query_console 0.2.1 → 0.2.6

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 9ea5d214eb67f13c153578fce1f001109518b6935409774d9ae343de3ee87258
-  data.tar.gz: e7f2c6c7a528ababbef441b2d548cc635222701f5903cbdd1f06b9ecbefd3bc8
+  metadata.gz: 3a47be0c8cd2c38f02425d2bbdd1a077c8dc2ca7903a336cf05bbc5d39042e86
+  data.tar.gz: e7f5487b5ea34bc21280d87181a5b74afcc4b12f9f592894801838bc84d82686
 SHA512:
-  metadata.gz: 5780f01ddfc86f3f998ea7f67b449ff312c3e4e305a6a5c454593a9aec6d691879837171d0567d2db8def6b70503d77203eecf708e4878947463b9f0443ba5eb
-  data.tar.gz: 99f44e0e10f2c06cb428936bfeaf8757bef817353d535ef1088761c6df7ea6a546905ce12c076207a5252103ce7df37a487ff56846a7e89d92c9e37e376de813
+  metadata.gz: b5987fca8610f57bc4f83eee25adb96bd073a72e2dbe34fc7e4c989d11281f89812c9d2d8ced545ee22a2f501e800ad2292e429b889c4194aedf5eb6ffa13e78
+  data.tar.gz: dc2f080870957fac2ac78a764036e843b3af76b6f2c85ce3385a14e2b9dc563312f7dac1defa1a757d36a6db3bf0633230b338a10c31b3f0f9326710cd47b58a

data/app/controllers/query_console/explain_controller.rb

@@ -1,7 +1,5 @@
 module QueryConsole
   class ExplainController < ApplicationController
-    skip_forgery_protection only: [:create] # Allow Turbo Frame POST requests
-
     def create
       sql = params[:sql]
 

data/app/controllers/query_console/queries_controller.rb

@@ -1,7 +1,5 @@
 module QueryConsole
   class QueriesController < ApplicationController
-    skip_forgery_protection only: [:run] # Allow Turbo Frame POST requests
-    
     def new
       # Render the main query editor page
     end

data/app/services/query_console/explain_runner.rb

@@ -96,6 +96,49 @@ module QueryConsole
     end
 
     def execute_with_timeout(sql)
+      case @config.timeout_strategy
+      when :database
+        execute_with_database_timeout(sql)
+      when :ruby
+        execute_with_ruby_timeout(sql)
+      else
+        # Auto-detect: use database timeout for PostgreSQL, Ruby timeout otherwise
+        if postgresql_connection?
+          execute_with_database_timeout(sql)
+        else
+          execute_with_ruby_timeout(sql)
+        end
+      end
+    end
+
+    # Database-level timeout (PostgreSQL only)
+    # Safer: database cancels the query cleanly, no orphan processes
+    def execute_with_database_timeout(sql)
+      conn = ActiveRecord::Base.connection
+      
+      unless postgresql_connection?
+        Rails.logger.warn("[QueryConsole] Database timeout strategy requires PostgreSQL, falling back to Ruby timeout")
+        return execute_with_ruby_timeout(sql)
+      end
+
+      conn.transaction do
+        # SET LOCAL scopes the timeout to this transaction only
+        conn.execute("SET LOCAL statement_timeout = '#{@config.timeout_ms}'")
+        conn.exec_query(sql)
+      end
+    rescue ActiveRecord::StatementInvalid => e
+      if e.message.include?("canceling statement due to statement timeout") ||
+         e.message.include?("query_canceled")
+        raise Timeout::Error, "Query timeout: exceeded #{@config.timeout_ms}ms limit"
+      else
+        raise
+      end
+    end
+
+    # Ruby-level timeout (fallback for non-PostgreSQL databases)
+    # Warning: The database query continues running as an orphan process
+    # even after Ruby times out. Can cause resource exhaustion.
+    def execute_with_ruby_timeout(sql)
       timeout_seconds = @config.timeout_ms / 1000.0
       
       Timeout.timeout(timeout_seconds) do
@@ -103,6 +146,10 @@ module QueryConsole
       end
     end
 
+    def postgresql_connection?
+      ActiveRecord::Base.connection.adapter_name.downcase.include?('postgresql')
+    end
+
     def format_explain_output(result)
       # For SQLite, the result has columns like: id, parent, notused, detail
       # For Postgres, it's usually a single "QUERY PLAN" column

