fix: don't mix async/await w/ .then in populate script

This fixes a race condition present in the existing populate
script caused by missing `await`. For consistency, it transitions
the entire file to an ECMAScript module, which permits top-level
await, and then updates all uses of Mongoose APIs to 1) make sure
we're always `await`-ing any Promises, and 2) only use `await` rather
than any alternative callback-oriented APIs.

This appears to have resolved the race locally, which previously
permitted early-closure of the connection to the MongoDB database.

Signed-off-by: Andrew Lilley Brinker <abrinker@mitre.org>

Author: alilleybrinker

package.json

@@ -82,10 +82,10 @@
         "migrate:dev": "NODE_ENV=development MONGO_CONN_STRING=mongodb://localhost:27017 MONGO_DB_NAME=cve_dev node-dev src/scripts/migrate.js",
         "migrate:test-black-box": "NODE_ENV=development MONGO_CONN_STRING=mongodb://docdb:27017 MONGO_DB_NAME=cve_dev node-dev src/scripts/migrate.js",
         "migrate:test": "NODE_ENV=test MONGO_CONN_STRING=mongodb://localhost:27017 MONGO_DB_NAME=cve_test node-dev src/scripts/migrate.js",
-        "populate:dev": "NODE_ENV=development node-dev src/scripts/populate.js",
-        "populate:stage": "NODE_ENV=staging node src/scripts/populate.js",
-        "populate:int": "NODE_ENV=integration node src/scripts/populate.js",
-        "populate:prd": "NODE_ENV=production node src/scripts/populate.js",
+        "populate:dev": "NODE_ENV=development node-dev src/scripts/populate.mjs",
+        "populate:stage": "NODE_ENV=staging node src/scripts/populate.mjs",
+        "populate:int": "NODE_ENV=integration node src/scripts/populate.mjs",
+        "populate:prd": "NODE_ENV=production node src/scripts/populate.mjs",
         "populate-cve:dev": "NODE_ENV=development node-dev src/scripts/populate-cve.js",
         "populate-cve:stage": "NODE_ENV=staging node src/scripts/populate-cve.js",
         "populate-cve:int": "NODE_ENV=integration node src/scripts/populate-cve.js",
@@ -96,7 +96,8 @@
         "start:prd": "node src/swagger.js && NODE_ENV=production node src/scripts/updateOpenapiHost.js && NODE_ENV=production node src/index.js",
         "swagger-autogen": "node src/swagger.js",
         "test": "NODE_ENV=test mocha --recursive --exit || true",
-        "test:integration": "NODE_ENV=test node-dev src/scripts/populate.js y; NODE_ENV=test MONGO_CONN_STRING=mongodb://docdb:27017 MONGO_DB_NAME=cve_test node-dev src/scripts/migrate.js; NODE_ENV=test mocha test/integration-tests --recursive --exit",
+        "test:integration": "NODE_ENV=test node-dev src/scripts/populate.mjs y; NODE_ENV=test MONGO_CONN_STRING=mongodb://docdb:27017 MONGO_DB_NAME=cve_test node-dev src/scripts/migrate.js; NODE_ENV=test mocha test/integration-tests --recursive --exit",
+        "test:integration-local": "NODE_ENV=test node-dev src/scripts/populate.mjs y; NODE_ENV=test MONGO_CONN_STRING=mongodb://localhost:27017 MONGO_DB_NAME=cve_test node-dev src/scripts/migrate.js; NODE_ENV=test mocha test/integration-tests --recursive --exit",
         "test:unit-tests": "NODE_ENV=test mocha test/unit-tests --recursive --exit || true",
         "test:coverage": "NODE_ENV=test nyc --reporter=text mocha src/* --recursive --exit || true",
         "test:coverage-html": "NODE_ENV=test nyc --reporter=html mocha src/* --recursive --exit || true",

