query_console 0.1.0 → 0.2.1

data/app/javascript/query_console/controllers/editor_controller.js

@@ -1,77 +1,214 @@
 import { Controller } from "@hotwired/stimulus"
+import { EditorView, keymap } from "@codemirror/view"
+import { EditorState } from "@codemirror/state"
+import { sql } from "@codemirror/lang-sql"
+import { defaultKeymap } from "@codemirror/commands"
+import { autocompletion } from "@codemirror/autocomplete"
 
-// Manages the SQL editor textarea and query execution
+// Manages the SQL editor with CodeMirror and query execution
 // Usage: <div data-controller="editor">
 export default class extends Controller {
-  static targets = ["textarea", "runButton", "clearButton", "results"]
+  static targets = ["container"]
 
   connect() {
+    this.initializeCodeMirror()
+    
     // Listen for history load events
     this.element.addEventListener('history:load', (event) => {
       this.loadQuery(event.detail.sql)
     })
   }
 
-  // Load query into textarea (from history)
+  disconnect() {
+    if (this.view) {
+      this.view.destroy()
+    }
+  }
+
+  initializeCodeMirror() {
+    const sqlLanguage = sql()
+    
+    const startState = EditorState.create({
+      doc: "SELECT * FROM users LIMIT 10;",
+      extensions: [
+        sqlLanguage.extension,
+        autocompletion(),
+        keymap.of(defaultKeymap),
+        EditorView.lineWrapping,
+        EditorView.theme({
+          "&": {
+            fontSize: "14px",
+            border: "1px solid #ddd",
+            borderRadius: "4px"
+          },
+          ".cm-content": {
+            fontFamily: "'Monaco', 'Menlo', 'Courier New', monospace",
+            minHeight: "200px",
+            padding: "12px"
+          },
+          ".cm-scroller": {
+            overflow: "auto"
+          },
+          "&.cm-focused": {
+            outline: "none"
+          }
+        })
+      ]
+    })
+
+    this.view = new EditorView({
+      state: startState,
+      parent: this.containerTarget
+    })
+  }
+
+  // Get SQL content from CodeMirror
+  getSql() {
+    return this.view.state.doc.toString()
+  }
+
+  // Set SQL content in CodeMirror
+  setSql(text) {
+    this.view.dispatch({
+      changes: {
+        from: 0,
+        to: this.view.state.doc.length,
+        insert: text
+      }
+    })
+    this.view.focus()
+  }
+
+  // Insert text at cursor position
+  insertAtCursor(text) {
+    const selection = this.view.state.selection.main
+    this.view.dispatch({
+      changes: {
+        from: selection.from,
+        to: selection.to,
+        insert: text
+      },
+      selection: {
+        anchor: selection.from + text.length
+      }
+    })
+    this.view.focus()
+  }
+
+  // Load query into editor (from history)
   loadQuery(sql) {
-    this.textareaTarget.value = sql
-    this.textareaTarget.focus()
+    this.setSql(sql)
     
     // Scroll to editor
     this.element.scrollIntoView({ behavior: 'smooth', block: 'start' })
   }
 
-  // Clear textarea
-  clear(event) {
-    event.preventDefault()
-    this.textareaTarget.value = ''
-    this.textareaTarget.focus()
+  // Clear editor
+  clearEditor() {
+    this.setSql('')
+    
+    // Clear query results
+    const queryFrame = document.querySelector('turbo-frame#query-results')
+    if (queryFrame) {
+      queryFrame.innerHTML = '<div style="color: #6c757d; text-align: center; padding: 40px; margin-top: 20px;"><p>Enter a query above and click "Run Query" to see results here.</p></div>'
+    }
+    
+    // Clear explain results
+    const explainFrame = document.querySelector('turbo-frame#explain-results')
+    if (explainFrame) {
+      explainFrame.innerHTML = ''
+    }
+  }
+
+  // Check if query is a DML operation
+  isDmlQuery(sql) {
+    const trimmed = sql.trim().toLowerCase()
+    return /^(insert|update|delete|merge)\b/.test(trimmed)
   }
 
-  // Handle form submission
-  submit(event) {
-    const sql = this.textareaTarget.value.trim()
-    
+  // Run query
+  runQuery() {
+    const sql = this.getSql().trim()
     if (!sql) {
-      event.preventDefault()
       alert('Please enter a SQL query')
       return
     }
-
-    // Show loading state
-    this.runButtonTarget.disabled = true
-    this.runButtonTarget.textContent = 'Running...'
     
