dbgate-api-premium 6.6.0 → 6.6.2

package/src/controllers/storage.js

@@ -2,23 +2,23 @@ const fs = require('fs-extra');
 const _ = require('lodash');
 const path = require('path');
 const { setAuthProviders, getAuthProviderById } = require('../auth/authProvider');
-const { createStorageAuthProvider } = require('../auth/storageAuthProvider');
+const { createStorageAuthProvider, SuperadminAuthProvider } = require('../auth/storageAuthProvider');
 const {
   getStorageConnection,
   getDbConnectionParams,
   storageSelectFmt,
   storageReadUserRolePermissions,
-  loadSuperadminPermissions,
   storageReadConfig,
   storageWriteConfig,
   getStorageConnectionError,
   storageSaveRelationDiff,
   selectStorageIdentity,
+  storageSaveDetailPermissionsDiff,
 } = require('./storageDb');
-const { hasPermission } = require('../utility/hasPermission');
+const { hasPermission, loadPermissionsFromRequest } = require('../utility/hasPermission');
 const { changeSetToSql, removeSchemaFromChangeSet } = require('dbgate-datalib');
 const storageModel = require('../storageModel');
-const { dumpSqlCommand, dumpSqlSelect } = require('dbgate-sqltree');
+const { dumpSqlCommand, dumpSqlSelect, createLogCompoudCondition } = require('dbgate-sqltree');
 const {
   runCommandOnDriver,
   getLogger,
@@ -64,6 +64,7 @@ module.exports = {
     if (defIndex < 0) {
       defIndex = enabledConfig.findIndex(x => x.type == 'local');
     }
+    providers.push(new SuperadminAuthProvider());
 
     setAuthProviders(providers, providers[defIndex]);
 
@@ -94,14 +95,14 @@ module.exports = {
       return;
     }
     if (resp.status == 'error') {
-      logger.error(`Error refreshing license: ${resp.message}`);
+      logger.error(`DBGM-00146 Error refreshing license: ${resp.message}`);
       return;
     }
     if (resp.status != 'ok') {
       return;
     }
     const { token } = resp;
-    logger.info('License succesfully refreshed');
+    logger.info('DBGM-00022 License succesfully refreshed');
     if (process.env.STORAGE_DATABASE) {
       await this.writeConfig({ group: 'license', config: { licenseKey: token } });
     } else {
@@ -112,6 +113,7 @@ module.exports = {
 
   connections_meta: true,
   async connections(req) {
+    const loadedPermissions = await loadPermissionsFromRequest(req);
     if (!process.env.STORAGE_DATABASE) {
       return null;
     }
@@ -121,7 +123,7 @@ module.exports = {
 
     let resp = null;
 
-    if (hasPermission('all-connections', req)) {
+    if (hasPermission('all-connections', loadedPermissions)) {
       resp = await storageSelectFmt(`select ~connections.* from ~connections`);
     } else if (userId) {
       resp = await storageSelectFmt(
@@ -142,9 +144,8 @@ module.exports = {
       );
     } else {
       resp = await storageSelectFmt(
-        `select distinct ~connections.* from ~connections
-        inner join ~role_connections on ~connections.~id = ~role_connections.~connection_id
-        where ~role_connections.~role_id = %v`,
+        `select ~connections.* from ~connections
+        where exists (select * from ~role_connections where ~role_connections.~connection_id = ~connections.~id and ~role_connections.~role_id = %v)`,
         roleId ?? -1
       );
     }
@@ -153,7 +154,7 @@ module.exports = {
       return [];
     }
     const res = [];
-    if (hasPermission('internal-storage', req)) {
+    if (hasPermission('internal-storage', loadedPermissions)) {
       res.push(await this.getConnection({ conid: '__storage' }));
     }
     if (resp) {
@@ -330,10 +331,6 @@ module.exports = {
     return storageReadUserRolePermissions(userId);
   },
 
