dbgate-api-premium 5.5.7-alpha.45

package/src/controllers/archive.js

@@ -0,0 +1,217 @@
+const fs = require('fs-extra');
+const readline = require('readline');
+const crypto = require('crypto');
+const path = require('path');
+const { archivedir, clearArchiveLinksCache, resolveArchiveFolder } = require('../utility/directories');
+const socket = require('../utility/socket');
+const loadFilesRecursive = require('../utility/loadFilesRecursive');
+const getJslFileName = require('../utility/getJslFileName');
+const { getLogger, extractErrorLogData } = require('dbgate-tools');
+const dbgateApi = require('../shell');
+const jsldata = require('./jsldata');
+const platformInfo = require('../utility/platformInfo');
+
+const logger = getLogger('archive');
+
+module.exports = {
+  folders_meta: true,
+  async folders() {
+    const folders = await fs.readdir(archivedir());
+    return [
+      {
+        name: 'default',
+        type: 'jsonl',
+      },
+      ...folders
+        .filter(x => x != 'default')
+        .map(name => ({
+          name,
+          type: 'jsonl',
+        })),
+    ];
+  },
+
+  createFolder_meta: true,
+  async createFolder({ folder }) {
+    await fs.mkdir(path.join(archivedir(), folder));
+    socket.emitChanged('archive-folders-changed');
+    return true;
+  },
+
+  createLink_meta: true,
+  async createLink({ linkedFolder }) {
+    const folder = await this.getNewArchiveFolder({ database: path.parse(linkedFolder).name + '.link' });
+    fs.writeFile(path.join(archivedir(), folder), linkedFolder);
+    clearArchiveLinksCache();
+    socket.emitChanged('archive-folders-changed');
+    return folder;
+  },
+
+  files_meta: true,
+  async files({ folder }) {
+    try {
+      const dir = resolveArchiveFolder(folder);
+      if (!(await fs.exists(dir))) return [];
+      const files = await loadFilesRecursive(dir); // fs.readdir(dir);
+
+      function fileType(ext, type) {
+        return files
+          .filter(name => name.endsWith(ext))
+          .map(name => ({
+            name: name.slice(0, -ext.length),
+            label: path.parse(name.slice(0, -ext.length)).base,
+            type,
+          }));
+      }
+
+      return [
+        ...fileType('.jsonl', 'jsonl'),
+        ...fileType('.table.yaml', 'table.yaml'),
+        ...fileType('.view.sql', 'view.sql'),
+        ...fileType('.proc.sql', 'proc.sql'),
+        ...fileType('.func.sql', 'func.sql'),
+        ...fileType('.trigger.sql', 'trigger.sql'),
+        ...fileType('.matview.sql', 'matview.sql'),
+      ];
+    } catch (err) {
+      logger.error(extractErrorLogData(err), 'Error reading archive files');
+      return [];
+    }
+  },
+
+  refreshFiles_meta: true,
+  async refreshFiles({ folder }) {
+    socket.emitChanged('archive-files-changed', { folder });
+    return true;
+  },
+
+  refreshFolders_meta: true,
+  async refreshFolders() {
+    socket.emitChanged(`archive-folders-changed`);
+    return true;
+  },
+
+  deleteFile_meta: true,
+  async deleteFile({ folder, file, fileType }) {
+    await fs.unlink(path.join(resolveArchiveFolder(folder), `${file}.${fileType}`));
+    socket.emitChanged(`archive-files-changed`, { folder });
+    return true;
+  },
+
+  renameFile_meta: true,
+  async renameFile({ folder, file, newFile, fileType }) {
+    await fs.rename(
+      path.join(resolveArchiveFolder(folder), `${file}.${fileType}`),
+      path.join(resolveArchiveFolder(folder), `${newFile}.${fileType}`)
+    );
+    socket.emitChanged(`archive-files-changed`, { folder });
+    return true;
+  },
+
+  modifyFile_meta: true,
+  async modifyFile({ folder, file, changeSet, mergedRows, mergeKey, mergeMode }) {
+    await jsldata.closeDataStore(`archive://${folder}/${file}`);
+    const changedFilePath = path.join(resolveArchiveFolder(folder), `${file}.jsonl`);
+
+    if (!fs.existsSync(changedFilePath)) {
+      if (!mergedRows) {
+        return false;
+      }
+      const fileStream = fs.createWriteStream(changedFilePath);
