npm - dbgate-api-premium - Versions diffs - 6.6.2 → 6.6.4 - Mend

dbgate-api-premium 6.6.2 → 6.6.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (20) hide show

package/package.json +6 -6
package/src/auth/authCommon.js +6 -0
package/src/auth/authProvider.js +6 -1
package/src/auth/storageAuthProvider.js +51 -6
package/src/controllers/apps.js +342 -220
package/src/controllers/auth.js +3 -1
package/src/controllers/databaseConnections.js +1 -1
package/src/controllers/files.js +6 -1
package/src/controllers/serverConnections.js +2 -2
package/src/controllers/sessions.js +17 -4
package/src/controllers/storage.js +128 -4
package/src/controllers/storageDb.js +331 -0
package/src/controllers/teamFiles.js +250 -0
package/src/controllers/uploads.js +66 -95
package/src/currentVersion.js +2 -2
package/src/main.js +3 -0
package/src/proc/databaseConnectionProcess.js +0 -2
package/src/storageModel.js +506 -37
package/src/utility/hasPermission.js +51 -2
package/src/gistSecret.js +0 -2

package/src/controllers/teamFiles.js ADDED Viewed

@@ -0,0 +1,250 @@
+// *** This file is part of DbGate Premium ***
+const { loadPermissionsFromRequest, hasPermission } = require('../utility/hasPermission');
+const {
+  storageGetExistingFile,
+  storageGetTeamFileRoleAccess,
+  storageGetTeamFileUserAccess,
+  storageUpdateTeamFile,
+  storageListTeamFilesForUser,
+  storageListTeamFilesForRole,
+  storageListAllTeamFiles,
+  storageCreateTeamFile,
+  storageGetExistingFileWithContent,
+  storageListAllAdminFiles,
+  storageUpdateTeamFileAdmin,
+  storageDeleteFile,
+  storageCopyFile,
+} = require('./storageDb');
+const { getBuiltinRoleIdFromRequest } = require('../auth/storageAuthProvider');
+const socket = require('../utility/socket');
+const fs = require('fs-extra');
+const { getSqlFrontMatter, safeJsonParse, setSqlFrontMatter, removeSqlFrontMatter } = require('dbgate-tools');
+const yaml = require('js-yaml');
+const jwt = require('jsonwebtoken');
+const { getStaticTokenSecret } = require('../auth/authCommon');
+const crypto = require('crypto');
+function extractFileMetadata(data, typeName) {
+  if (typeName == 'sql') {
+    const frontMatter = getSqlFrontMatter(data, yaml);
+    return frontMatter;
+  }
+  return null;
+}
+module.exports = {
+  createNew_meta: true,
+  async createNew({ fileType, file, data }, req) {
+    const loadedPermissions = await loadPermissionsFromRequest(req);
+    if (!hasPermission(`all-team-files/create`, loadedPermissions)) {
+      throw new Error('No permission to create team files');
+    }
+    const userId = req?.user?.userId;
+    const metadata = extractFileMetadata(data, fileType);
+    const resp = await storageCreateTeamFile({ fileType, file, data, ownerUserId: userId, metadata });
+    socket.emitChanged('team-files-changed');
+    return resp;
+  },
+  update_meta: true,
+  async update({ teamFileId, data, name }, req) {
+    const existingFile = await storageGetExistingFile(teamFileId);
+    if (!existingFile) return false;
+    await this.checkWriteAccess(existingFile, req);
+    const metadata = extractFileMetadata(data, existingFile.type_name);
+    const resp = await storageUpdateTeamFile({ teamFileId, data, name, metadata });
+    socket.emitChanged('team-files-changed');
+    return resp;
+  },
+  list_meta: true,
+  async list(_params, req) {
+    const loadedPermissions = await loadPermissionsFromRequest(req);
+    let res = [];
+    const readAll = hasPermission(`all-team-files/read`, loadedPermissions);
