dbgate-api-premium 6.3.0 → 6.3.3

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "dbgate-api-premium",
   "main": "src/index.js",
-  "version": "6.3.0",
+  "version": "6.3.3",
   "homepage": "https://dbgate.org/",
   "repository": {
     "type": "git",
@@ -29,10 +29,10 @@
     "compare-versions": "^3.6.0",
     "cors": "^2.8.5",
     "cross-env": "^6.0.3",
-    "dbgate-datalib": "^6.3.0",
+    "dbgate-datalib": "^6.3.3",
     "dbgate-query-splitter": "^4.11.3",
-    "dbgate-sqltree": "^6.3.0",
-    "dbgate-tools": "^6.3.0",
+    "dbgate-sqltree": "^6.3.3",
+    "dbgate-tools": "^6.3.3",
     "debug": "^4.3.4",
     "diff": "^5.0.0",
     "diff2html": "^3.4.13",
@@ -83,7 +83,7 @@
   "devDependencies": {
     "@types/fs-extra": "^9.0.11",
     "@types/lodash": "^4.14.149",
-    "dbgate-types": "^6.3.0",
+    "dbgate-types": "^6.3.3",
     "env-cmd": "^10.1.0",
     "jsdoc-to-markdown": "^9.0.5",
     "node-loader": "^1.0.2",

package/src/auth/storageAuthProvider.js

@@ -20,6 +20,7 @@ const logger = getLogger('storageAuthProvider');
 const axios = require('axios');
 const _ = require('lodash');
 const { authProxyGetTokenFromCode, authProxyGetRedirectUrl } = require('../utility/authProxy');
+const { decryptUser } = require('../utility/crypting');
 
 async function loadPermissionsForUserId(userId) {
   const rolePermissions = sortPermissionsFromTheSameLevel(await storageReadUserRolePermissions(userId));
@@ -77,7 +78,7 @@ class LocalAuthProvider extends StorageProviderBase {
     if (rows.length == 0) {
       return { error: 'Login not allowed' };
     }
-    const row = rows[0];
+    const row = decryptUser(rows[0]);
     if (row.password == password) {
       const userId = row.id;
       const permissions = await loadPermissionsForUserId(userId);

package/src/controllers/auth.js

@@ -12,6 +12,7 @@ const {
   getAuthProviderById,
 } = require('../auth/authProvider');
 const storage = require('./storage');
+const { decryptPasswordString } = require('../utility/crypting');
 
 const logger = getLogger('auth');
 
@@ -44,6 +45,7 @@ function authMiddleware(req, res, next) {
     '/connections/dblogin-auth',
     '/connections/dblogin-auth-token',
     '/health',
+    '/__health',
   ];
 
   // console.log('********************* getAuthProvider()', getAuthProvider());
@@ -95,7 +97,7 @@ module.exports = {
       let adminPassword = process.env.ADMIN_PASSWORD;
       if (!adminPassword) {
         const adminConfig = await storage.readConfig({ group: 'admin' });
-        adminPassword = adminConfig?.adminPassword;
+        adminPassword = decryptPasswordString(adminConfig?.adminPassword);
       }
       if (adminPassword && adminPassword == password) {
         return {

package/src/controllers/connections.js

@@ -102,12 +102,21 @@ function getPortalCollections() {
       trustServerCertificate: process.env[`SSL_TRUST_CERTIFICATE_${id}`],
     }));
 
+    for(const conn of connections) {
+      for(const prop in process.env) {
+        if (prop.startsWith(`CONNECTION_${conn._id}_`)) {
+          const name = prop.substring(`CONNECTION_${conn._id}_`.length);
+          conn[name] = process.env[prop];
+        }
+      }
+    }
+
     logger.info({ connections: connections.map(pickSafeConnectionInfo) }, 'Using connections from ENV variables');
     const noengine = connections.filter(x => !x.engine);
     if (noengine.length > 0) {
       logger.warn(
         { connections: noengine.map(x => x._id) },
-        'Invalid CONNECTIONS configutation, missing ENGINE for connection ID'
+        'Invalid CONNECTIONS configuration, missing ENGINE for connection ID'
       );
     }
     return connections;

package/src/controllers/databaseConnections.js

@@ -37,6 +37,8 @@ const loadModelTransform = require('../utility/loadModelTransform');
 const exportDbModelSql = require('../utility/exportDbModelSql');
 const axios = require('axios');
 const { callTextToSqlApi, callCompleteOnCursorApi, callRefactorSqlQueryApi } = require('../utility/authProxy');
+const { decryptConnection } = require('../utility/crypting');
+const { getSshTunnel } = require('../utility/sshTunnel');
 
 const logger = getLogger('databaseConnections');
 
