@libredb/studio 0.9.7

package/src/lib/types.ts

@@ -0,0 +1,173 @@
+export type DatabaseType = 'postgres' | 'mysql' | 'sqlite' | 'mongodb' | 'redis' | 'oracle' | 'mssql';
+
+export type ConnectionEnvironment = 'production' | 'staging' | 'development' | 'local' | 'other';
+
+export const ENVIRONMENT_COLORS: Record<ConnectionEnvironment, string> = {
+  production: '#ef4444',
+  staging: '#eab308',
+  development: '#22c55e',
+  local: '#3b82f6',
+  other: '#6b7280',
+};
+
+export const ENVIRONMENT_LABELS: Record<ConnectionEnvironment, string> = {
+  production: 'PROD',
+  staging: 'STAGING',
+  development: 'DEV',
+  local: 'LOCAL',
+  other: '',
+};
+
+export type SSLMode = 'disable' | 'require' | 'verify-ca' | 'verify-full';
+
+export interface SSLConfig {
+  mode: SSLMode;
+  caCert?: string;
+  clientCert?: string;
+  clientKey?: string;
+  rejectUnauthorized?: boolean;
+}
+
+export interface SSHTunnelConfig {
+  enabled: boolean;
+  host: string;
+  port: number;
+  username: string;
+  authMethod: 'password' | 'privateKey';
+  password?: string;
+  privateKey?: string;
+  passphrase?: string;
+}
+
+export interface DatabaseConnection {
+  id: string;
+  name: string;
+  type: DatabaseType;
+  host?: string;
+  port?: number;
+  user?: string;
+  password?: string;
+  database?: string;
+  connectionString?: string;
+  createdAt: Date;
+  color?: string;
+  environment?: ConnectionEnvironment;
+  group?: string;
+  ssl?: SSLConfig;
+  sshTunnel?: SSHTunnelConfig;
+  serviceName?: string;   // Oracle: service name (e.g. ORCL, XEPDB1)
+  instanceName?: string;  // MSSQL: named instance (e.g. SQLEXPRESS)
+  managed?: boolean;      // true = admin-controlled, read-only in UI
+  seedId?: string;        // stable reference to seed config ID
+}
+
+export interface TableSchema {
+  name: string;
+  columns: ColumnSchema[];
+  indexes: IndexSchema[];
+  foreignKeys?: ForeignKeySchema[];
+  rowCount?: number;
+  size?: string;
+}
+
+export interface ForeignKeySchema {
+  columnName: string;
+  referencedTable: string;
+  referencedColumn: string;
+}
+
+export interface ColumnSchema {
+  name: string;
+  type: string;
+  nullable: boolean;
+  isPrimary: boolean;
+  defaultValue?: string;
+}
+
+export interface IndexSchema {
+  name: string;
+  columns: string[];
+  unique: boolean;
+}
+
+export interface QueryPagination {
+  limit: number;
+  offset: number;
+  hasMore: boolean;
+  totalReturned: number;
+  wasLimited: boolean;
+}
+
+export interface QueryResult {
+  rows: Record<string, unknown>[];
+  fields: string[];
+  rowCount: number;
+  executionTime: number;
+  explainPlan?: unknown;
+  pagination?: QueryPagination;
+}
+
+export interface QueryTab {
+  id: string;
+  name: string;
+  query: string;
+  result: QueryResult | null;
+  isExecuting: boolean;
+  type: 'sql' | 'mongodb' | 'redis';
+  viewMode?: 'results' | 'explain' | 'history' | 'saved';
+  explainPlan?: unknown;
+  // Pagination state
+  currentOffset?: number;
+  isLoadingMore?: boolean;
+  allRows?: Record<string, unknown>[];
+}
+
+export interface QueryHistoryItem {
+  id: string;
+  connectionId: string;
+  connectionName?: string;
+  tabName?: string;
+  query: string;
+  executionTime: number;
+  status: 'success' | 'error';
+  executedAt: Date;
+  rowCount?: number;
+  errorMessage?: string;
+}
+
+export interface SavedQuery {
+  id: string;
+  name: string;
+  query: string;
+  description?: string;
+  connectionType: DatabaseType;
+  createdAt: Date;
+  updatedAt: Date;
+  tags?: string[];
+}
+
+export interface SchemaSnapshot {
+  id: string;
+  connectionId: string;
+  connectionName: string;
+  databaseType: DatabaseType;
+  schema: TableSchema[];
+  createdAt: Date;
+  label?: string;
+}
+
+export type AggregationType = 'none' | 'sum' | 'avg' | 'count' | 'min' | 'max';
+export type DateGrouping = 'hour' | 'day' | 'week' | 'month' | 'year';
+
+export interface SavedChartConfig {
+  id: string;
+  name: string;
+  chartType: string;
+  xAxis: string;
+  yAxis: string[];
+  query?: string;
+  connectionId?: string;
+  createdAt: Date;
+  aggregation?: AggregationType;
+  dateGrouping?: DateGrouping;
+}

