dbviewer 0.7.5 → 0.7.6

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 27da0a6d3d08f2a6d1a597c1f7e688a54ffec7048e135b30a605ee3ace20370e
-  data.tar.gz: 2e59f9c1c69b2bb87c7d9a351a045cfaea9709dc49ce7651d8ef24821db43aa7
+  metadata.gz: ce8d012a4b4e0bde526cf42fa8a40dd1402a2f787ae06381dbf3b6bfeef1dad1
+  data.tar.gz: 49a0b962162fadbdbe51feade176aaf51d211126f45295cf6df5b4f4614d019c
 SHA512:
-  metadata.gz: 48a192e9bdd118358734a2b5008a87e7219fb224b95c897601b5e448c513027b4d14b816d9abcef3950540cb99cb97af991a3f58325359592179e8dc9e2d0752
-  data.tar.gz: f3dacb78ba4309d724c7c469e4ff00457921e97d567f808a14cfe48efb38d45fadee7303f31c8f6e326037f8de27783302561acd0b84e4d42487bada7da8fed8
+  metadata.gz: 76520c547bb120caed2093b6138c55f818c6fd9bbbcdff534ea208af050e721b2319179b69710480330783db884d8f1e6bd661ed807c91599717a90811f449fd
+  data.tar.gz: ba7080bc4598a5e3cf07bede7181ff91e2ab687d43c5583b616f7fa8edc14c1cd871ef9e27764a7ef6cddd94617c4433949328e46f19ec88442d9cc1af2edfbf

data/README.md

@@ -116,6 +116,9 @@ Dbviewer.configure do |config|
 
   # Authentication options
   # config.admin_credentials = { username: "admin", password: "your_secure_password" } # Basic HTTP auth credentials
+
+  # Disable DBViewer completely
+  # config.disabled = Rails.env.production?  # Disable in production
 end
 ```
 
@@ -123,6 +126,34 @@ You can also create this file manually if you prefer.
 
 The configuration is accessed through `Dbviewer.configuration` throughout the codebase. You can also access it via `Dbviewer.config` which is an alias for backward compatibility.
 
+### Disabling DBViewer Completely
+
+You can completely disable DBViewer access by setting the `disabled` configuration option to `true`. When disabled, all DBViewer routes will return 404 (Not Found) responses:
+
+```ruby
+# config/initializers/dbviewer.rb
+Dbviewer.configure do |config|
+  # Completely disable DBViewer in production
+  config.disabled = Rails.env.production?
+
+  # Or disable unconditionally
+  # config.disabled = true
+end
+```
+
+This is useful for:
+
+- **Production environments** where you want to completely disable access to database viewing tools
+- **Security compliance** where database admin tools must be disabled in certain environments
+- **Performance** where you want to eliminate any potential overhead from DBViewer routes
+
+When disabled:
+
+- All DBViewer routes return 404 (Not Found) responses
+- No database connections are validated
+- No DBViewer middleware or concerns are executed
+- The application behaves as if DBViewer was never mounted
+
 ### Multiple Database Connections
 
 DBViewer supports working with multiple database connections in your application. This is useful for applications that connect to multiple databases or use different connection pools.
@@ -195,6 +226,7 @@ DBViewer includes several security features to protect your database:
 - **Pattern Detection**: Detection of SQL injection patterns and suspicious constructs
 - **Error Handling**: Informative error messages without exposing sensitive information
 - **HTTP Basic Authentication**: Protect access with username and password authentication
+- **Complete Disabling**: Completely disable DBViewer in production or sensitive environments
 
 ### Basic Authentication
 
@@ -212,6 +244,19 @@ end
 When credentials are provided, all DBViewer routes will be protected by HTTP Basic Authentication.
 Without valid credentials, users will be prompted for a username and password before they can access any DBViewer page.
