@wowoengine/sawitdb 2.5.0 → 2.6.0

package/src/server/DatabaseRegistry.js

@@ -0,0 +1,92 @@
+const fs = require('fs');
+const path = require('path');
+const SawitDB = require('../WowoEngine');
+
+class DatabaseRegistry {
+    constructor(dataDir, config) {
+        this.dataDir = dataDir;
+        this.config = config;
+        this.databases = new Map(); // name -> SawitDB instance
+        this.walConfig = config.wal || { enabled: false };
+
+        // Ensure data directory exists
+        if (!fs.existsSync(this.dataDir)) {
+            fs.mkdirSync(this.dataDir, { recursive: true });
+        }
+    }
+
+    validateName(name) {
+        if (!name || typeof name !== 'string') {
+            throw new Error("Database name required");
+        }
+        // Prevent Path Traversal and illegal chars
+        if (!/^[a-zA-Z0-9_-]+$/.test(name)) {
+            throw new Error("Invalid database name. Only alphanumeric, hyphen, and underscore allowed.");
+        }
+        if (name.includes('..') || name.includes('/') || name.includes('\\')) {
+            throw new Error("Invalid database name (Path Traversal attempt).");
+        }
+        return true;
+    }
+
+    get(name) {
+        this.validateName(name);
+        return this.getOrCreate(name);
+    }
+
+    getOrCreate(name) {
+        if (!this.databases.has(name)) {
+            const dbPath = path.join(this.dataDir, `${name}.sawit`);
+            const db = new SawitDB(dbPath, { wal: this.walConfig });
+            this.databases.set(name, db);
+        }
+        return this.databases.get(name);
+    }
+
+    exists(name) {
+        const dbPath = path.join(this.dataDir, `${name}.sawit`);
+        return fs.existsSync(dbPath);
+    }
+
+    create(name) {
+        this.validateName(name);
+        return this.getOrCreate(name);
+    }
+
+    drop(name) {
+        this.validateName(name);
+        const dbPath = path.join(this.dataDir, `${name}.sawit`);
+        if (!fs.existsSync(dbPath)) {
+            throw new Error(`Database '${name}' does not exist`);
+        }
+
+        // Close if open
+        if (this.databases.has(name)) {
+            this.databases.get(name).close();
+            this.databases.delete(name);
+        }
+
+        // Delete file
+        fs.unlinkSync(dbPath);
+    }
+
+    list() {
+        return fs.readdirSync(this.dataDir)
+            .filter((file) => file.endsWith('.sawit'))
+            .map((file) => file.replace('.sawit', ''));
+    }
+
+    closeAll() {
+        for (const [name, db] of this.databases) {
+            try {
+                console.log(`[Server] Closing database: ${name}`);
+                db.close();
+            } catch (e) {
+                console.error(`[Server] Error closing database ${name}:`, e.message);
+            }
+        }
+        this.databases.clear();
+    }
+}
+
+module.exports = DatabaseRegistry;

package/src/server/auth/AuthManager.js

@@ -0,0 +1,92 @@
+const crypto = require('crypto');
+
+class AuthManager {
+    constructor(server) {
+        this.server = server;
+        this.authConfig = server.config.auth || null;
+    }
+
+    isEnabled() {
+        return !!this.authConfig;
+    }
+
+    /**
+     * Hash a password using SHA-256 with salt
+     * @param {string} password - Plain text password
+     * @param {string} salt - Optional salt (generated if not provided)
+     * @returns {string} - Format: salt:hash
+     */
+    static hashPassword(password, salt = null) {
+        salt = salt || crypto.randomBytes(16).toString('hex');
+        const hash = crypto
+            .createHash('sha256')
+            .update(salt + password)
+            .digest('hex');
+        return `${salt}:${hash}`;
+    }
+
+    /**
+     * Verify a password against a stored hash using timing-safe comparison
+     * @param {string} password - Plain text password to verify
+     * @param {string} storedHash - Stored hash in format "salt:hash" or plain text
+     * @returns {boolean}
+     */
+    verifyPassword(password, storedHash) {
+        // Support both hashed (salt:hash) and legacy plaintext passwords
+        if (storedHash.includes(':')) {
+            const [salt, hash] = storedHash.split(':');
+            const computedHash = crypto
+                .createHash('sha256')
+                .update(salt + password)
+                .digest('hex');
+            // Timing-safe comparison to prevent timing attacks
+            try {
+                return crypto.timingSafeEqual(
+                    Buffer.from(hash, 'hex'),
+                    Buffer.from(computedHash, 'hex')
+                );
+            } catch (e) {
+                return false;
+            }
+        } else {
+            // Legacy plaintext comparison with timing-safe method
+            // Pad both strings to same length to prevent length-based timing attacks
+            const maxLen = Math.max(password.length, storedHash.length);
+            const paddedInput = password.padEnd(maxLen, '\0');
+            const paddedStored = storedHash.padEnd(maxLen, '\0');
+            try {
+                return crypto.timingSafeEqual(
+                    Buffer.from(paddedInput),
+                    Buffer.from(paddedStored)
+                );
+            } catch (e) {
+                return false;
+            }
+        }
+    }
+
+    handleAuth(socket, payload, session) {
+        const { username, password } = payload;
+
+        if (!this.isEnabled()) {
+            session.setAuth(true);
+            return this.server.sendResponse(socket, {
+                type: 'auth_success',
+                message: 'No authentication required'
+            });
+        }
+
+        const storedPassword = this.authConfig[username];
+        if (storedPassword && this.verifyPassword(password, storedPassword)) {
+            session.setAuth(true);
+            this.server.sendResponse(socket, {
+                type: 'auth_success',
+                message: 'Authentication successful'
+            });
+        } else {
+            this.server.sendError(socket, 'Invalid credentials');
+        }
+    }
+}
+
+module.exports = AuthManager;