+    const writeAll = hasPermission(`all-team-files/write`, loadedPermissions);
+    const useAll = hasPermission(`all-team-files/use`, loadedPermissions);
+    if (readAll || writeAll || useAll) {
+      res = await storageListAllTeamFiles();
+      res = res?.map(item => ({ ...item, allow_read: readAll, allow_write: writeAll, allow_use: useAll }));
+    } else {
+      const userId = req?.user?.userId;
+      if (userId) {
+        res = await storageListTeamFilesForUser(userId);
+      } else {
+        res = await storageListTeamFilesForRole(getBuiltinRoleIdFromRequest(req));
+      }
+    }
+    return (
+      res?.map(item => {
+        const isOwner = item.owner_user_id && item.owner_user_id == req?.user?.userId;
+        return {
+          teamFileId: item.id,
+          file: item.file_name,
+          metadata: safeJsonParse(item.metadata),
+          folder: item.type_name,
+          allowRead: !!(item.allow_read || isOwner),
+          allowWrite: !!(item.allow_write || isOwner),
+          allowUse: !!(item.allow_use || isOwner),
+        };
+      }) || []
+    );
+  },
+  async checkAccessCore(existingFile, req, throwError, accessType, accessField) {
+    const userId = req?.user?.userId;
+    const loadedPermissions = await loadPermissionsFromRequest(req);
+    if (hasPermission(`admin/team-files`, loadedPermissions)) {
+      return true;
+    }
+    if (hasPermission(`all-team-files/${accessType}`, loadedPermissions)) {
+      return true;
+    }
+    const roleId = getBuiltinRoleIdFromRequest(req);
+    const roleAccess = await storageGetTeamFileRoleAccess(existingFile.id, roleId);
+    if (roleAccess[accessField]) {
+      return true;
+    }
+    if (existingFile.owner_user_id == userId && userId) {
+      return true;
+    }
+    if (existingFile.owner_user_id != userId && userId) {
+      const userAccess = await storageGetTeamFileUserAccess(existingFile.id, userId);
+      if (userAccess[accessField]) {
+        return true;
+      }
+    }
+    if (!throwError) return false;
+    throw new Error(`No permission to ${accessType} this team file`);
+  },
+  async checkReadAccess(existingFile, req, throwError = true) {
+    return await this.checkAccessCore(existingFile, req, throwError, 'read', 'allowRead');
+  },
+  async checkWriteAccess(existingFile, req, throwError = true) {
+    return await this.checkAccessCore(existingFile, req, throwError, 'write', 'allowWrite');
+  },
+  async checkUseAccess(existingFile, req, throwError = true) {
+    return await this.checkAccessCore(existingFile, req, throwError, 'use', 'allowUse');
+  },
+  getContent_meta: true,
+  async getContent({ teamFileId }, req) {
+    const existingFile = await storageGetExistingFileWithContent(teamFileId);
+    if (!existingFile) return false;
+    let actualContent = existingFile.file_content;
+    let allowUse = false;
+    if (existingFile.type_name == 'sql') {
+      const frontMatter = getSqlFrontMatter(existingFile.file_content, yaml);
+      allowUse = await this.checkUseAccess(existingFile, req, false);
+      // TODO
+      // const loadedPermissions = await loadPermissionsFromRequest(req);
+      //  && !hasPermission('dbops/query', loadedPermissions)
+      if (allowUse) {
+        const useToken = jwt.sign(
+          {
+            contentHash: crypto.createHash('md5').update(removeSqlFrontMatter(existingFile.file_content)).digest('hex'),
+          },