package/src/lib/utils.ts

@@ -0,0 +1,6 @@
+import { clsx, type ClassValue } from "clsx"
+import { twMerge } from "tailwind-merge"
+
+export function cn(...inputs: ClassValue[]) {
+  return twMerge(clsx(inputs))
+}

package/src/proxy.ts

@@ -0,0 +1,104 @@
+import { NextRequest, NextResponse } from 'next/server';
+import { jwtVerify } from 'jose';
+import { logger } from '@/lib/logger';
+
+function getJwtSecret(): Uint8Array {
+  const secret = process.env.JWT_SECRET;
+
+  if (!secret) {
+    if (process.env.NODE_ENV === 'production') {
+      throw new Error('JWT_SECRET environment variable is required in production');
+    }
+    // Development fallback - only for local development
+    return new TextEncoder().encode('development-fallback-secret-32ch');
+  }
+
+  if (secret.length < 32) {
+    throw new Error('JWT_SECRET must be at least 32 characters long');
+  }
+
+  return new TextEncoder().encode(secret);
+}
+
+// Lazy-initialized to prevent module-level crash if JWT_SECRET is misconfigured.
+// A module-level throw would block ALL requests (including health check).
+let _jwtSecret: Uint8Array | null = null;
+function jwtSecret(): Uint8Array {
+  if (!_jwtSecret) {
+    _jwtSecret = getJwtSecret();
+  }
+  return _jwtSecret;
+}
+
+export async function proxy(request: NextRequest) {
+  const { pathname } = request.nextUrl;
+  const isStaticAsset = /\.[a-z0-9]+$/i.test(pathname);
+
+  const token = request.cookies.get('auth-token')?.value;
+
+  // If accessing /login with a valid token, redirect authenticated users
+  if (pathname.startsWith('/login')) {
+    if (token) {
+      try {
+        const { payload } = await jwtVerify(token, jwtSecret());
+        const role = payload.role as string;
+        // Redirect authenticated users based on their role
+        return NextResponse.redirect(new URL(role === 'admin' ? '/admin' : '/', request.url));
+      } catch {
+        // Invalid token, allow access to login page
+        logger.debug('Invalid token on login page, allowing access', { route: 'proxy' });
+        return NextResponse.next();
+      }
+    }
+    // No token, allow access to login page
+    return NextResponse.next();
+  }
+
+  // Allow public routes
+  if (
+    pathname.startsWith('/api/auth') ||
+    pathname.startsWith('/_next') ||
+    isStaticAsset ||
+    pathname === '/favicon.ico' ||
+    // Health check endpoint for load balancers (Render, K8s, etc.)
+    pathname === '/api/db/health' ||
+    // Storage config endpoint (public, returns only mode info)
+    pathname === '/api/storage/config'
+  ) {
+    return NextResponse.next();
+  }
+
+  if (!token) {
+    return NextResponse.redirect(new URL('/login', request.url));
+  }
+
+  try {
+    const { payload } = await jwtVerify(token, jwtSecret());
+    const role = payload.role as string;
+
+    // RBAC: /admin only for admin
+    if (pathname.startsWith('/admin') && role !== 'admin') {
+      return NextResponse.redirect(new URL('/', request.url));
+    }
+
+    return NextResponse.next();
+  } catch {
+    logger.warn('JWT verification failed, redirecting to login', { route: 'proxy' });
+    return NextResponse.redirect(new URL('/login', request.url));
+  }
+}
+
+export const config = {
+  matcher: [
+    /*
+     * Match all request paths except for the ones starting with:
+     * - api/auth (auth endpoints)
+     * - api/db/health (health check for load balancers)
+     * - api/storage/config (storage mode discovery - public)
+     * - _next/static (static files)
+     * - _next/image (image optimization files)
+     * - favicon.ico (favicon file)
+     */
+    '/((?!api/auth|api/db/health|api/storage/config|_next/static|_next/image|.*\\..*).*)',
+  ],
+};