package/src/server/router/RequestRouter.js

@@ -0,0 +1,278 @@
+class RequestRouter {
+    constructor(server) {
+        this.server = server;
+        this.dbRegistry = server.dbRegistry;
+        this.authManager = server.authManager;
+    }
+
+    handle(socket, request, session) {
+        const { type, payload } = request;
+
+        // Authentication check
+        if (this.authManager.isEnabled() && !session.authenticated && type !== 'auth') {
+            return this.server.sendError(socket, 'Authentication required');
+        }
+
+        switch (type) {
+            case 'auth':
+                this.authManager.handleAuth(socket, payload, session);
+                break;
+
+            case 'use':
+                this.handleUseDatabase(socket, payload, session);
+                break;
+
+            case 'query':
+                this.handleQuery(socket, payload, session);
+                break;
+
+            case 'ping':
+                this.server.sendResponse(socket, { type: 'pong', timestamp: Date.now() });
+                break;
+
+            case 'list_databases':
+                this.handleListDatabases(socket);
+                break;
+
+            case 'drop_database':
+                this.handleDropDatabase(socket, payload, session);
+                break;
+
+            case 'stats':
+                this.handleStats(socket);
+                break;
+
+            default:
+                this.server.sendError(socket, `Unknown request type: ${type}`);
+        }
+    }
+
+    handleUseDatabase(socket, payload, session) {
+        const { database } = payload;
+
+        if (!database || typeof database !== 'string') {
+            return this.server.sendError(socket, 'Invalid database name');
+        }
+
+        // Validate database name (alphanumeric, underscore, dash)
+        if (!/^[a-zA-Z0-9_-]+$/.test(database)) {
+            return this.server.sendError(
+                socket,
+                'Database name can only contain letters, numbers, underscore, and dash'
+            );
+        }
+
+        try {
+            this.dbRegistry.getOrCreate(database);
+            session.setDatabase(database);
+            this.server.sendResponse(socket, {
+                type: 'use_success',
+                database,
+                message: `Switched to database '${database}'`
+            });
+        } catch (err) {
+            this.server.sendError(socket, `Failed to use database: ${err.message}`);
+        }
+    }
+
+    async handleQuery(socket, payload, session) {
+        const { query, params } = payload;
+        const startTime = Date.now();
+
+        // --- Intercept Server-Level Commands (Wilayah Management) ---
+        const qUpper = query.trim().toUpperCase();
+
+        // 1. LIHAT WILAYAH
+        if (qUpper === 'LIHAT WILAYAH' || qUpper === 'SHOW DATABASES') {
+            try {
+                const list = this.dbRegistry.list()
+                    .map((f) => `- ${f}`)
+                    .join('\n');
+                const result = `Daftar Wilayah:\n${list}`;
+
+                return this.server.sendResponse(socket, {
+                    type: 'query_result',
+                    result,
+                    query,
+                    executionTime: Date.now() - startTime
+                });
+            } catch (err) {
+                return this.server.sendError(socket, `Gagal melihat wilayah: ${err.message}`);
+            }
+        }
+
+        // 2. BUKA WILAYAH / CREATE DATABASE
+        if (qUpper.startsWith('BUKA WILAYAH') || qUpper.startsWith('CREATE DATABASE')) {
+            const parts = query.trim().split(/\s+/);
+            // Index 2 is name (BUKA WILAYAH name OR CREATE DATABASE name)
+            if (parts.length < 3) {
+                return this.server.sendError(socket, 'Syntax: BUKA WILAYAH [nama]');
+            }
+            const dbName = parts[2];
+
+            try {
+                if (!/^[a-zA-Z0-9_-]+$/.test(dbName)) {
+                    return this.server.sendError(socket, 'Nama wilayah hanya boleh huruf, angka, _ dan -');
+                }
+
+                if (this.dbRegistry.exists(dbName)) {
+                    return this.server.sendResponse(socket, {
+                        type: 'query_result',
+                        result: `Wilayah '${dbName}' sudah ada.`,
+                        query,
+                        executionTime: Date.now() - startTime
+                    });
+                }
+
+                this.dbRegistry.create(dbName);
+                return this.server.sendResponse(socket, {
+                    type: 'query_result',
+                    result: `Wilayah '${dbName}' berhasil dibuka.`,
+                    query,
+                    executionTime: Date.now() - startTime
+                });
+            } catch (err) {
+                return this.server.sendError(socket, `Gagal membuka wilayah: ${err.message}`);
+            }
+        }
+
+        // 3. MASUK WILAYAH / USE
+        if (qUpper.startsWith('MASUK WILAYAH') || qUpper.startsWith('USE ')) {
+            const parts = query.trim().split(/\s+/);
+            const dbName = parts[1] === 'WILAYAH' ? parts[2] : parts[1]; // Handle MASUK WILAYAH vs USE
+
+            if (!dbName) return this.server.sendError(socket, 'Syntax: MASUK WILAYAH [nama]');