data/app/services/query_console/runner.rb

@@ -94,6 +94,49 @@ module QueryConsole
     attr_reader :sql, :config
 
     def execute_with_timeout(sql)
+      case @config.timeout_strategy
+      when :database
+        execute_with_database_timeout(sql)
+      when :ruby
+        execute_with_ruby_timeout(sql)
+      else
+        # Auto-detect: use database timeout for PostgreSQL, Ruby timeout otherwise
+        if postgresql_connection?
+          execute_with_database_timeout(sql)
+        else
+          execute_with_ruby_timeout(sql)
+        end
+      end
+    end
+
+    # Database-level timeout (PostgreSQL only)
+    # Safer: database cancels the query cleanly, no orphan processes
+    def execute_with_database_timeout(sql)
+      conn = ActiveRecord::Base.connection
+      
+      unless postgresql_connection?
+        Rails.logger.warn("[QueryConsole] Database timeout strategy requires PostgreSQL, falling back to Ruby timeout")
+        return execute_with_ruby_timeout(sql)
+      end
+
+      conn.transaction do
+        # SET LOCAL scopes the timeout to this transaction only
+        conn.execute("SET LOCAL statement_timeout = '#{@config.timeout_ms}'")
+        conn.exec_query(sql)
+      end
+    rescue ActiveRecord::StatementInvalid => e
+      if e.message.include?("canceling statement due to statement timeout") ||
+         e.message.include?("query_canceled")
+        raise Timeout::Error, "Query timeout: exceeded #{@config.timeout_ms}ms limit"
+      else
+        raise
+      end
+    end
+
+    # Ruby-level timeout (fallback for non-PostgreSQL databases)
+    # Warning: The database query continues running as an orphan process
+    # even after Ruby times out. Can cause resource exhaustion.
+    def execute_with_ruby_timeout(sql)
       timeout_seconds = @config.timeout_ms / 1000.0
       
       Timeout.timeout(timeout_seconds) do
@@ -101,6 +144,10 @@ module QueryConsole
       end
     end
 
+    def postgresql_connection?
+      ActiveRecord::Base.connection.adapter_name.downcase.include?('postgresql')
+    end
+
     # Get the number of rows affected by a DML query
     # This is database-specific, so we try different approaches
     def get_affected_rows_count(result)

data/app/views/query_console/queries/new.html.erb

@@ -595,7 +595,7 @@
         // Create form with Turbo Frame target
         const form = document.createElement('form')
         form.method = 'POST'
-        form.action = '<%= query_console.run_path %>'
+        form.action = '<%= run_path %>'
         form.setAttribute('data-turbo-frame', 'query-results')
         form.innerHTML = `
           <input type="hidden" name="sql" value="${this.escapeHtml(sql)}">
@@ -622,7 +622,7 @@
         // Create form with Turbo Frame target
         const form = document.createElement('form')
         form.method = 'POST'
-        form.action = '<%= query_console.explain_path %>'
+        form.action = '<%= explain_path %>'
         form.setAttribute('data-turbo-frame', 'explain-results')
         form.innerHTML = `
           <input type="hidden" name="sql" value="${this.escapeHtml(sql)}">
@@ -651,7 +651,7 @@
       
       async loadTables() {
         try {
-          const response = await fetch('<%= query_console.schema_tables_path %>')
+          const response = await fetch('<%= schema_tables_path %>')
           this.tables = await response.json()
           this.renderTables()
         } catch (error) {
@@ -680,7 +680,7 @@
         const tableName = event.currentTarget.dataset.tableName
         
         try {
-          const response = await fetch(`<%= query_console.schema_tables_path %>/${tableName}`)
+          const response = await fetch(`<%= schema_tables_path %>/${tableName}`)
           const tableData = await response.json()
           this.renderTableDetails(tableData)
         } catch (error) {

data/lib/query_console/configuration.rb

@@ -3,6 +3,7 @@ module QueryConsole
     attr_accessor :enabled_environments,
                   :max_rows,
                   :timeout_ms,
+                  :timeout_strategy,
                   :authorize,
                   :current_actor,
                   :forbidden_keywords,
@@ -21,6 +22,7 @@ module QueryConsole
       @enabled_environments = ["development"]
       @max_rows = 500
       @timeout_ms = 3000
+      @timeout_strategy = :database # :database (safer, PostgreSQL only) or :ruby (fallback, but can leave orphan queries)
       @authorize = nil # nil means deny by default
       @current_actor = -> (_controller) { "unknown" }
       @forbidden_keywords = %w[

data/lib/query_console/engine.rb

@@ -11,7 +11,7 @@ module QueryConsole
     
     # Load Hotwire (Turbo & Stimulus)
     initializer "query_console.importmap", before: "importmap" do |app|
-      if app.config.respond_to?(:importmap)
+      if defined?(Importmap) && app.config.respond_to?(:importmap)
         app.config.importmap.paths << root.join("config/importmap.rb")
       end
     end

data/lib/query_console/version.rb

@@ -1,3 +1,3 @@
 module QueryConsole
-  VERSION = "0.2.1"
+  VERSION = "0.2.6"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: query_console
 version: !ruby/object:Gem::Version
-  version: 0.2.1
+  version: 0.2.6
 platform: ruby
 authors:
 - Johnson Gnanasekar
@@ -16,6 +16,9 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: 7.0.0
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '9.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -23,6 +26,9 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: 7.0.0
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '9.0'
 - !ruby/object:Gem::Dependency
   name: turbo-rails
   requirement: !ruby/object:Gem::Requirement
@@ -51,20 +57,6 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.3'
-- !ruby/object:Gem::Dependency
-  name: importmap-rails
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '2.0'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '2.0'
 - !ruby/object:Gem::Dependency
   name: rspec-rails
   requirement: !ruby/object:Gem::Requirement