts.flatMap((account) => account.keys);
+        const uniqueKeysValidator = types.validators.keys.unique('access');
+        const areKeysUnique = uniqueKeysValidator.validate(keys);
+        if (areKeysUnique.error) {
+            this.#dumpJoiErrors(areKeysUnique.error.details, filePath);
+            return false;
+        }
+        return true;
+    }
+
+    #dumpJoiErrors(errors: joi.ValidationErrorItem[], filePath?: string) {
+        errors.forEach((err) => {
+            const baseLogInfo = { item: err.path, filePath };
+            const logInfo = () => {
+                if (err.type === 'array.unique') {
+                    const reason = `duplicate value '${err.context?.path}'`;
+                    const dupValue = err.context?.value[err.context.path];
+                    return { ...baseLogInfo, reason, dupValue };
+                } else {
+                    const reason = err.message;
+                    const context = err.context;
+                    return { ...baseLogInfo, reason, context };
+                }
+            };
+            this.#log.error(
+                'authentication config validation error',
+                logInfo()
+            );
+        });
+    }
+}

lib/auth/in_memory/Backend.js

@@ -1,189 +0,0 @@
-'use strict'; // eslint-disable-line strict
-
-const crypto = require('crypto');
-
-const errors = require('../../errors');
-const calculateSigningKey = require('./vaultUtilities').calculateSigningKey;
-const hashSignature = require('./vaultUtilities').hashSignature;
-const Indexer = require('./Indexer');
-
-function _formatResponse(userInfoToSend) {
-    return {
-        message: {
-            body: { userInfo: userInfoToSend },
-        },
-    };
-}
-
-/**
- * Class that provides a memory backend for verifying signatures and getting
- * emails and canonical ids associated with an account.
- *
- * @class Backend
- */
-class Backend {
-    /**
-     * @constructor
-     * @param {string} service - service identifer for construction arn
-     * @param {Indexer} indexer - indexer instance for retrieving account info
-     * @param {function} formatter - function which accepts user info to send
-     * back and returns it in an object
-     */
-    constructor(service, indexer, formatter) {
-        this.service = service;
-        this.indexer = indexer;
-        this.formatResponse = formatter;
-    }
-
-    /** verifySignatureV2
-    * @param {string} stringToSign - string to sign built per AWS rules
-    * @param {string} signatureFromRequest - signature sent with request
-    * @param {string} accessKey - account accessKey
-    * @param {object} options - contains algorithm (SHA1 or SHA256)
-    * @param {function} callback - callback with either error or user info
-    * @return {function} calls callback
-    */
-    verifySignatureV2(stringToSign, signatureFromRequest,
-        accessKey, options, callback) {
-        const entity = this.indexer.getEntityByKey(accessKey);
-        if (!entity) {
-            return callback(errors.InvalidAccessKeyId);
-        }
-        const secretKey = this.indexer.getSecretKey(entity, accessKey);
-        const reconstructedSig =
-            hashSignature(stringToSign, secretKey, options.algo);
-        if (signatureFromRequest !== reconstructedSig) {
-            return callback(errors.SignatureDoesNotMatch);
-        }
-        const userInfoToSend = {
-            accountDisplayName: this.indexer.getAcctDisplayName(entity),
-            canonicalID: entity.canonicalID,
-            arn: entity.arn,
-            IAMdisplayName: entity.IAMdisplayName,
-        };
-        const vaultReturnObject = this.formatResponse(userInfoToSend);
-        return callback(null, vaultReturnObject);
-    }
-
-
-    /** verifySignatureV4
-     * @param {string} stringToSign - string to sign built per AWS rules
-     * @param {string} signatureFromRequest - signature sent with request
-     * @param {string} accessKey - account accessKey
-     * @param {string} region - region specified in request credential
-     * @param {string} scopeDate - date specified in request credential
-     * @param {object} options - options to send to Vault
-     * (just contains reqUid for logging in Vault)
-     * @param {function} callback - callback with either error or user info
-     * @return {function} calls callback
-     */
-    verifySignatureV4(stringToSign, signatureFromRequest, accessKey,
-        region, scopeDate, options, callback) {
-        const entity = this.indexer.getEntityByKey(accessKey);
-        if (!entity) {
-            return callback(errors.InvalidAccessKeyId);
-        }
-        const secretKey = this.indexer.getSecretKey(entity, accessKey);
-        const signingKey = calculateSigningKey(secretKey, region, scopeDate);
-        const reconstructedSig = crypto.createHmac('sha256', signingKey)
-            .update(stringToSign, 'binary').digest('hex');
-        if (signatureFromRequest !== reconstructedSig) {
-            return callback(errors.SignatureDoesNotMatch);
-        }
-        const userInfoToSend = {
-            accountDisplayName: this.indexer.getAcctDisplayName(entity),
-            canonicalID: entity.canonicalID,
-            arn: entity.arn,
-            IAMdisplayName: entity.IAMdisplayName,
-        };
-        const vaultReturnObject = this.formatResponse(userInfoToSend);
-        return callback(null, vaultReturnObject);
-    }
-
-    /**
-     * Gets canonical ID's for a list of accounts
-     * based on email associated with account
-     * @param {array} emails - list of email addresses
-     * @param {object} log - log object
-     * @param {function} cb - callback to calling function
-     * @returns {function} callback with either error or
-     * object with email addresses as keys and canonical IDs
-     * as values
-     */
-    getCanonicalIds(emails, log, cb) {
-        const results = {};
-        emails.forEach(email => {
-            const lowercasedEmail = email.toLowerCase();
-            const entity = this.indexer.getEntityByEmail(lowercasedEmail);
-            if (!entity) {
-                results[email] = 'NotFound';
-            } else {
-                results[email] =
-                    entity.canonicalID;
-            }
-        });
-        const vaultReturnObject = {
-            message: {
-                body: results,
-            },
-        };
-        return cb(null, vaultReturnObject);
-    }
-
-    /**
-     * Gets email addresses (referred to as diplay names for getACL's)
-     * for a list of accounts based on canonical IDs associated with account
-     * @param {array} canonicalIDs - list of canonicalIDs
-     * @param {object} options - to send log id to vault
-     * @param {function} cb - callback to calling function
-     * @returns {function} callback with either error or
-     * an object from Vault containing account canonicalID
-     * as each object key and an email address as the value (or "NotFound")
-     */
-    getEmailAddresses(canonicalIDs, options, cb) {
-        const results = {};
-        canonicalIDs.forEach(canonicalId => {
-            const foundEntity = this.indexer.getEntityByCanId(canonicalId);
-            if (!foundEntity || !foundEntity.email) {
-                results[canonicalId] = 'NotFound';
-            } else {
-                results[canonicalId] = foundEntity.email;
-            }
-        });
-        const vaultReturnObject = {
-            message: {
-                body: results,
-            },
-        };
-        return cb(null, vaultReturnObject);
-    }
-}
-
-
-class S3AuthBackend extends Backend {
-    /**
-     * @constructor
-     * @param {object} authdata - the authentication config file's data
-     * @param {object[]} authdata.accounts - array of account objects
-     * @param {string=} authdata.accounts[].name - account name
-     * @param {string} authdata.accounts[].email - account email
-     * @param {string} authdata.accounts[].arn - IAM resource name
-     * @param {string} authdata.accounts[].canonicalID - account canonical ID
-     * @param {string} authdata.accounts[].shortid - short account ID
-     * @param {object[]=} authdata.accounts[].keys - array of key objects
-     * @param {string} authdata.accounts[].keys[].access - access key
-     * @param {string} authdata.accounts[].keys[].secret - secret key
-     * @return {undefined}
-     */
-    constructor(authdata) {
-        super('s3', new Indexer(authdata), _formatResponse);
-    }
-
-    refreshAuthData(authData) {
-        this.indexer = new Indexer(authData);
-    }
-}
-
-module.exports = {
-    s3: S3AuthBackend,
-};

lib/auth/in_memory/Backend.ts

@@ -0,0 +1,194 @@
+import * as crypto from 'crypto';
+import errors from '../../errors';
+import { calculateSigningKey, hashSignature } from './vaultUtilities';
+import Indexer from './Indexer';
+import { Accounts } from './types';
+
+function _formatResponse(userInfoToSend: any) {
+    return {
+        message: {
+            body: { userInfo: userInfoToSend },
+        },
+    };
+}
+
+/**
+ * Class that provides a memory backend for verifying signatures and getting
+ * emails and canonical ids associated with an account.
+ */
+class Backend {
+    indexer: Indexer;
+    service: string;
+
+    constructor(service: string, indexer: Indexer) {
+        this.service = service;
+        this.indexer = indexer;
+    }
+
+    // CODEQUALITY-TODO-SYNC Should be synchronous
+    verifySignatureV2(
+        stringToSign: string,
+        signatureFromRequest: string,
+        accessKey: string,
+        options: { algo: 'SHA256' | 'SHA1' },
+        callback: (
+            error: Error | null,
+            data?: ReturnType<typeof _formatResponse>
+        ) => void
+    ) {
+        const entity = this.indexer.getEntityByKey(accessKey);
+        if (!entity) {
+            return callback(errors.InvalidAccessKeyId);
+        }
+        const secretKey = this.indexer.getSecretKey(entity, accessKey);
+        const reconstructedSig =
+            hashSignature(stringToSign, secretKey, options.algo);
+        if (signatureFromRequest !== reconstructedSig) {
+            return callback(errors.SignatureDoesNotMatch);
+        }
+        const userInfoToSend = {
+            accountDisplayName: this.indexer.getAcctDisplayName(entity),
+            canonicalID: entity.canonicalID,
+            arn: entity.arn,
+            // TODO Why?
+            // @ts-ignore
+            IAMdisplayName: entity.IAMdisplayName,
+        };
+        const vaultReturnObject = _formatResponse(userInfoToSend);
+        return callback(null, vaultReturnObject);
+    }
+
+    // TODO Options not used. Why ?
+    // CODEQUALITY-TODO-SYNC Should be synchronous
+    verifySignatureV4(
+        stringToSign: string,
+        signatureFromRequest: string,
+        accessKey: string,
+        region: string,
+        scopeDate: string,
+        _options: { algo: 'SHA256' | 'SHA1' },
+        callback: (
+            err: Error | null,
+            data?: ReturnType<typeof _formatResponse>
+        ) => void
+    ) {
+        const entity = this.indexer.getEntityByKey(accessKey);
+        if (!entity) {
+            return callback(errors.InvalidAccessKeyId);
+        }
+        const secretKey = this.indexer.getSecretKey(entity, accessKey);
+        const signingKey = calculateSigningKey(secretKey, region, scopeDate);
+        const reconstructedSig = crypto.createHmac('sha256', signingKey)
+            .update(stringToSign, 'binary').digest('hex');
+        if (signatureFromRequest !== reconstructedSig) {
+            return callback(errors.SignatureDoesNotMatch);
+        }
+        const userInfoToSend = {
+            accountDisplayName: this.indexer.getAcctDisplayName(entity),
+            canonicalID: entity.canonicalID,
+            arn: entity.arn,
+            // TODO Why?
+            // @ts-ignore
+            IAMdisplayName: entity.IAMdisplayName,
+        };
+        const vaultReturnObject = _formatResponse(userInfoToSend);
+        return callback(null, vaultReturnObject);
+    }
+
+    // TODO log not used. Why ?
+    // CODEQUALITY-TODO-SYNC Should be synchronous
+    getCanonicalIds(
+        emails: string[],
+        _log: any,
+        cb: (err: null, data: { message: { body: any } }) => void
+    ) {
+        const results = {};
+        emails.forEach(email => {
+            const lowercasedEmail = email.toLowerCase();
+            const entity = this.indexer.getEntityByEmail(lowercasedEmail);
+            if (!entity) {
+                results[email] = 'NotFound';
+            } else {
+                results[email] =
+                    entity.canonicalID;
+            }
+        });
+        const vaultReturnObject = {
+            message: {
+                body: results,
+            },
+        };
+        return cb(null, vaultReturnObject);
+    }
+
+    // TODO options not used. Why ?
+    // CODEQUALITY-TODO-SYNC Should be synchronous
+    getEmailAddresses(
+        canonicalIDs: string[],
+        _options: any,
+        cb: (err: null, data: { message: { body: any } }) => void
+    ) {
+        const results = {};
+        canonicalIDs.forEach(canonicalId => {
+            const foundEntity = this.indexer.getEntityByCanId(canonicalId);
+            if (!foundEntity || !foundEntity.email) {
+                results[canonicalId] = 'NotFound';
+            } else {
+                results[canonicalId] = foundEntity.email;
+            }
+        });
+        const vaultReturnObject = {
+            message: {
+                body: results,
+            },
+        };
+        return cb(null, vaultReturnObject);
+    }
+
+    // TODO options not used. Why ?
+    // CODEQUALITY-TODO-SYNC Should be synchronous
+    /**
+     * Gets accountIds for a list of accounts based on
+     * the canonical IDs associated with the account
+     * @param canonicalIDs - list of canonicalIDs
+     * @param _options - to send log id to vault
+     * @param cb - callback to calling function
+     * @returns The next is wrong. Here to keep archives.
+     * callback with either error or
+     * an object from Vault containing account canonicalID
+     * as each object key and an accountId as the value (or "NotFound")
+     */
+    getAccountIds(
+        canonicalIDs: string[],
+        _options: any,
+        cb: (err: null, data: { message: { body: any } }) => void
+    ) {
+        const results = {};
+        canonicalIDs.forEach(canonicalID => {
+            const foundEntity = this.indexer.getEntityByCanId(canonicalID);
+            if (!foundEntity || !foundEntity.shortid) {
+                results[canonicalID] = 'Not Found';
+            } else {
+                results[canonicalID] = foundEntity.shortid;
+            }
+        });
+        const vaultReturnObject = {
+            message: {
+                body: results,
+            },
+        };
+        return cb(null, vaultReturnObject);
+    }
+}
+
+class S3AuthBackend extends Backend {
+    constructor(authdata: Accounts) {
+        super('s3', new Indexer(authdata));
+    }
+
+    refreshAuthData(authData: Accounts) {
+        this.indexer = new Indexer(authData);
+    }
+}
+
+export { S3AuthBackend as s3 };

lib/auth/in_memory/Indexer.js

@@ -1,145 +0,0 @@
-/**
- * Class that provides an internal indexing over the simple data provided by
- * the authentication configuration file for the memory backend. This allows
- * accessing the different authentication entities through various types of
- * keys.
- *
- * @class Indexer
- */
-class Indexer {
-    /**
-     * @constructor
-     * @param {object} authdata - the authentication config file's data
-     * @param {object[]} authdata.accounts - array of account objects
-     * @param {string=} authdata.accounts[].name - account name
-     * @param {string} authdata.accounts[].email - account email
-     * @param {string} authdata.accounts[].arn - IAM resource name
-     * @param {string} authdata.accounts[].canonicalID - account canonical ID
-     * @param {string} authdata.accounts[].shortid - short account ID
-     * @param {object[]=} authdata.accounts[].keys - array of key objects
-     * @param {string} authdata.accounts[].keys[].access - access key
-     * @param {string} authdata.accounts[].keys[].secret - secret key
-     * @return {undefined}
-     */
-    constructor(authdata) {
-        this.accountsBy = {
-            canId: {},
-            accessKey: {},
-            email: {},
-        };
-
-        /*
-         * This may happen if the application is configured to use another
-         * authentication backend than in-memory.
-         * As such, we're managing the error here to avoid screwing up there.
-         */
-        if (!authdata) {
-            return;
-        }
-
-        this._build(authdata);
-    }
-
-    _indexAccount(account) {
-        const accountData = {
-            arn: account.arn,
-            canonicalID: account.canonicalID,
-            shortid: account.shortid,
-            accountDisplayName: account.name,
-            email: account.email.toLowerCase(),
-            keys: [],
-        };
-        this.accountsBy.canId[accountData.canonicalID] = accountData;
-        this.accountsBy.email[accountData.email] = accountData;
-        if (account.keys !== undefined) {
-            account.keys.forEach(key => {
-                accountData.keys.push(key);
-                this.accountsBy.accessKey[key.access] = accountData;
-            });
-        }
-    }
-
-    _build(authdata) {
-        authdata.accounts.forEach(account => {
-            this._indexAccount(account);
-        });
-    }
-
-    /**
-     * This method returns the account associated to a canonical ID.
-     *
-     * @param {string} canId - The canonicalId of the account
-     * @return {Object} account - The account object
-     * @return {Object} account.arn - The account's ARN
-     * @return {Object} account.canonicalID - The account's canonical ID
-     * @return {Object} account.shortid - The account's internal shortid
-     * @return {Object} account.accountDisplayName - The account's display name
-     * @return {Object} account.email - The account's lowercased email
-     */
-    getEntityByCanId(canId) {
-        return this.accountsBy.canId[canId];
-    }
-
-    /**
-     * This method returns the entity (either an account or a user) associated
-     * to a canonical ID.
-     *
-     * @param {string} key - The accessKey of the entity
-     * @return {Object} entity - The entity object
-     * @return {Object} entity.arn - The entity's ARN
-     * @return {Object} entity.canonicalID - The canonical ID for the entity's
-     *                                       account
-     * @return {Object} entity.shortid - The entity's internal shortid
-     * @return {Object} entity.accountDisplayName - The entity's account
-     *                                              display name
-     * @return {Object} entity.IAMDisplayName - The user's display name
-     *                                          (if the entity is an user)
-     * @return {Object} entity.email - The entity's lowercased email
-     */
-    getEntityByKey(key) {
-        return this.accountsBy.accessKey[key];
-    }
-
-    /**
-     * This method returns the entity (either an account or a user) associated
-     * to an email address.
-     *
-     * @param {string} email - The email address
-     * @return {Object} entity - The entity object
-     * @return {Object} entity.arn - The entity's ARN
-     * @return {Object} entity.canonicalID - The canonical ID for the entity's
-     *                                       account
-     * @return {Object} entity.shortid - The entity's internal shortid
-     * @return {Object} entity.accountDisplayName - The entity's account
-     *                                              display name
-     * @return {Object} entity.IAMDisplayName - The user's display name
-     *                                          (if the entity is an user)
-     * @return {Object} entity.email - The entity's lowercased email
-     */
-    getEntityByEmail(email) {
-        const lowerCasedEmail = email.toLowerCase();
-        return this.accountsBy.email[lowerCasedEmail];
-    }
-
-    /**
-    * This method returns the secret key associated with the entity.
-    * @param {Object} entity - the entity object
-    * @param {string} accessKey - access key
-    * @returns {string} secret key
-    */
-    getSecretKey(entity, accessKey) {
-        return entity.keys
-            .filter(kv => kv.access === accessKey)[0].secret;
-    }
-
-    /**
-    * This method returns the account display name associated with the entity.
-    * @param {Object} entity - the entity object
-    * @returns {string} account display name
-    */
-    getAcctDisplayName(entity) {
-        return entity.accountDisplayName;
-    }
-}
-
-module.exports = Indexer;

lib/auth/in_memory/Indexer.ts

@@ -0,0 +1,93 @@
+import { Accounts, Account, Entity } from './types';
+
+/**
+ * Class that provides an internal indexing over the simple data provided by
+ * the authentication configuration file for the memory backend. This allows
+ * accessing the different authentication entities through various types of
+ * keys.
+ */
+export default class Indexer {
+    accountsBy: {
+        canId: { [id: string]: Entity | undefined },
+        accessKey: { [id: string]: Entity | undefined },
+        email: { [id: string]: Entity | undefined },
+    }
+
+    constructor(authdata?: Accounts) {
+        this.accountsBy = {
+            canId: {},
+            accessKey: {},
+            email: {},
+        };
+
+        /*
+         * This may happen if the application is configured to use another
+         * authentication backend than in-memory.
+         * As such, we're managing the error here to avoid screwing up there.
+         */
+        if (!authdata) {
+            return;
+        }
+
+        this.#build(authdata);
+    }
+
+    #indexAccount(account: Account) {
+        const accountData: Entity = {
+            arn: account.arn,
+            canonicalID: account.canonicalID,
+            shortid: account.shortid,
+            accountDisplayName: account.name,
+            email: account.email.toLowerCase(),
+            keys: [],
+        };
+        this.accountsBy.canId[accountData.canonicalID] = accountData;
+        this.accountsBy.email[accountData.email] = accountData;
+        if (account.keys !== undefined) {
+            account.keys.forEach(key => {
+                accountData.keys.push(key);
+                this.accountsBy.accessKey[key.access] = accountData;
+            });
+        }
+    }
+
+    #build(authdata: Accounts) {
+        authdata.accounts.forEach(account => {
+            this.#indexAccount(account);
+        });
+    }
+
+    /** This method returns the account associated to a canonical ID. */
+    getEntityByCanId(canId: string): Entity | undefined {
+        return this.accountsBy.canId[canId];
+    }
+
+    /**
+     * This method returns the entity (either an account or a user) associated
+     * to a canonical ID.
+     * @param {string} key - The accessKey of the entity
+     */
+    getEntityByKey(key: string): Entity | undefined {
+        return this.accountsBy.accessKey[key];
+    }
+
+    /**
+     * This method returns the entity (either an account or a user) associated
+     * to an email address.
+     */
+    getEntityByEmail(email: string): Entity | undefined {
+        const lowerCasedEmail = email.toLowerCase();
+        return this.accountsBy.email[lowerCasedEmail];
+    }
+
+    /** This method returns the secret key associated with the entity. */
+    getSecretKey(entity: Entity, accessKey: string) {
+        const keys = entity.keys.filter(kv => kv.access === accessKey);
+        return keys[0].secret;
+    }
+
+    /** This method returns the account display name associated with the entity. */
+    getAcctDisplayName(entity: Entity) {
+        return entity.accountDisplayName;
+    }
+}

lib/auth/in_memory/types.ts

@@ -0,0 +1,51 @@
+import joi from 'joi';
+
+export type Callback<Data = any> = (err?: Error | null | undefined, data?: Data) => void;
+
+export type Credentials = { access: string; secret: string };
+export type Base = {
+    arn: string;
+    canonicalID: string;
+    shortid: string;
+    email: string;
+    keys: Credentials[];
+};
+export type Account = Base & { name: string; users: any[] };
+export type Accounts = { accounts: Account[] };
+export type Entity = Base & { accountDisplayName: string };
+
+const keys = ((): joi.ArraySchema => {
+    const str = joi.string().required();
+    const items = { access: str, secret: str };
+    return joi.array().items(items).required();
+})();
+
+const account = (() => {
+    return joi.object<Account>({
+        name: joi.string().required(),
+        email: joi.string().email().required(),
+        arn: joi.string().required(),
+        canonicalID: joi.string().required(),
+        shortid: joi
+            .string()
+            .regex(/^[0-9]{12}$/)
+            .required(),
+        keys: keys,
+        // backward-compat
+        users: joi.array(),
+    });
+})();
+
+const accounts = (() => {
+    return joi.object<Accounts>({
+        accounts: joi
+            .array()
+            .items(account)
+            .required()
+            .unique('arn')
+            .unique('email')
+            .unique('canonicalID'),
+    });
+})();
+
+export const validators = { keys, account, accounts };

lib/auth/in_memory/validateAuthConfig.js

@@ -1,18 +0,0 @@
-const AuthLoader = require('./AuthLoader');
-
-/**
- * @deprecated please use {@link AuthLoader} class instead
- *
- * @param {object} authdata - the authentication config file's data
- * @param {werelogs.API} logApi - object providing a constructor function
- *                                for the Logger object
- * @return {boolean} true on erroneous data
- *                   false on success
- */
-function validateAuthConfig(authdata, logApi) {
-    const authLoader = new AuthLoader(logApi);
-    authLoader.addAccounts(authdata);
-    return !authLoader.validate();
-}
-
-module.exports = validateAuthConfig;

lib/auth/in_memory/validateAuthConfig.ts

@@ -0,0 +1,16 @@
+import { Logger } from 'werelogs';
+import AuthLoader from './AuthLoader';
+import { Accounts } from './types';
+
+/**
+ * @deprecated please use {@link AuthLoader} class instead
+ * @return true on erroneous data false on success
+ */
+export default function validateAuthConfig(
+    authdata: Accounts,
+    logApi?: { Logger: typeof Logger }
+) {
+    const authLoader = new AuthLoader(logApi);
+    authLoader.addAccounts(authdata);
+    return !authLoader.validate();
+}

lib/auth/in_memory/vaultUtilities.ts

@@ -1,6 +1,4 @@
-'use strict'; // eslint-disable-line strict
-
-const crypto = require('crypto');
+import * as crypto from 'crypto';
 
 /** hashSignature for v2 Auth
  * @param {string} stringToSign - built string to sign per AWS rules
@@ -8,11 +6,19 @@ const crypto = require('crypto');
  * @param {string} algorithm - either SHA256 or SHA1
  * @return {string} reconstructed signature
  */
-function hashSignature(stringToSign, secretKey, algorithm) {
+export function hashSignature(
+    stringToSign: string,
+    secretKey: string,
+    algorithm: 'SHA256' | 'SHA1'
+): string {
     const hmacObject = crypto.createHmac(algorithm, secretKey);
     return hmacObject.update(stringToSign, 'binary').digest('base64');
 }
 
+const sha256Digest = (key: string | Buffer, data: string) => {
+    return crypto.createHmac('sha256', key).update(data, 'binary').digest();
+};
+
 /** calculateSigningKey for v4 Auth
  * @param {string} secretKey - requester's secretKey
  * @param {string} region - region included in request
@@ -20,16 +26,15 @@ function hashSignature(stringToSign, secretKey, algorithm) {
  * @param {string} [service] - To specify another service than s3
  * @return {string} signingKey - signingKey to calculate signature
  */
-function calculateSigningKey(secretKey, region, scopeDate, service) {
-    const dateKey = crypto.createHmac('sha256', `AWS4${secretKey}`)
-        .update(scopeDate, 'binary').digest();
-    const dateRegionKey = crypto.createHmac('sha256', dateKey)
-        .update(region, 'binary').digest();
-    const dateRegionServiceKey = crypto.createHmac('sha256', dateRegionKey)
-        .update(service || 's3', 'binary').digest();
-    const signingKey = crypto.createHmac('sha256', dateRegionServiceKey)
-        .update('aws4_request', 'binary').digest();
+export function calculateSigningKey(
+    secretKey: string,
+    region: string,
+    scopeDate: string,
+    service?: string
+): Buffer {
+    const dateKey = sha256Digest(`AWS4${secretKey}`, scopeDate);
+    const dateRegionKey = sha256Digest(dateKey, region);
+    const dateRegionServiceKey = sha256Digest(dateRegionKey, service || 's3');
+    const signingKey = sha256Digest(dateRegionServiceKey, 'aws4_request');
     return signingKey;
 }
-
-module.exports = { hashSignature, calculateSigningKey };

lib/auth/v2/algoCheck.ts

@@ -1,7 +1,5 @@
-'use strict'; // eslint-disable-line strict
-
-function algoCheck(signatureLength) {
-    let algo;
+export default function algoCheck(signatureLength: number) {
+    let algo: 'sha256' | 'sha1';
     // If the signature sent is 44 characters,
     // this means that sha256 was used:
     // 44 characters in base64
@@ -13,7 +11,6 @@ function algoCheck(signatureLength) {
     if (signatureLength === SHA1LEN) {
         algo = 'sha1';
     }
+    // @ts-ignore
     return algo;
 }
-
-module.exports = algoCheck;

lib/auth/v2/authV2.js

@@ -1,11 +0,0 @@
-'use strict'; // eslint-disable-line strict
-
-const headerAuthCheck = require('./headerAuthCheck');
-const queryAuthCheck = require('./queryAuthCheck');
-
-const authV2 = {
-    header: headerAuthCheck,
-    query: queryAuthCheck,
-};
-
-module.exports = authV2;

lib/auth/v2/authV2.ts

@@ -0,0 +1,2 @@
+export * as header from './headerAuthCheck';
+export * as query from './queryAuthCheck';

lib/auth/v2/checkRequestExpiry.ts

@@ -1,9 +1,9 @@
-'use strict'; // eslint-disable-line strict
-const errors = require('../../errors');
+import { Logger } from 'werelogs';
+import errors from '../../errors';
 
 const epochTime = new Date('1970-01-01').getTime();
 
-function checkRequestExpiry(timestamp, log) {
+export default function checkRequestExpiry(timestamp: number, log: Logger) {
     // If timestamp is before epochTime, the request is invalid and return
     // errors.AccessDenied
     if (timestamp < epochTime) {
@@ -32,5 +32,3 @@ function checkRequestExpiry(timestamp, log) {
 
     return undefined;
 }
-
-module.exports = checkRequestExpiry;

lib/auth/v2/constructStringToSign.ts

@@ -1,11 +1,14 @@
-'use strict'; // eslint-disable-line strict
+import { Logger } from 'werelogs';
+import utf8 from 'utf8';
+import getCanonicalizedAmzHeaders from './getCanonicalizedAmzHeaders';
+import getCanonicalizedResource from './getCanonicalizedResource';
 
-const utf8 = require('utf8');
-
-const getCanonicalizedAmzHeaders = require('./getCanonicalizedAmzHeaders');
-const getCanonicalizedResource = require('./getCanonicalizedResource');
-
-function constructStringToSign(request, data, log, clientType) {
+export default function constructStringToSign(
+    request: any,
+    data: { [key: string]: string },
+    log: Logger,
+    clientType?: any
+) {
     /*
     Build signature per AWS requirements:
     StringToSign = HTTP-Verb + '\n' +
@@ -42,5 +45,3 @@ function constructStringToSign(request, data, log, clientType) {
         + getCanonicalizedResource(request, clientType);
     return utf8.encode(stringToSign);
 }
-
-module.exports = constructStringToSign;

lib/auth/v2/getCanonicalizedAmzHeaders.ts

@@ -1,14 +1,12 @@
-'use strict'; // eslint-disable-line strict
-
-function getCanonicalizedAmzHeaders(headers, clientType) {
+export default function getCanonicalizedAmzHeaders(headers: Headers, clientType: string) {
     /*
     Iterate through headers and pull any headers that are x-amz headers.
     Need to include 'x-amz-date' here even though AWS docs
     ambiguous on this.
     */
     const filterFn = clientType === 'GCP' ?
-        val => val.substr(0, 7) === 'x-goog-' :
-        val => val.substr(0, 6) === 'x-amz-';
+        (val: string) => val.substr(0, 7) === 'x-goog-' :
+        (val: string) => val.substr(0, 6) === 'x-amz-';
     const amzHeaders = Object.keys(headers)
         .filter(filterFn)
         .map(val => [val.trim(), headers[val].trim()]);
@@ -43,5 +41,3 @@ function getCanonicalizedAmzHeaders(headers, clientType) {
         `${headerStr}${current[0]}:${current[1]}\n`,
         '');
 }
-
-module.exports = getCanonicalizedAmzHeaders;

lib/auth/v2/getCanonicalizedResource.ts

@@ -1,6 +1,4 @@
-'use strict'; // eslint-disable-line strict
-
-const url = require('url');
+import * as url from 'url';
 
 const gcpSubresources = [
     'acl',
@@ -41,7 +39,7 @@ const awsSubresources = [
     'website',
 ];
 
-function getCanonicalizedResource(request, clientType) {
+export default function getCanonicalizedResource(request: any, clientType: string) {
     /*
     This variable is used to determine whether to insert
     a '?' or '&'.  Once a query parameter is added to the resourceString,
@@ -117,5 +115,3 @@ function getCanonicalizedResource(request, clientType) {
     }
     return resourceString;
 }
-
-module.exports = getCanonicalizedResource;

lib/auth/v2/headerAuthCheck.ts

@@ -1,12 +1,11 @@
-'use strict'; // eslint-disable-line strict
+import { Logger } from 'werelogs';
+import errors from '../../errors';
+import * as constants from '../../constants';
+import constructStringToSign from './constructStringToSign';
+import checkRequestExpiry from './checkRequestExpiry';
+import algoCheck from './algoCheck';
 
-const errors = require('../../errors');
-const constants = require('../../constants');
-const constructStringToSign = require('./constructStringToSign');
-const checkRequestExpiry = require('./checkRequestExpiry');
-const algoCheck = require('./algoCheck');
-
-function check(request, log, data) {
+export function check(request: any, log: Logger, data: { [key: string]: string }) {
     log.trace('running header auth check');
     const headers = request.headers;
 
@@ -52,6 +51,7 @@ function check(request, log, data) {
         log.trace('invalid authorization header', { authInfo });
         return { err: errors.MissingSecurityHeader };
     }
+    // @ts-ignore
     log.addDefaultFields({ accessKey });
 
     const signatureFromRequest = authInfo.substring(semicolonIndex + 1).trim();
@@ -80,5 +80,3 @@ function check(request, log, data) {
         },
     };
 }
-
-module.exports = { check };

lib/auth/v2/queryAuthCheck.ts

@@ -1,11 +1,10 @@
-'use strict'; // eslint-disable-line strict
+import { Logger } from 'werelogs';
+import errors from '../../errors';
+import * as constants from '../../constants';
+import algoCheck from './algoCheck';
+import constructStringToSign from './constructStringToSign';
 
-const errors = require('../../errors');
-const constants = require('../../constants');
-const algoCheck = require('./algoCheck');
-const constructStringToSign = require('./constructStringToSign');
-
-function check(request, log, data) {
+export function check(request: any, log: Logger, data: { [key: string]: string }) {
     log.trace('running query auth check');
     if (request.method === 'POST') {
         log.debug('query string auth not supported for post requests');
@@ -34,8 +33,13 @@ function check(request, log, data) {
     }
 
     const currentTime = Date.now();
-    // 604800000 ms (seven days).
-    if (expirationTime > currentTime + 604800000) {
+
+    const preSignedURLExpiry = process.env.PRE_SIGN_URL_EXPIRY
+        && !Number.isNaN(process.env.PRE_SIGN_URL_EXPIRY)
+        ? Number.parseInt(process.env.PRE_SIGN_URL_EXPIRY, 10)
+        : constants.defaultPreSignedURLExpiry * 1000;
+
+    if (expirationTime > currentTime + preSignedURLExpiry) {
         log.debug('expires parameter too far in future',
         { expires: request.query.Expires });
         return { err: errors.AccessDenied };
@@ -46,6 +50,7 @@ function check(request, log, data) {
         return { err: errors.RequestTimeTooSkewed };
     }
     const accessKey = data.AWSAccessKeyId;
+    // @ts-ignore
     log.addDefaultFields({ accessKey });
 
     const signatureFromRequest = decodeURIComponent(data.Signature);
@@ -77,5 +82,3 @@ function check(request, log, data) {
         },
     };
 }
-
-module.exports = { check };

lib/auth/v4/authV4.js

@@ -1,11 +0,0 @@
-'use strict'; // eslint-disable-line strict
-
-const headerAuthCheck = require('./headerAuthCheck');
-const queryAuthCheck = require('./queryAuthCheck');
-
-const authV4 = {
-    header: headerAuthCheck,
-    query: queryAuthCheck,
-};
-
-module.exports = authV4;

lib/auth/v4/authV4.ts

@@ -0,0 +1,2 @@
+export * as header from './headerAuthCheck';
+export * as query from './queryAuthCheck';

lib/auth/v4/awsURIencode.ts

@@ -1,5 +1,3 @@
-'use strict'; // eslint-disable-line strict
-
 /*
 AWS's URI encoding rules:
 URI encode every byte. Uri-Encode() must enforce the following rules:
@@ -19,7 +17,7 @@ See http://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-header-based-auth.html
 */
 
