dbviewer 0.6.2 → 0.6.3

data/lib/dbviewer.rb

@@ -1,7 +1,8 @@
 require "dbviewer/version"
 require "dbviewer/configuration"
 require "dbviewer/engine"
-require "dbviewer/sql_validator"
+require "dbviewer/validator"
+require "dbviewer/validator/sql"
 
 require "dbviewer/storage/base"
 require "dbviewer/storage/in_memory_storage"
@@ -11,6 +12,7 @@ require "dbviewer/query/executor"
 require "dbviewer/query/analyzer"
 require "dbviewer/query/collection"
 require "dbviewer/query/logger"
+require "dbviewer/query/notification_subscriber"
 require "dbviewer/query/parser"
 
 require "dbviewer/database/cache_manager"
@@ -51,61 +53,83 @@ module Dbviewer
 
     # This class method will be called by the engine when it's appropriate
     def setup
-      # Configure the query logger with current configuration settings
+      configure_query_logger
+      validate_database_connections
+    end
+
+    private
+
+    # Configure the query logger with current configuration settings
+    def configure_query_logger
       Dbviewer::Query::Logger.configure(
         enable_query_logging: configuration.enable_query_logging,
         query_logging_mode: configuration.query_logging_mode
       )
+    end
 
-      # Check all configured connections
-      connection_errors = []
-      configuration.database_connections.each do |key, config|
-        begin
-          connection_class = nil
-
-          if config[:connection]
-            connection_class = config[:connection]
-          elsif config[:connection_class].is_a?(String)
-            # Try to load the class if it's defined as a string
-            begin
-              connection_class = config[:connection_class].constantize
-            rescue NameError => e
-              Rails.logger.warn "DBViewer could not load connection class #{config[:connection_class]}: #{e.message}"
-              next
-            end
-          end
-
-          if connection_class
-            connection = connection_class.connection
-            adapter_name = connection.adapter_name
-            Rails.logger.info "DBViewer successfully connected to #{config[:name] || key.to_s} database (#{adapter_name})"
-
-            # Store the resolved connection class back in the config
-            config[:connection] = connection_class
-          else
-            raise "No valid connection configuration found for #{key}"
-          end
-        rescue => e
-          connection_errors << { key: key, error: e.message }
-          Rails.logger.error "DBViewer could not connect to #{config[:name] || key.to_s} database: #{e.message}"
-        end
+    # Validate all configured database connections
+    def validate_database_connections
+      connection_errors = configuration.database_connections.filter_map do |key, config|
+        validate_single_connection(key, config)
       end
 
-      if connection_errors.length == configuration.database_connections.length
-        raise "DBViewer could not connect to any configured database"
-      end
+      raise_if_all_connections_failed(connection_errors)
+    end
+
+    # Validate a single database connection
+    # @param key [Symbol] The connection key
+    # @param config [Hash] The connection configuration
+    # @return [Hash, nil] Error hash if validation failed, nil if successful
+    def validate_single_connection(key, config)
+      connection_class = resolve_connection_class(config)
+      return { key: key, error: "No valid connection configuration found for #{key}" } unless connection_class
+
+      test_connection(connection_class, config, key)
+      store_resolved_connection(config, connection_class)
+      nil
+    rescue => e
+      Rails.logger.error "DBViewer could not connect to #{config[:name] || key.to_s} database: #{e.message}"
+      { key: key, error: e.message }
     end
 
-    # Initialize engine with default values or user-provided configuration
-    def init
-      # Define class methods to access configuration
-      Dbviewer::SqlValidator.singleton_class.class_eval do
-        define_method(:configuration) { Dbviewer.configuration }
-        define_method(:max_query_length) { Dbviewer.configuration.max_query_length }
+    # Resolve the connection class from configuration
+    # @param config [Hash] The connection configuration
+    # @return [Class, nil] The resolved connection class or nil
+    def resolve_connection_class(config)
+      return config[:connection] if config[:connection]
+      return nil unless config[:connection_class].is_a?(String)
+
+      begin
+        config[:connection_class].constantize
+      rescue NameError => e
+        Rails.logger.warn "DBViewer could not load connection class #{config[:connection_class]}: #{e.message}"
+        nil
       end
+    end
+
+    # Test the database connection
+    # @param connection_class [Class] The connection class
+    # @param config [Hash] The connection configuration
+    # @param key [Symbol] The connection key
+    def test_connection(connection_class, config, key)
+      connection = connection_class.connection
+      adapter_name = connection.adapter_name
+      Rails.logger.info "DBViewer successfully connected to #{config[:name] || key.to_s} database (#{adapter_name})"
+    end
+
+    # Store the resolved connection class back in the config
+    # @param config [Hash] The connection configuration
+    # @param connection_class [Class] The resolved connection class
+    def store_resolved_connection(config, connection_class)
+      config[:connection] = connection_class
+    end
 
