dbgate-api-premium 6.6.1 → 6.6.2

package/src/controllers/serverConnections.js

@@ -8,7 +8,13 @@ const { handleProcessCommunication } = require('../utility/processComm');
 const lock = new AsyncLock();
 const config = require('./config');
 const processArgs = require('../utility/processArgs');
-const { testConnectionPermission } = require('../utility/hasPermission');
+const {
+  testConnectionPermission,
+  loadPermissionsFromRequest,
+  hasPermission,
+  loadDatabasePermissionsFromRequest,
+  getDatabasePermissionRole,
+} = require('../utility/hasPermission');
 const { MissingCredentialsError } = require('../utility/exceptions');
 const pipeForkLogs = require('../utility/pipeForkLogs');
 const { getLogger, extractErrorLogData } = require('dbgate-tools');
@@ -40,7 +46,7 @@ module.exports = {
     existing.status = status;
     socket.emitChanged(`server-status-changed`);
   },
-  handle_ping() {},
+  handle_ping() { },
   handle_response(conid, { msgid, ...response }) {
     const [resolve, reject] = this.requests[msgid];
     resolve(response);
@@ -135,7 +141,7 @@ module.exports = {
 
   disconnect_meta: true,
   async disconnect({ conid }, req) {
-    testConnectionPermission(conid, req);
+    await testConnectionPermission(conid, req);
     await this.close(conid, true);
     return { status: 'ok' };
   },
@@ -144,7 +150,9 @@ module.exports = {
   async listDatabases({ conid }, req) {
     if (!conid) return [];
     if (conid == '__model') return [];
-    testConnectionPermission(conid, req);
+    const loadedPermissions = await loadPermissionsFromRequest(req);
+
+    await testConnectionPermission(conid, req, loadedPermissions);
     const opened = await this.ensureOpened(conid);
     sendToAuditLog(req, {
       category: 'serverop',
@@ -157,12 +165,29 @@ module.exports = {
       sessionGroup: 'listDatabases',
       message: `Loaded databases for connection`,
     });
+
+    if (!hasPermission(`all-databases`, loadedPermissions)) {
+      // filter databases by permissions
+      const databasePermissions = await loadDatabasePermissionsFromRequest(req);
+      const res = [];
+      for (const db of opened?.databases ?? []) {
+        const databasePermissionRole = getDatabasePermissionRole(db.id, db.name, databasePermissions);
+        if (databasePermissionRole != 'deny') {
+          res.push({
+            ...db,
+            databasePermissionRole,
+          });
+        }
+      }
+      return res;
+    }
+
     return opened?.databases ?? [];
   },
 
   version_meta: true,
   async version({ conid }, req) {
-    testConnectionPermission(conid, req);
+    await testConnectionPermission(conid, req);
     const opened = await this.ensureOpened(conid);
     return opened?.version ?? null;
   },
@@ -202,7 +227,7 @@ module.exports = {
 
   refresh_meta: true,
   async refresh({ conid, keepOpen }, req) {
-    testConnectionPermission(conid, req);
+    await testConnectionPermission(conid, req);
     if (!keepOpen) this.close(conid);
 
     await this.ensureOpened(conid);
@@ -210,7 +235,7 @@ module.exports = {
   },
 
   async sendDatabaseOp({ conid, msgtype, name }, req) {
-    testConnectionPermission(conid, req);
+    await testConnectionPermission(conid, req);
     const opened = await this.ensureOpened(conid);
     if (!opened) {
       return null;
@@ -252,7 +277,7 @@ module.exports = {
   },
 
   async loadDataCore(msgtype, { conid, ...args }, req) {
-    testConnectionPermission(conid, req);
+    await testConnectionPermission(conid, req);
     const opened = await this.ensureOpened(conid);
     if (!opened) {
       return null;
@@ -270,13 +295,43 @@ module.exports = {
 
   serverSummary_meta: true,
   async serverSummary({ conid }, req) {
-    testConnectionPermission(conid, req);
+    await testConnectionPermission(conid, req);
+    logger.info({ conid }, 'DBGM-00260 Processing server summary');
     return this.loadDataCore('serverSummary', { conid });
   },
 