 
+### Complete Disabling
+
+For maximum security in production environments, you can completely disable DBViewer:
+
+```ruby
+Dbviewer.configure do |config|
+  # Completely disable DBViewer in production
+  config.disabled = Rails.env.production?
+end
+```
+
+When disabled, all DBViewer routes return 404 responses, making it appear as if the tool was never installed. This is the recommended approach for production systems where database admin tools should not be accessible.
+
 ## 📝 Security Note
 
 ⚠️ **Warning**: This engine provides direct access to your database contents, which contains sensitive information. Always protect it with HTTP Basic Authentication by configuring strong credentials as shown above.

data/app/controllers/concerns/dbviewer/database_connection_validation.rb

@@ -0,0 +1,26 @@
+module Dbviewer
+  module DatabaseConnectionValidation
+    extend ActiveSupport::Concern
+
+    included do
+      before_action :validate_database_connection
+    end
+
+    private
+
+    # Validate database connections on first access to DBViewer
+    def validate_database_connection
+      return if @database_validated
+
+      begin
+        connection_errors = Dbviewer.validate_connections!
+        if connection_errors.any?
+          Rails.logger.warn "DBViewer: Some database connections failed: #{connection_errors.map { |e| e[:error] }.join(', ')}"
+        end
+        @database_validated = true
+      rescue => e
+        render json: { error: "Database connection failed: #{e.message}" }, status: :service_unavailable and return
+      end
+    end
+  end
+end

data/app/controllers/concerns/dbviewer/disabled_state_validation.rb

@@ -0,0 +1,19 @@
+module Dbviewer
+  module DisabledStateValidation
+    extend ActiveSupport::Concern
+
+    included do
+      before_action :check_if_dbviewer_disabled
+    end
+
+    private
+
+    # Check if DBViewer is completely disabled
+    def check_if_dbviewer_disabled
+      if Dbviewer.configuration.disabled
+        Rails.logger.info "DBViewer: Access denied - DBViewer is disabled"
+        render plain: "Not Found", status: :not_found and return
+      end
+    end
+  end
+end

data/app/controllers/dbviewer/application_controller.rb

@@ -1,6 +1,8 @@
 module Dbviewer
   class ApplicationController < ActionController::Base
     include Dbviewer::DatabaseOperations
+    include Dbviewer::DisabledStateValidation
+    include Dbviewer::DatabaseConnectionValidation
 
     before_action :authenticate_with_basic_auth
     before_action :set_tables

data/lib/dbviewer/configuration.rb

@@ -51,6 +51,14 @@ module Dbviewer
     # The key of the current active connection
     attr_accessor :current_connection
 
+    # Whether to validate database connections during application startup
+    # Set to false in production/CI environments to avoid startup failures
+    attr_accessor :validate_connections_on_startup
+
+    # Completely disable DBViewer access when set to true
+    # When enabled, all DBViewer routes will return 404 responses
+    attr_accessor :disabled
+
     def initialize
       @per_page_options = [ 10, 20, 50, 100 ]
       @default_per_page = 20
@@ -65,6 +73,8 @@ module Dbviewer
       @enable_query_logging = true
       @admin_credentials = nil
       @default_order_column = "updated_at"
+      @validate_connections_on_startup = false  # Default to false for safer deployments
+      @disabled = false  # Default to false - DBViewer is enabled by default
       @database_connections = {
         default: {
           connection_class: "ActiveRecord::Base",

data/lib/dbviewer/database/manager.rb

@@ -187,13 +187,20 @@ module Dbviewer
         connection_config = Dbviewer.configuration.database_connections[@connection_key]
 
         if connection_config && connection_config[:connection_class]
-          @connection = connection_config[:connection_class].constantize.connection
+          begin
+            @connection = connection_config[:connection_class].constantize.connection
+            @adapter_name = @connection.adapter_name.downcase
+            Rails.logger.info "DBViewer: Successfully connected to #{connection_config[:name] || @connection_key} database (#{@adapter_name})"
+          rescue => e
+            Rails.logger.error "DBViewer: Failed to connect to #{connection_config[:name] || @connection_key}: #{e.message}"
+            raise "DBViewer database connection failed: #{e.message}"
+          end
         else
           Rails.logger.warn "DBViewer: Using default connection for key: #{@connection_key}"
           @connection = ActiveRecord::Base.connection
+          @adapter_name = @connection.adapter_name.downcase
         end
 
-        @adapter_name = @connection.adapter_name.downcase
         @connection
       end
     end

data/lib/dbviewer/version.rb

@@ -1,3 +1,3 @@
 module Dbviewer
-  VERSION = "0.7.5"
+  VERSION = "0.7.6"
 end

data/lib/dbviewer.rb

@@ -56,7 +56,21 @@ module Dbviewer
     # This class method will be called by the engine when it's appropriate
     def setup
       configure_query_logger
-      validate_database_connections
+      # Database connections will be validated when first accessed
+      Rails.logger.info "DBViewer: Initialized successfully (database connections will be validated on first access)"
+    end
+
+    # Validate database connections on-demand (called when first accessing DBViewer)
+    def validate_connections!