-    // After Turbo completes the request, we'll handle success/error
-  }
-
-  // Called after successful query execution (via Turbo)
-  querySuccess(event) {
-    // Re-enable button
-    this.runButtonTarget.disabled = false
-    this.runButtonTarget.textContent = 'Run Query'
+    // Check if it's a DML query and confirm with user
+    if (this.isDmlQuery(sql)) {
+      const confirmed = confirm(
+        '⚠️ DATA MODIFICATION WARNING\n\n' +
+        'This query will INSERT, UPDATE, or DELETE data.\n\n' +
+        '• All changes are PERMANENT and cannot be undone\n' +
+        '• All operations are logged\n\n' +
+        'Do you want to proceed?'
+      )
+      
+      if (!confirmed) {
+        return // User cancelled
+      }
+    }
     
-    // Dispatch event to add to history
-    const sql = this.textareaTarget.value.trim()
-    this.dispatch('executed', { 
-      detail: { 
-        sql: sql,
-        timestamp: new Date().toISOString()
-      },
-      target: document.querySelector('[data-controller="history"]')
-    })
+    // Clear explain results when running query
+    const explainFrame = document.querySelector('turbo-frame#explain-results')
+    if (explainFrame) {
+      explainFrame.innerHTML = ''
+    }
+    
+    // Store for history
+    window._lastExecutedSQL = sql
+    
+    // Get CSRF token
+    const csrfToken = document.querySelector('meta[name=csrf-token]')?.content
+    
+    // Create form with Turbo Frame target
+    const form = document.createElement('form')
+    form.method = 'POST'
+    form.action = this.element.dataset.runPath
+    form.setAttribute('data-turbo-frame', 'query-results')
+    form.innerHTML = `
+      <input type="hidden" name="sql" value="${this.escapeHtml(sql)}">
+      <input type="hidden" name="authenticity_token" value="${csrfToken}">
+    `
+    document.body.appendChild(form)
+    form.requestSubmit()
+    document.body.removeChild(form)
   }
 
-  // Called after failed query execution
-  queryError(event) {
-    this.runButtonTarget.disabled = false
-    this.runButtonTarget.textContent = 'Run Query'
+  // Explain query
+  explainQuery() {
+    const sql = this.getSql().trim()
+    if (!sql) {
+      alert('Please enter a SQL query')
+      return
+    }
+    
+    // Clear query results when running explain
+    const queryFrame = document.querySelector('turbo-frame#query-results')
+    if (queryFrame) {
+      queryFrame.innerHTML = ''
+    }
+    
+    // Get CSRF token
+    const csrfToken = document.querySelector('meta[name=csrf-token]')?.content
+    
+    // Create form with Turbo Frame target
+    const form = document.createElement('form')
+    form.method = 'POST'
+    form.action = this.element.dataset.explainPath
+    form.setAttribute('data-turbo-frame', 'explain-results')
+    form.innerHTML = `
+      <input type="hidden" name="sql" value="${this.escapeHtml(sql)}">
+      <input type="hidden" name="authenticity_token" value="${csrfToken}">
+    `
+    document.body.appendChild(form)
+    form.requestSubmit()
+    document.body.removeChild(form)
   }
 
-  // Handle Turbo Frame errors
-  turboFrameError(event) {
-    console.error('Turbo Frame error:', event.detail)
-    this.runButtonTarget.disabled = false
-    this.runButtonTarget.textContent = 'Run Query'
+  escapeHtml(text) {
+    const div = document.createElement('div')
+    div.textContent = text
+    return div.innerHTML
   }
 }

data/app/services/query_console/audit_logger.rb

@@ -15,16 +15,22 @@ module QueryConsole
         actor: resolved_actor,
         sql: sql.to_s.strip,
         duration_ms: result.execution_time_ms,
-        rows: result.row_count_shown,
-        status: result.success? ? "ok" : "error"
+        status: result.success? ? "ok" : "error",
+        query_type: determine_query_type(sql),
+        is_dml: is_dml_query?(sql)
       }
 
+      # Add row count if available (for QueryResult)
+      if result.respond_to?(:row_count_shown)
+        log_data[:rows] = result.row_count_shown
+      end
+
       if result.failure?
         log_data[:error] = result.error
         log_data[:error_class] = determine_error_class(result.error)
       end
 
