neo4j
diff --git a/‎src/v1/index.js
Lines changed: 6 additions & 1 deletion b/‎src/v1/index.js
Lines changed: 6 additions & 1 deletion
diff --git a/‎src/v1/internal/ch-config.js
Lines changed: 33 additions & 22 deletions b/‎src/v1/internal/ch-config.js
Lines changed: 33 additions & 22 deletions
diff --git a/‎src/v1/internal/ch-node.js
Lines changed: 86 additions & 32 deletions b/‎src/v1/internal/ch-node.js
Lines changed: 86 additions & 32 deletions
diff --git a/‎src/v1/internal/ch-websocket.js
Lines changed: 39 additions & 6 deletions b/‎src/v1/internal/ch-websocket.js
Lines changed: 39 additions & 6 deletions
@@ -116,7 +116,12 @@ const USER_AGENT = "neo4j-javascript/" + VERSION;
  *       // {@link Session#readTransaction()} and {@link Session#writeTransaction()} functions. These functions
  *       // will retry the given unit of work on `ServiceUnavailable`, `SessionExpired` and transient errors with
  *       // exponential backoff using initial delay of 1 second. Default value is 30000 which is 30 seconds.
- *       maxTransactionRetryTime: 30000,
+ *       maxTransactionRetryTime: 30000, // 30 seconds
+ *
+ *       // Specify socket connection timeout in milliseconds. Non-numeric, negative and zero values are treated as an
+ *       // infinite timeout. Connection will be then bound by the timeout configured on the operating system level.
+ *       // Timeout value should be numeric and greater or equal to zero.
+ *       connectionTimeout: 5000, // 5 seconds
  *     }
  *
  * @param {string} url The URL for the Neo4j database, for instance "bolt://localhost"
 
@@ -20,38 +20,49 @@
 import hasFeature from './features';
 import {SERVICE_UNAVAILABLE} from '../error';
 
+const DEFAULT_CONNECTION_TIMEOUT_MILLIS = 0; // turned off by default
+
 export default class ChannelConfig {
 
   constructor(host, port, driverConfig, connectionErrorCode) {
     this.host = host;
     this.port = port;
-    this.encrypted = ChannelConfig._extractEncrypted(driverConfig);
-    this.trust = ChannelConfig._extractTrust(driverConfig);
-    this.trustedCertificates = ChannelConfig._extractTrustedCertificates(driverConfig);
-    this.knownHostsPath = ChannelConfig._extractKnownHostsPath(driverConfig);
+    this.encrypted = extractEncrypted(driverConfig);
+    this.trust = extractTrust(driverConfig);
+    this.trustedCertificates = extractTrustedCertificates(driverConfig);
+    this.knownHostsPath = extractKnownHostsPath(driverConfig);
     this.connectionErrorCode = connectionErrorCode || SERVICE_UNAVAILABLE;
+    this.connectionTimeout = extractConnectionTimeout(driverConfig);
   }
+}
 
-  static _extractEncrypted(driverConfig) {
-    // check if encryption was configured by the user, use explicit null check because we permit boolean value
-    const encryptionConfigured = driverConfig.encrypted == null;
-    // default to using encryption if trust-all-certificates is available
-    return encryptionConfigured ? hasFeature('trust_all_certificates') : driverConfig.encrypted;
-  }
+function extractEncrypted(driverConfig) {
+  // check if encryption was configured by the user, use explicit null check because we permit boolean value
+  const encryptionConfigured = driverConfig.encrypted == null;
+  // default to using encryption if trust-all-certificates is available
+  return encryptionConfigured ? hasFeature('trust_all_certificates') : driverConfig.encrypted;
+}
 
-  static _extractTrust(driverConfig) {
-    if (driverConfig.trust) {
-      return driverConfig.trust;
-    }
-    // default to using TRUST_ALL_CERTIFICATES if it is available
-    return hasFeature('trust_all_certificates') ? 'TRUST_ALL_CERTIFICATES' : 'TRUST_CUSTOM_CA_SIGNED_CERTIFICATES';
+function extractTrust(driverConfig) {
+  if (driverConfig.trust) {
+    return driverConfig.trust;
   }
+  // default to using TRUST_ALL_CERTIFICATES if it is available
+  return hasFeature('trust_all_certificates') ? 'TRUST_ALL_CERTIFICATES' : 'TRUST_CUSTOM_CA_SIGNED_CERTIFICATES';
+}
 
