@libredb/studio 0.9.7 → 0.9.12

package/src/lib/api/errors.ts

@@ -1,236 +0,0 @@
-/**
- * API Error Response Standardization
- * Centralized error-to-HTTP mapping for all API routes
- */
-
-import { NextResponse } from 'next/server';
-import { logger } from '@/lib/logger';
-import { ApiErrorCode } from './error-codes';
-import {
-  DatabaseError,
-  DatabaseConfigError,
-  ConnectionError,
-  AuthenticationError,
-  PoolExhaustedError,
-  QueryError,
-  QueryCancelledError,
-  TimeoutError,
-} from '@/lib/db/errors';
-import {
-  LLMError,
-  LLMAuthError,
-  LLMConfigError,
-  LLMRateLimitError,
-  LLMSafetyError,
-  LLMStreamError,
-} from '@/lib/llm/types';
-import { SeedConnectionError } from '@/lib/seed/resolve-connection';
-
-// ============================================================================
-// Types
-// ============================================================================
-
-export type { ApiErrorCode } from './error-codes';
-
-export interface ApiErrorResponse {
-  error: string;
-  code?: ApiErrorCode;
-  statusCode: number;
-  retryable?: boolean;
-  details?: unknown;
-}
-
-// ============================================================================
-// Error → HTTP Mapping
-// ============================================================================
-
-export function createErrorResponse(
-  error: unknown,
-  context?: { route?: string }
-): NextResponse<ApiErrorResponse> {
-  const route = context?.route;
-
-  // --- Seed Connection Error ---
-  if (error instanceof SeedConnectionError) {
-    logger.warn('Seed connection error', { route, statusCode: error.statusCode });
-    const code = error.statusCode === 403 || error.statusCode === 401
-      ? ApiErrorCode.AUTH_ERROR
-      : error.statusCode === 400
-        ? ApiErrorCode.CONFIG_ERROR
-        : undefined;
-    return NextResponse.json(
-      { error: error.message, ...(code ? { code } : {}), statusCode: error.statusCode },
-      { status: error.statusCode }
-    );
-  }
-
-  // --- Query Cancelled ---
-  if (error instanceof QueryCancelledError) {
-    logger.info('Query cancelled', { route, provider: error.provider });
-    return NextResponse.json(
-      {
-        error: error.message,
-        code: ApiErrorCode.QUERY_CANCELLED,
-        statusCode: 499,
-      },
-      { status: 499 }
-    );
-  }
-
-  // --- DB: QueryError (syntax / execution) ---
-  if (error instanceof QueryError) {
-    logger.warn('Query error', { route, provider: error.provider });
-    return NextResponse.json(
-      {
-        error: error.message,
-        code: ApiErrorCode.QUERY_ERROR,
-        statusCode: 400,
-        details: error.position !== undefined || error.detail
-          ? { position: error.position, detail: error.detail }
-          : undefined,
-      },
-      { status: 400 }
-    );
-  }
-
-  // --- DB: DatabaseConfigError ---
-  if (error instanceof DatabaseConfigError) {
-    logger.warn('Database config error', { route, provider: error.provider });
-    return NextResponse.json(
-      { error: error.message, code: ApiErrorCode.CONFIG_ERROR, statusCode: 400 },
-      { status: 400 }
-    );
-  }
-
-  // --- DB: AuthenticationError ---
-  if (error instanceof AuthenticationError) {
-    logger.warn('Database auth error', { route, provider: error.provider });
-    return NextResponse.json(
-      { error: error.message, code: ApiErrorCode.AUTH_ERROR, statusCode: 401 },
-      { status: 401 }
-    );
-  }
-
-  // --- DB: TimeoutError ---
-  if (error instanceof TimeoutError) {
-    logger.warn('Query timeout', { route, provider: error.provider, duration: error.timeout });
-    return NextResponse.json(
-      {