package/src/types/db-drivers.d.ts

@@ -0,0 +1,23 @@
+/* eslint-disable @typescript-eslint/no-explicit-any */
+
+declare module 'mssql' {
+  const mssql: any;
+  namespace mssql {
+    type ConnectionPool = any;
+    type Transaction = any;
+    type Request = any;
+    type config = any;
+    type IResult = any;
+  }
+  export = mssql;
+}
+
+declare module 'oracledb' {
+  const oracledb: any;
+  namespace oracledb {
+    type Pool = any;
+    type Connection = any;
+    type ExecuteResult = any;
+  }
+  export = oracledb;
+}

package/src/types/html2canvas.d.ts

@@ -0,0 +1,9 @@
+declare module 'html2canvas' {
+  interface Html2CanvasOptions {
+    backgroundColor?: string;
+    scale?: number;
+  }
+  function html2canvas(element: HTMLElement, options?: Html2CanvasOptions): Promise<HTMLCanvasElement>;
+  export default html2canvas;
+}
+

package/tests/api/admin/audit.test.ts

@@ -0,0 +1,178 @@
+import { describe, test, expect, mock, beforeEach } from 'bun:test';
+import { createMockRequest, parseResponseJSON } from '../../helpers/mock-next';
+import type { AuditEvent } from '@/lib/audit';
+
+// ─── Mock audit buffer ──────────────────────────────────────────────────────
+const mockEvents: AuditEvent[] = [
+  {
+    id: 'evt-1',
+    timestamp: '2026-02-14T10:00:00.000Z',
+    type: 'maintenance',
+    action: 'vacuum',
+    target: 'users',
+    user: 'admin',
+    result: 'success',
+    duration: 150,
+  },
+  {
+    id: 'evt-2',
+    timestamp: '2026-02-14T10:05:00.000Z',
+    type: 'query_execution',
+    action: 'SELECT',
+    target: 'orders',
+    user: 'admin',
+    result: 'success',
+    duration: 25,
+  },
+];
+
+const mockBuffer = {
+  push: mock((event: Omit<AuditEvent, 'id' | 'timestamp'>) => ({
+    ...event,
+    id: `evt-${Date.now()}`,
+    timestamp: new Date().toISOString(),
+  })),
+  getRecent: mock((count: number) => mockEvents.slice(-count)),
+  filter: mock((opts: { type?: string }) => {
+    if (opts.type) return mockEvents.filter(e => e.type === opts.type);
+    return mockEvents;
+  }),
+  getAll: mock(() => mockEvents),
+  size: mockEvents.length,
+  clear: mock(() => {}),
+};
+
+const mockGetSession = mock(async (): Promise<{ role: string; username: string } | null> => ({ role: 'admin', username: 'admin' }));
+
+// ─── Mock @/lib/auth BEFORE importing the route ─────────────────────────────
+mock.module('@/lib/auth', () => ({
+  getSession: mockGetSession,
+  signJWT: mock(async () => 'mock-token'),
+  verifyJWT: mock(async () => null),
+  login: mock(async () => {}),
+  logout: mock(async () => {}),
+}));
+
+// ─── Mock @/lib/audit BEFORE importing the route ────────────────────────────
+mock.module('@/lib/audit', () => ({
+  getServerAuditBuffer: mock(() => mockBuffer),
+  AuditRingBuffer: class {},
+  loadAuditFromStorage: mock(() => []),
+  saveAuditToStorage: mock(() => {}),
+}));
+
+// ─── Import route handler AFTER mocking ─────────────────────────────────────
+const { GET, POST } = await import('@/app/api/admin/audit/route');
+
+// ─── Tests ──────────────────────────────────────────────────────────────────
+describe('/api/admin/audit', () => {
+  beforeEach(() => {
+    mockGetSession.mockClear();
+    mockGetSession.mockImplementation(async (): Promise<{ role: string; username: string } | null> => ({ role: 'admin', username: 'admin' }));