 // converts utf8 character to hex and pads "%" before every two hex digits
-function _toHexUTF8(char) {
+function _toHexUTF8(char: string) {
     const hexRep = Buffer.from(char, 'utf8').toString('hex').toUpperCase();
     let res = '';
     hexRep.split('').forEach((v, n) => {
@@ -32,35 +30,49 @@ function _toHexUTF8(char) {
     return res;
 }
 
-function awsURIencode(input, encodeSlash, noEncodeStar) {
-    const encSlash = encodeSlash === undefined ? true : encodeSlash;
-    let encoded = '';
+export default function awsURIencode(
+    input: string,
+    encodeSlash?: boolean,
+    noEncodeStar?: boolean
+) {
     /**
      * Duplicate query params are not suppported by AWS S3 APIs. These params
      * are parsed as Arrays by Node.js HTTP parser which breaks this method
-    */
-    if (typeof input !== 'string') {
-        return encoded;
+     */
+     if (typeof input !== 'string') {
+        return '';
     }
-    for (let i = 0; i < input.length; i++) {
-        const ch = input.charAt(i);
-        if ((ch >= 'A' && ch <= 'Z') ||
-            (ch >= 'a' && ch <= 'z') ||
-            (ch >= '0' && ch <= '9') ||
-            ch === '_' || ch === '-' ||
-            ch === '~' || ch === '.') {
-            encoded = encoded.concat(ch);
-        } else if (ch === ' ') {
-            encoded = encoded.concat('%20');
-        } else if (ch === '/') {
-            encoded = encoded.concat(encSlash ? '%2F' : ch);
-        } else if (ch === '*') {
-            encoded = encoded.concat(noEncodeStar ? '*' : '%2A');
-        } else {
-            encoded = encoded.concat(_toHexUTF8(ch));
+
+    // precalc slash and star based on configs
+    const slash = encodeSlash === undefined || encodeSlash ? '%2F' : '/';
+    const star = noEncodeStar !== undefined && noEncodeStar ? '*' : '%2A';
+    const encoded: string[] = [];
+
+    const charArray = Array.from(input);
+    for (const ch of charArray) {
+        switch (true) {
+            case ch >= 'A' && ch <= 'Z':
+            case ch >= 'a' && ch <= 'z':
+            case ch >= '0' && ch <= '9':
+            case ch === '-':
+            case ch === '_':
+            case ch === '~':
+            case ch === '.':
+                encoded.push(ch);
+                break;
+            case ch === '/':
+                encoded.push(slash);
+                break;
+            case ch === '*':
+                encoded.push(star);
+                break;
+            case ch === ' ':
+                encoded.push('%20');
+                break;
+            default:
+                encoded.push(_toHexUTF8(ch));
+                break;
         }
     }
-    return encoded;
+    return encoded.join('');
 }
-
-module.exports = awsURIencode;

lib/auth/v4/constructStringToSign.ts

@@ -1,17 +1,33 @@
-'use strict'; // eslint-disable-line strict
-
-const crypto = require('crypto');
-
-const createCanonicalRequest = require('./createCanonicalRequest');
+import * as crypto from 'crypto';
+import { Logger } from 'werelogs';
+import createCanonicalRequest from './createCanonicalRequest';
 
 /**
  * constructStringToSign - creates V4 stringToSign
  * @param {object} params - params object
  * @returns {string} - stringToSign
  */
-function constructStringToSign(params) {
-    const { request, signedHeaders, payloadChecksum, credentialScope, timestamp,
-        query, log, proxyPath } = params;
+export default function constructStringToSign(params: {
+    request: any;
+    signedHeaders: any;
+    payloadChecksum: any;
+    credentialScope: string;
+    timestamp: string;
+    query: { [key: string]: string };
+    log?: Logger;
+    proxyPath?: string;
+    awsService: string;
+}): string | Error {
+    const {
+        request,
+        signedHeaders,
+        payloadChecksum,
+        credentialScope,
+        timestamp,
+        query,
+        log,
+        proxyPath,
+    } = params;
     const path = proxyPath || request.path;
 
     const canonicalReqResult = createCanonicalRequest({
@@ -24,6 +40,8 @@ function constructStringToSign(params) {
         service: params.awsService,
     });
 
+    // TODO Why that line?
+    // @ts-ignore
     if (canonicalReqResult instanceof Error) {
         if (log) {
             log.error('error creating canonicalRequest');
@@ -40,5 +58,3 @@ function constructStringToSign(params) {
     `${credentialScope}\n${canonicalHex}`;
     return stringToSign;
 }
-
-module.exports = constructStringToSign;

lib/auth/v4/createCanonicalRequest.ts

@@ -1,27 +1,33 @@
-'use strict'; // eslint-disable-line strict
-
-const awsURIencode = require('./awsURIencode');
-const crypto = require('crypto');
-const queryString = require('querystring');
+import * as crypto from 'crypto';
+import * as queryString from 'querystring';
+import awsURIencode from './awsURIencode';
 
 /**
  * createCanonicalRequest - creates V4 canonical request
- * @param {object} params - contains pHttpVerb (request type),
+ * @param params - contains pHttpVerb (request type),
  * pResource (parsed from URL), pQuery (request query),
  * pHeaders (request headers), pSignedHeaders (signed headers from request),
  * payloadChecksum (from request)
- * @returns {string} - canonicalRequest
+ * @returns - canonicalRequest
  */
-function createCanonicalRequest(params) {
+export default function createCanonicalRequest(
+    params: {
+        pHttpVerb: string;
+        pResource: string;
+        pQuery: { [key: string]: string };
+        pHeaders: any;
+        pSignedHeaders: any;
+        service: string;
+        payloadChecksum: string;
+    }
+) {
     const pHttpVerb = params.pHttpVerb;
     const pResource = params.pResource;
     const pQuery = params.pQuery;
     const pHeaders = params.pHeaders;
     const pSignedHeaders = params.pSignedHeaders;
     const service = params.service;
-
     let payloadChecksum = params.payloadChecksum;
-
     if (!payloadChecksum) {
         if (pHttpVerb === 'GET') {
             payloadChecksum = 'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b' +
@@ -34,7 +40,7 @@ function createCanonicalRequest(params) {
             if (/aws-sdk-java\/[0-9.]+/.test(pHeaders['user-agent'])) {
                 notEncodeStar = true;
             }
-            let payload = queryString.stringify(pQuery, null, null, {
+            let payload = queryString.stringify(pQuery, undefined, undefined, {
                 encodeURIComponent: input => awsURIencode(input, true,
                     notEncodeStar),
             });
@@ -61,11 +67,11 @@ function createCanonicalRequest(params) {
 
     // signed headers
     const signedHeadersList = pSignedHeaders.split(';');
-    signedHeadersList.sort((a, b) => a.localeCompare(b));
+    signedHeadersList.sort((a: any, b: any) => a.localeCompare(b));
     const signedHeaders = signedHeadersList.join(';');
 
     // canonical headers
-    const canonicalHeadersList = signedHeadersList.map(signedHeader => {
+    const canonicalHeadersList = signedHeadersList.map((signedHeader: any) => {
         if (pHeaders[signedHeader] !== undefined) {
             const trimmedHeader = pHeaders[signedHeader]
                 .trim().replace(/\s+/g, ' ');
@@ -87,5 +93,3 @@ function createCanonicalRequest(params) {
         `${signedHeaders}\n${payloadChecksum}`;
     return canonicalRequest;
 }
-
-module.exports = createCanonicalRequest;

lib/auth/v4/headerAuthCheck.ts

@@ -1,27 +1,32 @@
-'use strict'; // eslint-disable-line strict
-
-const errors = require('../../../lib/errors');
-const constants = require('../../constants');
-
-const constructStringToSign = require('./constructStringToSign');
-const checkTimeSkew = require('./timeUtils').checkTimeSkew;
-const convertUTCtoISO8601 = require('./timeUtils').convertUTCtoISO8601;
-const convertAmzTimeToMs = require('./timeUtils').convertAmzTimeToMs;
-const extractAuthItems = require('./validateInputs').extractAuthItems;
-const validateCredentials = require('./validateInputs').validateCredentials;
-const areSignedHeadersComplete =
-    require('./validateInputs').areSignedHeadersComplete;
+import { Logger } from 'werelogs';
+import errors from '../../../lib/errors';
+import * as constants from '../../constants';
+import constructStringToSign from './constructStringToSign';
+import {
+    checkTimeSkew,
+    convertUTCtoISO8601,
+    convertAmzTimeToMs,
+} from './timeUtils';
+import {
+    extractAuthItems,
+    validateCredentials,
+    areSignedHeadersComplete,
+} from './validateInputs';
 
 /**
  * V4 header auth check
- * @param {object} request - HTTP request object
- * @param {object} log - logging object
- * @param {object} data - Parameters from queryString parsing or body of
+ * @param request - HTTP request object
+ * @param log - logging object
+ * @param data - Parameters from queryString parsing or body of
  *      POST request
- * @param {string} awsService - Aws service ('iam' or 's3')
- * @return {callback} calls callback
+ * @param awsService - Aws service ('iam' or 's3')
  */
-function check(request, log, data, awsService) {
+export function check(
+    request: any,
+    log: Logger,
+    data: { [key: string]: string },
+    awsService: string
+) {
     log.trace('running header auth check');
 
     const token = request.headers['x-amz-security-token'];
@@ -62,16 +67,16 @@ function check(request, log, data, awsService) {
 
     log.trace('authorization header from request', { authHeader });
 
-    const signatureFromRequest = authHeaderItems.signatureFromRequest;
-    const credentialsArr = authHeaderItems.credentialsArr;
-    const signedHeaders = authHeaderItems.signedHeaders;
+    const signatureFromRequest = authHeaderItems.signatureFromRequest!;
+    const credentialsArr = authHeaderItems.credentialsArr!;
+    const signedHeaders = authHeaderItems.signedHeaders!;
 
     if (!areSignedHeadersComplete(signedHeaders, request.headers)) {
         log.debug('signedHeaders are incomplete', { signedHeaders });
         return { err: errors.AccessDenied };
     }
 
-    let timestamp;
+    let timestamp: string | undefined;
     // check request timestamp
     const xAmzDate = request.headers['x-amz-date'];
     if (xAmzDate) {
@@ -166,5 +171,3 @@ function check(request, log, data, awsService) {
         },
     };
 }
-
-module.exports = { check };

lib/auth/v4/queryAuthCheck.ts

@@ -1,24 +1,18 @@
-'use strict'; // eslint-disable-line strict
-
-const constants = require('../../constants');
-const errors = require('../../errors');
-
-const constructStringToSign = require('./constructStringToSign');
-const checkTimeSkew = require('./timeUtils').checkTimeSkew;
-const convertAmzTimeToMs = require('./timeUtils').convertAmzTimeToMs;
-const validateCredentials = require('./validateInputs').validateCredentials;
-const extractQueryParams = require('./validateInputs').extractQueryParams;
-const areSignedHeadersComplete =
-    require('./validateInputs').areSignedHeadersComplete;
+import { Logger } from 'werelogs';
+import * as constants from '../../constants';
+import errors from '../../errors';
+import constructStringToSign from './constructStringToSign';
+import { checkTimeSkew, convertAmzTimeToMs } from './timeUtils';
+import { validateCredentials, extractQueryParams } from './validateInputs';
+import { areSignedHeadersComplete } from './validateInputs';
 
 /**
  * V4 query auth check
- * @param {object} request - HTTP request object
- * @param {object} log - logging object
- * @param {object} data - Contain authentification params (GET or POST data)
- * @return {callback} calls callback
+ * @param request - HTTP request object
+ * @param log - logging object
+ * @param data - Contain authentification params (GET or POST data)
  */
-function check(request, log, data) {
+export function check(request: any, log: Logger, data: { [key: string]: string }) {
     const authParams = extractQueryParams(data, log);
 
     if (Object.keys(authParams).length !== 5) {
@@ -33,11 +27,11 @@ function check(request, log, data) {
         return { err: errors.InvalidToken };
     }
 
-    const signedHeaders = authParams.signedHeaders;
-    const signatureFromRequest = authParams.signatureFromRequest;
-    const timestamp = authParams.timestamp;
-    const expiry = authParams.expiry;
-    const credential = authParams.credential;
+    const signedHeaders = authParams.signedHeaders!;
+    const signatureFromRequest = authParams.signatureFromRequest!;
+    const timestamp = authParams.timestamp!;
+    const expiry = authParams.expiry!;
+    const credential = authParams.credential!;
 
     if (!areSignedHeadersComplete(signedHeaders, request.headers)) {
         log.debug('signedHeaders are incomplete', { signedHeaders });
@@ -110,5 +104,3 @@ function check(request, log, data) {
         },
     };
 }
-
-module.exports = { check };

lib/auth/v4/streamingV4/V4Transform.ts

@@ -0,0 +1,316 @@
+import { Transform } from 'stream';
+import async from 'async';
+import errors from '../../../errors';
+import { Logger } from 'werelogs';
+import Vault, { AuthV4RequestParams } from '../../Vault';
+import { Callback } from '../../in_memory/types';
+
+import constructChunkStringToSign from './constructChunkStringToSign';
+
+export type TransformParams = {
+    accessKey: string;
+    signatureFromRequest: string;
+    region: string;
+    scopeDate: string;
+    timestamp: string;
+    credentialScope: string;
+};
+
+/**
+ * This class is designed to handle the chunks sent in a streaming
+ * v4 Auth request
+ */
+export default class V4Transform extends Transform {
+    log: Logger;
+    cb: Callback;
+    accessKey: string;
+    region: string;
+    scopeDate: string;
+    timestamp: string;
+    credentialScope: string;
+    lastSignature: string;
+    currentSignature?: string;
+    haveMetadata: boolean;
+    seekingDataSize: number;
+    currentData?: any;
+    dataCursor: number;
+    currentMetadata: any[];
+    lastPieceDone: boolean;
+    lastChunk: boolean;
+    vault: Vault;
+
+    /**
+     * @constructor
+     * @param streamingV4Params - info for chunk authentication
+     * @param streamingV4Params.accessKey - requester's accessKey
+     * @param streamingV4Params.signatureFromRequest - signature
+     * sent with headers
+     * @param streamingV4Params.region - region sent with auth header
+     * @param streamingV4Params.scopeDate - date sent with auth header
+     * @param streamingV4Params.timestamp - date parsed from headers
+     * in ISO 8601 format: YYYYMMDDTHHMMSSZ
+     * @param streamingV4Params.credentialScope - items from auth
+     * header plus the string 'aws4_request' joined with '/':
+     * timestamp/region/aws-service/aws4_request
+     * @param vault - Vault instance passed from CloudServer
+     * @param log - logger object
+     * @param cb - callback to api
+     */
+    constructor(
+        streamingV4Params: TransformParams,
+        vault: Vault,
+        log: Logger,
+        cb: Callback,
+    ) {
+        const { accessKey, signatureFromRequest, region, scopeDate, timestamp,
+            credentialScope } = streamingV4Params;
+        super({});
+        this.log = log;
+        this.cb = cb;
+        this.accessKey = accessKey;
+        this.region = region;
+        this.scopeDate = scopeDate;
+        this.timestamp = timestamp;
+        this.credentialScope = credentialScope;
+        this.lastSignature = signatureFromRequest;
+        this.currentSignature = undefined;
+        this.haveMetadata = false;
+        // keep this as -1 to start since a seekingDataSize of 0
+        // means that chunk is just metadata (as is the case with the
+        // last chunk)
+        this.seekingDataSize = -1;
+        this.currentData = undefined;
+        this.dataCursor = 0;
+        this.currentMetadata = [];
+        this.lastPieceDone = false;
+        this.lastChunk = false;
+        this.vault = vault;
+    }
+
+    /**
+     * This function will parse the metadata portion of the chunk
+     * @param remainingChunk - chunk sent from _transform
+     * @return response - if error, will return 'err' key with
+     * arsenal error value.
+     * if incomplete metadata, will return 'completeMetadata' key with
+     * value false
+     * if complete metadata received, will return 'completeMetadata' key with
+     * value true and the key 'unparsedChunk' with the remaining chunk without
+     * the parsed metadata piece
+     */
+    _parseMetadata(remainingChunk: Buffer) {
+        let remainingPlusStoredMetadata = remainingChunk;
+        // have metadata pieces so need to add to the front of
+        // remainingChunk
+        if (this.currentMetadata.length > 0) {
+            this.currentMetadata.push(remainingChunk);
+            remainingPlusStoredMetadata = Buffer.concat(this.currentMetadata);
+            // zero out stored metadata
+            this.currentMetadata.length = 0;
+        }
+        let lineBreakIndex = remainingPlusStoredMetadata.indexOf('\r\n');
+        if (lineBreakIndex < 0) {
+            this.currentMetadata.push(remainingPlusStoredMetadata);
+            return { completeMetadata: false };
+        }
+        let fullMetadata = remainingPlusStoredMetadata.slice(0,
+            lineBreakIndex);
+
+        // handle extra line break on end of data chunk
+        if (fullMetadata.length === 0) {
+            const chunkWithoutLeadingLineBreak = remainingPlusStoredMetadata
+                .slice(2);
+            // find second line break
+            lineBreakIndex = chunkWithoutLeadingLineBreak.indexOf('\r\n');
+            if (lineBreakIndex < 0) {
+                this.currentMetadata.push(chunkWithoutLeadingLineBreak);
+                return { completeMetadata: false };
+            }
+            fullMetadata = chunkWithoutLeadingLineBreak.slice(0,
+                lineBreakIndex);
+        }
+
+        const splitMeta = fullMetadata.toString().split(';');
+        this.log.trace('parsed full metadata for chunk', { splitMeta });
+        if (splitMeta.length !== 2) {
+            this.log.trace('chunk body did not contain correct ' +
+            'metadata format');
+            return { err: errors.InvalidArgument };
+        }
+        // chunk-size is sent in hex
+        const dataSize = Number.parseInt(splitMeta[0], 16);
+        if (Number.isNaN(dataSize)) {
+            this.log.trace('chunk body did not contain valid size');
+            return { err: errors.InvalidArgument };
+        }
+        let chunkSig = splitMeta[1];
+        if (!chunkSig || chunkSig.indexOf('chunk-signature=') < 0) {
+            this.log.trace('chunk body did not contain correct sig format');
+            return { err: errors.InvalidArgument };
+        }
+        chunkSig = chunkSig.replace('chunk-signature=', '');
+        this.currentSignature = chunkSig;
+        this.haveMetadata = true;
+        if (dataSize === 0) {
+            this.lastChunk = true;
+            return {
+                completeMetadata: true,
+            };
+        }
+        // + 2 to get \r\n at end
+        this.seekingDataSize = dataSize + 2;
+        this.currentData = Buffer.alloc(dataSize);
+
+        return {
+            completeMetadata: true,
+            // start slice at lineBreak plus 2 to remove line break at end of
+            // metadata piece since length of '\r\n' is 2
+            unparsedChunk: remainingPlusStoredMetadata
+                .slice(lineBreakIndex + 2),
+        };
+    }
+
+    /**
+     * Build the stringToSign and authenticate the chunk
+     * @param dataToSend - chunk sent from _transform or null
+     * if last chunk without data
+     * @param done - callback to _transform
+     * @return executes callback with err if applicable
+     */
+    _authenticate(dataToSend: Buffer | null, done: Callback) {
+        // use prior sig to construct new string to sign
+        const stringToSign = constructChunkStringToSign(this.timestamp,
+            this.credentialScope, this.lastSignature, dataToSend ?? undefined);
+        this.log.trace('constructed chunk string to sign',
+            { stringToSign });
+        // once used prior sig to construct string to sign, reassign
+        // lastSignature to current signature
+        this.lastSignature = this.currentSignature!;
+        const vaultParams: AuthV4RequestParams = {
+            log: this.log,
+            data: {
+                accessKey: this.accessKey,
+                signatureFromRequest: this.currentSignature!,
+                region: this.region,
+                scopeDate: this.scopeDate,
+                stringToSign,
+                // TODO FIXME This can not work
+                // @ts-expect-errors
+                timestamp: this.timestamp,
+                credentialScope: this.credentialScope,
+            },
+        };
+        return this.vault.authenticateV4Request(vaultParams, null, err => {
+            if (err) {
+                this.log.trace('err from vault on streaming v4 auth',
+                    { error: err, paramsSentToVault: vaultParams.data });
+                return done(err);
+            }
+            return done();
+        });
+    }
+
+
+    /**
+     * This function will parse the chunk into metadata and data,
+     * use the metadata to authenticate with vault and send the
+     * data on to be stored if authentication passes
+     *
+     * @param chunk - chunk from request body
+     * @param _encoding - Data encoding unused
+     * @param callback - Callback(err, justDataChunk, encoding)
+     * @return executes callback with err if applicable
+     */
+    _transform(chunk: Buffer, _encoding: string, callback: Callback) {
+        // 'chunk' here is the node streaming chunk
+        // transfer-encoding chunks should be of the format:
+        // string(IntHexBase(chunk-size)) + ";chunk-signature=" +
+        // signature + \r\n + chunk-data + \r\n
+        // Last transfer-encoding chunk will have size 0 and no chunk-data.
+
+        if (this.lastPieceDone) {
+            const slice = chunk.slice(0, 10);
+            this.log.trace('received chunk after end.' +
+            'See first 10 bytes of chunk',
+            { chunk: slice.toString() });
+            return callback();
+        }
+        let unparsedChunk = chunk;
+        let chunkLeftToEvaluate = true;
+        return async.whilst(
+            // test function
+            () => chunkLeftToEvaluate,
+            // async function
+            done => {
+                if (!this.haveMetadata) {
+                    this.log.trace('do not have metadata so calling ' +
+                    '_parseMetadata');
+                    // need to parse our metadata
+                    const parsedMetadataResults =
+                        this._parseMetadata(unparsedChunk);
+                    if (parsedMetadataResults.err) {
+                        return done(parsedMetadataResults.err);
+                    }
+                    // if do not have full metadata get next chunk
+                    if (!parsedMetadataResults.completeMetadata) {
+                        chunkLeftToEvaluate = false;
+                        return done();
+                    }
+                    // have metadata so reset unparsedChunk to remaining
+                    // without metadata piece
+                    // TODO Is that okay?
+                    // @ts-expect-errors
+                    unparsedChunk = parsedMetadataResults.unparsedChunk;
+                }
+                if (this.lastChunk) {
+                    this.log.trace('authenticating final chunk with no data');
+                    return this._authenticate(null, err => {
+                        if (err) {
+                            return done(err);
+                        }
+                        chunkLeftToEvaluate = false;
+                        this.lastPieceDone = true;
+                        return done();
+                    });
+                }
+                if (unparsedChunk.length < this.seekingDataSize) {
+                    // add chunk to currentData and get next chunk
+                    unparsedChunk.copy(this.currentData, this.dataCursor);
+                    this.dataCursor += unparsedChunk.length;
+                    this.seekingDataSize -= unparsedChunk.length;
+                    chunkLeftToEvaluate = false;
+                    return done();
+                }
+                // parse just the next data piece without \r\n at the end
+                // (therefore, minus 2)
+                const nextDataPiece =
+                    unparsedChunk.slice(0, this.seekingDataSize - 2);
+                // add parsed data piece to other currentData pieces
+                // so that this.currentData is the full data piece
+                nextDataPiece.copy(this.currentData, this.dataCursor);
+                return this._authenticate(this.currentData, err => {
+                    if (err) {
+                        return done(err);
+                    }
+                    unparsedChunk =
+                        unparsedChunk.slice(this.seekingDataSize);
+                    this.push(this.currentData);
+                    this.haveMetadata = false;
+                    this.seekingDataSize = -1;
+                    this.currentData = undefined;
+                    this.dataCursor = 0;
+                    chunkLeftToEvaluate = unparsedChunk.length > 0;
+                    return done();
+                });
+            },
+            // final callback
+            err => {
+                if (err) {
+                    return this.cb(err as any);
+                }
+                // get next chunk
+                return callback();
+            },
+        );
+    }
+}

lib/auth/v4/streamingV4/constructChunkStringToSign.ts

@@ -0,0 +1,35 @@
+import * as crypto from 'crypto';
+import * as constants from '../../../constants';
+
+/**
+ * Constructs stringToSign for chunk
+ * @param timestamp - date parsed from headers
+ * in ISO 8601 format: YYYYMMDDTHHMMSSZ
+ * @param credentialScope - items from auth
+ * header plus the string 'aws4_request' joined with '/':
+ * timestamp/region/aws-service/aws4_request
+ * @param lastSignature - signature from headers or prior chunk
+ * @param justDataChunk - data portion of chunk
+ * @returns stringToSign
+ */
+export default function constructChunkStringToSign(
+    timestamp: string,
+    credentialScope: string,
+    lastSignature: string,
+    justDataChunk?: Buffer | string,
+) {
+    let currentChunkHash: string;
+    // for last chunk, there will be no data, so use emptyStringHash
+    if (!justDataChunk) {
+        currentChunkHash = constants.emptyStringHash;
+    } else {
+        const hash = crypto.createHash('sha256');
+        const temp = justDataChunk instanceof Buffer
+            ? hash.update(justDataChunk)
+            : hash.update(justDataChunk, 'binary');
+        currentChunkHash = temp.digest('hex');
+    }
+    return `AWS4-HMAC-SHA256-PAYLOAD\n${timestamp}\n` +
+        `${credentialScope}\n${lastSignature}\n` +
+        `${constants.emptyStringHash}\n${currentChunkHash}`;
+}

lib/auth/v4/timeUtils.ts

@@ -1,12 +1,11 @@
-'use strict'; // eslint-disable-line strict
+import { Logger } from 'werelogs';
 
 /**
  * Convert timestamp to milliseconds since Unix Epoch
- * @param  {string} timestamp of ISO8601Timestamp format without
+ * @param timestamp of ISO8601Timestamp format without
  * dashes or colons, e.g. 20160202T220410Z
- * @return {number} number of milliseconds since Unix Epoch
  */
-function convertAmzTimeToMs(timestamp) {
+export function convertAmzTimeToMs(timestamp: string) {
     const arr = timestamp.split('');
     // Convert to YYYY-MM-DDTHH:mm:ss.sssZ
     const ISO8601time = `${arr.slice(0, 4).join('')}-${arr[4]}${arr[5]}` +
@@ -15,13 +14,12 @@ function convertAmzTimeToMs(timestamp) {
     return Date.parse(ISO8601time);
 }
 
-
 /**
  * Convert UTC timestamp to ISO 8601 timestamp
- * @param  {string} timestamp of UTC form: Fri, 10 Feb 2012 21:34:55 GMT
- * @return {string} ISO8601 timestamp of form: YYYYMMDDTHHMMSSZ
+ * @param timestamp of UTC form: Fri, 10 Feb 2012 21:34:55 GMT
+ * @return ISO8601 timestamp of form: YYYYMMDDTHHMMSSZ
  */
-function convertUTCtoISO8601(timestamp) {
+export function convertUTCtoISO8601(timestamp: string | number) {
     // convert to ISO string: YYYY-MM-DDTHH:mm:ss.sssZ.
     const converted = new Date(timestamp).toISOString();
     // Remove "-"s and "."s and milliseconds
@@ -30,13 +28,13 @@ function convertUTCtoISO8601(timestamp) {
 
 /**
  * Check whether timestamp predates request or is too old
- * @param  {string} timestamp of ISO8601Timestamp format without
+ * @param timestamp of ISO8601Timestamp format without
  * dashes or colons, e.g. 20160202T220410Z
- * @param {number} expiry - number of seconds signature should be valid
- * @param {object} log - log for request
- * @return {boolean} true if there is a time problem
+ * @param expiry - number of seconds signature should be valid
+ * @param log - log for request
+ * @return true if there is a time problem
  */
-function checkTimeSkew(timestamp, expiry, log) {
+export function checkTimeSkew(timestamp: string, expiry: number, log: Logger) {
     const currentTime = Date.now();
     const fifteenMinutes = (15 * 60 * 1000);
     const parsedTimestamp = convertAmzTimeToMs(timestamp);
@@ -56,5 +54,3 @@ function checkTimeSkew(timestamp, expiry, log) {
     }
     return false;
 }
-
-module.exports = { convertAmzTimeToMs, convertUTCtoISO8601, checkTimeSkew };

lib/auth/v4/validateInputs.ts

@@ -1,17 +1,19 @@
-'use strict'; // eslint-disable-line strict
-
-const errors = require('../../../lib/errors');
+import { Logger } from 'werelogs';
+import errors from '../../../lib/errors';
 
 /**
  * Validate Credentials
- * @param  {array} credentials - contains accessKey, scopeDate,
+ * @param credentials - contains accessKey, scopeDate,
  * region, service, requestType
- * @param {string} timestamp - timestamp from request in
+ * @param timestamp - timestamp from request in
  * the format of ISO 8601: YYYYMMDDTHHMMSSZ
- * @param {object} log - logging object
- * @return {boolean} true if credentials are correct format, false if not
+ * @param log - logging object
  */
-function validateCredentials(credentials, timestamp, log) {
+export function validateCredentials(
+    credentials: [string, string, string, string, string],
+    timestamp: string,
+    log: Logger
+): Error | {} {
     if (!Array.isArray(credentials) || credentials.length !== 5) {
         log.warn('credentials in improper format', { credentials });
         return errors.InvalidArgument;
@@ -58,12 +60,21 @@ function validateCredentials(credentials, timestamp, log) {
 
 /**
  * Extract and validate components from query object
- * @param  {object} queryObj - query object from request
- * @param {object} log - logging object
- * @return {object} object containing extracted query params for authV4
+ * @param  queryObj - query object from request
+ * @param log - logging object
+ * @return object containing extracted query params for authV4
  */
-function extractQueryParams(queryObj, log) {
-    const authParams = {};
+export function extractQueryParams(
+    queryObj: { [key: string]: string | undefined },
+    log: Logger
+) {
+    const authParams: {
+        signedHeaders?: string;
+        signatureFromRequest?: string;
+        timestamp?: string;
+        expiry?: number;
+        credential?: [string, string, string, string, string];
+    } = {};
 
     // Do not need the algorithm sent back
     if (queryObj['X-Amz-Algorithm'] !== 'AWS4-HMAC-SHA256') {
@@ -99,7 +110,7 @@ function extractQueryParams(queryObj, log) {
         return authParams;
     }
 
-    const expiry = Number.parseInt(queryObj['X-Amz-Expires'], 10);
+    const expiry = Number.parseInt(queryObj['X-Amz-Expires'] ?? 'nope', 10);
     const sevenDays = 604800;
     if (expiry && (expiry > 0 && expiry <= sevenDays)) {
         authParams.expiry = expiry;
@@ -110,6 +121,7 @@ function extractQueryParams(queryObj, log) {
 
     const credential = queryObj['X-Amz-Credential'];
     if (credential && credential.length > 28 && credential.indexOf('/') > -1) {
+        // @ts-ignore
         authParams.credential = credential.split('/');
     } else {
         log.warn('invalid credential param', { credential });
@@ -121,14 +133,17 @@ function extractQueryParams(queryObj, log) {
 