@@ -140,6 +142,11 @@ module.exports = {
       if (newOpened.disconnected) return;
       this.close(conid, database, false);
     });
+    subprocess.on('error', err => {
+      logger.error(extractErrorLogData(err), 'Error in database connection subprocess');
+      if (newOpened.disconnected) return;
+      this.close(conid, database, false);
+    });
 
     subprocess.send({
       msgtype: 'connect',
@@ -619,9 +626,26 @@ module.exports = {
     command,
     { conid, database, outputFile, inputFile, options, selectedTables, skippedTables, argsFormat }
   ) {
-    const connection = await connections.getCore({ conid });
+    const sourceConnection = await connections.getCore({ conid });
+    const connection = {
+      ...decryptConnection(sourceConnection),
+    };
     const driver = requireEngineDriver(connection);
 
+    if (!connection.port && driver.defaultPort) {
+      connection.port = driver.defaultPort.toString();
+    }
+
+    if (connection.useSshTunnel) {
+      const tunnel = await getSshTunnel(connection);
+      if (tunnel.state == 'error') {
+        throw new Error(tunnel.message);
+      }
+
+      connection.server = tunnel.localHost;
+      connection.port = tunnel.localPort;
+    }
+
     const settingsValue = await config.getSettings();
 
     const externalTools = {};

package/src/controllers/files.js

@@ -195,8 +195,8 @@ module.exports = {
   },
 
   exportDiagram_meta: true,
-  async exportDiagram({ filePath, html, css, themeType, themeClassName }) {
-    await fs.writeFile(filePath, getDiagramExport(html, css, themeType, themeClassName));
+  async exportDiagram({ filePath, html, css, themeType, themeClassName, watermark }) {
+    await fs.writeFile(filePath, getDiagramExport(html, css, themeType, themeClassName, watermark));
     return true;
   },
 

package/src/controllers/serverConnections.js

@@ -98,6 +98,11 @@ module.exports = {
         if (newOpened.disconnected) return;
         this.close(conid, false);
       });
+      subprocess.on('error', err => {
+        logger.error(extractErrorLogData(err), 'Error in server connection subprocess');
+        if (newOpened.disconnected) return;
+        this.close(conid, false);
+      });
       subprocess.send({ msgtype: 'connect', ...connection, globalSettings: await config.getSettings() });
       return newOpened;
     });

package/src/controllers/storage.js

@@ -12,15 +12,30 @@ const {
   storageReadConfig,
   storageWriteConfig,
   getStorageConnectionError,
+  storageSaveRelationDiff,
+  selectStorageIdentity,
 } = require('./storageDb');
 const { hasPermission } = require('../utility/hasPermission');
 const { changeSetToSql, removeSchemaFromChangeSet } = require('dbgate-datalib');
 const storageModel = require('../storageModel');
 const { dumpSqlCommand } = require('dbgate-sqltree');
-const { runCommandOnDriver, getLogger, runQueryFmt } = require('dbgate-tools');
+const {
+  runCommandOnDriver,
+  getLogger,
+  runQueryFmt,
+  getPredefinedPermissions,
+  runQueryOnDriver,
+} = require('dbgate-tools');
 const socket = require('../utility/socket');
 const { obtainRefreshedLicense } = require('../utility/authProxy');
 const { datadir } = require('../utility/directories');
+const {
+  loadEncryptionKeyFromExternal,
+  encryptUser,
+  encryptConnection,
+  encryptPasswordString,
+} = require('../utility/crypting');
+const crypto = require('crypto');
 
 const logger = getLogger('storage');
 