+  listDatabaseProcesses_meta: true,
+  async listDatabaseProcesses(ctx, req) {
+    const { conid } = ctx;
+    // logger.info({ conid }, 'DBGM-00261 Listing processes of database server');
+    testConnectionPermission(conid, req);
+
+    const opened = await this.ensureOpened(conid);
+    if (!opened) {
+      return null;
+    }
+    if (opened.connection.isReadOnly) return false;
+
+    return this.sendRequest(opened, { msgtype: 'listDatabaseProcesses' });
+  },
+
+  killDatabaseProcess_meta: true,
+  async killDatabaseProcess(ctx, req) {
+    const { conid, pid } = ctx;
+    testConnectionPermission(conid, req);
+
+    const opened = await this.ensureOpened(conid);
+    if (!opened) {
+      return null;
+    }
+    if (opened.connection.isReadOnly) return false;
+
+    return this.sendRequest(opened, { msgtype: 'killDatabaseProcess', pid });
+  },
+
   summaryCommand_meta: true,
   async summaryCommand({ conid, command, row }, req) {
-    testConnectionPermission(conid, req);
+    await testConnectionPermission(conid, req);
     const opened = await this.ensureOpened(conid);
     if (!opened) {
       return null;

package/src/controllers/sessions.js

@@ -12,6 +12,7 @@ const { getLogger, extractErrorLogData } = require('dbgate-tools');
 const pipeForkLogs = require('../utility/pipeForkLogs');
 const config = require('./config');
 const { sendToAuditLog } = require('../utility/auditlog');
+const { testStandardPermission, testDatabaseRolePermission } = require('../utility/hasPermission');
 
 const logger = getLogger('sessions');
 
@@ -94,7 +95,7 @@ module.exports = {
     socket.emit(`session-initialize-file-${jslid}`);
   },
 
-  handle_ping() {},
+  handle_ping() { },
 
   create_meta: true,
   async create({ conid, database }) {
@@ -148,10 +149,12 @@ module.exports = {
 
   executeQuery_meta: true,
   async executeQuery({ sesid, sql, autoCommit, autoDetectCharts, limitRows, frontMatter }, req) {
+    await testStandardPermission('dbops/query', req);
     const session = this.opened.find(x => x.sesid == sesid);
     if (!session) {
       throw new Error('Invalid session');
     }
+    await testDatabaseRolePermission(session.conid, session.database, 'run_script', req);
 
     sendToAuditLog(req, {
       category: 'dbop',

package/src/controllers/storage.js

@@ -2,20 +2,20 @@ const fs = require('fs-extra');
 const _ = require('lodash');
 const path = require('path');
 const { setAuthProviders, getAuthProviderById } = require('../auth/authProvider');
-const { createStorageAuthProvider } = require('../auth/storageAuthProvider');
+const { createStorageAuthProvider, SuperadminAuthProvider } = require('../auth/storageAuthProvider');
 const {
   getStorageConnection,
   getDbConnectionParams,
   storageSelectFmt,
   storageReadUserRolePermissions,
-  loadSuperadminPermissions,
   storageReadConfig,
   storageWriteConfig,
   getStorageConnectionError,
   storageSaveRelationDiff,
   selectStorageIdentity,
+  storageSaveDetailPermissionsDiff,
 } = require('./storageDb');
-const { hasPermission } = require('../utility/hasPermission');
+const { hasPermission, loadPermissionsFromRequest } = require('../utility/hasPermission');
 const { changeSetToSql, removeSchemaFromChangeSet } = require('dbgate-datalib');
 const storageModel = require('../storageModel');
 const { dumpSqlCommand, dumpSqlSelect, createLogCompoudCondition } = require('dbgate-sqltree');
@@ -64,6 +64,7 @@ module.exports = {
     if (defIndex < 0) {
       defIndex = enabledConfig.findIndex(x => x.type == 'local');
     }
+    providers.push(new SuperadminAuthProvider());
 
     setAuthProviders(providers, providers[defIndex]);
 
