dbgate-api-premium 6.6.3 → 6.6.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +6 -6
- package/src/auth/authCommon.js +6 -0
- package/src/auth/authProvider.js +6 -1
- package/src/auth/storageAuthProvider.js +51 -6
- package/src/controllers/apps.js +342 -220
- package/src/controllers/auth.js +3 -1
- package/src/controllers/databaseConnections.js +1 -1
- package/src/controllers/files.js +6 -1
- package/src/controllers/serverConnections.js +2 -2
- package/src/controllers/sessions.js +17 -4
- package/src/controllers/storage.js +128 -4
- package/src/controllers/storageDb.js +331 -0
- package/src/controllers/teamFiles.js +250 -0
- package/src/controllers/uploads.js +66 -95
- package/src/currentVersion.js +2 -2
- package/src/main.js +3 -0
- package/src/proc/databaseConnectionProcess.js +0 -2
- package/src/storageModel.js +506 -37
- package/src/utility/hasPermission.js +51 -2
- package/src/gistSecret.js +0 -2
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "dbgate-api-premium",
|
|
3
3
|
"main": "src/index.js",
|
|
4
|
-
"version": "6.6.
|
|
4
|
+
"version": "6.6.4",
|
|
5
5
|
"homepage": "https://dbgate.org/",
|
|
6
6
|
"repository": {
|
|
7
7
|
"type": "git",
|
|
@@ -30,10 +30,10 @@
|
|
|
30
30
|
"compare-versions": "^3.6.0",
|
|
31
31
|
"cors": "^2.8.5",
|
|
32
32
|
"cross-env": "^6.0.3",
|
|
33
|
-
"dbgate-datalib": "^6.6.
|
|
34
|
-
"dbgate-query-splitter": "^4.11.
|
|
35
|
-
"dbgate-sqltree": "^6.6.
|
|
36
|
-
"dbgate-tools": "^6.6.
|
|
33
|
+
"dbgate-datalib": "^6.6.4",
|
|
34
|
+
"dbgate-query-splitter": "^4.11.7",
|
|
35
|
+
"dbgate-sqltree": "^6.6.4",
|
|
36
|
+
"dbgate-tools": "^6.6.4",
|
|
37
37
|
"debug": "^4.3.4",
|
|
38
38
|
"diff": "^5.0.0",
|
|
39
39
|
"diff2html": "^3.4.13",
|
|
@@ -86,7 +86,7 @@
|
|
|
86
86
|
"devDependencies": {
|
|
87
87
|
"@types/fs-extra": "^9.0.11",
|
|
88
88
|
"@types/lodash": "^4.14.149",
|
|
89
|
-
"dbgate-types": "^6.6.
|
|
89
|
+
"dbgate-types": "^6.6.4",
|
|
90
90
|
"env-cmd": "^10.1.0",
|
|
91
91
|
"jsdoc-to-markdown": "^9.0.5",
|
|
92
92
|
"node-loader": "^1.0.2",
|
package/src/auth/authCommon.js
CHANGED
|
@@ -10,7 +10,13 @@ function getTokenSecret() {
|
|
|
10
10
|
return tokenSecret;
|
|
11
11
|
}
|
|
12
12
|
|
|
13
|
+
function getStaticTokenSecret() {
|
|
14
|
+
// TODO static not fixed
|
|
15
|
+
return '14813c43-a91b-4ad1-9dcd-a81bd7dbb05f';
|
|
16
|
+
}
|
|
17
|
+
|
|
13
18
|
module.exports = {
|
|
14
19
|
getTokenLifetime,
|
|
15
20
|
getTokenSecret,
|
|
21
|
+
getStaticTokenSecret,
|
|
16
22
|
};
|
package/src/auth/authProvider.js
CHANGED
|
@@ -10,6 +10,7 @@ const logger = getLogger('authProvider');
|
|
|
10
10
|
|
|
11
11
|
class AuthProviderBase {
|
|
12
12
|
amoid = 'none';
|
|
13
|
+
skipInList = false;
|
|
13
14
|
|
|
14
15
|
async login(login, password, options = undefined, req = undefined) {
|
|
15
16
|
return {
|
|
@@ -53,7 +54,11 @@ class AuthProviderBase {
|
|
|
53
54
|
async getCurrentTablePermissions(req) {
|
|
54
55
|
return [];
|
|
55
56
|
}
|
|
56
|
-
|
|
57
|
+
|
|
58
|
+
async getCurrentFilePermissions(req) {
|
|
59
|
+
return [];
|
|
60
|
+
}
|
|
61
|
+
|
|
57
62
|
getLoginPageConnections() {
|
|
58
63
|
return null;
|
|
59
64
|
}
|
|
@@ -36,7 +36,18 @@ async function loadPermissionsForUserId(userId) {
|
|
|
36
36
|
return [...getPredefinedPermissions('logged-user'), ...loggedUserPermissions, ...rolePermissions, ...userPermissions];