+    mockBuffer.push.mockClear();
+    mockBuffer.getRecent.mockClear();
+    mockBuffer.filter.mockClear();
+  });
+
+  describe('GET /api/admin/audit', () => {
+    test('returns events as admin', async () => {
+      const req = createMockRequest('/api/admin/audit');
+
+      const res = await GET(req);
+      const data = await parseResponseJSON<{ events: AuditEvent[]; total: number }>(res);
+
+      expect(res.status).toBe(200);
+      expect(data.events).toBeArray();
+      expect(data.total).toBe(mockEvents.length);
+    });
+
+    test('returns 403 for non-admin', async () => {
+      mockGetSession.mockResolvedValueOnce({ role: 'user', username: 'user' });
+
+      const req = createMockRequest('/api/admin/audit');
+
+      const res = await GET(req);
+      const data = await parseResponseJSON<{ error: string }>(res);
+
+      expect(res.status).toBe(403);
+      expect(data.error).toContain('Unauthorized');
+    });
+
+    test('filters by type when type param is provided', async () => {
+      const req = createMockRequest('/api/admin/audit?type=maintenance');
+
+      const res = await GET(req);
+      const data = await parseResponseJSON<{ events: AuditEvent[] }>(res);
+
+      expect(res.status).toBe(200);
+      expect(mockBuffer.filter).toHaveBeenCalled();
+      expect(data.events).toBeArray();
+    });
+  });
+
+  describe('POST /api/admin/audit', () => {
+    test('creates event as admin', async () => {
+      const req = createMockRequest('/api/admin/audit', {
+        method: 'POST',
+        body: {
+          type: 'maintenance',
+          action: 'analyze',
+          target: 'products',
+          result: 'success',
+        },
+      });
+
+      const res = await POST(req);
+      const data = await parseResponseJSON<{ event: AuditEvent }>(res);
+
+      expect(res.status).toBe(200);
+      expect(data.event).toBeDefined();
+      expect(mockBuffer.push).toHaveBeenCalledTimes(1);
+      // Verify user was injected from session
+      const pushCall = mockBuffer.push.mock.calls[0][0] as Record<string, unknown>;
+      expect(pushCall.user).toBe('admin');
+    });
+
+    test('returns 403 for non-admin on POST', async () => {
+      mockGetSession.mockResolvedValueOnce({ role: 'user', username: 'user' });
+
+      const req = createMockRequest('/api/admin/audit', {
+        method: 'POST',
+        body: {
+          type: 'maintenance',
+          action: 'vacuum',
+          target: 'users',
+          result: 'success',
+        },
+      });
+
+      const res = await POST(req);
+      const data = await parseResponseJSON<{ error: string }>(res);
+
+      expect(res.status).toBe(403);
+      expect(data.error).toContain('Unauthorized');
+    });
+
+    test('returns 500 on error', async () => {
+      mockBuffer.push.mockImplementationOnce(() => {
+        throw new Error('Buffer full');
+      });
+
+      const req = createMockRequest('/api/admin/audit', {
+        method: 'POST',
+        body: {
+          type: 'maintenance',
+          action: 'vacuum',
+          target: 'users',
+          result: 'success',
+        },
+      });
+
+      const res = await POST(req);
+      const data = await parseResponseJSON<{ error: string }>(res);
+
+      expect(res.status).toBe(500);
+      expect(data.error).toBe('Buffer full');
+    });
+  });
+});

