@carbonorm/carbonnode 6.0.13 → 6.0.17

package/src/utils/logSql.ts

@@ -2,19 +2,33 @@ import { getEnvBool } from "../variables/getEnv";
 import colorSql from "./colorSql";
 import { version } from "../../package.json";
 import versionToRgb from "./versionColor";
-import type {LogContext} from "./logLevel";
-import {LogLevel, shouldLog} from "./logLevel";
+import type { LogContext } from "./logLevel";
+import { LogLevel, shouldLog } from "./logLevel";
+
+export type SqlAllowListStatus = "allowed" | "denied" | "not verified";
+export type SqlCacheStatus = "hit" | "miss" | "ignored";
+
+export type LogSqlContextOptions = {
+    cacheStatus: SqlCacheStatus;
+    allowListStatus: SqlAllowListStatus;
+    method: string,
+    sql: string,
+    context?: LogContext,
+};
 
 const C = {
     SSR: "\x1b[95m", // bright magenta
     HTTP: "\x1b[94m", // bright blue
     SQL: "\x1b[96m", // bright cyan
+    WARN: "\x1b[93m", // yellow
+    ORANGE: "\x1b[38;2;255;165;0m", // orange (truecolor)
+    ERROR: "\x1b[91m", // red
     METHOD_COLORS: {
         SELECT: "\x1b[92m", // green
         INSERT: "\x1b[96m", // cyan
         REPLACE: "\x1b[96m", // cyan
         UPDATE: "\x1b[95m", // magenta
-        DELETE: "\x1b[91m", // red
+        DELETE: "\x1b[38;2;255;179;179m", // very light red (truecolor)
     },
     METHOD_FALLBACK: [
         "\x1b[92m", // green
@@ -24,6 +38,7 @@ const C = {
         "\x1b[94m", // blue
         "\x1b[97m", // white
     ],
+    GREY: "\x1b[90m", // light grey
     RESET: "\x1b[0m",
 };
 
@@ -47,13 +62,43 @@ function methodColor(method: string): string {
     return C.METHOD_FALLBACK[idx];
 }
 
-export default function logSql(method: string, sql: string, context?: LogContext): void {
-    if (!shouldLog(LogLevel.INFO, context)) return;
+const cacheLabel = (cacheStatus: SqlCacheStatus): string => {
+    switch (cacheStatus) {
+        case "hit":
+            return `${C.METHOD_COLORS.SELECT}[CACHE HIT]${C.RESET}`;
+        case "ignored":
+            return `${C.WARN}[CACHE IGNORED]${C.RESET}`;
+        default:
+            return `${C.ORANGE}[CACHE MISS]${C.RESET}`;
+    }
+};
+
+const allowListLabel = (status: SqlAllowListStatus): string => {
+    switch (status) {
+        case "allowed":
+            return `${C.METHOD_COLORS.SELECT}[VERIFIED]${C.RESET}`;
+        case "denied":
+            return `${C.ERROR}[DENIED]${C.RESET}`;
+        default:
+            return `${C.GREY}[NOT VERIFIED]${C.RESET}`;
+    }
+};
+
+export default function logSql(
+    options: LogSqlContextOptions,
+): void {
+    const method = options.method.toUpperCase();
+
+    if (!shouldLog(LogLevel.INFO, options.context)) return;
     const preText = getEnvBool("SSR", false)
         ? `${C.SSR}[SSR]${C.RESET} `
         : `${C.HTTP}[API]${C.RESET} `;
 
     const labelColor = methodColor(method);
     const versionColor = rgbAnsi(versionToRgb(version));
-    console.log(`${versionColor}[${version}]${C.RESET} ${preText}${labelColor}[${method}]${C.RESET} ${colorSql(sql)}`);
+    const cacheText = cacheLabel(options.cacheStatus);
+    const allowListText = allowListLabel(options.allowListStatus);
+    console.log(
+        `${versionColor}[${version}]${C.RESET} ${cacheText} ${allowListText} ${preText}${labelColor}[${method}]${C.RESET} ${colorSql(options.sql)}`,
+    );
 }

package/src/utils/sqlAllowList.ts

@@ -1,9 +1,95 @@
 import isNode from "../variables/isNode";
 
-const allowListCache = new Map<string, Set<string>>();
+type AllowListCacheEntry = {
+    allowList: Set<string>;
+    mtimeMs: number;
+    size: number;
+};
 