 /**
  * Extract and validate components from auth header
- * @param  {string} authHeader - authorization header from request
- * @param {object} log - logging object
- * @return {object} object containing extracted auth header items for authV4
+ * @param authHeader - authorization header from request
+ * @param log - logging object
+ * @return object containing extracted auth header items for authV4
  */
-function extractAuthItems(authHeader, log) {
-    const authItems = {};
-    const authArray = authHeader
-        .replace('AWS4-HMAC-SHA256 ', '').split(',');
+export function extractAuthItems(authHeader: string, log: Logger) {
+    const authItems: {
+        credentialsArr?: [string, string, string, string, string];
+        signedHeaders?: string;
+        signatureFromRequest?: string;
+    } = {};
+    const authArray = authHeader.replace('AWS4-HMAC-SHA256 ', '').split(',');
 
     if (authArray.length < 3) {
         return authItems;
@@ -138,8 +153,12 @@ function extractAuthItems(authHeader, log) {
     const signedHeadersStr = authArray[1];
     const signatureStr = authArray[2];
     log.trace('credentials from request', { credentialStr });
-    if (credentialStr && credentialStr.trim().startsWith('Credential=')
-        && credentialStr.indexOf('/') > -1) {
+    if (
+        credentialStr &&
+        credentialStr.trim().startsWith('Credential=') &&
+        credentialStr.indexOf('/') > -1
+    ) {
+        // @ts-ignore
         authItems.credentialsArr = credentialStr
             .trim().replace('Credential=', '').split('/');
     } else {
@@ -166,11 +185,11 @@ function extractAuthItems(authHeader, log) {
 /**
  * Checks whether the signed headers include the host header
  * and all x-amz- and x-scal- headers in request
- * @param {string} signedHeaders - signed headers sent with request
- * @param {object} allHeaders - request.headers
- * @return {boolean} true if all x-amz-headers included and false if not
+ * @param signedHeaders - signed headers sent with request
+ * @param allHeaders - request.headers
+ * @return true if all x-amz-headers included and false if not
  */
-function areSignedHeadersComplete(signedHeaders, allHeaders) {
+export function areSignedHeadersComplete(signedHeaders: string, allHeaders: Headers) {
     const signedHeadersList = signedHeaders.split(';');
     if (signedHeadersList.indexOf('host') === -1) {
         return false;
@@ -185,6 +204,3 @@ function areSignedHeadersComplete(signedHeaders, allHeaders) {
     }
     return true;
 }
-
-module.exports = { validateCredentials, extractQueryParams,
-    areSignedHeadersComplete, extractAuthItems };

lib/constants.js

@@ -1,87 +0,0 @@
-'use strict'; // eslint-disable-line strict
-
-// The min value here is to manage further backward compat if we
-// need it
-const iamSecurityTokenSizeMin = 128;
-const iamSecurityTokenSizeMax = 128;
-// Security token is an hex string (no real format from amazon)
-const iamSecurityTokenPattern =
-    new RegExp(`^[a-f0-9]{${iamSecurityTokenSizeMin},` +
-        `${iamSecurityTokenSizeMax}}$`);
-
-module.exports = {
-    // info about the iam security token
-    iamSecurityToken: {
-        min: iamSecurityTokenSizeMin,
-        max: iamSecurityTokenSizeMax,
-        pattern: iamSecurityTokenPattern,
-    },
-    // PublicId is used as the canonicalID for a request that contains
-    // no authentication information.  Requestor can access
-    // only public resources
-    publicId: 'http://acs.amazonaws.com/groups/global/AllUsers',
-    zenkoServiceAccount: 'http://acs.zenko.io/accounts/service',
-    metadataFileNamespace: '/MDFile',
-    dataFileURL: '/DataFile',
-    // AWS states max size for user-defined metadata
-    // (x-amz-meta- headers) is 2 KB:
-    // http://docs.aws.amazon.com/AmazonS3/latest/API/RESTObjectPUT.html
-    // In testing, AWS seems to allow up to 88 more bytes,
-    // so we do the same.
-    maximumMetaHeadersSize: 2136,
-    emptyFileMd5: 'd41d8cd98f00b204e9800998ecf8427e',
-    // Version 2 changes the format of the data location property
-    // Version 3 adds the dataStoreName attribute
-    mdModelVersion: 3,
-    /*
-     * Splitter is used to build the object name for the overview of a
-     * multipart upload and to build the object names for each part of a
-     * multipart upload.  These objects with large names are then stored in
-     * metadata in a "shadow bucket" to a real bucket.  The shadow bucket
-     * contains all ongoing multipart uploads.  We include in the object
-     * name some of the info we might need to pull about an open multipart
-     * upload or about an individual part with each piece of info separated
-     * by the splitter.  We can then extract each piece of info by splitting
-     * the object name string with this splitter.
-     * For instance, assuming a splitter of '...!*!',
-     * the name of the upload overview would be:
-     *   overview...!*!objectKey...!*!uploadId
-     * For instance, the name of a part would be:
-     *   uploadId...!*!partNumber
-     *
-     * The sequence of characters used in the splitter should not occur
-     * elsewhere in the pieces of info to avoid splitting where not
-     * intended.
-     *
-     * Splitter is also used in adding bucketnames to the
-     * namespacerusersbucket.  The object names added to the
-     * namespaceusersbucket are of the form:
-     * canonicalID...!*!bucketname
-     */
-
-    splitter: '..|..',
-    usersBucket: 'users..bucket',
-    // MPU Bucket Prefix is used to create the name of the shadow
-    // bucket used for multipart uploads.  There is one shadow mpu
-    // bucket per bucket and its name is the mpuBucketPrefix followed
-    // by the name of the final destination bucket for the object
-    // once the multipart upload is complete.
-    mpuBucketPrefix: 'mpuShadowBucket',
-    // since aws s3 does not allow capitalized buckets, these may be
-    // used for special internal purposes
-    permittedCapitalizedBuckets: {
-        METADATA: true,
-    },
-    // HTTP server keep-alive timeout is set to a higher value than
-    // client's free sockets timeout to avoid the risk of triggering
-    // ECONNRESET errors if the server closes the connection at the
-    // exact moment clients attempt to reuse an established connection
-    // for a new request.
-    //
-    // Note: the ability to close inactive connections on the client
-    // after httpClientFreeSocketsTimeout milliseconds requires the
-    // use of "agentkeepalive" module instead of the regular node.js
-    // http.Agent.
-    httpServerKeepAliveTimeout: 60000,
-    httpClientFreeSocketTimeout: 55000,
-};

lib/constants.ts

@@ -0,0 +1,131 @@
+import * as crypto from 'crypto';
+
+// The min value here is to manage further backward compat if we
+// need it
+const iamSecurityTokenSizeMin = 128;
+const iamSecurityTokenSizeMax = 128;
+// Security token is an hex string (no real format from amazon)
+const iamSecurityTokenPattern = new RegExp(
+    `^[a-f0-9]{${iamSecurityTokenSizeMin},${iamSecurityTokenSizeMax}}$`,
+);
+
+// info about the iam security token
+export const iamSecurityToken = {
+    min: iamSecurityTokenSizeMin,
+    max: iamSecurityTokenSizeMax,
+    pattern: iamSecurityTokenPattern,
+};
+// PublicId is used as the canonicalID for a request that contains
+// no authentication information.  Requestor can access
+// only public resources
+export const publicId = 'http://acs.amazonaws.com/groups/global/AllUsers';
+export const zenkoServiceAccount = 'http://acs.zenko.io/accounts/service';
+export const metadataFileNamespace = '/MDFile';
+export const dataFileURL = '/DataFile';
+// AWS states max size for user-defined metadata
+// (x-amz-meta- headers) is 2 KB:
+// http://docs.aws.amazon.com/AmazonS3/latest/API/RESTObjectPUT.html
+// In testing, AWS seems to allow up to 88 more bytes,
+// so we do the same.
+export const maximumMetaHeadersSize = 2136;
+export const emptyFileMd5 = 'd41d8cd98f00b204e9800998ecf8427e';
+// Version 2 changes the format of the data location property
+// Version 3 adds the dataStoreName attribute
+export const mdModelVersion = 3;
+/*
+ * Splitter is used to build the object name for the overview of a
+ * multipart upload and to build the object names for each part of a
+ * multipart upload.  These objects with large names are then stored in
+ * metadata in a "shadow bucket" to a real bucket.  The shadow bucket
+ * contains all ongoing multipart uploads.  We include in the object
+ * name some of the info we might need to pull about an open multipart
+ * upload or about an individual part with each piece of info separated
+ * by the splitter.  We can then extract each piece of info by splitting
+ * the object name string with this splitter.
+ * For instance, assuming a splitter of '...!*!',
+ * the name of the upload overview would be:
+ *   overview...!*!objectKey...!*!uploadId
+ * For instance, the name of a part would be:
+ *   uploadId...!*!partNumber
+ *
+ * The sequence of characters used in the splitter should not occur
+ * elsewhere in the pieces of info to avoid splitting where not
+ * intended.
+ *
+ * Splitter is also used in adding bucketnames to the
+ * namespacerusersbucket.  The object names added to the
+ * namespaceusersbucket are of the form:
+ * canonicalID...!*!bucketname
+ */
+
+export const splitter = '..|..';
+export const usersBucket = 'users..bucket';
+// MPU Bucket Prefix is used to create the name of the shadow
+// bucket used for multipart uploads.  There is one shadow mpu
+// bucket per bucket and its name is the mpuBucketPrefix followed
+// by the name of the final destination bucket for the object
+// once the multipart upload is complete.
+export const mpuBucketPrefix = 'mpuShadowBucket';
+// since aws s3 does not allow capitalized buckets, these may be
+// used for special internal purposes
+export const permittedCapitalizedBuckets = {
+    METADATA: true,
+};
+/* eslint-disable camelcase */
+export const externalBackends = { aws_s3: true, azure: true, gcp: true, pfs: true }
+export const hasCopyPartBackends = { aws_s3: true, gcp: true }
+export const versioningNotImplBackends = { azure: true, gcp: true }
+export const mpuMDStoredExternallyBackend = { aws_s3: true, gcp: true }
+// AWS sets a minimum size limit for parts except for the last part.
+// http://docs.aws.amazon.com/AmazonS3/latest/API/mpUploadComplete.html
+export const minimumAllowedPartSize = 5242880;
+// hex digest of sha256 hash of empty string:
+export const emptyStringHash = crypto.createHash('sha256').update('', 'binary').digest('hex');
+// Default expiration value of the S3 pre-signed URL duration
+// 604800 seconds (seven days).
+export const legacyLocations = ['sproxyd', 'legacy'];
+export const defaultPreSignedURLExpiry = 7 * 24 * 60 * 60;
+// Regex for ISO-8601 formatted date
+export const shortIso8601Regex = /\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}Z/;
+export const longIso8601Regex = /\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}.\d{3}Z/;
+export const supportedNotificationEvents = new Set([
+    's3:ObjectCreated:*',
+    's3:ObjectCreated:Put',
+    's3:ObjectCreated:Copy',
+    's3:ObjectCreated:CompleteMultipartUpload',
+    's3:ObjectRemoved:*',
+    's3:ObjectRemoved:Delete',
+    's3:ObjectRemoved:DeleteMarkerCreated',
+    's3:ObjectTagging:*',
+    's3:ObjectTagging:Put',
+    's3:ObjectTagging:Delete',
+    's3:ObjectAcl:Put',
+]);
+export const notificationArnPrefix = 'arn:scality:bucketnotif';
+// some of the available data backends  (if called directly rather
+// than through the multiple backend gateway) need a key provided
+// as a string as first parameter of the get/delete methods.
+export const clientsRequireStringKey = { sproxyd: true, cdmi: true };
+// HTTP server keep-alive timeout is set to a higher value than
+// client's free sockets timeout to avoid the risk of triggering
+// ECONNRESET errors if the server closes the connection at the
+// exact moment clients attempt to reuse an established connection
+// for a new request.
+//
+// Note: the ability to close inactive connections on the client
+// after httpClientFreeSocketsTimeout milliseconds requires the
+// use of "agentkeepalive" module instead of the regular node.js
+// http.Agent.
+export const httpServerKeepAliveTimeout = 60000;
+export const httpClientFreeSocketTimeout = 55000;
+export const supportedLifecycleRules = [
+    'expiration',
+    'noncurrentVersionExpiration',
+    'abortIncompleteMultipartUpload',
+];
+// Maximum number of buckets to cache (bucket metadata)
+export const maxCachedBuckets = process.env.METADATA_MAX_CACHED_BUCKETS ?
+    Number(process.env.METADATA_MAX_CACHED_BUCKETS) : 1000;
+
+/** For policy resource arn check we allow empty account ID to not break compatibility */
+export const policyArnAllowedEmptyAccountId = ['utapi', 'scuba'];

lib/db.ts

@@ -1,7 +1,3 @@
-'use strict'; // eslint-disable-line strict
-
-const writeOptions = { sync: true };
-
 /**
  * Like Error, but with a property set to true.
  * TODO: this is copied from kineticlib, should consolidate with the
@@ -14,29 +10,36 @@ const writeOptions = { sync: true };
  * use:
  *     throw propError("badTypeInput", "input is not a buffer");
  *
- * @param {String} propName - the property name.
- * @param {String} message - the Error message.
- * @returns {Error} the Error object.
+ * @param propName - the property name.
+ * @param message - the Error message.
+ * @returns the Error object.
  */
-function propError(propName, message) {
+function propError(propName: string, message: string): Error {
     const err = new Error(message);
     err[propName] = true;
+    // @ts-ignore
+    err.is = { [propName]: true };
     return err;
 }
 
 /**
  * Running transaction with multiple updates to be committed atomically
  */
-class IndexTransaction {
+export class IndexTransaction {
+    operations: { type: 'put' | 'del'; key: string; value?: any }[];
+    db: any;
+    closed: boolean;
+    conditions: { [key: string]: string }[];
+
     /**
      * Builds a new transaction
      *
      * @argument {Leveldb} db an open database to which the updates
      *                     will be applied
      *
-     * @returns {IndexTransaction} a new empty transaction
+     * @returns a new empty transaction
      */
-    constructor(db) {
+    constructor(db: any) {
         this.operations = [];
         this.db = db;
         this.closed = false;
@@ -46,30 +49,34 @@ class IndexTransaction {
     /**
      * Adds a new operation to participate in this running transaction
      *
-     * @argument {object} op an object with the following attributes:
+     * @argument op an object with the following attributes:
      *                    {
      *                      type: 'put' or 'del',
      *                      key: the object key,
      *                      value: (optional for del) the value to store,
      *                    }
      *
-     * @throws {Error} an error described by the following properties
+     * @throws an error described by the following properties
      *                 - invalidTransactionVerb if op is not put or del
      *                 - pushOnCommittedTransaction if already committed
      *                 - missingKey if the key is missing from the op
      *                 - missingValue if putting without a value
-     *
-     * @returns {undefined}
      */
-    push(op) {
+    push(op: { type: 'put'; key: string; value: any }): void;
+    push(op: { type: 'del'; key: string }): void;
+    push(op: { type: 'put' | 'del'; key: string; value?: any }): void {
         if (this.closed) {
-            throw propError('pushOnCommittedTransaction',
-                            'can not add ops to already committed transaction');
+            throw propError(
+                'pushOnCommittedTransaction',
+                'can not add ops to already committed transaction'
+            );
         }
 
         if (op.type !== 'put' && op.type !== 'del') {
-            throw propError('invalidTransactionVerb',
-                            `unknown action type: ${op.type}`);
+            throw propError(
+                'invalidTransactionVerb',
+                `unknown action type: ${op.type}`
+            );
         }
 
         if (op.key === undefined) {
@@ -93,57 +100,59 @@ class IndexTransaction {
      *                 - pushOnCommittedTransaction if already committed
      *                 - missingKey if the key is missing from the op
      *                 - missingValue if putting without a value
-     *
-     * @returns {undefined}
-     *
      * @see push
      */
-    put(key, value) {
+    put(key: string, value: any) {
         this.push({ type: 'put', key, value });
     }
 
     /**
      * Adds a new del operation to this running transaction
      *
-     * @argument {string} key - the key of the object to delete
+     * @argument key - the key of the object to delete
      *
-     * @throws {Error} an error described by the following properties
+     * @throws an error described by the following properties
      *                 - pushOnCommittedTransaction if already committed
      *                 - missingKey if the key is missing from the op
      *
-     * @returns {undefined}
-     *
      * @see push
      */
-    del(key) {
+    del(key: string) {
         this.push({ type: 'del', key });
     }
 
     /**
      * Adds a condition for the transaction
      *
-     * @argument {object} condition an object with the following attributes:
+     * @argument condition an object with the following attributes:
      *                    {
      *                      <condition>: the object key
      *                    }
      *                    example: { notExists: 'key1' }
      *
-     * @throws {Error} an error described by the following properties
+     * @throws an error described by the following properties
      *                 - pushOnCommittedTransaction if already committed
      *                 - missingCondition if the condition is empty
      *
-     * @returns {undefined}
      */
-    addCondition(condition) {
+    addCondition(condition: { [key: string]: string }) {
         if (this.closed) {
-            throw propError('pushOnCommittedTransaction',
-                            'can not add conditions to already committed transaction');
+            throw propError(
+                'pushOnCommittedTransaction',
+                'can not add conditions to already committed transaction'
+            );
         }
         if (condition === undefined || Object.keys(condition).length === 0) {
-            throw propError('missingCondition', 'missing condition for conditional put');
+            throw propError(
+                'missingCondition',
+                'missing condition for conditional put'
+            );
         }
-        if (typeof (condition.notExists) !== 'string') {
-            throw propError('unsupportedConditionalOperation', 'missing key or supported condition');
+        if (typeof condition.notExists !== 'string') {
+            throw propError(
+                'unsupportedConditionalOperation',
+                'missing key or supported condition'
+            );
         }
         this.conditions.push(condition);
     }
@@ -151,32 +160,35 @@ class IndexTransaction {
     /**
      * Applies the queued updates in this transaction atomically.
      *
-     * @argument {function} cb function to be called when the commit
+     * @argument cb function to be called when the commit
      *              finishes, taking an optional error argument
      *
-     * @returns {undefined}
      */
-    commit(cb) {
+    commit(cb: (error: Error | null, data?: any) => void) {
         if (this.closed) {
-            return cb(propError('alreadyCommitted',
-                                'transaction was already committed'));
+            return cb(
+                propError(
+                    'alreadyCommitted',
+                    'transaction was already committed'
+                )
+            );
         }
 
         if (this.operations.length === 0) {
-            return cb(propError('emptyTransaction',
-                                'tried to commit an empty transaction'));
+            return cb(
+                propError(
+                    'emptyTransaction',
+                    'tried to commit an empty transaction'
+                )
+            );
         }
 
         this.closed = true;
-        writeOptions.conditions = this.conditions;
+        const options = { sync: true, conditions: this.conditions };
 
         // The array-of-operations variant of the `batch` method
         // allows passing options such has `sync: true` whereas the
         // chained form does not.
-        return this.db.batch(this.operations, writeOptions, cb);
+        return this.db.batch(this.operations, options, cb);
     }
 }
-
-module.exports = {
-    IndexTransaction,
-};

lib/errorUtils.ts

@@ -0,0 +1,11 @@
+export interface ErrorLike {
+    message: any;
+    code: any;
+    stack: any;
+    name: any;
+}
+
+export function reshapeExceptionError(error: ErrorLike) {
+    const { message, code, stack, name } = error;
+    return { message, code, stack, name };
+}

lib/errors.js

@@ -1,87 +0,0 @@
-'use strict'; // eslint-disable-line strict
-
-/**
- * ArsenalError
- *
- * @extends {Error}
- */
-class ArsenalError extends Error {
-    /**
-     * constructor.
-     *
-     * @param {string} type - Type of error or message
-     * @param {number} code - HTTP status code
-     * @param {string} desc - Verbose description of error
-     */
-    constructor(type, code, desc) {
-        super(type);
-
-        /**
-         * HTTP status code of error
-         * @type {number}
-         */
-        this.code = code;
-
-        /**
-         * Description of error
-         * @type {string}
-         */
-        this.description = desc;
-
-        this[type] = true;
-    }
-
-    /**
-     * Output the error as a JSON string
-     * @returns {string} Error as JSON string
-     */
-    toString() {
-        return JSON.stringify({
-            errorType: this.message,
-            errorMessage: this.description,
-        });
-    }
-
-    /**
-     * Write the error in an HTTP response
-     *
-     * @param { http.ServerResponse } res - Response we are responding to
-     * @returns {undefined}
-     */
-    writeResponse(res) {
-        res.writeHead(this.code);
-        res.end(this.toString());
-    }
-
-    /**
-     * customizeDescription returns a new ArsenalError with a new description
-     * with the same HTTP code and message.
-     *
-     * @param {string} description - New error description
-     * @returns {ArsenalError} New error
-     */
-    customizeDescription(description) {
-        return new ArsenalError(this.message, this.code, description);
-    }
-}
-
-/**
- * Generate an Errors instances object.
- *
- * @returns {Object.<string, ArsenalError>} - object field by arsenalError
- *                                            instances
- */
-function errorsGen() {
-    const errors = {};
-    const errorsObj = require('../errors/arsenalErrors.json');
-
-    Object.keys(errorsObj)
-          .filter(index => index !== '_comment')
-          .forEach(index => {
-              errors[index] = new ArsenalError(index, errorsObj[index].code,
-                                               errorsObj[index].description);
-          });
-    return errors;
-}
-
-module.exports = errorsGen();

lib/errors/index.ts

@@ -0,0 +1,150 @@
+import type { ServerResponse } from 'http';
+import * as rawErrors from './arsenalErrors';
+
+/** All possible errors names. */
+export type Name = keyof typeof rawErrors
+/** Object containing all errors names. It has the format { [Name]: "Name" } */
+export type Names = { [Name_ in Name]: Name_ };
+/** Mapping used to determine an error type. It has the format { [Name]: boolean } */
+export type Is = { [_ in Name]: boolean };
+/** Mapping of all possible Errors. It has the format { [Name]: Error } */
+export type Errors = { [_ in Name]: ArsenalError };
+
+// This object is reused constantly through createIs, we store it there
+// to avoid recomputation.
+const isBase = Object.fromEntries(
+    Object.keys(rawErrors).map(key => [key, false])
+) as Is;
+
+// This allows to conditionally add the old behavior of errors to properly
+// test migration.
+// Activate CI tests with `ALLOW_UNSAFE_ERROR_COMPARISON=false yarn test`.
+// Remove this mechanism in ARSN-176.
+export const allowUnsafeErrComp = (
+    process.env.ALLOW_UNSAFE_ERROR_COMPARISON ?? 'true') === 'true'
+
+// This contains some metaprog. Be careful.
+// Proxy can be found on MDN.
+// https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Proxy
+// While this could seems better to avoid metaprog, this allows us to enforce
+// type-checking properly while avoiding all errors that could happen at runtime.
+// Even if some errors are made in JavaScript, like using err.is.NonExistingError,
+// the Proxy will return false.
+const createIs = (type: Name): Is => {
+    const get = (is: Is, value: string | symbol) => is[value] ?? false;
+    const final = Object.freeze({ ...isBase, [type]: true })
+    return new Proxy(final, { get });
+};
+
+export class ArsenalError extends Error {
+    /** HTTP status code. Example: 401, 403, 500, ... */
+    #code: number;
+    /** Text description of the error. */
+    #description: string;
+    /** Type of the error. */
+    #type: Name;
+    /** Object used to determine the error type.
+     * Example: error.is.InternalError */
+    #is: Is;
+
+    private constructor(type: Name, code: number, description: string) {
+        super(type);
+        this.#code = code;
+        this.#description = description;
+        this.#type = type;
+        this.#is = createIs(type);
+
+        // This restores the old behavior of errors, to make sure they're now
+        // backward-compatible. Fortunately it's handled by TS, but it cannot
+        // be type-checked. This means we have to be extremely careful about
+        // what we're doing when using errors.
+        // Disables the feature when in CI tests but not in production.
+        if (allowUnsafeErrComp) {
+            this[type] = true;
+        }
+    }
+
+    /** Output the error as a JSON string */
+    toString() {
+        const errorType = this.message;
+        const errorMessage = this.#description;
+        return JSON.stringify({ errorType, errorMessage });
+    }
+
+    flatten() {
+        return {
+            is_arsenal_error: true,
+            code: this.#code,
+            description: this.#description,
+            type: this.#type,
+            stack: this.stack
+        }
+    }
+
+    static unflatten(flat_obj) {
+        if (!flat_obj.is_arsenal_error) {
+            return null;
+        }
+
+        const err = new ArsenalError(
+            flat_obj.type,
+            flat_obj.code,
+            flat_obj.description
+        )
+        err.stack = flat_obj.stack
+        return err;
+    }
+
+    /** Write the error in an HTTP response */
+    writeResponse(res: ServerResponse) {
+        res.writeHead(this.#code);
+        const asStr = this.toString();
+        res.end(asStr);
+    }
+
+    /** Clone the error with a new description.*/
+    customizeDescription(description: string): ArsenalError {
+        const type = this.#type;
+        const code = this.#code;
+        return new ArsenalError(type, code, description);
+    }
+
+    /** Used to determine the error type. Example: error.is.InternalError */
+    get is() {
+        return this.#is;
+    }
+
+    /** HTTP status code. Example: 401, 403, 500, ... */
+    get code() {
+        return this.#code;
+    }
+
+    /** Text description of the error. */
+    get description() {
+        return this.#description;
+    }
+
+    /**
+     * Type of the error, belonging to Name. is should be prefered instead of
+     * type in a daily-basis, but type remains accessible for future use. */
+    get type() {
+        return this.#type;
+    }
+
+    /** Generate all possible errors. An instance is created by default. */
+    static errors() {
+        const errors = {}
+        Object.entries(rawErrors).forEach((value) => {
+            const name = value[0] as Name;
+            const error = value[1];
+            const { code, description } = error;
+            const get = () => new ArsenalError(name, code, description);
+            Object.defineProperty(errors, name, { get });
+        });
+        return errors as Errors
+    }
+}
+
+/** Mapping of all possible Errors.
+ * Use them with errors[error].customizeDescription for any customization. */
+export default ArsenalError.errors();

lib/executables/pensieveCreds/tests/unit/utilsSpec.js

@@ -17,9 +17,9 @@ describe('decyrptSecret', () => {
 describe('parseServiceCredentials', () => {
     const conf = {
         users: [{ accessKey,
-        accountType: 'service-clueso',
-        secretKey,
-        userName: 'Search Service Account' }],
+            accountType: 'service-clueso',
+            secretKey,
+            userName: 'Search Service Account' }],
     };
     const auth = JSON.stringify({ privateKey });
 

lib/https/ciphers.ts

@@ -1,6 +1,4 @@
-'use strict'; // eslint-disable-line strict
-
-const ciphers = [
+export const ciphers = [
     'DHE-RSA-AES128-GCM-SHA256',
     'ECDHE-ECDSA-AES128-GCM-SHA256',
     'ECDHE-RSA-AES256-GCM-SHA384',
@@ -28,7 +26,3 @@ const ciphers = [
     '!EDH-RSA-DES-CBC3-SHA',
     '!KRB5-DES-CBC3-SHA',
 ].join(':');
-
-module.exports = {
-    ciphers,
-};

lib/https/dh2048.ts

@@ -29,16 +29,11 @@ c2CNfUEqyRbJF4pE9ZcdQReT5p/llmyhQdvq6cHH+cKJk63C6DHRVoStsnsUcvKe
 bLxKsygK77ttjr61cxLoDJeGd5L5h1CPmwIBAg==
 -----END DH PARAMETERS-----
  */
-'use strict'; // eslint-disable-line strict
 
-const dhparam =
+export const dhparam =
     'MIIBCAKCAQEAh99T77KGNuiY9N6xrCJ3QNv4SFADTa3CD+1VMTAdRJLHUNpglB+i' +
     'AoTYiLDFZgtTCpx0ZZUD+JM3qiCZy0OK5/ZGlVD7sZmxjRtdpVK4qIPtwav8t0J7' +
     'c2CNfUEqyRbJF4pE9ZcdQReT5p/llmyhQdvq6cHH+cKJk63C6DHRVoStsnsUcvKe' +
     '23PLGZulKg8H3eRBxHamHkmyuEVDtoNhMIoJONsdXSpo5GgcD4EQMM8xb/qsnCxn' +
     '6QIGTBvcHskxtlTZOfUPk4XQ6Yb3tQi2TurzkQHLln4U7p/GZs+D+6D3SgSPqr6P' +
     'bLxKsygK77ttjr61cxLoDJeGd5L5h1CPmwIBAg==';
-
-module.exports = {
-    dhparam,
-};

lib/https/index.ts

@@ -0,0 +1,2 @@
+export * as ciphers from './ciphers'
+export * as dhparam from './dh2048'

lib/ipCheck.js

@@ -1,83 +0,0 @@
-'use strict'; // eslint-disable-line strict
-
-const ipaddr = require('ipaddr.js');
-
-/**
- * checkIPinRangeOrMatch checks whether a given ip address is in an ip address
- * range or matches the given ip address
- * @param {string} cidr - ip address range or ip address
- * @param {object} ip - parsed ip address
- * @return {boolean} true if in range, false if not
- */
-function checkIPinRangeOrMatch(cidr, ip) {
-    // If there is an exact match of the ip address, no need to check ranges
-    if (ip.toString() === cidr) {
-        return true;
-    }
-    let range;
-
-    try {
-        range = ipaddr.IPv4.parseCIDR(cidr);
-    } catch (err) {
-        try {
-        // not ipv4 so try ipv6
-            range = ipaddr.IPv6.parseCIDR(cidr);
-        } catch (err) {
-            // range is not valid ipv4 or ipv6
-            return false;
-        }
-    }
-    try {
-        return ip.match(range);
-    } catch (err) {
-        return false;
-    }
-}
-
-/**
-* Parse IP address into object representation
-* @param {string} ip - IPV4/IPV6/IPV4-mapped IPV6 address
-* @return {object} parsedIp - Object representation of parsed IP
-*/
-function parseIp(ip) {
-    if (ipaddr.IPv4.isValid(ip)) {
-        return ipaddr.parse(ip);
-    }
-    if (ipaddr.IPv6.isValid(ip)) {
-        // also parses IPv6 mapped IPv4 addresses into IPv4 representation
-        return ipaddr.process(ip);
-    }
-    // not valid ip address according to module, so return empty object
-    // which will obviously not match a range of ip addresses that the parsedIp
-    // is being tested against
-    return {};
-}
-
-
-/**
-* Checks if an IP adress matches a given list of CIDR ranges
-* @param {string[]} cidrList - List of CIDR ranges
-* @param {string} ip - IP address
-* @return {boolean} - true if there is match or false for no match
-*/
-function ipMatchCidrList(cidrList, ip) {
-    const parsedIp = parseIp(ip);
-    return cidrList.some(item => {
-        let cidr;
-        // patch the cidr if range is not specified
-        if (item.indexOf('/') === -1) {
-            if (item.startsWith('127.')) {
-                cidr = `${item}/8`;
-            } else if (ipaddr.IPv4.isValid(item)) {
-                cidr = `${item}/32`;
-            }
-        }
-        return checkIPinRangeOrMatch(cidr || item, parsedIp);
-    });
-}
-
-module.exports = {
-    checkIPinRangeOrMatch,
-    ipMatchCidrList,
-    parseIp,
-};

lib/ipCheck.ts

@@ -0,0 +1,71 @@
+import ipaddr from 'ipaddr.js';
+
+/**
+ * checkIPinRangeOrMatch checks whether a given ip address is in an ip address
+ * range or matches the given ip address
+ * @param cidr - ip address range or ip address
+ * @param ip - parsed ip address
+ * @return true if in range, false if not
+ */
+export function checkIPinRangeOrMatch(
+    cidr: string,
+    ip: ipaddr.IPv4 | ipaddr.IPv6,
+): boolean {
+    // If there is an exact match of the ip address, no need to check ranges
+    if (ip.toString() === cidr) {
+        return true;
+    }
+    try {
+        if (ip instanceof ipaddr.IPv6) {
+            const range = ipaddr.IPv6.parseCIDR(cidr);
+            return ip.match(range);
+        } else {
+            const range = ipaddr.IPv4.parseCIDR(cidr);
+            return ip.match(range);
+        }
+    } catch (error) {
+        return false;
+    }
+}
+
+/**
+ * Parse IP address into object representation
+ * @param ip - IPV4/IPV6/IPV4-mapped IPV6 address
+ * @return parsedIp - Object representation of parsed IP
+ */
+export function parseIp(ip: string): ipaddr.IPv4 | ipaddr.IPv6 | {} {
+    if (ipaddr.IPv4.isValid(ip)) {
+        return ipaddr.parse(ip);
+    }
+    if (ipaddr.IPv6.isValid(ip)) {
+        // also parses IPv6 mapped IPv4 addresses into IPv4 representation
+        return ipaddr.process(ip);
+    }
+    return {};
+}
+
+/**
+ * Checks if an IP adress matches a given list of CIDR ranges
+ * @param cidrList - List of CIDR ranges
+ * @param ip - IP address
+ * @return - true if there is match or false for no match
+ */
+export function ipMatchCidrList(cidrList: string[], ip: string): boolean {
+    const parsedIp = parseIp(ip);
+    return cidrList.some((item) => {
+        let cidr: string | undefined;
+        // patch the cidr if range is not specified
+        if (item.indexOf('/') === -1) {
+            if (item.startsWith('127.')) {
+                cidr = `${item}/8`;
+            } else if (ipaddr.IPv4.isValid(item)) {
+                cidr = `${item}/32`;
+            }
+        }
+        return (
+            (parsedIp instanceof ipaddr.IPv4 ||
+                parsedIp instanceof ipaddr.IPv6) &&
+            checkIPinRangeOrMatch(cidr || item, parsedIp)
+        );
+    });
+}

lib/jsutil.js

@@ -1,32 +0,0 @@
-'use strict'; // eslint-disable-line
-
-const debug = require('util').debuglog('jsutil');
-
-// JavaScript utility functions
-
-/**
- * force <tt>func</tt> to be called only once, even if actually called
- * multiple times. The cached result of the first call is then
- * returned (if any).
- *
- * @note underscore.js provides this functionality but not worth
- * adding a new dependency for such a small use case.
- *
- * @param {function} func function to call at most once
-
- * @return {function} a callable wrapper mirroring <tt>func</tt> but
- * only calls <tt>func</tt> at first invocation.
- */
-module.exports.once = function once(func) {
-    const state = { called: false, res: undefined };
-    return function wrapper(...args) {
-        if (!state.called) {
-            state.called = true;
-            state.res = func.apply(func, args);
-        } else {
-            debug('function already called:', func,
-                  'returning cached result:', state.res);
-        }
-        return state.res;
-    };
-};

lib/jsutil.ts

@@ -0,0 +1,33 @@
+import * as util from 'util';
+const debug = util.debuglog('jsutil');
+
+// JavaScript utility functions
+
+/**
+ * force <tt>func</tt> to be called only once, even if actually called
+ * multiple times. The cached result of the first call is then
+ * returned (if any).
+ *
+ * @note underscore.js provides this functionality but not worth
+ * adding a new dependency for such a small use case.
+ *
+ * @param func function to call at most once
+
+ * @return a callable wrapper mirroring <tt>func</tt> but
+ * only calls <tt>func</tt> at first invocation.
+ */
+export function once<T>(func: (...args: any[]) => T): (...args: any[]) => T {
+    type State = { called: boolean; res: any };
+    const state: State = { called: false, res: undefined };
+    return function wrapper(...args: any[]) {
+        if (!state.called) {
+            state.called = true;
+            state.res = func.apply(func, args);
+        } else {
+            const m1 = 'function already called:';
+            const m2 = 'returning cached result:';
+            debug(m1, func, m2, state.res);
+        }
+        return state.res;
+    };
+}

lib/metrics/RedisClient.js

@@ -1,162 +0,0 @@
-const Redis = require('ioredis');
-
-class RedisClient {
-    /**
-    * @constructor
-    * @param {Object} config - config
-    * @param {string} config.host - Redis host
-    * @param {number} config.port - Redis port
-    * @param {string} config.password - Redis password
-    * @param {werelogs.Logger} logger - logger instance
-    */
-    constructor(config, logger) {
-        this._client = new Redis(config);
-        this._client.on('error', err =>
-            logger.trace('error from redis', {
-                error: err,
-                method: 'RedisClient.constructor',
-                redisHost: config.host,
-                redisPort: config.port,
-            })
-        );
-        return this;
-    }
-
-    /**
-    * increment value of a key by 1 and set a ttl
-    * @param {string} key - key holding the value
-    * @param {number} expiry - expiry in seconds
-    * @param {callback} cb - callback
-    * @return {undefined}
-    */
-    incrEx(key, expiry, cb) {
-        return this._client
-            .multi([['incr', key], ['expire', key, expiry]])
-            .exec(cb);
-    }
-
-    /**
-     * increment value of a key by a given amount and set a ttl
-     * @param {string} key - key holding the value
-     * @param {number} amount - amount to increase by
-     * @param {number} expiry - expiry in seconds
-     * @param {callback} cb - callback
-     * @return {undefined}
-     */
-    incrbyEx(key, amount, expiry, cb) {
-        return this._client
-            .multi([['incrby', key, amount], ['expire', key, expiry]])
-            .exec(cb);
-    }
-
-    /**
-    * execute a batch of commands
-    * @param {string[]} cmds - list of commands
-    * @param {callback} cb - callback
-    * @return {undefined}
-    */
-    batch(cmds, cb) {
-        return this._client.pipeline(cmds).exec(cb);
-    }
-
-    /**
-     * Checks if a key exists
-     * @param {string} key - name of key
-     * @param {function} cb - callback
-     *   If cb response returns 0, key does not exist.
-     *   If cb response returns 1, key exists.
-     * @return {undefined}
-     */
-    exists(key, cb) {
-        return this._client.exists(key, cb);
-    }
-
-    /**
-     * Add a value and its score to a sorted set. If no sorted set exists, this
-     * will create a new one for the given key.
-     * @param {string} key - name of key
-     * @param {integer} score - score used to order set
-     * @param {string} value - value to store
-     * @param {callback} cb - callback
-     * @return {undefined}
-     */
-    zadd(key, score, value, cb) {
-        return this._client.zadd(key, score, value, cb);
-    }
-
-    /**
-     * Get number of elements in a sorted set.
-     * Note: using this on a key that does not exist will return 0.
-     * Note: using this on an existing key that isn't a sorted set will
-     * return an error WRONGTYPE.
-     * @param {string} key - name of key
-     * @param {function} cb - callback
-     * @return {undefined}
-     */
-    zcard(key, cb) {
-        return this._client.zcard(key, cb);
-    }
-
-    /**
-     * Get the score for given value in a sorted set
-     * Note: using this on a key that does not exist will return nil.
-     * Note: using this on a value that does not exist in a valid sorted set key
-     *       will return nil.
-     * @param {string} key - name of key
-     * @param {string} value - value within sorted set
-     * @param {function} cb - callback
-     * @return {undefined}
-     */
-    zscore(key, value, cb) {
-        return this._client.zscore(key, value, cb);
-    }
-
-    /**
-     * Remove a value from a sorted set
-     * @param {string} key - name of key
-     * @param {string|array} value - value within sorted set. Can specify
-     *   multiple values within an array
-     * @param {function} cb - callback
-     *   The cb response returns number of values removed
-     * @return {undefined}
-     */
-    zrem(key, value, cb) {
-        return this._client.zrem(key, value, cb);
-    }
-
-    /**
-     * Get specified range of elements in a sorted set
-     * @param {string} key - name of key
-     * @param {integer} start - start index (inclusive)
-     * @param {integer} end - end index (inclusive) (can use -1)
-     * @param {function} cb - callback
-     * @return {undefined}
-     */
-    zrange(key, start, end, cb) {
-        return this._client.zrange(key, start, end, cb);
-    }
-
-    /**
-     * Get range of elements in a sorted set based off score
-     * @param {string} key - name of key
-     * @param {integer|string} min - min score value (inclusive)
-     *   (can use "-inf")
-     * @param {integer|string} max - max score value (inclusive)
-     *   (can use "+inf")
-     * @param {function} cb - callback
-     * @return {undefined}
-     */
-    zrangebyscore(key, min, max, cb) {
-        return this._client.zrangebyscore(key, min, max, cb);
-    }
-
-    clear(cb) {
-        return this._client.flushdb(cb);
-    }
-
-    disconnect() {
-        this._client.disconnect();
-    }
-}
-
-module.exports = RedisClient;

lib/metrics/RedisClient.ts

@@ -0,0 +1,126 @@
+import Redis from 'ioredis';
+import { Logger } from 'werelogs';
+
+export type Config = { host: string; port: number; password: string };
+export type Callback = (error: Error | null, value?: any) => void;
+
+export default class RedisClient {
+    _client: Redis.Redis;
+
+    constructor(config: Config, logger: Logger) {
+        this._client = new Redis(config);
+        this._client.on('error', err =>
+            logger.trace('error from redis', {
+                error: err,
+                method: 'RedisClient.constructor',
+                redisHost: config.host,
+                redisPort: config.port,
+            })
+        );
+        return this;
+    }
+
+    /** increment value of a key by 1 and set a ttl */
+    incrEx(key: string, expiry: number, cb: Callback) {
+        const exp = expiry.toString();
+        return this._client
+            .multi([['incr', key], ['expire', key, exp]])
+            .exec(cb);
+    }
+
+    /** increment value of a key by a given amount and set a ttl */
+    incrbyEx(key: string, amount: number, expiry: number, cb: Callback) {
+        const am = amount.toString();
+        const exp = expiry.toString();
+        return this._client
+            .multi([['incrby', key, am], ['expire', key, exp]])
+            .exec(cb);
+    }
+
+    /** execute a batch of commands */
+    batch(cmds: string[][], cb: Callback) {
+        return this._client.pipeline(cmds).exec(cb);
+    }
+
+    /**
+     * Checks if a key exists
+     * @param cb - callback
+     *   If cb response returns 0, key does not exist.
+     *   If cb response returns 1, key exists.
+     */
+    exists(key: string, cb: Callback) {
+        return this._client.exists(key, cb);
+    }
+
+    /**
+     * Add a value and its score to a sorted set. If no sorted set exists, this
+     * will create a new one for the given key.
+     * @param score - score used to order set
+     */
+    zadd(key: string, score: number, value: string, cb: Callback) {
+        return this._client.zadd(key, score, value, cb);
+    }
+
+    /**
+     * Get number of elements in a sorted set.
+     * Note: using this on a key that does not exist will return 0.
+     * Note: using this on an existing key that isn't a sorted set will
+     * return an error WRONGTYPE.
+     */
+    zcard(key: string, cb: Callback) {
+        return this._client.zcard(key, cb);
+    }
+
+    /**
+     * Get the score for given value in a sorted set
+     * Note: using this on a key that does not exist will return nil.
+     * Note: using this on a value that does not exist in a valid sorted set key
+     *       will return nil.
+     */
+     zscore(key: string, value: string, cb: Callback) {
+        return this._client.zscore(key, value, cb);
+    }
+
+    /**
+     * Remove a value from a sorted set
+     * @param value - value within sorted set. Can specify multiple values within an array
+     * @param {function} cb - callback
+     *   The cb response returns number of values removed
+     */
+    zrem(key: string, value: string | string[], cb: Callback) {
+        return this._client.zrem(key, value, cb);
+    }
+
+    /**
+     * Get specified range of elements in a sorted set
+     * @param start - start index (inclusive)
+     * @param end - end index (inclusive) (can use -1)
+     */
+    zrange(key: string, start: number, end: number, cb: Callback) {
+        return this._client.zrange(key, start, end, cb);
+    }
+
+    /**
+     * Get range of elements in a sorted set based off score
+     * @param min - min score value (inclusive)
+     *   (can use "-inf")
+     * @param max - max score value (inclusive)
+     *   (can use "+inf")
+     */
+    zrangebyscore(
+        key: string,
+        min: number | string,
+        max: number | string,
+        cb: Callback,
+    ) {
+        return this._client.zrangebyscore(key, min, max, cb);
+    }
+
+    clear(cb: Callback) {
+        return this._client.flushdb(cb);
+    }
+
+    disconnect() {
+        this._client.disconnect();
+    }
+}

lib/metrics/StatsClient.ts

@@ -1,62 +1,66 @@
-const async = require('async');
+import async from 'async';
+import RedisClient from './RedisClient';
+import { Logger } from 'werelogs';
+
+export default class StatsClient {
+    _redis: RedisClient;
+    _interval: number;
+    _expiry: number;
 