src/scripts/populate.js

@@ -0,0 +1,170 @@
+/**
+ * Populate script, used to either populate or re-populate a MongoDB-compatible
+ * document database with static fixtures defined at
+ * `cve-services/datadump/pre-population`.
+ */
+
+// ===========================================================================
+// Imports
+// ---------------------------------------------------------------------------
+
+// Deps
+import express from 'express'
+import mongoose from 'mongoose'
+import dataUtils from '../utils/data.js'
+import dbUtils from '../utils/db.js'
+
+// Models
+import CveIdRange from '../model/cve-id-range.js'
+import CveId from '../model/cve-id.js'
+import Cve from '../model/cve.js'
+import Org from '../model/org.js'
+import User from '../model/user.js'
+import BaseOrg from '../model/baseorg.js'
+import BaseUser from '../model/baseuser.js'
+import ReviewObject from '../model/reviewobject.js'
+import Conversation from '../model/conversation.js'
+import Audit from '../model/audit.js'
+
+// ===========================================================================
+// Models to Populate
+// ---------------------------------------------------------------------------
+
+const populateTargets = {
+  'Cve': Cve,
+  'Cve-Id-Range': CveIdRange,
+  'Cve-Id': CveId,
+  'User': User,
+  'Org': Org,
+  'BaseOrg': BaseOrg,
+  'BaseUser': BaseUser,
+  'ReviewObject': ReviewObject,
+  'Conversation': Conversation,
+  'Audit': Audit
+}
+
+const indexTargets = {
+  'Cve': [
+    { 'cve.cveMetadata.cveId': 1 },
+    { 'cve.cveMetadata.dateUpdated': 1 }
+  ],
+  'Cve-Id': [
+    { 'cve_id': 1 },
+    { 'owning_cna': 1, 'state': 1 },
+    { 'reserved': 1 }
+  ],
+  'User': [
+    { 'UUID': 1 }
+  ],
+  'Org': [
+    { 'UUID': 1 },
+    { 'authority.active_roles': 1 }
+  ]
+}
+
+// ===========================================================================
+// App Setup
+// ---------------------------------------------------------------------------
+
+// Create the app, make sure it supports JSON and URL-encoded data.
+const app = express()
+app.use(express.json())
+app.use(express.urlencoded({ extended: false }))
+
+// ===========================================================================
+// Database Setup
+// ---------------------------------------------------------------------------
+
+// Connect to MongoDB database
+const dbConnectionStr = dbUtils.getMongoConnectionString()
+
+const db = await mongoose.connect(dbConnectionStr, {
+  useNewUrlParser: true,
+  useUnifiedTopology: false,
+  autoIndex: false
+})
+
+console.log('Successfully connected to database!')
+
+// ===========================================================================
+// Parse User Input
+// ---------------------------------------------------------------------------
+
+let userInput
+if (process.argv.length > 2 && process.argv.slice(2)[0] === 'y') {
+  userInput = process.argv.slice(2)[0]
+} else {
+  // script runner (currently) needs to agree to an action that drops collections
+  userInput = dataUtils.getUserPopulateInput(Object.keys(populateTargets))
+}
+
+// ===========================================================================
+// Populate Database
+// ---------------------------------------------------------------------------
+
+// Drop and re-populate collections.
+if (userInput.toLowerCase() === 'y') {
+  const collections = await db.connection.db.listCollections().toArray()
+  const names = collections.map(collection => collection.name)
+
+  for (const name in populateTargets) {
+    if (names.includes(name) && db.connection.collections[name]) {
+      console.log(`Dropping ${name} collection indexes!!!`)
+      await db.connection.collections[name].dropIndexes()
+
+      console.log(`Dropping ${name} collection !!!`)
+      await db.connection.dropCollection(name)
+    }
+  }
+
+  // Org
+  await dataUtils.populateCollection(
+    './datadump/pre-population/orgs.json',
+    Org, dataUtils.newOrgTransform
+  )
+
+  // User, depends on Org
+  const hash = await dataUtils.preprocessUserSecrets()
+  await dataUtils.populateCollection(
+    './datadump/pre-population/users.json',
+    User, dataUtils.newUserTransform, hash
+  )
+
+  const populatePromises = []
+
+  // CVE ID Range
+  populatePromises.push(dataUtils.populateCollection(
+    './datadump/pre-population/cve-ids-range.json',
+    CveIdRange
+  ))
+
+  // CVE
+  if (process.env.NODE_ENV === 'development' || process.env.NODE_ENV === 'test') {
+    populatePromises.push(dataUtils.populateCollection(
+      './datadump/pre-population/cves.json',
+      Cve, dataUtils.newCveTransform
+    ))
+  }
+
+  // CVE ID, depends on User and Org
+  populatePromises.push(dataUtils.populateCollection(
+    './datadump/pre-population/cve-ids.json',
+    CveId, dataUtils.newCveIdTransform
+  ))
+
+  // Wait for all populate promises to resolve.
+  await Promise.all(populatePromises)
+
+  console.log('Successfully populated the database data!')
+
+  // Create all the indices.
+  for (const col of Object.keys(indexTargets)) {
+    for (const index of indexTargets[col]) {
+      await db.connection.collections[col].createIndex(index)
+    }
+  }
+
+  console.log('Successfully created all the indices!')
+}
+
+await db.connection.close()