@@ -112,6 +113,7 @@ module.exports = {
 
   connections_meta: true,
   async connections(req) {
+    const loadedPermissions = await loadPermissionsFromRequest(req);
     if (!process.env.STORAGE_DATABASE) {
       return null;
     }
@@ -121,7 +123,7 @@ module.exports = {
 
     let resp = null;
 
-    if (hasPermission('all-connections', req)) {
+    if (hasPermission('all-connections', loadedPermissions)) {
       resp = await storageSelectFmt(`select ~connections.* from ~connections`);
     } else if (userId) {
       resp = await storageSelectFmt(
@@ -152,7 +154,7 @@ module.exports = {
       return [];
     }
     const res = [];
-    if (hasPermission('internal-storage', req)) {
+    if (hasPermission('internal-storage', loadedPermissions)) {
       res.push(await this.getConnection({ conid: '__storage' }));
     }
     if (resp) {
@@ -329,10 +331,6 @@ module.exports = {
     return storageReadUserRolePermissions(userId);
   },
 
-  async loadSuperadminPermissions() {
-    return loadSuperadminPermissions();
-  },
-
   getConnectionsForLoginPage_meta: true,
   getConnectionsForLoginPage({ amoid }) {
     return getAuthProviderById(amoid).getLoginPageConnections();
@@ -487,6 +485,10 @@ module.exports = {
         : (await storageSelectFmt('select ~connection_id from ~user_connections where ~user_id = %v', id)).map(
             x => x.connection_id
           );
+    const databasePermissions =
+      id == 'new' ? [] : await storageSelectFmt('select * from ~user_databases where ~user_id = %v', id);
+    const tablePermissions =
+      id == 'new' ? [] : await storageSelectFmt('select * from ~user_tables where ~user_id = %v', id);
 
     return {
       ...resp[0],
@@ -496,6 +498,8 @@ module.exports = {
       usedRoles,
       allConnections,
       usedConnections,
+      databasePermissions,
+      tablePermissions,
       encryptPassword: !!(resp[0]?.password?.startsWith('crypt:') || id == 'new'),
     };
   },
@@ -504,7 +508,8 @@ module.exports = {
   async saveUserDetail(user) {
     const [conn, driver] = await getStorageConnection();
 
-    const { login, password, email, usedRoles, usedConnections, permissions } = encryptUser(user);
+    const { login, password, email, usedRoles, usedConnections, permissions, databasePermissions, tablePermissions } =
+      encryptUser(user);
     let id = user.id;
 
     if (id == null) {
@@ -533,6 +538,32 @@ module.exports = {
     await storageSaveRelationDiff('user_roles', 'user_id', 'role_id', id, usedRoles);
     await storageSaveRelationDiff('user_connections', 'user_id', 'connection_id', id, usedConnections);
 
+    await storageSaveDetailPermissionsDiff(
+      'user_databases',
+      'user_id',
+      id,
+      ['connection_id', 'database_names_list', 'database_names_regex', 'database_permission_role_id'],
+      databasePermissions
+    );
+
+    await storageSaveDetailPermissionsDiff(
+      'user_tables',
+      'user_id',
+      id,
+      [
+        'connection_id',
+        'database_names_list',
+        'database_names_regex',
+        'schema_names_list',
+        'schema_names_regex',
+        'table_names_list',
+        'table_names_regex',
+        'table_permission_role_id',
+        'table_permission_scope_id',
+      ],
+      tablePermissions
+    );
+
     return true;
   },
 
@@ -677,6 +708,11 @@ module.exports = {
         : (await storageSelectFmt('select ~connection_id from ~role_connections where ~role_id = %v', id)).map(
             x => x.connection_id
           );
+    const databasePermissions =
+      id == 'new' ? [] : await storageSelectFmt('select * from ~role_databases where ~role_id = %v', id);
+    const tablePermissions =
+      id == 'new' ? [] : await storageSelectFmt('select * from ~role_tables where ~role_id = %v', id);
+
 
     return {
       ...resp[0],
@@ -686,6 +722,8 @@ module.exports = {
       usedUsers,
       allConnections,
       usedConnections,
+      databasePermissions,
+      tablePermissions,
     };
   },
 