-  static _extractTrustedCertificates(driverConfig) {
-    return driverConfig.trustedCertificates || [];
-  }
+function extractTrustedCertificates(driverConfig) {
+  return driverConfig.trustedCertificates || [];
+}
+
+function extractKnownHostsPath(driverConfig) {
+  return driverConfig.knownHosts || null;
+}
 
-  static _extractKnownHostsPath(driverConfig) {
-    return driverConfig.knownHosts || null;
+function extractConnectionTimeout(driverConfig) {
+  const configuredTimeout = parseInt(driverConfig.connectionTimeout, 10);
+  if (!configuredTimeout || configuredTimeout < 0) {
+    return DEFAULT_CONNECTION_TIMEOUT_MILLIS;
   }
-};
+  return configuredTimeout;
+}
@@ -123,14 +123,14 @@ const TrustStrategy = {
       return;
     }
 
-    let tlsOpts = {
+    const tlsOpts = {
       ca: config.trustedCertificates.map((f) => fs.readFileSync(f)),
       // Because we manually check for this in the connect callback, to give
       // a more helpful error to the user
       rejectUnauthorized: false
     };
 
-    let socket = tls.connect(config.port, config.host, tlsOpts, function () {
+    const connectListener = socket => {
       if (!socket.authorized) {
         onFailure(newError("Server certificate is not trusted. If you trust the database you are connecting to, add" +
           " the signing certificate, or the server certificate, to the list of certificates trusted by this driver" +
@@ -141,18 +141,19 @@ const TrustStrategy = {
       } else {
         onSuccess();
       }
-    });
-    socket.on('error', onFailure);
-    return socket;
+    };
+
+    return connectTlsSocket(config, tlsOpts, connectListener, onFailure);
   },
   TRUST_SYSTEM_CA_SIGNED_CERTIFICATES : function( config, onSuccess, onFailure ) {
 
-    let tlsOpts = {
+    const tlsOpts = {
       // Because we manually check for this in the connect callback, to give
       // a more helpful error to the user
       rejectUnauthorized: false
     };
-    let socket = tls.connect(config.port, config.host, tlsOpts, function () {
+
+    const connectListener = socket => {
       if (!socket.authorized) {
         onFailure(newError("Server certificate is not trusted. If you trust the database you are connecting to, use " +
           "TRUST_CUSTOM_CA_SIGNED_CERTIFICATES and add" +
@@ -164,9 +165,9 @@ const TrustStrategy = {
       } else {
         onSuccess();
       }
-    });
-    socket.on('error', onFailure);
-    return socket;
+    };
+
+    return connectTlsSocket(config, tlsOpts, connectListener, onFailure);
   },
   /**
    * @deprecated in 1.1 in favour of {@link #TRUST_ALL_CERTIFICATES}. Will be deleted in a future version.
@@ -175,15 +176,15 @@ const TrustStrategy = {
       console.log("`TRUST_ON_FIRST_USE` has been deprecated as option and will be removed in a future version of " +
           "the driver. Please use `TRUST_ALL_CERTIFICATES` instead.");
 
-    let tlsOpts = {
+    const tlsOpts = {
       // Because we manually verify the certificate against known_hosts
       rejectUnauthorized: false
     };
 
-    let socket = tls.connect(config.port, config.host, tlsOpts, function () {
-      var serverCert = socket.getPeerCertificate(/*raw=*/true);
+    const connectListener = socket => {
+      const serverCert = socket.getPeerCertificate(/*raw=*/true);
 