-      # Log initialization
-      Rails.logger.info("[DBViewer] Initialized with configuration: #{configuration.inspect}")
+    # Raise an error if all database connections failed
+    # @param connection_errors [Array] Array of connection error hashes
+    def raise_if_all_connections_failed(connection_errors)
+      if connection_errors.length == configuration.database_connections.length
+        raise "DBViewer could not connect to any configured database"
+      end
     end
   end
 end

data/lib/generators/dbviewer/templates/initializer.rb

@@ -18,4 +18,19 @@ Dbviewer.configure do |config|
   #   username: "admin",
   #   password: "your_secure_password"
   # }
+
+  # Multiple database connections configuration
+  # config.database_connections = {
+  #   primary: {
+  #     connection_class: "ActiveRecord::Base",
+  #     name: "Primary Database"
+  #   },
+  #   secondary: {
+  #     connection_class: "SecondaryDatabase",
+  #     name: "Blog Database"
+  #   }
+  # }
+
+  # Set the default active connection
+  # config.current_connection = :primary
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dbviewer
 version: !ruby/object:Gem::Version
-  version: 0.6.2
+  version: 0.6.3
 platform: ruby
 authors:
 - Wailan Tirajoh
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2025-06-04 00:00:00.000000000 Z
+date: 2025-06-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -97,11 +97,13 @@ files:
 - lib/dbviewer/query/collection.rb
 - lib/dbviewer/query/executor.rb
 - lib/dbviewer/query/logger.rb
+- lib/dbviewer/query/notification_subscriber.rb
 - lib/dbviewer/query/parser.rb
-- lib/dbviewer/sql_validator.rb
 - lib/dbviewer/storage/base.rb
 - lib/dbviewer/storage/file_storage.rb
 - lib/dbviewer/storage/in_memory_storage.rb
+- lib/dbviewer/validator.rb
+- lib/dbviewer/validator/sql.rb
 - lib/dbviewer/version.rb
 - lib/generators/dbviewer/install_generator.rb
 - lib/generators/dbviewer/templates/initializer.rb

