query_console 0.1.0 → 0.2.1

data/app/services/query_console/schema_introspector.rb

@@ -0,0 +1,244 @@
+module QueryConsole
+  class SchemaIntrospector
+    def initialize(config = QueryConsole.configuration)
+      @config = config
+    end
+
+    def tables
+      return [] unless @config.schema_explorer
+
+      Rails.cache.fetch(cache_key_tables, expires_in: @config.schema_cache_seconds) do
+        fetch_tables
+      end
+    end
+
+    def table_details(table_name)
+      return nil unless @config.schema_explorer
+      return nil if table_denied?(table_name)
+
+      Rails.cache.fetch(cache_key_table(table_name), expires_in: @config.schema_cache_seconds) do
+        fetch_table_details(table_name)
+      end
+    end
+
+    private
+
+    attr_reader :config
+
+    def fetch_tables
+      adapter_name = ActiveRecord::Base.connection.adapter_name
+      
+      raw_tables = case adapter_name
+      when "PostgreSQL"
+        fetch_postgresql_tables
+      when "Mysql2", "Trilogy"
+        fetch_mysql_tables
+      when "SQLite"
+        fetch_sqlite_tables
+      else
+        # Fallback for other adapters
+        ActiveRecord::Base.connection.tables.map { |name| { name: name, kind: "table" } }
+      end
+
+      # Apply filtering
+      filter_tables(raw_tables)
+    end
+
+    def fetch_postgresql_tables
+      sql = <<~SQL
+        SELECT 
+          table_name as name,
+          table_type as kind
+        FROM information_schema.tables
+        WHERE table_schema = 'public'
+        ORDER BY table_name
+      SQL
+
+      result = ActiveRecord::Base.connection.exec_query(sql)
+      result.rows.map do |row|
+        {
+          name: row[0],
+          kind: row[1].downcase.include?("view") ? "view" : "table"
+        }
+      end
+    end
+
+    def fetch_mysql_tables
+      sql = <<~SQL
+        SELECT 
+          table_name as name,
+          table_type as kind
+        FROM information_schema.tables
+        WHERE table_schema = DATABASE()
+        ORDER BY table_name
+      SQL
+
+      result = ActiveRecord::Base.connection.exec_query(sql)
+      result.rows.map do |row|
+        {
+          name: row[0],
+          kind: row[1].downcase.include?("view") ? "view" : "table"
+        }
+      end
+    end
+
+    def fetch_sqlite_tables
+      sql = <<~SQL
+        SELECT name, type
+        FROM sqlite_master
+        WHERE type IN ('table', 'view')
+        AND name NOT LIKE 'sqlite_%'
+        ORDER BY name
+      SQL
+
+      result = ActiveRecord::Base.connection.exec_query(sql)
+      result.rows.map do |row|
+        {
+          name: row[0],
+          kind: row[1]
+        }
+      end
+    end
+
+    def fetch_table_details(table_name)
+      adapter_name = ActiveRecord::Base.connection.adapter_name
+      
+      columns = case adapter_name
+      when "PostgreSQL"
+        fetch_postgresql_columns(table_name)
+      when "Mysql2", "Trilogy"
+        fetch_mysql_columns(table_name)
+      when "SQLite"
+        fetch_sqlite_columns(table_name)
+      else
+        # Fallback using ActiveRecord
+        fetch_activerecord_columns(table_name)
+      end
+
+      {
+        name: table_name,
+        columns: columns
+      }
+    end
+