@@ -31,7 +46,6 @@ function mapConnection(connnection) {
   };
 }
 
-
 let refreshLicenseStarted = false;
 
 module.exports = {
@@ -48,6 +62,22 @@ module.exports = {
     }
 
     setAuthProviders(providers, providers[defIndex]);
+
+    const keyResult = await storageSelectFmt(
+      "select ~value from ~config where ~group = 'admin' and ~key = 'encryptionKey'"
+    );
+    const [conn, driver] = await getStorageConnection();
+
+    await loadEncryptionKeyFromExternal(keyResult[0]?.value, async key => {
+      await runQueryFmt(
+        driver,
+        conn,
+        'insert into ~config (~group, ~key, ~value) values (%v, %v, %v)',
+        'admin',
+        'encryptionKey',
+        key
+      );
+    });
   },
 
   async startRefreshLicense() {
@@ -135,7 +165,7 @@ module.exports = {
         displayName: 'Internal storage',
         defaultDatabase: process.env.STORAGE_DATABASE,
         singleDatabase: true,
-        ...await getDbConnectionParams(),
+        ...(await getDbConnectionParams()),
       };
     }
 
@@ -183,8 +213,8 @@ module.exports = {
       return null;
     }
 
-    await runQueryFmt(driver, conn, 'delete from auth_methods_config');
-    await runQueryFmt(driver, conn, 'delete from auth_methods where id > 0');
+    await runQueryFmt(driver, conn, 'delete from ~auth_methods_config');
+    await runQueryFmt(driver, conn, 'delete from ~auth_methods where ~id > 0');
 
     let id = 1;
     for (const method of authMethods) {
@@ -192,7 +222,7 @@ module.exports = {
         await runQueryFmt(
           driver,
           conn,
-          'update auth_methods set name=%v, is_disabled=%v, is_default = %v, is_collapsed = %v where id = %v',
+          'update ~auth_methods set ~name=%v, ~is_disabled=%v, ~is_default = %v, ~is_collapsed = %v where ~id = %v',
           method.name,
           method.isDisabled,
           method.isDefault,
@@ -228,7 +258,7 @@ module.exports = {
         await runQueryFmt(
           driver,
           conn,
-          'insert into auth_methods_config (%i, %i, %i) values (%v, %v, %v)',
+          'insert into ~auth_methods_config (%i, %i, %i) values (%v, %v, %v)',
           'auth_method_id',
           'key',
           'value',
@@ -400,7 +430,7 @@ module.exports = {
       driver,
       conn,
       "insert into ~config (~group, ~key, ~value) values ('admin', 'adminPassword', %v)",
-      newPassword
+      encryptPasswordString(newPassword)
     );
 