-        error: 'Query timed out. Please try a simpler query or increase timeout.',
-        code: ApiErrorCode.TIMEOUT_ERROR,
-        statusCode: 408,
-        retryable: true,
-      },
-      { status: 408 }
-    );
-  }
-
-  // --- DB: ConnectionError ---
-  if (error instanceof ConnectionError) {
-    logger.error('Connection error', error, { route, provider: error.provider });
-    return NextResponse.json(
-      {
-        error: error.message,
-        code: ApiErrorCode.CONNECTION_ERROR,
-        statusCode: 503,
-        retryable: true,
-      },
-      { status: 503 }
-    );
-  }
-
-  // --- DB: PoolExhaustedError ---
-  if (error instanceof PoolExhaustedError) {
-    logger.error('Pool exhausted', error, { route, provider: error.provider });
-    return NextResponse.json(
-      {
-        error: error.message,
-        code: ApiErrorCode.POOL_EXHAUSTED,
-        statusCode: 503,
-        retryable: true,
-      },
-      { status: 503 }
-    );
-  }
-
-  // --- DB: generic DatabaseError (base class catch-all) ---
-  if (error instanceof DatabaseError) {
-    logger.error('Database error', error, { route, provider: error.provider });
-    return NextResponse.json(
-      {
-        error: error.message,
-        code: (error.code as ApiErrorCode) ?? ApiErrorCode.DATABASE_ERROR,
-        statusCode: 500,
-      },
-      { status: 500 }
-    );
-  }
-
-  // --- LLM: Safety ---
-  if (error instanceof LLMSafetyError) {
-    logger.warn('LLM safety filter triggered', { route, provider: error.provider });
-    return NextResponse.json(
-      { error: 'The prompt was blocked by safety filters.', code: ApiErrorCode.LLM_SAFETY, statusCode: 400 },
-      { status: 400 }
-    );
-  }
-
-  // --- LLM: Auth ---
-  if (error instanceof LLMAuthError) {
-    logger.warn('LLM auth error', { route, provider: error.provider });
-    return NextResponse.json(
-      { error: 'Invalid API key. Please check your configuration.', code: ApiErrorCode.LLM_AUTH, statusCode: 401 },
-      { status: 401 }
-    );
-  }
-
-  // --- LLM: Rate Limit ---
-  if (error instanceof LLMRateLimitError) {
-    logger.warn('LLM rate limit', { route, provider: error.provider });
-    return NextResponse.json(
-      {
-        error: 'AI usage limit reached. Please try again later or check your billing status.',
-        code: ApiErrorCode.LLM_RATE_LIMIT,
-        statusCode: 429,
-        retryable: true,
-      },
-      { status: 429 }
-    );
-  }
-
-  // --- LLM: Config ---
-  if (error instanceof LLMConfigError) {
-    logger.warn('LLM config error', { route, provider: error.provider });
-    return NextResponse.json(
-      { error: error.message, code: ApiErrorCode.LLM_CONFIG, statusCode: 503 },
-      { status: 503 }
-    );
-  }
-
-  // --- LLM: Stream ---
-  if (error instanceof LLMStreamError) {
-    logger.error('LLM stream error', error, { route, provider: error.provider });
-    return NextResponse.json(
-      { error: error.message, code: ApiErrorCode.LLM_STREAM, statusCode: 502, retryable: true },
-      { status: 502 }
-    );
-  }
-
-  // --- LLM: generic LLMError (base class catch-all) ---
-  if (error instanceof LLMError) {
-    const status = error.statusCode ?? 500;
-    logger.error('LLM error', error, { route, provider: error.provider });
-    return NextResponse.json(
-      { error: error.message, code: ApiErrorCode.LLM_ERROR, statusCode: status },
-      { status }
-    );
-  }
-
-  // --- Generic Error ---
-  const message = error instanceof Error ? error.message : 'Internal server error';
-  logger.error('Unhandled error', error, { route });
-  return NextResponse.json(
-    { error: message, code: ApiErrorCode.INTERNAL_ERROR, statusCode: 500 },
-    { status: 500 }
-  );
-}