+    def fetch_postgresql_columns(table_name)
+      sql = <<~SQL
+        SELECT 
+          column_name,
+          data_type,
+          is_nullable,
+          column_default
+        FROM information_schema.columns
+        WHERE table_schema = 'public'
+        AND table_name = '#{sanitize_table_name(table_name)}'
+        ORDER BY ordinal_position
+      SQL
+
+      result = ActiveRecord::Base.connection.exec_query(sql)
+      result.rows.map do |row|
+        {
+          name: row[0],
+          db_type: row[1],
+          nullable: row[2] == "YES",
+          default: row[3]
+        }
+      end
+    end
+
+    def fetch_mysql_columns(table_name)
+      sql = <<~SQL
+        SELECT 
+          column_name,
+          data_type,
+          is_nullable,
+          column_default
+        FROM information_schema.columns
+        WHERE table_schema = DATABASE()
+        AND table_name = '#{sanitize_table_name(table_name)}'
+        ORDER BY ordinal_position
+      SQL
+
+      result = ActiveRecord::Base.connection.exec_query(sql)
+      result.rows.map do |row|
+        {
+          name: row[0],
+          db_type: row[1],
+          nullable: row[2] == "YES",
+          default: row[3]
+        }
+      end
+    end
+
+    def fetch_sqlite_columns(table_name)
+      sql = "PRAGMA table_info(#{sanitize_table_name(table_name)})"
+      result = ActiveRecord::Base.connection.exec_query(sql)
+      
+      result.rows.map do |row|
+        # SQLite PRAGMA returns: cid, name, type, notnull, dflt_value, pk
+        {
+          name: row[1],
+          db_type: row[2],
+          nullable: row[3] == 0,
+          default: row[4]
+        }
+      end
+    end
+
+    def fetch_activerecord_columns(table_name)
+      columns = ActiveRecord::Base.connection.columns(table_name)
+      columns.map do |col|
+        {
+          name: col.name,
+          db_type: col.sql_type,
+          nullable: col.null,
+          default: col.default
+        }
+      end
+    rescue StandardError
+      []
+    end
+
+    def filter_tables(tables)
+      tables.select do |table|
+        # Check denylist
+        next false if @config.schema_table_denylist.include?(table[:name])
+        
+        # Check allowlist (if present)
+        if @config.schema_allowlist.any?
+          next @config.schema_allowlist.include?(table[:name])
+        end
+        
+        true
+      end
+    end
+
+    def table_denied?(table_name)
+      # Check denylist
+      return true if @config.schema_table_denylist.include?(table_name)
+      
+      # Check allowlist (if present)
+      if @config.schema_allowlist.any?
+        return !@config.schema_allowlist.include?(table_name)
+      end
+      
+      false
+    end
+
+    def sanitize_table_name(name)
+      # Basic SQL injection protection - only allow alphanumeric, underscore
+      name.to_s.gsub(/[^a-zA-Z0-9_]/, '')
+    end
+
+    def cache_key_tables
+      "query_console/schema/tables/#{adapter_identifier}"
+    end
+
+    def cache_key_table(table_name)
+      "query_console/schema/table/#{adapter_identifier}/#{table_name}"
+    end
+
+    def adapter_identifier
+      ActiveRecord::Base.connection.adapter_name.downcase
+    end
+  end
+end