+
+            if (!this.dbRegistry.exists(dbName)) {
+                return this.server.sendError(socket, `Wilayah '${dbName}' tidak ditemukan.`);
+            }
+
+            session.setDatabase(dbName);
+            return this.server.sendResponse(socket, {
+                type: 'query_result',
+                result: `Selamat datang di wilayah '${dbName}'.`,
+                query,
+                executionTime: Date.now() - startTime
+            });
+        }
+
+        // 4. BAKAR WILAYAH / DROP DATABASE
+        if (qUpper.startsWith('BAKAR WILAYAH') || qUpper.startsWith('DROP DATABASE')) {
+            const parts = query.trim().split(/\s+/);
+            const dbName = parts[1] === 'WILAYAH' ? parts[2] : parts[parts.length - 1]; // BAKAR WILAYAH name vs DROP DATABASE name
+            // Simple split logic might fail on extra spaces, but good enough for now.
+            // Strict parsing:
+            const nameIndex = qUpper.startsWith('BAKAR') ? 2 : 2;
+            const targetName = parts[nameIndex];
+
+            if (!targetName) return this.server.sendError(socket, 'Syntax: BAKAR WILAYAH [nama]');
+
+            try {
+                this.dbRegistry.drop(targetName);
+                if (session.currentDatabase === targetName) {
+                    session.setDatabase(null);
+                }
+                return this.server.sendResponse(socket, {
+                    type: 'query_result',
+                    result: `Wilayah '${targetName}' telah hangus terbakar.`,
+                    query,
+                    executionTime: Date.now() - startTime
+                });
+            } catch (err) {
+                return this.server.sendError(socket, `Gagal membakar wilayah: ${err.message}`);
+            }
+        }
+
+        // --- End Intercept ---
+
+        if (!session.currentDatabase) {
+            return this.server.sendError(
+                socket,
+                'Anda belum masuk wilayah manapun. Gunakan: MASUK WILAYAH [nama]'
+            );
+        }
+
+        try {
+            let result;
+            if (this.server.threadPool) {
+                // Offload to Worker Thread (assuming ThreadPool interface matches)
+                const dbPath = this.dbRegistry.get(session.currentDatabase).pager.filePath; // Hack to get path or use Registry
+                // But Registry creates path. 
+                // Let's rely on Registry.get(name) returning db instance.
+                // But ThreadPool needs path.
+                const fullPath = require('path').join(this.dbRegistry.dataDir, `${session.currentDatabase}.sawit`);
+                result = await this.server.threadPool.execute(fullPath, query, this.server.dbRegistry.walConfig);
+            } else {
+                // Local Execution
+                const db = this.dbRegistry.get(session.currentDatabase);
+                result = await Promise.resolve(db.query(query, params));
+            }
+
+            const duration = Date.now() - startTime;
+            this.server.stats.totalQueries++;
+            this.server.log('debug', `Query: ${query}`, { duration });
+
+            this.server.sendResponse(socket, {
+                type: 'query_result',
+                result,
+                query,
+                executionTime: duration
+            });
+        } catch (err) {
+            this.server.log('error', `Query failed: ${err.message}`);
+            this.server.stats.errors++;
+            this.server.sendError(socket, `Query error: ${err.message}`);
+        }
+    }
+
+    handleListDatabases(socket) {
+        try {
+            const databases = this.dbRegistry.list();
+            this.server.sendResponse(socket, {
+                type: 'database_list',
+                databases,
+                count: databases.length
+            });
+        } catch (err) {
+            this.server.sendError(socket, `Failed to list databases: ${err.message}`);
+        }
+    }
+
+    handleDropDatabase(socket, payload, session) {
+        const { database } = payload;
+        if (!database) return this.server.sendError(socket, 'Database name required');
+
+        try {
+            this.dbRegistry.drop(database);
+            if (session.currentDatabase === database) {
+                session.setDatabase(null);
+            }
+            this.server.sendResponse(socket, {
+                type: 'drop_success',
+                database,
+                message: `Database '${database}' has been burned (dropped)`
+            });
+        } catch (err) {
+            this.server.sendError(socket, `Failed to drop database: ${err.message}`);
+        }
+    }
+
+    handleStats(socket) {
+        const uptime = Date.now() - this.server.stats.startTime;
+        const stats = {
+            ...this.server.stats,
+            uptime,
+            uptimeFormatted: this.server.formatUptime(uptime),
+            databases: this.dbRegistry.databases.size,
+            memoryUsage: process.memoryUsage(),
+            workers: this.server.threadPool ? this.server.threadPool.getStats() : null,
+        };
+
+        this.server.sendResponse(socket, {
+            type: 'stats',
+            stats
+        });
+    }
+}
+
+module.exports = RequestRouter;