package/tests/api/admin/fleet-health.test.ts

@@ -0,0 +1,183 @@
+import { describe, test, expect, mock, beforeEach } from 'bun:test';
+import { createMockRequest, parseResponseJSON } from '../../helpers/mock-next';
+import { createMockProvider } from '../../helpers/mock-provider';
+import {
+  QueryError,
+  TimeoutError,
+  DatabaseError,
+  DatabaseConfigError,
+  ConnectionError,
+  AuthenticationError,
+  PoolExhaustedError,
+  isDatabaseError,
+  isConnectionError,
+  isQueryError,
+  isTimeoutError,
+  isAuthenticationError,
+  isRetryableError,
+  mapDatabaseError,
+} from '@/lib/db/errors';
+
+// ─── Mock provider ──────────────────────────────────────────────────────────
+const mockProvider = createMockProvider();
+const mockGetOrCreateProvider = mock(async () => mockProvider);
+const mockGetSession = mock(async (): Promise<{ role: string; username: string } | null> => ({ role: 'admin', username: 'admin' }));
+
+// ─── Mock @/lib/auth BEFORE importing the route ─────────────────────────────
+mock.module('@/lib/auth', () => ({
+  getSession: mockGetSession,
+  signJWT: mock(async () => 'mock-token'),
+  verifyJWT: mock(async () => null),
+  login: mock(async () => {}),
+  logout: mock(async () => {}),
+}));
+
+// ─── Mock @/lib/db BEFORE importing the route ───────────────────────────────
+mock.module('@/lib/db', () => ({
+  getOrCreateProvider: mockGetOrCreateProvider,
+  createDatabaseProvider: mock(),
+  removeProvider: mock(),
+  clearProviderCache: mock(),
+  getProviderCacheStats: mock(),
+  QueryError,
+  TimeoutError,
+  DatabaseError,
+  DatabaseConfigError,
+  ConnectionError,
+  AuthenticationError,
+  PoolExhaustedError,
+  isDatabaseError,
+  isConnectionError,
+  isQueryError,
+  isTimeoutError,
+  isAuthenticationError,
+  isRetryableError,
+  mapDatabaseError,
+  BaseDatabaseProvider: class {},
+}));
+
+// ─── Import route handler AFTER mocking ─────────────────────────────────────
+const { POST } = await import('@/app/api/admin/fleet-health/route');
+
+// ─── Fixtures ───────────────────────────────────────────────────────────────
+const connections = [
+  { id: 'conn-1', name: 'Production DB', type: 'postgres', host: 'prod.example.com', port: 5432, database: 'prod', createdAt: new Date() },
+  { id: 'conn-2', name: 'Staging DB', type: 'mysql', host: 'staging.example.com', port: 3306, database: 'staging', createdAt: new Date() },
+];
+
+// ─── Tests ──────────────────────────────────────────────────────────────────
+describe('POST /api/admin/fleet-health', () => {
+  beforeEach(() => {
+    mockGetSession.mockClear();
+    mockGetOrCreateProvider.mockClear();
+    mockGetSession.mockImplementation(async (): Promise<{ role: string; username: string } | null> => ({ role: 'admin', username: 'admin' }));
+    mockGetOrCreateProvider.mockImplementation(async () => mockProvider);
+    (mockProvider.getHealth as ReturnType<typeof mock>).mockClear();
+  });
+
+  test('returns health results for all connections as admin', async () => {
+    const req = createMockRequest('/api/admin/fleet-health', {
+      method: 'POST',
+      body: { connections },
+    });
+
+    const res = await POST(req);
+    const data = await parseResponseJSON<{
+      results: { connectionId: string; connectionName: string; status: string; latencyMs: number }[];
+    }>(res);
+
+    expect(res.status).toBe(200);
+    expect(data.results).toBeArray();
+    expect(data.results.length).toBe(2);
+    expect(data.results[0].connectionId).toBe('conn-1');
+    expect(data.results[0].connectionName).toBe('Production DB');
+    expect(data.results[0].status).toBe('healthy');
+    expect(data.results[0].latencyMs).toBeDefined();
+  });
+
+  test('returns 403 for non-admin user', async () => {
+    mockGetSession.mockResolvedValueOnce({ role: 'user', username: 'user' });
+
+    const req = createMockRequest('/api/admin/fleet-health', {
+      method: 'POST',
+      body: { connections },
+    });
+
+    const res = await POST(req);
+    const data = await parseResponseJSON<{ error: string }>(res);
+
+    expect(res.status).toBe(403);
+    expect(data.error).toContain('Unauthorized');
+  });
+
+  test('returns 403 when no session exists', async () => {
+    mockGetSession.mockResolvedValueOnce(null);
+
+    const req = createMockRequest('/api/admin/fleet-health', {
+      method: 'POST',
+      body: { connections },
+    });
+
+    const res = await POST(req);
+    const data = await parseResponseJSON<{ error: string }>(res);
+
+    expect(res.status).toBe(403);
+    expect(data.error).toContain('Unauthorized');
+  });
+
+  test('returns 400 when connections is missing', async () => {
+    const req = createMockRequest('/api/admin/fleet-health', {
+      method: 'POST',
+      body: {},
+    });
+
+    const res = await POST(req);
+    const data = await parseResponseJSON<{ error: string }>(res);
+
+    expect(res.status).toBe(400);
+    expect(data.error).toContain('connections');
+  });
+
+  test('connection error results in error status for that item', async () => {
+    let callCount = 0;
+    mockGetOrCreateProvider.mockImplementation(async () => {
+      callCount++;
+      if (callCount === 1) {
+        throw new Error('Connection refused');
+      }
+      return mockProvider;
+    });
+
+    const req = createMockRequest('/api/admin/fleet-health', {
+      method: 'POST',
+      body: { connections },
+    });
+
+    const res = await POST(req);
+    const data = await parseResponseJSON<{
+      results: { connectionId: string; status: string; error?: string }[];
+    }>(res);
+
+    expect(res.status).toBe(200);
+    expect(data.results.length).toBe(2);
+    const errorItem = data.results.find(r => r.status === 'error');
+    expect(errorItem).toBeDefined();
+    expect(errorItem!.error).toContain('Connection refused');
+  });
+
+  test('empty connections array returns empty results', async () => {
+    const req = createMockRequest('/api/admin/fleet-health', {
+      method: 'POST',
+      body: { connections: [] },
+    });
+
+    const res = await POST(req);
+    const data = await parseResponseJSON<{
+      results: unknown[];
+    }>(res);
+
+    expect(res.status).toBe(200);
+    expect(data.results).toBeArray();
+    expect(data.results.length).toBe(0);
+  });
+});