-class StatsClient {
     /**
     * @constructor
-    * @param {object} redisClient - RedisClient instance
-    * @param {number} interval - sampling interval by seconds
-    * @param {number} expiry - sampling duration by seconds
+    * @param redisClient - RedisClient instance
+    * @param interval - sampling interval by seconds
+    * @param expiry - sampling duration by seconds
     */
-    constructor(redisClient, interval, expiry) {
+    constructor(redisClient: RedisClient, interval: number, expiry: number) {
         this._redis = redisClient;
         this._interval = interval;
         this._expiry = expiry;
         return this;
     }
 
-    /*
-    * Utility function to use when callback is undefined
-    */
+    /** Utility function to use when callback is undefined */
     _noop() {}
 
     /**
     * normalize to the nearest interval
-    * @param {object} d - Date instance
-    * @return {number} timestamp - normalized to the nearest interval
+    * @param d - Date instance
+    * @return timestamp - normalized to the nearest interval
     */
-    _normalizeTimestamp(d) {
+    _normalizeTimestamp(d: Date): number {
         const s = d.getSeconds();
         return d.setSeconds(s - s % this._interval, 0);
     }
 
     /**
     * set timestamp to the previous interval
-    * @param {object} d - Date instance
-    * @return {number} timestamp - set to the previous interval
+    * @param d - Date instance
+    * @return timestamp - set to the previous interval
     */
-    _setPrevInterval(d) {
+    _setPrevInterval(d: Date): number {
         return d.setSeconds(d.getSeconds() - this._interval);
     }
 
     /**
     * build redis key to get total number of occurrences on the server
-    * @param {string} name - key name identifier
-    * @param {object} d - Date instance
-    * @return {string} key - key for redis
+    * @param name - key name identifier
+    * @param d - Date instance
+    * @return key - key for redis
     */
-    _buildKey(name, d) {
+    _buildKey(name: string, d: Date): string {
         return `${name}:${this._normalizeTimestamp(d)}`;
     }
 
     /**
     * reduce the array of values to a single value
     * typical input looks like [[null, '1'], [null, '2'], [null, null]...]
-    * @param {array} arr - Date instance
-    * @return {string} key - key for redis
+    * @param arr - Date instance
+    * @return key - key for redis
     */
-    _getCount(arr) {
+    _getCount(arr: [any, string | null][]): number {
         return arr.reduce((prev, a) => {
-            let num = parseInt(a[1], 10);
+            let num = parseInt(a[1] ?? '', 10);
             num = Number.isNaN(num) ? 0 : num;
             return prev + num;
         }, 0);
@@ -64,18 +68,20 @@ class StatsClient {
 
     /**
     * report/record a new request received on the server
-    * @param {string} id - service identifier
-    * @param {number} incr - optional param increment
-    * @param {function} cb - callback
-    * @return {undefined}
+    * @param id - service identifier
+    * @param incr - optional param increment
     */
-    reportNewRequest(id, incr, cb) {
+    reportNewRequest(
+        id: string,
+        incr?: number | ((error: Error | null, value?: any) => void),
+        cb?: (error: Error | null, value?: any) => void,
+    ) {
         if (!this._redis) {
             return undefined;
         }
 
-        let callback;
-        let amount;
+        let callback: (error: Error | null, value?: any) => void;
+        let amount: number;
         if (typeof incr === 'function') {
             // In case where optional `incr` is not passed, but `cb` is passed
             callback = incr;
@@ -92,11 +98,9 @@ class StatsClient {
 
     /**
     * report/record a request that ended up being a 500 on the server
-    * @param {string} id - service identifier
-    * @param {callback} cb - callback
-    * @return {undefined}
+    * @param id - service identifier
     */
-    report500(id, cb) {
+    report500(id: string, cb?: (error: Error | null, value?: any) => void) {
         if (!this._redis) {
             return undefined;
         }
@@ -107,19 +111,17 @@ class StatsClient {
 
     /**
     * get stats for the last x seconds, x being the sampling duration
-    * @param {object} log - Werelogs request logger
-    * @param {string} id - service identifier
-    * @param {callback} cb - callback to call with the err/result
-    * @return {undefined}
+    * @param log - Werelogs request logger
+    * @param id - service identifier
     */
-    getStats(log, id, cb) {
+    getStats(log: Logger, id: string, cb: (error: Error | null, value?: any) => void) {
         if (!this._redis) {
             return cb(null, {});
         }
         const d = new Date();
         const totalKeys = Math.floor(this._expiry / this._interval);
-        const reqsKeys = [];
-        const req500sKeys = [];
+        const reqsKeys: ['get', string][] = [];
+        const req500sKeys: ['get', string][] = [];
         for (let i = 0; i < totalKeys; i++) {
             reqsKeys.push(['get', this._buildKey(`${id}:requests`, d)]);
             req500sKeys.push(['get', this._buildKey(`${id}:500s`, d)]);
@@ -153,11 +155,9 @@ class StatsClient {
                 */
                 return cb(null, statsRes);
             }
-            statsRes.requests = this._getCount(results[0]);
-            statsRes['500s'] = this._getCount(results[1]);
+            statsRes.requests = this._getCount((results as any)[0]);
+            statsRes['500s'] = this._getCount((results as any)[1]);
             return cb(null, statsRes);
         });
     }
 }
-
-module.exports = StatsClient;

lib/metrics/StatsModel.ts

@@ -1,35 +1,36 @@
-const StatsClient = require('./StatsClient');
- /**
+import StatsClient from './StatsClient';
+
+/**
  * @class StatsModel
  *
  * @classdesc Extend and overwrite how timestamps are normalized by minutes
  * rather than by seconds
  */
-class StatsModel extends StatsClient {
+export default class StatsModel extends StatsClient {
     /**
      * normalize date timestamp to the nearest hour
-     * @param {Date} d - Date instance
-     * @return {number} timestamp - normalized to the nearest hour
+     * @param d - Date instance
+     * @return timestamp - normalized to the nearest hour
      */
-    normalizeTimestampByHour(d) {
+    normalizeTimestampByHour(d: Date): number {
         return d.setMinutes(0, 0, 0);
     }
 
     /**
      * get previous hour to date given
-     * @param {Date} d - Date instance
-     * @return {number} timestamp - one hour prior to date passed
+     * @param d - Date instance
+     * @return timestamp - one hour prior to date passed
      */
-    _getDatePreviousHour(d) {
+    _getDatePreviousHour(d: Date): number {
         return d.setHours(d.getHours() - 1);
     }
 
     /**
      * normalize to the nearest interval
-     * @param {object} d - Date instance
-     * @return {number} timestamp - normalized to the nearest interval
+     * @param d - Date instance
+     * @return timestamp - normalized to the nearest interval
      */
-    _normalizeTimestamp(d) {
+    _normalizeTimestamp(d: Date): number {
         const m = d.getMinutes();
         return d.setMinutes(m - m % (Math.floor(this._interval / 60)), 0, 0);
     }
@@ -38,14 +39,16 @@ class StatsModel extends StatsClient {
      * override the method to get the result as an array of integers separated
      * by each interval
      * typical input looks like [[null, '1'], [null, '2'], [null, null]...]
-     * @param {array} arr - each index contains the result of each batch command
+     * @param arr - each index contains the result of each batch command
      *   where index 0 signifies the error and index 1 contains the result
-     * @return {array} array of integers, ordered from most recent interval to
+     * @return array of integers, ordered from most recent interval to
      *   oldest interval
      */
-    _getCount(arr) {
-        return arr.reduce((store, i) => {
-            let num = parseInt(i[1], 10);
+    // @ts-ignore
+    // TODO change name or conform to parent class method
+    _getCount(arr: [any, string | null][]) {
+        return arr.reduce<number[]>((store, i) => {
+            let num = parseInt(i[1] ?? '', 10);
             num = Number.isNaN(num) ? 0 : num;
             store.push(num);
             return store;
@@ -54,11 +57,11 @@ class StatsModel extends StatsClient {
 
     /**
      * get list of sorted set key timestamps
-     * @param {number} epoch - epoch time
-     * @return {array} array of sorted set key timestamps
+     * @param epoch - epoch time
+     * @return array of sorted set key timestamps
      */
-    getSortedSetHours(epoch) {
-        const timestamps = [];
+    getSortedSetHours(epoch: number) {
+        const timestamps: number[] = [];
         let date = this.normalizeTimestampByHour(new Date(epoch));
         while (timestamps.length < 24) {
             timestamps.push(date);
@@ -69,22 +72,26 @@ class StatsModel extends StatsClient {
 
     /**
      * get the normalized hour timestamp for given epoch time
-     * @param {number} epoch - epoch time
-     * @return {string} normalized hour timestamp for given time
+     * @param epoch - epoch time
+     * @return normalized hour timestamp for given time
      */
-    getSortedSetCurrentHour(epoch) {
+    getSortedSetCurrentHour(epoch: number) {
         return this.normalizeTimestampByHour(new Date(epoch));
     }
 
     /**
      * helper method to add element to a sorted set, applying TTL if new set
-     * @param {string} key - name of key
-     * @param {integer} score - score used to order set
-     * @param {string} value - value to store
-     * @param {callback} cb - callback
-     * @return {undefined}
+     * @param key - name of key
+     * @param score - score used to order set
+     * @param value - value to store
+     * @param cb - callback
      */
-    addToSortedSet(key, score, value, cb) {
+    addToSortedSet(
+        key: string,
+        score: number,
+        value: string,
+        cb: (error: Error | null, value?: any) => void,
+    ) {
         this._redis.exists(key, (err, resCode) => {
             if (err) {
                 return cb(err);
@@ -97,14 +104,14 @@ class StatsModel extends StatsClient {
                 const ttl = Math.ceil(
                     (msInADay - (Date.now() - nearestHour)) / 1000);
                 const cmds = [
-                    ['zadd', key, score, value],
-                    ['expire', key, ttl],
+                    ['zadd', key, score.toString(), value],
+                    ['expire', key, ttl.toString()],
                 ];
                 return this._redis.batch(cmds, (err, res) => {
                     if (err) {
                         return cb(err);
                     }
-                    const cmdErr = res.find(r => r[0] !== null);
+                    const cmdErr = res.find((r: any) => r[0] !== null);
                     if (cmdErr) {
                         return cb(cmdErr);
                     }
@@ -116,5 +123,3 @@ class StatsModel extends StatsClient {
         });
     }
 }
-
-module.exports = StatsModel;

lib/metrics/ZenkoMetrics.js

@@ -1,40 +0,0 @@
-const promClient = require('prom-client');
-
-const collectDefaultMetricsIntervalMs =
-      process.env.COLLECT_DEFAULT_METRICS_INTERVAL_MS !== undefined ?
-      Number.parseInt(process.env.COLLECT_DEFAULT_METRICS_INTERVAL_MS, 10) :
-      10000;
-
-promClient.collectDefaultMetrics({ timeout: collectDefaultMetricsIntervalMs });
-
-class ZenkoMetrics {
-    static createCounter(params) {
-        return new promClient.Counter(params);
-    }
-
-    static createGauge(params) {
-        return new promClient.Gauge(params);
-    }
-
-    static createHistogram(params) {
-        return new promClient.Histogram(params);
-    }
-
-    static createSummary(params) {
-        return new promClient.Summary(params);
-    }
-
-    static getMetric(name) {
-        return promClient.register.getSingleMetric(name);
-    }
-
-    static asPrometheus() {
-        return promClient.register.metrics();
-    }
-
-    static asPrometheusContentType() {
-        return promClient.register.contentType;
-    }
-}
-
-module.exports = ZenkoMetrics;

lib/metrics/ZenkoMetrics.ts

@@ -0,0 +1,35 @@
+import promClient from 'prom-client';
+
+export default class ZenkoMetrics {
+    static createCounter(params: promClient.CounterConfiguration<string>) {
+        return new promClient.Counter(params);
+    }
+
+    static createGauge(params: promClient.GaugeConfiguration<string>) {
+        return new promClient.Gauge(params);
+    }
+
+    static createHistogram(params: promClient.HistogramConfiguration<string>) {
+        return new promClient.Histogram(params);
+    }
+
+    static createSummary(params: promClient.SummaryConfiguration<string>) {
+        return new promClient.Summary(params);
+    }
+
+    static getMetric(name: string) {
+        return promClient.register.getSingleMetric(name);
+    }
+
+    static async asPrometheus() {
+        return promClient.register.metrics();
+    }
+
+    static asPrometheusContentType() {
+        return promClient.register.contentType;
+    }
+
+    static collectDefaultMetrics() {
+        return promClient.collectDefaultMetrics();
+    }
+}

lib/metrics/index.ts

@@ -0,0 +1,4 @@
+export { default as StatsClient } from './StatsClient';
+export { default as StatsModel } from './StatsModel';
+export { default as RedisClient } from './RedisClient';
+export { default as ZenkoMetrics } from './ZenkoMetrics';

lib/models/ARN.ts

@@ -1,23 +1,35 @@
-const errors = require('../errors');
+import errors from '../errors'
 
 const validServices = {
     aws: ['s3', 'iam', 'sts', 'ring'],
     scality: ['utapi', 'sso'],
 };
 
-class ARN {
+export default class ARN {
+    _partition: string;
+    _service: string;
+    _region: string | null;
+    _accountId?: string | null;
+    _resource: string;
+
     /**
      *
      * Create an ARN object from its individual components
      *
      * @constructor
-     * @param {string} partition - ARN partition (e.g. 'aws')
-     * @param {string} service - service name in partition (e.g. 's3')
-     * @param {string} [region] - AWS region
-     * @param {string} [accountId] - AWS 12-digit account ID
-     * @param {string} resource - AWS resource path (e.g. 'foo/bar')
+     * @param partition - ARN partition (e.g. 'aws')
+     * @param service - service name in partition (e.g. 's3')
+     * @param [region] - AWS region
+     * @param [accountId] - AWS 12-digit account ID
+     * @param resource - AWS resource path (e.g. 'foo/bar')
      */
-    constructor(partition, service, region, accountId, resource) {
+    constructor(
+        partition: string,
+        service: string,
+        region: string | undefined | null,
+        accountId: string | undefined | null,
+        resource: string,
+    ) {
         this._partition = partition;
         this._service = service;
         this._region = region || null;
@@ -25,9 +37,9 @@ class ARN {
         this._resource = resource;
     }
 
-    static createFromString(arnStr) {
+    static createFromString(arnStr: string) {
         const [arn, partition, service, region, accountId,
-               resourceType, resource] = arnStr.split(':');
+            resourceType, resource] = arnStr.split(':');
 
         if (arn !== 'arn') {
             return { error: errors.InvalidArgument.customizeDescription(
@@ -58,7 +70,7 @@ class ARN {
                     'must be a 12-digit number or "*"') };
         }
         const fullResource = (resource !== undefined ?
-                              `${resourceType}:${resource}` : resourceType);
+            `${resourceType}:${resource}` : resourceType);
         return new ARN(partition, service, region, accountId, fullResource);
     }
 
@@ -98,9 +110,7 @@ class ARN {
 
     toString() {
         return ['arn', this.getPartition(), this.getService(),
-                this.getRegion(), this.getAccountId(), this.getResource()]
+            this.getRegion(), this.getAccountId(), this.getResource()]
             .join(':');
     }
 }
-
-module.exports = ARN;

lib/models/BackendInfo.ts

@@ -0,0 +1,271 @@
+import { RequestLogger } from 'werelogs';
+
+import { legacyLocations } from '../constants';
+import escapeForXml from '../s3middleware/escapeForXml';
+
+type CloudServerConfig = any;
+
+export default class BackendInfo {
+    _config: CloudServerConfig;
+    _requestEndpoint: string;
+    _objectLocationConstraint?: string;
+    _bucketLocationConstraint?: string;
+    _legacyLocationConstraint?: string;
+
+    /**
+    * Represents the info necessary to evaluate which data backend to use
+    * on a data put call.
+    * @constructor
+    * @param config - CloudServer config containing list of locations
+    * @param objectLocationConstraint - location constraint
+    * for object based on user meta header
+    * @param bucketLocationConstraint - location
+    * constraint for bucket based on bucket metadata
+    * @param requestEndpoint - endpoint to which request was made
+    * @param legacyLocationConstraint - legacy location constraint
+    */
+    constructor(
+        config: CloudServerConfig,
+        objectLocationConstraint: string | undefined,
+        bucketLocationConstraint: string | undefined,
+        requestEndpoint: string,
+        legacyLocationConstraint: string | undefined,
+    ) {
+        this._config = config;
+        this._objectLocationConstraint = objectLocationConstraint;
+        this._bucketLocationConstraint = bucketLocationConstraint;
+        this._requestEndpoint = requestEndpoint;
+        this._legacyLocationConstraint = legacyLocationConstraint;
+        return this;
+    }
+
+    /**
+     * validate proposed location constraint against config
+     * @param config - CloudServer config
+     * @param locationConstraint - value of user
+     * metadata location constraint header or bucket location constraint
+     * @param log - werelogs logger
+     * @return - true if valid, false if not
+     */
+    static isValidLocationConstraint(
+        config: CloudServerConfig,
+        locationConstraint: string | undefined,
+        log: RequestLogger,
+    ) {
+        if (!locationConstraint || !(locationConstraint in config.locationConstraints)) {
+            log.trace('proposed locationConstraint is invalid',
+                { locationConstraint });
+            return false;
+        }
+        return true;
+    }
+
+    /**
+     * validate that request endpoint is listed in the restEndpoint config
+     * @param config - CloudServer config
+     * @param requestEndpoint - request endpoint
+     * @param log - werelogs logger
+     * @return true if present, false if not
+     */
+    static isRequestEndpointPresent(
+        config: CloudServerConfig,
+        requestEndpoint: string,
+        log: RequestLogger,
+    ) {
+        if (!(requestEndpoint in config.restEndpoints)) {
+            log.trace('requestEndpoint does not match config restEndpoints',
+                { requestEndpoint });
+            return false;
+        }
+        return true;
+    }
+
+    /**
+     * validate that locationConstraint for request Endpoint matches
+     * one config locationConstraint
+     * @param config - CloudServer config
+     * @param requestEndpoint - request endpoint
+     * @param log - werelogs logger
+     * @return - true if matches, false if not
+     */
+    static isRequestEndpointValueValid(
+        config: CloudServerConfig,
+        requestEndpoint: string,
+        log: RequestLogger,
+    ) {
+        const restEndpoint = config.restEndpoints[requestEndpoint];
+        if (!(restEndpoint in config.locationConstraints)) {
+            log.trace('the default locationConstraint for request' +
+                'Endpoint does not match any config locationConstraint',
+            { requestEndpoint });
+            return false;
+        }
+        return true;
+    }
+
+    /**
+     * validate that s3 server is running with a file or memory backend
+     * @param config - CloudServer config
+     * @param log - werelogs logger
+     * @return - true if running with file/mem backend, false if not
+     */
+    static isMemOrFileBackend(config: CloudServerConfig, log: RequestLogger) {
+        if (config.backends.data === 'mem' || config.backends.data === 'file') {
+            log.trace('use data backend for the location', {
+                dataBackend: config.backends.data,
+                method: 'isMemOrFileBackend',
+            });
+            return true;
+        }
+        return false;
+    }
+
+    /**
+     * validate requestEndpoint against config or mem/file data backend
+     * - if there is no match for the request endpoint in the config
+     * restEndpoints and data backend is set to mem or file we will use this
+     * data backend for the location.
+     * - if locationConstraint for request Endpoint does not match
+     * any config locationConstraint, we will return an error
+     * @param config - CloudServer config
+     * @param requestEndpoint - request endpoint
+     * @param log - werelogs logger
+     * @return - true if valid, false if not
+     */
+    static isValidRequestEndpointOrBackend(
+        config: CloudServerConfig,
+        requestEndpoint: string,
+        log: RequestLogger,
+    ) {
+        if (!BackendInfo.isRequestEndpointPresent(config, requestEndpoint,
+            log)) {
+            return BackendInfo.isMemOrFileBackend(config, log);
+        }
+        return BackendInfo.isRequestEndpointValueValid(config, requestEndpoint,
+            log);
+    }
+
+    /**
+     * validate controlling BackendInfo Parameter
+     * @param config - CloudServer config
+     * @param objectLocationConstraint - value of user
+     * metadata location constraint header
+     * @param bucketLocationConstraint - location
+     * constraint from bucket metadata
+     * @param requestEndpoint - endpoint of request
+     * @param log - werelogs logger
+     * @return - location constraint validity
+     */
+    static controllingBackendParam(
+        config: CloudServerConfig,
+        objectLocationConstraint: string | undefined,
+        bucketLocationConstraint: string | null,
+        requestEndpoint: string,
+        log: RequestLogger,
+    ) {
+        if (objectLocationConstraint) {
+            if (BackendInfo.isValidLocationConstraint(config,
+                objectLocationConstraint, log)) {
+                log.trace('objectLocationConstraint is valid');
+                return { isValid: true };
+            }
+            log.trace('objectLocationConstraint is invalid');
+            return { isValid: false, description: 'Object Location Error - ' +
+            `Your object location "${escapeForXml(objectLocationConstraint)}"` +
+            'is not  in your location config - Please update.' };
+        }
+        if (bucketLocationConstraint) {
+            if (BackendInfo.isValidLocationConstraint(config,
+                bucketLocationConstraint, log)) {
+                log.trace('bucketLocationConstraint is valid');
+                return { isValid: true };
+            }
+            log.trace('bucketLocationConstraint is invalid');
+            return { isValid: false, description: 'Bucket Location Error - ' +
+            `Your bucket location "${escapeForXml(bucketLocationConstraint)}"` +
+            ' is not in your location config - Please update.' };
+        }
+        const legacyLocationConstraint =
+        BackendInfo.getLegacyLocationConstraint(config);
+        if (legacyLocationConstraint) {
+            log.trace('legacy location is valid');
+            return { isValid: true, legacyLocationConstraint };
+        }
+        if (!BackendInfo.isValidRequestEndpointOrBackend(config,
+            requestEndpoint, log)) {
+            return { isValid: false, description: 'Endpoint Location Error - ' +
+            `Your endpoint "${requestEndpoint}" is not in restEndpoints ` +
+            'in your config OR the default location constraint for request ' +
+            `endpoint "${escapeForXml(requestEndpoint)}" does not ` +
+            'match any config locationConstraint - Please update.' };
+        }
+        if (BackendInfo.isRequestEndpointPresent(config, requestEndpoint,
+            log)) {
+            return { isValid: true };
+        }
+        return { isValid: true, defaultedToDataBackend: true };
+    }
+
+    /**
+    * Return legacyLocationConstraint
+    * @param config CloudServer config
+    * @return legacyLocationConstraint;
+    */
+    static getLegacyLocationConstraint(config: CloudServerConfig) {
+        return legacyLocations.find(ll => config.locationConstraints[ll]);
+    }
+
+    /**
+    * Return objectLocationConstraint
+    * @return objectLocationConstraint;
+    */
+    getObjectLocationConstraint() {
+        return this._objectLocationConstraint;
+    }
+
+    /**
+    * Return bucketLocationConstraint
+    * @return bucketLocationConstraint;
+    */
+    getBucketLocationConstraint() {
+        return this._bucketLocationConstraint;
+    }
+
+    /**
+    * Return requestEndpoint
+    * @return requestEndpoint;
+    */
+    getRequestEndpoint() {
+        return this._requestEndpoint;
+    }
+
+    /**
+    * Return locationConstraint that should be used with put request
+    * Order of priority is:
+    * (1) objectLocationConstraint,
+    * (2) bucketLocationConstraint,
+    * (3) legacyLocationConstraint,
+    * (4) default locationConstraint for requestEndpoint  if requestEndpoint
+    *     is listed in restEndpoints in config.json
+    * (5) default data backend
+    * @return locationConstraint;
+    */
+    getControllingLocationConstraint(): string {
+        const objectLC = this.getObjectLocationConstraint();
+        const bucketLC = this.getBucketLocationConstraint();
+        const reqEndpoint = this.getRequestEndpoint();
+        if (objectLC) {
+            return objectLC;
+        }
+        if (bucketLC) {
+            return bucketLC;
+        }
+        if (this._legacyLocationConstraint) {
+            return this._legacyLocationConstraint;
+        }
+        if (this._config.restEndpoints[reqEndpoint]) {
+            return this._config.restEndpoints[reqEndpoint];
+        }
+        return this._config.backends.data;
+    }
+}

lib/models/BucketInfo.ts

@@ -1,12 +1,65 @@
-const assert = require('assert');
-const { WebsiteConfiguration } = require('./WebsiteConfiguration');
-const ReplicationConfiguration = require('./ReplicationConfiguration');
-const LifecycleConfiguration = require('./LifecycleConfiguration');
+import assert from 'assert';
+import uuid from 'uuid/v4';
 
-// WHEN UPDATING THIS NUMBER, UPDATE MODELVERSION.MD CHANGELOG
-const modelVersion = 6;
+import { WebsiteConfiguration } from './WebsiteConfiguration';
+import ReplicationConfiguration from './ReplicationConfiguration';
+import LifecycleConfiguration from './LifecycleConfiguration';
+import ObjectLockConfiguration from './ObjectLockConfiguration';
+import BucketPolicy from './BucketPolicy';
+import NotificationConfiguration from './NotificationConfiguration';
+import { ACL as OACL } from './ObjectMD';
+
+// WHEN UPDATING THIS NUMBER, UPDATE BucketInfoModelVersion.md CHANGELOG
+// BucketInfoModelVersion.md can be found in the root of this repository
+const modelVersion = 10;
+
+export type CORS = {
+    id: string;
+    allowedMethods: string[];
+    allowedOrigins: string[];
+    allowedHeaders: string[];
+    maxAgeSeconds: number;
+    exposeHeaders: string[];
+}[];
+
+export type SSE = {
+    cryptoScheme: number;
+    algorithm: string;
+    masterKeyId: string;
+    configuredMasterKeyId: string;
+    mandatory: boolean;
+};
+
+export type VersioningConfiguration = {
+    Status: string;
+    MfaDelete: any;
+};
+
+export type ACL = OACL & { WRITE: string[] }
+
+export default class BucketInfo {
+    _acl: ACL;
+    _name: string;
+    _owner: string;
+    _ownerDisplayName: string;
+    _creationDate: string;
+    _mdBucketModelVersion: number;
+    _transient: boolean;
+    _deleted: boolean;
+    _serverSideEncryption: SSE;
+    _versioningConfiguration: VersioningConfiguration;
+    _locationConstraint: string | null;
+    _websiteConfiguration?: WebsiteConfiguration | null;
+    _cors: CORS | null;
+    _replicationConfiguration?: any;
+    _lifecycleConfiguration?: any;
+    _bucketPolicy?: any;
+    _uid?: string;
+    _objectLockEnabled?: boolean;
+    _objectLockConfiguration?: any;
+    _notificationConfiguration?: any;
+    _tags?: { key: string; value: string }[] | null;
 
-class BucketInfo {
     /**
     * Represents all bucket information.
     * @constructor
@@ -27,6 +80,8 @@ class BucketInfo {
     * algorithm to use
     * @param {string} serverSideEncryption.masterKeyId -
     * key to get master key
+    * @param {string} serverSideEncryption.configuredMasterKeyId -
+    * custom KMS key id specified by user
     * @param {boolean} serverSideEncryption.mandatory -
     * true for mandatory encryption
     * bucket has been made
@@ -47,12 +102,36 @@ class BucketInfo {
     * @param {string[]} [cors[].exposeHeaders] - headers expose to applications
     * @param {object} [replicationConfiguration] - replication configuration
     * @param {object} [lifecycleConfiguration] - lifecycle configuration
+    * @param {object} [bucketPolicy] - bucket policy
+    * @param {string} [uid] - unique identifier for the bucket, necessary
+    * @param {boolean} [objectLockEnabled] - true when object lock enabled
+    * @param {object} [objectLockConfiguration] - object lock configuration
+    * @param {object} [notificationConfiguration] - bucket notification configuration
+    * @param {object[]} [tags] - bucket tags
     */
-    constructor(name, owner, ownerDisplayName, creationDate,
-                mdBucketModelVersion, acl, transient, deleted,
-                serverSideEncryption, versioningConfiguration,
-                locationConstraint, websiteConfiguration, cors,
-                replicationConfiguration, lifecycleConfiguration) {
+    constructor(
+        name: string,
+        owner: string,
+        ownerDisplayName: string,
+        creationDate: string,
+        mdBucketModelVersion: number,
+        acl: ACL | undefined,
+        transient: boolean,
+        deleted: boolean,
+        serverSideEncryption: SSE,
+        versioningConfiguration: VersioningConfiguration,
+        locationConstraint: string,
+        websiteConfiguration?: WebsiteConfiguration | null,
+        cors?: CORS,
+        replicationConfiguration?: any,
+        lifecycleConfiguration?: any,
+        bucketPolicy?: any,
+        uid?: string,
+        objectLockEnabled?: boolean,
+        objectLockConfiguration?: any,
+        notificationConfiguration?: any,
+        tags?: { key: string; value: string }[],
+    ) {
         assert.strictEqual(typeof name, 'string');
         assert.strictEqual(typeof owner, 'string');
         assert.strictEqual(typeof ownerDisplayName, 'string');
@@ -70,12 +149,15 @@ class BucketInfo {
         }
         if (serverSideEncryption) {
             assert.strictEqual(typeof serverSideEncryption, 'object');
-            const { cryptoScheme, algorithm, masterKeyId, mandatory } =
-                serverSideEncryption;
+            const { cryptoScheme, algorithm, masterKeyId,
+                configuredMasterKeyId, mandatory } = serverSideEncryption;
             assert.strictEqual(typeof cryptoScheme, 'number');
             assert.strictEqual(typeof algorithm, 'string');
             assert.strictEqual(typeof masterKeyId, 'string');
             assert.strictEqual(typeof mandatory, 'boolean');
+            if (configuredMasterKeyId !== undefined) {
+                assert.strictEqual(typeof configuredMasterKeyId, 'string');
+            }
         }
         if (versioningConfiguration) {
             assert.strictEqual(typeof versioningConfiguration, 'object');
@@ -92,8 +174,10 @@ class BucketInfo {
         }
         if (websiteConfiguration) {
             assert(websiteConfiguration instanceof WebsiteConfiguration);
-            const { indexDocument, errorDocument, redirectAllRequestsTo,
-                routingRules } = websiteConfiguration;
+            const indexDocument = websiteConfiguration.getIndexDocument();
+            const errorDocument = websiteConfiguration.getErrorDocument();
+            const redirectAllRequestsTo = websiteConfiguration.getRedirectAllRequestsTo();
+            const routingRules = websiteConfiguration.getRoutingRules();
             assert(indexDocument === undefined ||
                 typeof indexDocument === 'string');
             assert(errorDocument === undefined ||
@@ -112,7 +196,20 @@ class BucketInfo {
         if (lifecycleConfiguration) {
             LifecycleConfiguration.validateConfig(lifecycleConfiguration);
         }
-        const aclInstance = acl || {
+        if (bucketPolicy) {
+            BucketPolicy.validatePolicy(bucketPolicy);
+        }
+        if (uid) {
+            assert.strictEqual(typeof uid, 'string');
+            assert.strictEqual(uid.length, 36);
+        }
+        if (objectLockConfiguration) {
+            ObjectLockConfiguration.validateConfig(objectLockConfiguration);
+        }
+        if (notificationConfiguration) {
+            NotificationConfiguration.validateConfig(notificationConfiguration);
+        }
+        const aclInstance: ACL = acl || {
             Canned: 'private',
             FULL_CONTROL: [],
             WRITE: [],
@@ -120,6 +217,9 @@ class BucketInfo {
             READ: [],
             READ_ACP: [],
         };
+        if (tags) {
+            assert(Array.isArray(tags));
+        }
 