+      for (const row of mergedRows) {
+        await fileStream.write(JSON.stringify(row) + '\n');
+      }
+      await fileStream.close();
+
+      socket.emitChanged(`archive-files-changed`, { folder });
+      return true;
+    }
+
+    const tmpchangedFilePath = path.join(resolveArchiveFolder(folder), `${file}-${crypto.randomUUID()}.jsonl`);
+    const reader = await dbgateApi.modifyJsonLinesReader({
+      fileName: changedFilePath,
+      changeSet,
+      mergedRows,
+      mergeKey,
+      mergeMode,
+    });
+    const writer = await dbgateApi.jsonLinesWriter({ fileName: tmpchangedFilePath });
+    await dbgateApi.copyStream(reader, writer);
+    if (platformInfo.isWindows) {
+      await fs.copyFile(tmpchangedFilePath, changedFilePath);
+      await fs.unlink(tmpchangedFilePath);
+    } else {
+      await fs.unlink(changedFilePath);
+      await fs.rename(tmpchangedFilePath, changedFilePath);
+    }
+    return true;
+  },
+
+  renameFolder_meta: true,
+  async renameFolder({ folder, newFolder }) {
+    const uniqueName = await this.getNewArchiveFolder({ database: newFolder });
+    await fs.rename(path.join(archivedir(), folder), path.join(archivedir(), uniqueName));
+    socket.emitChanged(`archive-folders-changed`);
+    return true;
+  },
+
+  deleteFolder_meta: true,
+  async deleteFolder({ folder }) {
+    if (!folder) throw new Error('Missing folder parameter');
+    if (folder.endsWith('.link')) {
+      await fs.unlink(path.join(archivedir(), folder));
+    } else {
+      await fs.rmdir(path.join(archivedir(), folder), { recursive: true });
+    }
+    socket.emitChanged(`archive-folders-changed`);
+    return true;
+  },
+
+  saveText_meta: true,
+  async saveText({ folder, file, text }) {
+    await fs.writeFile(path.join(resolveArchiveFolder(folder), `${file}.jsonl`), text);
+    socket.emitChanged(`archive-files-changed`, { folder });
+    return true;
+  },
+
+  saveJslData_meta: true,
+  async saveJslData({ folder, file, jslid, changeSet }) {
+    const source = getJslFileName(jslid);
+    const target = path.join(resolveArchiveFolder(folder), `${file}.jsonl`);
+    if (changeSet) {
+      const reader = await dbgateApi.modifyJsonLinesReader({
+        fileName: source,
+        changeSet,
+      });
+      const writer = await dbgateApi.jsonLinesWriter({ fileName: target });
+      await dbgateApi.copyStream(reader, writer);
+    } else {
+      await fs.copyFile(source, target);
+      socket.emitChanged(`archive-files-changed`, { folder });
+    }
+    return true;
+  },
+
+  saveRows_meta: true,
+  async saveRows({ folder, file, rows }) {
+    const fileStream = fs.createWriteStream(path.join(resolveArchiveFolder(folder), `${file}.jsonl`));
+    for (const row of rows) {
+      await fileStream.write(JSON.stringify(row) + '\n');
+    }
+    await fileStream.close();
+    socket.emitChanged(`archive-files-changed`, { folder });
+    return true;
+  },
+
+  async getNewArchiveFolder({ database }) {
+    const isLink = database.endsWith(database);
+    const name = isLink ? database.slice(0, -5) : database;
+    const suffix = isLink ? '.link' : '';
+    if (!(await fs.exists(path.join(archivedir(), database)))) return database;
+    let index = 2;
+    while (await fs.exists(path.join(archivedir(), `${name}${index}${suffix}`))) {
+      index += 1;
+    }
+    return `${name}${index}${suffix}`;
+  },
+};

package/src/controllers/auth.js

@@ -0,0 +1,136 @@
+const axios = require('axios');
+const jwt = require('jsonwebtoken');
+const getExpressPath = require('../utility/getExpressPath');
+const { getLogger, extractErrorLogData } = require('dbgate-tools');
+const AD = require('activedirectory2').promiseWrapper;
+const crypto = require('crypto');
+const { getTokenSecret, getTokenLifetime } = require('../auth/authCommon');
+const {
+  getAuthProviderFromReq,
+  getAuthProviders,
+  getDefaultAuthProvider,
+  getAuthProviderById,
+} = require('../auth/authProvider');
+const storage = require('./storage');
+
