@powersync/service-sync-rules 0.17.10 → 0.18.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +126 -0
- package/dist/ExpressionType.d.ts +1 -0
- package/dist/ExpressionType.js +3 -0
- package/dist/ExpressionType.js.map +1 -1
- package/dist/SqlBucketDescriptor.d.ts +3 -3
- package/dist/SqlBucketDescriptor.js +2 -2
- package/dist/SqlBucketDescriptor.js.map +1 -1
- package/dist/SqlDataQuery.js +28 -7
- package/dist/SqlDataQuery.js.map +1 -1
- package/dist/SqlParameterQuery.d.ts +54 -12
- package/dist/SqlParameterQuery.js +106 -33
- package/dist/SqlParameterQuery.js.map +1 -1
- package/dist/SqlSyncRules.d.ts +2 -2
- package/dist/SqlSyncRules.js +21 -4
- package/dist/SqlSyncRules.js.map +1 -1
- package/dist/StaticSqlParameterQuery.d.ts +9 -6
- package/dist/StaticSqlParameterQuery.js +42 -12
- package/dist/StaticSqlParameterQuery.js.map +1 -1
- package/dist/index.d.ts +1 -0
- package/dist/index.js +1 -0
- package/dist/index.js.map +1 -1
- package/dist/json_schema.js +4 -0
- package/dist/json_schema.js.map +1 -1
- package/dist/request_functions.d.ts +19 -0
- package/dist/request_functions.js +47 -0
- package/dist/request_functions.js.map +1 -0
- package/dist/sql_filters.d.ts +38 -4
- package/dist/sql_filters.js +270 -177
- package/dist/sql_filters.js.map +1 -1
- package/dist/sql_functions.d.ts +30 -19
- package/dist/sql_functions.js +113 -17
- package/dist/sql_functions.js.map +1 -1
- package/dist/sql_support.d.ts +6 -3
- package/dist/sql_support.js +72 -35
- package/dist/sql_support.js.map +1 -1
- package/dist/types.d.ts +100 -12
- package/dist/types.js +18 -0
- package/dist/types.js.map +1 -1
- package/dist/utils.d.ts +1 -2
- package/dist/utils.js +0 -6
- package/dist/utils.js.map +1 -1
- package/package.json +6 -3
|
@@ -1,11 +1,11 @@
|
|
|
1
1
|
import { parse } from 'pgsql-ast-parser';
|
|
2
2
|
import { SqlRuleError } from './errors.js';
|
|
3
3
|
import { SqlTools } from './sql_filters.js';
|
|
4
|
+
import { checkUnsupportedFeatures, isClauseError, isParameterValueClause } from './sql_support.js';
|
|
4
5
|
import { StaticSqlParameterQuery } from './StaticSqlParameterQuery.js';
|
|
5
|
-
import { filterJsonRow, getBucketId, isJsonValue, isSelectStatement } from './utils.js';
|
|
6
6
|
import { TablePattern } from './TablePattern.js';
|
|
7
|
-
import { checkUnsupportedFeatures, isClauseError } from './sql_support.js';
|
|
8
7
|
import { TableQuerySchema } from './TableQuerySchema.js';
|
|
8
|
+
import { filterJsonRow, getBucketId, isJsonValue, isSelectStatement } from './utils.js';
|
|
9
9
|
/**
|
|
10
10
|
* Represents a parameter query, such as:
|
|
11
11
|
*
|
|
@@ -13,7 +13,7 @@ import { TableQuerySchema } from './TableQuerySchema.js';
|
|
|
13
13
|
* SELECT id as user_id, token_parameters.is_admin as is_admin FROM users WHERE users.user_id = token_parameters.user_id
|
|
14
14
|
*/
|
|
15
15
|
export class SqlParameterQuery {
|
|
16
|
-
static fromSql(descriptor_name, sql, schema) {
|
|
16
|
+
static fromSql(descriptor_name, sql, schema, options) {
|
|
17
17
|
const parsed = parse(sql, { locationTracking: true });
|
|
18
18
|
const rows = new SqlParameterQuery();
|
|
19
19
|
if (parsed.length > 1) {
|
|
@@ -25,7 +25,7 @@ export class SqlParameterQuery {
|
|
|
25
25
|
}
|
|
26
26
|
if (q.from == null) {
|
|
27
27
|
// E.g. SELECT token_parameters.user_id as user_id WHERE token_parameters.is_admin
|
|
28
|
-
return StaticSqlParameterQuery.fromSql(descriptor_name, sql, q);
|
|
28
|
+
return StaticSqlParameterQuery.fromSql(descriptor_name, sql, q, options);
|
|
29
29
|
}
|
|
30
30
|
rows.errors.push(...checkUnsupportedFeatures(sql, q));
|
|
31
31
|
if (q.from.length != 1 || q.from[0].type != 'table') {
|
|
@@ -57,6 +57,7 @@ export class SqlParameterQuery {
|
|
|
57
57
|
parameter_tables: ['token_parameters', 'user_parameters'],
|
|
58
58
|
sql,
|
|
59
59
|
supports_expanding_parameters: true,
|
|
60
|
+
supports_parameter_expressions: true,
|
|
60
61
|
schema: querySchema
|
|
61
62
|
});
|
|
62
63
|
const where = q.where;
|
|
@@ -68,8 +69,8 @@ export class SqlParameterQuery {
|
|
|
68
69
|
rows.filter = filter;
|
|
69
70
|
rows.descriptor_name = descriptor_name;
|
|
70
71
|
rows.bucket_parameters = bucket_parameters;
|
|
71
|
-
rows.input_parameters = filter.
|
|
72
|
-
const expandedParams = rows.input_parameters.filter((param) => param.
|
|
72
|
+
rows.input_parameters = filter.inputParameters;
|
|
73
|
+
const expandedParams = rows.input_parameters.filter((param) => param.expands);
|
|
73
74
|
if (expandedParams.length > 1) {
|
|
74
75
|
rows.errors.push(new SqlRuleError('Cannot have multiple array input parameters', sql));
|
|
75
76
|
}
|
|
@@ -77,19 +78,11 @@ export class SqlParameterQuery {
|
|
|
77
78
|
rows.columns = q.columns ?? [];
|
|
78
79
|
rows.static_columns = [];
|
|
79
80
|
rows.lookup_columns = [];
|
|
80
|
-
rows.static_tools = new SqlTools({
|
|
81
|
-
// This is used for values not on the parameter query table - these operate directly on
|
|
82
|
-
// token_parameters or user_parameters.
|
|
83
|
-
table: undefined,
|
|
84
|
-
value_tables: ['token_parameters', 'user_parameters'],
|
|
85
|
-
parameter_tables: [],
|
|
86
|
-
sql
|
|
87
|
-
});
|
|
88
81
|
for (let column of q.columns ?? []) {
|
|
89
82
|
const name = tools.getSpecificOutputName(column);
|
|
90
83
|
if (tools.isTableRef(column.expr)) {
|
|
91
84
|
rows.lookup_columns.push(column);
|
|
92
|
-
const extractor = tools.
|
|
85
|
+
const extractor = tools.compileRowValueExtractor(column.expr);
|
|
93
86
|
if (isClauseError(extractor)) {
|
|
94
87
|
// Error logged already
|
|
95
88
|
continue;
|
|
@@ -98,22 +91,32 @@ export class SqlParameterQuery {
|
|
|
98
91
|
}
|
|
99
92
|
else {
|
|
100
93
|
rows.static_columns.push(column);
|
|
101
|
-
const extractor =
|
|
94
|
+
const extractor = tools.compileParameterValueExtractor(column.expr);
|
|
102
95
|
if (isClauseError(extractor)) {
|
|
103
96
|
// Error logged already
|
|
104
97
|
continue;
|
|
105
98
|
}
|
|
106
|
-
rows.
|
|
99
|
+
rows.parameter_extractors[name] = extractor;
|
|
107
100
|
}
|
|
108
101
|
}
|
|
109
102
|
rows.tools = tools;
|
|
110
103
|
rows.errors.push(...tools.errors);
|
|
111
|
-
|
|
104
|
+
if (rows.usesDangerousRequestParameters && !options?.accept_potentially_dangerous_queries) {
|
|
105
|
+
let err = new SqlRuleError("Potentially dangerous query based on parameters set by the client. The client can send any value for these parameters so it's not a good place to do authorization.", sql);
|
|
106
|
+
err.type = 'warning';
|
|
107
|
+
rows.errors.push(err);
|
|
108
|
+
}
|
|
112
109
|
return rows;
|
|
113
110
|
}
|
|
114
111
|
constructor() {
|
|
112
|
+
/**
|
|
113
|
+
* Example: SELECT *user.id* FROM users WHERE ...
|
|
114
|
+
*/
|
|
115
115
|
this.lookup_extractors = {};
|
|
116
|
-
|
|
116
|
+
/**
|
|
117
|
+
* Example: SELECT *token_parameters.user_id*
|
|
118
|
+
*/
|
|
119
|
+
this.parameter_extractors = {};
|
|
117
120
|
this.errors = [];
|
|
118
121
|
}
|
|
119
122
|
applies(table) {
|
|
@@ -124,12 +127,12 @@ export class SqlParameterQuery {
|
|
|
124
127
|
[this.table]: row
|
|
125
128
|
};
|
|
126
129
|
try {
|
|
127
|
-
const filterParameters = this.filter.
|
|
130
|
+
const filterParameters = this.filter.filterRow(tables);
|
|
128
131
|
let result = [];
|
|
129
132
|
for (let filterParamSet of filterParameters) {
|
|
130
133
|
let lookup = [this.descriptor_name, this.id];
|
|
131
134
|
lookup.push(...this.input_parameters.map((param) => {
|
|
132
|
-
return filterParamSet
|
|
135
|
+
return param.filteredRowToLookupValue(filterParamSet);
|
|
133
136
|
}));
|
|
134
137
|
const data = this.transformRows(row);
|
|
135
138
|
const role = {
|
|
@@ -153,8 +156,10 @@ export class SqlParameterQuery {
|
|
|
153
156
|
}
|
|
154
157
|
return [result];
|
|
155
158
|
}
|
|
159
|
+
/**
|
|
160
|
+
* Given partial parameter rows, turn into bucket ids.