         // IF UPDATING PROPERTIES, INCREMENT MODELVERSION NUMBER ABOVE
         this._acl = aclInstance;
@@ -137,11 +237,18 @@ class BucketInfo {
         this._replicationConfiguration = replicationConfiguration || null;
         this._cors = cors || null;
         this._lifecycleConfiguration = lifecycleConfiguration || null;
+        this._bucketPolicy = bucketPolicy || null;
+        this._uid = uid || uuid();
+        this._objectLockEnabled = objectLockEnabled || false;
+        this._objectLockConfiguration = objectLockConfiguration || null;
+        this._notificationConfiguration = notificationConfiguration || null;
+        this._tags = tags || null;
         return this;
     }
+
     /**
     * Serialize the object
-    * @return {string} - stringified object
+    * @return - stringified object
     */
     serialize() {
         const bucketInfos = {
@@ -160,19 +267,27 @@ class BucketInfo {
             cors: this._cors,
             replicationConfiguration: this._replicationConfiguration,
             lifecycleConfiguration: this._lifecycleConfiguration,
+            bucketPolicy: this._bucketPolicy,
+            uid: this._uid,
+            objectLockEnabled: this._objectLockEnabled,
+            objectLockConfiguration: this._objectLockConfiguration,
+            notificationConfiguration: this._notificationConfiguration,
+            tags: this._tags,
         };
-        if (this._websiteConfiguration) {
-            bucketInfos.websiteConfiguration =
-                this._websiteConfiguration.getConfig();
-        }
-        return JSON.stringify(bucketInfos);
+        const final = this._websiteConfiguration
+            ? {
+                  ...bucketInfos,
+                  websiteConfiguration: this._websiteConfiguration.getConfig(),
+              }
+            : bucketInfos;
+        return JSON.stringify(final);
     }
     /**
      * deSerialize the JSON string
-     * @param {string} stringBucket - the stringified bucket
-     * @return {object} - parsed string
+     * @param stringBucket - the stringified bucket
+     * @return - parsed string
      */
-    static deSerialize(stringBucket) {
+    static deSerialize(stringBucket: string) {
         const obj = JSON.parse(stringBucket);
         const websiteConfig = obj.websiteConfiguration ?
             new WebsiteConfiguration(obj.websiteConfiguration) : null;
@@ -180,12 +295,14 @@ class BucketInfo {
             obj.creationDate, obj.mdBucketModelVersion, obj.acl,
             obj.transient, obj.deleted, obj.serverSideEncryption,
             obj.versioningConfiguration, obj.locationConstraint, websiteConfig,
-            obj.cors, obj.replicationConfiguration, obj.lifecycleConfiguration);
+            obj.cors, obj.replicationConfiguration, obj.lifecycleConfiguration,
+            obj.bucketPolicy, obj.uid, obj.objectLockEnabled,
+            obj.objectLockConfiguration, obj.notificationConfiguration, obj.tags);
     }
 
     /**
      * Returns the current model version for the data structure
-     * @return {number} - the current model version set above in the file
+     * @return - the current model version set above in the file
      */
     static currentModelVersion() {
         return modelVersion;
@@ -194,88 +311,90 @@ class BucketInfo {
     /**
      * Create a BucketInfo from an object
      *
-     * @param {object} data - object containing data
-     * @return {BucketInfo} Return an BucketInfo
+     * @param data - object containing data
+     * @return Return an BucketInfo
      */
-    static fromObj(data) {
+    static fromObj(data: any) {
         return new BucketInfo(data._name, data._owner, data._ownerDisplayName,
             data._creationDate, data._mdBucketModelVersion, data._acl,
             data._transient, data._deleted, data._serverSideEncryption,
             data._versioningConfiguration, data._locationConstraint,
             data._websiteConfiguration, data._cors,
-            data._replicationConfiguration, data._lifecycleConfiguration);
+            data._replicationConfiguration, data._lifecycleConfiguration,
+            data._bucketPolicy, data._uid, data._objectLockEnabled,
+            data._objectLockConfiguration, data._notificationConfiguration, data._tags);
     }
 
     /**
     * Get the ACLs.
-    * @return {object} acl
+    * @return acl
     */
     getAcl() {
         return this._acl;
     }
     /**
     * Set the canned acl's.
-    * @param {string} cannedACL - canned ACL being set
-    * @return {BucketInfo} - bucket info instance
+    * @param cannedACL - canned ACL being set
+    * @return - bucket info instance
     */
-    setCannedAcl(cannedACL) {
+    setCannedAcl(cannedACL: string) {
         this._acl.Canned = cannedACL;
         return this;
     }
     /**
     * Set a specific ACL.
-    * @param {string} canonicalID - id for account being given access
-    * @param {string} typeOfGrant - type of grant being granted
-    * @return {BucketInfo} - bucket info instance
+    * @param canonicalID - id for account being given access
+    * @param typeOfGrant - type of grant being granted
+    * @return - bucket info instance
     */
-    setSpecificAcl(canonicalID, typeOfGrant) {
+    setSpecificAcl(canonicalID: string, typeOfGrant: string) {
         this._acl[typeOfGrant].push(canonicalID);
         return this;
     }
     /**
     * Set all ACLs.
-    * @param {object} acl - new set of ACLs
-    * @return {BucketInfo} - bucket info instance
+    * @param acl - new set of ACLs
+    * @return - bucket info instance
     */
-    setFullAcl(acl) {
+    setFullAcl(acl: ACL) {
         this._acl = acl;
         return this;
     }
     /**
      * Get the server side encryption information
-     * @return {object} serverSideEncryption
+     * @return serverSideEncryption
      */
     getServerSideEncryption() {
         return this._serverSideEncryption;
     }
     /**
      * Set server side encryption information
-     * @param {object} serverSideEncryption - server side encryption information
-     * @return {BucketInfo} - bucket info instance
+     * @param serverSideEncryption - server side encryption information
+     * @return - bucket info instance
      */
-    setServerSideEncryption(serverSideEncryption) {
+    setServerSideEncryption(serverSideEncryption: SSE) {
         this._serverSideEncryption = serverSideEncryption;
         return this;
     }
     /**
      * Get the versioning configuration information
-     * @return {object} versioningConfiguration
+     * @return versioningConfiguration
      */
     getVersioningConfiguration() {
         return this._versioningConfiguration;
     }
     /**
      * Set versioning configuration information
-     * @param {object} versioningConfiguration - versioning information
-     * @return {BucketInfo} - bucket info instance
+     * @param versioningConfiguration - versioning information
+     * @return - bucket info instance
      */
-    setVersioningConfiguration(versioningConfiguration) {
+    setVersioningConfiguration(versioningConfiguration: VersioningConfiguration) {
         this._versioningConfiguration = versioningConfiguration;
         return this;
     }
     /**
      * Check that versioning is 'Enabled' on the given bucket.
-     * @return {boolean} - `true` if versioning is 'Enabled', otherwise `false`
+     * @return - `true` if versioning is 'Enabled', otherwise `false`
      */
     isVersioningEnabled() {
         const versioningConfig = this.getVersioningConfiguration();
@@ -283,32 +402,32 @@ class BucketInfo {
     }
     /**
      * Get the website configuration information
-     * @return {object} websiteConfiguration
+     * @return websiteConfiguration
      */
     getWebsiteConfiguration() {
         return this._websiteConfiguration;
     }
     /**
      * Set website configuration information
-     * @param {object} websiteConfiguration - configuration for bucket website
-     * @return {BucketInfo} - bucket info instance
+     * @param websiteConfiguration - configuration for bucket website
+     * @return - bucket info instance
      */
-    setWebsiteConfiguration(websiteConfiguration) {
+    setWebsiteConfiguration(websiteConfiguration: WebsiteConfiguration) {
         this._websiteConfiguration = websiteConfiguration;
         return this;
     }
     /**
      * Set replication configuration information
-     * @param {object} replicationConfiguration - replication information
-     * @return {BucketInfo} - bucket info instance
+     * @param replicationConfiguration - replication information
+     * @return - bucket info instance
      */
-    setReplicationConfiguration(replicationConfiguration) {
+    setReplicationConfiguration(replicationConfiguration: any) {
         this._replicationConfiguration = replicationConfiguration;
         return this;
     }
     /**
      * Get replication configuration information
-     * @return {object|null} replication configuration information or `null` if
+     * @return replication configuration information or `null` if
      * the bucket does not have a replication configuration
      */
     getReplicationConfiguration() {
@@ -316,7 +435,7 @@ class BucketInfo {
     }
     /**
      * Get lifecycle configuration information
-     * @return {object|null} lifecycle configuration information or `null` if
+     * @return lifecycle configuration information or `null` if
      * the bucket does not have a lifecycle configuration
      */
     getLifecycleConfiguration() {
@@ -324,41 +443,92 @@ class BucketInfo {
     }
     /**
      * Set lifecycle configuration information
-     * @param {object} lifecycleConfiguration - lifecycle information
-     * @return {BucketInfo} - bucket info instance
+     * @param lifecycleConfiguration - lifecycle information
+     * @return - bucket info instance
      */
-    setLifecycleConfiguration(lifecycleConfiguration) {
+    setLifecycleConfiguration(lifecycleConfiguration: any) {
         this._lifecycleConfiguration = lifecycleConfiguration;
         return this;
     }
+    /**
+     * Get bucket policy statement
+     * @return bucket policy statement or `null` if the bucket
+     * does not have a bucket policy
+     */
+    getBucketPolicy() {
+        return this._bucketPolicy;
+    }
+    /**
+     * Set bucket policy statement
+     * @param bucketPolicy - bucket policy
+     * @return - bucket info instance
+     */
+    setBucketPolicy(bucketPolicy: any) {
+        this._bucketPolicy = bucketPolicy;
+        return this;
+    }
+    /**
+     * Get object lock configuration
+     * @return object lock configuration information or `null` if
+     * the bucket does not have an object lock configuration
+     */
+    getObjectLockConfiguration() {
+        return this._objectLockConfiguration;
+    }
+    /**
+     * Set object lock configuration
+     * @param objectLockConfiguration - object lock information
+     * @return - bucket info instance
+     */
+    setObjectLockConfiguration(objectLockConfiguration: any) {
+        this._objectLockConfiguration = objectLockConfiguration;
+        return this;
+    }
+    /**
+     * Get notification configuration
+     * @return notification configuration information or 'null' if
+     * the bucket does not have a notification configuration
+     */
+    getNotificationConfiguration() {
+        return this._notificationConfiguration;
+    }
+    /**
+     * Set notification configuraiton
+     * @param notificationConfiguration - bucket notification information
+     * @return - bucket info instance
+     */
+    setNotificationConfiguration(notificationConfiguration: any) {
+        this._notificationConfiguration = notificationConfiguration;
+        return this;
+    }
     /**
      * Get cors resource
-     * @return {object[]} cors
+     * @return cors
      */
     getCors() {
         return this._cors;
     }
     /**
      * Set cors resource
-     * @param {object[]} rules - collection of CORS rules
-     * @param {string} [rules.id] - optional id to identify rule
-     * @param {string[]} rules[].allowedMethods - methods allowed for CORS
-     * @param {string[]} rules[].allowedOrigins - origins allowed for CORS
-     * @param {string[]} [rules[].allowedHeaders] - headers allowed in an
+     * @param rules - collection of CORS rules
+     * @param  [rules.id] - optional id to identify rule
+     * @param rules[].allowedMethods - methods allowed for CORS
+     * @param rules[].allowedOrigins - origins allowed for CORS
+     * @param [rules[].allowedHeaders] - headers allowed in an
      * OPTIONS request via the Access-Control-Request-Headers header
-     * @param {number} [rules[].maxAgeSeconds] - seconds browsers should cache
+     * @param [rules[].maxAgeSeconds] - seconds browsers should cache
      * OPTIONS response
-     * @param {string[]} [rules[].exposeHeaders] - headers to expose to external
+     * @param [rules[].exposeHeaders] - headers to expose to external
      * applications
-     * @return {BucketInfo} - bucket info instance
+     * @return - bucket info instance
      */
-    setCors(rules) {
+    setCors(rules: CORS) {
         this._cors = rules;
         return this;
     }
     /**
      * get the serverside encryption algorithm
-     * @return {string} - sse algorithm used by this bucket
+     * @return - sse algorithm used by this bucket
      */
     getSseAlgorithm() {
         if (!this._serverSideEncryption) {
@@ -368,7 +538,7 @@ class BucketInfo {
     }
     /**
      * get the server side encryption master key Id
-     * @return {string} -  sse master key Id used by this bucket
+     * @return -  sse master key Id used by this bucket
      */
     getSseMasterKeyId() {
         if (!this._serverSideEncryption) {
@@ -378,72 +548,72 @@ class BucketInfo {
     }
     /**
     * Get bucket name.
-    * @return {string} - bucket name
+    * @return - bucket name
     */
     getName() {
         return this._name;
     }
     /**
     * Set bucket name.
-    * @param {string} bucketName - new bucket name
-    * @return {BucketInfo} - bucket info instance
+    * @param bucketName - new bucket name
+    * @return - bucket info instance
     */
-    setName(bucketName) {
+    setName(bucketName: string) {
         this._name = bucketName;
         return this;
     }
     /**
     * Get bucket owner.
-    * @return {string} - bucket owner's canonicalID
+    * @return - bucket owner's canonicalID
     */
     getOwner() {
         return this._owner;
     }
     /**
     * Set bucket owner.
-    * @param {string} ownerCanonicalID - bucket owner canonicalID
-    * @return {BucketInfo} - bucket info instance
+    * @param ownerCanonicalID - bucket owner canonicalID
+    * @return - bucket info instance
     */
-    setOwner(ownerCanonicalID) {
+    setOwner(ownerCanonicalID: string) {
         this._owner = ownerCanonicalID;
         return this;
     }
     /**
     * Get bucket owner display name.
-    * @return {string} - bucket owner dispaly name
+    * @return - bucket owner dispaly name
     */
     getOwnerDisplayName() {
         return this._ownerDisplayName;
     }
     /**
     * Set bucket owner display name.
-    * @param {string} ownerDisplayName - bucket owner display name
-    * @return {BucketInfo} - bucket info instance
+    * @param ownerDisplayName - bucket owner display name
+    * @return - bucket info instance
     */
-    setOwnerDisplayName(ownerDisplayName) {
+    setOwnerDisplayName(ownerDisplayName: string) {
         this._ownerDisplayName = ownerDisplayName;
         return this;
     }
     /**
     * Get bucket creation date.
-    * @return {object} - bucket creation date
+    * @return - bucket creation date
     */
     getCreationDate() {
         return this._creationDate;
     }
     /**
     * Set location constraint.
-    * @param {string} location - bucket location constraint
-    * @return {BucketInfo} - bucket info instance
+    * @param location - bucket location constraint
+    * @return - bucket info instance
     */
-    setLocationConstraint(location) {
+    setLocationConstraint(location: string) {
         this._locationConstraint = location;
         return this;
     }
 
     /**
     * Get location constraint.
-    * @return {string} - bucket location constraint
+    * @return - bucket location constraint
     */
     getLocationConstraint() {
         return this._locationConstraint;
@@ -452,24 +622,24 @@ class BucketInfo {
     /**
      * Set Bucket model version
      *
-     * @param {number} version - Model version
-     * @return {BucketInfo} - bucket info instance
+     * @param version - Model version
+     * @return - bucket info instance
      */
-    setMdBucketModelVersion(version) {
+    setMdBucketModelVersion(version: number) {
         this._mdBucketModelVersion = version;
         return this;
     }
     /**
      * Get Bucket model version
      *
-     * @return {number} Bucket model version
+     * @return Bucket model version
      */
     getMdBucketModelVersion() {
         return this._mdBucketModelVersion;
     }
     /**
     * Add transient flag.
-    * @return {BucketInfo} - bucket info instance
+    * @return - bucket info instance
     */
     addTransientFlag() {
         this._transient = true;
@@ -477,7 +647,7 @@ class BucketInfo {
     }
     /**
     * Remove transient flag.
-    * @return {BucketInfo} - bucket info instance
+    * @return - bucket info instance
     */
     removeTransientFlag() {
         this._transient = false;
@@ -485,14 +655,14 @@ class BucketInfo {
     }
     /**
     * Check transient flag.
-    * @return {boolean} - depending on whether transient flag in place
+    * @return - depending on whether transient flag in place
     */
     hasTransientFlag() {
         return !!this._transient;
     }
     /**
     * Add deleted flag.
-    * @return {BucketInfo} - bucket info instance
+    * @return - bucket info instance
     */
     addDeletedFlag() {
         this._deleted = true;
@@ -500,7 +670,7 @@ class BucketInfo {
     }
     /**
     * Remove deleted flag.
-    * @return {BucketInfo} - bucket info instance
+    * @return - bucket info instance
     */
     removeDeletedFlag() {
         this._deleted = false;
@@ -508,19 +678,69 @@ class BucketInfo {
     }
     /**
     * Check deleted flag.
-    * @return {boolean} - depending on whether deleted flag in place
+    * @return - depending on whether deleted flag in place
     */
     hasDeletedFlag() {
         return !!this._deleted;
     }
     /**
      * Check if the versioning mode is on.
-     * @return {boolean} - versioning mode status
+     * @return - versioning mode status
      */
     isVersioningOn() {
         return this._versioningConfiguration &&
             this._versioningConfiguration.Status === 'Enabled';
     }
-}
+    /**
+     * Get unique id of bucket.
+     * @return - unique id
+     */
+    getUid() {
+        return this._uid;
+    }
+    /**
+     * Set unique id of bucket.
+     * @param uid - unique identifier for the bucket
+     * @return - bucket info instance
+     */
+    setUid(uid: string) {
+        this._uid = uid;
+        return this;
+    }
+    /**
+    * Check if object lock is enabled.
+    * @return - depending on whether object lock is enabled
+    */
+    isObjectLockEnabled() {
+        return !!this._objectLockEnabled;
+    }
+    /**
+    * Set the value of objectLockEnabled field.
+    * @param enabled - true if object lock enabled else false.
+    * @return - bucket info instance
+    */
+    setObjectLockEnabled(enabled: boolean) {
+        this._objectLockEnabled = enabled;
+        return this;
+    }
 
-module.exports = BucketInfo;
+    /**
+     * Get the value of bucket tags
+     * @return - Array of bucket tags as {"key" : "key", "value": "value"}
+     */
+    getTags() {
+        return this._tags;
+    }
+
+    /**
+     * Set bucket tags
+     * @param tags - collection of tags
+     * @param tags[].key - key of the tag
+     * @param tags[].value - value of the tag
+     * @return - bucket info instance
+     */
+    setTags(tags: { key: string; value: string }[]) {
+        this._tags = tags;
+        return this;
+    }
+}

lib/models/BucketPolicy.ts

@@ -0,0 +1,141 @@
+import assert from 'assert';
+import errors, { ArsenalError } from '../errors';
+import { validateResourcePolicy } from '../policy/policyValidator';
+
+/**
+ * Format of json policy:
+ *  {
+ *      "Id": "Policy id",
+ *      "Version": "version date",
+ *      "Statement": [
+ *          {
+ *              "Sid": "Statement id",
+ *              "Effect": "Allow",
+ *              "Principal": "*",
+ *              "Action": "s3:*",
+ *              "Resource": "arn:aws:s3:::examplebucket/bucket2/object"
+ *          },
+ *          {
+ *              "Sid": "Statement id",
+ *              "Effect": "Deny",
+ *              "Principal": {
+ *                  "AWS": ["arn:aws:iam::<account_id>", "different_account_id"]
+ *              },
+ *              "Action": [ "s3:*" ],
+ *              "Resource": [
+ *                  "arn:aws:s3:::examplebucket", "arn:aws:s3:::otherbucket/*"],
+ *              "Condition": {
+ *                 "StringNotLike": {
+ *                      "aws:Referer": [
+ *                          "http://www.example.com/", "http://example.com/*"]
+ *                  }
+ *              }
+ *          }
+ *      ]
+ *  }
+ */
+
+const objectActions = [
+    's3:AbortMultipartUpload',
+    's3:DeleteObject',
+    's3:DeleteObjectTagging',
+    's3:GetObject',
+    's3:GetObjectAcl',
+    's3:GetObjectTagging',
+    's3:ListMultipartUploadParts',
+    's3:PutObject',
+    's3:PutObjectAcl',
+    's3:PutObjectTagging',
+];
+
+export default class BucketPolicy {
+    _json: string;
+    _policy: any;
+    /**
+     * Create a Bucket Policy instance
+     * @param json - the json policy
+     * @return - BucketPolicy instance
+     */
+    constructor(json: string) {
+        this._json = json;
+        this._policy = {};
+    }
+
+    /**
+     * Get the bucket policy
+     * @return - the bucket policy or error
+     */
+    getBucketPolicy() {
+        const policy = this._getPolicy();
+        return policy;
+    }
+
+    /**
+     * Get the bucket policy array
+     * @return - contains error if policy validation fails
+     */
+    _getPolicy(): { error: ArsenalError } | any {
+        if (!this._json || this._json === '') {
+            return { error: errors.MalformedPolicy.customizeDescription(
+                'request json is empty or undefined') };
+        }
+        const validSchema = validateResourcePolicy(this._json);
+        if (validSchema.error) {
+            return validSchema;
+        }
+        this._setStatementArray();
+        const valAcRes = this._validateActionResource();
+        if (valAcRes.error) {
+            return valAcRes;
+        }
+
+        return this._policy;
+    }
+
+    _setStatementArray() {
+        this._policy = JSON.parse(this._json);
+        if (!Array.isArray(this._policy.Statement)) {
+            const statement = this._policy.Statement;
+            this._policy.Statement = [statement];
+        }
+    }
+
+    /**
+     * Validate action and resource are compatible
+     * @return - contains error or empty obj
+     */
+    _validateActionResource(): { error?: ArsenalError } {
+        const invalid = this._policy.Statement.every((s: any) => {
+            const actions: string[] = typeof s.Action === 'string' ?
+                [s.Action] : s.Action;
+            const resources: string[] = typeof s.Resource === 'string' ?
+                [s.Resource] : s.Resource;
+            const objectAction = actions.some(a =>
+                a.includes('Object') || objectActions.includes(a));
+            // wildcardObjectAction checks for actions such as 's3:*' or
+            // 's3:Put*' but will return false for actions such as
+            // 's3:PutBucket*'
+            const wildcardObjectAction = actions.some(
+                a => a.includes('*') && !a.includes('Bucket'));
+            const objectResource = resources.some(r => r.includes('/'));
+            return ((objectAction && !objectResource) ||
+                (objectResource && !objectAction && !wildcardObjectAction));
+        });
+        if (invalid) {
+            return { error: errors.MalformedPolicy.customizeDescription(
+                'Action does not apply to any resource(s) in statement') };
+        }
+        return {};
+    }
+
+    /**
+     * Call resource policy schema validation function
+     * @param policy - the bucket policy object to validate
+     */
+    static validatePolicy(policy: any) {
+        // only the BucketInfo constructor calls this function
+        // and BucketInfo will always be passed an object
+        const validated = validateResourcePolicy(JSON.stringify(policy));
+        assert.deepStrictEqual(validated, { error: null, valid: true });
+    }
+}