+const logger = getLogger('auth');
+
+function unauthorizedResponse(req, res, text) {
+  // if (req.path == getExpressPath('/config/get-settings')) {
+  //   return res.json({});
+  // }
+  // if (req.path == getExpressPath('/connections/list')) {
+  //   return res.json([]);
+  // }
+
+  return res.status(401).send(text);
+}
+
+function authMiddleware(req, res, next) {
+  const SKIP_AUTH_PATHS = [
+    '/config/get',
+    '/config/logout',
+    '/config/get-settings',
+    '/config/save-license-key',
+    '/auth/oauth-token',
+    '/auth/login',
+    '/auth/redirect',
+    '/stream',
+    '/storage/get-connections-for-login-page',
+    '/storage/set-admin-password',
+    '/auth/get-providers',
+    '/connections/dblogin-web',
+    '/connections/dblogin-app',
+    '/connections/dblogin-auth',
+    '/connections/dblogin-auth-token',
+  ];
+
+  // console.log('********************* getAuthProvider()', getAuthProvider());
+
+  // const isAdminPage = req.headers['x-is-admin-page'] == 'true';
+
+  if (process.env.BASIC_AUTH) {
+    // API is not authorized for basic auth
+    return next();
+  }
+
+  let skipAuth = !!SKIP_AUTH_PATHS.find(x => req.path == getExpressPath(x));
+
+  const authHeader = req.headers.authorization;
+  if (!authHeader) {
+    if (skipAuth) {
+      return next();
+    }
+    return unauthorizedResponse(req, res, 'missing authorization header');
+  }
+  const token = authHeader.split(' ')[1];
+  try {
+    const decoded = jwt.verify(token, getTokenSecret());
+    req.user = decoded;
+    return next();
+  } catch (err) {
+    if (skipAuth) {
+      req.isInvalidToken = true;
+      return next();
+    }
+
+    logger.error(extractErrorLogData(err), 'Sending invalid token error');
+
+    return unauthorizedResponse(req, res, 'invalid token');
+  }
+}
+
+module.exports = {
+  oauthToken_meta: true,
+  async oauthToken(params) {
+    const { amoid } = params;
+    return getAuthProviderById(amoid).oauthToken(params);
+  },
+  login_meta: true,
+  async login(params) {
+    const { amoid, login, password, isAdminPage } = params;
+
+    if (isAdminPage) {
+      let adminPassword = process.env.ADMIN_PASSWORD;
+      if (!adminPassword) {
+        const adminConfig = await storage.readConfig({ group: 'admin' });
+        adminPassword = adminConfig?.adminPassword;
+      }
+      if (adminPassword && adminPassword == password) {
+        return {
+          accessToken: jwt.sign(
+            {
+              login: 'superadmin',
+              permissions: await storage.loadSuperadminPermissions(),
+              roleId: -3,
+            },
+            getTokenSecret(),
+            {
+              expiresIn: getTokenLifetime(),
+            }
+          ),
+        };
+      }
+
+      return { error: 'Login failed' };
+    }
+
+    return getAuthProviderById(amoid).login(login, password);
+  },
+
+  getProviders_meta: true,
+  getProviders() {
+    return {
+      providers: getAuthProviders().map(x => x.toJson()),
+      default: getDefaultAuthProvider()?.amoid,
+    };
+  },
+
+  redirect_meta: true,
+  async redirect(params) {
+    const { amoid } = params;
+    return getAuthProviderById(amoid).redirect(params);
+  },
+
+  authMiddleware,
+};

package/src/controllers/config.js

@@ -0,0 +1,271 @@
+const fs = require('fs-extra');
+const os = require('os');
+const path = require('path');
+const axios = require('axios');
+const { datadir, getLogsFilePath } = require('../utility/directories');
+const { hasPermission } = require('../utility/hasPermission');
+const socket = require('../utility/socket');
+const _ = require('lodash');
+const AsyncLock = require('async-lock');
+const jwt = require('jsonwebtoken');
+
+const currentVersion = require('../currentVersion');
+const platformInfo = require('../utility/platformInfo');
+const connections = require('../controllers/connections');
+const { getAuthProviderFromReq } = require('../auth/authProvider');
+const { checkLicense, checkLicenseKey } = require('../utility/checkLicense');
