@squadbase/vite-server 0.1.9-dev.f236b23 → 0.1.10-dev.5b0c0a8

package/dist/connectors/sqlserver.js

@@ -42,6 +42,131 @@ var ParameterDefinition = class {
   }
 };
 
+// ../connectors/src/lib/ssh-tunnel.ts
+var sshTunnelParameters = {
+  sshHost: new ParameterDefinition({
+    slug: "ssh-host",
+    name: "SSH Tunnel Host",
+    description: "Optional. Hostname of the SSH bastion to tunnel through. Leave empty to connect directly.",
+    envVarBaseKey: "SSH_TUNNEL_HOST",
+    type: "text",
+    secret: false,
+    required: false
+  }),
+  sshPort: new ParameterDefinition({
+    slug: "ssh-port",
+    name: "SSH Tunnel Port",
+    description: "Optional. SSH port of the bastion host (default: 22).",
+    envVarBaseKey: "SSH_TUNNEL_PORT",
+    type: "text",
+    secret: false,
+    required: false
+  }),
+  sshUsername: new ParameterDefinition({
+    slug: "ssh-username",
+    name: "SSH Tunnel Username",
+    description: "Optional. Username for SSH authentication. Required when SSH Tunnel Host is set.",
+    envVarBaseKey: "SSH_TUNNEL_USERNAME",
+    type: "text",
+    secret: false,
+    required: false
+  }),
+  sshPrivateKeyBase64: new ParameterDefinition({
+    slug: "ssh-private-key-base64",
+    name: "SSH Private Key",
+    description: "Optional. Private key (PEM, base64-encoded) used for SSH authentication. Required when SSH Tunnel Host is set.",
+    envVarBaseKey: "SSH_TUNNEL_PRIVATE_KEY_BASE64",
+    type: "base64EncodedText",
+    secret: true,
+    required: false
+  }),
+  sshPassphrase: new ParameterDefinition({
+    slug: "ssh-passphrase",
+    name: "SSH Private Key Passphrase",
+    description: "Optional. Passphrase for the SSH private key, if it is encrypted.",
+    envVarBaseKey: "SSH_TUNNEL_PASSPHRASE",
+    type: "text",
+    secret: true,
+    required: false
+  })
+};
+var NOOP_TUNNEL_HOSTPORT = (host, port) => ({
+  host,
+  port,
+  close: async () => {
+  }
+});
+function connectionParamsToRecord(connection2) {
+  const out = {};
+  for (const p of connection2.parameters) {
+    if (p.value != null) out[p.parameterSlug] = p.value;
+  }
+  return out;
+}
+async function maybeOpenSshTunnelHostPort(params, dbHost, dbPort) {
+  const sshHost = params[sshTunnelParameters.sshHost.slug];
+  if (!sshHost) return NOOP_TUNNEL_HOSTPORT(dbHost, dbPort);
+  const sshUsername = params[sshTunnelParameters.sshUsername.slug];
+  const sshPrivateKeyBase64 = params[sshTunnelParameters.sshPrivateKeyBase64.slug];
+  if (!sshUsername || !sshPrivateKeyBase64) {
+    throw new Error(
+      "SSH tunnel requires `ssh-username` and `ssh-private-key-base64` when `ssh-host` is set."
+    );
+  }
+  const sshPort = Number(params[sshTunnelParameters.sshPort.slug] || "22") || 22;
+  const sshPassphrase = params[sshTunnelParameters.sshPassphrase.slug];
+  const [{ Client }, net] = await Promise.all([
+    import("ssh2"),
+    import("net")
+  ]);
+  const sshClient = new Client();
+  await new Promise((resolve, reject) => {
+    sshClient.once("ready", () => resolve());
+    sshClient.once("error", reject);
+    sshClient.connect({
+      host: sshHost,
+      port: sshPort,
+      username: sshUsername,
+      privateKey: Buffer.from(sshPrivateKeyBase64, "base64"),
+      passphrase: sshPassphrase || void 0,
+      readyTimeout: 1e4
+    });
+  });
+  const server = net.createServer((socket) => {
+    sshClient.forwardOut(
+      socket.remoteAddress ?? "127.0.0.1",
+      socket.remotePort ?? 0,
+      dbHost,
+      dbPort,
+      (err, stream) => {
+        if (err) {
+          socket.destroy(err);
+          return;
+        }
+        socket.pipe(stream).pipe(socket);
+      }
+    );
+  });
+  await new Promise((resolve, reject) => {
+    server.once("error", reject);
+    server.listen(0, "127.0.0.1", () => resolve());
+  });
+  const address = server.address();
+  if (!address || typeof address === "string") {
+    server.close();
+    sshClient.end();
+    throw new Error("Failed to allocate local port for SSH tunnel.");
+  }
+  return {
+    host: "127.0.0.1",
+    port: address.port,
+    close: async () => {
+      await new Promise((resolve) => server.close(() => resolve()));
+      sshClient.end();
+    }
+  };
+}
+
 // ../connectors/src/connectors/sqlserver/utils.ts
 var SQLSERVER_PREFIX_RE = /^(?:jdbc:)?sqlserver:\/\//i;
 var TRUE_VALUES = /* @__PURE__ */ new Set(["true", "1", "yes"]);
@@ -120,17 +245,27 @@ async function importMssql() {
 }
 async function runMssqlQuery(parsed, sql, options = {}) {
   const sqlMod = await importMssql();
-  const config = toMssqlConfig(parsed, {
-    encrypt: options.forceEncrypt
-  });
-  const pool = new sqlMod.ConnectionPool(config);
-  await pool.connect();
+  const tunnel = options.tunnelParams ? await maybeOpenSshTunnelHostPort(
+    options.tunnelParams,
+    parsed.server,
+    parsed.port
+  ) : null;
   try {
-    const result = await pool.request().query(sql);
-    const recordset = result.recordset ?? [];
-    return { rows: recordset };
+    const tunneled = tunnel ? { ...parsed, server: tunnel.host, port: tunnel.port } : parsed;
+    const config = toMssqlConfig(tunneled, {
+      encrypt: options.forceEncrypt
+    });
+    const pool = new sqlMod.ConnectionPool(config);
+    await pool.connect();
+    try {
+      const result = await pool.request().query(sql);
+      const recordset = result.recordset ?? [];
+      return { rows: recordset };
+    } finally {
+      await pool.close();
+    }
   } finally {
-    await pool.close();
+    await tunnel?.close();
   }
 }
 async function checkMssqlConnection(url, credentials, options = {}) {
@@ -181,7 +316,8 @@ var parameters = {
     type: "text",
     secret: true,
     required: false
-  })
+  }),
+  ...sshTunnelParameters
 };
 