     return { status: 'ok' };
@@ -409,4 +439,257 @@ module.exports = {
   getStorageConnectionError() {
     return getStorageConnectionError();
   },
+
+  getUserList_meta: true,
+  async getUserList() {
+    const resp = await storageSelectFmt(`select ~users.~id,~users.~login,~users.~password,~users.~email from ~users`);
+    const usedRoles = await storageSelectFmt(`select ~roles.~name, ~user_roles.~user_id from 
+        ~user_roles inner join ~roles ON ~user_roles.~role_id = ~roles.~id`);
+    const usedPermissions = await storageSelectFmt(`select * from ~user_permissions`);
+    return resp.map(x => ({
+      ...x,
+      password: x.password?.startsWith('crypt:') ? 'crypted' : x.password ? 'plain' : 'no',
+      usedRoles: usedRoles.filter(y => y.user_id == x.id).map(y => y.name),
+      usedPermissions: usedPermissions.filter(y => y.user_id == x.id).map(y => y.permission),
+    }));
+  },
+
+  getUserDetail_meta: true,
+  async getUserDetail({ id }) {
+    const resp =
+      id == 'new'
+        ? {}
+        : await storageSelectFmt(
+            `select ~users.~id,~users.~login,~users.password, ~users.~email from ~users where ~users.~id = %v`,
+            id
+          );
+
+    const rolePermissions = id == 'new' ? [] : await storageReadUserRolePermissions(id);
+    const basePermissions = [...getPredefinedPermissions('logged-user'), ...rolePermissions];
+    const permissions =
+      id == 'new'
+        ? []
+        : (await storageSelectFmt('select * from ~user_permissions where ~user_id = %v', id)).map(x => x.permission);
+    const allRoles = await storageSelectFmt('select * from ~roles');
+    const usedRoles =
+      id == 'new'
+        ? []
+        : (
+            await storageSelectFmt(`select ~user_roles.~role_id from ~user_roles where ~user_roles.~user_id = %v`, id)
+          ).map(x => x.role_id);
+    const allConnections = await storageSelectFmt('select * from ~connections');
+    const usedConnections =
+      id == 'new'
+        ? []
+        : (await storageSelectFmt('select ~connection_id from ~user_connections where ~user_id = %v', id)).map(
+            x => x.connection_id
+          );
+
+    return {
+      ...resp[0],
+      basePermissions,
+      permissions,
+      allRoles,
+      usedRoles,
+      allConnections,
+      usedConnections,
+      encryptPassword: !!(resp[0]?.password?.startsWith('crypt:') || id == 'new'),
+    };
+  },
+
+  saveUserDetail_meta: true,
+  async saveUserDetail(user) {
+    const [conn, driver] = await getStorageConnection();
+
+    const { login, password, email, usedRoles, usedConnections, permissions } = encryptUser(user);
+    let id = user.id;
+
+    if (id == null) {
+      await runQueryFmt(
+        driver,
+        conn,
+        'insert into ~users (~login, ~password, ~email) values (%v, %v, %v)',
+        login,
+        password,
+        email
+      );
+      id = await selectStorageIdentity('users');
+    } else {
+      await runQueryFmt(
+        driver,
+        conn,
+        'update ~users set ~login=%v, ~password=%v, ~email=%v where ~id = %v',
+        login,
+        password,
+        email,
+        id
+      );
+    }
+
+    await storageSaveRelationDiff('user_permissions', 'user_id', 'permission', id, permissions);
+    await storageSaveRelationDiff('user_roles', 'user_id', 'role_id', id, usedRoles);
+    await storageSaveRelationDiff('user_connections', 'user_id', 'connection_id', id, usedConnections);
+
+    return true;
+  },
+
+  deleteUser_meta: true,
+  async deleteUser({ id }) {
+    const [conn, driver] = await getStorageConnection();
+
+    await runQueryFmt(driver, conn, 'delete from ~users where ~id = %v', id);
+
+    return true;
+  },
+
+  getConnectionList_meta: true,
+  async getConnectionList() {
+    const resp = await storageSelectFmt(
+      `select ~connections.~id,~connections.~engine,~connections.~displayName,~connections.~server,~connections.~user from ~connections`
+    );
+    return resp;
+  },
+
+  getConnectionDetail_meta: true,
+  async getConnectionDetail({ id }) {
+    if (id == 'new') {
+      return {
+        conid: crypto.randomUUID(),
+      };
+    }
+
+    const resp = await storageSelectFmt(`select * from ~connections where ~id = %v`, id);
+    return resp[0];
+  },
+
+  saveConnectionDetail_meta: true,
+  async saveConnectionDetail(savedConnection) {
+    const [conn, driver] = await getStorageConnection();
+
+    const connection = encryptConnection(savedConnection);
+
+    const tableConnections = storageModel.tables.find(x => x.pureName == 'connections');
+    const id = connection.id;
+
+    const usedColumns = _.difference(
+      _.intersection(
+        tableConnections.columns.map(x => x.columnName),
+        Object.keys(connection)
+      ),
+      ['id']
+    );
+
+    if (id) {
+      await runQueryOnDriver(conn, driver, dmp => {
+        dmp.put(`update ~connections set`);
+        dmp.putCollection(',', usedColumns, col => {
+          dmp.put(`%i = %v`, col, connection[col]);
+        });
+        dmp.put(` where ~id = %v`, id);
+      });
+    } else {
+      await runQueryFmt(
+        driver,
+        conn,
+        `insert into ~connections (%,i) values (%,v)`,
+        usedColumns,
+        usedColumns.map(x => connection[x])
+      );
+    }
+
+    return true;
+  },
+
+  deleteConnection_meta: true,
+  async deleteConnection({ id }) {
+    const [conn, driver] = await getStorageConnection();
+    if (!conn) {
+      return null;
+    }
+
+    await runQueryFmt(driver, conn, 'delete from ~connections where ~id = %v', id);
+
+    return true;
+  },
+
+  getRoleList_meta: true,
+  async getRoleList() {
+    const resp = await storageSelectFmt(`select ~roles.~id,~roles.~name from ~roles`);
+    const usedPermissions = await storageSelectFmt(`select * from ~role_permissions`);
+    return resp.map(x => ({
+      ...x,
+      usedPermissions: usedPermissions.filter(y => y.role_id == x.id).map(y => y.permission),
+    }));
+  },
+
+  getRoleDetail_meta: true,
+  async getRoleDetail({ id }) {
+    const resp =
+      id == 'new' ? {} : await storageSelectFmt(`select ~roles.~id,~roles.~name from ~roles where ~roles.~id = %v`, id);
+
+    const basePermissions = getPredefinedPermissions(resp?.name ?? 'logged-user');
+    const permissions =
+      id == 'new'
+        ? []
+        : (await storageSelectFmt('select * from ~role_permissions where ~role_id = %v', id)).map(x => x.permission);
+    const allUsers = await storageSelectFmt('select * from ~users');
+    const usedUsers =
+      id == 'new'
+        ? []
+        : (
+            await storageSelectFmt(`select ~user_roles.~user_id from ~user_roles where ~user_roles.~role_id = %v`, id)
+          ).map(x => x.user_id);
+    const allConnections = await storageSelectFmt('select * from ~connections');
+    const usedConnections =
+      id == 'new'
+        ? []
+        : (await storageSelectFmt('select ~connection_id from ~role_connections where ~role_id = %v', id)).map(
+            x => x.connection_id
+          );
+
+    return {
+      ...resp[0],
+      basePermissions,
+      permissions,
+      allUsers,
+      usedUsers,
+      allConnections,
+      usedConnections,
+    };
+  },
+
+  deleteRole_meta: true,
+  async deleteRole({ id }) {
+    const [conn, driver] = await getStorageConnection();
+    if (!conn) {
+      return null;
+    }
+
+    await runQueryFmt(driver, conn, 'delete from ~roles where ~id = %v', id);
+
+    return true;
+  },
+
+  saveRoleDetail_meta: true,
+  async saveRoleDetail(role) {
+    const [conn, driver] = await getStorageConnection();
+
+    const { name, usedConnections, usedUsers, permissions } = encryptUser(role);
+    let id = role.id;
+
+    if (id == null) {
+      await runQueryFmt(driver, conn, 'insert into ~roles (~name) values (%v)', name);
+      id = await selectStorageIdentity('roles');
+    } else {
+      if (id > 0) {
+        await runQueryFmt(driver, conn, 'update ~roles set ~name=%v where ~id = %v', name, id);
+      }
+    }
+
+    await storageSaveRelationDiff('role_permissions', 'role_id', 'permission', id, permissions);
+    await storageSaveRelationDiff('user_roles', 'role_id', 'user_id', id, usedUsers);
+    await storageSaveRelationDiff('role_connections', 'role_id', 'connection_id', id, usedConnections);
+
+    return true;
+  },
 };