lib/models/LifecycleConfiguration.js

@@ -1,728 +0,0 @@
-const assert = require('assert');
-const UUID = require('uuid');
-
-const errors = require('../errors');
-
-/**
- * Format of xml request:
-
- <LifecycleConfiguration>
-    <Rule>
-        <ID>id1</ID>
-        <Filter>
-            <Prefix>logs/</Prefix>
-        </Filter>
-        <Status>Enabled</Status>
-        <Expiration>
-            <Days>365</Days>
-        </Expiration>
-    </Rule>
-    <Rule>
-        <ID>DeleteAfterBecomingNonCurrent</ID>
-        <Filter>
-            <And>
-                <Prefix>logs/</Prefix>
-                <Tag>
-                    <Key>key1</Key>
-                    <Value>value1</Value>
-                </Tag>
-            </And>
-        </Filter>
-        <Status>Enabled</Status>
-        <NoncurrentVersionExpiration>
-            <NoncurrentDays>1</NoncurrentDays>
-        </NoncurrentVersionExpiration>
-        <AbortIncompleteMultipartUploads>
-            <DaysAfterInitiation>1</DaysAfterInitiation>
-        </AbortIncompleteMultipartUploads>
-    </Rule>
-</LifecycleConfiguration>
- */
-
-/**
- * Format of config:
-
-  config = {
-    rules = [
-        {
-            ruleID: <value>,
-            ruleStatus: <value>,
-            filter: {
-                rulePrefix: <value>,
-                tags: [
-                    {
-                        key: <value>,
-                        val: <value>
-                    },
-                    {
-                        key: <value>,
-                        val: <value>
-                    }
-                ]
-            },
-            actions: [
-                {
-                    actionName: <value>,
-                    days: <value>,
-                    date: <value>,
-                    deleteMarker: <value>
-                },
-                {
-                    actionName: <value>,
-                    days: <value>,
-                    date: <value>,
-                    deleteMarker: <value>,
-                },
-            ]
-        }
-    ]
-  };
- */
-
-class LifecycleConfiguration {
-    /**
-     * Create a Lifecycle Configuration instance
-     * @param {string} xml - the parsed xml
-     * @return {object} - LifecycleConfiguration instance
-     */
-    constructor(xml) {
-        this._parsedXML = xml;
-        this._ruleIDs = [];
-        this._tagKeys = [];
-        this._config = {};
-    }
-
-    /**
-     * Get the lifecycle configuration
-     * @return {object} - the lifecycle configuration
-     */
-    getLifecycleConfiguration() {
-        const rules = this._buildRulesArray();
-        if (rules.error) {
-            this._config.error = rules.error;
-        }
-        return this._config;
-    }
-
-    /**
-     * Build the this._config.rules array
-     * @return {object} - contains error if any rule returned an error
-     * or parsing failed
-     */
-    _buildRulesArray() {
-        const rules = {};
-        this._config.rules = [];
-        if (!this._parsedXML || this._parsedXML === '') {
-            rules.error = errors.MalformedXML.customizeDescription(
-                'request xml is undefined or empty');
-            return rules;
-        }
-        if (!this._parsedXML.LifecycleConfiguration &&
-            this._parsedXML.LifecycleConfiguration !== '') {
-            rules.error = errors.MalformedXML.customizeDescription(
-                'request xml does not include LifecycleConfiguration');
-            return rules;
-        }
-        const lifecycleConf = this._parsedXML.LifecycleConfiguration;
-        const rulesArray = lifecycleConf.Rule;
-        if (!rulesArray || !Array.isArray(rulesArray)
-        || rulesArray.length === 0) {
-            rules.error = errors.MissingRequiredParameter.customizeDescription(
-                'missing required key \'Rules\' in LifecycleConfiguration');
-            return rules;
-        }
-        if (rulesArray.length > 1000) {
-            rules.error = errors.MalformedXML.customizeDescription(
-                'request xml includes over max limit of 1000 rules');
-            return rules;
-        }
-        for (let i = 0; i < rulesArray.length; i++) {
-            const rule = this._parseRule(rulesArray[i]);
-            if (rule.error) {
-                rules.error = rule.error;
-                break;
-            } else {
-                this._config.rules.push(rule);
-            }
-        }
-        return rules;
-    }
-
-    /**
-     * Check that each xml rule is valid
-     * @param {object} rule - a rule object from Rule array from this._parsedXml
-     * @return {object} - contains error if any component returned an error
-     * or parsing failed, else contains parsed rule object
-     *
-     * Format of ruleObj:
-     * ruleObj = {
-     *      ruleID: <value>,
-     *      ruleStatus: <value>,
-     *      filter: {
-     *          rulePrefix: <value>,
-     *          tags: [
-     *              {
-     *                  key: <value>,
-     *                  val: <value>,
-     *              }
-     *          ]
-     *      }
-     *      actions: [
-     *          {
-     *              actionName: <value>,
-     *              day: <value>,
-     *              date: <value>,
-     *              deleteMarker: <value>
-     *          },
-     *      ]
-     * }
-     */
-    _parseRule(rule) {
-        const ruleObj = {};
-        if (rule.Transition || rule.NoncurrentVersionTransition) {
-            ruleObj.error = errors.NotImplemented.customizeDescription(
-                'Transition lifecycle action not yet implemented');
-            return ruleObj;
-        }
-        // Either Prefix or Filter must be included, but can be empty string
-        if ((!rule.Filter && rule.Filter !== '') &&
-        (!rule.Prefix && rule.Prefix !== '')) {
-            ruleObj.error = errors.MalformedXML.customizeDescription(
-                'Rule xml does not include valid Filter or Prefix');
-            return ruleObj;
-        }
-        if (rule.Filter && rule.Prefix) {
-            ruleObj.error = errors.MalformedXML.customizeDescription(
-                'Rule xml should not include both Filter and Prefix');
-            return ruleObj;
-        }
-        if (!rule.Status) {
-            ruleObj.error = errors.MissingRequiredParameter.
-                customizeDescription('Rule xml does not include Status');
-            return ruleObj;
-        }
-        const subFilter = rule.Filter ? rule.Filter[0] : rule.Prefix;
-
-        const id = this._parseID(rule.ID);
-        const status = this._parseStatus(rule.Status[0]);
-        const filter = this._parseFilter(subFilter);
-        const actions = this._parseAction(rule);
-
-        const rulePropArray = [id, status, filter, actions];
-        for (let i = 0; i < rulePropArray.length; i++) {
-            const prop = rulePropArray[i];
-            if (prop.error) {
-                ruleObj.error = prop.error;
-                break;
-            } else {
-                const propName = prop.propName;
-                // eslint-disable-next-line no-param-reassign
-                delete prop.propName;
-                ruleObj[propName] = prop[propName] || prop;
-            }
-        }
-        return ruleObj;
-    }
-
-    /**
-     * Check that filter component of rule is valid
-     * @param {object} filter - filter object from a rule object
-     * @return {object} - contains error if parsing failed, else contains
-     * parsed prefix and tag array
-     *
-     * Format of filterObj:
-     * filterObj = {
-     *      error: <error>,
-     *      propName: 'filter',
-     *      rulePrefix: <value>,
-     *      tags: [
-     *          {
-     *              key: <value>,
-     *              val: <value>
-     *          },
-     *          {
-     *              key: <value>,
-     *              value: <value>
-     *          }
-     *      ]
-     * }
-     */
-    _parseFilter(filter) {
-        const filterObj = {};
-        filterObj.propName = 'filter';
-        // if no Rule Prefix or Filter, rulePrefix is empty string
-        filterObj.rulePrefix = '';
-        if (Array.isArray(filter)) {
-            // if Prefix was included, not Filter, filter will be Prefix array
-            // if more than one Prefix is included, we ignore all but the last
-            filterObj.rulePrefix = filter.pop();
-            return filterObj;
-        }
-        if (filter.And && (filter.Prefix || filter.Tag) ||
-        (filter.Prefix && filter.Tag)) {
-            filterObj.error = errors.MalformedXML.customizeDescription(
-                'Filter should only include one of And, Prefix, or Tag key');
-            return filterObj;
-        }
-        if (filter.Prefix) {
-            filterObj.rulePrefix = filter.Prefix.pop();
-            return filterObj;
-        }
-        if (filter.Tag) {
-            const tagObj = this._parseTags(filter.Tag[0]);
-            if (tagObj.error) {
-                filterObj.error = tagObj.error;
-                return filterObj;
-            }
-            filterObj.tags = tagObj.tags;
-            return filterObj;
-        }
-        if (filter.And) {
-            const andF = filter.And[0];
-            if (!andF.Tag || (!andF.Prefix && andF.Tag.length < 2)) {
-                filterObj.error = errors.MalformedXML.customizeDescription(
-                    'And should include Prefix and Tags or more than one Tag');
-                return filterObj;
-            }
-            if (andF.Prefix && andF.Prefix.length >= 1) {
-                filterObj.rulePrefix = andF.Prefix.pop();
-            }
-            const tagObj = this._parseTags(andF.Tag[0]);
-            if (tagObj.error) {
-                filterObj.error = tagObj.error;
-                return filterObj;
-            }
-            filterObj.tags = tagObj.tags;
-            return filterObj;
-        }
-        return filterObj;
-    }
-
-    /**
-     * Check that each tag object is valid
-     * @param {object} tags - a tag object from a filter object
-     * @return {boolean} - indicates whether tag object is valid
-     *
-     * Format of tagObj:
-     * tagObj = {
-     *      error: <error>,
-     *      tags: [
-     *          {
-     *              key: <value>,
-     *              value: <value>,
-     *          }
-     *      ]
-     * }
-     */
-    _parseTags(tags) {
-        const tagObj = {};
-        tagObj.tags = [];
-        // reset _tagKeys to empty because keys cannot overlap within a rule,
-        // but different rules can have the same tag keys
-        this._tagKeys = [];
-        if (!tags.Key || !tags.Value) {
-            tagObj.error = errors.MissingRequiredParameter.customizeDescription(
-                'Tag XML does not contain both Key and Value');
-            return tagObj;
-        }
-        if (tags.Key.length !== tags.Value.length) {
-            tagObj.error = errors.MalformedXML.customizeDescription(
-                'Tag XML should contain same number of Keys and Values');
-            return tagObj;
-        }
-        for (let i = 0; i < tags.Key.length; i++) {
-            if (tags.Key[i].length < 1 || tags.Key[i].length > 128) {
-                tagObj.error = errors.InvalidRequest.customizeDescription(
-                    'Tag Key must be a length between 1 and 128 char');
-                break;
-            }
-            if (this._tagKeys.includes(tags.Key[i])) {
-                tagObj.error = errors.InvalidRequest.customizeDescription(
-                    'Tag Keys must be unique');
-                break;
-            }
-            this._tagKeys.push(tags.Key[i]);
-            const tag = {
-                key: tags.Key[i],
-                val: tags.Value[i],
-            };
-            tagObj.tags.push(tag);
-        }
-        return tagObj;
-    }
-
-    /**
-     * Check that ID component of rule is valid
-     * @param {array} id - contains id string at first index or empty
-     * @return {object} - contains error if parsing failed or id is not unique,
-     * else contains parsed or generated id
-     *
-     * Format of idObj:
-     * idObj = {
-     *      error: <error>,
-     *      propName: 'ruleID',
-     *      ruleID: <value>
-     * }
-     */
-    _parseID(id) {
-        const idObj = {};
-        idObj.propName = 'ruleID';
-        if (id && id[0].length > 255) {
-            idObj.error = errors.InvalidArgument.customizeDescription(
-                'Rule ID is greater than 255 characters long');
-            return idObj;
-        }
-        if (!id || !id[0] || id[0] === '') {
-            // ID is optional property, but create one if not provided or is ''
-            // We generate 48-character alphanumeric, unique ID for rule
-            idObj.ruleID = Buffer.from(UUID.v4()).toString('base64');
-        } else {
-            idObj.ruleID = id[0];
-        }
-        // Each ID in a list of rules must be unique.
-        if (this._ruleIDs.includes(idObj.ruleID)) {
-            idObj.error = errors.InvalidRequest.customizeDescription(
-                'Rule ID must be unique');
-            return idObj;
-        }
-        this._ruleIDs.push(idObj.ruleID);
-        return idObj;
-    }
-
-    /**
-     * Check that status component of rule is valid
-     * @param {string} status - status string
-     * @return {object} - contains error if parsing failed, else contains
-     * parsed status
-     *
-     * Format of statusObj:
-     * statusObj = {
-     *      error: <error>,
-     *      propName: 'ruleStatus',
-     *      ruleStatus: <value>
-     * }
-     */
-    _parseStatus(status) {
-        const statusObj = {};
-        statusObj.propName = 'ruleStatus';
-        const validStatuses = ['Enabled', 'Disabled'];
-        if (!validStatuses.includes(status)) {
-            statusObj.error = errors.MalformedXML.customizeDescription(
-                'Status is not valid');
-            return statusObj;
-        }
-        statusObj.ruleStatus = status;
-        return statusObj;
-    }
-
-    /**
-     * Check that action component of rule is valid
-     * @param {object} rule - a rule object from Rule array from this._parsedXml
-     * @return {object} - contains error if parsing failed, else contains
-     * parsed action information
-     *
-     * Format of actionObj:
-     * actionsObj = {
-     *      error: <error>,
-     *      propName: 'action',
-     *      actions: [
-     *          {
-     *              actionName: <value>,
-     *              days: <value>,
-     *              date: <value>,
-     *              deleteMarker: <value>
-     *          },
-     *      ],
-     * }
-     */
-    _parseAction(rule) {
-        const actionsObj = {};
-        actionsObj.propName = 'actions';
-        actionsObj.actions = [];
-        const validActions = ['AbortIncompleteMultipartUpload',
-            'Expiration', 'NoncurrentVersionExpiration'];
-        validActions.forEach(a => {
-            if (rule[a]) {
-                actionsObj.actions.push({ actionName: `${a}` });
-            }
-        });
-        if (actionsObj.actions.length === 0) {
-            actionsObj.error = errors.InvalidRequest.customizeDescription(
-                'Rule does not include valid action');
-            return actionsObj;
-        }
-        actionsObj.actions.forEach(a => {
-            const actionFn = `_parse${a.actionName}`;
-            const action = this[actionFn](rule);
-            if (action.error) {
-                actionsObj.error = action.error;
-            } else {
-                const actionTimes = ['days', 'date', 'deleteMarker'];
-                actionTimes.forEach(t => {
-                    if (action[t]) {
-                        // eslint-disable-next-line no-param-reassign
-                        a[t] = action[t];
-                    }
-                });
-            }
-        });
-        return actionsObj;
-    }
-
-    /**
-     * Check that AbortIncompleteMultipartUpload action is valid
-     * @param {object} rule - a rule object from Rule array from this._parsedXml
-     * @return {object} - contains error if parsing failed, else contains
-     * parsed action time
-     *
-     * Format of abortObj:
-     * abortObj = {
-     *      error: <error>,
-     *      days: <value>
-     * }
-     */
-    _parseAbortIncompleteMultipartUpload(rule) {
-        const abortObj = {};
-        let filter = null;
-        if (rule.Filter && rule.Filter[0]) {
-            if (rule.Filter[0].And) {
-                filter = rule.Filter[0].And[0];
-            } else {
-                filter = rule.Filter[0];
-            }
-        }
-        if (filter && filter.Tag) {
-            abortObj.error = errors.InvalidRequest.customizeDescription(
-                'Tag-based filter cannot be used with ' +
-                'AbortIncompleteMultipartUpload action');
-            return abortObj;
-        }
-        const subAbort = rule.AbortIncompleteMultipartUpload[0];
-        if (!subAbort.DaysAfterInitiation) {
-            abortObj.error = errors.MalformedXML.customizeDescription(
-                'AbortIncompleteMultipartUpload action does not ' +
-                'include DaysAfterInitiation');
-            return abortObj;
-        }
-        const daysInt = parseInt(subAbort.DaysAfterInitiation[0], 10);
-        if (daysInt < 1) {
-            abortObj.error = errors.InvalidArgument.customizeDescription(
-                'DaysAfterInitiation is not a positive integer');
-            return abortObj;
-        }
-        abortObj.days = daysInt;
-        return abortObj;
-    }
-
-    /**
-     * Check that Expiration action is valid
-     * @param {object} rule - a rule object from Rule array from this._parsedXml
-     * @return {object} - contains error if parsing failed, else contains
-     * parsed action time
-     *
-     * Format of expObj:
-     * expObj = {
-     *      error: <error>,
-     *      days: <value>,
-     *      date: <value>,
-     *      deleteMarker: <value>
-     * }
-     */
-    _parseExpiration(rule) {
-        const expObj = {};
-        const subExp = rule.Expiration[0];
-        if (!subExp.Date && !subExp.Days && !subExp.ExpiredObjectDeleteMarker) {
-            expObj.error = errors.MalformedXML.customizeDescription(
-                'Expiration action does not include an action time');
-            return expObj;
-        }
-        const eodm = 'ExpiredObjectDeleteMarker';
-        if (subExp.Date && (subExp.Days || subExp[eodm]) ||
-        (subExp.Days && subExp[eodm])) {
-            expObj.error = errors.MalformedXML.customizeDescription(
-                'Expiration action includes more than one time');
-            return expObj;
-        }
-        if (subExp.Date) {
-            const isoRegex = new RegExp('^(-?(?:[1-9][0-9]*)?[0-9]{4})-' +
-                '(1[0-2]|0[1-9])-(3[01]|0[1-9]|[12][0-9])T(2[0-3]|[01][0-9])' +
-                ':([0-5][0-9]):([0-5][0-9])(.[0-9]+)?(Z)?$');
-            if (!isoRegex.test(subExp.Date[0])) {
-                expObj.error = errors.InvalidArgument.customizeDescription(
-                    'Date must be in ISO 8601 format');
-            } else {
-                expObj.date = subExp.Date[0];
-            }
-        }
-        if (subExp.Days) {
-            const daysInt = parseInt(subExp.Days[0], 10);
-            if (daysInt < 1) {
-                expObj.error = errors.InvalidArgument.customizeDescription(
-                   'Expiration days is not a positive integer');
-            } else {
-                expObj.days = daysInt;
-            }
-        }
-        if (subExp.ExpiredObjectDeleteMarker) {
-            let filter = null;
-            if (rule.Filter && rule.Filter[0]) {
-                if (rule.Filter[0].And) {
-                    filter = rule.Filter[0].And[0];
-                } else {
-                    filter = rule.Filter[0];
-                }
-            }
-            if (filter && filter.Tag) {
-                expObj.error = errors.InvalidRequest.customizeDescription(
-                    'Tag-based filter cannot be used with ' +
-                    'ExpiredObjectDeleteMarker action');
-                return expObj;
-            }
-            const validValues = ['true', 'false'];
-            if (!validValues.includes(subExp.ExpiredObjectDeleteMarker[0])) {
-                expObj.error = errors.MalformedXML.customizeDescription(
-                    'ExpiredObjDeleteMarker is not true or false');
-            } else {
-                expObj.deleteMarker = subExp.ExpiredObjectDeleteMarker[0];
-            }
-        }
-        return expObj;
-    }
-
-    /**
-     * Check that NoncurrentVersionExpiration action is valid
-     * @param {object} rule - a rule object from Rule array from this._parsedXml
-     * @return {object} - contains error if parsing failed, else contains
-     * parsed action time
-     *
-     * Format of nvExpObj:
-     * nvExpObj = {
-     *      error: <error>,
-     *      days: <value>,
-     * }
-     */
-    _parseNoncurrentVersionExpiration(rule) {
-        const nvExpObj = {};
-        const subNVExp = rule.NoncurrentVersionExpiration[0];
-        if (!subNVExp.NoncurrentDays) {
-            nvExpObj.error = errors.MalformedXML.customizeDescription(
-                'NoncurrentVersionExpiration action does not include ' +
-                'NoncurrentDays');
-            return nvExpObj;
-        }
-        const daysInt = parseInt(subNVExp.NoncurrentDays[0], 10);
-        if (daysInt < 1) {
-            nvExpObj.error = errors.InvalidArgument.customizeDescription(
-                'NoncurrentDays is not a positive integer');
-        } else {
-            nvExpObj.days = daysInt;
-        }
-        return nvExpObj;
-    }
-
-    /**
-     * Validate the bucket metadata lifecycle configuration structure and
-     * value types
-     * @param {object} config - The lifecycle configuration to validate
-     * @return {undefined}
-     */
-    static validateConfig(config) {
-        assert.strictEqual(typeof config, 'object');
-        const rules = config.rules;
-        assert.strictEqual(Array.isArray(rules), true);
-        rules.forEach(rule => {
-            const { ruleID, ruleStatus, filter, actions } = rule;
-            assert.strictEqual(typeof ruleID, 'string');
-            assert.strictEqual(typeof ruleStatus, 'string');
-            assert.strictEqual(typeof filter, 'object');
-            assert.strictEqual(Array.isArray(actions), true);
-            if (filter.rulePrefix) {
-                assert.strictEqual(typeof filter.rulePrefix, 'string');
-            }
-            if (filter.tags) {
-                assert.strictEqual(Array.isArray(filter.tags), true);
-                filter.tags.forEach(t => {
-                    assert.strictEqual(typeof t.key, 'string');
-                    assert.strictEqual(typeof t.val, 'string');
-                });
-            }
-            actions.forEach(a => {
-                assert.strictEqual(typeof a.actionName, 'string');
-                if (a.days) {
-                    assert.strictEqual(typeof a.days, 'number');
-                }
-                if (a.date) {
-                    assert.strictEqual(typeof a.date, 'string');
-                }
-                if (a.deleteMarker) {
-                    assert.strictEqual(typeof a.deleteMarker, 'string');
-                }
-            });
-        });
-    }
-
-    /**
-     * Get XML representation of lifecycle configuration object
-     * @param {object} config - Lifecycle configuration object
-     * @return {string} - XML representation of config
-     */
-    static getConfigXml(config) {
-        const rules = config.rules;
-        const rulesXML = rules.map(rule => {
-            const { ruleID, ruleStatus, filter, actions } = rule;
-            const ID = `<ID>${ruleID}</ID>`;
-            const Status = `<Status>${ruleStatus}</Status>`;
-
-            const { rulePrefix, tags } = filter;
-            const Prefix = rulePrefix ? `<Prefix>${rulePrefix}</Prefix>` : '';
-            let tagXML = '';
-            if (tags) {
-                const keysVals = tags.map(t => {
-                    const { key, val } = t;
-                    const Tag = `<Key>${key}</Key>` +
-                        `<Value>${val}</Value>`;
-                    return Tag;
-                }).join('');
-                tagXML = `<Tag>${keysVals}</Tag>`;
-            }
-            let Filter;
-            if (rulePrefix && !tags) {
-                Filter = Prefix;
-            } else if (tags && (rulePrefix || tags.length > 1)) {
-                Filter = `<Filter><And>${Prefix}${tagXML}</And></Filter>`;
-            } else {
-                // remaining condition is if only one or no tag
-                Filter = `<Filter>${tagXML}</Filter>`;
-            }
-
-            const Actions = actions.map(action => {
-                const { actionName, days, date, deleteMarker } = action;
-                let Action;
-                if (actionName === 'AbortIncompleteMultipartUpload') {
-                    Action = `<${actionName}><DaysAfterInitiation>${days}` +
-                        `</DaysAfterInitiation></${actionName}>`;
-                } else if (actionName === 'NoncurrentVersionExpiration') {
-                    Action = `<${actionName}><NoncurrentDays>${days}` +
-                        `</NoncurrentDays></${actionName}>`;
-                } else if (actionName === 'Expiration') {
-                    const Days = days ? `<Days>${days}</Days>` : '';
-                    const Date = date ? `<Date>${date}</Date>` : '';
-                    const DelMarker = deleteMarker ?
-                        `<ExpiredObjectDeleteMarker>${deleteMarker}` +
-                        '</ExpiredObjectDeleteMarker>' : '';
-                    Action = `<${actionName}>${Days}${Date}${DelMarker}` +
-                        `</${actionName}>`;
-                }
-                return Action;
-            }).join('');
-            return `<Rule>${ID}${Status}${Filter}${Actions}</Rule>`;
-        }).join('');
-        return '<?xml version="1.0" encoding="UTF-8"?>' +
-        '<LifecycleConfiguration ' +
-            'xmlns="http://s3.amazonaws.com/doc/2006-03-01/">' +
-            `${rulesXML}` +
-        '</LifecycleConfiguration>';
-    }
-}
-
-module.exports = LifecycleConfiguration;

lib/models/LifecycleConfiguration.ts

@@ -0,0 +1,983 @@
+import assert from 'assert';
+import UUID from 'uuid';
+
+import errors, { ArsenalError } from '../errors';
+import LifecycleRule from './LifecycleRule';
+import escapeForXml from '../s3middleware/escapeForXml';
+import type { XMLRule } from './ReplicationConfiguration';
+import { Status } from './LifecycleRule';
+
+/**
+ * Format of xml request:
+
+ <LifecycleConfiguration>
+    <Rule>
+        <ID>id1</ID>
+        <Filter>
+            <Prefix>logs/</Prefix>
+        </Filter>
+        <Status>Enabled</Status>
+        <Expiration>
+            <Days>365</Days>
+        </Expiration>
+    </Rule>
+    <Rule>
+        <ID>DeleteAfterBecomingNonCurrent</ID>
+        <Filter>
+            <And>
+                <Prefix>logs/</Prefix>
+                <Tag>
+                    <Key>key1</Key>
+                    <Value>value1</Value>
+                </Tag>
+            </And>
+        </Filter>
+        <Status>Enabled</Status>
+        <NoncurrentVersionExpiration>
+            <NoncurrentDays>1</NoncurrentDays>
+        </NoncurrentVersionExpiration>
+        <AbortIncompleteMultipartUploads>
+            <DaysAfterInitiation>1</DaysAfterInitiation>
+        </AbortIncompleteMultipartUploads>
+    </Rule>
+</LifecycleConfiguration>
+ */
+
+/**
+ * Format of config:
+
+  config = {
+    rules = [
+        {
+            ruleID: <value>,
+            ruleStatus: <value>,
+            filter: {
+                rulePrefix: <value>,
+                tags: [
+                    {
+                        key: <value>,
+                        val: <value>
+                    },
+                    {
+                        key: <value>,
+                        val: <value>
+                    }
+                ]
+            },
+            actions: [
+                {
+                    actionName: <value>,
+                    days: <value>,
+                    date: <value>,
+                    deleteMarker: <value>
+                },
+                {
+                    actionName: <value>,
+                    days: <value>,
+                    date: <value>,
+                    deleteMarker: <value>,
+                },
+            ]
+        }
+    ]
+  };
+ */
+
+export default class LifecycleConfiguration {
+    _parsedXML: any;
+    _ruleIDs: string[];
+    _tagKeys: string[];
+    _config: {
+        error?: ArsenalError;
+        rules?: any[];
+    };
+
+    /**
+     * Create a Lifecycle Configuration instance
+     * @param xml - the parsed xml
+     * @return - LifecycleConfiguration instance
+     */
+    constructor(xml: any) {
+        this._parsedXML = xml;
+        this._ruleIDs = [];
+        this._tagKeys = [];
+        this._config = {};
+    }
+
+    /**
+     * Get the lifecycle configuration
+     * @return - the lifecycle configuration
+     */
+    getLifecycleConfiguration() {
+        const rules = this._buildRulesArray();
+        if (rules.error) {
+            this._config.error = rules.error;
+        }
+        return this._config;
+    }
+
+    /**
+     * Build the this._config.rules array
+     * @return - contains error if any rule returned an error
+     * or parsing failed
+     */
+    _buildRulesArray() {
+        this._config.rules = [];
+        if (!this._parsedXML || this._parsedXML === '') {
+            const msg = 'request xml is undefined or empty';
+            const error = errors.MalformedXML.customizeDescription(msg);
+            return { error };
+        }
+        if (!this._parsedXML.LifecycleConfiguration &&
+            this._parsedXML.LifecycleConfiguration !== '') {
+            const msg = 'request xml does not include LifecycleConfiguration';
+            const error = errors.MalformedXML.customizeDescription(msg);
+            return { error };
+        }
+        const lifecycleConf = this._parsedXML.LifecycleConfiguration;
+        const rulesArray: any[] = lifecycleConf.Rule;
+        if (!rulesArray || !Array.isArray(rulesArray) || rulesArray.length === 0) {
+            const msg = 'missing required key \'Rules\' in LifecycleConfiguration';
+            const error = errors.MissingRequiredParameter.customizeDescription(msg);
+            return { error };
+        }
+        if (rulesArray.length > 1000) {
+            const msg = 'request xml includes over max limit of 1000 rules';
+            const error = errors.MalformedXML.customizeDescription(msg);
+            return { error };
+        }
+        const rules: any = {};
+        for (let i = 0; i < rulesArray.length; i++) {
+            const rule = this._parseRule(rulesArray[i]);
+            if (rule.error) {
+                rules.error = rule.error;
+                break;
+            } else {
+                this._config.rules.push(rule);
+            }
+        }
+        return rules;
+    }
+
+    /**
+     * Check that the prefix is valid
+     * @param prefix - The prefix to check
+     * @return - The error or null
+     */
+    _checkPrefix(prefix: string) {
+        if (prefix.length > 1024) {
+            const msg = 'The maximum size of a prefix is 1024';
+            return errors.InvalidRequest.customizeDescription(msg);
+        }
+        return null;
+    }
+
+    /**
+     * Parses the prefix of the config
+     * @param prefix - The prefix to parse
+     * @return - Contains error if parsing returned an error, otherwise
+     * it contains the parsed rule object
+     */
+    _parsePrefix(prefix: string) {
+        const error = this._checkPrefix(prefix);
+        if (error) {
+            return { error };
+        }
+        return {
+            propName: 'prefix',
+            prefix,
+        };
+    }
+
+    /**
+     * Check that each xml rule is valid
+     * @param rule - a rule object from Rule array from this._parsedXml
+     * @return - contains error if any component returned an error
+     * or parsing failed, else contains parsed rule object
+     *
+     * Format of ruleObj:
+     * ruleObj = {
+     *      ruleID: <value>,
+     *      ruleStatus: <value>,
+     *      filter: {
+     *          rulePrefix: <value>,
+     *          tags: [
+     *              {
+     *                  key: <value>,
+     *                  val: <value>,
+     *              }
+     *          ]
+     *      }
+     *      actions: [
+     *          {
+     *              actionName: <value>,
+     *              day: <value>,
+     *              date: <value>,
+     *              deleteMarker: <value>
+     *          },
+     *      ]
+     * }
+     */
+    _parseRule(rule: XMLRule) {
+        if (rule.Transition || rule.NoncurrentVersionTransition) {
+            const msg = 'Transition lifecycle action not yet implemented';
+            const error = errors.NotImplemented.customizeDescription(msg);
+            return { error };
+        }
+        // Either Prefix or Filter must be included, but can be empty string
+        if ((!rule.Filter && rule.Filter !== '') &&
+        (!rule.Prefix && rule.Prefix !== '')) {
+            const msg = 'Rule xml does not include valid Filter or Prefix';
+            const error = errors.MalformedXML.customizeDescription(msg);
+            return { error };
+        }
+        if (rule.Filter && rule.Prefix) {
+            const msg = 'Rule xml should not include both Filter and Prefix';
+            const error = errors.MalformedXML.customizeDescription(msg);
+            return { error };
+        }
+        if (!rule.Status) {
+            const msg = 'Rule xml does not include Status';
+            const error = errors.MissingRequiredParameter.customizeDescription(msg);
+            return { error };
+        }
+        const id = this._parseID(rule.ID!);
+        const status = this._parseStatus(rule.Status[0]);
+        const actions = this._parseAction(rule);
+        const rulePropArray: any[] = [id, status, actions];
+        if (rule.Prefix) {
+            // Backward compatibility with deprecated top-level prefix.
+            const prefix = this._parsePrefix(rule.Prefix[0]);
+            rulePropArray.push(prefix);
+        } else if (rule.Filter) {
+            const filter = this._parseFilter(rule.Filter[0]);
+            rulePropArray.push(filter);
+        }
+        const ruleObj: any = {};
+        for (let i = 0; i < rulePropArray.length; i++) {
+            const prop = rulePropArray[i];
+            if (prop.error) {
+                ruleObj.error = prop.error;
+                break;
+            } else {
+                const propName = prop.propName;
+                // eslint-disable-next-line no-param-reassign
+                delete prop.propName;
+                if (prop[propName] !== undefined) {
+                    ruleObj[propName] = prop[propName];
+                } else {
+                    ruleObj[propName] = prop;
+                }
+            }
+        }
+        return ruleObj;
+    }
+
+    /**
+     * Check that filter component of rule is valid
+     * @param filter - filter object from a rule object
+     * @return - contains error if parsing failed, else contains
+     * parsed prefix and tag array
+     *
+     * Format of filterObj:
+     * filterObj = {
+     *      error: <error>,
+     *      propName: 'filter',
+     *      rulePrefix: <value>,
+     *      tags: [
+     *          {
+     *              key: <value>,
+     *              val: <value>
+     *          },
+     *          {
+     *              key: <value>,
+     *              value: <value>
+     *          }
+     *      ]
+     * }
+     */
+    _parseFilter(filter: any) {
+        // @ts-ignore
+        const filterObj: {
+            error?: ArsenalError;
+            propName: 'filter';
+            rulePrefix: string;
+            tags: { key: string; val: string }[]
+        } = {
+            propName: 'filter',
+        };
+        if (Array.isArray(filter)) {
+            // if Prefix was included, not Filter, filter will be Prefix array
+            // if more than one Prefix is included, we ignore all but the last
+            filterObj.rulePrefix = filter[filter.length - 1];
+            const error = this._checkPrefix(filterObj.rulePrefix);
+            if (error) {
+                filterObj.error = error;
+            }
+            return filterObj;
+        }
+        if (filter.And && (filter.Prefix || filter.Tag) ||
+        (filter.Prefix && filter.Tag)) {
+            const msg = 'Filter should only include one of And, Prefix, or Tag key';
+            const error = errors.MalformedXML.customizeDescription(msg);
+            filterObj.error = error;
+            return filterObj;
+        }
+        if (filter.Prefix) {
+            filterObj.rulePrefix = filter.Prefix[filter.Prefix.length - 1];
+            const error = this._checkPrefix(filterObj.rulePrefix);
+            if (error) {
+                filterObj.error = error;
+            }
+            return filterObj;
+        }
+        if (filter.Tag) {
+            const tagObj = this._parseTags(filter.Tag);
+            if (tagObj.error) {
+                filterObj.error = tagObj.error;
+                return filterObj;
+            }
+            filterObj.tags = tagObj.tags;
+            return filterObj;
+        }
+        if (filter.And) {
+            const andF = filter.And[0];
+            if (!andF.Tag || (!andF.Prefix && andF.Tag.length < 2)) {
+                filterObj.error = errors.MalformedXML.customizeDescription(
+                    'And should include Prefix and Tags or more than one Tag');
+                return filterObj;
+            }
+            if (andF.Prefix && andF.Prefix.length >= 1) {
+                filterObj.rulePrefix = andF.Prefix[andF.Prefix.length - 1];
+                const error = this._checkPrefix(filterObj.rulePrefix);
+                if (error) {
+                    filterObj.error = error;
+                    return filterObj;
+                }
+            }
+            const tagObj = this._parseTags(andF.Tag);
+            if (tagObj.error) {
+                filterObj.error = tagObj.error;
+                return filterObj;
+            }
+            filterObj.tags = tagObj.tags;
+            return filterObj;
+        }
+        return filterObj;
+    }
+
+    /**
+     * Check that each tag object is valid
+     * @param tags - a tag object from a filter object
+     * @return - indicates whether tag object is valid
+     *
+     * Format of tagObj:
+     * tagObj = {
+     *      error: <error>,
+     *      tags: [
+     *          {
+     *              key: <value>,
+     *              value: <value>,
+     *          }
+     *      ]
+     * }
+     */
+    _parseTags(tags: { Key?: string; Value?: any[] }[]) {
+        // FIXME please
+        const tagObj: {
+            error?: ArsenalError;
+            tags: { key: string; val: string }[];
+        } = {
+            tags: [],
+        };
+        // reset _tagKeys to empty because keys cannot overlap within a rule,
+        // but different rules can have the same tag keys
+        this._tagKeys = [];
+        for (const tag of tags) {
+            if (!tag.Key || !tag.Value) {
+                const msg = 'Tag XML does not contain both Key and Value';
+                const err = errors.MissingRequiredParameter.customizeDescription(msg);
+                tagObj.error = err;
+                break;
+            }
+
+            if (tag.Key[0].length < 1 || tag.Key[0].length > 128) {
+                tagObj.error = errors.InvalidRequest.customizeDescription(
+                    "A Tag's Key must be a length between 1 and 128"
+                );
+                break;
+            }
+            if (tag.Value[0].length < 0 || tag.Value[0].length > 256) {
+                tagObj.error = errors.InvalidRequest.customizeDescription(
+                    "A Tag's Value must be a length between 0 and 256"
+                );
+                break;
+            }
+            if (this._tagKeys.includes(tag.Key[0])) {
+                tagObj.error = errors.InvalidRequest.customizeDescription(
+                    'Tag Keys must be unique'
+                );
+                break;
+            }
+            this._tagKeys.push(tag.Key[0]);
+            tagObj.tags.push({
+                key: tag.Key[0],
+                val: tag.Value[0],
+            });
+        }
+        return tagObj;
+    }
+
+    /**
+     * Check that ID component of rule is valid
+     * @param id - contains id string at first index or empty
+     * @return - contains error if parsing failed or id is not unique,
+     * else contains parsed or generated id
+     *
+     * Format of idObj:
+     * idObj = {
+     *      error: <error>,
+     *      propName: 'ruleID',
+     *      ruleID: <value>
+     * }
+     */
+    _parseID(id: string[]) {
+        // @ts-ignore
+        const idObj:
+            | { error: ArsenalError; propName: 'ruleID', ruleID?: any }
+            | { propName: 'ruleID', ruleID: any } = { propName: 'ruleID' };
+        if (id && id[0].length > 255) {
+            const msg = 'Rule ID is greater than 255 characters long';
+            const error = errors.InvalidArgument.customizeDescription(msg);
+            return { ...idObj, error };
+        }
+        if (!id || !id[0] || id[0] === '') {
+            // ID is optional property, but create one if not provided or is ''
+            // We generate 48-character alphanumeric, unique ID for rule
+            idObj.ruleID = Buffer.from(UUID.v4()).toString('base64');
+        } else {
+            idObj.ruleID = id[0];
+        }
+        // Each ID in a list of rules must be unique.
+        if (this._ruleIDs.includes(idObj.ruleID)) {
+            const msg = 'Rule ID must be unique';
+            const error = errors.InvalidRequest.customizeDescription(msg);
+            return { ...idObj, error };
+        }
+        this._ruleIDs.push(idObj.ruleID);
+        return idObj;
+    }
+
+    /**
+     * Check that status component of rule is valid
+     * @param status - status string
+     * @return - contains error if parsing failed, else contains
+     * parsed status
+     *
+     * Format of statusObj:
+     * statusObj = {
+     *      error: <error>,
+     *      propName: 'ruleStatus',
+     *      ruleStatus: <value>
+     * }
+     */
+    _parseStatus(status: string) {
+        const base: { propName: 'ruleStatus' } = { propName: 'ruleStatus' }
+        const validStatuses = ['Enabled', 'Disabled'];
+        if (!validStatuses.includes(status)) {
+            const msg = 'Status is not valid';
+            const error = errors.MalformedXML.customizeDescription(msg);
+            return { ...base, error };
+        }
+        return { ...base, ruleStatus: status }
+    }
+
+
+    /**
+     * Checks the validity of the given date
+     * @param date - The date the check
+     * @return Returns an error object or `null`
+     */
+    _checkDate(date: string) {
+        const isoRegex = new RegExp(
+            "^(-?(?:[1-9][0-9]*)?[0-9]{4})" + // Year
+            "-(1[0-2]|0[1-9])" + // Month
+            "-(3[01]|0[1-9]|[12][0-9])" + // Day
+            "T(2[0-3]|[01][0-9])" + // Hour
+            ":([0-5][0-9])" + // Minute
+            ":([0-5][0-9])" + // Second
+            "(\\.[0-9]+)?" + // Fractional second
+            "(Z|[+-][01][0-9]:[0-5][0-9])?$", // Timezone
+            "g"
+        );
+        const matches = [...date.matchAll(isoRegex)];
+        if (matches.length !== 1) {
+            const msg = 'Date must be in ISO 8601 format';
+            return errors.InvalidArgument.customizeDescription(msg);
+        }
+        // Check for a timezone in the last match group. If none, add a Z to indicate UTC.
+        if (!matches[0][matches[0].length-1]) {
+            date += 'Z';
+        }
+        const dateObj = new Date(date);
+        if (Number.isNaN(dateObj.getTime())) {
+            const msg = 'Date is not a valid date';
+            return errors.InvalidArgument.customizeDescription(msg);
+        }
+        if (dateObj.getUTCHours() !== 0
+            || dateObj.getUTCMinutes() !== 0
+            || dateObj.getUTCSeconds() !== 0
+            || dateObj.getUTCMilliseconds() !== 0) {
+            const msg = '\'Date\' must be at midnight GMT';
+            return errors.InvalidArgument.customizeDescription(msg);
+        }
+        return null;
+    }
+    /**
+     * Check that action component of rule is valid
+     * @param rule - a rule object from Rule array from this._parsedXml
+     * @return - contains error if parsing failed, else contains
+     * parsed action information
+     *
+     * Format of actionObj:
+     * actionsObj = {
+     *      error: <error>,
+     *      propName: 'action',
+     *      actions: [
+     *          {
+     *              actionName: <value>,
+     *              days: <value>,
+     *              date: <value>,
+     *              deleteMarker: <value>
+     *              newerNoncurrentVersions: <value>,
+     *          },
+     *      ],
+     * }
+     */
+    _parseAction(rule: any) {
+        const actionsObj: {
+            error?: ArsenalError;
+            propName: 'actions';
+            actions: {
+                actionName: string;
+                days?: number;
+                date?: number;
+                deleteMarker?: boolean;
+                newerNoncurrentVersions?: number
+            }[];
+        } = {
+            propName: 'actions',
+            actions: [],
+        };
+        const validActions = ['AbortIncompleteMultipartUpload',
+            'Expiration', 'NoncurrentVersionExpiration'];
+        validActions.forEach(a => {
+            if (rule[a]) {
+                actionsObj.actions.push({ actionName: `${a}` });
+            }
+        });
+        if (actionsObj.actions.length === 0) {
+            const msg = 'Rule does not include valid action';
+            const error = errors.InvalidRequest.customizeDescription(msg);
+            return { ...actionsObj, error };
+        }
+        actionsObj.actions.forEach(a => {
+            const actionFn = `_parse${a.actionName}`;
+            const action = this[actionFn](rule);
+            if (action.error) {
+                actionsObj.error = action.error;
+            } else {
+                const actionTimes = ['days', 'date', 'deleteMarker', 'newerNoncurrentVersions'];
+                actionTimes.forEach(t => {
+                    if (action[t]) {
+                        // eslint-disable-next-line no-param-reassign
+                        a[t] = action[t];
+                    }
+                });
+            }
+        });
+        return actionsObj;
+    }
+
+    /**
+     * Check that AbortIncompleteMultipartUpload action is valid
+     * @param rule - a rule object from Rule array from this._parsedXml
+     * @return - contains error if parsing failed, else contains
+     * parsed action time
+     *
+     * Format of abortObj:
+     * abortObj = {
+     *      error: <error>,
+     *      days: <value>
+     * }
+     */
+    _parseAbortIncompleteMultipartUpload(rule: any) {
+        const abortObj: { error?: ArsenalError, days?: number } = {};
+        let filter: any = null;
+        if (rule.Filter && rule.Filter[0]) {
+            if (rule.Filter[0].And) {
+                filter = rule.Filter[0].And[0];
+            } else {
+                filter = rule.Filter[0];
+            }
+        }
+        if (filter && filter.Tag) {
+            abortObj.error = errors.InvalidRequest.customizeDescription(
+                'Tag-based filter cannot be used with ' +
+                'AbortIncompleteMultipartUpload action',
+            );
+            return abortObj;
+        }
+        const subAbort = rule.AbortIncompleteMultipartUpload[0];
+        if (!subAbort.DaysAfterInitiation) {
+            abortObj.error = errors.MalformedXML.customizeDescription(
+                'AbortIncompleteMultipartUpload action does not ' +
+                'include DaysAfterInitiation');
+            return abortObj;
+        }
+        const daysInt = parseInt(subAbort.DaysAfterInitiation[0], 10);
+        if (daysInt < 1) {
+            abortObj.error = errors.InvalidArgument.customizeDescription(
+                'DaysAfterInitiation is not a positive integer');
+            return abortObj;
+        }
+        abortObj.days = daysInt;
+        return abortObj;
+    }
+
+    /**
+     * Check that Expiration action is valid
+     * @param rule - a rule object from Rule array from this._parsedXml
+     * @return - contains error if parsing failed, else contains
+     * parsed action time
+     *
+     * Format of expObj:
+     * expObj = {
+     *      error: <error>,
+     *      days: <value>,
+     *      date: <value>,
+     *      deleteMarker: <value>
+     * }
+     */
+    _parseExpiration(rule: any) {
+        const expObj: {
+            error?: ArsenalError;
+            days?: number;
+            date?: number;
+            deleteMarker?: boolean;
+        } = {};
+        const subExp = rule.Expiration[0];
+        if (!subExp.Date && !subExp.Days && !subExp.ExpiredObjectDeleteMarker) {
+            const msg = 'Expiration action does not include an action time';
+            const error = errors.MalformedXML.customizeDescription(msg);
+            return { error };
+        }
+        const eodm = 'ExpiredObjectDeleteMarker';
+        if (subExp.Date &&
+            (subExp.Days || subExp[eodm]) ||
+            (subExp.Days && subExp[eodm])) {
+            const msg = 'Expiration action includes more than one time';
+            const error = errors.MalformedXML.customizeDescription(msg);
+            return { error };
+        }
+        if (subExp.Date) {
+            const error = this._checkDate(subExp.Date[0]);
+            if (error) {
+                expObj.error = error;
+            } else {
+                expObj.date = subExp.Date[0];
+            }
+        }
+        if (subExp.Days) {
+            const daysInt = parseInt(subExp.Days[0], 10);
+            if (daysInt < 1) {
+                expObj.error = errors.InvalidArgument.customizeDescription(
+                    'Expiration days is not a positive integer');
+            } else {
+                expObj.days = daysInt;
+            }
+        }
+        if (subExp.ExpiredObjectDeleteMarker) {
+            let filter: any = null;
+            if (rule.Filter && rule.Filter[0]) {
+                if (rule.Filter[0].And) {
+                    filter = rule.Filter[0].And[0];
+                } else {
+                    filter = rule.Filter[0];
+                }
+            }
+            if (filter && filter.Tag) {
+                expObj.error = errors.InvalidRequest.customizeDescription(
+                    'Tag-based filter cannot be used with ' +
+                    'ExpiredObjectDeleteMarker action');
+                return expObj;
+            }
+            const validValues = ['true', 'false'];
+            if (!validValues.includes(subExp.ExpiredObjectDeleteMarker[0])) {
+                expObj.error = errors.MalformedXML.customizeDescription(
+                    'ExpiredObjDeleteMarker is not true or false');
+            } else {
+                expObj.deleteMarker = subExp.ExpiredObjectDeleteMarker[0];
+            }
+        }
+        return expObj;
+    }
+
+    /**
+     * Check that NoncurrentVersionExpiration action is valid
+     * @param rule - a rule object from Rule array from this._parsedXml
+     * @return - contains error if parsing failed, else contains
+     * parsed action time
+     *
+     * Format of nvExpObj:
+     * nvExpObj = {
+     *      error: <error>,
+     *      days: <value>,
+     *      newerNoncurrentVersions: <value>,
+     * }
+     */
+    _parseNoncurrentVersionExpiration(rule: any) {
+        const subNVExp = rule.NoncurrentVersionExpiration[0];
+        if (!subNVExp.NoncurrentDays) {
+            const error = errors.MalformedXML.customizeDescription(
+                'NoncurrentVersionExpiration action does not include ' +
+                'NoncurrentDays');
+            return { error };
+        }
+
+        const actionParams: {
+            error?: ArsenalError;
+            days: number;
+            newerNoncurrentVersions: number;
+        } = {
+            days: 0,
+            newerNoncurrentVersions: 0,
+        };
+
+        const daysInt = parseInt(subNVExp.NoncurrentDays[0], 10);
+        if (daysInt < 1) {
+            const msg = 'NoncurrentDays is not a positive integer';
+            const error = errors.InvalidArgument.customizeDescription(msg);
+            return { error };
+        } else {
+            actionParams.days = daysInt;
+        }
+
+        if (subNVExp.NewerNoncurrentVersions) {
+            const newerVersionsInt = parseInt(subNVExp.NewerNoncurrentVersions[0], 10);
+
+            if (Number.isNaN(newerVersionsInt) || newerVersionsInt < 1) {
+                const msg = 'NewerNoncurrentVersions is not a positive integer';
+                const error = errors.InvalidArgument.customizeDescription(msg);
+                return { error };
+            }
+
+            actionParams.newerNoncurrentVersions = newerVersionsInt;
+
+        } else {
+            actionParams.newerNoncurrentVersions = 0;
+        }
+
+        return actionParams;
+    }
+
+    /**
+     * Validate the bucket metadata lifecycle configuration structure and
+     * value types
+     * @param config - The lifecycle configuration to validate
+     */
+    static validateConfig(config: any) {
+        assert.strictEqual(typeof config, 'object');
+        const rules = config.rules;
+        assert.strictEqual(Array.isArray(rules), true);
+        rules.forEach((rule: any) => {
+            const { ruleID, ruleStatus, prefix, filter, actions } = rule;
+            assert.strictEqual(typeof ruleID, 'string');
+            assert.strictEqual(typeof ruleStatus, 'string');
+            if (prefix !== undefined) {
+                assert.strictEqual(typeof prefix, 'string');
+            } else {
+                assert.strictEqual(typeof filter, 'object');
+                assert.strictEqual(Array.isArray(actions), true);
+                if (filter.rulePrefix) {
+                    assert.strictEqual(typeof filter.rulePrefix, 'string');
+                }
+                if (filter.tags) {
+                    assert.strictEqual(Array.isArray(filter.tags), true);
+                    filter.tags.forEach((t: any) => {
+                        assert.strictEqual(typeof t.key, 'string');
+                        assert.strictEqual(typeof t.val, 'string');
+                    });
+                }
+            }
+            actions.forEach((a: any) => {
+                assert.strictEqual(typeof a.actionName, 'string');
+                if (a.days) {
+                    assert.strictEqual(typeof a.days, 'number');
+                }
+                if (a.date) {
+                    assert.strictEqual(typeof a.date, 'string');
+                }
+                if (a.deleteMarker) {
+                    assert.strictEqual(typeof a.deleteMarker, 'string');
+                }
+
+                if (a.newerNoncurrentVersions) {
+                    assert.strictEqual(typeof a.newerNoncurrentVersions, 'number');
+                }
+            });
+        });
+    }
+
+    /**
+     * Get XML representation of lifecycle configuration object
+     * @param config - Lifecycle configuration object
+     * @return - XML representation of config
+     */
+    static getConfigXml(config: { rules: Rule[] }) {
+        const rules = config.rules;
+        const rulesXML = rules.map((rule) => {
+            const { ruleID, ruleStatus, filter, actions, prefix } = rule;
+            const ID = `<ID>${escapeForXml(ruleID)}</ID>`;
+            const Status = `<Status>${ruleStatus}</Status>`;
+            let rulePrefix: string | undefined;
+            if (prefix !== undefined) {
+                rulePrefix = prefix;
+            } else {
+                rulePrefix = filter?.rulePrefix;
+            }
+            const tags = filter && filter.tags;
+            const Prefix = rulePrefix !== undefined ?
+                `<Prefix>${rulePrefix}</Prefix>` : '';
+            let tagXML = '';
+            if (tags) {
+                tagXML = tags.map(t => {
+                    const { key, val } = t;
+                    const Tag = `<Tag><Key>${key}</Key>` +
+                        `<Value>${val}</Value></Tag>`;
+                    return Tag;
+                }).join('');
+            }
+            let Filter: string;
+            if (prefix !== undefined) {
+                // Prefix is in the top-level of the config, so we can skip the
+                // filter property.
+                Filter = Prefix;
+            } else if (filter?.rulePrefix !== undefined && !tags) {
+                Filter = `<Filter>${Prefix}</Filter>`;
+            } else if (tags &&
+                (filter.rulePrefix !== undefined || tags.length > 1)) {
+                Filter = `<Filter><And>${Prefix}${tagXML}</And></Filter>`;
+            } else {
+                // remaining condition is if only one or no tag
+                Filter = `<Filter>${tagXML}</Filter>`;
+            }
+
+            const Actions = actions.map(action => {
+                const { actionName, days, date, deleteMarker, newerNoncurrentVersions } = action;
+                let Action: any;
+                if (actionName === 'AbortIncompleteMultipartUpload') {
+                    Action = `<${actionName}><DaysAfterInitiation>${days}` +
+                        `</DaysAfterInitiation></${actionName}>`;
+                } else if (actionName === 'NoncurrentVersionExpiration') {
+                    const Days = `<NoncurrentDays>${days}</NoncurrentDays>`;
+                    const NewerVersions = newerNoncurrentVersions ?
+                        `<NewerNoncurrentVersions>${newerNoncurrentVersions}</NewerNoncurrentVersions>` : '';
+                    Action = `<${actionName}>${Days}${NewerVersions}</${actionName}>`;
+                } else if (actionName === 'Expiration') {
+                    const Days = days ? `<Days>${days}</Days>` : '';
+                    const Date = date ? `<Date>${date}</Date>` : '';
+                    const DelMarker = deleteMarker ?
+                        `<ExpiredObjectDeleteMarker>${deleteMarker}` +
+                        '</ExpiredObjectDeleteMarker>' : '';
+                    Action = `<${actionName}>${Days}${Date}${DelMarker}` +
+                        `</${actionName}>`;
+                }
+                return Action;
+            }).join('');
+            return `<Rule>${ID}${Status}${Filter}${Actions}</Rule>`;
+        }).join('');
+        return '<?xml version="1.0" encoding="UTF-8"?>' +
+        '<LifecycleConfiguration ' +
+            'xmlns="http://s3.amazonaws.com/doc/2006-03-01/">' +
+            `${rulesXML}` +
+        '</LifecycleConfiguration>';
+    }
+
+    /**
+     * Get JSON representation of lifecycle configuration object
+     * @param config - Lifecycle configuration object
+     * @return - XML representation of config
+     */
+    static getConfigJson(config: { rules: Rule[] }) {
+        const rules = config.rules;
+        const rulesJSON = rules.map(rule => {
+            const { ruleID, ruleStatus, filter, actions, prefix } = rule;
+            const entry = new LifecycleRule(ruleID, ruleStatus);
+            if (prefix !== undefined) {
+                entry.addPrefix(prefix);
+            } else if (filter && filter.rulePrefix !== undefined) {
+                entry.addPrefix(filter.rulePrefix);
+            }
+
+            const tags = filter && filter.tags;
+            if (tags) {
+                tags.forEach(tag => entry.addTag(tag.key, tag.val));
+            }
+
+            actions.forEach(action => {
+                const { actionName, days, date, deleteMarker, newerNoncurrentVersions } = action;
+                if (actionName === 'AbortIncompleteMultipartUpload') {
+                    entry.addAbortMPU(days!);
+                    return;
+                }
+                if (actionName === 'NoncurrentVersionExpiration') {
+                    entry.addNCVExpiration('NoncurrentDays', days!);
+
+                    if (newerNoncurrentVersions) {
+                        entry.addNCVExpiration('NewerNoncurrentVersions', newerNoncurrentVersions!);
+                    }
+
+                    return;
+                }
+                if (actionName === 'Expiration') {
+                    if (days !== undefined) {
+                        entry.addExpiration('Days', days);
+                        return;
+                    }
+
+                    if (date !== undefined) {
+                        entry.addExpiration('Date', date);
+                        return;
+                    }
+
+                    if (deleteMarker !== undefined) {
+                        entry.addExpiration('ExpiredObjectDeleteMarker', deleteMarker);
+                        return;
+                    }
+                }
+            });
+
+            return entry.build();
+        });
+
+        return { Rules: rulesJSON };
+    }
+}
+
+export type Rule = {
+    ruleID: string;
+    prefix?: string;
+    ruleStatus: Status;
+    actions: {
+        actionName: string;
+        days?: number;
+        date?: number;
+        deleteMarker?: boolean;
+        newerNoncurrentVersions?: number;
+    }[];
+    filter?: {
+        rulePrefix?: string;
+        tags: { key: string; val: string }[];
+    };
+};