|
|
161
|
+
*/
|
|
156
162
|
resolveBucketIds(bucketParameters, parameters) {
|
|
157
|
-
const tables = { token_parameters: parameters.token_parameters, user_parameters: parameters.user_parameters };
|
|
158
163
|
// Filters have already been applied and gotten us the set of bucketParameters - don't attempt to filter again.
|
|
159
164
|
// We _do_ need to evaluate the output columns here, using a combination of precomputed bucketParameters,
|
|
160
165
|
// and values from token parameters.
|
|
@@ -166,7 +171,7 @@ export class SqlParameterQuery {
|
|
|
166
171
|
result[`bucket.${name}`] = lookup[name];
|
|
167
172
|
}
|
|
168
173
|
else {
|
|
169
|
-
const value = this.
|
|
174
|
+
const value = this.parameter_extractors[name].lookupParameterValue(parameters);
|
|
170
175
|
if (!isJsonValue(value)) {
|
|
171
176
|
// Not valid - exclude.
|
|
172
177
|
// Should we error instead?
|
|
@@ -181,22 +186,33 @@ export class SqlParameterQuery {
|
|
|
181
186
|
})
|
|
182
187
|
.filter((lookup) => lookup != null);
|
|
183
188
|
}
|
|
184
|
-
|
|
185
|
-
|
|
186
|
-
|
|
187
|
-
|
|
188
|
-
|
|
189
|
+
/**
|
|
190
|
+
* Given sync parameters, get lookups we need to perform on the database.
|
|
191
|
+
*
|
|
192
|
+
* Each lookup is [bucket definition name, parameter query index, ...lookup values]
|
|
193
|
+
*/
|
|
189
194
|
getLookups(parameters) {
|
|
190
195
|
if (!this.expanded_input_parameter) {
|
|
191
196
|
let lookup = [this.descriptor_name, this.id];
|
|
197
|
+
let valid = true;
|
|
192
198
|
lookup.push(...this.input_parameters.map((param) => {
|
|
193
199
|
// Scalar value
|
|
194
|
-
|
|
200
|
+
const value = param.parametersToLookupValue(parameters);
|
|
201
|
+
if (isJsonValue(value)) {
|
|
202
|
+
return value;
|
|
203
|
+
}
|
|
204
|
+
else {
|
|
205
|
+
valid = false;
|
|
206
|
+
return null;
|
|
207
|
+
}
|
|
195
208
|
}));
|
|
209
|
+
if (!valid) {
|
|
210
|
+
return [];
|
|
211
|
+
}
|
|
196
212
|
return [lookup];
|
|
197
213
|
}
|
|
198
214
|
else {
|
|
199
|
-
const arrayString = this.
|
|
215
|
+
const arrayString = this.expanded_input_parameter.parametersToLookupValue(parameters);
|
|
200
216
|
if (arrayString == null || typeof arrayString != 'string') {
|
|
201
217
|
return [];
|
|
202
218
|
}
|
|
@@ -210,8 +226,10 @@ export class SqlParameterQuery {
|
|
|
210
226
|
catch (e) {
|
|
211
227
|
return [];
|
|
212
228
|
}
|
|
213
|
-
return values
|
|
229
|
+
return values
|
|
230
|
+
.map((expandedValue) => {
|
|
214
231
|
let lookup = [this.descriptor_name, this.id];
|
|
232
|
+
let valid = true;
|
|
215
233
|
lookup.push(...this.input_parameters.map((param) => {
|
|
216
234
|
if (param == this.expanded_input_parameter) {
|
|
217
235
|
// Expand array value
|
|
@@ -219,13 +237,32 @@ export class SqlParameterQuery {
|
|
|
219
237
|
}
|
|
220
238
|
else {
|
|
221
239
|
// Scalar value
|
|
222
|
-
|
|
240
|
+
const value = param.parametersToLookupValue(parameters);
|
|
241
|
+
if (isJsonValue(value)) {
|
|
242
|
+
return value;
|
|
243
|
+
}
|
|
244
|
+
else {
|
|
245
|
+
valid = false;
|
|
246
|
+
return null;
|
|
247
|
+
}
|
|
223
248
|
}
|
|
224
249
|
}));
|
|
250
|
+
if (!valid) {
|
|
251
|
+
return null;
|
|
252
|
+
}
|
|
225
253
|
return lookup;
|
|
226
|
-
})
|
|
254
|
+
})
|
|
255
|
+
.filter((lookup) => lookup != null);
|
|
227
256
|
}
|
|
228
257
|
}
|
|
258
|
+
/**
|
|
259
|
+
* Given sync parameters (token and user parameters), return bucket ids.
|
|
260
|
+
*
|
|
261
|
+
* This is done in three steps:
|
|
262
|
+
* 1. Given the parameters, get lookups we need to perform on the database.
|
|
263
|
+
* 2. Perform the lookups, returning parameter sets (partial rows).
|
|
264
|
+
* 3. Given the parameter sets, resolve bucket ids.
|
|
265
|
+
*/
|
|
229
266
|
async queryBucketIds(options) {
|
|
230
267
|
let lookups = this.getLookups(options.parameters);
|
|
231
268
|
if (lookups.length == 0) {
|
|
@@ -234,5 +271,41 @@ export class SqlParameterQuery {
|
|
|
234
271
|
const parameters = await options.getParameterSets(lookups);
|
|
235
272
|
return this.resolveBucketIds(parameters, options.parameters);
|
|
236
273
|
}
|
|
274
|
+
get hasAuthenticatedBucketParameters() {
|
|
275
|
+
// select request.user_id() as user_id where ...
|
|
276
|
+
const authenticatedExtractor = Object.values(this.parameter_extractors).find((clause) => isParameterValueClause(clause) && clause.usesAuthenticatedRequestParameters) != null;
|
|
277
|
+
return authenticatedExtractor;
|
|
278
|
+
}
|
|
279
|
+
get hasAuthenticatedMatchClause() {
|
|
280
|
+
// select ... where user_id = request.user_id()
|
|
281
|
+
this.filter?.inputParameters.find;
|
|
282
|
+
const authenticatedInputParameter = this.filter.usesAuthenticatedRequestParameters;
|
|
283
|
+
return authenticatedInputParameter;
|
|
284
|
+
}
|
|
285
|
+
get usesUnauthenticatedRequestParameters() {
|
|
286
|
+
// select ... where request.parameters() ->> 'include_comments'
|
|
287
|
+
const unauthenticatedInputParameter = this.filter.usesUnauthenticatedRequestParameters;
|
|
288
|
+
// select request.parameters() ->> 'project_id'
|
|
289
|
+
const unauthenticatedExtractor = Object.values(this.parameter_extractors).find((clause) => isParameterValueClause(clause) && clause.usesUnauthenticatedRequestParameters) != null;
|
|
290
|
+
return unauthenticatedInputParameter || unauthenticatedExtractor;
|
|
291
|
+
}
|
|
292
|
+
/**
|
|
293
|
+
* Safe:
|
|
294
|
+
* SELECT id as user_id FROM users WHERE users.user_id = request.user_id()
|
|
295
|
+
* SELECT request.jwt() ->> 'org_id' as org_id, id as project_id FROM projects WHERE id = request.parameters() ->> 'project_id'
|
|
296
|
+
* SELECT id as project_id FROM projects WHERE org_id = request.jwt() ->> 'org_id' AND id = request.parameters() ->> 'project_id'
|
|
297
|
+
* SELECT id as category_id FROM categories
|
|
298
|
+
*
|
|
299
|
+
* Dangerous:
|
|
300
|
+
* SELECT id as project_id FROM projects WHERE id = request.parameters() ->> 'project_id'
|
|
301
|
+
* SELECT id as project_id FROM projects WHERE id = request.parameters() ->> 'project_id' AND request.jwt() ->> 'role' = 'authenticated'
|
|
302
|
+
* SELECT id as category_id, request.parameters() ->> 'project_id' as project_id FROM categories