-      if result.truncated?
+      if result.respond_to?(:truncated) && result.truncated
         log_data[:truncated] = true
         log_data[:max_rows] = config.max_rows
       end
@@ -32,6 +38,22 @@ module QueryConsole
       Rails.logger.info(log_data.to_json)
     end
 
+    def self.is_dml_query?(sql)
+      sql.to_s.strip.downcase.match?(/\A(insert|update|delete|merge)\b/)
+    end
+
+    def self.determine_query_type(sql)
+      case sql.to_s.strip.downcase
+      when /\Aselect\b/ then "SELECT"
+      when /\Awith\b/ then "WITH"
+      when /\Ainsert\b/ then "INSERT"
+      when /\Aupdate\b/ then "UPDATE"
+      when /\Adelete\b/ then "DELETE"
+      when /\Amerge\b/ then "MERGE"
+      else "UNKNOWN"
+      end
+    end
+
     def self.determine_error_class(error_message)
       case error_message
       when /timeout/i
@@ -42,6 +64,10 @@ module QueryConsole
         "SecurityError"
       when /must start with/i
         "ValidationError"
+      when /cannot delete/i, /cannot update/i, /cannot insert/i
+        "DMLError"
+      when /foreign key constraint/i, /constraint.*violated/i
+        "ConstraintError"
       else
         "QueryError"
       end

data/app/services/query_console/explain_runner.rb

@@ -0,0 +1,137 @@
+require 'timeout'
+
+module QueryConsole
+  class ExplainRunner
+    class ExplainResult
+      attr_reader :plan_text, :execution_time_ms, :error
+
+      def initialize(plan_text: nil, execution_time_ms: 0, error: nil)
+        @plan_text = plan_text
+        @execution_time_ms = execution_time_ms
+        @error = error
+      end
+
+      def success?
+        @error.nil?
+      end
+
+      def failure?
+        !success?
+      end
+    end
+
+    def initialize(sql, config = QueryConsole.configuration)
+      @sql = sql
+      @config = config
+    end
+
+    def execute
+      return ExplainResult.new(error: "EXPLAIN feature is disabled") unless @config.enable_explain
+
+      start_time = Time.now
+
+      # Step 1: Validate SQL (same as regular runner)
+      validator = SqlValidator.new(@sql, @config)
+      validation_result = validator.validate
+
+      if validation_result.invalid?
+        return ExplainResult.new(error: validation_result.error)
+      end
+
+      sanitized_sql = validation_result.sanitized_sql
+
+      # Step 2: Build EXPLAIN query based on adapter
+      explain_sql = build_explain_query(sanitized_sql)
+
+      # Step 3: Execute with timeout
+      begin
+        result = execute_with_timeout(explain_sql)
+        execution_time = ((Time.now - start_time) * 1000).round(2)
+
+        # Format the result as plain text
+        plan_text = format_explain_output(result)
+
+        ExplainResult.new(
+          plan_text: plan_text,
+          execution_time_ms: execution_time
+        )
+      rescue Timeout::Error
+        ExplainResult.new(
+          error: "EXPLAIN timeout: exceeded #{@config.timeout_ms}ms limit"
+        )
+      rescue StandardError => e
+        ExplainResult.new(
+          error: "EXPLAIN error: #{e.message}"
+        )
+      end
+    end
+
+    private
+
+    attr_reader :sql, :config
+
+    def build_explain_query(sql)
+      adapter_name = ActiveRecord::Base.connection.adapter_name
+
+      case adapter_name
+      when "PostgreSQL"
+        if @config.enable_explain_analyze
+          "EXPLAIN (ANALYZE, FORMAT TEXT) #{sql}"
+        else
+          "EXPLAIN (FORMAT TEXT) #{sql}"
+        end
+      when "Mysql2", "Trilogy"
+        if @config.enable_explain_analyze
+          "EXPLAIN ANALYZE #{sql}"
+        else
+          "EXPLAIN #{sql}"
+        end
+      when "SQLite"
+        # SQLite doesn't support ANALYZE in EXPLAIN
+        "EXPLAIN QUERY PLAN #{sql}"
+      else
+        # Fallback for other adapters
+        "EXPLAIN #{sql}"
+      end
+    end
+
+    def execute_with_timeout(sql)
+      timeout_seconds = @config.timeout_ms / 1000.0
+      
+      Timeout.timeout(timeout_seconds) do
+        ActiveRecord::Base.connection.exec_query(sql)
+      end
+    end
+
+    def format_explain_output(result)
+      # For SQLite, the result has columns like: id, parent, notused, detail
+      # For Postgres, it's usually a single "QUERY PLAN" column
+      # For MySQL, it varies by version
+
+      adapter_name = ActiveRecord::Base.connection.adapter_name
+
+      case adapter_name
+      when "SQLite"
+        # SQLite EXPLAIN QUERY PLAN format
+        lines = result.rows.map do |row|
+          # row is [id, parent, notused, detail]
+          detail = row[3] || row.last
+          detail.to_s
+        end
+        lines.join("\n")
+      when "PostgreSQL"
+        # Postgres returns single column with plan text
+        result.rows.map { |row| row[0].to_s }.join("\n")
+      when "Mysql2", "Trilogy"
+        # MySQL returns multiple columns, format as table
+        header = result.columns.join(" | ")
+        separator = "-" * header.length
+        rows = result.rows.map { |row| row.map(&:to_s).join(" | ") }
+        ([header, separator] + rows).join("\n")
+      else
+        # Generic fallback
+        result.rows.map { |row| row.join(" | ") }.join("\n")
+      end
+    end
+  end
+end