data/lib/dbviewer/sql_validator.rb

@@ -1,194 +0,0 @@
-module Dbviewer
-  # SqlValidator class handles SQL query validation and normalization
-  # to ensure queries are safe (read-only) and properly formatted.
-  # This helps prevent potentially destructive SQL operations.
-  class SqlValidator
-    # List of SQL keywords that could modify data or schema
-    FORBIDDEN_KEYWORDS = %w[
-      UPDATE INSERT DELETE DROP ALTER CREATE TRUNCATE REPLACE
-      RENAME GRANT REVOKE LOCK UNLOCK COMMIT ROLLBACK
-      SAVEPOINT INTO CALL EXECUTE EXEC
-    ]
-
-    # List of SQL keywords that should only be allowed in specific contexts
-    CONDITIONAL_KEYWORDS = {
-      # JOIN is allowed, but we should check for suspicious patterns
-      "JOIN" => /\bJOIN\b/i,
-      # UNION is allowed, but potential for injection
-      "UNION" => /\bUNION\b/i,
-      # WITH is allowed for CTEs, but need to ensure it's not a data modification
-      "WITH" => /\bWITH\b/i
-    }
-
-    # Maximum allowed query length
-    MAX_QUERY_LENGTH = 10000
-
-    # Determines if a query is safe (read-only)
-    # @param sql [String] The SQL query to validate
-    # @return [Boolean] true if the query is safe, false otherwise
-    def self.safe_query?(sql)
-      return false if sql.blank?
-
-      # Get max query length from configuration if available
-      max_length = respond_to?(:max_query_length) ? max_query_length : MAX_QUERY_LENGTH
-      return false if sql.length > max_length
-
-      normalized_sql = normalize(sql)
-
-      # Case-insensitive check for SELECT at the beginning
-      return false unless normalized_sql =~ /\A\s*SELECT\s+/i
-
-      # Check for forbidden keywords that might be used in subqueries or other SQL constructs
-      FORBIDDEN_KEYWORDS.each do |keyword|
-        # Look for the keyword with word boundaries to avoid false positives
-        return false if normalized_sql =~ /\b#{keyword}\b/i
-      end
-
-      # Check for suspicious patterns that might indicate SQL injection attempts
-      return false if has_suspicious_patterns?(normalized_sql)
-
-      # Check for multiple statements (;) which could allow executing multiple commands
-      statements = normalized_sql.split(";").reject(&:blank?)
-      return false if statements.size > 1
-
-      # Additional specific checks for common SQL injection patterns
-      return false if has_injection_patterns?(normalized_sql)
-
-      true
-    end
-
-    # Check for suspicious patterns in SQL that might indicate an attack
-    # @param sql [String] Normalized SQL query
-    # @return [Boolean] true if suspicious patterns found, false otherwise
-    def self.has_suspicious_patterns?(sql)
-      # Check for SQL comment sequences that might be used to hide malicious code
-      return true if sql =~ /\s+--/ || sql =~ /\/\*/
-
-      # Check for string concatenation which might be used for injection
-      return true if sql =~ /\|\|/ || sql =~ /CONCAT\s*\(/i
-
-      # Check for excessive number of quotes which might indicate injection
-      single_quotes = sql.count("'")
-      double_quotes = sql.count('"')
-      return true if single_quotes > 20 || double_quotes > 20
-
-      # Check for hex/binary data which might hide malicious code
-      return true if sql =~ /0x[0-9a-f]{16,}/i
-
-      false
-    end
-
-    # Check for specific SQL injection patterns
-    # @param sql [String] Normalized SQL query
-    # @return [Boolean] true if injection patterns found, false otherwise
-    def self.has_injection_patterns?(sql)
-      # Check for typical SQL injection test patterns
-      return true if sql =~ /'\s*OR\s*'.*'\s*=\s*'/i
-      return true if sql =~ /'\s*OR\s*1\s*=\s*1/i
-      return true if sql =~ /'\s*;\s*--/i
-
-      # Check for attempts to determine database type
-      return true if sql =~ /@@version/i
-      return true if sql =~ /version\(\)/i
-
-      false
-    end
-
-    # Normalize SQL by removing comments and extra whitespace
-    # @param sql [String] The SQL query to normalize
-    # @return [String] The normalized SQL query
-    def self.normalize(sql)
-      return "" if sql.nil?
-
-      begin
-        # Remove SQL comments (both -- and /* */ styles)
-        normalized = sql.gsub(/--.*$/, "")             # Remove -- style comments
-                .gsub(/\/\*.*?\*\//m, "")       # Remove /* */ style comments
-                .gsub(/\s+/, " ")               # Normalize whitespace
-                .strip                          # Remove leading/trailing whitespace
-
-        # Replace multiple spaces with a single space
-        normalized.gsub(/\s{2,}/, " ")
-      rescue => e
-        Rails.logger.error("[DBViewer] SQL normalization error: #{e.message}")
-        ""
-      end
-    end
-
-    # Validates a query and raises an exception if it's unsafe
-    # @param sql [String] The SQL query to validate
-    # @raise [SecurityError] if the query is unsafe
-    # @return [String] The normalized SQL query if it's safe
-    def self.validate!(sql)
-      if sql.blank?
-        raise SecurityError, "Empty query is not allowed"
-      end
-
-      # Get max query length from configuration if available
-      max_length = respond_to?(:max_query_length) ? max_query_length : MAX_QUERY_LENGTH
-      if sql.length > max_length
-        raise SecurityError, "Query exceeds maximum allowed length (#{max_length} chars)"
-      end
-
-      normalized_sql = normalize(sql)
-
-      # Special case for SQLite PRAGMA statements which are safe read-only commands
-      if normalized_sql =~ /\A\s*PRAGMA\s+[a-z0-9_]+\s*\z/i
-        return normalized_sql
-      end
-
-      unless normalized_sql =~ /\A\s*SELECT\s+/i
-        raise SecurityError, "Query must begin with SELECT for security reasons"
-      end
-
-      FORBIDDEN_KEYWORDS.each do |keyword|
-        if normalized_sql =~ /\b#{keyword}\b/i
-          raise SecurityError, "Forbidden keyword '#{keyword}' detected in query"
-        end
-      end
-
-      if has_suspicious_patterns?(normalized_sql)
-        raise SecurityError, "Query contains suspicious patterns that may indicate SQL injection"
-      end
-
-      # Check for multiple statements
-      statements = normalized_sql.split(";").reject(&:blank?)
-      if statements.size > 1
-        raise SecurityError, "Multiple SQL statements are not allowed"
-      end
-
-      if has_injection_patterns?(normalized_sql)
-        raise SecurityError, "Query contains patterns commonly associated with SQL injection attempts"
-      end
-
-      normalized_sql
-    end
-
-    # Check if a query is using a specific database feature that might need special handling
-    # @param sql [String] The SQL query
-    # @param feature [Symbol] The feature to check for (:join, :subquery, :order_by, etc.)
-    # @return [Boolean] true if the feature is used in the query
-    def self.uses_feature?(sql, feature)
-      normalized = normalize(sql)
-      case feature
-      when :join
-        normalized =~ /\b(INNER|LEFT|RIGHT|FULL|CROSS)?\s*JOIN\b/i
-      when :subquery
-        # Check if there are parentheses that likely contain a subquery
-        normalized.count("(") > normalized.count(")")
-      when :order_by
-        normalized =~ /\bORDER\s+BY\b/i
-      when :group_by
-        normalized =~ /\bGROUP\s+BY\b/i
-      when :having
-        normalized =~ /\bHAVING\b/i
-      when :union
-        normalized =~ /\bUNION\b/i
-      when :window_function
-        normalized =~ /\bOVER\s*\(/i
-      else
-        false
-      end
-    end
-  end
-end