|
|
303
|
+
* SELECT id as category_id FROM categories WHERE request.parameters() ->> 'include_categories'
|
|
304
|
+
*/
|
|
305
|
+
get usesDangerousRequestParameters() {
|
|
306
|
+
return (this.usesUnauthenticatedRequestParameters &&
|
|
307
|
+
!this.hasAuthenticatedBucketParameters &&
|
|
308
|
+
!this.hasAuthenticatedMatchClause);
|
|
309
|
+
}
|
|
237
310
|
}
|
|
238
311
|
//# sourceMappingURL=SqlParameterQuery.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"SqlParameterQuery.js","sourceRoot":"","sources":["../src/SqlParameterQuery.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAkB,MAAM,kBAAkB,CAAC;
|
|
1
|
+
{"version":3,"file":"SqlParameterQuery.js","sourceRoot":"","sources":["../src/SqlParameterQuery.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAkB,MAAM,kBAAkB,CAAC;AACzD,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAE3C,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAAE,wBAAwB,EAAE,aAAa,EAAE,sBAAsB,EAAE,MAAM,kBAAkB,CAAC;AACnG,OAAO,EAAE,uBAAuB,EAAE,MAAM,8BAA8B,CAAC;AACvE,OAAO,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AACjD,OAAO,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AAiBzD,OAAO,EAAE,aAAa,EAAE,WAAW,EAAE,WAAW,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAExF;;;;;GAKG;AACH,MAAM,OAAO,iBAAiB;IAC5B,MAAM,CAAC,OAAO,CACZ,eAAuB,EACvB,GAAW,EACX,MAAqB,EACrB,OAA2B;QAE3B,MAAM,MAAM,GAAG,KAAK,CAAC,GAAG,EAAE,EAAE,gBAAgB,EAAE,IAAI,EAAE,CAAC,CAAC;QACtD,MAAM,IAAI,GAAG,IAAI,iBAAiB,EAAE,CAAC;QAErC,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE;YACrB,MAAM,IAAI,YAAY,CAAC,6CAA6C,EAAE,GAAG,EAAE,MAAM,CAAC,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC;SAClG;QACD,MAAM,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;QAEpB,IAAI,CAAC,iBAAiB,CAAC,CAAC,CAAC,EAAE;YACzB,MAAM,IAAI,YAAY,CAAC,sCAAsC,EAAE,GAAG,EAAE,CAAC,CAAC,SAAS,CAAC,CAAC;SAClF;QAED,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,EAAE;YAClB,kFAAkF;YAClF,OAAO,uBAAuB,CAAC,OAAO,CAAC,eAAe,EAAE,GAAG,EAAE,CAAC,EAAE,OAAO,CAAC,CAAC;SAC1E;QAED,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,wBAAwB,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC;QAEtD,IAAI,CAAC,CAAC,IAAI,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,IAAI,OAAO,EAAE;YACnD,MAAM,IAAI,YAAY,CAAC,iCAAiC,EAAE,GAAG,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;SACvF;QAED,MAAM,QAAQ,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QAClC,IAAI,QAAQ,EAAE,IAAI,IAAI,IAAI,EAAE;YAC1B,MAAM,IAAI,YAAY,CAAC,iCAAiC,EAAE,GAAG,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;SACvF;QACD,MAAM,KAAK,GAAW,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,IAAI,QAAQ,CAAC,IAAI,CAAC;QAC9D,IAAI,QAAQ,CAAC,IAAI,IAAI,KAAK,EAAE;YAC1B,IAAI,CAAC,MAAM,CAAC,IAAI,CACd,IAAI,YAAY,CAAC,kDAAkD,EAAE,GAAG,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CACjG,CAAC;SACH;QACD,MAAM,WAAW,GAAG,IAAI,YAAY,CAAC,QAAQ,CAAC,MAAM,EAAE,QAAQ,CAAC,IAAI,CAAC,CAAC;QACrE,IAAI,WAAW,GAA4B,SAAS,CAAC;QACrD,IAAI,MAAM,EAAE;YACV,MAAM,MAAM,GAAG,MAAM,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;YAC7C,IAAI,MAAM,CAAC,MAAM,IAAI,CAAC,EAAE;gBACtB,MAAM,CAAC,GAAG,IAAI,YAAY,CACxB,SAAS,WAAW,CAAC,MAAM,IAAI,WAAW,CAAC,YAAY,YAAY,EACnE,GAAG,EACH,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,SAAS,CACvB,CAAC;gBACF,CAAC,CAAC,IAAI,GAAG,SAAS,CAAC;gBAEnB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;aACrB;iBAAM;gBACL,WAAW,GAAG,IAAI,gBAAgB,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;aACnD;SACF;QAED,MAAM,KAAK,GAAG,IAAI,QAAQ,CAAC;YACzB,KAAK,EAAE,KAAK;YACZ,gBAAgB,EAAE,CAAC,kBAAkB,EAAE,iBAAiB,CAAC;YACzD,GAAG;YACH,6BAA6B,EAAE,IAAI;YACnC,8BAA8B,EAAE,IAAI;YACpC,MAAM,EAAE,WAAW;SACpB,CAAC,CAAC;QACH,MAAM,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC;QACtB,MAAM,MAAM,GAAG,KAAK,CAAC,kBAAkB,CAAC,KAAK,CAAC,CAAC;QAE/C,MAAM,iBAAiB,GAAG,CAAC,CAAC,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,KAAK,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;QACzF,IAAI,CAAC,WAAW,GAAG,WAAW,CAAC;QAC/B,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;QACnB,IAAI,CAAC,GAAG,GAAG,GAAG,CAAC;QACf,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,eAAe,GAAG,eAAe,CAAC;QACvC,IAAI,CAAC,iBAAiB,GAAG,iBAAiB,CAAC;QAC3C,IAAI,CAAC,gBAAgB,GAAG,MAAM,CAAC,eAAgB,CAAC;QAChD,MAAM,cAAc,GAAG,IAAI,CAAC,gBAAiB,CAAC,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QAC/E,IAAI,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE;YAC7B,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,YAAY,CAAC,6CAA6C,EAAE,GAAG,CAAC,CAAC,CAAC;SACxF;QACD,IAAI,CAAC,wBAAwB,GAAG,cAAc,CAAC,CAAC,CAAC,CAAC;QAClD,IAAI,CAAC,OAAO,GAAG,CAAC,CAAC,OAAO,IAAI,EAAE,CAAC;QAC/B,IAAI,CAAC,cAAc,GAAG,EAAE,CAAC;QACzB,IAAI,CAAC,cAAc,GAAG,EAAE,CAAC;QAEzB,KAAK,IAAI,MAAM,IAAI,CAAC,CAAC,OAAO,IAAI,EAAE,EAAE;YAClC,MAAM,IAAI,GAAG,KAAK,CAAC,qBAAqB,CAAC,MAAM,CAAC,CAAC;YACjD,IAAI,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE;gBACjC,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;gBACjC,MAAM,SAAS,GAAG,KAAK,CAAC,wBAAwB,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;gBAC9D,IAAI,aAAa,CAAC,SAAS,CAAC,EAAE;oBAC5B,uBAAuB;oBACvB,SAAS;iBACV;gBACD,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,GAAG,SAAS,CAAC;aAC1C;iBAAM;gBACL,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;gBACjC,MAAM,SAAS,GAAG,KAAK,CAAC,8BAA8B,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;gBACpE,IAAI,aAAa,CAAC,SAAS,CAAC,EAAE;oBAC5B,uBAAuB;oBACvB,SAAS;iBACV;gBACD,IAAI,CAAC,oBAAoB,CAAC,IAAI,CAAC,GAAG,SAAS,CAAC;aAC7C;SACF;QACD,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;QACnB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC;QAElC,IAAI,IAAI,CAAC,8BAA8B,IAAI,CAAC,OAAO,EAAE,oCAAoC,EAAE;YACzF,IAAI,GAAG,GAAG,IAAI,YAAY,CACxB,qKAAqK,EACrK,GAAG,CACJ,CAAC;YACF,GAAG,CAAC,IAAI,GAAG,SAAS,CAAC;YACrB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;SACvB;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAwCD;QA/BA;;WAEG;QACH,sBAAiB,GAAmC,EAAE,CAAC;QAEvD;;WAEG;QACH,yBAAoB,GAAyC,EAAE,CAAC;QAqBhE,WAAM,GAAmB,EAAE,CAAC;IAEb,CAAC;IAEhB,OAAO,CAAC,KAA2B;QACjC,OAAO,IAAI,CAAC,WAAY,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;IAC1C,CAAC;IAED,oBAAoB,CAAC,GAAc;QACjC,MAAM,MAAM,GAAG;YACb,CAAC,IAAI,CAAC,KAAM,CAAC,EAAE,GAAG;SACnB,CAAC;QACF