+const storage = require('./storage');
+const { getAuthProxyUrl } = require('../utility/authProxy');
+const { getPublicHardwareFingerprint } = require('../utility/hardwareFingerprint');
+const { extractErrorMessage } = require('dbgate-tools');
+
+const lock = new AsyncLock();
+
+module.exports = {
+  // settingsValue: {},
+
+  // async _init() {
+  //   try {
+  //     this.settingsValue = JSON.parse(await fs.readFile(path.join(datadir(), 'settings.json'), { encoding: 'utf-8' }));
+  //   } catch (err) {
+  //     this.settingsValue = {};
+  //   }
+  // },
+
+  get_meta: true,
+  async get(_params, req) {
+    const authProvider = getAuthProviderFromReq(req);
+    const login = authProvider.getCurrentLogin(req);
+    const permissions = authProvider.getCurrentPermissions(req);
+    const isUserLoggedIn = authProvider.isUserLoggedIn(req);
+
+    const singleConid = authProvider.getSingleConnectionId(req);
+    const storageConnectionError = storage.getStorageConnectionError();
+
+    const singleConnection =
+      singleConid && !storageConnectionError
+        ? await connections.getCore({ conid: singleConid })
+        : connections.singleConnection;
+
+    let configurationError = null;
+    if (process.env.STORAGE_DATABASE && process.env.BASIC_AUTH) {
+      configurationError =
+        'Basic authentization is not allowed, when using storage. Cannot use both STORAGE_DATABASE and BASIC_AUTH';
+    }
+
+    if (storageConnectionError && !configurationError) {
+      configurationError = extractErrorMessage(storageConnectionError);
+    }
+
+    const checkedLicense = storageConnectionError ? null : await checkLicense();
+    const isLicenseValid = checkedLicense?.status == 'ok';
+    const logoutUrl = storageConnectionError ? null : await authProvider.getLogoutUrl();
+    const adminConfig = storageConnectionError ? null : await storage.readConfig({ group: 'admin' });
+
+    const isAdminPasswordMissing = !!(
+      process.env.STORAGE_DATABASE &&
+      !process.env.ADMIN_PASSWORD &&
+      !process.env.BASIC_AUTH &&
+      !adminConfig?.adminPasswordState
+    );
+
+    const configResult = {
+      runAsPortal: !!connections.portalConnections,
+      singleDbConnection: connections.singleDbConnection,
+      singleConnection: singleConnection,
+      isUserLoggedIn,
+      // hideAppEditor: !!process.env.HIDE_APP_EDITOR,
+      allowShellConnection: platformInfo.allowShellConnection,
+      allowShellScripting: platformInfo.allowShellScripting,
+      isDocker: platformInfo.isDocker,
+      isElectron: platformInfo.isElectron,
+      isLicenseValid,
+      isLicenseExpired: checkedLicense?.isExpired,
+      trialDaysLeft: checkedLicense?.isGeneratedTrial && !checkedLicense?.isExpired ? checkedLicense?.daysLeft : null,
+      checkedLicense,
+      configurationError,
+      logoutUrl,
+      permissions,
+      login,
+      // ...additionalConfigProps,
+      isBasicAuth: !!process.env.BASIC_AUTH,
+      isAdminLoginForm: !!(
+        process.env.STORAGE_DATABASE &&
+        (process.env.ADMIN_PASSWORD || adminConfig?.adminPasswordState == 'set') &&
+        !process.env.BASIC_AUTH
+      ),
+      isAdminPasswordMissing,
+      isInvalidToken: req?.isInvalidToken,
+      adminPasswordState: adminConfig?.adminPasswordState,
+      storageDatabase: process.env.STORAGE_DATABASE,
+      logsFilePath: getLogsFilePath(),
+      connectionsFilePath: path.join(datadir(), 'connections.jsonl'),
+      ...currentVersion,
+    };
+
+    return configResult;
+  },
+
+  logout_meta: {
+    method: 'get',
+    raw: true,
+  },
+  logout(req, res) {
+    res.status(401).send('Logged out<br><a href="../..">Back to DbGate</a>');
+  },
+
+  platformInfo_meta: true,
+  async platformInfo() {
+    return platformInfo;
+  },
+
+  getSettings_meta: true,
+  async getSettings() {
+    const res = await lock.acquire('settings', async () => {
+      return await this.loadSettings();
+    });
+    return res;
+  },
+
+  deleteSettings_meta: true,