+          getStaticTokenSecret()
+          // { expiresIn: '1h' }
+        );
+        actualContent = setSqlFrontMatter(actualContent, { ...frontMatter, useToken }, yaml);
+      }
+    }
+    if (!allowUse) {
+      await this.checkReadAccess(existingFile, req);
+    }
+    return { content: actualContent, file: existingFile.file_name, metadata: existingFile.metadata };
+  },
+  copy_meta: true,
+  async copy({ teamFileId, newName }, req) {
+    const existingFile = await storageGetExistingFile(teamFileId);
+    if (!existingFile) return false;
+    await this.checkReadAccess(existingFile, req);
+    const loadedPermissions = await loadPermissionsFromRequest(req);
+    if (!hasPermission(`all-team-files/create`, loadedPermissions)) {
+      throw new Error('No permission to create team files');
+    }
+    const userId = req?.user?.userId;
+    const resp = await storageCopyFile(teamFileId, newName, userId);
+    socket.emitChanged('team-files-changed');
+    return resp;
+  },
+  exportFile_meta: true,
+  async exportFile({ teamFileId, filePath }, req) {
+    const existingFile = await storageGetExistingFileWithContent(teamFileId);
+    if (!existingFile) return false;
+    await this.checkReadAccess(existingFile, req);
+    await fs.writeFile(filePath, existingFile.file_content);
+    return true;
+  },
+  delete_meta: true,
+  async delete({ teamFileId }, req) {
+    const existingFile = await storageGetExistingFile(teamFileId);
+    if (!existingFile) return false;
+    await this.checkWriteAccess(existingFile, req);
+    const resp = await storageDeleteFile(teamFileId);
+    socket.emitChanged('team-files-changed');
+    return resp;
+  },
+  listAdminFiles_meta: true,
+  async listAdminFiles({}, req) {
+    const loadedPermissions = await loadPermissionsFromRequest(req);
+    if (!hasPermission(`admin/team-files`, loadedPermissions)) return [];
+    const res = await storageListAllAdminFiles();
+    return res.map(item => ({
+      id: item.id,
+      name: item.file_name,
+      ownerLogin: item.owner_login,
+      ownerEmail: item.owner_email,
+      typeName: item.type_name,
+    }));
+  },
+  getAdminFile_meta: true,
+  async getAdminFile({ id }, req) {
+    const loadedPermissions = await loadPermissionsFromRequest(req);
+    if (!hasPermission(`admin/team-files`, loadedPermissions)) return false;
+    const existingFile = await storageGetExistingFileWithContent(id);
+    if (!existingFile) return false;
+    return {
+      content: existingFile.file_content,
+      name: existingFile.file_name,
+      metadata: existingFile.metadata,
+      id: existingFile.id,
+      ownerName: existingFile.owner_login,
+      ownerEmail: existingFile.owner_email,
+      typeName: existingFile.type_name,
+    };
+  },
+  setAdminFile_meta: true,
+  async setAdminFile({ id, name }, req) {
+    const loadedPermissions = await loadPermissionsFromRequest(req);
+    if (!hasPermission(`admin/team-files`, loadedPermissions)) return false;
+    await storageUpdateTeamFileAdmin({ teamFileId: id, name });
+    socket.emitChanged('team-files-changed');
+    return true;
+  },
+  deleteAdminFile_meta: true,
+  async deleteAdminFile({ id }, req) {
+    const loadedPermissions = await loadPermissionsFromRequest(req);
+    if (!hasPermission(`admin/team-files`, loadedPermissions)) return false;
+    await storageDeleteFile(id);
+    socket.emitChanged('team-files-changed');
+    return true;
+  },
+};