,IAAI;YACF,MAAM,gBAAgB,GAAG,IAAI,CAAC,MAAO,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;YACxD,IAAI,MAAM,GAAgC,EAAE,CAAC;YAC7C,KAAK,IAAI,cAAc,IAAI,gBAAgB,EAAE;gBAC3C,IAAI,MAAM,GAAsB,CAAC,IAAI,CAAC,eAAgB,EAAE,IAAI,CAAC,EAAG,CAAC,CAAC;gBAClE,MAAM,CAAC,IAAI,CACT,GAAG,IAAI,CAAC,gBAAiB,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE;oBACtC,OAAO,KAAK,CAAC,wBAAwB,CAAC,cAAc,CAAC,CAAC;gBACxD,CAAC,CAAC,CACH,CAAC;gBAEF,MAAM,IAAI,GAAG,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC;gBAErC,MAAM,IAAI,GAAwB;oBAChC,iBAAiB,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC;oBACxD,MAAM,EAAE,MAAM;iBACf,CAAC;gBACF,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;aACnB;YACD,OAAO,MAAM,CAAC;SACf;QAAC,OAAO,CAAC,EAAE;YACV,OAAO,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC,OAAO,IAAI,mCAAmC,EAAE,CAAC,CAAC;SACtE;IACH,CAAC;IAED,aAAa,CAAC,GAAc;QAC1B,MAAM,MAAM,GAAG,EAAE,CAAC,IAAI,CAAC,KAAM,CAAC,EAAE,GAAG,EAAE,CAAC;QACtC,IAAI,MAAM,GAAc,EAAE,CAAC;QAC3B,KAAK,IAAI,GAAG,IAAI,IAAI,CAAC,iBAAiB,EAAE;YACtC,MAAM,SAAS,GAAG,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,CAAC;YAC9C,MAAM,CAAC,GAAG,CAAC,GAAG,SAAS,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;SAC1C;QACD,OAAO,CAAC,MAAM,CAAC,CAAC;IAClB,CAAC;IAED;;OAEG;IACH,gBAAgB,CAAC,gBAAiC,EAAE,UAA6B;QAC/E,+GAA+G;QAC/G,yGAAyG;QACzG,oCAAoC;QAEpC,OAAO,gBAAgB;aACpB,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE;YACd,IAAI,MAAM,GAAoC,EAAE,CAAC;YACjD,KAAK,IAAI,IAAI,IAAI,IAAI,CAAC,iBAAkB,EAAE;gBACxC,IAAI,IAAI,IAAI,IAAI,CAAC,iBAAiB,EAAE;oBAClC,MAAM,CAAC,UAAU,IAAI,EAAE,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC;iBACzC;qBAAM;oBACL,MAAM,KAAK,GAAG,IAAI,CAAC,oBAAoB,CAAC,IAAI,CAAC,CAAC,oBAAoB,CAAC,UAAU,CAAC,CAAC;oBAC/E,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,EAAE;wBACvB,uBAAuB;wBACvB,2BAA2B;wBAC3B,OAAO,IAAI,CAAC;qBACb;yBAAM;wBACL,MAAM,CAAC,UAAU,IAAI,EAAE,CAAC,GAAG,KAAK,CAAC;qBAClC;iBACF;aACF;YAED,OAAO,WAAW,CAAC,IAAI,CAAC,eAAgB,EAAE,IAAI,CAAC,iBAAkB,EAAE,MAAM,CAAC,CAAC;QAC7E,CAAC,CAAC;aACD,MAAM,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,IAAI,IAAI,CAAa,CAAC;IACpD,CAAC;IAED;;;;OAIG;IACH,UAAU,CAAC,UAA6B;QACtC,IAAI,CAAC,IAAI,CAAC,wBAAwB,EAAE;YAClC,IAAI,MAAM,GAAsB,CAAC,IAAI,CAAC,eAAgB,EAAE,IAAI,CAAC,EAAG,CAAC,CAAC;YAElE,IAAI,KAAK,GAAG,IAAI,CAAC;YACjB,MAAM,CAAC,IAAI,CACT,GAAG,IAAI,CAAC,gBAAiB,CAAC,GAAG,CAAC,CAAC,KAAK,EAAmB,EAAE;gBACvD,eAAe;gBACf,MAAM,KAAK,GAAG,KAAK,CAAC,uBAAuB,CAAC,UAAU,CAAC,CAAC;gBAExD,IAAI,WAAW,CAAC,KAAK,CAAC,EAAE;oBACtB,OAAO,KAAK,CAAC;iBACd;qBAAM;oBACL,KAAK,GAAG,KAAK,CAAC;oBACd,OAAO,IAAI,CAAC;iBACb;YACH,CAAC,CAAC,CACH,CAAC;YACF,IAAI,CAAC,KAAK,EAAE;gBACV,OAAO,EAAE,CAAC;aACX;YACD,OAAO,CAAC,MAAM,CAAC,CAAC;SACjB;aAAM;YACL,MAAM,WAAW,GAAG,IAAI,CAAC,wBAAwB,CAAC,uBAAuB,CAAC,UAAU,CAAC,CAAC;YAEtF,IAAI,WAAW,IAAI,IAAI,IAAI,OAAO,WAAW,IAAI,QAAQ,EAAE;gBACzD,OAAO,EAAE,CAAC;aACX;YACD,IAAI,MAAyB,CAAC;YAC9B,IAAI;gBACF,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;gBACjC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE;oBAC1B,OAAO,EAAE,CAAC;iBACX;aACF;YAAC,OAAO,CAAC,EAAE;gBACV,OAAO,EAAE,CAAC;aACX;YAED,OAAO,MAAM;iBACV,GAAG,CAAC,CAAC,aAAa,EAAE,EAAE;gBACrB,IAAI,MAAM,GAAsB,CAAC,IAAI,CAAC,eAAgB,EAAE,IAAI,CAAC,EAAG,CAAC,CAAC;gBAClE,IAAI,KAAK,GAAG,IAAI,CAAC;gBACjB,MAAM,CAAC,IAAI,CACT,GAAG,IAAI,CAAC,gBAAiB,CAAC,GAAG,CAAC,CAAC,KAAK,EAAmB,EAAE;oBACvD,IAAI,KAAK,IAAI,IAAI,CAAC,wBAAwB,EAAE;wBAC1C,qBAAqB;wBACrB,OAAO,aAAa,CAAC;qBACtB;yBAAM;wBACL,eAAe;wBACf,MAAM,KAAK,GAAG,KAAK,CAAC,uBAAuB,CAAC,UAAU,CAAC,CAAC;wBAExD,IAAI,WAAW,CAAC,KAAK,CAAC,EAAE;4BACtB,OAAO,KAAK,CAAC;yBACd;6BAAM;4BACL,KAAK,GAAG,KAAK,CAAC;4BACd,OAAO,IAAI,CAAC;yBACb;qBACF;gBACH,CAAC,CAAC,CACH,CAAC;gBACF,IAAI,CAAC,KAAK,EAAE;oBACV,OAAO,IAAI,CAAC;iBACb;gBAED,OAAO,MAAM,CAAC;YAChB,CAAC,CAAC;iBACD,MAAM,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,IAAI,IAAI,CAAwB,CAAC;SAC9D;IACH,CAAC;IAED;;;;;;;OAOG;IACH,KAAK,CAAC,cAAc,CAAC,OAA6B;QAChD,IAAI,OAAO,GAAG,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;QAClD,IAAI,OAAO,CAAC,MAAM,IAAI,CAAC,EAAE;YACvB,OAAO,EAAE,CAAC;SACX;QAED,MAAM,UAAU,GAAG,MAAM,OAAO,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;QAC3D,OAAO,IAAI,CAAC,gBAAgB,CAAC,UAAU,EAAE,OAAO,CAAC,UAAU,CAAC,CAAC;IAC/D,CAAC;IAED,IAAI,gCAAgC;QAClC,gDAAgD;QAChD,MAAM,sBAAsB,GAC1B,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC,IAAI,CAC3C,CAAC,MAAM,EAAE,EAAE,CAAC,sBAAsB,CAAC,MAAM,CAAC,IAAI,MAAM,CAAC,kCAAkC,CACxF,IAAI,IAAI,CAAC;QACZ,OAAO,sBAAsB,CAAC;IAChC,CAAC;IAED,IAAI,2BAA2B;QAC7B,+CAA+C;QAC/C,IAAI,CAAC,MAAM,EAAE,eAAe,CAAC,IAAI,CAAC;QAClC,MAAM,2BAA2B,GAAG,IAAI,CAAC,MAAO,CAAC,kCAAkC,CAAC;QACpF,OAAO,2BAA2B,CAAC;IACrC,CAAC;IAED,IAAI,oCAAoC;QACtC,+DAA+D;QAC/D,MAAM,6BAA6B,GAAG,IAAI,CAAC,MAAO,CAAC,oCAAoC,CAAC;QAExF,+CAA+C;QAC/C,MAAM,wBAAwB,GAC5B,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC,IAAI,CAC3C,CAAC,MAAM,EAAE,EAAE,CAAC,sBAAsB,CAAC,MAAM,CAAC,IAAI,MAAM,CAAC,oCAAoC,CAC1F,IAAI,IAAI,CAAC;QAEZ,OAAO,6BAA6B,IAAI,wBAAwB,CAAC;IACnE,CAAC;IAED;;;;;;;;;;;;OAYG;IACH,IAAI,8BAA8B;QAChC,OAAO,CACL,IAAI,CAAC,oCAAoC;YACzC,CAAC,IAAI,CAAC,gCAAgC;YACtC,CAAC,IAAI,CAAC,2BAA2B,CAClC,CAAC;IACJ,CAAC;CACF"}
|
package/dist/SqlSyncRules.d.ts
CHANGED
|
@@ -4,7 +4,7 @@ import { IdSequence } from './IdSequence.js';
|
|
|
4
4
|
import { SourceTableInterface } from './SourceTableInterface.js';
|
|
5
5
|
import { QueryParseResult, SqlBucketDescriptor } from './SqlBucketDescriptor.js';
|
|
6
6
|
import { TablePattern } from './TablePattern.js';
|
|
7
|
-
import { EvaluatedParameters, EvaluatedRow, EvaluateRowOptions, EvaluationError, QueryBucketIdOptions, SourceSchema, SqliteRow,
|
|
7
|
+
import { EvaluatedParameters, EvaluatedRow, EvaluateRowOptions, EvaluationError, QueryBucketIdOptions, RequestParameters, SourceSchema, SqliteRow, SyncRules } from './types.js';
|
|
8
8
|
export declare class SqlSyncRules implements SyncRules {
|
|
9
9
|
bucket_descriptors: SqlBucketDescriptor[];
|
|
10
10
|
idSequence: IdSequence;
|
|
@@ -40,7 +40,7 @@ export declare class SqlSyncRules implements SyncRules {
|
|
|
40
40
|
/**
|
|
41
41
|
* @deprecated For testing only.
|
|
42
42
|
*/
|
|
43
|
-
getStaticBucketIds(parameters:
|
|
43
|
+
getStaticBucketIds(parameters: RequestParameters): string[];
|
|
44
44
|
/**
|
|
45
45
|
* Note: This can error hard.