data/app/services/query_console/sql_limiter.rb

@@ -20,6 +20,11 @@ module QueryConsole
     end
 
     def apply_limit
+      # Skip limiting for DML queries (INSERT, UPDATE, DELETE, MERGE)
+      if is_dml_query?
+        return LimitResult.new(sql: @sql, truncated: false)
+      end
+      
       # Check if query already has a LIMIT clause
       if sql_has_limit?
         LimitResult.new(sql: @sql, truncated: false)
@@ -33,6 +38,11 @@ module QueryConsole
 
     attr_reader :sql, :max_rows, :config
 
+    def is_dml_query?
+      # Check if query is a DML operation (INSERT, UPDATE, DELETE, MERGE)
+      @sql.strip.downcase.match?(/\A(insert|update|delete|merge)\b/)
+    end
+
     def sql_has_limit?
       # Check for LIMIT clause (case-insensitive)
       # Match: "LIMIT", " LIMIT ", etc.

data/app/services/query_console/sql_validator.rb

@@ -1,12 +1,13 @@
 module QueryConsole
   class SqlValidator
     class ValidationResult
-      attr_reader :valid, :error, :sanitized_sql
+      attr_reader :valid, :error, :sanitized_sql, :is_dml
 
-      def initialize(valid:, sanitized_sql: nil, error: nil)
+      def initialize(valid:, sanitized_sql: nil, error: nil, is_dml: false)
         @valid = valid
         @sanitized_sql = sanitized_sql
         @error = error
+        @is_dml = is_dml
       end
 
       def valid?
@@ -16,6 +17,10 @@ module QueryConsole
       def invalid?
         !@valid
       end
+
+      def dml?
+        @is_dml
+      end
     end
 
     def initialize(sql, config = QueryConsole.configuration)
@@ -41,16 +46,35 @@ module QueryConsole
 
       # Check if query starts with allowed keywords
       normalized_start = sanitized.downcase
-      unless @config.allowed_starts_with.any? { |keyword| normalized_start.start_with?(keyword) }
+      
+      # Define DML-specific keywords that are conditionally allowed
+      dml_keywords = %w[insert update delete merge]
+      
+      # Expand allowed_starts_with if DML is enabled
+      effective_allowed = if @config.enable_dml
+        @config.allowed_starts_with + dml_keywords
+      else
+        @config.allowed_starts_with
+      end
+      
+      unless effective_allowed.any? { |keyword| normalized_start.start_with?(keyword) }
         return ValidationResult.new(
           valid: false,
-          error: "Query must start with one of: #{@config.allowed_starts_with.join(', ').upcase}"
+          error: "Query must start with one of: #{effective_allowed.join(', ').upcase}"
         )
       end
 
       # Check for forbidden keywords
       normalized_query = sanitized.downcase
-      forbidden = @config.forbidden_keywords.find do |keyword|
+      
+      # Filter forbidden keywords based on DML enablement
+      effective_forbidden = if @config.enable_dml
+        @config.forbidden_keywords.reject { |kw| dml_keywords.include?(kw) || kw == 'replace' || kw == 'into' }
+      else
+        @config.forbidden_keywords
+      end
+      
+      forbidden = effective_forbidden.find do |keyword|
         # Match whole words to avoid false positives (e.g., "updates" table name)
         normalized_query.match?(/\b#{Regexp.escape(keyword.downcase)}\b/)
       end
@@ -62,7 +86,10 @@ module QueryConsole
         )
       end
 
-      ValidationResult.new(valid: true, sanitized_sql: sanitized)
+      # Detect if this is a DML query
+      is_dml_query = sanitized.downcase.match?(/\A(insert|update|delete|merge)\b/)
+
+      ValidationResult.new(valid: true, sanitized_sql: sanitized, is_dml: is_dml_query)
     end
 