-      if( !serverCert.raw ) {
+      if (!serverCert.raw) {
         // If `raw` is not available, we're on an old version of NodeJS, and
         // the raw cert cannot be accessed (or, at least I couldn't find a way to)
         // therefore, we can't generate a SHA512 fingerprint, meaning we can't
@@ -200,10 +201,10 @@ const TrustStrategy = {
       const serverId = config.host + ":" + config.port;
 
       loadFingerprint(serverId, knownHostsPath, (knownFingerprint) => {
-        if( knownFingerprint === serverFingerprint ) {
+        if (knownFingerprint === serverFingerprint) {
           onSuccess();
-        } else if( knownFingerprint == null ) {
-          storeFingerprint( serverId, knownHostsPath, serverFingerprint, (err) => {
+        } else if (knownFingerprint == null) {
+          storeFingerprint(serverId, knownHostsPath, serverFingerprint, (err) => {
             if (err) {
               return onFailure(err);
             }
@@ -220,32 +221,33 @@ const TrustStrategy = {
             "update the file with the new certificate. You can configure which file the driver " +
             "should use to store this information by setting `knownHosts` to another path in " +
             "your driver configuration - and you can disable encryption there as well using " +
-            "`encrypted:\"" + ENCRYPTION_OFF + "\"`."))
+            "`encrypted:\"" + ENCRYPTION_OFF + "\"`."));
         }
       });
-    });
-    socket.on('error', onFailure);
-    return socket;
+    };
+
+    return connectTlsSocket(config, tlsOpts, connectListener, onFailure);
   },
 
   TRUST_ALL_CERTIFICATES: function (config, onSuccess, onFailure) {
     const tlsOpts = {
       rejectUnauthorized: false
     };
-    const socket = tls.connect(config.port, config.host, tlsOpts, function () {
+
+    const connectListener = socket => {
       const certificate = socket.getPeerCertificate();
       if (isEmptyObjectOrNull(certificate)) {
         onFailure(newError("Secure connection was successful but server did not return any valid " +
-            "certificates. Such connection can not be trusted. If you are just trying " +
-            " Neo4j out and are not concerned about encryption, simply disable it using " +
-            "`encrypted=\"" + ENCRYPTION_OFF + "\"` in the driver options. " +
-            "Socket responded with: " + socket.authorizationError));
+          "certificates. Such connection can not be trusted. If you are just trying " +
+          " Neo4j out and are not concerned about encryption, simply disable it using " +
+          "`encrypted=\"" + ENCRYPTION_OFF + "\"` in the driver options. " +
+          "Socket responded with: " + socket.authorizationError));
       } else {
         onSuccess();
       }
-    });
-    socket.on('error', onFailure);
-    return socket;
+    };
+
+    return connectTlsSocket(config, tlsOpts, connectListener, onFailure);
   }
 };
 
@@ -259,9 +261,7 @@ const TrustStrategy = {
 function connect( config, onSuccess, onFailure=(()=>null) ) {
   //still allow boolean for backwards compatibility
   if (config.encrypted === false || config.encrypted === ENCRYPTION_OFF) {
-    var conn = net.connect(config.port, config.host, onSuccess);
-    conn.on('error', onFailure);
-    return conn;
+    return connectSocket(config, onSuccess, onFailure);
   } else if( TrustStrategy[config.trust]) {
     return TrustStrategy[config.trust](config, onSuccess, onFailure);
   } else {
@@ -275,6 +275,60 @@ function connect( config, onSuccess, onFailure=(()=>null) ) {
   }
 }
 
+/**
+ * Establish insecure connection using `net.Socket`.
+ * @param {ChannelConfig} config - configuration of this channel.
+ * @param {function} connectListener - success callback.
+ * @param {function} failureListener - failure callback.
+ * @return {*} an instance of `net.Socket`.
+ */
+function connectSocket(config, connectListener, failureListener) {
+  const socket = net.connect(config.port, config.host, () => {
+    // connected! cancel the connection timeout and notify provided callback
+    socket.setTimeout(0); // remove the timeout
+    connectListener(socket);
+  });
+  socket.on('error', failureListener);
+  setupConnectionTimeoutIfConfigured(socket, config);
+  return socket;
+}
+
+/**
+ * Establish secure connection using `tls.TLSSocket`.
+ * @param {ChannelConfig} config - configuration of this channel.
+ * @param {object} tlsOpts - options for TLS socket.
+ * @param {function} connectListener - success callback.
+ * @param {function} failureListener - failure callback.
+ * @return {*} an instance of `tls.TLSSocket`.
+ */
+function connectTlsSocket(config, tlsOpts, connectListener, failureListener) {
+  const socket = tls.connect(config.port, config.host, tlsOpts, () => {
+    // connected! cancel the connection timeout and notify provided callback
+    socket.setTimeout(0);
+    connectListener(socket);
+  });
+  socket.on('error', failureListener);
+  setupConnectionTimeoutIfConfigured(socket, config);
+  return socket;
+}
+
+/**
+ * Set connection timeout on the given socket, if configured.
+ * @param {object} socket - NodeJS net.Socket or tls.TLSSocket.
+ * @param {ChannelConfig} config - configuration of this channel.
+ */
+function setupConnectionTimeoutIfConfigured(socket, config) {
+  const timeout = config.connectionTimeout;
+  if (timeout) {
+    socket.on('timeout', () => {
+      // timeout fired - not connected within configured time. cancel timeout and destroy socket
+      socket.setTimeout(0);
+      socket.destroy(newError(`Failed to establish connection in ${timeout}ms`, config.connectionErrorCode));
+    });
+    socket.setTimeout(timeout);
+  }
+}
+
 /**
  * In a Node.js environment the 'net' module is used
  * as transport.
 