|
|
46
46
|
*/
|
package/dist/SqlSyncRules.js
CHANGED
|
@@ -4,6 +4,7 @@ import { IdSequence } from './IdSequence.js';
|
|
|
4
4
|
import { validateSyncRulesSchema } from './json_schema.js';
|
|
5
5
|
import { SqlBucketDescriptor } from './SqlBucketDescriptor.js';
|
|
6
6
|
import { isEvaluatedParameters, isEvaluatedRow, isEvaluationError } from './types.js';
|
|
7
|
+
const ACCEPT_POTENTIALLY_DANGEROUS_QUERIES = Symbol('ACCEPT_POTENTIALLY_DANGEROUS_QUERIES');
|
|
7
8
|
export class SqlSyncRules {
|
|
8
9
|
static validate(yaml, options) {
|
|
9
10
|
try {
|
|
@@ -26,7 +27,19 @@ export class SqlSyncRules {
|
|
|
26
27
|
const throwOnError = options?.throwOnError ?? true;
|
|
27
28
|
const schema = options?.schema;
|
|
28
29
|
const lineCounter = new LineCounter();
|
|
29
|
-
const parsed = parseDocument(yaml, {
|
|
30
|
+
const parsed = parseDocument(yaml, {
|
|
31
|
+
schema: 'core',
|
|
32
|
+
keepSourceTokens: true,
|
|
33
|
+
lineCounter,
|
|
34
|
+
customTags: [
|
|
35
|
+
{
|
|
36
|
+
tag: '!accept_potentially_dangerous_queries',
|
|
37
|
+
resolve(_text, _onError) {
|
|
38
|
+
return ACCEPT_POTENTIALLY_DANGEROUS_QUERIES;
|
|
39
|
+
}
|
|
40
|
+
}
|
|
41
|
+
]
|
|
42
|
+
});
|
|
30
43
|
const rules = new SqlSyncRules(yaml);
|
|
31
44
|
if (parsed.errors.length > 0) {
|
|
32
45
|
rules.errors.push(...parsed.errors.map((error) => {
|
|
@@ -48,23 +61,27 @@ export class SqlSyncRules {
|
|
|
48
61
|
for (let entry of bucketMap.items) {
|
|
49
62
|
const { key: keyScalar, value } = entry;
|
|
50
63
|
const key = keyScalar.toString();
|
|
64
|
+
const accept_potentially_dangerous_queries = value.get('accept_potentially_dangerous_queries', true)?.value == true;
|
|
65
|
+
const options = {
|
|
66
|
+
accept_potentially_dangerous_queries
|
|
67
|
+
};
|
|
51
68
|
const parameters = value.get('parameters', true);
|
|
52
69
|
const dataQueries = value.get('data', true);
|
|
53
70
|
const descriptor = new SqlBucketDescriptor(key, rules.idSequence);
|
|
54
71
|
if (parameters instanceof Scalar) {
|
|
55
72
|
rules.withScalar(parameters, (q) => {
|
|
56
|
-
return descriptor.addParameterQuery(q);
|
|
73
|
+
return descriptor.addParameterQuery(q, schema, options);
|
|
57
74
|
});
|
|
58
75
|
}
|
|
59
76
|
else if (parameters instanceof YAMLSeq) {
|
|
60
77
|
for (let item of parameters.items) {
|
|
61
78
|
rules.withScalar(item, (q) => {
|
|
62
|
-
return descriptor.addParameterQuery(q, schema);
|
|
79
|
+
return descriptor.addParameterQuery(q, schema, options);
|
|
63
80
|
});
|
|
64
81
|
}
|
|
65
82
|
}
|
|
66
83
|
else {
|
|
67
|
-
descriptor.addParameterQuery('SELECT', schema);
|
|
84
|
+
descriptor.addParameterQuery('SELECT', schema, options);
|
|
68
85
|
}
|
|
69
86
|
if (!(dataQueries instanceof YAMLSeq)) {
|
|
70
87
|
rules.errors.push(this.tokenError(dataQueries ?? value, `'data' must be an array`));
|
package/dist/SqlSyncRules.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"SqlSyncRules.js","sourceRoot":"","sources":["../src/SqlSyncRules.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,EAAW,OAAO,EAAE,MAAM,MAAM,CAAC;AAC5E,OAAO,EAAE,YAAY,EAAE,eAAe,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AACvE,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAC7C,OAAO,EAAE,uBAAuB,EAAE,MAAM,kBAAkB,CAAC;AAE3D,OAAO,EAAoB,mBAAmB,EAAE,MAAM,0BAA0B,CAAC;AAEjF,OAAO,EAOL,qBAAqB,EACrB,cAAc,EACd,iBAAiB,
|
|
1
|
+
{"version":3,"file":"SqlSyncRules.js","sourceRoot":"","sources":["../src/SqlSyncRules.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,EAAW,OAAO,EAAE,MAAM,MAAM,CAAC;AAC5E,OAAO,EAAE,YAAY,EAAE,eAAe,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AACvE,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAC7C,OAAO,EAAE,uBAAuB,EAAE,MAAM,kBAAkB,CAAC;AAE3D,OAAO,EAAoB,mBAAmB,EAAE,MAAM,0BAA0B,CAAC;AAEjF,OAAO,EAOL,qBAAqB,EACrB,cAAc,EACd,iBAAiB,EAOlB,MAAM,YAAY,CAAC;AAEpB,MAAM,oCAAoC,GAAG,MAAM,CAAC,sCAAsC,CAAC,CAAC;AAE5F,MAAM,OAAO,YAAY;IAQvB,MAAM,CAAC,QAAQ,CAAC,IAAY,EAAE,OAAmC;QAC/D,IAAI;YACF,MAAM,KAAK,GAAG,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;YAC3C,OAAO,KAAK,CAAC,MAAM,CAAC;SACrB;QAAC,OAAO,CAAC,EAAE;YACV,IAAI,CAAC,YAAY,eAAe,EAAE;gBAChC,OAAO,CAAC,CAAC,MAAM,CAAC;aACjB;iBAAM,IAAI,CAAC,YAAY,SAAS,EAAE;gBACjC,OAAO,CAAC,CAAC,CAAC,CAAC;aACZ;iBAAM;gBACL,OAAO,CAAC,IAAI,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;aAC3B;SACF;IACH,CAAC;IAED,MAAM,CAAC,QAAQ,CAAC,IAAY,EAAE,OAA2D;QACvF,MAAM,YAAY,GAAG,OAAO,EAAE,YAAY,IAAI,IAAI,CAAC;QACnD,MAAM,MAAM,GAAG,OAAO,EAAE,MAAM,CAAC;QAE/B,MAAM,WAAW,GAAG,IAAI,WAAW,EAAE,CAAC;QACtC,MAAM,MAAM,GAAG,aAAa,CAAC,IAAI,EAAE;YACjC,MAAM,EAAE,MAAM;YACd,gBAAgB,EAAE,IAAI;YACtB,WAAW;YACX,UAAU,EAAE;gBACV;oBACE,GAAG,EAAE,uCAAuC;oBAC5C,OAAO,CAAC,KAAa,EAAE,QAAiC;wBACtD,OAAO,oCAAoC,CAAC;oBAC9C,CAAC;iBACF;aACF;SACF,CAAC,CAAC;QAEH,MAAM,KAAK,GAAG,IAAI,YAAY,CAAC,IAAI,CAAC,CAAC;QAErC,IAAI,MAAM,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE;YAC5B,KAAK,CAAC,MAAM,CAAC,IAAI,CACf,GAAG,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE;gBAC7B,OAAO,IAAI,SAAS,CAAC,KAAK,CAAC,CAAC;YAC9B,CAAC,CAAC,CACH,CAAC;YAEF,IAAI,YAAY,EAAE;gBAChB,KAAK,CAAC,YAAY,EAAE,CAAC;aACtB;YACD,OAAO,KAAK,CAAC;SACd;QAED,MAAM,SAAS,GAAG,MAAM,CAAC,GAAG,CAAC,oBAAoB,CAAY,CAAC;QAC9D,IAAI,SAAS,IAAI,IAAI,EAAE;YACrB,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,SAAS,CAAC,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC,CAAC,CAAC;YAEhF,IAAI,YAAY,EAAE;gBAChB,KAAK,CAAC,YAAY,EAAE,CAAC;aACtB;YACD,OAAO,KAAK,CAAC;SACd;QAED,KAAK,IAAI,KAAK,IAAI,SAAS,CAAC,KAAK,EAAE;YACjC,MAAM,EAAE,GAAG,EAAE,SAAS,EAAE,KAAK,EAAE,GAAG,KAAwC,CAAC;YAC3E,MAAM,GAAG,GAAG,SAAS,CAAC,QAAQ,EAAE,CAAC;YAEjC,MAAM,oCAAoC,GACxC,KAAK,CAAC,GAAG,CAAC,sCAAsC,EAAE,IAAI,CAAC,EAAE,KAAK,IAAI,IAAI,CAAC;YACzE,MAAM,OAAO,GAAsB;gBACjC,oCAAoC;aACrC,CAAC;YACF,MAAM,UAAU,GAAG,KAAK,CAAC,GAAG,CAAC,YAAY,EAAE,IAAI,CAAY,CAAC;YAC5D,MAAM,WAAW,GAAG,KAAK,CAAC,GAAG,CAAC,MAAM,EAAE,IAAI,CAAY,CAAC;YAEvD,MAAM,UAAU,GAAG,IAAI,mBAAmB,CAAC,GAAG,EAAE,KAAK,CAAC,UAAU,CAAC,CAAC;YAElE,IAAI,UAAU,YAAY,MAAM,EAAE;gBAChC,KAAK,CAAC,UAAU,CAAC,UAAU,EAAE,CAAC,CAAC,EAAE,EAAE;oBACjC,OAAO,UAAU,CAAC,iBAAiB,CAAC,CAAC,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC;gBAC1D,CAAC,CAAC,CAAC;aACJ;iBAAM,IAAI,UAAU,YAAY,OAAO,EAAE;gBACxC,KAAK,IAAI,IAAI,IAAI,UAAU,CAAC,KAAK,EAAE;oBACjC,KAAK,CAAC,UAAU,CAAC,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE;wBAC3B,OAAO,UAAU,CAAC,iBAAiB,CAAC,CAAC,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC;oBAC1D,CAAC,CAAC,CAAC;iBACJ;aACF;iBAAM;gBACL,UAAU,CAAC,iBAAiB,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC;aACzD;YAED,IAAI,CAAC,CAAC,WAAW,YAAY,OAAO,CAAC,EAAE;gBACrC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,WAAW,IAAI,KAAK,EAAE,yBAAyB,CAAC,CAAC,CAAC;gBACpF,SAAS;aACV;YACD,KAAK,IAAI,KAAK,IAAI,WAAW,CAAC,KAAK,EAAE;gBACnC,KAAK,CAAC,UAAU,CAAC,KAAK,EAAE,CAAC,CAAC,EAAE,EAAE;oBAC5B,OAAO,UAAU,CAAC,YAAY,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC;gBAC5C,CAAC,CAAC,CAAC;aACJ;YACD,KAAK,CAAC,kBAAkB,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;SAC3C;QAED,oDAAoD;QACpD,+DAA+D;QAC/D,MAAM,KAAK,GAAG,uBAAuB,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC;QACvD,IAAI,CAAC,KAAK,EAAE;YACV,KAAK,CAAC,MAAM,CAAC,IAAI,CACf,GAAG,uBAAuB,CAAC,MAAO,CAAC,GAAG,CAAC,CAAC,CAAM,EAAE,EAAE;gBAChD,OAAO,IAAI,SAAS,CAAC,CAAC,CAAC,CAAC;YAC1B,CAAC,CAAC,CACH,CAAC;SACH;QAED,IAAI,YAAY,EAAE;YAChB,KAAK,CAAC,YAAY,EAAE,CAAC;SACtB;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAED,YAAY;QACV,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,IAAI,SAAS,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE;YAC7D,MAAM,IAAI,eAAe,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;SACxC;IACH,CAAC;IAED,MAAM,CAAC,UAAU,CAAC,KAAU,EAAE,OAAe;QAC3C,MAAM,KAAK,GAAG,KAAK,EAAE,QAAQ,EAAE,MAAM,IAAI,CAAC,CAAC;QAC3C,MAAM,GAAG,GAAG,KAAK,GAAG,CAAC,CAAC;QACtB,OAAO,IAAI,SAAS,CAAC,IAAI,KAAK,CAAC,OAAO,CAAC,EAAE,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC,CAAC;IAC3D,CAAC;IAED,UAAU,CAAC,MAAc,EAAE,EAAuC;QAChE,MAAM,KAAK,GAAG,MAAM,CAAC,QAAQ,EAAE,CAAC;QAEhC,MAAM,OAAO,GAAG,CAAC,KAAa,EAAoB,EAAE;YAClD,IAAI;gBACF,OAAO,EAAE,CAAC,KAAK,CAAC,CAAC;aAClB;YAAC,OAAO,CAAC,EAAE;gBACV,OAAO;oBACL,MAAM,EAAE,KAAK;oBACb,MAAM,EAAE,CAAC,CAAC,CAAC;iBACZ,CAAC;aACH;QACH,CAAC,CAAC;QAEF,MAAM,MAAM,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC;QAC9B,KAAK,IAAI,GAAG,IAAI,MAAM,CAAC,MAAM,EAAE;YAC7B,IAAI,YAAY,GAAG,MAAM,CAAC,QAAS,CAAC,MAAM,CAAC;YAC3C,IAAI,MAAM,CAAC,IAAI,IAAI,MAAM,CAAC,YAAY,IAAI,MAAM,CAAC,IAAI,IAAI,MAAM,CAAC,YAAY,EAAE;gBAC5E,0CAA0C;gBAC1C,YAAY,IAAI,CAAC,CAAC;aACnB;YACD,IAAI,MAAc,CAAC;YACnB,IAAI,GAAW,CAAC;YAChB,IAAI,GAAG,YAAY,YAAY,IAAI,GAAG,CAAC,QAAQ,EAAE;gBAC/C,MAAM,GAAG,GAAG,CAAC,QAAS,CAAC,KAAK,GAAG,YAAY,CAAC;gBAC5C,GAAG,GAAG,GAAG,CAAC,QAAS,CAAC,GAAG,GAAG,YAAY,CAAC;aACxC;iBAAM,IAAI,OAAQ,GAAW,CAAC,KAAK,EAAE,SAAS,EAAE,KAAK,IAAI,QAAQ,EAAE;gBAClE,MAAM,GAAG,YAAY,GAAI,GAAW,CAAC,KAAK,EAAE,SAAS,EAAE,KAAK,CAAC;gBAC7D,GAAG,GAAG,YAAY,GAAI,GAAW,CAAC,KAAK,EAAE,SAAS,EAAE,GAAG,CAAC;aACzD;iBAAM;gBACL,MAAM,GAAG,YAAY,CAAC;gBACtB,GAAG,GAAG,YAAY,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;aAChD;YAED,MAAM,GAAG,GAAG,EAAE,KAAK,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC;YACnC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,SAAS,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,CAAC;SAC3C;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,YAAY,OAAe;QAhL3B,uBAAkB,GAA0B,EAAE,CAAC;QAC/C,eAAU,GAAG,IAAI,UAAU,EAAE,CAAC;QAI9B,WAAM,GAAgB,EAAE,CAAC;QA4KvB,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;IACzB,CAAC;IAED;;OAEG;IACH,WAAW,CAAC,OAA2B;QACrC,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,GAAG,IAAI,CAAC,qBAAqB,CAAC,OAAO,CAAC,CAAC;QAChE,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE;YACrB,MAAM,IAAI,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;SAClC;QACD,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,qBAAqB,CAAC,OAA2B;QAC/C,IAAI,UAAU,GAAuB,EAAE,CAAC;QACxC,KAAK,IAAI,KAAK,IAAI,IAAI,CAAC,kBAAkB,EAAE;YACzC,UAAU,CAAC,IAAI,CAAC,GAAG,KAAK,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC,CAAC;SAChD;QAED,MAAM,OAAO,GAAG,UAAU,CAAC,MAAM,CAAC,cAAc,CAAmB,CAAC;QACpE,MAAM,MAAM,GAAG,UAAU,CAAC,MAAM,CAAC,iBAAiB,CAAsB,CAAC;QAEzE,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,CAAC;IAC7B,CAAC;IAED;;OAEG;IACH,oBAAoB,CAAC,KAA2B,EAAE,GAAc;QAC9D,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,GAAG,IAAI,CAAC,8BAA8B,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;QAC5E,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE;YACrB,MAAM,IAAI,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;SAClC;QACD,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,8BAA8B,CAC5B,KAA2B,EAC3B,GAAc;QAEd,IAAI,UAAU,GAAgC,EAAE,CAAC;QACjD,KAAK,IAAI,KAAK,IAAI,IAAI,CAAC,kBAAkB,EAAE;YACzC,UAAU,CAAC,IAAI,CAAC,GAAG,KAAK,CAAC,oBAAoB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,CAAC;SAC5D;QAED,MAAM,OAAO,GAAG,UAAU,CAAC,MAAM,CAAC,qBAAqB,CAA0B,CAAC;QAClF,MAAM,MAAM,GAAG,UAAU,CAAC,MAAM,CAAC,iBAAiB,CAAsB,CAAC;QACzE,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,CAAC;IAC7B,CAAC;IAED;;OAEG;IACH,kBAAkB,CAAC,UAA6B;QAC9C,IAAI,OAAO,GAAa,EAAE,CAAC;QAC3B,KAAK,IAAI,MAAM,IAAI,IAAI,CAAC,kBAAkB,EAAE;YAC1C,OAAO,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,kBAAkB,CAAC,UAAU,CAAC,CAAC,CAAC;SACxD;QACD,OAAO,OAAO,CAAC;IACjB,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,cAAc,CAAC,OAA6B;QAChD,IAAI,OAAO,GAAa,EAAE,CAAC;QAC3B,KAAK,IAAI,MAAM,IAAI,IAAI,CAAC,kBAAkB,EAAE;YAC1C,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,MAAM,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;SACzD;QACD,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,eAAe;QACb,IAAI,YAAY,GAAG,IAAI,GAAG,EAAwB,CAAC;QACnD,KAAK,IAAI,MAAM,IAAI,IAAI,CAAC,kBAAkB,EAAE;YAC1C,KAAK,IAAI,CAAC,IAAI,MAAM,CAAC,eAAe,EAAE,EAAE;gBACtC,MAAM,GAAG,GAAG,GAAG,CAAC,CAAC,aAAa,IAAI,CAAC,CAAC,MAAM,IAAI,CAAC,CAAC,YAAY,EAAE,CAAC;gBAC/D,YAAY,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;aAC1B;SACF;QACD,OAAO,CAAC,GAAG,YAAY,CAAC,MAAM,EAAE,CAAC,CAAC;IACpC,CAAC;IAED,cAAc,CAAC,KAA2B;QACxC,KAAK,IAAI,MAAM,IAAI,IAAI,CAAC,kBAAkB,EAAE;YAC1C,IAAI,MAAM,CAAC,cAAc,CAAC,KAAK,CAAC,EAAE;gBAChC,OAAO,IAAI,CAAC;aACb;SACF;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAED,oBAAoB,CAAC,KAA2B;QAC9C,KAAK,IAAI,MAAM,IAAI,IAAI,CAAC,kBAAkB,EAAE;YAC1C,IAAI,MAAM,CAAC,oBAAoB,CAAC,KAAK,CAAC,EAAE;gBACtC,OAAO,IAAI,CAAC;aACb;SACF;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAED,oBAAoB;;QAClB,IAAI,MAAM,GAA0B,EAAE,CAAC;QACvC,KAAK,IAAI,MAAM,IAAI,IAAI,CAAC,kBAAkB,EAAE;YAC1C,KAAK,IAAI,CAAC,IAAI,MAAM,CAAC,YAAY,EAAE;gBACjC,MAAM,MAAC,CAAC,CAAC,KAAM,MAAf,MAAM,OAAe,EAAE,EAAC;gBACxB,MAAM,CAAC,GAAG;oBACR,KAAK,EAAE,CAAC,CAAC,GAAG;iBACb,CAAC;gBAEF,MAAM,CAAC,CAAC,CAAC,KAAM,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;aAC1B;SACF;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;CACF"}
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
import { SelectedColumn, SelectFromStatement } from 'pgsql-ast-parser';
|
|
2
|
-
import { ParameterMatchClause, StaticRowValueClause, SyncParameters } from './types.js';
|
|
3
|
-
import { SqlTools } from './sql_filters.js';
|
|
4
2
|
import { SqlRuleError } from './errors.js';
|
|
3
|
+
import { SqlTools } from './sql_filters.js';
|
|
4
|
+
import { ParameterValueClause, QueryParseOptions, RequestParameters } from './types.js';
|
|
5
5
|
/**
|
|
6
6
|
* Represents a bucket parameter query without any tables, e.g.:
|
|
7
7
|
*
|
|
@@ -9,16 +9,19 @@ import { SqlRuleError } from './errors.js';
|
|
|
9
9
|
* SELECT token_parameters.user_id as user_id WHERE token_parameters.is_admin
|
|
10
10
|
*/
|
|
11
11
|
export declare class StaticSqlParameterQuery {
|
|
12
|
-
static fromSql(descriptor_name: string, sql: string, q: SelectFromStatement): StaticSqlParameterQuery;
|
|
12
|
+
static fromSql(descriptor_name: string, sql: string, q: SelectFromStatement, options?: QueryParseOptions): StaticSqlParameterQuery;
|
|
13
13
|
sql?: string;
|
|
14
14
|
columns?: SelectedColumn[];
|
|
15
|
-
|
|
15
|
+
parameter_extractors: Record<string, ParameterValueClause>;
|
|
16
16
|
descriptor_name?: string;
|
|
17
17
|
/** _Output_ bucket parameters */
|
|
18
18
|
bucket_parameters?: string[];
|
|
19
19
|
id?: string;
|
|
20
20
|
tools?: SqlTools;
|
|
21
|
-
filter?:
|
|
21
|
+
filter?: ParameterValueClause;
|
|
22
22
|
errors: SqlRuleError[];
|
|
23
|
-
getStaticBucketIds(parameters:
|
|
23
|
+
getStaticBucketIds(parameters: RequestParameters): string[];
|
|
24
|
+
get hasAuthenticatedBucketParameters(): boolean;
|
|
25
|
+
get usesUnauthenticatedRequestParameters(): boolean;
|
|
26
|
+
get usesDangerousRequestParameters(): boolean;
|
|
24
27
|
}
|
|
@@ -1,6 +1,7 @@
|
|
|
1
|
+
import { SqlRuleError } from './errors.js';
|
|
1
2
|
import { SqlTools } from './sql_filters.js';
|
|
3
|
+
import { checkUnsupportedFeatures, isClauseError, isParameterValueClause, sqliteBool } from './sql_support.js';
|
|
2
4
|
import { getBucketId, isJsonValue } from './utils.js';
|
|
3
|
-
import { checkUnsupportedFeatures, isClauseError } from './sql_support.js';
|
|
4
5
|
/**
|
|
5
6
|
* Represents a bucket parameter query without any tables, e.g.:
|
|
6
7
|
*
|
|
@@ -9,19 +10,20 @@ import { checkUnsupportedFeatures, isClauseError } from './sql_support.js';
|
|
|
9
10
|
*/
|
|
10
11
|
export class StaticSqlParameterQuery {
|
|
11
12
|
constructor() {
|
|
12
|
-
this.