-  async loadSuperadminPermissions() {
-    return loadSuperadminPermissions();
-  },
-
   getConnectionsForLoginPage_meta: true,
   getConnectionsForLoginPage({ amoid }) {
     return getAuthProviderById(amoid).getLoginPageConnections();
@@ -488,6 +485,10 @@ module.exports = {
         : (await storageSelectFmt('select ~connection_id from ~user_connections where ~user_id = %v', id)).map(
             x => x.connection_id
           );
+    const databasePermissions =
+      id == 'new' ? [] : await storageSelectFmt('select * from ~user_databases where ~user_id = %v', id);
+    const tablePermissions =
+      id == 'new' ? [] : await storageSelectFmt('select * from ~user_tables where ~user_id = %v', id);
 
     return {
       ...resp[0],
@@ -497,6 +498,8 @@ module.exports = {
       usedRoles,
       allConnections,
       usedConnections,
+      databasePermissions,
+      tablePermissions,
       encryptPassword: !!(resp[0]?.password?.startsWith('crypt:') || id == 'new'),
     };
   },
@@ -505,7 +508,8 @@ module.exports = {
   async saveUserDetail(user) {
     const [conn, driver] = await getStorageConnection();
 
-    const { login, password, email, usedRoles, usedConnections, permissions } = encryptUser(user);
+    const { login, password, email, usedRoles, usedConnections, permissions, databasePermissions, tablePermissions } =
+      encryptUser(user);
     let id = user.id;
 
     if (id == null) {
@@ -534,6 +538,32 @@ module.exports = {
     await storageSaveRelationDiff('user_roles', 'user_id', 'role_id', id, usedRoles);
     await storageSaveRelationDiff('user_connections', 'user_id', 'connection_id', id, usedConnections);
 
+    await storageSaveDetailPermissionsDiff(
+      'user_databases',
+      'user_id',
+      id,
+      ['connection_id', 'database_names_list', 'database_names_regex', 'database_permission_role_id'],
+      databasePermissions
+    );
+
+    await storageSaveDetailPermissionsDiff(
+      'user_tables',
+      'user_id',
+      id,
+      [
+        'connection_id',
+        'database_names_list',
+        'database_names_regex',
+        'schema_names_list',
+        'schema_names_regex',
+        'table_names_list',
+        'table_names_regex',
+        'table_permission_role_id',
+        'table_permission_scope_id',
+      ],
+      tablePermissions
+    );
+
     return true;
   },
 
@@ -678,6 +708,11 @@ module.exports = {
         : (await storageSelectFmt('select ~connection_id from ~role_connections where ~role_id = %v', id)).map(
             x => x.connection_id
           );
+    const databasePermissions =
+      id == 'new' ? [] : await storageSelectFmt('select * from ~role_databases where ~role_id = %v', id);
+    const tablePermissions =
+      id == 'new' ? [] : await storageSelectFmt('select * from ~role_tables where ~role_id = %v', id);
+
 
     return {
       ...resp[0],
@@ -687,6 +722,8 @@ module.exports = {
       usedUsers,
       allConnections,
       usedConnections,
+      databasePermissions,
+      tablePermissions,
     };
   },
 
@@ -706,7 +743,7 @@ module.exports = {
   async saveRoleDetail(role) {
     const [conn, driver] = await getStorageConnection();
 
-    const { name, usedConnections, usedUsers, permissions } = encryptUser(role);
+    const { name, usedConnections, usedUsers, permissions, databasePermissions, tablePermissions } = role;
     let id = role.id;
 
     if (id == null) {
@@ -722,42 +759,38 @@ module.exports = {
     await storageSaveRelationDiff('user_roles', 'role_id', 'user_id', id, usedUsers);
     await storageSaveRelationDiff('role_connections', 'role_id', 'connection_id', id, usedConnections);
 
+    await storageSaveDetailPermissionsDiff(
+      'role_databases',
+      'role_id',
+      id,
+      ['connection_id', 'database_names_list', 'database_names_regex', 'database_permission_role_id'],
+      databasePermissions
+    );
+
+    await storageSaveDetailPermissionsDiff(
+      'role_tables',
+      'role_id',
+      id,
+      [
+        'connection_id',
+        'database_names_list',
+        'database_names_regex',
+        'schema_names_list',
+        'schema_names_regex',
+        'table_names_list',
+        'table_names_regex',
+        'table_permission_role_id',
+        'table_permission_scope_id',
+      ],
+      tablePermissions
+    );
+
     return true;
   },
 