package/src/lib/api/with-error-handler.ts

@@ -1,41 +0,0 @@
-/**
- * Route Handler Wrappers
- * Optional HOF wrappers for consistent error handling in API routes
- */
-
-import { NextRequest, NextResponse } from 'next/server';
-import { createErrorResponse } from './errors';
-
-/**
- * Wraps a database API route handler with standardized error handling.
- * Catches all errors and maps them via createErrorResponse.
- */
-export function withDbErrorHandler(
-  handler: (req: NextRequest) => Promise<NextResponse>,
-  route?: string
-): (req: NextRequest) => Promise<NextResponse> {
-  return async (req: NextRequest) => {
-    try {
-      return await handler(req);
-    } catch (error) {
-      return createErrorResponse(error, { route });
-    }
-  };
-}
-
-/**
- * Wraps an AI API route handler with standardized error handling.
- * Supports both NextResponse (error) and Response (streaming) return types.
- */
-export function withAiErrorHandler(
-  handler: (req: NextRequest) => Promise<Response | NextResponse>,
-  route?: string
-): (req: NextRequest) => Promise<Response | NextResponse> {
-  return async (req: NextRequest) => {
-    try {
-      return await handler(req);
-    } catch (error) {
-      return createErrorResponse(error, { route });
-    }
-  };
-}

package/src/lib/audit.ts

@@ -1,105 +0,0 @@
-import { storage } from '@/lib/storage';
-
-export type AuditEventType =
-  | 'maintenance'
-  | 'kill_session'
-  | 'masking_config'
-  | 'threshold_config'
-  | 'connection_test'
-  | 'query_execution'
-  | 'managed_connection';
-
-export interface AuditEvent {
-  id: string;
-  timestamp: string;
-  type: AuditEventType;
-  action: string;
-  target: string;
-  connectionName?: string;
-  user: string;
-  result: 'success' | 'failure';
-  duration?: number;
-  details?: string;
-}
-
-const MAX_EVENTS = 1000;
-
-export class AuditRingBuffer {
-  private events: AuditEvent[] = [];
-  private maxSize: number;
-
-  constructor(maxSize = MAX_EVENTS) {
-    this.maxSize = maxSize;
-  }
-
-  push(event: Omit<AuditEvent, 'id' | 'timestamp'>) {
-    const fullEvent: AuditEvent = {
-      ...event,
-      id: `${Date.now()}-${Math.random().toString(36).slice(2, 8)}`,
-      timestamp: new Date().toISOString(),
-    };
-    this.events.push(fullEvent);
-    if (this.events.length > this.maxSize) {
-      this.events = this.events.slice(-this.maxSize);
-    }
-    return fullEvent;
-  }
-
-  getAll(): AuditEvent[] {
-    return [...this.events];
-  }
-
-  getRecent(count: number): AuditEvent[] {
-    return this.events.slice(-count);
-  }
-
-  filter(opts: {
-    type?: AuditEventType;
-    result?: 'success' | 'failure';
-    connectionName?: string;
-    since?: string;
-  }): AuditEvent[] {
-    return this.events.filter((e) => {
-      if (opts.type && e.type !== opts.type) return false;
-      if (opts.result && e.result !== opts.result) return false;
-      if (opts.connectionName && e.connectionName !== opts.connectionName) return false;
-      if (opts.since && e.timestamp < opts.since) return false;
-      return true;
-    });
-  }
-
-  clear() {
-    this.events = [];
-  }
-
-  get size() {
-    return this.events.length;
-  }
-
-  toJSON(): AuditEvent[] {
-    return this.events;
-  }
-
-  loadFrom(events: AuditEvent[]) {
-    this.events = events.slice(-this.maxSize);
-  }
-}
-
-// Global server-side instance
-let _serverBuffer: AuditRingBuffer | null = null;
-
-export function getServerAuditBuffer(): AuditRingBuffer {
-  if (!_serverBuffer) {
-    _serverBuffer = new AuditRingBuffer();
-  }
-  return _serverBuffer;
-}
-
-// Client-side localStorage persistence — delegates to storage module
-export function loadAuditFromStorage(): AuditEvent[] {
-  return storage.getAuditLog();
-}
-
-export function saveAuditToStorage(events: AuditEvent[]) {
-  storage.saveAuditLog(events);
-}