package/src/server/session/ClientSession.js

@@ -0,0 +1,19 @@
+class ClientSession {
+    constructor(socket, clientId) {
+        this.socket = socket;
+        this.clientId = clientId;
+        this.authenticated = false;
+        this.currentDatabase = null;
+        this.connectedAt = Date.now();
+    }
+
+    setAuth(isAuthenticated) {
+        this.authenticated = isAuthenticated;
+    }
+
+    setDatabase(databaseName) {
+        this.currentDatabase = databaseName;
+    }
+}
+
+module.exports = ClientSession;

package/src/services/IndexManager.js

@@ -0,0 +1,183 @@
+const BTreeIndex = require('../modules/BTreeIndex');
+
+class IndexManager {
+    constructor(db) {
+        this.db = db;
+        // Indexes are stored in db.indexes for now to maintain state
+        // access via db.indexes
+    }
+
+    get indexes() {
+        return this.db.indexes;
+    }
+
+    createIndex(table, field) {
+        const entry = this.db.tableManager
+            ? this.db.tableManager.findTableEntry(table)
+            : this.db._findTableEntry(table);
+
+        if (!entry) throw new Error(`Kebun '${table}' tidak ditemukan.`);
+
+        const indexKey = `${table}.${field}`;
+        if (this.indexes.has(indexKey)) {
+            return `Indeks pada '${table}.${field}' sudah ada.`;
+        }
+
+        // Create index
+        const index = new BTreeIndex();
+        index.name = indexKey;
+        index.keyField = field;
+
+        // Build index from existing data
+        // We need a way to scan the table. 
+        // If TableManager has no scan capability yet, use db._select or db._scanTable fallback
+        // Ideally this logic belongs here or uses a Scanner service.
+        // For now, assuming db._select or similar is available or we replicate scan logic.
+        // Actually, db._select depends on QueryExecutor now?
+        // Let's rely on db._select being available (maybe delegating to SelectExecutor!)
+        // Circular dependency risk: SelectExecutor needs IndexManager, IndexManager needs SelectExecutor logic?
+        // Index building needs a simple table scan.
+        // Let's imply we can use db._scanTable directly if available.
+
+        let allRecords = [];
+        if (this.db._scanTable) {
+            // Use low-level scan if available, WITH HINTS to capture _pageId
+            allRecords = this.db._scanTable(entry, null, null, true);
+        } else if (this.db.query) {
+            // Use high level query? Risky.
+            // Assume _scanTable is preserved or moved to a Scanner.
+            // For now, let's assume WowoEngine keeps _scanTable or we move it to TableScanner.
+            // Let's use `db._scanTable` assuming it exists.
+            allRecords = this.db._scanTable(entry, null, null, true);
+        }
+
+        for (const record of allRecords) {
+            if (record.hasOwnProperty(field)) {
+                index.insert(record[field], record);
+            }
+        }
+
+        this.indexes.set(indexKey, index);
+
+        // PERSISTENCE: Save to _indexes table
+        try {
+            // Use db._insert to persist request. 
+            // If InsertExecutor delegates to db._insert, or db._insert uses InsertExecutor?
+            // Safer to allow db._insert if it resolves to the executor.
+            this.db._insert('_indexes', { table, field });
+        } catch (e) {
+            console.error("Failed to persist index definition", e);
+        }
+
+        return `Indeks dibuat pada '${table}.${field}' (${allRecords.length} records indexed)`;
+    }
+
+    updateIndexes(table, newObj, oldObj) {
+        // If oldObj is null, it's an INSERT. If newObj is null, it's a DELETE. Both? Update.
+
+        for (const [indexKey, index] of this.indexes) {
+            const [tbl, field] = indexKey.split('.');
+            if (tbl !== table) continue; // Wrong table
+
+            // 1. Remove old value from index (if exists and changed)