lib/models/LifecycleRule.ts

@@ -0,0 +1,176 @@
+import uuid from 'uuid/v4';
+
+export type Status = 'Disabled' | 'Enabled';
+export type Tag = { Key: string; Value: string };
+export type Tags = Tag[];
+export type And = { Prefix?: string; Tags: Tags };
+export type Filter = { Prefix?: string; Tag?: Tag } | { And: And };
+export type Expiration = {
+    ExpiredObjectDeleteMarker?: number | boolean;
+    Date?: number | boolean;
+    Days?: number | boolean;
+};
+export type NoncurrentExpiration = {
+    NoncurrentDays: number | null;
+    NewerNoncurrentVersions: number | null;
+};
+
+/**
+ * @class LifecycleRule
+ *
+ * @classdesc Simple get/set class to build a single Rule
+ */
+export default class LifecycleRule {
+    id: string;
+    status: Status;
+    tags: Tags;
+    expiration?: Expiration;
+    ncvExpiration?: NoncurrentExpiration;
+    abortMPU?: { DaysAfterInitiation: number };
+    transitions?: any[];
+    prefix?: string;
+
+    constructor(id: string, status: Status) {
+        // defaults
+        this.id = id || uuid();
+        this.status = status === 'Disabled' ? 'Disabled' : 'Enabled';
+        this.tags = [];
+    }
+
+    build() {
+        const rule: {
+            ID: string;
+            Status: Status;
+            Expiration?: Expiration;
+            NoncurrentVersionExpiration?: NoncurrentExpiration;
+            AbortIncompleteMultipartUpload?: { DaysAfterInitiation: number };
+            Transitions?: any[];
+            Filter?: Filter;
+            Prefix?: '';
+        } = { ID: this.id, Status: this.status };
+
+        if (this.expiration) {
+            rule.Expiration = this.expiration;
+        }
+        if (this.ncvExpiration) {
+            rule.NoncurrentVersionExpiration = this.ncvExpiration
+        }
+        if (this.abortMPU) {
+            rule.AbortIncompleteMultipartUpload = this.abortMPU;
+        }
+        if (this.transitions) {
+            rule.Transitions = this.transitions;
+        }
+
+        const filter = this.buildFilter();
+
+        if (Object.keys(filter).length > 0) {
+            rule.Filter = filter;
+        } else {
+            rule.Prefix = '';
+        }
+
+        return rule;
+    }
+
+    buildFilter() {
+        if ((this.prefix && this.tags.length) || this.tags.length > 1) {
+            // And rule
+            const And: And = { Tags: this.tags };
+            if (this.prefix) {
+                And.Prefix = this.prefix;
+            }
+            return { And };
+        } else {
+            const filter: Filter = {};
+            if (this.prefix) {
+                filter.Prefix = this.prefix;
+            }
+            if (this.tags.length > 0) {
+                filter.Tag = this.tags[0];
+            }
+            return filter;
+        }
+    }
+
+    addID(id: string) {
+        this.id = id;
+        return this;
+    }
+
+    disable() {
+        this.status = 'Disabled';
+        return this;
+    }
+
+    addPrefix(prefix: string) {
+        this.prefix = prefix;
+        return this;
+    }
+
+    addTag(key: string, value: string) {
+        this.tags.push({
+            Key: key,
+            Value: value,
+        });
+        return this;
+    }
+
+    /**
+     * Expiration
+     * @param prop - Property must be defined in `validProps`
+     * @param value - integer for `Date` or `Days`, or boolean for `ExpiredObjectDeleteMarker`
+     */
+    addExpiration(prop: 'ExpiredObjectDeleteMarker', value: boolean): this;
+    addExpiration(prop: 'Date' | 'Days', value: number): this;
+    addExpiration(prop: string, value: number | boolean) {
+        const validProps = ['Date', 'Days', 'ExpiredObjectDeleteMarker'];
+        if (validProps.includes(prop)) {
+            this.expiration = this.expiration || {};
+            if (prop === 'ExpiredObjectDeleteMarker') {
+                // FIXME
+                // @ts-expect-error
+                this.expiration[prop] = JSON.parse(value);
+            } else {
+                this.expiration[prop] = value;
+            }
+        }
+        return this;
+    }
+
+    /**
+     * NoncurrentVersionExpiration
+     * @param prop - Property must be defined in `validProps`
+     * @param value - integer for `NoncurrentDays` and `NewerNoncurrentVersions` 
+     */
+    addNCVExpiration(prop: 'NoncurrentDays' | 'NewerNoncurrentVersions', value: number): this;
+    addNCVExpiration(prop: string, value: number) {
+        const validProps = ['NoncurrentDays', 'NewerNoncurrentVersions'];
+        if (validProps.includes(prop)) {
+            this.ncvExpiration = this.ncvExpiration || {
+                NoncurrentDays: null,
+                NewerNoncurrentVersions: null,
+            };
+            this.ncvExpiration[prop] = value;
+        }
+        return this;
+    }
+
+    /**
+     * abortincompletemultipartupload
+     * @param days - DaysAfterInitiation
+     */
+    addAbortMPU(days: number) {
+        this.abortMPU = { DaysAfterInitiation: days };
+        return this;
+    }
+
+    /**
+     * Transitions
+     * @param transitions - transitions
+     */
+    addTransitions(transitions: any[]) {
+        this.transitions = transitions;
+        return this;
+    }
+}

lib/models/NotificationConfiguration.ts

@@ -0,0 +1,325 @@
+import assert from 'assert';
+import UUID from 'uuid';
+
+import {
+    supportedNotificationEvents,
+    notificationArnPrefix,
+} from '../constants';
+import errors, { ArsenalError } from '../errors';
+
+/**
+ * Format of xml request:
+ *
+ * <ONotificationConfiguration>
+ *      <QueueConfiguration>
+ *          <Event>array</Event>
+ *          <Filter>
+ *              <S3Key>
+ *                  <FilterRule>
+ *                      <Name>string</Name>
+ *                      <Value>string</Value>
+ *                  </FilterRule>
+ *              </S3Key>
+ *          </Filter>
+ *          <Id>string</Id>
+ *          <Queue>string</Queue>
+ *      </QueueConfiguration>
+ * </NotificationConfiguration>
+ */
+
+/**
+  * Format of config:
+  *
+  * config = {
+  *     queueConfig: [
+  *         {
+  *         events: array,
+  *         queueArn: string,
+  *         filterRules: [
+  *             {
+  *                 name: string,
+  *                 value: string
+  *             },
+  *             {
+  *                 name: string,
+  *                 value:string
+  *             },
+  *         ],
+  *         id: string
+  *         }
+  *     ]
+  * }
+  */
+
+export default class NotificationConfiguration {
+    _parsedXml: any;
+    _config: {
+        error?: ArsenalError;
+        queueConfig?: any[];
+    };
+    _ids: Set<string>;
+    /**
+     * Create a Notification Configuration instance
+     * @param xml - parsed configuration xml
+     * @return - NotificationConfiguration instance
+     */
+    constructor(xml: any) {
+        this._parsedXml = xml;
+        this._config = {};
+        this._ids = new Set();
+    }
+
+    /**
+     * Get notification configuration
+     * @return - contains error if parsing failed
+     */
+    getValidatedNotificationConfiguration() {
+        const validationError = this._parseNotificationConfig();
+        if (validationError) {
+            this._config.error = validationError;
+        }
+        return this._config;
+    }
+
+    /**
+     * Check that notification configuration is valid
+     * @return - error if parsing failed, else undefined
+     */
+    _parseNotificationConfig() {
+        if (!this._parsedXml || this._parsedXml === '') {
+            return errors.MalformedXML.customizeDescription(
+                'request xml is undefined or empty');
+        }
+        const notificationConfig = this._parsedXml.NotificationConfiguration;
+        if (!notificationConfig || notificationConfig === '') {
+            return errors.MalformedXML.customizeDescription(
+                'request xml does not include NotificationConfiguration');
+        }
+        const queueConfig = notificationConfig.QueueConfiguration;
+        if (!queueConfig || !queueConfig[0]) {
+            // if undefined or empty QueueConfiguration, notif configuration is deleted
+            return null;
+        }
+        this._config.queueConfig = [];
+        let parseError: ArsenalError | undefined;
+        for (let i = 0; i < queueConfig.length; i++) {
+            const eventObj = this._parseEvents(queueConfig[i].Event);
+            const filterObj = this._parseFilter(queueConfig[i].Filter);
+            const idObj = this._parseId(queueConfig[i].Id);
+            const arnObj = this._parseArn(queueConfig[i].Queue);
+
+            if ('error' in eventObj) {
+                parseError = eventObj.error;
+                this._config = {};
+                break;
+            }
+            if ('error' in filterObj) {
+                parseError = filterObj.error;
+                this._config = {};
+                break;
+            }
+            if (idObj.error) {
+                parseError = idObj.error;
+                this._config = {};
+                break;
+            }
+            if (arnObj.error) {
+                parseError = arnObj.error;
+                this._config = {};
+                break;
+            }
+            this._config.queueConfig.push({
+                events: eventObj.events,
+                queueArn: arnObj.arn,
+                id: idObj.id,
+                filterRules: filterObj.filterRules,
+            });
+        }
+        return parseError ?? null;
+    }
+
+    /**
+     * Check that events array is valid
+     * @param events - event array
+     * @return - contains error if parsing failed or events array
+     */
+    _parseEvents(events: any[]) {
+        if (!events || !events[0]) {
+            const msg = 'each queue configuration must contain an event';
+            const error = errors.MalformedXML.customizeDescription(msg);
+            return { error };
+        }
+        const eventsObj: { error?: ArsenalError, events: any[] } = {
+            events: [] as any[],
+        };
+        for (const e of events) {
+            if (!supportedNotificationEvents.has(e)) {
+                const msg = 'event array contains invalid or unsupported event';
+                const error = errors.MalformedXML.customizeDescription(msg);
+                return { error };
+            } else {
+                eventsObj.events.push(e);
+            }
+        }
+        return eventsObj;
+    }
+
+    /**
+     * Check that filter array is valid
+     * @param filter - filter array
+     * @return - contains error if parsing failed or filter array
+     */
+    _parseFilter(filter: any[]) {
+        if (!filter || !filter[0]) {
+            return { filterRules: undefined };
+        }
+        if (!filter[0].S3Key || !filter[0].S3Key[0]) {
+            return { error: errors.MalformedXML.customizeDescription(
+                'if included, queue configuration filter must contain S3Key') };
+        }
+        const filterRules = filter[0].S3Key[0];
+        if (!filterRules.FilterRule || !filterRules.FilterRule[0]) {
+            return { error: errors.MalformedXML.customizeDescription(
+                'if included, queue configuration filter must contain a rule') };
+        }
+        const filterObj: { filterRules: { name: string; value: string }[] } = {
+            filterRules: [],
+        };
+        const ruleArray = filterRules.FilterRule;
+        for (let i = 0; i < ruleArray.length; i++) {
+            if (!ruleArray[i].Name
+                || !ruleArray[i].Name[0]
+                || !ruleArray[i].Value
+                || !ruleArray[i].Value[0]) {
+                return { error: errors.MalformedXML.customizeDescription(
+                    'each included filter must contain a name and value') };
+            }
+            if (!['Prefix', 'Suffix'].includes(ruleArray[i].Name[0])) {
+                return { error: errors.MalformedXML.customizeDescription(
+                    'filter Name must be one of Prefix or Suffix') };
+            }
+            filterObj.filterRules.push({
+                name: ruleArray[i].Name[0],
+                value: ruleArray[i].Value[0],
+            });
+        }
+        return filterObj;
+    }
+
+    /**
+     * Check that id string is valid
+     * @param id - id string (optional)
+     * @return - contains error if parsing failed or id
+     */
+    _parseId(id: string) {
+        if (id && id[0].length > 255) {
+            return { error: errors.InvalidArgument.customizeDescription(
+                'queue configuration ID is greater than 255 characters long') };
+        }
+        let validId: string;
+        if (!id || !id[0]) {
+            // id is optional property, so create one if not provided or is ''
+            // We generate 48-character alphanumeric, unique id for rule
+            validId = Buffer.from(UUID.v4()).toString('base64');
+        } else {
+            validId = id[0];
+        }
+        // Each ID in a list of rules must be unique.
+        if (this._ids.has(validId)) {
+            return { error: errors.InvalidRequest.customizeDescription(
+                'queue configuration ID must be unique') };
+        }
+        this._ids.add(validId);
+        return { id: validId };
+    }
+
+    /**
+     * Check that arn string is valid
+     * @param arn - queue arn
+     * @return - contains error if parsing failed or queue arn
+     */
+    _parseArn(arn: string) {
+        if (!arn || !arn[0]) {
+            return { error: errors.MalformedXML.customizeDescription(
+                'each queue configuration must contain a queue arn'),
+            };
+        }
+        const splitArn = arn[0].split(':');
+        const slicedArn = arn[0].slice(0, 23);
+        if (splitArn.length !== 6 || slicedArn !== notificationArnPrefix) {
+            return { error: errors.MalformedXML.customizeDescription(
+                'queue arn is invalid') };
+        }
+        // remaining 3 parts of arn are evaluated in cloudserver
+        return { arn: arn[0] };
+    }
+
+    /**
+     * Get XML representation of notification configuration object
+     * @param config - notification configuration object
+     * @return - XML representation of config
+     */
+    static getConfigXML(config: {
+        queueConfig: {
+            id: string;
+            events: string[];
+            queueArn: string;
+            filterRules: {
+                name: string;
+                value: string;
+            }[];
+        }[];
+    }) {
+        const xmlArray: string[] = [];
+        if (config && config.queueConfig) {
+            config.queueConfig.forEach(c => {
+                xmlArray.push('<QueueConfiguration>');
+                xmlArray.push(`<Id>${c.id}</Id>`);
+                xmlArray.push(`<Queue>${c.queueArn}</Queue>`);
+                c.events.forEach(e => {
+                    xmlArray.push(`<Event>${e}</Event>`);
+                });
+                if (c.filterRules) {
+                    xmlArray.push('<Filter><S3Key>');
+                    c.filterRules.forEach(r => {
+                        xmlArray.push(`<FilterRule><Name>${r.name}</Name>` +
+                            `<Value>${r.value}</Value></FilterRule>`);
+                    });
+                    xmlArray.push('</S3Key></Filter>');
+                }
+                xmlArray.push('</QueueConfiguration>');
+            });
+        }
+        const queueConfigXML = xmlArray.join('');
+        return '<?xml version="1.0" encoding="UTF-8"?>' +
+            '<NotificationConfiguration ' +
+            'xmlns="http://s3.amazonaws.com/doc/2006-03-01/">' +
+            `${queueConfigXML}` +
+            '</NotificationConfiguration>';
+    }
+
+    /**
+     * Validate the bucket metadata notification configuration structure and
+     * value types
+     * @param config - The notificationconfiguration to validate
+     */
+    static validateConfig(config: any) {
+        assert.strictEqual(typeof config, 'object');
+        if (!config.queueConfig) {
+            return;
+        }
+        config.queueConfig.forEach((q: any) => {
+            const { events, queueArn, filterRules, id } = q;
+            events.forEach((e: any) => assert.strictEqual(typeof e, 'string'));
+            assert.strictEqual(typeof queueArn, 'string');
+            if (filterRules) {
+                filterRules.forEach((f: any) => {
+                    assert.strictEqual(typeof f.name, 'string');
+                    assert.strictEqual(typeof f.value, 'string');
+                });
+            }
+            assert.strictEqual(typeof id, 'string');
+        });
+        return;
+    }
+}

lib/models/ObjectLockConfiguration.ts

@@ -0,0 +1,241 @@
+import assert from 'assert';
+import errors, { ArsenalError } from '../errors';
+
+export type Config = any;
+export type LockMode = 'GOVERNANCE' | 'COMPLIANCE';
+export type DefaultRetention = { Days: number } | { Years: number };
+export type ParsedRetention =
+    | { error: ArsenalError }
+    | { timeType: 'days' | 'years'; timeValue: number };
+
+/**
+ * Format of xml request:
+ *
+ * <ObjectLockConfiguration>
+ *      <ObjectLockEnabled>Enabled</ObjectLockEnabled>
+ *      <Rule>
+ *          <DefaultRetention>
+ *              <Mode>GOVERNANCE|COMPLIANCE</Mode>
+ *              <Days>1</Days>
+ *              <Years>1</Years>
+ *          </DefaultRetention>
+ *      </Rule>
+ * </ObjectLockConfiguration>
+ */
+
+/**
+  * Format of config:
+  *
+  * config = {
+  *     rule: {
+  *         mode: GOVERNANCE|COMPLIANCE,
+  *         days|years: integer,
+  *     }
+  * }
+  */
+export default class ObjectLockConfiguration {
+    _parsedXml: any;
+    _config: Config;
+
+    /**
+     * Create an Object Lock Configuration instance
+     * @param xml - the parsed configuration xml
+     * @return - ObjectLockConfiguration instance
+     */
+    constructor(xml: any) {
+        this._parsedXml = xml;
+        this._config = {};
+    }
+
+    /**
+     * Get the object lock configuration
+     * @return - contains error if parsing failed
+     */
+    getValidatedObjectLockConfiguration() {
+        const validConfig = this._parseObjectLockConfig();
+        if (validConfig.error) {
+            this._config.error = validConfig.error;
+        }
+        return this._config;
+    }
+
+    /**
+     * Check that mode is valid
+     * @param mode - array containing mode value
+     * @return - contains error if parsing failed
+     */
+    _parseMode(mode: LockMode[]): { error: ArsenalError } | { mode: LockMode } {
+        const expectedModes = ['GOVERNANCE', 'COMPLIANCE'];
+        if (!mode || !mode[0]) {
+            const msg = 'request xml does not contain Mode';
+            const error = errors.MalformedXML.customizeDescription(msg);
+            return { error };
+        }
+        if (mode.length > 1) {
+            const msg = 'request xml contains more than one Mode';
+            const error = errors.MalformedXML.customizeDescription(msg);
+            return { error };
+        }
+        if (!expectedModes.includes(mode[0])) {
+            const msg = 'Mode request xml must be one of "GOVERNANCE", "COMPLIANCE"';
+            const error = errors.MalformedXML.customizeDescription(msg);
+            return { error };
+        }
+        return { mode: mode[0] };
+    }
+
+    /**
+     * Check that time limit is valid
+     * @param dr - DefaultRetention object containing days or years
+     * @return - contains error if parsing failed
+     */
+    _parseTime(dr: DefaultRetention): ParsedRetention {
+        if ('Days' in dr && 'Years' in dr) {
+            const msg = 'request xml contains both Days and Years';
+            const error = errors.MalformedXML.customizeDescription(msg);
+            return { error };
+        }
+        const timeType = 'Days' in dr ? 'Days' : 'Years';
+        if (!dr[timeType] || !dr[timeType][0]) {
+            const msg = 'request xml does not contain Days or Years';
+            const error = errors.MalformedXML.customizeDescription(msg);
+            return { error };
+        }
+        if (dr[timeType].length > 1) {
+            const msg = 'request xml contains more than one retention period';
+            const error = errors.MalformedXML.customizeDescription(msg);
+            return { error };
+        }
+        const timeValue = Number.parseInt(dr[timeType][0], 10);
+        if (Number.isNaN(timeValue)) {
+            const msg = 'request xml does not contain valid retention period';
+            const error = errors.MalformedXML.customizeDescription(msg);
+            return { error };
+        }
+        if (timeValue < 1) {
+            const msg = 'retention period must be a positive integer';
+            const error = errors.InvalidArgument.customizeDescription(msg);
+            return { error };
+        }
+        if ((timeType === 'Days' && timeValue > 36500) ||
+        (timeType === 'Years' && timeValue > 100)) {
+            const msg = 'retention period is too large';
+            const error = errors.InvalidArgument.customizeDescription(msg);
+            return { error };
+        }
+        return {
+            timeType: timeType.toLowerCase() as 'days' | 'years',
+            timeValue: timeValue,
+        };
+    }
+
+    /**
+     * Check that object lock configuration is valid
+     * @return - contains error if parsing failed
+     */
+    _parseObjectLockConfig() {
+        const validConfig: { error?: ArsenalError } = {};
+        if (!this._parsedXml || this._parsedXml === '') {
+            const msg = 'request xml is undefined or empty';
+            const error = errors.MalformedXML.customizeDescription(msg);
+            return { error };
+        }
+        const objectLockConfig = this._parsedXml.ObjectLockConfiguration;
+        if (!objectLockConfig || objectLockConfig === '') {
+            const msg = 'request xml does not include ObjectLockConfiguration';
+            const error = errors.MalformedXML.customizeDescription(msg);
+            return { error };
+        }
+        const objectLockEnabled = objectLockConfig.ObjectLockEnabled;
+        if (!objectLockEnabled || objectLockEnabled[0] !== 'Enabled') {
+            const msg = 'request xml does not include valid ObjectLockEnabled';
+            const error = errors.MalformedXML.customizeDescription(msg);
+            return { error };
+        }
+        const ruleArray = objectLockConfig.Rule;
+        if (ruleArray) {
+            if (ruleArray.length > 1) {
+                const msg = 'request xml contains more than one rule';
+                const error = errors.MalformedXML.customizeDescription(msg);
+                return { error };
+            }
+            const drArray = ruleArray[0].DefaultRetention;
+            if (!drArray || !drArray[0] || drArray[0] === '') {
+                const msg = 'Rule request xml does not contain DefaultRetention';
+                const error = errors.MalformedXML.customizeDescription(msg);
+                return { error };
+            }
+            if (!drArray[0].Mode || (!drArray[0].Days && !drArray[0].Years)) {
+                const msg =
+                    'DefaultRetention request xml does not contain Mode or ' +
+                    'retention period (Days or Years)';
+                const error = errors.MalformedXML.customizeDescription(msg);
+                return { error };
+            }
+            const validMode = this._parseMode(drArray[0].Mode);
+            if ('error' in validMode) {
+                return validMode;
+            }
+            const validTime = this._parseTime(drArray[0]);
+            if ('error' in validTime) {
+                return validTime;
+            }
+            this._config.rule = {};
+            this._config.rule.mode = validMode.mode;
+            this._config.rule[validTime.timeType!] = validTime.timeValue;
+        }
+        return validConfig;
+    }
+
+    /**
+     * Validate the bucket metadata object lock configuration structure and
+     * value types
+     * @param config - The object lock configuration to validate
+     */
+    static validateConfig(config: any) {
+        assert.strictEqual(typeof config, 'object');
+        const rule = config.rule;
+        if (rule) {
+            assert.strictEqual(typeof rule, 'object');
+            assert.strictEqual(typeof rule.mode, 'string');
+            if (rule.days) {
+                assert.strictEqual(typeof rule.days, 'number');
+            } else {
+                assert.strictEqual(typeof rule.years, 'number');
+            }
+        }
+    }
+
+    /**
+     * Get the XML representation of the configuration object
+     * @param config - The bucket object lock configuration
+     * @return - The XML representation of the configuration
+     */
+    static getConfigXML(config: any) {
+        // object lock is enabled on the bucket but object lock configuration
+        // not set
+        if (config.rule === undefined) {
+            return '<?xml version="1.0" encoding="UTF-8"?>' +
+                '<ObjectLockConfiguration ' +
+                'xmlns="http://s3.amazonaws.com/doc/2006-03-01/">' +
+                '<ObjectLockEnabled>Enabled</ObjectLockEnabled>' +
+                '</ObjectLockConfiguration>';
+        }
+        const { days, years, mode } = config.rule;
+        const Mode = `<Mode>${mode}</Mode>`;
+        const Days = days !== undefined ? `<Days>${days}</Days>` : '';
+        const Years = years !== undefined ? `<Years>${years}</Years>` : '';
+        const Time = Days || Years;
+        return '<?xml version="1.0" encoding="UTF-8"?>' +
+            '<ObjectLockConfiguration ' +
+            'xmlns="http://s3.amazonaws.com/doc/2006-03-01/">' +
+            '<ObjectLockEnabled>Enabled</ObjectLockEnabled>' +
+            '<Rule>' +
+            '<DefaultRetention>' +
+            `${Mode}` +
+            `${Time}` +
+            '</DefaultRetention>' +
+            '</Rule>' +
+            '</ObjectLockConfiguration>';
+    }
+}

lib/models/ObjectMDLocation.js

@@ -1,77 +0,0 @@
-/**
- * Helper class to ease access to a single data location in metadata
- * 'location' array
- */
-class ObjectMDLocation {
-
-    /**
-     * @constructor
-     * @param {object} locationObj - single data location info
-     * @param {string} locationObj.key - data backend key
-     * @param {number} locationObj.start - index of first data byte of
-     *   this part in the full object
-     * @param {number} locationObj.size - byte length of data part
-     * @param {string} locationObj.dataStoreName - type of data store
-     * @param {string} locationObj.dataStoreETag - internal ETag of
-     *   data part
-     */
-    constructor(locationObj) {
-        this._data = {
-            key: locationObj.key,
-            start: locationObj.start,
-            size: locationObj.size,
-            dataStoreName: locationObj.dataStoreName,
-            dataStoreETag: locationObj.dataStoreETag,
-        };
-    }
-
-    getKey() {
-        return this._data.key;
-    }
-
-    getDataStoreName() {
-        return this._data.dataStoreName;
-    }
-
-    setDataLocation(location) {
-        this._data.key = location.key;
-        this._data.dataStoreName = location.dataStoreName;
-        return this;
-    }
-
-    getDataStoreETag() {
-        return this._data.dataStoreETag;
-    }
-
-    getPartNumber() {
-        return Number.parseInt(this._data.dataStoreETag.split(':')[0], 10);
-    }
-
-    getPartETag() {
-        return this._data.dataStoreETag.split(':')[1];
-    }
-
-    getPartStart() {
-        return this._data.start;
-    }
-
-    setPartStart(start) {
-        this._data.start = start;
-        return this;
-    }
-
-    getPartSize() {
-        return this._data.size;
-    }
-
-    setPartSize(size) {
-        this._data.size = size;
-        return this;
-    }
-
-    getValue() {
-        return this._data;
-    }
-}
-
-module.exports = ObjectMDLocation;

lib/models/ObjectMDLocation.ts

@@ -0,0 +1,127 @@
+export type Ciphered = { cryptoScheme: number; cipheredDataKey: string };
+export type BaseLocation = { key: string; dataStoreName: string };
+export type Location = BaseLocation & {
+    start: number;
+    size: number;
+    dataStoreETag: string;
+    dataStoreVersionId: string;
+};
+export type ObjectMDLocationData = {
+    key: string;
+    start: number;
+    size: number;
+    dataStoreName: string;
+    dataStoreETag: string;
+    cryptoScheme?: number;
+    cipheredDataKey?: string;
+};
+/**
+ * Helper class to ease access to a single data location in metadata
+ * 'location' array
+ */
+export default class ObjectMDLocation {
+    _data: ObjectMDLocationData;
+    /**
+     * @constructor
+     * @param locationObj - single data location info
+     * @param locationObj.key - data backend key
+     * @param locationObj.start - index of first data byte of
+     *   this part in the full object
+     * @param locationObj.size - byte length of data part
+     * @param locationObj.dataStoreName - type of data store
+     * @param locationObj.dataStoreETag - internal ETag of
+     *   data part
+     * @param [location.cryptoScheme] - if location data is
+     * encrypted: the encryption scheme version
+     * @param [location.cipheredDataKey] - if location data
+     * is encrypted: the base64-encoded ciphered data key
+     */
+    constructor(locationObj: Location | (Location & Ciphered)) {
+        this._data = {
+            key: locationObj.key,
+            start: locationObj.start,
+            size: locationObj.size,
+            dataStoreName: locationObj.dataStoreName,
+            dataStoreETag: locationObj.dataStoreETag,
+        };
+        if ('cryptoScheme' in locationObj) {
+            this._data.cryptoScheme = locationObj.cryptoScheme;
+            this._data.cipheredDataKey = locationObj.cipheredDataKey;
+        }
+    }
+
+    getKey() {
+        return this._data.key;
+    }
+
+    getDataStoreName() {
+        return this._data.dataStoreName;
+    }
+
+    /**
+     * Update data location with new info
+     *
+     * @param location - single data location info
+     * @param location.key - data backend key
+     * @param location.dataStoreName - type of data store
+     * @param [location.cryptoScheme] - if location data is
+     * encrypted: the encryption scheme version
+     * @param [location.cipheredDataKey] - if location data
+     * is encrypted: the base64-encoded ciphered data key
+     * @return return this
+     */
+    setDataLocation(location: BaseLocation | (BaseLocation & Ciphered)) {
+        ['key', 'dataStoreName', 'cryptoScheme', 'cipheredDataKey'].forEach(
+            (attrName) => {
+                if (location[attrName] !== undefined) {
+                    this._data[attrName] = location[attrName];
+                } else {
+                    delete this._data[attrName];
+                }
+            }
+        );
+        return this;
+    }
+
+    getDataStoreETag() {
+        return this._data.dataStoreETag;
+    }
+
+    getPartNumber() {
+        return Number.parseInt(this._data.dataStoreETag.split(':')[0], 10);
+    }
+
+    getPartETag() {
+        return this._data.dataStoreETag.split(':')[1];
+    }
+
+    getPartStart() {
+        return this._data.start;
+    }
+
+    setPartStart(start: number) {
+        this._data.start = start;
+        return this;
+    }
+
+    getPartSize() {
+        return this._data.size;
+    }
+
+    setPartSize(size: number) {
+        this._data.size = size;
+        return this;
+    }
+
+    getCryptoScheme() {
+        return this._data.cryptoScheme;
+    }
+
+    getCipheredDataKey() {
+        return this._data.cipheredDataKey;
+    }
+
+    getValue() {
+        return this._data;
+    }
+}

lib/models/ReplicationConfiguration.ts

@@ -1,17 +1,16 @@
-const assert = require('assert');
-const UUID = require('uuid');
+import assert from 'assert';
+import UUID from 'uuid';
 