|
|
13
|
+
this.parameter_extractors = {};
|
|
13
14
|
this.errors = [];
|
|
14
15
|
}
|
|
15
|
-
static fromSql(descriptor_name, sql, q) {
|
|
16
|
+
static fromSql(descriptor_name, sql, q, options) {
|
|
16
17
|
const query = new StaticSqlParameterQuery();
|
|
17
18
|
query.errors.push(...checkUnsupportedFeatures(sql, q));
|
|
18
19
|
const tools = new SqlTools({
|
|
19
20
|
table: undefined,
|
|
20
|
-
|
|
21
|
+
parameter_tables: ['token_parameters', 'user_parameters'],
|
|
22
|
+
supports_parameter_expressions: true,
|
|
21
23
|
sql
|
|
22
24
|
});
|
|
23
25
|
const where = q.where;
|
|
24
|
-
const filter = tools.
|
|
26
|
+
const filter = tools.compileParameterValueExtractor(where);
|
|
25
27
|
const columns = q.columns ?? [];
|
|
26
28
|
const bucket_parameters = columns.map((column) => tools.getOutputName(column));
|
|
27
29
|
query.sql = sql;
|
|
@@ -29,28 +31,38 @@ export class StaticSqlParameterQuery {
|
|
|
29
31
|
query.bucket_parameters = bucket_parameters;
|
|
30
32
|
query.columns = columns;
|
|
31
33
|
query.tools = tools;
|
|
32
|
-
|
|
34
|
+
if (!isClauseError(filter)) {
|
|
35
|
+
query.filter = filter;
|
|
36
|
+
}
|
|
33
37
|
for (let column of columns) {
|
|
34
38
|
const name = tools.getSpecificOutputName(column);
|
|
35
|
-
const extractor = tools.
|
|
39
|
+
const extractor = tools.compileParameterValueExtractor(column.expr);
|
|
36
40
|
if (isClauseError(extractor)) {
|
|
37
41
|
// Error logged already
|
|
38
42
|
continue;
|
|
39
43
|
}
|
|
40
|
-
query.
|
|
44
|
+
query.parameter_extractors[name] = extractor;
|
|
41
45
|
}
|
|
42
46
|
query.errors.push(...tools.errors);
|
|
47
|
+
if (query.usesDangerousRequestParameters && !options?.accept_potentially_dangerous_queries) {
|
|
48
|
+
let err = new SqlRuleError("Potentially dangerous query based on parameters set by the client. The client can send any value for these parameters so it's not a good place to do authorization.", sql);
|
|
49
|
+
err.type = 'warning';
|
|
50
|
+
query.errors.push(err);
|
|
51
|
+
}
|
|
43
52
|
return query;
|
|
44
53
|
}
|
|
45
54
|
getStaticBucketIds(parameters) {
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
55
|
+
if (this.filter == null) {
|
|
56
|
+
// Error in filter clause
|
|
57
|
+
return [];
|
|
58
|
+
}
|
|
59
|
+
const filterValue = this.filter.lookupParameterValue(parameters);
|
|
60
|
+
if (sqliteBool(filterValue) === 0n) {
|
|
49
61
|
return [];
|
|
50
62
|
}
|
|
51
63
|
let result = {};
|
|
52
64
|
for (let name of this.bucket_parameters) {
|
|
53
|
-
const value = this.
|
|
65
|
+
const value = this.parameter_extractors[name].lookupParameterValue(parameters);
|
|
54
66
|
if (isJsonValue(value)) {
|
|
55
67
|
result[`bucket.${name}`] = value;
|
|
56
68
|
}
|
|
@@ -62,5 +74,23 @@ export class StaticSqlParameterQuery {
|
|
|
62
74
|
}
|
|
63
75
|
return [getBucketId(this.descriptor_name, this.bucket_parameters, result)];
|
|
64
76
|
}
|
|
77
|
+
get hasAuthenticatedBucketParameters() {
|
|
78
|
+
// select where request.jwt() ->> 'role' == 'authorized'
|
|
79
|
+
// we do not count this as a sufficient check
|
|
80
|
+
// const authenticatedFilter = this.filter!.usesAuthenticatedRequestParameters;
|
|
81
|
+
// select request.user_id() as user_id
|
|
82
|
+
const authenticatedExtractor = Object.values(this.parameter_extractors).find((clause) => isParameterValueClause(clause) && clause.usesAuthenticatedRequestParameters) != null;
|
|
83
|
+
return authenticatedExtractor;
|
|
84
|
+
}
|
|
85
|
+
get usesUnauthenticatedRequestParameters() {
|
|
86
|
+
// select where request.parameters() ->> 'include_comments'
|
|
87
|
+
const unauthenticatedFilter = this.filter.usesUnauthenticatedRequestParameters;
|
|
88
|
+
// select request.parameters() ->> 'project_id'
|
|
89
|
+
const unauthenticatedExtractor = Object.values(this.parameter_extractors).find((clause) => isParameterValueClause(clause) && clause.usesUnauthenticatedRequestParameters) != null;
|
|
90
|
+
return unauthenticatedFilter || unauthenticatedExtractor;
|
|
91
|
+
}
|
|
92
|
+
get usesDangerousRequestParameters() {
|
|
93
|
+
return this.usesUnauthenticatedRequestParameters && !this.hasAuthenticatedBucketParameters;
|
|
94
|
+
}
|
|
65
95
|
}
|
|
66
96
|
//# sourceMappingURL=StaticSqlParameterQuery.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"StaticSqlParameterQuery.js","sourceRoot":"","sources":["../src/StaticSqlParameterQuery.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"StaticSqlParameterQuery.js","sourceRoot":"","sources":["../src/StaticSqlParameterQuery.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAC3C,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAAE,wBAAwB,EAAE,aAAa,EAAE,sBAAsB,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAE/G,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAEtD;;;;;GAKG;AACH,MAAM,OAAO,uBAAuB;IAApC;QAoDE,yBAAoB,GAAyC,EAAE,CAAC;QAShE,WAAM,GAAmB,EAAE,CAAC;IAwD9B,CAAC;IApHC,MAAM,CAAC,OAAO,CAAC,eAAuB,EAAE,GAAW,EAAE,CAAsB,EAAE,OAA2B;QACtG,MAAM,KAAK,GAAG,IAAI,uBAAuB,EAAE,CAAC;QAE5C,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,wBAAwB,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC;QAEvD,MAAM,KAAK,GAAG,IAAI,QAAQ,CAAC;YACzB,KAAK,EAAE,SAAS;YAChB,gBAAgB,EAAE,CAAC,kBAAkB,EAAE,iBAAiB,CAAC;YACzD,8BAA8B,EAAE,IAAI;YACpC,GAAG;SACJ,CAAC,CAAC;QACH,MAAM,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC;QAEtB,MAAM,MAAM,GAAG,KAAK,CAAC,8BAA8B,CAAC,KAAK,CAAC,CAAC;QAC3D,MAAM,OAAO,GAAG,CAAC,CAAC,OAAO,IAAI,EAAE,CAAC;QAChC,MAAM,iBAAiB,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,KAAK,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;QAE/E,KAAK,CAAC,GAAG,GAAG,GAAG,CAAC;QAChB,KAAK,CAAC,eAAe,GAAG,eAAe,CAAC;QACxC,KAAK,CAAC,iBAAiB,GAAG,iBAAiB,CAAC;QAC5C,KAAK,CAAC,OAAO,GAAG,OAAO,CAAC;QACxB,KAAK,CAAC,KAAK,GAAG,KAAK,CAAC;QACpB,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,EAAE;YAC1B,KAAK,CAAC,MAAM,GAAG,MAAM,CAAC;SACvB;QAED,KAAK,IAAI,MAAM,IAAI,OAAO,EAAE;YAC1B,MAAM,IAAI,GAAG,KAAK,CAAC,qBAAqB,CAAC,MAAM,CAAC,CAAC;YACjD,MAAM,SAAS,GAAG,KAAK,CAAC,8BAA8B,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