-export const normalizeSql = (sql: string): string =>
-    sql.replace(/\s+/g, " ").trim();
+const allowListCache = new Map<string, AllowListCacheEntry>();
+
+const ANSI_ESCAPE_REGEX = /\x1b\[[0-9;]*m/g;
+const COLLAPSED_BIND_ROW_REGEX = /\(\?\s*×\d+\)/g;
+
+function collapseBindGroups(sql: string): string {
+    let normalized = sql.replace(
+        /\(\s*(\?(?:\s*,\s*\?)*)\s*\)/g,
+        (_match, binds: string) => {
+            const bindCount = (binds.match(/\?/g) ?? []).length;
+            return `(? ×${bindCount})`;
+        },
+    );
+
+    normalized = normalized.replace(
+        /(\(\?\s*×\d+\))(?:\s*,\s*\1)+/g,
+        (_match, row) => `${row} ×*`,
+    );
+
+    normalized = normalized.replace(
+        /\b(VALUES|VALUE)\s+(\(\?\s*×\d+\))(?:\s*×\d+|\s*×\*)?/gi,
+        (_match, keyword: string, row: string) => `${keyword} ${row} ×*`,
+    );
+
+    normalized = normalized.replace(
+        /\bIN\s*\(\?\s*×\d+\)/gi,
+        "IN (? ×*)",
+    );
+
+    normalized = normalized.replace(
+        /\(\?\s*×\d+\)\s*×\d+/g,
+        (match) => {
+            const row = match.match(COLLAPSED_BIND_ROW_REGEX)?.[0];
+            return row ? `${row} ×*` : match;
+        },
+    );
+
+    return normalized;
+}
+
+function normalizeLimitOffset(sql: string): string {
+    return sql
+        .replace(/\bLIMIT\s+\d+\s*,\s*\d+\b/gi, "LIMIT ?, ?")
+        .replace(/\bLIMIT\s+\d+\s+OFFSET\s+\d+\b/gi, "LIMIT ? OFFSET ?")
+        .replace(/\bLIMIT\s+\d+\b/gi, "LIMIT ?")
+        .replace(/\bOFFSET\s+\d+\b/gi, "OFFSET ?");
+}
+
+function normalizeGeomFromTextLiterals(sql: string): string {
+    let normalized = sql.replace(
+        /ST_GEOMFROMTEXT\(\s*'POINT\([^']*\)'\s*,\s*(?:\d+|\?)\s*\)/gi,
+        "ST_GEOMFROMTEXT('POINT(? ?)', ?)",
+    );
+
+    normalized = normalized.replace(
+        /ST_GEOMFROMTEXT\(\s*'POLYGON\(\([^']*\)\)'\s*,\s*(?:\d+|\?)\s*\)/gi,
+        "ST_GEOMFROMTEXT('POLYGON((?))', ?)",
+    );
+
+    return normalized;
+}
+
+function normalizeGeoFunctionNames(sql: string): string {
+    return sql
+        .replace(/\bST_DISTANCE_SPHERE\b/gi, "ST_DISTANCE_SPHERE")
+        .replace(/\bST_GEOMFROMTEXT\b/gi, "ST_GEOMFROMTEXT")
+        .replace(/\bMBRCONTAINS\b/gi, "MBRCONTAINS");
+}
+
+function normalizeTokenPunctuationSpacing(sql: string): string {
+    return sql.replace(/`,\s*`/g, "`, `");
+}
+
+export const normalizeSql = (sql: string): string => {
+    let normalized = sql.replace(ANSI_ESCAPE_REGEX, " ");
+    normalized = normalized.replace(/\s+/g, " ").trim();
+    normalized = normalizeGeoFunctionNames(normalized);
+    normalized = normalizeTokenPunctuationSpacing(normalized);
+    normalized = collapseBindGroups(normalized);
+    normalized = normalizeLimitOffset(normalized);
+    normalized = normalizeGeomFromTextLiterals(normalized);
+    normalized = normalized.replace(/;\s*$/, "");
+    return normalized.replace(/\s+/g, " ").trim();
+};
 
 const parseAllowList = (raw: string, sourcePath: string): string[] => {
     let parsed: unknown;
@@ -30,15 +116,27 @@ const parseAllowList = (raw: string, sourcePath: string): string[] => {
 };
 
 export const loadSqlAllowList = async (allowListPath: string): Promise<Set<string>> => {
-    if (allowListCache.has(allowListPath)) {
-        return allowListCache.get(allowListPath)!;
-    }
-
     if (!isNode()) {
         throw new Error("SQL allowlist validation requires a Node runtime.");
     }
 
-    const {readFile} = await import("node:fs/promises");
+    const {readFile, stat} = await import("node:fs/promises");
+
+    let fileStat: { mtimeMs: number; size: number };
+    try {
+        fileStat = await stat(allowListPath);
+    } catch (error) {
+        throw new Error(`SQL allowlist file not found at ${allowListPath}.`);
+    }
+
+    const cached = allowListCache.get(allowListPath);
+    if (
+        cached &&
+        cached.mtimeMs === fileStat.mtimeMs &&
+        cached.size === fileStat.size
+    ) {
+        return cached.allowList;
+    }
 
     let raw: string;
     try {
@@ -49,7 +147,11 @@ export const loadSqlAllowList = async (allowListPath: string): Promise<Set<strin
 
     const sqlEntries = parseAllowList(raw, allowListPath);
     const allowList = new Set(sqlEntries);
-    allowListCache.set(allowListPath, allowList);
+    allowListCache.set(allowListPath, {
+        allowList,
+        mtimeMs: fileStat.mtimeMs,
+        size: fileStat.size,
+    });
     return allowList;
 };