 // ../connectors/src/connectors/sqlserver/sdk/index.ts
@@ -197,7 +333,9 @@ function createClient(params) {
   const parsed = parseSqlServerJdbcUrl(jdbcUrl, { username, password });
   async function runQuery(sql) {
     try {
-      const { rows } = await runMssqlQuery(parsed, sql);
+      const { rows } = await runMssqlQuery(parsed, sql, {
+        tunnelParams: params
+      });
       return rows;
     } catch (err) {
       const msg = err instanceof Error ? err.message : String(err);
@@ -442,7 +580,9 @@ Avoid loading large amounts of data; always include \`TOP\` in queries.`,
       };
     }
     try {
-      const { rows } = await runMssqlQuery(parsed, sql);
+      const { rows } = await runMssqlQuery(parsed, sql, {
+        tunnelParams: connectionParamsToRecord(connection2)
+      });
       const truncated = rows.length > MAX_ROWS;
       return {
         success: true,
@@ -513,7 +653,8 @@ The business logic type for this connector is "sql".
       {
         username: params[parameters.username.slug],
         password: params[parameters.password.slug]
-      }
+      },
+      { tunnelParams: params }
     );
   },
   async query(params, sql, _namedParams) {
@@ -523,10 +664,12 @@ The business logic type for this connector is "sql".
     });
     const sample = unwrapSampleLimit(sql);
     if (sample) {
-      const result = await runMssqlQuery(parsed, sample.inner);
+      const result = await runMssqlQuery(parsed, sample.inner, {
+        tunnelParams: params
+      });
       return { rows: result.rows.slice(0, sample.limit) };
     }
-    return runMssqlQuery(parsed, sql);
+    return runMssqlQuery(parsed, sql, { tunnelParams: params });
   }
 });