package/src/controllers/storageDb.js

@@ -1,7 +1,13 @@
 const requireEngineDriver = require('../utility/requireEngineDriver');
 const storageModel = require('../storageModel');
 const dbgateApi = require('../shell');
-const { getPredefinedPermissions, getLogger, extractErrorLogData } = require('dbgate-tools');
+const {
+  getPredefinedPermissions,
+  getLogger,
+  extractErrorLogData,
+  runQueryFmt,
+  runQueryOnDriver,
+} = require('dbgate-tools');
 const _ = require('lodash');
 const logger = getLogger('storageDb');
 const { extractConnectionSslParams } = require('../utility/connectUtility');
@@ -238,10 +244,60 @@ async function storageWriteConfig(group, config) {
   }
 }
 
+async function storageSaveRelationDiff(table, idColumn, valueColumn, idValue, newValueSet) {
+  const [conn, driver] = await getStorageConnection();
+  if (!conn) {
+    return null;
+  }
+
+  const oldValueSet = await storageSelectFmt(`select %i from %i where %i = %v`, valueColumn, table, idColumn, idValue);
+
+  const oldValues = oldValueSet.map(x => x[valueColumn]);
+
+  for (const added of _.difference(newValueSet, oldValues)) {
+    await runQueryFmt(
+      driver,
+      conn,
+      'insert into %i (%i, %i) values (%v, %v)',
+      table,
+      idColumn,
+      valueColumn,
+      idValue,
+      added
+    );
+  }
+
+  for (const removed of _.difference(oldValues, newValueSet)) {
+    await runQueryFmt(
+      driver,
+      conn,
+      'delete from %i where %i = %v and %i = %v',
+      table,
+      idColumn,
+      idValue,
+      valueColumn,
+      removed
+    );
+  }
+}
+
 function getStorageConnectionError() {
   return storageConnectionError;
 }
 