+      connection_errors = configuration.database_connections.filter_map do |key, config|
+        validate_single_connection(key, config)
+      end
+
+      if connection_errors.length == configuration.database_connections.length
+        raise "DBViewer could not connect to any configured database. Please check your database configuration."
+      end
+
+      connection_errors
     end
 
     private
@@ -69,15 +83,6 @@ module Dbviewer
       )
     end
 
-    # Validate all configured database connections
-    def validate_database_connections
-      connection_errors = configuration.database_connections.filter_map do |key, config|
-        validate_single_connection(key, config)
-      end
-
-      raise_if_all_connections_failed(connection_errors)
-    end
-
     # Validate a single database connection
     # @param key [Symbol] The connection key
     # @param config [Hash] The connection configuration
@@ -125,13 +130,5 @@ module Dbviewer
     def store_resolved_connection(config, connection_class)
       config[:connection] = connection_class
     end
-
-    # Raise an error if all database connections failed
-    # @param connection_errors [Array] Array of connection error hashes
-    def raise_if_all_connections_failed(connection_errors)
-      if connection_errors.length == configuration.database_connections.length
-        raise "DBViewer could not connect to any configured database"
-      end
-    end
   end
 end

data/lib/generators/dbviewer/templates/initializer.rb

@@ -33,4 +33,13 @@ Dbviewer.configure do |config|
 
   # Set the default active connection
   # config.current_connection = :primary
+
+  # Whether to validate database connections during application startup
+  # Set to true in development, false in production to avoid deployment issues
+  config.validate_connections_on_startup = Rails.env.development?
+
+  # Completely disable DBViewer access when set to true
+  # When enabled, all DBViewer routes will return 404 responses
+  # Useful for production environments where you want to completely disable the tool
+  # config.disabled = Rails.env.production?
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: dbviewer
 version: !ruby/object:Gem::Version
-  version: 0.7.5
+  version: 0.7.6
 platform: ruby
 authors:
 - Wailan Tirajoh
@@ -77,9 +77,11 @@ files:
 - app/assets/stylesheets/dbviewer/table.css
 - app/controllers/concerns/dbviewer/connection_management.rb
 - app/controllers/concerns/dbviewer/data_export.rb
+- app/controllers/concerns/dbviewer/database_connection_validation.rb
 - app/controllers/concerns/dbviewer/database_information.rb
 - app/controllers/concerns/dbviewer/database_operations.rb
 - app/controllers/concerns/dbviewer/datatable_support.rb
+- app/controllers/concerns/dbviewer/disabled_state_validation.rb
 - app/controllers/concerns/dbviewer/pagination_concern.rb
 - app/controllers/concerns/dbviewer/query_operations.rb
 - app/controllers/concerns/dbviewer/relationship_management.rb