Where communities thrive

  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
Repo info
    Andrea Di Cesare

    From https://www.mongodb.com/docs/manual/core/gridfs/

    GridFS uses two collections to store files. One collection stores the file chunks, and the other stores file metadata. The section GridFS Collections describes each collection in detail.

    You should access your files via the GridFS API

    To store and retrieve files using GridFS, use either of the following:

    A MongoDB driver. See the drivers documentation for information on using GridFS with your driver.
    The mongofiles command-line tool. See the mongofiles reference for documentation.

    As long as I understand you deleted data from one collection, so your bucket data is not cosistent.

    That's the reason why you get the error from RESTHeart

    The mongo driver finds the metadata (stored in mybucket.files) but not the chunks (stored in mybucket.chunks)

    To fix the state of the bucket, you should make sure that all the documents in mybucket.files have the corresponding documents in mybucket.chunks
    Hussam Qasem
    Thank you @ujibang. In my case, I didn't use the GridFS API. It is my mistake, I thought using MongoDB Compass was smart enough to detect that.
    Hello team. Any word on the Spring4Shell vulnerabilities? Is restheart affected by any chance?
    Andrea Di Cesare
    Hi @Andrewzz , RESTHeart does not use Sprint at all, it is also continuosly checked by Sonatype Lift, and we have 0 threats. See https://sbom.lift.sonatype.com/report/T1-0ff0976f7f21c391f20f-5fd315625ad1b2-1646908735-d19a2c6273764f4eb2775bee5c3499cc
    Has anyone here connected DocumentDb va restheart?
    The post is quite old, but RESTHeart does work with DocumentDB. Of course some feature of MongoDB are not supported by DocumentDB (as transactions and change stream I think) but most of the API work
    Maurizio Turatti
    Maurizio Turatti

    The 6.3.0 release introduces a few bug fixes and some important security enhancements:

    ✅ Add new security interceptor bruteForceAttackGuard
    (defends from brute force attacks by returning "429 Too Many Requests" when failed auth attempts in the last 10 seconds from the same IP are more than 50%)
    ✅ Upgrade undertow to v2.2.16.Final
    ✅ Add WildcardInterceptor that allows intercepting requests to any service
    ✅MongoRealmAuthenticator can check the password field on user document updates and reject it when it is too weak
    ✅ Ensure that the defined auth mechanisms are executed in the correct order
    ✅ filterOperatorsBlacklist is now enabled by default with blacklist = [ "$where" ] (prevents code injections at the database level)
    ✅ Fix error message in case of var not bound in aggregation and MongoRequest.getAggregationVars() method name
    ✅ Fix CORS headers for request OPTIONS /bucket.files/_size
    ✅ Set default MongoDB connections minSize=0
    ✅ Allow specifying ReadConcern, WriteConcern and ReadPreference at the request level

    Andrea Di Cesare
    Hello @TommyK100
    Agent Smith
    Hi. I'm having difficulties using aggregations. Where exactly do I need to create my aggregations?
    I have a database with my normal documents: myProdDB.Orders. So an aggregate query would look like: myProdDB.Orders.aggregate([])
    Now, where do I create the restheart aggregations? Restheart documentation says: GET /coll/_meta What's coll, what's _meta? Where are these in relation to myProdDB.Orders ?
    And later on there is a PUT /coll HTTP/1.1 in the Examples. What's coll here? In which db is it?
    My mounts:
      - what: myProdDB/Orders
        where: /prod/orders
    Andrea Di Cesare
    you collection is bound to the URI /prod/orders. So you need to add the aggregation to the collection properties and you do it with
    PATCH /prod/orders
      "aggrs": [
          "stages": [
            { "$match": { "name": { "$var": "n" } } },
            { "$group": { "_id": "$name", "avg_age": { "$avg": "$age" } } }
          "type": "pipeline",
          "uri": "example-pipeline"
    to read the metadata of the collection you use GET /prod/orders/_meta. This would return your aggrs metadata
    Timothy Choi
    Hi, how do I make Restheart v6 accept multiple base URLs? I am listening on http host and I would see logs of http://my.domain.net:9000/db 401ing, but if I query from the same container restheart is running on the request goes through
    (Additionally, is there any documentation on all individual options?)
    Timothy Choi
    If it helps, we were upgrading from Restheart 4
    Andrea Di Cesare
    Hi Timothy. If you set the http listener host to, it binds restheart to all network interfaces.
    Andrea Di Cesare
    As long as I understand your question, you want to bind it to the single network interface whose ip is resolevd by the dns from my.domain.net
    Timothy Choi
    @ujibang I want it to accept from all interfaces; right now I did set it to but it 401s requests from my.domain.net but (local) works
    Andrea Di Cesare
    Hi @tyteen4a03 , if you receive 401, it means that you can actually contact RESTHeart. So it shoudn't be a networking issue. I suspect you have some misconfiguration, so it would help if you open a github issue with the full startup log messages...
    Hussam Qasem
    Greetings! Is it advisable to have more than one RESTHeart instance point to the same MongoDB? For example, in a high-availability setting where two RESTHeart instances are required.
    Maurizio Turatti
    Hi @hussam-qasem yes, it is a very common configuration for high availability. For example, in our case we often deploy on AWS, with a couple of RESTHeart instances on a ECS cluster and a ALB (Application Load Balancer) on top for HTTP load balancing. Then we activate sticky sessions if client apps need that, it depends.