data/app/services/query_console/runner.rb

@@ -3,15 +3,17 @@ require 'timeout'
 module QueryConsole
   class Runner
     class QueryResult
-      attr_reader :columns, :rows, :execution_time_ms, :row_count_shown, :truncated, :error
+      attr_reader :columns, :rows, :execution_time_ms, :row_count_shown, :truncated, :error, :is_dml, :rows_affected
 
-      def initialize(columns: [], rows: [], execution_time_ms: 0, row_count_shown: 0, truncated: false, error: nil)
+      def initialize(columns: [], rows: [], execution_time_ms: 0, row_count_shown: 0, truncated: false, error: nil, is_dml: false, rows_affected: nil)
         @columns = columns
         @rows = rows
         @execution_time_ms = execution_time_ms
         @row_count_shown = row_count_shown
         @truncated = truncated
         @error = error
+        @is_dml = is_dml
+        @rows_affected = rows_affected
       end
 
       def success?
@@ -25,6 +27,10 @@ module QueryConsole
       def truncated?
         @truncated
       end
+
+      def dml?
+        @is_dml
+      end
     end
 
     def initialize(sql, config = QueryConsole.configuration)
@@ -44,6 +50,7 @@ module QueryConsole
       end
 
       sanitized_sql = validation_result.sanitized_sql
+      is_dml = validation_result.dml?
 
       # Step 2: Apply row limit
       limiter = SqlLimiter.new(sanitized_sql, @config.max_rows, @config)
@@ -56,12 +63,20 @@ module QueryConsole
         result = execute_with_timeout(final_sql)
         execution_time = ((Time.now - start_time) * 1000).round(2)
 
+        # For DML queries, capture the number of affected rows
+        rows_affected = nil
+        if is_dml
+          rows_affected = get_affected_rows_count(result)
+        end
+
         QueryResult.new(
           columns: result.columns,
           rows: result.rows,
           execution_time_ms: execution_time,
           row_count_shown: result.rows.length,
-          truncated: truncated
+          truncated: truncated,
+          is_dml: is_dml,
+          rows_affected: rows_affected
         )
       rescue Timeout::Error
         QueryResult.new(
@@ -85,5 +100,43 @@ module QueryConsole
         ActiveRecord::Base.connection.exec_query(sql)
       end
     end
+
+    # Get the number of rows affected by a DML query
+    # This is database-specific, so we try different approaches
+    def get_affected_rows_count(result)
+      conn = ActiveRecord::Base.connection
+      
+      # For SQLite, use the raw connection's changes method
+      if conn.adapter_name.downcase.include?('sqlite')
+        return conn.raw_connection.changes
+      end
+      
+      # For PostgreSQL, MySQL, and others, check if result has rows_affected
+      # Note: exec_query doesn't always provide this, but we can try
+      if result.respond_to?(:rows_affected)
+        return result.rows_affected
+      end
+      
+      # Fallback: try to get it from the connection's last result
+      begin
+        if conn.respond_to?(:raw_connection)
+          raw_conn = conn.raw_connection
+          
+          # PostgreSQL
+          if raw_conn.respond_to?(:cmd_tuples)
+            return raw_conn.cmd_tuples
+          end
+          
+          # MySQL
+          if raw_conn.respond_to?(:affected_rows)
+            return raw_conn.affected_rows
+          end
+        end
+      rescue
+        # If we can't determine affected rows, return nil
+      end
+      
+      nil
+    end
   end
 end