+            if (oldObj && oldObj.hasOwnProperty(field)) {
+                // Only remove if value changed OR it's a delete (newObj is null)
+                // If update, check if value diff
+                if (!newObj || newObj[field] !== oldObj[field]) {
+                    index.delete(oldObj[field]);
+                }
+            }
+
+            // 2. Insert new value (if exists)
+            if (newObj && newObj.hasOwnProperty(field)) {
+                // Only insert if it's new OR value changed
+                if (!oldObj || newObj[field] !== oldObj[field]) {
+                    index.insert(newObj[field], newObj);
+                }
+            }
+        }
+    }
+
+    removeFromIndexes(table, data) {
+        for (const [indexKey, index] of this.indexes) {
+            const [tbl, field] = indexKey.split('.');
+            if (tbl === table && data.hasOwnProperty(field)) {
+                index.delete(data[field]); // Basic deletion from B-Tree
+            }
+        }
+    }
+
+    showIndexes(table) {
+        if (table) {
+            const indexes = [];
+            for (const [key, index] of this.indexes) {
+                if (key.startsWith(table + '.')) {
+                    indexes.push(index.stats());
+                }
+            }
+            return indexes.length > 0 ? indexes : `Tidak ada indeks pada '${table}'`;
+        } else {
+            const allIndexes = [];
+            for (const index of this.indexes.values()) {
+                allIndexes.push(index.stats());
+            }
+            return allIndexes;
+        }
+    }
+
+    // Initial loader
+    loadIndexes() {
+        if (!this.db._select) return; // Wait until ready?
+
+        // Re-implement load indexes to include Hints
+        // We need to read _indexes.
+        // db._select might use SelectExecutor, which uses IndexManager... 
+        // Bootstrapping issue.
+        // We should use low-level scan for bootstrapping.
+
+        let indexRecords = [];
+        try {
+            // Manual scan of _indexes
+            const entry = this.db.tableManager
+                ? this.db.tableManager.findTableEntry('_indexes')
+                : this.db._findTableEntry('_indexes');
+
+            if (entry && this.db._scanTable) {
+                indexRecords = this.db._scanTable(entry, null);
+            }
+        } catch (e) { return; }
+
+        for (const rec of indexRecords) {
+            const table = rec.table;
+            const field = rec.field;
+            const indexKey = `${table}.${field}`;
+
+            if (!this.indexes.has(indexKey)) {
+                const index = new BTreeIndex();
+                index.name = indexKey;
+                index.keyField = field;
+
+                try {
+                    // Fetch all records with Hints
+                    const entry = this.db.tableManager
+                        ? this.db.tableManager.findTableEntry(table)
+                        : this.db._findTableEntry(table);
+
+                    if (entry && this.db._scanTable) {
+                        const allRecords = this.db._scanTable(entry, null, null, true); // true for Hints
+                        for (const record of allRecords) {
+                            if (record.hasOwnProperty(field)) {
+                                index.insert(record[field], record);
+                            }
+                        }
+                        this.indexes.set(indexKey, index);
+                    }
+                } catch (e) {
+                    console.error(`Failed to rebuild index ${indexKey}: ${e.message}`);
+                }
+            }
+        }
+    }
+}
+
+module.exports = IndexManager;

package/src/services/QueryExecutor.js

@@ -0,0 +1,11 @@
+class QueryExecutor {
+    constructor(db) {
+        this.db = db;
+    }
+
+    execute(cmd) {
+        throw new Error("Method 'execute' must be implemented");
+    }
+}
+
+module.exports = QueryExecutor;