@bytebase/dbhub 0.4.1 → 0.4.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +33 -1
- package/dist/index.js +26 -8
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -113,7 +113,7 @@ docker run --rm --init \
|
|
|
113
113
|
|
|
114
114
|
```bash
|
|
115
115
|
# PostgreSQL example
|
|
116
|
-
npx @bytebase/dbhub --transport sse --port 8080 --dsn "postgres://user:password@localhost:5432/dbname"
|
|
116
|
+
npx @bytebase/dbhub --transport sse --port 8080 --dsn "postgres://user:password@localhost:5432/dbname?sslmode=disable"
|
|
117
117
|
```
|
|
118
118
|
|
|
119
119
|
```bash
|
|
@@ -175,6 +175,38 @@ npx @bytebase/dbhub --transport sse --port 8080 --demo
|
|
|
175
175
|
|
|
176
176
|
## Usage
|
|
177
177
|
|
|
178
|
+
### SSL Connections
|
|
179
|
+
|
|
180
|
+
You can specify the SSL mode using the `sslmode` parameter in your DSN string:
|
|
181
|
+
|
|
182
|
+
| Database | `sslmode=disable` | `sslmode=require` | Default SSL Behavior |
|
|
183
|
+
|------------|:----------------:|:----------------:|:-------------------:|
|
|
184
|
+
| PostgreSQL | ✅ | ✅ | Certificate verification |
|
|
185
|
+
| MySQL | ✅ | ✅ | Certificate verification |
|
|
186
|
+
| MariaDB | ✅ | ✅ | Certificate verification |
|
|
187
|
+
| SQL Server | ❌ | ❌ | Built-in encryption |
|
|
188
|
+
| SQLite | ❌ | ❌ | N/A (file-based) |
|
|
189
|
+
| Oracle | ❌ | ❌ | Built-in encryption |
|
|
190
|
+
|
|
191
|
+
**SSL Mode Options:**
|
|
192
|
+
|
|
193
|
+
- `sslmode=disable`: All SSL/TLS encryption is turned off. Data is transmitted in plaintext.
|
|
194
|
+
- `sslmode=require`: Connection is encrypted, but the server's certificate is not verified. This provides protection against packet sniffing but not against man-in-the-middle attacks. You may use this for trusted self-signed CA.
|
|
195
|
+
|
|
196
|
+
Without specifying `sslmode`, most databases default to certificate verification, which provides the highest level of security.
|
|
197
|
+
|
|
198
|
+
Example usage:
|
|
199
|
+
```bash
|
|
200
|
+
# Disable SSL
|
|
201
|
+
postgres://user:password@localhost:5432/dbname?sslmode=disable
|
|
202
|
+
|
|
203
|
+
# Require SSL without certificate verification
|
|
204
|
+
postgres://user:password@localhost:5432/dbname?sslmode=require
|
|
205
|
+
|
|
206
|
+
# Standard SSL with certificate verification (default)
|
|
207
|
+
postgres://user:password@localhost:5432/dbname
|
|
208
|
+
```
|
|
209
|
+
|
|
178
210
|
### Read-only Mode
|
|
179
211
|
|
|
180
212
|
You can run DBHub in read-only mode, which restricts SQL query execution to read-only operations:
|
package/dist/index.js
CHANGED
|
@@ -76,7 +76,13 @@ var PostgresDSNParser = class {
|
|
|
76
76
|
};
|
|
77
77
|
url.searchParams.forEach((value, key) => {
|
|
78
78
|
if (key === "sslmode") {
|
|
79
|
-
|
|
79
|
+
if (value === "disable") {
|
|
80
|
+
config.ssl = false;
|
|
81
|
+
} else if (value === "require") {
|
|
82
|
+
config.ssl = { rejectUnauthorized: false };
|
|
83
|
+
} else {
|
|
84
|
+
config.ssl = true;
|
|
85
|
+
}
|
|
80
86
|
}
|
|
81
87
|
});
|
|
82
88
|
return config;
|
|
@@ -87,7 +93,7 @@ var PostgresDSNParser = class {
|
|
|
87
93
|
}
|
|
88
94
|
}
|
|
89
95
|
getSampleDSN() {
|
|
90
|
-
return "postgres://postgres:password@localhost:5432/postgres?sslmode=
|
|
96
|
+
return "postgres://postgres:password@localhost:5432/postgres?sslmode=require";
|
|
91
97
|
}
|
|
92
98
|
isValidDSN(dsn) {
|
|
93
99
|
try {
|
|
@@ -930,8 +936,14 @@ var MySQLDSNParser = class {
|
|
|
930
936
|
password: url.password ? decodeURIComponent(url.password) : ""
|
|
931
937
|
};
|
|
932
938
|
url.searchParams.forEach((value, key) => {
|
|
933
|
-
if (key === "
|
|
934
|
-
|
|
939
|
+
if (key === "sslmode") {
|
|
940
|
+
if (value === "disable") {
|
|
941
|
+
config.ssl = void 0;
|
|
942
|
+
} else if (value === "require") {
|
|
943
|
+
config.ssl = { rejectUnauthorized: false };
|
|
944
|
+
} else {
|
|
945
|
+
config.ssl = {};
|
|
946
|
+
}
|
|
935
947
|
}
|
|
936
948
|
});
|
|
937
949
|
return config;
|
|
@@ -942,7 +954,7 @@ var MySQLDSNParser = class {
|
|
|
942
954
|
}
|
|
943
955
|
}
|
|
944
956
|
getSampleDSN() {
|
|
945
|
-
return "mysql://root:password@localhost:3306/mysql";
|
|
957
|
+
return "mysql://root:password@localhost:3306/mysql?sslmode=require";
|
|
946
958
|
}
|
|
947
959
|
isValidDSN(dsn) {
|
|
948
960
|
try {
|
|
@@ -1280,8 +1292,14 @@ var MariadbDSNParser = class {
|
|
|
1280
1292
|
password: decodeURIComponent(url.password)
|
|
1281
1293
|
};
|
|
1282
1294
|
url.searchParams.forEach((value, key) => {
|
|
1283
|
-
if (key === "
|
|
1284
|
-
|
|
1295
|
+
if (key === "sslmode") {
|
|
1296
|
+
if (value === "disable") {
|
|
1297
|
+
config.ssl = void 0;
|
|
1298
|
+
} else if (value === "require") {
|
|
1299
|
+
config.ssl = { rejectUnauthorized: false };
|
|
1300
|
+
} else {
|
|
1301
|
+
config.ssl = {};
|
|
1302
|
+
}
|
|
1285
1303
|
}
|
|
1286
1304
|
});
|
|
1287
1305
|
return config;
|
|
@@ -1292,7 +1310,7 @@ var MariadbDSNParser = class {
|
|
|
1292
1310
|
}
|
|
1293
1311
|
}
|
|
1294
1312
|
getSampleDSN() {
|
|
1295
|
-
return "mariadb://root:password@localhost:3306/db";
|
|
1313
|
+
return "mariadb://root:password@localhost:3306/db?sslmode=require";
|
|
1296
1314
|
}
|
|
1297
1315
|
isValidDSN(dsn) {
|
|
1298
1316
|
try {
|