   getAuditLog_meta: true,
   async getAuditLog({ offset = 0, limit = 100, dateFrom = 0, dateTo = new Date().getTime(), filters = {} }) {
     const [conn, driver] = await getStorageConnection();
-    const conditions = [
-      {
-        conditionType: 'binary',
-        operator: '>=',
-        left: { exprType: 'column', columnName: 'created' },
-        right: { exprType: 'value', value: dateFrom },
-      },
-      {
-        conditionType: 'binary',
-        operator: '<=',
-        left: { exprType: 'column', columnName: 'created' },
-        right: { exprType: 'value', value: dateTo },
-      },
-    ];
-    for (const [key, values] of Object.entries(filters)) {
-      if (values.length == 1 && values[0] == null) {
-        // @ts-ignore
-        conditions.push({
-          conditionType: 'isNull',
-          expr: { exprType: 'column', columnName: key },
-        });
-        continue;
-      }
-      // @ts-ignore
-      conditions.push({
-        conditionType: 'in',
-        expr: { exprType: 'column', columnName: key },
-        values,
-      });
-    }
     const COLUMNS = [
       'id',
       'created',
@@ -780,10 +813,7 @@ module.exports = {
         exprType: 'column',
         columnName,
       })),
-      where: {
-        conditionType: 'and',
-        conditions,
-      },
+      where: createLogCompoudCondition(filters, 'created', dateFrom, dateTo),
       range: {
         limit: limit,
         offset: offset,

package/src/controllers/storageDb.js

@@ -1,4 +1,3 @@
-const requireEngineDriver = require('../utility/requireEngineDriver');
 const storageModel = require('../storageModel');
 const dbgateApi = require('../shell');
 const {
@@ -86,6 +85,8 @@ let storageDriver = null;
 let storageConnectionError = null;
 
 async function getStorageConnectionCore() {
+  const requireEngineDriver = require('../utility/requireEngineDriver');
+
   if (storageConnection) {
     return [storageConnection, storageDriver];
   }
@@ -103,7 +104,9 @@ async function getStorageConnectionCore() {
     try {
       newConnection = await storageDriver.connect(dbConnectionParams);
       const version = await storageDriver.getVersion(newConnection);
-      logger.info(`Connected to storage database ${dbConnectionParams.engine}, version ${version?.versionText}`);
+      logger.info(
+        `DBGM-00023 Connected to storage database ${dbConnectionParams.engine}, version ${version?.versionText}`
+      );
       storageConnectionError = null;
     } catch (err) {
       storageConnectionError = err;
@@ -113,7 +116,7 @@ async function getStorageConnectionCore() {
         } catch (err) {}
         newConnection = null;
       }
-      logger.error(extractErrorLogData(err), 'Error connecting to storage database, retrying in 5 seconds');
+      logger.error(extractErrorLogData(err), 'DBGM-00024 Error connecting to storage database, retrying in 5 seconds');
       // sleep 5 seconds
       await new Promise(resolve => setTimeout(resolve, 5000));
     }
@@ -149,7 +152,7 @@ function getStorageConnection() {
       gettingStorageConnectionPromise = null;
     })
     .catch(err => {
-      logger.error(extractErrorLogData(err), 'Error connecting to storage database');
+      logger.error(extractErrorLogData(err), 'DBGM-00147 Error connecting to storage database');
       gettingStorageConnectionPromise = null;
     });
 
@@ -216,6 +219,34 @@ async function storageReadRolePermissions(roleId) {
   return resp.map(x => x.permission);
 }
 
+async function readComplexUserRolePermissions(userId, userPermissionsTable, rolePermissionsTable) {
+  const rolePermissionsResp = await storageSelectFmt(
+    'select * from %i where %i.~role_id in (select ~role_id from ~user_roles where ~user_roles.~user_id = %v)',
+    rolePermissionsTable,
+    rolePermissionsTable,
+    userId
+  );
+
+  const userPermissionsResp = await storageSelectFmt(
+    'select * from %i where %i.~user_id = %v',
+    userPermissionsTable,
+    userPermissionsTable,
+    userId
+  );
+
+  return [...rolePermissionsResp, ...userPermissionsResp];
+}
+
+async function readComplexRolePermissions(roleId, rolePermissionsTable) {
+  const rolePermissionsResp = await storageSelectFmt(
+    'select * from %i where %i.~role_id = %v',
+    rolePermissionsTable,
+    rolePermissionsTable,
+    roleId
+  );
+  return rolePermissionsResp;
+}
+
 async function loadSuperadminPermissions() {
   const rolePermissions = await storageReadRolePermissions(-3);
   return [...getPredefinedPermissions('superadmin'), ...rolePermissions];
@@ -283,6 +314,57 @@ async function storageSaveRelationDiff(table, idColumn, valueColumn, idValue, ne
   }
 }
 