@@ -705,7 +743,7 @@ module.exports = {
   async saveRoleDetail(role) {
     const [conn, driver] = await getStorageConnection();
 
-    const { name, usedConnections, usedUsers, permissions } = encryptUser(role);
+    const { name, usedConnections, usedUsers, permissions, databasePermissions, tablePermissions } = role;
     let id = role.id;
 
     if (id == null) {
@@ -721,6 +759,32 @@ module.exports = {
     await storageSaveRelationDiff('user_roles', 'role_id', 'user_id', id, usedUsers);
     await storageSaveRelationDiff('role_connections', 'role_id', 'connection_id', id, usedConnections);
 
+    await storageSaveDetailPermissionsDiff(
+      'role_databases',
+      'role_id',
+      id,
+      ['connection_id', 'database_names_list', 'database_names_regex', 'database_permission_role_id'],
+      databasePermissions
+    );
+
+    await storageSaveDetailPermissionsDiff(
+      'role_tables',
+      'role_id',
+      id,
+      [
+        'connection_id',
+        'database_names_list',
+        'database_names_regex',
+        'schema_names_list',
+        'schema_names_regex',
+        'table_names_list',
+        'table_names_regex',
+        'table_permission_role_id',
+        'table_permission_scope_id',
+      ],
+      tablePermissions
+    );
+
     return true;
   },
 

package/src/controllers/storageDb.js

@@ -104,7 +104,9 @@ async function getStorageConnectionCore() {
     try {
       newConnection = await storageDriver.connect(dbConnectionParams);
       const version = await storageDriver.getVersion(newConnection);
-      logger.info(`DBGM-00023 Connected to storage database ${dbConnectionParams.engine}, version ${version?.versionText}`);
+      logger.info(
+        `DBGM-00023 Connected to storage database ${dbConnectionParams.engine}, version ${version?.versionText}`
+      );
       storageConnectionError = null;
     } catch (err) {
       storageConnectionError = err;
@@ -217,6 +219,34 @@ async function storageReadRolePermissions(roleId) {
   return resp.map(x => x.permission);
 }
 
+async function readComplexUserRolePermissions(userId, userPermissionsTable, rolePermissionsTable) {
+  const rolePermissionsResp = await storageSelectFmt(
+    'select * from %i where %i.~role_id in (select ~role_id from ~user_roles where ~user_roles.~user_id = %v)',
+    rolePermissionsTable,
+    rolePermissionsTable,
+    userId
+  );
+
+  const userPermissionsResp = await storageSelectFmt(
+    'select * from %i where %i.~user_id = %v',
+    userPermissionsTable,
+    userPermissionsTable,
+    userId
+  );
+
+  return [...rolePermissionsResp, ...userPermissionsResp];
+}
+
+async function readComplexRolePermissions(roleId, rolePermissionsTable) {
+  const rolePermissionsResp = await storageSelectFmt(
+    'select * from %i where %i.~role_id = %v',
+    rolePermissionsTable,
+    rolePermissionsTable,
+    roleId
+  );
+  return rolePermissionsResp;
+}
+
 async function loadSuperadminPermissions() {
   const rolePermissions = await storageReadRolePermissions(-3);
   return [...getPredefinedPermissions('superadmin'), ...rolePermissions];
@@ -284,6 +314,57 @@ async function storageSaveRelationDiff(table, idColumn, valueColumn, idValue, ne
   }
 }
 