;YACpE,IAAI,aAAa,CAAC,SAAS,CAAC,EAAE;gBAC5B,uBAAuB;gBACvB,SAAS;aACV;YACD,KAAK,CAAC,oBAAoB,CAAC,IAAI,CAAC,GAAG,SAAS,CAAC;SAC9C;QAED,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC;QAEnC,IAAI,KAAK,CAAC,8BAA8B,IAAI,CAAC,OAAO,EAAE,oCAAoC,EAAE;YAC1F,IAAI,GAAG,GAAG,IAAI,YAAY,CACxB,qKAAqK,EACrK,GAAG,CACJ,CAAC;YACF,GAAG,CAAC,IAAI,GAAG,SAAS,CAAC;YACrB,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;SACxB;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAeD,kBAAkB,CAAC,UAA6B;QAC9C,IAAI,IAAI,CAAC,MAAM,IAAI,IAAI,EAAE;YACvB,yBAAyB;YACzB,OAAO,EAAE,CAAC;SACX;QACD,MAAM,WAAW,GAAG,IAAI,CAAC,MAAM,CAAC,oBAAoB,CAAC,UAAU,CAAC,CAAC;QACjE,IAAI,UAAU,CAAC,WAAW,CAAC,KAAK,EAAE,EAAE;YAClC,OAAO,EAAE,CAAC;SACX;QAED,IAAI,MAAM,GAAoC,EAAE,CAAC;QACjD,KAAK,IAAI,IAAI,IAAI,IAAI,CAAC,iBAAkB,EAAE;YACxC,MAAM,KAAK,GAAG,IAAI,CAAC,oBAAoB,CAAC,IAAI,CAAC,CAAC,oBAAoB,CAAC,UAAU,CAAC,CAAC;YAC/E,IAAI,WAAW,CAAC,KAAK,CAAC,EAAE;gBACtB,MAAM,CAAC,UAAU,IAAI,EAAE,CAAC,GAAG,KAAK,CAAC;aAClC;iBAAM;gBACL,aAAa;gBACb,2BAA2B;gBAC3B,OAAO,EAAE,CAAC;aACX;SACF;QAED,OAAO,CAAC,WAAW,CAAC,IAAI,CAAC,eAAgB,EAAE,IAAI,CAAC,iBAAkB,EAAE,MAAM,CAAC,CAAC,CAAC;IAC/E,CAAC;IAED,IAAI,gCAAgC;QAClC,wDAAwD;QACxD,6CAA6C;QAC7C,+EAA+E;QAE/E,sCAAsC;QACtC,MAAM,sBAAsB,GAC1B,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC,IAAI,CAC3C,CAAC,MAAM,EAAE,EAAE,CAAC,sBAAsB,CAAC,MAAM,CAAC,IAAI,MAAM,CAAC,kCAAkC,CACxF,IAAI,IAAI,CAAC;QACZ,OAAO,sBAAsB,CAAC;IAChC,CAAC;IAED,IAAI,oCAAoC;QACtC,2DAA2D;QAC3D,MAAM,qBAAqB,GAAG,IAAI,CAAC,MAAO,CAAC,oCAAoC,CAAC;QAEhF,+CAA+C;QAC/C,MAAM,wBAAwB,GAC5B,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC,IAAI,CAC3C,CAAC,MAAM,EAAE,EAAE,CAAC,sBAAsB,CAAC,MAAM,CAAC,IAAI,MAAM,CAAC,oCAAoC,CAC1F,IAAI,IAAI,CAAC;QAEZ,OAAO,qBAAqB,IAAI,wBAAwB,CAAC;IAC3D,CAAC;IAED,IAAI,8BAA8B;QAChC,OAAO,IAAI,CAAC,oCAAoC,IAAI,CAAC,IAAI,CAAC,gCAAgC,CAAC;IAC7F,CAAC;CACF"}
|
package/dist/index.d.ts
CHANGED
package/dist/index.js
CHANGED
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,aAAa,CAAC;AAC5B,cAAc,iBAAiB,CAAC;AAChC,cAAc,2BAA2B,CAAC;AAC1C,cAAc,kBAAkB,CAAC;AACjC,cAAc,oBAAoB,CAAC;AACnC,cAAc,mBAAmB,CAAC;AAClC,cAAc,mBAAmB,CAAC;AAClC,cAAc,YAAY,CAAC;AAC3B,cAAc,YAAY,CAAC;AAC3B,cAAc,wBAAwB,CAAC;AACvC,cAAc,kBAAkB,CAAC;AACjC,cAAc,mBAAmB,CAAC;AAClC,cAAc,qBAAqB,CAAC;AACpC,cAAc,sBAAsB,CAAC;AACrC,cAAc,0BAA0B,CAAC;AACzC,cAAc,wBAAwB,CAAC;AACvC,cAAc,iBAAiB,CAAC;AAChC,cAAc,mBAAmB,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,aAAa,CAAC;AAC5B,cAAc,iBAAiB,CAAC;AAChC,cAAc,2BAA2B,CAAC;AAC1C,cAAc,kBAAkB,CAAC;AACjC,cAAc,oBAAoB,CAAC;AACnC,cAAc,mBAAmB,CAAC;AAClC,cAAc,mBAAmB,CAAC;AAClC,cAAc,YAAY,CAAC;AAC3B,cAAc,YAAY,CAAC;AAC3B,cAAc,wBAAwB,CAAC;AACvC,cAAc,kBAAkB,CAAC;AACjC,cAAc,mBAAmB,CAAC;AAClC,cAAc,qBAAqB,CAAC;AACpC,cAAc,sBAAsB,CAAC;AACrC,cAAc,0BAA0B,CAAC;AACzC,cAAc,wBAAwB,CAAC;AACvC,cAAc,iBAAiB,CAAC;AAChC,cAAc,mBAAmB,CAAC;AAClC,cAAc,wBAAwB,CAAC"}
|
package/dist/json_schema.js
CHANGED
|
@@ -15,6 +15,10 @@ export const syncRulesSchema = {
|
|
|
15
15
|
required: ['data'],
|
|
16
16
|
examples: [{ data: ['select * from mytable'] }],
|
|
17
17
|
properties: {
|
|
18
|
+
accept_potentially_dangerous_queries: {
|
|
19
|
+
description: 'If true, disables warnings on potentially dangerous queries',
|
|
20
|
+
type: 'boolean'
|
|
21
|
+
},
|
|
18
22
|
parameters: {
|
|
19
23
|
description: 'Parameter query(ies)',
|
|
20
24
|
anyOf: [
|
package/dist/json_schema.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"json_schema.js","sourceRoot":"","sources":["../src/json_schema.ts"],"names":[],"mappings":"AAAA,OAAO,SAAS,MAAM,KAAK,CAAC;AAC5B,sDAAsD;AACtD,MAAM,GAAG,GAAG,SAAS,CAAC,OAAO,IAAI,SAAS,CAAC;AAC3C,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,EAAE,SAAS,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;AAExD,MAAM,CAAC,MAAM,eAAe,GAAqB;IAC/C,IAAI,EAAE,QAAQ;IACd,UAAU,EAAE;QACV,kBAAkB,EAAE;YAClB,IAAI,EAAE,QAAQ;YACd,WAAW,EAAE,4BAA4B;YACzC,QAAQ,EAAE,CAAC,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,uBAAuB,EAAE,EAAE,CAAC;YACzD,iBAAiB,EAAE;gBACjB,IAAI,EAAE;oBACJ,IAAI,EAAE,QAAQ;oBACd,QAAQ,EAAE,CAAC,MAAM,CAAC;oBAClB,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,uBAAuB,CAAC,EAAE,CAAC;oBAC/C,UAAU,EAAE;wBACV,UAAU,EAAE;4BACV,WAAW,EAAE,sBAAsB;4BACnC,KAAK,EAAE;gCACL,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,iBAAiB,EAAE;gCAClD;oCACE,IAAI,EAAE,OAAO;oCACb,WAAW,EAAE,mBAAmB;oCAChC,KAAK,EAAE;wCACL,IAAI,EAAE,QAAQ;qCACf;iCACF;6BACF;yBACF;wBACD,IAAI,EAAE;4BACJ,IAAI,EAAE,OAAO;4BACb,WAAW,EAAE,cAAc;4BAC3B,KAAK,EAAE;gCACL,IAAI,EAAE,QAAQ;6BACf;yBACF;qBACF;oBACD,oBAAoB,EAAE,KAAK;iBAC5B;aACF;SACF;KACF;IACD,QAAQ,EAAE,CAAC,oBAAoB,CAAC;IAChC,oBAAoB,EAAE,KAAK;CACnB,CAAC;AAEX,MAAM,CAAC,MAAM,uBAAuB,GAAQ,GAAG,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC"}
|
|
1
|
+
{"version":3,"file":"json_schema.js","sourceRoot":"","sources":["../src/json_schema.ts"],"names":[],"mappings":"AAAA,OAAO,SAAS,MAAM,KAAK,CAAC;AAC5B,sDAAsD;AACtD,MAAM,GAAG,GAAG,SAAS,CAAC,OAAO,IAAI,SAAS,CAAC;AAC3C,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,EAAE,SAAS,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;AAExD,MAAM,CAAC,MAAM,eAAe,GAAqB;IAC/C,IAAI,EAAE,QAAQ;IACd,UAAU,EAAE;QACV,kBAAkB,EAAE;YAClB,IAAI,EAAE,QAAQ;YACd,WAAW,EAAE,4BAA4B;YACzC,QAAQ,EAAE,CAAC,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,uBAAuB,EAAE,EAAE,CAAC;YACzD,iBAAiB,EAAE;gBACjB,IAAI,EAAE;oBACJ,IAAI,EAAE,QAAQ;oBACd,QAAQ,EAAE,CAAC,MAAM,CAAC;oBAClB,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,uBAAuB,CAAC,EAAE,CAAC;oBAC/C,UAAU,EAAE;wBACV,oCAAoC,EAAE;4BACpC,WAAW,EAAE,6DAA6D;4BAC1E,IAAI,EAAE,SAAS;yBAChB;wBACD,UAAU,EAAE;4BACV,WAAW,EAAE,sBAAsB;4BACnC,KAAK,EAAE;gCACL,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,iBAAiB,EAAE;gCAClD;oCACE,IAAI,EAAE,OAAO;oCACb,WAAW,EAAE,mBAAmB;oCAChC,KAAK,EAAE;wCACL,IAAI,EAAE,QAAQ;qCACf;iCACF;6BACF;yBACF;wBACD,IAAI,EAAE;4BACJ,IAAI,EAAE,OAAO;4BACb,WAAW,EAAE,cAAc;4BAC3B,KAAK,EAAE;gCACL,IAAI,EAAE,QAAQ;6BACf;yBACF;qBACF;oBACD,oBAAoB,EAAE,KAAK;iBAC5B;aACF;SACF;KACF;IACD,QAAQ,EAAE,CAAC,oBAAoB,CAAC;IAChC,oBAAoB,EAAE,KAAK;CACnB,CAAC;AAEX,MAAM,CAAC,MAAM,uBAAuB,GAAQ,GAAG,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC"}
|