+async function selectStorageIdentity(tableName) {
+  const [conn, driver] = await getStorageConnection();
+
+  const resp = await runQueryOnDriver(conn, driver, dmp =>
+    dmp.selectScopeIdentity(
+      // @ts-ignore
+      { pureName: tableName }
+    )
+  );
+
+  return Object.entries(resp.rows[0])[0][1];
+}
+
 module.exports = {
   getStorageConnection,
   storageSelectFmt,
@@ -254,4 +310,6 @@ module.exports = {
   storageWriteConfig,
   getStorageConnectionError,
   storageSqlCommandFmt,
+  storageSaveRelationDiff,
+  selectStorageIdentity,
 };

package/src/currentVersion.js

@@ -1,5 +1,5 @@
 
 module.exports = { 
-  version: '6.3.0',
-  buildTime: '2025-03-18T11:15:02.094Z'
+  version: '6.3.3',
+  buildTime: '2025-04-09T10:29:52.002Z'
 };

package/src/main.js

@@ -38,7 +38,7 @@ const { getLogger } = require('dbgate-tools');
 const { getDefaultAuthProvider } = require('./auth/authProvider');
 const startCloudUpgradeTimer = require('./utility/cloudUpgrade');
 const { isProApp } = require('./utility/checkLicense');
-const getHealthStatus = require('./utility/healthStatus');
+const { getHealthStatus, getHealthStatusSprinx } = require('./utility/healthStatus');
 
 const logger = getLogger('main');
 
@@ -124,6 +124,12 @@ function start() {
     res.end(JSON.stringify(health, null, 2));
   });
 
+  app.get(getExpressPath('/__health'), async function (req, res) {
+    res.setHeader('Content-Type', 'application/json');
+    const health = await getHealthStatusSprinx();
+    res.end(JSON.stringify(health, null, 2));
+  });
+
   app.use(bodyParser.json({ limit: '50mb' }));
 
   app.use(

package/src/proc/connectProcess.js

@@ -38,6 +38,8 @@ function start() {
         detail: formatErrorDetail(e, connection),
       });
     }
+
+    process.exit(0);
   });
 }
 

package/src/utility/DatastoreProxy.js

@@ -60,6 +60,10 @@ class DatastoreProxy {
         // if (this.disconnected) return;
         this.subprocess = null;
       });
+      this.subprocess.on('error', err => {
+        logger.error(extractErrorLogData(err), 'Error in data store subprocess');
+        this.subprocess = null;
+      });
       this.subprocess.send({ msgtype: 'open', file: this.file });
     }
     return this.subprocess;

package/src/utility/connectUtility.js

@@ -96,7 +96,9 @@ async function connectUtility(driver, storedConnection, connectionMode, addition
     ...decryptConnection(connectionLoaded),
   };
 
-  if (!connection.port && driver.defaultPort) connection.port = driver.defaultPort.toString();
+  if (!connection.port && driver.defaultPort) {
+    connection.port = driver.defaultPort.toString();
+  }
 
   if (connection.useSshTunnel) {
     const tunnel = await getSshTunnelProxy(connection);

package/src/utility/crypting.js

@@ -5,12 +5,16 @@ const path = require('path');
 const _ = require('lodash');
 
 const { datadir } = require('./directories');
+const { encryptionKeyArg } = require('./processArgs');
 
 const defaultEncryptionKey = 'mQAUaXhavRGJDxDTXSCg7Ej0xMmGCrx6OKA07DIMBiDcYYkvkaXjTAzPUEHEHEf9';
 
 let _encryptionKey = null;
 
 function loadEncryptionKey() {
+  if (encryptionKeyArg) {
+    return encryptionKeyArg;
+  }
   if (_encryptionKey) {
     return _encryptionKey;
   }
@@ -33,6 +37,26 @@ function loadEncryptionKey() {
   return _encryptionKey;
 }
 
+async function loadEncryptionKeyFromExternal(storedValue, setStoredValue) {
+  const encryptor = simpleEncryptor.createEncryptor(defaultEncryptionKey);
+
+  if (!storedValue) {
+    const generatedKey = crypto.randomBytes(32);
+    const newKey = generatedKey.toString('hex');
+    const result = {
+      encryptionKey: newKey,
+    };
+    await setStoredValue(encryptor.encrypt(result));
+
+    setEncryptionKey(newKey);
+
+    return;
+  }
+
+  const data = encryptor.decrypt(storedValue);
+  setEncryptionKey(data['encryptionKey']);
+}
+
 let _encryptor = null;
 
 function getEncryptor() {
@@ -43,35 +67,46 @@ function getEncryptor() {
   return _encryptor;
 }
 