+function sanitizePermissionCollectionRow(collectionRow, valueColumns) {
+  const res = {};
+  let hasValue = false;
+  for (const col of valueColumns) {
+    if (col.endsWith('_list') || col.endsWith('_regex')) {
+      res[col] = collectionRow[col]?.trim() ? collectionRow[col]?.trim() : null;
+    } else if (col.endsWith('_id')) {
+      res[col] = collectionRow[col] ? parseInt(collectionRow[col]) : null;
+    } else {
+      res[col] = collectionRow[col] || null;
+    }
+    if (res[col]) {
+      hasValue = true;
+    }
+  }
+  if (!hasValue) {
+    return null;
+  }
+  return res;
+}
+
+async function storageSaveDetailPermissionsDiff(table, idColumn, idValue, valueColumns, valuesCollection) {
+  const [conn, driver] = await getStorageConnection();
+  if (!conn) {
+    return null;
+  }
+
+  if (valuesCollection) {
+    // Delete existing database permissions for this user
+    await runQueryFmt(driver, conn, 'delete from %i where %i = %v', table, idColumn, idValue);
+
+    // Insert new database permissions
+    for (const collectionRow of valuesCollection) {
+      const sanitizedRow = sanitizePermissionCollectionRow(collectionRow, valueColumns);
+      if (!sanitizedRow) {
+        continue;
+      }
+      await runQueryFmt(
+        driver,
+        conn,
+        'insert into %i (%i, %,i) values (%v, %,v)',
+        table,
+        idColumn,
+        valueColumns,
+        idValue,
+        valueColumns.map(col => sanitizedRow[col])
+      );
+    }
+  }
+}
+
 function getStorageConnectionError() {
   return storageConnectionError;
 }
@@ -301,6 +382,33 @@ async function selectStorageIdentity(tableName) {
   return Object.entries(resp.rows[0])[0][1];
 }
 
+async function storageCheckRoleConnectionAccess(roleId, conid) {
+  const resp = await storageSelectFmt(
+    'select 1 from ~role_connections inner join ~connections on ~role_connections.~connection_id = ~connections.~id where ~role_connections.~role_id = %v and ~connections.~conid = %v',
+    roleId,
+    conid
+  );
+  return resp.length > 0;
+}
+
+async function storageCheckUserRoleConnectionAccess(userId, conid) {
+  const respByUser = await storageSelectFmt(
+    'select 1 from ~user_connections inner join ~connections on ~user_connections.~connection_id = ~connections.~id where ~user_connections.~user_id = %v and ~connections.~conid = %v',
+    userId,
+    conid
+  );
+  const respByRole = await storageSelectFmt(
+    'select 1 from ~role_connections inner join ~user_roles on ~role_connections.~role_id = ~user_roles.~role_id inner join ~connections on ~role_connections.~connection_id = ~connections.~id where ~user_roles.~user_id = %v and ~connections.~conid = %v',
+    userId,
+    conid
+  );
+  const respByLogged = await storageSelectFmt(
+    'select 1 from ~role_connections inner join ~connections on ~role_connections.~connection_id = ~connections.~id where ~role_connections.~role_id = -2 and ~connections.~conid = %v',
+    conid
+  );
+  return respByUser.length > 0 || respByRole.length > 0 || respByLogged.length > 0;
+}
+
 module.exports = {
   getStorageConnection,
   storageSelectFmt,
@@ -315,4 +423,9 @@ module.exports = {
   storageSqlCommandFmt,
   storageSaveRelationDiff,
   selectStorageIdentity,
+  storageSaveDetailPermissionsDiff,
+  readComplexUserRolePermissions,
+  readComplexRolePermissions,
+  storageCheckRoleConnectionAccess,
+  storageCheckUserRoleConnectionAccess,
 };

package/src/currentVersion.js

@@ -1,5 +1,5 @@
 
 module.exports = { 
-  version: '6.6.1',
-  buildTime: '2025-08-14T15:32:48.560Z'
+  version: '6.6.2',
+  buildTime: '2025-08-29T07:26:38.959Z'
 };

package/src/index.js

@@ -5,6 +5,7 @@ const moment = require('moment');
 const path = require('path');
 const { logsdir, setLogsFilePath, getLogsFilePath } = require('./utility/directories');
 const currentVersion = require('./currentVersion');
+const _ = require('lodash');
 
 const logger = getLogger('apiIndex');
 