-const escapeForXml = require('../s3middleware/escapeForXml');
-const errors = require('../errors');
-const { isValidBucketName } = require('../s3routes/routesUtils');
+import { RequestLogger } from 'werelogs';
+
+import escapeForXml from '../s3middleware/escapeForXml';
+import errors from '../errors';
+import { isValidBucketName } from '../s3routes/routesUtils';
+import { Status } from './LifecycleRule';
 
 const MAX_RULES = 1000;
 const RULE_ID_LIMIT = 255;
-const validStorageClasses = [
-    'STANDARD',
-    'STANDARD_IA',
-    'REDUCED_REDUNDANCY',
-];
+const validStorageClasses = ['STANDARD', 'STANDARD_IA', 'REDUCED_REDUNDANCY'];
 
 /**
     Example XML request:
@@ -37,15 +36,44 @@ const validStorageClasses = [
     </ReplicationConfiguration>
 */
 
-class ReplicationConfiguration {
+export type Rule = {
+    prefix: string;
+    enabled: boolean;
+    id: string;
+    storageClass?: any;
+};
+
+export type Destination = { StorageClass: string[]; Bucket: string };
+export type XMLRule = {
+    Prefix: string[];
+    Status: Status[];
+    ID?: string[];
+    Destination: Destination[];
+    Transition?: any[];
+    NoncurrentVersionTransition?: any[];
+    Filter?: string;
+};
+
+export default class ReplicationConfiguration {
+    _parsedXML: any;
+    _log: RequestLogger;
+    _config: any;
+    _configPrefixes: string[];
+    _configIDs: string[];
+    _role: string | null;
+    _destination: string | null;
+    _rules: Rule[] | null;
+    _prevStorageClass: null;
+    _hasScalityDestination: boolean;
+
     /**
      * Create a ReplicationConfiguration instance
-     * @param {string} xml - The parsed XML
-     * @param {object} log - Werelogs logger
-     * @param {object} config - S3 server configuration
-     * @return {object} - ReplicationConfiguration instance
+     * @param xml - The parsed XML
+     * @param log - Werelogs logger
+     * @param config - S3 server configuration
+     * @return - ReplicationConfiguration instance
      */
-    constructor(xml, log, config) {
+    constructor(xml: any, log: RequestLogger, config: any) {
         this._parsedXML = xml;
         this._log = log;
         this._config = config;
@@ -58,12 +86,12 @@ class ReplicationConfiguration {
         this._destination = null;
         this._rules = null;
         this._prevStorageClass = null;
-        this._hasScalityDestination = null;
+        this._hasScalityDestination = false;
     }
 
     /**
      * Get the role of the bucket replication configuration
-     * @return {string|null} - The role if defined, otherwise `null`
+     * @return - The role if defined, otherwise `null`
      */
     getRole() {
         return this._role;
@@ -71,7 +99,7 @@ class ReplicationConfiguration {
 
     /**
      * The bucket to replicate data to
-     * @return {string|null} - The bucket if defined, otherwise `null`
+     * @return - The bucket if defined, otherwise `null`
      */
     getDestination() {
         return this._destination;
@@ -79,7 +107,7 @@ class ReplicationConfiguration {
 
     /**
      * The rules for replication configuration
-     * @return {string|null} - The rules if defined, otherwise `null`
+     * @return - The rules if defined, otherwise `null`
      */
     getRules() {
         return this._rules;
@@ -87,7 +115,7 @@ class ReplicationConfiguration {
 
     /**
      * Get the replication configuration
-     * @return {object} - The replication configuration
+     * @return - The replication configuration
      */
     getReplicationConfiguration() {
         return {
@@ -99,18 +127,22 @@ class ReplicationConfiguration {
 
     /**
      * Build the rule object from the parsed XML of the given rule
-     * @param {object} rule - The rule object from this._parsedXML
-     * @return {object} - The rule object to push into the `Rules` array
+     * @param rule - The rule object from this._parsedXML
+     * @return - The rule object to push into the `Rules` array
      */
-    _buildRuleObject(rule) {
-        const obj = {
+    _buildRuleObject(rule: XMLRule) {
+        const base = {
+            id: '',
             prefix: rule.Prefix[0],
             enabled: rule.Status[0] === 'Enabled',
         };
+        const obj: Rule = { ...base };
         // ID is an optional property, but create one if not provided or is ''.
         // We generate a 48-character alphanumeric, unique ID for the rule.
-        obj.id = rule.ID && rule.ID[0] !== '' ? rule.ID[0] :
-            Buffer.from(UUID.v4()).toString('base64');
+        obj.id =
+            rule.ID && rule.ID[0] !== ''
+                ? rule.ID[0]
+                : Buffer.from(UUID.v4()).toString('base64');
         // StorageClass is an optional property.
         if (rule.Destination[0].StorageClass) {
             obj.storageClass = rule.Destination[0].StorageClass[0];
@@ -120,10 +152,10 @@ class ReplicationConfiguration {
 
     /**
      * Check if the Role field of the replication configuration is valid
-     * @param {string} ARN - The Role field value provided in the configuration
-     * @return {boolean} `true` if a valid role ARN, `false` otherwise
+     * @param ARN - The Role field value provided in the configuration
+     * @return `true` if a valid role ARN, `false` otherwise
      */
-    _isValidRoleARN(ARN) {
+    _isValidRoleARN(ARN: string) {
         // AWS accepts a range of values for the Role field. Though this does
         // not encompass all constraints imposed by AWS, we have opted to
         // enforce the following.
@@ -140,30 +172,32 @@ class ReplicationConfiguration {
 
     /**
      * Check that the `Role` property of the configuration is valid
-     * @return {undefined}
      */
     _parseRole() {
         const parsedRole = this._parsedXML.ReplicationConfiguration.Role;
         if (!parsedRole) {
             return errors.MalformedXML;
         }
-        const role = parsedRole[0];
+        const role: string = parsedRole[0];
         const rolesArr = role.split(',');
         if (this._hasScalityDestination && rolesArr.length !== 2) {
             return errors.InvalidArgument.customizeDescription(
                 'Invalid Role specified in replication configuration: ' +
-                'Role must be a comma-separated list of two IAM roles');
+                    'Role must be a comma-separated list of two IAM roles'
+            );
         }
         if (!this._hasScalityDestination && rolesArr.length > 1) {
             return errors.InvalidArgument.customizeDescription(
                 'Invalid Role specified in replication configuration: ' +
-                'Role may not contain a comma separator');
+                    'Role may not contain a comma separator'
+            );
         }
-        const invalidRole = rolesArr.find(r => !this._isValidRoleARN(r));
+        const invalidRole = rolesArr.find((r) => !this._isValidRoleARN(r));
         if (invalidRole !== undefined) {
             return errors.InvalidArgument.customizeDescription(
                 'Invalid Role specified in replication configuration: ' +
-                `'${invalidRole}'`);
+                    `'${invalidRole}'`
+            );
         }
         this._role = role;
         return undefined;
@@ -171,7 +205,6 @@ class ReplicationConfiguration {
 
     /**
      * Check that the `Rules` property array is valid
-     * @return {undefined}
      */
     _parseRules() {
         // Note that the XML uses 'Rule' while the config object uses 'Rules'.
@@ -181,7 +214,8 @@ class ReplicationConfiguration {
         }
         if (Rule.length > MAX_RULES) {
             return errors.InvalidRequest.customizeDescription(
-                'Number of defined replication rules cannot exceed 1000');
+                'Number of defined replication rules cannot exceed 1000'
+            );
         }
         const err = this._parseEachRule(Rule);
         if (err) {
@@ -192,15 +226,16 @@ class ReplicationConfiguration {
 
     /**
      * Check that each rule in the `Rules` property array is valid
-     * @param {array} rules - The rule array from this._parsedXML
-     * @return {undefined}
+     * @param rules - The rule array from this._parsedXML
      */
-    _parseEachRule(rules) {
-        const rulesArr = [];
+    _parseEachRule(rules: XMLRule[]) {
+        const rulesArr: Rule[] = [];
         for (let i = 0; i < rules.length; i++) {
             const err =
-                this._parseStatus(rules[i]) || this._parsePrefix(rules[i]) ||
-                this._parseID(rules[i]) || this._parseDestination(rules[i]);
+                this._parseStatus(rules[i]) ||
+                this._parsePrefix(rules[i]) ||
+                this._parseID(rules[i]) ||
+                this._parseDestination(rules[i]);
             if (err) {
                 return err;
             }
@@ -212,10 +247,9 @@ class ReplicationConfiguration {
 
     /**
      * Check that the `Status` property is valid
-     * @param {object} rule - The rule object from this._parsedXML
-     * @return {undefined}
+     * @param rule - The rule object from this._parsedXML
      */
-    _parseStatus(rule) {
+    _parseStatus(rule: XMLRule) {
         const status = rule.Status && rule.Status[0];
         if (!status || !['Enabled', 'Disabled'].includes(status)) {
             return errors.MalformedXML;
@@ -225,18 +259,19 @@ class ReplicationConfiguration {
 
     /**
      * Check that the `Prefix` property is valid
-     * @param {object} rule - The rule object from this._parsedXML
-     * @return {undefined}
+     * @param rule - The rule object from this._parsedXML
      */
-    _parsePrefix(rule) {
+    _parsePrefix(rule: XMLRule) {
         const prefix = rule.Prefix && rule.Prefix[0];
         // An empty string prefix should be allowed.
         if (!prefix && prefix !== '') {
             return errors.MalformedXML;
         }
         if (prefix.length > 1024) {
-            return errors.InvalidArgument.customizeDescription('Rule prefix ' +
-                'cannot be longer than maximum allowed key length of 1024');
+            return errors.InvalidArgument.customizeDescription(
+                'Rule prefix ' +
+                    'cannot be longer than maximum allowed key length of 1024'
+            );
         }
         // Each Prefix in a list of rules must not overlap. For example, two
         // prefixes 'TaxDocs' and 'TaxDocs/2015' are overlapping. An empty
@@ -244,8 +279,9 @@ class ReplicationConfiguration {
         for (let i = 0; i < this._configPrefixes.length; i++) {
             const used = this._configPrefixes[i];
             if (prefix.startsWith(used) || used.startsWith(prefix)) {
-                return errors.InvalidRequest.customizeDescription('Found ' +
-                    `overlapping prefixes '${used}' and '${prefix}'`);
+                return errors.InvalidRequest.customizeDescription(
+                    'Found ' + `overlapping prefixes '${used}' and '${prefix}'`
+                );
             }
         }
         this._configPrefixes.push(prefix);
@@ -254,19 +290,20 @@ class ReplicationConfiguration {
 
     /**
      * Check that the `ID` property is valid
-     * @param {object} rule - The rule object from this._parsedXML
-     * @return {undefined}
+     * @param rule - The rule object from this._parsedXML
      */
-    _parseID(rule) {
+    _parseID(rule: XMLRule) {
         const id = rule.ID && rule.ID[0];
         if (id && id.length > RULE_ID_LIMIT) {
-            return errors.InvalidArgument
-                .customizeDescription('Rule Id cannot be greater than 255');
+            return errors.InvalidArgument.customizeDescription(
+                'Rule Id cannot be greater than 255'
+            );
         }
         // Each ID in a list of rules must be unique.
-        if (this._configIDs.includes(id)) {
+        if (id && this._configIDs.includes(id)) {
             return errors.InvalidRequest.customizeDescription(
-                'Rule Id must be unique');
+                'Rule Id must be unique'
+            );
         }
         if (id !== undefined) {
             this._configIDs.push(id);
@@ -276,15 +313,14 @@ class ReplicationConfiguration {
 
     /**
      * Check that the `StorageClass` property is valid
-     * @param {object} destination - The destination object from this._parsedXML
-     * @return {undefined}
+     * @param destination - The destination object from this._parsedXML
      */
-    _parseStorageClass(destination) {
+    _parseStorageClass(destination: Destination) {
         const { replicationEndpoints } = this._config;
         // The only condition where the default endpoint is possibly undefined
         // is if there is only a single replication endpoint.
         const defaultEndpoint =
-            replicationEndpoints.find(endpoint => endpoint.default) ||
+            replicationEndpoints.find((endpoint: any) => endpoint.default) ||
             replicationEndpoints[0];
         // StorageClass is optional.
         if (destination.StorageClass === undefined) {
@@ -292,14 +328,15 @@ class ReplicationConfiguration {
             return undefined;
         }
         const storageClasses = destination.StorageClass[0].split(',');
-        const isValidStorageClass = storageClasses.every(storageClass => {
+        const isValidStorageClass = storageClasses.every((storageClass) => {
             if (validStorageClasses.includes(storageClass)) {
                 this._hasScalityDestination =
                     defaultEndpoint.type === undefined;
                 return true;
             }
-            const endpoint = replicationEndpoints.find(endpoint =>
-                endpoint.site === storageClass);
+            const endpoint = replicationEndpoints.find(
+                (endpoint: any) => endpoint.site === storageClass
+            );
             if (endpoint) {
                 // If this._hasScalityDestination was not set to true in any
                 // previous iteration or by a prior rule's storage class, then
@@ -321,10 +358,9 @@ class ReplicationConfiguration {
 
     /**
      * Check that the `Bucket` property is valid
-     * @param {object} destination - The destination object from this._parsedXML
-     * @return {undefined}
+     * @param destination - The destination object from this._parsedXML
      */
-    _parseBucket(destination) {
+    _parseBucket(destination: Destination) {
         const parsedBucketARN = destination.Bucket;
         // If there is no Scality destination, we get the destination bucket
         // from the location configuration.
@@ -337,7 +373,8 @@ class ReplicationConfiguration {
         const bucketARN = parsedBucketARN[0];
         if (!bucketARN) {
             return errors.InvalidArgument.customizeDescription(
-                'Destination bucket cannot be null or empty');
+                'Destination bucket cannot be null or empty'
+            );
         }
         const arr = bucketARN.split(':');
         const isValidARN =
@@ -347,17 +384,20 @@ class ReplicationConfiguration {
             arr[3] === '' &&
             arr[4] === '';
         if (!isValidARN) {
-            return errors.InvalidArgument
-                .customizeDescription('Invalid bucket ARN');
+            return errors.InvalidArgument.customizeDescription(
+                'Invalid bucket ARN'
+            );
         }
         if (!isValidBucketName(arr[5], [])) {
-            return errors.InvalidArgument
-                .customizeDescription('The specified bucket is not valid');
+            return errors.InvalidArgument.customizeDescription(
+                'The specified bucket is not valid'
+            );
         }
         // We can replicate objects only to one destination bucket.
         if (this._destination && this._destination !== bucketARN) {
             return errors.InvalidRequest.customizeDescription(
-                'The destination bucket must be same for all rules');
+                'The destination bucket must be same for all rules'
+            );
         }
         this._destination = bucketARN;
         return undefined;
@@ -365,10 +405,9 @@ class ReplicationConfiguration {
 
     /**
      * Check that the `destination` property is valid
-     * @param {object} rule - The rule object from this._parsedXML
-     * @return {undefined}
+     * @param rule - The rule object from this._parsedXML
      */
-    _parseDestination(rule) {
+    _parseDestination(rule: XMLRule) {
         const dest = rule.Destination && rule.Destination[0];
         if (!dest) {
             return errors.MalformedXML;
@@ -382,7 +421,6 @@ class ReplicationConfiguration {
 
     /**
      * Check that the request configuration is valid
-     * @return {undefined}
      */
     parseConfiguration() {
         const err = this._parseRules();
@@ -394,48 +432,62 @@ class ReplicationConfiguration {
 
     /**
      * Get the XML representation of the configuration object
-     * @param {object} config - The bucket replication configuration
-     * @return {string} - The XML representation of the configuration
+     * @param config - The bucket replication configuration
+     * @return - The XML representation of the configuration
      */
-    static getConfigXML(config) {
+    static getConfigXML(config: {
+        role: string;
+        destination: string;
+        rules: Rule[];
+    }) {
         const { role, destination, rules } = config;
         const Role = `<Role>${escapeForXml(role)}</Role>`;
         const Bucket = `<Bucket>${escapeForXml(destination)}</Bucket>`;
-        const rulesXML = rules.map(rule => {
-            const { prefix, enabled, storageClass, id } = rule;
-            const Prefix = prefix === '' ? '<Prefix/>' :
-                `<Prefix>${escapeForXml(prefix)}</Prefix>`;
-            const Status =
-                `<Status>${enabled ? 'Enabled' : 'Disabled'}</Status>`;
-            const StorageClass = storageClass ?
-                `<StorageClass>${storageClass}</StorageClass>` : '';
-            const Destination =
-                `<Destination>${Bucket}${StorageClass}</Destination>`;
-            // If the ID property was omitted in the configuration object, we
-            // create an ID for the rule. Hence it is always defined.
-            const ID = `<ID>${escapeForXml(id)}</ID>`;
-            return `<Rule>${ID}${Prefix}${Status}${Destination}</Rule>`;
-        }).join('');
-        return '<?xml version="1.0" encoding="UTF-8"?>' +
+        const rulesXML = rules
+            .map((rule) => {
+                const { prefix, enabled, storageClass, id } = rule;
+                const Prefix =
+                    prefix === ''
+                        ? '<Prefix/>'
+                        : `<Prefix>${escapeForXml(prefix)}</Prefix>`;
+                const Status = `<Status>${
+                    enabled ? 'Enabled' : 'Disabled'
+                }</Status>`;
+                const StorageClass = storageClass
+                    ? `<StorageClass>${storageClass}</StorageClass>`
+                    : '';
+                const Destination = `<Destination>${Bucket}${StorageClass}</Destination>`;
+                // If the ID property was omitted in the configuration object, we
+                // create an ID for the rule. Hence it is always defined.
+                const ID = `<ID>${escapeForXml(id)}</ID>`;
+                return `<Rule>${ID}${Prefix}${Status}${Destination}</Rule>`;
+            })
+            .join('');
+        return (
+            '<?xml version="1.0" encoding="UTF-8"?>' +
             '<ReplicationConfiguration ' +
-                'xmlns="http://s3.amazonaws.com/doc/2006-03-01/">' +
-                `${rulesXML}${Role}` +
-            '</ReplicationConfiguration>';
+            'xmlns="http://s3.amazonaws.com/doc/2006-03-01/">' +
+            `${rulesXML}${Role}` +
+            '</ReplicationConfiguration>'
+        );
     }
 
     /**
      * Validate the bucket metadata replication configuration structure and
      * value types
-     * @param {object} config - The replication configuration to validate
-     * @return {undefined}
+     * @param config - The replication configuration to validate
      */
-    static validateConfig(config) {
+    static validateConfig(config: {
+        role: string;
+        destination: string;
+        rules: Rule[];
+    }) {
         assert.strictEqual(typeof config, 'object');
         const { role, rules, destination } = config;
         assert.strictEqual(typeof role, 'string');
         assert.strictEqual(typeof destination, 'string');
         assert.strictEqual(Array.isArray(rules), true);
-        rules.forEach(rule => {
+        rules.forEach((rule) => {
             assert.strictEqual(typeof rule, 'object');
             const { prefix, enabled, id, storageClass } = rule;
             assert.strictEqual(typeof prefix, 'string');
@@ -447,5 +499,3 @@ class ReplicationConfiguration {
         });
     }
 }
-
-module.exports = ReplicationConfiguration;

lib/models/WebsiteConfiguration.js

@@ -1,195 +0,0 @@
-class RoutingRule {
-    /**
-    * Represents a routing rule in a website configuration.
-    * @constructor
-    * @param {object} params - object containing redirect and condition objects
-    * @param {object} params.redirect - specifies how to redirect requests
-    * @param {string} [params.redirect.protocol] - protocol to use for redirect
-    * @param {string} [params.redirect.hostName] - hostname to use for redirect
-    * @param {string} [params.redirect.replaceKeyPrefixWith] - string to replace
-    *   keyPrefixEquals specified in condition
-    * @param {string} [params.redirect.replaceKeyWith] - string to replace key
-    * @param {string} [params.redirect.httpRedirectCode] - http redirect code
-    * @param {object} [params.condition] - specifies conditions for a redirect
-    * @param {string} [params.condition.keyPrefixEquals] - key prefix that
-    *   triggers a redirect
-    * @param {string} [params.condition.httpErrorCodeReturnedEquals] - http code
-    *   that triggers a redirect
-    */
-    constructor(params) {
-        if (params) {
-            this._redirect = params.redirect;
-            this._condition = params.condition;
-        }
-    }
-
-    /**
-    * Return copy of rule as plain object
-    * @return {object} rule;
-    */
-    getRuleObject() {
-        const rule = {
-            redirect: this._redirect,
-            condition: this._condition,
-        };
-        return rule;
-    }
-
-    /**
-    * Return the condition object
-    * @return {object} condition;
-    */
-    getCondition() {
-        return this._condition;
-    }
-
-    /**
-    * Return the redirect object
-    * @return {object} redirect;
-    */
-    getRedirect() {
-        return this._redirect;
-    }
-}
-
-class WebsiteConfiguration {
-    /**
-    * Object that represents website configuration
-    * @constructor
-    * @param {object} params - object containing params to construct Object
-    * @param {string} params.indexDocument - key for index document object
-    *   required when redirectAllRequestsTo is undefined
-    * @param {string} [params.errorDocument] - key for error document object
-    * @param {object} params.redirectAllRequestsTo - object containing info
-    *   about how to redirect all requests
-    * @param {string} params.redirectAllRequestsTo.hostName - hostName to use
-    *   when redirecting all requests
-    * @param {string} [params.redirectAllRequestsTo.protocol] - protocol to use
-    *   when redirecting all requests ('http' or 'https')
-    * @param {(RoutingRule[]|object[])} params.routingRules - array of Routing
-    *   Rule instances or plain routing rule objects to cast as RoutingRule's
-    */
-    constructor(params) {
-        if (params) {
-            this._indexDocument = params.indexDocument;
-            this._errorDocument = params.errorDocument;
-            this._redirectAllRequestsTo = params.redirectAllRequestsTo;
-            this.setRoutingRules(params.routingRules);
-        }
-    }
-
-    /**
-    * Return plain object with configuration info
-    * @return {object} - Object copy of class instance
-    */
-    getConfig() {
-        const websiteConfig = {
-            indexDocument: this._indexDocument,
-            errorDocument: this._errorDocument,
-            redirectAllRequestsTo: this._redirectAllRequestsTo,
-        };
-        if (this._routingRules) {
-            websiteConfig.routingRules =
-            this._routingRules.map(rule => rule.getRuleObject());
-        }
-        return websiteConfig;
-    }
-
-    /**
-    * Set the redirectAllRequestsTo
-    * @param {object} obj - object to set as redirectAllRequestsTo
-    * @param {string} obj.hostName - hostname for redirecting all requests
-    * @param {object} [obj.protocol] - protocol for redirecting all requests
-    * @return {undefined};
-    */
-    setRedirectAllRequestsTo(obj) {
-        this._redirectAllRequestsTo = obj;
-    }
-
-    /**
-    * Return the redirectAllRequestsTo object
-    * @return {object} redirectAllRequestsTo;
-    */
-    getRedirectAllRequestsTo() {
-        return this._redirectAllRequestsTo;
-    }
-
-    /**
-    * Set the index document object name
-    * @param {string} suffix - index document object key
-    * @return {undefined};
-    */
-    setIndexDocument(suffix) {
-        this._indexDocument = suffix;
-    }
-
-    /**
-     * Get the index document object name
-     * @return {string} indexDocument
-     */
-    getIndexDocument() {
-        return this._indexDocument;
-    }
-
-    /**
-     * Set the error document object name
-     * @param {string} key - error document object key
-     * @return {undefined};
-     */
-    setErrorDocument(key) {
-        this._errorDocument = key;
-    }
-
-    /**
-     * Get the error document object name
-     * @return {string} errorDocument
-     */
-    getErrorDocument() {
-        return this._errorDocument;
-    }
-
-    /**
-    * Set the whole RoutingRules array
-    * @param {array} array - array to set as instance's RoutingRules
-    * @return {undefined};
-    */
-    setRoutingRules(array) {
-        if (array) {
-            this._routingRules = array.map(rule => {
-                if (rule instanceof RoutingRule) {
-                    return rule;
-                }
-                return new RoutingRule(rule);
-            });
-        }
-    }
-
-    /**
-     * Add a RoutingRule instance to routingRules array
-     * @param {object} obj - rule to add to array
-     * @return {undefined};
-     */
-    addRoutingRule(obj) {
-        if (!this._routingRules) {
-            this._routingRules = [];
-        }
-        if (obj && obj instanceof RoutingRule) {
-            this._routingRules.push(obj);
-        } else if (obj) {
-            this._routingRules.push(new RoutingRule(obj));
-        }
-    }
-
-    /**
-     * Get routing rules
-     * @return {RoutingRule[]} - array of RoutingRule instances
-     */
-    getRoutingRules() {
-        return this._routingRules;
-    }
-}
-
-module.exports = {
-    RoutingRule,
-    WebsiteConfiguration,
-};

lib/models/WebsiteConfiguration.ts

@@ -0,0 +1,218 @@
+/**
+ * @param protocol - protocol to use for redirect
+ * @param hostName - hostname to use for redirect
+ * @param replaceKeyPrefixWith - string to replace keyPrefixEquals specified in condition
+ * @param replaceKeyWith - string to replace key
+ * @param httpRedirectCode - http redirect code
+ */
+export type Redirect = {
+    protocol?: string;
+    hostName?: string;
+    replaceKeyPrefixWith?: string;
+    replaceKeyWith?: string;
+    httpRedirectCode: string;
+};
+
+/**
+ * @param keyPrefixEquals - key prefix that triggers a redirect
+ * @param httpErrorCodeReturnedEquals - http code that triggers a redirect
+ */
+export type Condition = {
+    keyPrefixEquals?: string;
+    httpErrorCodeReturnedEquals?: string;
+};
+
+export type RoutingRuleParams = { redirect: Redirect; condition?: Condition };
+
+export class RoutingRule {
+    _redirect?: Redirect;
+    _condition?: Condition;
+
+    /**
+    * Represents a routing rule in a website configuration.
+    * @constructor
+    * @param params - object containing redirect and condition objects
+    * @param params.redirect - specifies how to redirect requests
+    * @param [params.condition] - specifies conditions for a redirect
+    */
+    constructor(params?: RoutingRuleParams) {
+        if (params) {
+            this._redirect = params.redirect;
+            this._condition = params.condition;
+        }
+    }
+
+    /**
+    * Return copy of rule as plain object
+    * @return rule;
+    */
+    getRuleObject() {
+        const rule = {
+            redirect: this._redirect,
+            condition: this._condition,
+        };
+        return rule;
+    }
+
+    /**
+    * Return the condition object
+    * @return condition;
+    */
+    getCondition() {
+        return this._condition;
+    }
+
+    /**
+    * Return the redirect object
+    * @return redirect;
+    */
+    getRedirect() {
+        return this._redirect;
+    }
+}
+
+export type RedirectAllRequestsTo = {
+    hostName: string;
+    protocol?: string;
+};
+export class WebsiteConfiguration {
+    _indexDocument?: string;
+    _errorDocument?: string;
+    _redirectAllRequestsTo?: RedirectAllRequestsTo;
+    _routingRules?: RoutingRule[];
+
+    /**
+    * Object that represents website configuration
+    * @constructor
+    * @param params - object containing params to construct Object
+    * @param params.indexDocument - key for index document object
+    *   required when redirectAllRequestsTo is undefined
+    * @param [params.errorDocument] - key for error document object
+    * @param params.redirectAllRequestsTo - object containing info
+    *   about how to redirect all requests
+    * @param params.redirectAllRequestsTo.hostName - hostName to use
+    *   when redirecting all requests
+    * @param [params.redirectAllRequestsTo.protocol] - protocol to use
+    *   when redirecting all requests ('http' or 'https')
+    * @param params.routingRules - array of Routing
+    *   Rule instances or plain routing rule objects to cast as RoutingRule's
+    */
+    constructor(params: {
+        indexDocument: string;
+        errorDocument: string;
+        redirectAllRequestsTo: RedirectAllRequestsTo;
+        routingRules: RoutingRule[] | any[],
+    }) {
+        if (params) {
+            this._indexDocument = params.indexDocument;
+            this._errorDocument = params.errorDocument;
+            this._redirectAllRequestsTo = params.redirectAllRequestsTo;
+            this.setRoutingRules(params.routingRules);
+        }
+    }
+
+    /**
+    * Return plain object with configuration info
+    * @return - Object copy of class instance
+    */
+    getConfig() {
+        const base = {
+            indexDocument: this._indexDocument,
+            errorDocument: this._errorDocument,
+            redirectAllRequestsTo: this._redirectAllRequestsTo,
+        };
+        if (this._routingRules) {
+            const routingRules = this._routingRules.map(r => r.getRuleObject());
+            return { ...base, routingRules };
+        }
+        return { ...base };
+    }
+
+    /**
+    * Set the redirectAllRequestsTo
+    * @param obj - object to set as redirectAllRequestsTo
+    * @param obj.hostName - hostname for redirecting all requests
+    * @param [obj.protocol] - protocol for redirecting all requests
+    */
+    setRedirectAllRequestsTo(obj: { hostName: string; protocol?: string }) {
+        this._redirectAllRequestsTo = obj;
+    }
+
+    /**
+    * Return the redirectAllRequestsTo object
+    * @return redirectAllRequestsTo;
+    */
+    getRedirectAllRequestsTo() {
+        return this._redirectAllRequestsTo;
+    }
+
+    /**
+    * Set the index document object name
+    * @param suffix - index document object key
+    */
+    setIndexDocument(suffix: string) {
+        this._indexDocument = suffix;
+    }
+
+    /**
+     * Get the index document object name
+     * @return indexDocument
+     */
+    getIndexDocument() {
+        return this._indexDocument;
+    }
+
+    /**
+     * Set the error document object name
+     * @param key - error document object key
+     */
+    setErrorDocument(key: string) {
+        this._errorDocument = key;
+    }
+
+    /**
+     * Get the error document object name
+     * @return errorDocument
+     */
+    getErrorDocument() {
+        return this._errorDocument;
+    }
+
+    /**
+    * Set the whole RoutingRules array
+    * @param array - array to set as instance's RoutingRules
+    */
+    setRoutingRules(array?: (RoutingRule | RoutingRuleParams)[]) {
+        if (array) {
+            this._routingRules = array.map(rule => {
+                if (rule instanceof RoutingRule) {
+                    return rule;
+                }
+                return new RoutingRule(rule);
+            });
+        }
+    }
+
+    /**
+     * Add a RoutingRule instance to routingRules array
+     * @param obj - rule to add to array
+     */
+    addRoutingRule(obj?: RoutingRule | RoutingRuleParams) {
+        if (!this._routingRules) {
+            this._routingRules = [];
+        }
+        if (obj && obj instanceof RoutingRule) {
+            this._routingRules.push(obj);
+        } else if (obj) {
+            this._routingRules.push(new RoutingRule(obj));
+        }
+    }
+
+    /**
+     * Get routing rules
+     * @return - array of RoutingRule instances
+     */
+    getRoutingRules() {
+        return this._routingRules;
+    }
+}

lib/models/index.ts

@@ -0,0 +1,11 @@
+export { default as ARN } from './ARN';
+export { default as BucketInfo } from './BucketInfo';
+export { default as ObjectMD } from './ObjectMD';
+export { default as ObjectMDLocation } from './ObjectMDLocation';
+export * as WebsiteConfiguration from './WebsiteConfiguration';
+export { default as ReplicationConfiguration } from './ReplicationConfiguration';
+export { default as LifecycleConfiguration } from './LifecycleConfiguration';
+export { default as LifecycleRule } from './LifecycleRule';
+export { default as BucketPolicy } from './BucketPolicy';
+export { default as ObjectLockConfiguration } from './ObjectLockConfiguration';
+export { default as NotificationConfiguration } from './NotificationConfiguration';