-function encryptPasswordField(connection, field) {
-  if (
-    connection &&
-    connection[field] &&
-    !connection[field].startsWith('crypt:') &&
-    connection.passwordMode != 'saveRaw'
-  ) {
+function encryptPasswordString(password) {
+  if (password && !password.startsWith('crypt:')) {
+    return 'crypt:' + getEncryptor().encrypt(password);
+  }
+  return password;
+}
+
+function decryptPasswordString(password) {
+  if (password && password.startsWith('crypt:')) {
+    return getEncryptor().decrypt(password.substring('crypt:'.length));
+  }
+  return password;
+}
+
+function encryptObjectPasswordField(obj, field) {
+  if (obj && obj[field] && !obj[field].startsWith('crypt:')) {
     return {
-      ...connection,
-      [field]: 'crypt:' + getEncryptor().encrypt(connection[field]),
+      ...obj,
+      [field]: 'crypt:' + getEncryptor().encrypt(obj[field]),
     };
   }
-  return connection;
+  return obj;
 }
 
-function decryptPasswordField(connection, field) {
-  if (connection && connection[field] && connection[field].startsWith('crypt:')) {
+function decryptObjectPasswordField(obj, field) {
+  if (obj && obj[field] && obj[field].startsWith('crypt:')) {
     return {
-      ...connection,
-      [field]: getEncryptor().decrypt(connection[field].substring('crypt:'.length)),
+      ...obj,
+      [field]: getEncryptor().decrypt(obj[field].substring('crypt:'.length)),
     };
   }
-  return connection;
+  return obj;
 }
 
 function encryptConnection(connection) {
-  connection = encryptPasswordField(connection, 'password');
-  connection = encryptPasswordField(connection, 'sshPassword');
-  connection = encryptPasswordField(connection, 'sshKeyfilePassword');
+  if (connection.passwordMode != 'saveRaw') {
+    connection = encryptObjectPasswordField(connection, 'password');
+    connection = encryptObjectPasswordField(connection, 'sshPassword');
+    connection = encryptObjectPasswordField(connection, 'sshKeyfilePassword');
+  }
   return connection;
 }
 
@@ -81,12 +116,24 @@ function maskConnection(connection) {
 }
 
 function decryptConnection(connection) {
-  connection = decryptPasswordField(connection, 'password');
-  connection = decryptPasswordField(connection, 'sshPassword');
-  connection = decryptPasswordField(connection, 'sshKeyfilePassword');
+  connection = decryptObjectPasswordField(connection, 'password');
+  connection = decryptObjectPasswordField(connection, 'sshPassword');
+  connection = decryptObjectPasswordField(connection, 'sshKeyfilePassword');
   return connection;
 }
 
+function encryptUser(user) {
+  if (user.encryptPassword) {
+    user = encryptObjectPasswordField(user, 'password');
+  }
+  return user;
+}
+
+function decryptUser(user) {
+  user = decryptObjectPasswordField(user, 'password');
+  return user;
+}
+
 function pickSafeConnectionInfo(connection) {
   if (process.env.LOG_CONNECTION_SENSITIVE_VALUES) {
     return connection;
@@ -99,10 +146,27 @@ function pickSafeConnectionInfo(connection) {
   });
 }
 
+function setEncryptionKey(encryptionKey) {
+  _encryptionKey = encryptionKey;
+  _encryptor = null;
+  global.ENCRYPTION_KEY = encryptionKey;
+}
+
+function getEncryptionKey() {
+  return _encryptionKey;
+}
+
 module.exports = {
   loadEncryptionKey,
   encryptConnection,
+  encryptUser,
+  decryptUser,
   decryptConnection,
   maskConnection,
   pickSafeConnectionInfo,
+  loadEncryptionKeyFromExternal,
+  getEncryptionKey,
+  setEncryptionKey,
+  encryptPasswordString,
+  decryptPasswordString,
 };

package/src/utility/getDiagramExport.js

@@ -1,4 +1,11 @@
-const getDiagramExport = (html, css, themeType, themeClassName) => {
+const getDiagramExport = (html, css, themeType, themeClassName, watermark) => {
+  const watermarkHtml = watermark
+    ? `
+        <div style="position: fixed; bottom: 0; right: 0; padding: 5px; font-size: 12px; color: var(--theme-font-2); background-color: var(--theme-bg-2); border-top-left-radius: 5px; border: 1px solid var(--theme-border);">
+        ${watermark}
+      </div>
+  `
+    : '';
   return `<html>
   <meta charset='utf-8'>
   