@@ -68,7 +69,7 @@ function configureLogger() {
             }
             const additionals = {};
             const finalMsg =
-              msg.msg && msg.msg.match(/^DBGM-\d\d\d\d\d/)
+              _.isString(msg.msg) && msg.msg.match(/^DBGM-\d\d\d\d\d/)
                 ? {
                     ...msg,
                     msg: msg.msg.substring(10).trimStart(),

package/src/proc/databaseConnectionProcess.js

@@ -17,13 +17,14 @@ const requireEngineDriver = require('../utility/requireEngineDriver');
 const { connectUtility } = require('../utility/connectUtility');
 const { handleProcessCommunication } = require('../utility/processComm');
 const generateDeploySql = require('../shell/generateDeploySql');
-const { dumpSqlSelect } = require('dbgate-sqltree');
+const { dumpSqlSelect, scriptToSql } = require('dbgate-sqltree');
 const { allowExecuteCustomScript, handleQueryStream } = require('../utility/handleQueryStream');
 const dbgateApi = require('../shell');
 const requirePlugin = require('../shell/requirePlugin');
 const path = require('path');
 const { rundir } = require('../utility/directories');
 const fs = require('fs-extra');
+const { changeSetToSql } = require('dbgate-datalib');
 
 const logger = getLogger('dbconnProcess');
 
@@ -348,6 +349,27 @@ async function handleUpdateCollection({ msgid, changeSet }) {
   }
 }
 
+async function handleSaveTableData({ msgid, changeSet }) {
+  await waitStructure();
+  try {
+    const driver = requireEngineDriver(storedConnection);
+    const script = driver.createSaveChangeSetScript(changeSet, analysedStructure, () =>
+      changeSetToSql(changeSet, analysedStructure, driver.dialect)
+    );
+    const sql = scriptToSql(driver, script);
+    await driver.script(dbhan, sql, { useTransaction: true });
+    process.send({ msgtype: 'response', msgid });
+  } catch (err) {
+    process.send({
+      msgtype: 'response',
+      msgid,
+      errorMessage: extractErrorMessage(err, 'Error executing SQL script'),
+    });
+  }
+
+
+}
+
 async function handleSqlPreview({ msgid, objects, options }) {
   await waitStructure();
   const driver = requireEngineDriver(storedConnection);
@@ -464,6 +486,7 @@ const messageHandlers = {
   runScript: handleRunScript,
   runOperation: handleRunOperation,
   updateCollection: handleUpdateCollection,
+  saveTableData: handleSaveTableData,
   collectionData: handleCollectionData,
   loadKeys: handleLoadKeys,
   scanKeys: handleScanKeys,

package/src/proc/serverConnectionProcess.js

@@ -146,6 +146,30 @@ async function handleServerSummary({ msgid }) {
   return handleDriverDataCore(msgid, driver => driver.serverSummary(dbhan));
 }
 
+async function handleKillDatabaseProcess({ msgid, pid }) {
+  await waitConnected();
+  const driver = requireEngineDriver(storedConnection);
+
+  try {
+    const result = await driver.killProcess(dbhan, Number(pid));
+    process.send({ msgtype: 'response', msgid, result });
+  } catch (err) {
+    process.send({ msgtype: 'response', msgid, errorMessage: err.message });
+  }
+}
+
+async function handleListDatabaseProcesses({ msgid }) {
+  await waitConnected();
+  const driver = requireEngineDriver(storedConnection);
+
+  try {
+    const result = await driver.listProcesses(dbhan);
+    process.send({ msgtype: 'response', msgid, result });
+  } catch (err) {
+    process.send({ msgtype: 'response', msgid, errorMessage: err.message });
+  }
+}
+
 async function handleSummaryCommand({ msgid, command, row }) {
   return handleDriverDataCore(msgid, driver => driver.summaryCommand(dbhan, command, row));
 }
@@ -154,6 +178,8 @@ const messageHandlers = {
   connect: handleConnect,
   ping: handlePing,
   serverSummary: handleServerSummary,
+  killDatabaseProcess: handleKillDatabaseProcess,
+  listDatabaseProcesses: handleListDatabaseProcesses,
   summaryCommand: handleSummaryCommand,
   createDatabase: props => handleDatabaseOp('createDatabase', props),
   dropDatabase: props => handleDatabaseOp('dropDatabase', props),