package/src/lib/auth.ts

@@ -1,87 +0,0 @@
-import { SignJWT, jwtVerify } from 'jose';
-import { cookies } from 'next/headers';
-import { logger } from '@/lib/logger';
-
-function getJwtSecret(): Uint8Array {
-  const secret = process.env.JWT_SECRET;
-  
-  if (!secret) {
-    if (process.env.NODE_ENV === 'production') {
-      throw new Error('JWT_SECRET environment variable is required in production');
-    }
-    // Development fallback - only for local development
-    console.warn('⚠️ JWT_SECRET not set, using development fallback. Set JWT_SECRET in production!');
-    return new TextEncoder().encode('development-fallback-secret-32ch');
-  }
-  
-  if (secret.length < 32) {
-    throw new Error('JWT_SECRET must be at least 32 characters long');
-  }
-  
-  return new TextEncoder().encode(secret);
-}
-
-// Lazy-initialized to prevent module-level crash if JWT_SECRET is misconfigured.
-// A module-level throw would crash ALL modules that import auth.ts.
-let _jwtSecret: Uint8Array | null = null;
-function jwtSecret(): Uint8Array {
-  if (!_jwtSecret) {
-    _jwtSecret = getJwtSecret();
-  }
-  return _jwtSecret;
-}
-
-export type Role = 'admin' | 'user';
-
-export interface UserPayload {
-  role: Role;
-  username: string;
-}
-
-export async function signJWT(payload: UserPayload) {
-  return await new SignJWT({ ...payload })
-    .setProtectedHeader({ alg: 'HS256' })
-    .setIssuedAt()
-    .setExpirationTime('24h')
-    .sign(jwtSecret());
-}
-
-export async function verifyJWT(token: string) {
-  try {
-    const { payload } = await jwtVerify(token, jwtSecret());
-    return payload as unknown as UserPayload;
-  } catch (error) {
-    if (error instanceof Error) {
-      if (error.message.includes('expired')) {
-        logger.debug('JWT token expired', { route: 'auth' });
-      } else {
-        logger.warn('JWT verification failed', { route: 'auth' });
-      }
-    }
-    return null;
-  }
-}
-
-export async function getSession() {
-  const cookieStore = await cookies();
-  const token = cookieStore.get('auth-token')?.value;
-  if (!token) return null;
-  return await verifyJWT(token);
-}
-
-export async function login(role: Role, username?: string) {
-  const token = await signJWT({ role, username: username || role });
-  const cookieStore = await cookies();
-  cookieStore.set('auth-token', token, {
-    httpOnly: true,
-    secure: process.env.NODE_ENV === 'production',
-    sameSite: 'lax',
-    maxAge: 60 * 60 * 24, // 1 day
-    path: '/',
-  });
-}
-
-export async function logout() {
-  const cookieStore = await cookies();
-  cookieStore.delete('auth-token');
-}