+  async deleteSettings() {
+    await fs.unlink(path.join(datadir(), 'settings.json'));
+    return true;
+  },
+
+  fillMissingSettings(value) {
+    const res = {
+      ...value,
+    };
+    if (value['app.useNativeMenu'] !== true && value['app.useNativeMenu'] !== false) {
+      // res['app.useNativeMenu'] = os.platform() == 'darwin' ? true : false;
+      res['app.useNativeMenu'] = false;
+    }
+    for (const envVar in process.env) {
+      if (envVar.startsWith('SETTINGS_')) {
+        const key = envVar.substring('SETTINGS_'.length);
+        if (!res[key]) {
+          res[key] = process.env[envVar];
+        }
+      }
+    }
+    return res;
+  },
+
+  async loadSettings() {
+    try {
+      const settingsText = await fs.readFile(path.join(datadir(), 'settings.json'), { encoding: 'utf-8' });
+      return {
+        ...this.fillMissingSettings(JSON.parse(settingsText)),
+        'other.licenseKey': platformInfo.isElectron ? await this.loadLicenseKey() : undefined,
+      };
+    } catch (err) {
+      return this.fillMissingSettings({});
+    }
+  },
+
+  async loadLicenseKey() {
+    try {
+      const licenseKey = await fs.readFile(path.join(datadir(), 'license.key'), { encoding: 'utf-8' });
+      return licenseKey;
+    } catch (err) {
+      return null;
+    }
+  },
+
+  saveLicenseKey_meta: true,
+  async saveLicenseKey({ licenseKey }) {
+    const decoded = jwt.decode(licenseKey);
+    if (!decoded) {
+      return {
+        status: 'error',
+        errorMessage: 'Invalid license key',
+      };
+    }
+
+    const { exp } = decoded;
+    if (exp * 1000 < Date.now()) {
+      return {
+        status: 'error',
+        errorMessage: 'License key is expired',
+      };
+    }
+
+    try {
+      if (process.env.STORAGE_DATABASE) {
+        await storage.writeConfig({ group: 'license', config: { licenseKey } });
+        // await storageWriteConfig('license', { licenseKey });
+      } else {
+        await fs.writeFile(path.join(datadir(), 'license.key'), licenseKey);
+      }
+      socket.emitChanged(`config-changed`);
+      return { status: 'ok' };
+    } catch (err) {
+      return {
+        status: 'error',
+        errorMessage: err.message,
+      };
+    }
+  },
+
+  startTrial_meta: true,
+  async startTrial() {
+    try {
+      const fingerprint = await getPublicHardwareFingerprint();
+
+      const resp = await axios.default.post(`${getAuthProxyUrl()}/trial-license`, {
+        type: 'premium-trial',
+        days: 30,
+        fingerprint,
+      });
+      const { token } = resp.data;
+
+      return await this.saveLicenseKey({ licenseKey: token });
+    } catch (err) {
+      return {
+        status: 'error',
+        errorMessage: err.message,
+      };
+    }
+  },
+
+  updateSettings_meta: true,
+  async updateSettings(values, req) {
+    if (!hasPermission(`settings/change`, req)) return false;
+
+    const res = await lock.acquire('settings', async () => {
+      const currentValue = await this.loadSettings();
+      try {
+        const updated = {
+          ...currentValue,
+          ..._.omit(values, ['other.licenseKey']),
+        };
+        await fs.writeFile(path.join(datadir(), 'settings.json'), JSON.stringify(updated, undefined, 2));
+        // this.settingsValue = updated;
+
+        if (currentValue['other.licenseKey'] != values['other.licenseKey']) {
+          await this.saveLicenseKey({ licenseKey: values['other.licenseKey'] });
+          socket.emitChanged(`config-changed`);
+        }
+
+        socket.emitChanged(`settings-changed`);
+        return updated;
+      } catch (err) {
+        return false;
+      }
+    });
+    return res;
+  },
+
+  changelog_meta: true,
+  async changelog() {
+    const resp = await axios.default.get('https://raw.githubusercontent.com/dbgate/dbgate/master/CHANGELOG.md');
+    return resp.data;
+  },
+
+  checkLicense_meta: true,
+  async checkLicense({ licenseKey }) {
+    const resp = await checkLicenseKey(licenseKey);
+    return resp;
+  },
+};