@@ -13,10 +20,44 @@ const getDiagramExport = (html, css, themeType, themeClassName) => {
       </style>
 
       <link rel="stylesheet" href='https://cdn.jsdelivr.net/npm/@mdi/font@6.5.95/css/materialdesignicons.css' />
+
+      <script>
+  let lastX = null;
+  let lastY = null;
+
+  const handleMoveDown = e => {
+    lastX = e.clientX;
+    lastY = e.clientY;
+    document.addEventListener('mousemove', handleMoveMove, true);
+    document.addEventListener('mouseup', handleMoveEnd, true);
+  };
+
+  const handleMoveMove = e => {
+    e.preventDefault();
+
+    document.body.scrollLeft -= e.clientX - lastX;
+    document.body.scrollTop -= e.clientY - lastY;
+
+    lastX = e.clientX;
+    lastY = e.clientY;
+  };
+  const handleMoveEnd = e => {
+    e.preventDefault();
+    e.stopPropagation();
+
+    lastX = null;
+    lastY = null;
+    document.removeEventListener('mousemove', handleMoveMove, true);
+    document.removeEventListener('mouseup', handleMoveEnd, true);
+  };
+
+  document.addEventListener('mousedown', handleMoveDown);
+      </script>
   </head>
   
-  <body class='${themeType == 'dark' ? 'theme-type-dark' : 'theme-type-light'} ${themeClassName}'>
+  <body class='${themeType == 'dark' ? 'theme-type-dark' : 'theme-type-light'} ${themeClassName}' style='user-select:none; cursor:pointer'>
       ${html}
+      ${watermarkHtml}
   </body>
   
   </html>`;

package/src/utility/getMapExport.js

@@ -22,6 +22,8 @@ const getMapExport = (geoJson) => {
       })
       .addTo(map);
       
+	  leaflet.control.scale().addTo(map);
+	  
       const geoJsonObj = leaflet
       .geoJSON(${JSON.stringify(geoJson)}, {
         style: function () {

package/src/utility/healthStatus.js

@@ -24,4 +24,15 @@ async function getHealthStatus() {
   };
 }
 
-module.exports = getHealthStatus;
+async function getHealthStatusSprinx() {
+  return {
+    overallStatus: 'OK',
+    timeStamp: new Date().toISOString(),
+    timeStampUnix: Math.floor(Date.now() / 1000),
+  };
+}
+
+module.exports = {
+  getHealthStatus,
+  getHealthStatusSprinx,
+};

package/src/utility/processArgs.js

@@ -17,6 +17,7 @@ const processDisplayName = getNamedArg('--process-display-name');
 const listenApi = process.argv.includes('--listen-api');
 const listenApiChild = process.argv.includes('--listen-api-child') || listenApi;
 const runE2eTests = process.argv.includes('--run-e2e-tests');
+const encryptionKeyArg = getNamedArg('--encryption-key');
 
 function getPassArgs() {
   const res = [];
@@ -31,6 +32,9 @@ function getPassArgs() {
   if (runE2eTests) {
     res.push('--run-e2e-tests');
   }
+  if (global['ENCRYPTION_KEY']) {
+    res.push('--encryption-key', global['ENCRYPTION_KEY']);
+  }
   return res;
 }
 
@@ -45,4 +49,5 @@ module.exports = {
   listenApiChild,
   processDisplayName,
   runE2eTests,
+  encryptionKeyArg,
 };

package/src/utility/sshTunnel.js

@@ -57,10 +57,21 @@ function callForwardProcess(connection, tunnelConfig, tunnelCacheKey) {
       }
     });
     subprocess.on('exit', code => {
-      logger.info('SSH forward process exited');
+      logger.info(`SSH forward process exited with code ${code}`);
       delete sshTunnelCache[tunnelCacheKey];
       if (!promiseHandled) {
-        reject(new Error('SSH forward process exited, try to change "Local host address for SSH connections" in Settings/Connections'));
+        reject(
+          new Error(
+            'SSH forward process exited, try to change "Local host address for SSH connections" in Settings/Connections'
+          )
+        );
+      }
+    });
+    subprocess.on('error', error => {
+      logger.error(extractErrorLogData(error), 'SSH forward process error');
+      delete sshTunnelCache[tunnelCacheKey];
+      if (!promiseHandled) {
+        reject(error);
       }
     });
   });