+function sanitizePermissionCollectionRow(collectionRow, valueColumns) {
+  const res = {};
+  let hasValue = false;
+  for (const col of valueColumns) {
+    if (col.endsWith('_list') || col.endsWith('_regex')) {
+      res[col] = collectionRow[col]?.trim() ? collectionRow[col]?.trim() : null;
+    } else if (col.endsWith('_id')) {
+      res[col] = collectionRow[col] ? parseInt(collectionRow[col]) : null;
+    } else {
+      res[col] = collectionRow[col] || null;
+    }
+    if (res[col]) {
+      hasValue = true;
+    }
+  }
+  if (!hasValue) {
+    return null;
+  }
+  return res;
+}
+
+async function storageSaveDetailPermissionsDiff(table, idColumn, idValue, valueColumns, valuesCollection) {
+  const [conn, driver] = await getStorageConnection();
+  if (!conn) {
+    return null;
+  }
+
+  if (valuesCollection) {
+    // Delete existing database permissions for this user
+    await runQueryFmt(driver, conn, 'delete from %i where %i = %v', table, idColumn, idValue);
+
+    // Insert new database permissions
+    for (const collectionRow of valuesCollection) {
+      const sanitizedRow = sanitizePermissionCollectionRow(collectionRow, valueColumns);
+      if (!sanitizedRow) {
+        continue;
+      }
+      await runQueryFmt(
+        driver,
+        conn,
+        'insert into %i (%i, %,i) values (%v, %,v)',
+        table,
+        idColumn,
+        valueColumns,
+        idValue,
+        valueColumns.map(col => sanitizedRow[col])
+      );
+    }
+  }
+}
+
 function getStorageConnectionError() {
   return storageConnectionError;
 }
@@ -300,6 +382,33 @@ async function selectStorageIdentity(tableName) {
   return Object.entries(resp.rows[0])[0][1];
 }
 
+async function storageCheckRoleConnectionAccess(roleId, conid) {
+  const resp = await storageSelectFmt(
+    'select 1 from ~role_connections inner join ~connections on ~role_connections.~connection_id = ~connections.~id where ~role_connections.~role_id = %v and ~connections.~conid = %v',
+    roleId,
+    conid
+  );
+  return resp.length > 0;
+}
+
+async function storageCheckUserRoleConnectionAccess(userId, conid) {
+  const respByUser = await storageSelectFmt(
+    'select 1 from ~user_connections inner join ~connections on ~user_connections.~connection_id = ~connections.~id where ~user_connections.~user_id = %v and ~connections.~conid = %v',
+    userId,
+    conid
+  );
+  const respByRole = await storageSelectFmt(
+    'select 1 from ~role_connections inner join ~user_roles on ~role_connections.~role_id = ~user_roles.~role_id inner join ~connections on ~role_connections.~connection_id = ~connections.~id where ~user_roles.~user_id = %v and ~connections.~conid = %v',
+    userId,
+    conid
+  );
+  const respByLogged = await storageSelectFmt(
+    'select 1 from ~role_connections inner join ~connections on ~role_connections.~connection_id = ~connections.~id where ~role_connections.~role_id = -2 and ~connections.~conid = %v',
+    conid
+  );
+  return respByUser.length > 0 || respByRole.length > 0 || respByLogged.length > 0;
+}
+
 module.exports = {
   getStorageConnection,
   storageSelectFmt,
@@ -314,4 +423,9 @@ module.exports = {
   storageSqlCommandFmt,
   storageSaveRelationDiff,
   selectStorageIdentity,
+  storageSaveDetailPermissionsDiff,
+  readComplexUserRolePermissions,
+  readComplexRolePermissions,
+  storageCheckRoleConnectionAccess,
+  storageCheckUserRoleConnectionAccess,
 };

package/src/controllers/uploads.js

@@ -28,7 +28,7 @@ module.exports = {
     }
     const uploadName = crypto.randomUUID();
     const filePath = path.join(uploadsdir(), uploadName);
-    logger.info(`Uploading file ${data.name}, size=${data.size}`);
+    logger.info(`DBGM-00025 Uploading file ${data.name}, size=${data.size}`);
 