package/src/lib/connection-string-parser.ts

@@ -1,172 +0,0 @@
-import { DatabaseType } from '@/lib/types';
-
-export interface ParsedConnection {
-  type: DatabaseType;
-  host?: string;
-  port?: string;
-  user?: string;
-  password?: string;
-  database?: string;
-  connectionString?: string;
-}
-
-/**
- * Parse a database connection string URL into its components.
- * Supports: postgres://, postgresql://, mysql://, mongodb://, mongodb+srv://, redis://
- */
-export function parseConnectionString(input: string): ParsedConnection | null {
-  const trimmed = input.trim();
-  if (!trimmed) return null;
-
-  // MongoDB connection strings
-  if (trimmed.startsWith('mongodb://') || trimmed.startsWith('mongodb+srv://')) {
-    return parseMongoDBString(trimmed);
-  }
-
-  // PostgreSQL
-  if (trimmed.startsWith('postgres://') || trimmed.startsWith('postgresql://')) {
-    return parseGenericURL(trimmed, 'postgres', '5432');
-  }
-
-  // MySQL
-  if (trimmed.startsWith('mysql://')) {
-    return parseGenericURL(trimmed, 'mysql', '3306');
-  }
-
-  // Redis
-  if (trimmed.startsWith('redis://') || trimmed.startsWith('rediss://')) {
-    return parseGenericURL(trimmed, 'redis', '6379');
-  }
-
-  // Oracle
-  if (trimmed.startsWith('oracle://')) {
-    return parseGenericURL(trimmed, 'oracle', '1521');
-  }
-
-  // MSSQL / SQL Server
-  if (trimmed.startsWith('mssql://') || trimmed.startsWith('sqlserver://')) {
-    return parseGenericURL(trimmed, 'mssql', '1433');
-  }
-
-  // ADO.NET format: Server=host;Database=db;User Id=user;Password=pass;
-  if (/^Server\s*=/i.test(trimmed)) {
-    return parseADONetString(trimmed);
-  }
-
-  return null;
-}
-
-function parseMongoDBString(uri: string): ParsedConnection {
-  const result: ParsedConnection = {
-    type: 'mongodb',
-    connectionString: uri,
-  };
-
-  try {
-    // For mongodb+srv, we can't use URL directly for host/port
-    // but we can extract user/pass/database
-    const isSRV = uri.startsWith('mongodb+srv://');
-
-    // Extract database from path
-    const withoutProtocol = uri.replace(/^mongodb(\+srv)?:\/\//, '');
-    const atIndex = withoutProtocol.indexOf('@');
-    const afterAuth = atIndex >= 0 ? withoutProtocol.slice(atIndex + 1) : withoutProtocol;
-
-    // Split host(s) from path
-    const slashIndex = afterAuth.indexOf('/');
-    if (slashIndex >= 0) {
-      const pathPart = afterAuth.slice(slashIndex + 1);
-      const dbName = pathPart.split('?')[0];
-      if (dbName) result.database = decodeURIComponent(dbName);
-    }
-
-    // Extract credentials
-    if (atIndex >= 0) {
-      const authPart = withoutProtocol.slice(0, atIndex);
-      const colonIndex = authPart.indexOf(':');
-      if (colonIndex >= 0) {
-        result.user = decodeURIComponent(authPart.slice(0, colonIndex));
-        result.password = decodeURIComponent(authPart.slice(colonIndex + 1));
-      } else {
-        result.user = decodeURIComponent(authPart);
-      }
-    }
-
-    // Extract host/port for non-SRV
-    if (!isSRV && slashIndex >= 0) {
-      const hostPart = afterAuth.slice(0, slashIndex);
-      const firstHost = hostPart.split(',')[0]; // take first host for replica sets
-      const [host, port] = firstHost.split(':');
-      if (host) result.host = host;
-      if (port) result.port = port;
-    }
-  } catch {
-    // If parsing fails, we still have the connectionString
-  }
-
-  return result;
-}
-
-function parseADONetString(input: string): ParsedConnection | null {
-  try {
-    const params: Record<string, string> = {};
-    input.split(';').forEach((part) => {
-      const eq = part.indexOf('=');
-      if (eq > 0) {
-        const key = part.slice(0, eq).trim().toLowerCase();
-        const val = part.slice(eq + 1).trim();
-        params[key] = val;
-      }
-    });
-
-    const host = params['server'] || params['data source'] || 'localhost';
-    const [hostPart, portPart] = host.split(',');
-
-    return {
-      type: 'mssql',
-      host: hostPart || 'localhost',
-      port: portPart || '1433',
-      user: params['user id'] || params['uid'] || undefined,
-      password: params['password'] || params['pwd'] || undefined,
-      database: params['database'] || params['initial catalog'] || undefined,
-    };
-  } catch {
-    return null;
-  }
-}
-
-function parseGenericURL(
-  uri: string,
-  type: DatabaseType,
-  defaultPort: string
-): ParsedConnection | null {
-  try {
-    const url = new URL(uri);
-
-    return {
-      type,
-      host: url.hostname || 'localhost',
-      port: url.port || defaultPort,
-      user: url.username ? decodeURIComponent(url.username) : undefined,
-      password: url.password ? decodeURIComponent(url.password) : undefined,
-      database: url.pathname.slice(1) || undefined, // remove leading /
-    };
-  } catch {
-    return null;
-  }
-}
-
-/**
- * Detect the database type from a connection string.
- */
-export function detectConnectionStringType(input: string): DatabaseType | null {
-  const trimmed = input.trim().toLowerCase();
-  if (trimmed.startsWith('postgres://') || trimmed.startsWith('postgresql://')) return 'postgres';
-  if (trimmed.startsWith('mysql://')) return 'mysql';
-  if (trimmed.startsWith('mongodb://') || trimmed.startsWith('mongodb+srv://')) return 'mongodb';
-  if (trimmed.startsWith('redis://') || trimmed.startsWith('rediss://')) return 'redis';
-  if (trimmed.startsWith('oracle://')) return 'oracle';
-  if (trimmed.startsWith('mssql://') || trimmed.startsWith('sqlserver://')) return 'mssql';
-  if (/^server\s*=/i.test(trimmed)) return 'mssql';
-  return null;
-}