     private

data/app/views/query_console/explain/_results.html.erb

@@ -0,0 +1,89 @@
+<style>
+  .explain-container {
+    margin-top: 20px;
+  }
+
+  .explain-header {
+    background: #f8f9fa;
+    padding: 12px 16px;
+    border-radius: 4px 4px 0 0;
+    border: 1px solid #dee2e6;
+    border-bottom: none;
+    display: flex;
+    justify-content: space-between;
+    align-items: center;
+  }
+
+  .explain-header h4 {
+    margin: 0;
+    font-size: 14px;
+    font-weight: 600;
+    color: #495057;
+  }
+
+  .explain-metadata {
+    font-size: 12px;
+    color: #6c757d;
+  }
+
+  .explain-content {
+    background: #fff;
+    border: 1px solid #dee2e6;
+    border-radius: 0 0 4px 4px;
+    padding: 16px;
+    max-height: 400px;
+    overflow: auto;
+  }
+
+  .explain-plan {
+    font-family: 'Courier New', Courier, monospace;
+    font-size: 13px;
+    line-height: 1.6;
+    white-space: pre-wrap;
+    word-wrap: break-word;
+    background: #f8f9fa;
+    padding: 12px;
+    border-radius: 4px;
+    color: #212529;
+  }
+
+  .explain-error {
+    background: #f8d7da;
+    color: #721c24;
+    padding: 12px 16px;
+    border-radius: 4px;
+    border: 1px solid #f5c6cb;
+  }
+
+  .explain-error-icon {
+    font-weight: bold;
+    margin-right: 8px;
+  }
+</style>
+
+<%= turbo_frame_tag "explain-results" do %>
+  <div class="explain-container">
+    <% if result.failure? %>
+      <div class="explain-error">
+        <span class="explain-error-icon">⚠</span>
+        <strong>EXPLAIN Error:</strong> <%= result.error %>
+      </div>
+    <% else %>
+      <div class="explain-header">
+        <h4>Query Execution Plan</h4>
+        <div class="explain-metadata">
+          Execution time: <strong><%= result.execution_time_ms %>ms</strong>
+        </div>
+      </div>
+      <div class="explain-content">
+        <% if result.plan_text.present? %>
+          <div class="explain-plan"><%= result.plan_text %></div>
+        <% else %>
+          <div style="color: #6c757d; text-align: center; padding: 20px;">
+            No execution plan available.
+          </div>
+        <% end %>
+      </div>
+    <% end %>
+  </div>
+<% end %>

data/app/views/query_console/queries/_results.html.erb

@@ -2,6 +2,9 @@
   <style>
     .results-container {
       margin-top: 20px;
+      width: 100%;
+      min-width: 0;
+      overflow: hidden;
     }
 
     .error-message {
@@ -66,7 +69,8 @@
     }
 
     .results-table {
-      width: 100%;
+      width: max-content;
+      min-width: 100%;
       border-collapse: collapse;
       font-size: 14px;
       background: white;
@@ -112,10 +116,33 @@
       color: #999;
       font-style: italic;
     }
+
+    .dml-warning {
+      background-color: #fff3cd;
+      border-left: 4px solid #ffc107;
+      padding: 12px 16px;
+      margin-bottom: 16px;
+      border-radius: 4px;
+    }
+
+    .dml-warning-icon {
+      color: #ff6b6b;
+      font-weight: bold;
+      margin-right: 8px;
+    }
   </style>
 
   <div class="results-container">
     <% result_to_render = local_assigns[:result] || @result %>
+    <% is_dml_result = local_assigns[:is_dml] || @is_dml %>
+    
+    <% if is_dml_result %>
+      <div class="dml-warning">
+        <span class="dml-warning-icon">ℹ️</span>
+        <strong>Data Modified:</strong> 
+        This query has modified the database. All changes are logged.
+      </div>
+    <% end %>
     
     <% if result_to_render.error %>
       <div class="error-message">
@@ -132,8 +159,13 @@
           <span class="metadata-value"><%= result_to_render.execution_time_ms %>ms</span>
         </div>
         <div class="metadata-item">
-          <span class="metadata-label">Rows:</span>
-          <span class="metadata-value"><%= result_to_render.row_count_shown %></span>
+          <% if is_dml_result && result_to_render.rows_affected %>
+            <span class="metadata-label">Rows Affected:</span>
+            <span class="metadata-value"><%= result_to_render.rows_affected %></span>
+          <% else %>
+            <span class="metadata-label">Rows:</span>
+            <span class="metadata-value"><%= result_to_render.row_count_shown %></span>
+          <% end %>
         </div>
         <% if result_to_render.truncated %>
           <div class="metadata-item">
@@ -144,7 +176,11 @@
 
       <% if result_to_render.rows.empty? %>
         <div class="empty-results">
-          No rows returned
+          <% if is_dml_result && result_to_render.rows_affected %>
+            <%= result_to_render.rows_affected %> row(s) affected
+          <% else %>
+            No rows returned
+          <% end %>
         </div>
       <% else %>
         <div class="table-wrapper">