     data.mv(filePath, () => {
       res.json({
@@ -115,7 +115,7 @@ module.exports = {
 
       return response.data;
     } catch (err) {
-      logger.error(extractErrorLogData(err), 'Error uploading gist');
+      logger.error(extractErrorLogData(err), 'DBGM-00148 Error uploading gist');
 
       return {
         apiErrorMessage: err.message,

package/src/currentVersion.js

@@ -1,5 +1,5 @@
 
 module.exports = { 
-  version: '6.6.0',
-  buildTime: '2025-07-25T07:23:41.045Z'
+  version: '6.6.2',
+  buildTime: '2025-08-29T07:26:38.959Z'
 };

package/src/index.js

@@ -5,11 +5,12 @@ const moment = require('moment');
 const path = require('path');
 const { logsdir, setLogsFilePath, getLogsFilePath } = require('./utility/directories');
 const currentVersion = require('./currentVersion');
+const _ = require('lodash');
 
 const logger = getLogger('apiIndex');
 
 process.on('uncaughtException', err => {
-  logger.fatal(extractErrorLogData(err), 'Uncaught exception, exiting process');
+  logger.fatal(extractErrorLogData(err), 'DBGM-00259 Uncaught exception, exiting process');
   process.exit(1);
 });
 
@@ -33,6 +34,9 @@ if (processArgs.processDisplayName) {
 // }
 
 function configureLogger() {
+  const { initializeRecentLogProvider, pushToRecentLogs } = require('./utility/appLogStore');
+  initializeRecentLogProvider();
+
   const logsFilePath = path.join(logsdir(), `${moment().format('YYYY-MM-DD-HH-mm')}-${process.pid}.ndjson`);
   setLogsFilePath(logsFilePath);
   setLoggerName('main');
@@ -40,6 +44,8 @@ function configureLogger() {
   const consoleLogLevel = process.env.CONSOLE_LOG_LEVEL || process.env.LOG_LEVEL || 'info';
   const fileLogLevel = process.env.FILE_LOG_LEVEL || process.env.LOG_LEVEL || 'debug';
 
+  const streamsByDatePart = {};
+
   const logConfig = {
     base: { pid: process.pid },
     targets: [
@@ -49,10 +55,35 @@ function configureLogger() {
         level: consoleLogLevel,
       },
       {
-        type: 'stream',
+        type: 'objstream',
         // @ts-ignore
         level: fileLogLevel,
-        stream: fs.createWriteStream(logsFilePath, { flags: 'a' }),
+        objstream: {
+          send(msg) {
+            const datePart = moment(msg.time).format('YYYY-MM-DD');
+            if (!streamsByDatePart[datePart]) {
+              streamsByDatePart[datePart] = fs.createWriteStream(
+                path.join(logsdir(), `${moment().format('YYYY-MM-DD-HH-mm')}-${process.pid}.ndjson`),
+                { flags: 'a' }
+              );
+            }
+            const additionals = {};
+            const finalMsg =
+              _.isString(msg.msg) && msg.msg.match(/^DBGM-\d\d\d\d\d/)
+                ? {
+                    ...msg,
+                    msg: msg.msg.substring(10).trimStart(),
+                    msgcode: msg.msg.substring(0, 10),
+                    ...additionals,
+                  }
+                : {
+                    ...msg,
+                    ...additionals,
+                  };
+            streamsByDatePart[datePart].write(`${JSON.stringify(finalMsg)}\n`);
+            pushToRecentLogs(finalMsg);
+          },
+        },
       },
     ],
   };
@@ -101,10 +132,10 @@ function configureLogger() {
 
 if (processArgs.listenApi) {
   configureLogger();
-  logger.info(`Starting API process version ${currentVersion.version}`);
+  logger.info(`DBGM-00026 Starting API process version ${currentVersion.version}`);
 
   if (process.env.DEBUG_PRINT_ENV_VARIABLES) {
-    logger.info('Debug print environment variables:');
+    logger.info('DBGM-00027 Debug print environment variables:');
     for (const key of Object.keys(process.env)) {
       logger.info(`  ${key}: ${JSON.stringify(process.env[key])}`);
     }