package/src/controllers/uploads.js CHANGED Viewed

@@ -1,19 +1,8 @@
 const crypto = require('crypto');
 const path = require('path');
-const { uploadsdir, getLogsFilePath, filesdir } = require('../utility/directories');
-const { getLogger, extractErrorLogData } = require('dbgate-tools');
+const { uploadsdir } = require('../utility/directories');
+const { getLogger } = require('dbgate-tools');
 const logger = getLogger('uploads');
-const axios = require('axios');
-const os = require('os');
-const fs = require('fs/promises');
-const { read } = require('./queryHistory');
-const platformInfo = require('../utility/platformInfo');
-const _ = require('lodash');
-const serverConnections = require('./serverConnections');
-const config = require('./config');
-const gistSecret = require('../gistSecret');
-const currentVersion = require('../currentVersion');
-const socket = require('../utility/socket');
 module.exports = {
   upload_meta: {
@@ -51,88 +40,70 @@ module.exports = {
     res.sendFile(path.join(uploadsdir(), req.query.file));
   },
-  async getGistToken() {
-    const settings = await config.getSettings();
+//   uploadErrorToGist_meta: true,
+//   async uploadErrorToGist() {
+//     const logs = await fs.readFile(getLogsFilePath(), { encoding: 'utf-8' });
+//     const connections = await serverConnections.getOpenedConnectionReport();
+//     try {
+//       const response = await axios.default.post(
+//         'https://api.github.com/gists',
+//         {
+//           description: `DbGate ${currentVersion.version} error report`,
+//           public: false,
+//           files: {
+//             'logs.jsonl': {
+//               content: logs,
+//             },
+//             'os.json': {
+//               content: JSON.stringify(
+//                 {
+//                   release: os.release(),
+//                   arch: os.arch(),
+//                   machine: os.machine(),
+//                   platform: os.platform(),
+//                   type: os.type(),
+//                 },
+//                 null,
+//                 2
+//               ),
+//             },
+//             'platform.json': {
+//               content: JSON.stringify(
+//                 _.omit(
+//                   {
+//                     ...platformInfo,
+//                   },
+//                   ['defaultKeyfile', 'sshAuthSock']
+//                 ),
+//                 null,
+//                 2
+//               ),
+//             },
+//             'connections.json': {
+//               content: JSON.stringify(connections, null, 2),
+//             },
+//             'version.json': {
+//               content: JSON.stringify(currentVersion, null, 2),
+//             },
+//           },
+//         },
+//         {
+//           headers: {
+//             Authorization: `token ${await this.getGistToken()}`,
+//             'Content-Type': 'application/json',
+//             Accept: 'application/vnd.github.v3+json',
+//           },
+//         }
+//       );
-    return settings['other.gistCreateToken'] || gistSecret;
-  },
-  uploadErrorToGist_meta: true,
-  async uploadErrorToGist() {
-    const logs = await fs.readFile(getLogsFilePath(), { encoding: 'utf-8' });
-    const connections = await serverConnections.getOpenedConnectionReport();
-    try {
-      const response = await axios.default.post(
-        'https://api.github.com/gists',
-        {
-          description: `DbGate ${currentVersion.version} error report`,
-          public: false,
-          files: {
-            'logs.jsonl': {
-              content: logs,
-            },
-            'os.json': {
-              content: JSON.stringify(
-                {
-                  release: os.release(),
-                  arch: os.arch(),
-                  machine: os.machine(),
-                  platform: os.platform(),
-                  type: os.type(),
-                },
-                null,
-                2
-              ),
-            },
-            'platform.json': {
-              content: JSON.stringify(
-                _.omit(
-                  {
-                    ...platformInfo,
-                  },
-                  ['defaultKeyfile', 'sshAuthSock']
-                ),
-                null,
-                2
-              ),
-            },
-            'connections.json': {
-              content: JSON.stringify(connections, null, 2),
-            },
-            'version.json': {
-              content: JSON.stringify(currentVersion, null, 2),
-            },
-          },
-        },
-        {
-          headers: {
-            Authorization: `token ${await this.getGistToken()}`,
-            'Content-Type': 'application/json',
-            Accept: 'application/vnd.github.v3+json',
-          },
-        }
-      );
-      return response.data;
-    } catch (err) {
-      logger.error(extractErrorLogData(err), 'DBGM-00148 Error uploading gist');
-      return {
-        apiErrorMessage: err.message,
-      };
-      // console.error('Error creating gist:', error.response ? error.response.data : error.message);
-    }
-  },
+//       return response.data;
+//     } catch (err) {
+//       logger.error(extractErrorLogData(err), 'DBGM-00148 Error uploading gist');
-  deleteGist_meta: true,
-  async deleteGist({ url }) {
-    const response = await axios.default.delete(url, {
-      headers: {
-        Authorization: `token ${await this.getGistToken()}`,
-        'Content-Type': 'application/json',
-        Accept: 'application/vnd.github.v3+json',
-      },
-    });
-    return true;
-  },
+//       return {
+//         apiErrorMessage: err.message,
+//       };
+//       // console.error('Error creating gist:', error.response ? error.response.data : error.message);
+//     }
+//   },
 };

package/src/currentVersion.js CHANGED Viewed

@@ -1,5 +1,5 @@
 module.exports = {
-  version: '6.6.2',
-  buildTime: '2025-08-29T07:26:38.959Z'
+  version: '6.6.4',
+  buildTime: '2025-10-02T14:26:45.204Z'
 };

package/src/main.js CHANGED Viewed

@@ -29,6 +29,8 @@ const files = require('./controllers/files');
 const scheduler = require('./controllers/scheduler');
 const queryHistory = require('./controllers/queryHistory');
 const cloud = require('./controllers/cloud');
+const teamFiles = require('./controllers/teamFiles');
 const onFinished = require('on-finished');
 const processArgs = require('./utility/processArgs');
@@ -264,6 +266,7 @@ function useAllControllers(app, electron) {
   useController(app, electron, '/apps', apps);
   useController(app, electron, '/auth', auth);
   useController(app, electron, '/cloud', cloud);
+  useController(app, electron, '/team-files', teamFiles);
 }
 function setElectronSender(electronSender) {

package/src/proc/databaseConnectionProcess.js CHANGED Viewed

@@ -366,8 +366,6 @@ async function handleSaveTableData({ msgid, changeSet }) {
       errorMessage: extractErrorMessage(err, 'Error executing SQL script'),
     });
   }
 }
 async function handleSqlPreview({ msgid, objects, options }) {