@@ -37,9 +37,7 @@ class WebSocketChannel {
     this._pending = [];
     this._error = null;
     this._handleConnectionError = this._handleConnectionError.bind(this);
-    this._connectionErrorCode = config.connectionErrorCode;
-
-    this._encrypted = config.encrypted;
+    this._config = config;
 
     let scheme = "ws";
     //Allow boolean for backwards compatibility
@@ -67,6 +65,12 @@ class WebSocketChannel {
         }
     };
     this._ws.onopen = function() {
+      // Connected! Cancel connection timeout
+      if (self._connectionTimeoutId) {
+        clearTimeout(self._connectionTimeoutId);
+        self._connectionTimeoutFired = false;
+      }
+
       // Drain all pending messages
       let pending = self._pending;
       self._pending = null;
@@ -76,15 +80,28 @@ class WebSocketChannel {
     };
     this._ws.onmessage = (event) => {
       if( self.onmessage ) {
-        var b = new HeapBuffer( event.data );
+        const b = new HeapBuffer(event.data);
         self.onmessage( b );
       }
     };
 
     this._ws.onerror = this._handleConnectionError;
+
+    this._connectionTimeoutFired = false;
+    this._connectionTimeoutId = this._setupConnectionTimeout(config);
   }
 
   _handleConnectionError() {
+    if (this._connectionTimeoutFired) {
+      // timeout fired - not connected within configured time
+      this._error = newError(`Failed to establish connection in ${this._config.connectionTimeout}ms`, this._config.connectionErrorCode);
+
+      if (this.onerror) {
+        this.onerror(this._error);
+      }
+      return;
+    }
+
     // onerror triggers on websocket close as well.. don't get me started.
     if( this._open ) {
       // http://stackoverflow.com/questions/25779831/how-to-catch-websocket-connection-to-ws-xxxnn-failed-connection-closed-be
@@ -94,15 +111,15 @@ class WebSocketChannel {
         "the root cause of the failure. Common reasons include the database being " +
         "unavailable, using the wrong connection URL or temporary network problems. " +
         "If you have enabled encryption, ensure your browser is configured to trust the " +
-        "certificate Neo4j is configured to use. WebSocket `readyState` is: " + this._ws.readyState, this._connectionErrorCode );
+        'certificate Neo4j is configured to use. WebSocket `readyState` is: ' + this._ws.readyState, this._config.connectionErrorCode);
       if (this.onerror) {
         this.onerror(this._error);
       }
     }
   }
 
   isEncrypted() {
-    return this._encrypted;
+    return this._config.encrypted;
   }
 
   /**
@@ -130,6 +147,22 @@ class WebSocketChannel {
     this._ws.close();
     this._ws.onclose = cb;
   }
+
+  /**
+   * Set connection timeout on the given WebSocket, if configured.
+   * @return {number} the timeout id or null.
+   * @private
+   */
+  _setupConnectionTimeout() {
+    const timeout = this._config.connectionTimeout;
+    if (timeout) {
+      return setTimeout(() => {
+        this._connectionTimeoutFired = true;
+        this._ws.close();
+      }, timeout);
+    }
+    return null;
+  }
 }
 
 let available = typeof WebSocket !== 'undefined';