|
|
37
37
|
}
|
|
38
38
|
|
|
39
|
+
function getBuiltinRoleIdFromRequest(req) {
|
|
40
|
+
if (req?.auth?.amoid == 'superadmin') {
|
|
41
|
+
return -3;
|
|
42
|
+
}
|
|
43
|
+
if (req?.auth?.userId) {
|
|
44
|
+
return -2;
|
|
45
|
+
}
|
|
46
|
+
return -1;
|
|
47
|
+
}
|
|
48
|
+
|
|
39
49
|
class SuperadminAuthProvider extends AuthProviderBase {
|
|
50
|
+
skipInList = true;
|
|
40
51
|
constructor() {
|
|
41
52
|
super();
|
|
42
53
|
this.amoid = 'superadmin';
|
|
@@ -58,6 +69,11 @@ class SuperadminAuthProvider extends AuthProviderBase {
|
|
|
58
69
|
return tablePermissions;
|
|
59
70
|
}
|
|
60
71
|
|
|
72
|
+
async getCurrentFilePermissions(req) {
|
|
73
|
+
const filePermissions = await readComplexRolePermissions(-3, 'role_files');
|
|
74
|
+
return filePermissions;
|
|
75
|
+
}
|
|
76
|
+
|
|
61
77
|
async checkCurrentConnectionPermission(req, conid) {
|
|
62
78
|
const res = await storageCheckRoleConnectionAccess(-3, conid);
|
|
63
79
|
return res;
|
|
@@ -97,6 +113,12 @@ class StorageProviderBase extends AuthProviderBase {
|
|
|
97
113
|
return tablePermissions;
|
|
98
114
|
}
|
|
99
115
|
|
|
116
|
+
async getCurrentFilePermissions(req) {
|
|
117
|
+
const userId = this.getUserIdFromRequest(req);
|
|
118
|
+
const filePermissions = await readComplexUserRolePermissions(userId, 'user_files', 'role_files');
|
|
119
|
+
return filePermissions;
|
|
120
|
+
}
|
|
121
|
+
|
|
100
122
|
async checkCurrentConnectionPermission(req, conid) {
|
|
101
123
|
const userId = this.getUserIdFromRequest(req);
|
|
102
124
|
const res = await storageCheckUserRoleConnectionAccess(userId, conid);
|
|
@@ -158,6 +180,11 @@ class AnonymousProvider extends StorageProviderBase {
|
|
|
158
180
|
return tablePermissions;
|
|
159
181
|
}
|
|
160
182
|
|
|
183
|
+
async getCurrentFilePermissions(req) {
|
|
184
|
+
const filePermissions = await readComplexRolePermissions(-1, 'role_files');
|
|
185
|
+
return filePermissions;
|
|
186
|
+
}
|
|
187
|
+
|
|
161
188
|
async checkCurrentConnectionPermission(req, conid) {
|
|
162
189
|
const res = await storageCheckRoleConnectionAccess(-1, conid);
|
|
163
190
|
return res;
|
|
@@ -353,11 +380,10 @@ class OauthProvider extends StorageProviderBase {
|
|
|
353
380
|
const scopeParam = this.config.oauthScope ? `&scope=${this.config.oauthScope}` : '';
|
|
354
381
|
return {
|
|
355
382
|
status: 'ok',
|
|
356
|
-
uri: `${this.config.oauthAuth}?client_id=${
|
|
357
|
-
|
|
358
|
-
|
|
359
|
-
|
|
360
|
-
)}${scopeParam}`,
|
|
383
|
+
uri: `${this.config.oauthAuth}?client_id=${this.config.oauthClient
|
|
384
|
+
}&response_type=code&redirect_uri=${encodeURIComponent(redirectUri)}&state=${encodeURIComponent(
|
|
385
|
+
state
|
|
386
|
+
)}${scopeParam}`,
|
|
361
387
|
};
|
|
362
388
|
}
|
|
363
389
|
|
|
@@ -537,6 +563,24 @@ class DatabaseProvider extends StorageProviderBase {
|
|
|
537
563
|
}
|
|
538
564
|
}
|
|
539
565
|
|
|
566
|
+
function validateEmail(email) {
|
|
567
|
+
return String(email)
|
|
568
|
+
.toLowerCase()
|
|
569
|
+
.match(
|
|
570
|
+
/^(([^<>()[\]\\.,;:\s@"]+(\.[^<>()[\]\\.,;:\s@"]+)*)|.(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/
|
|
571
|
+
);
|
|
572
|
+
}
|
|
573
|
+
|
|
574
|
+
function extractEmailFromMsEntraPayload(payload) {
|
|
575
|
+
for (const field of ['email', 'upn', 'unique_name']) {
|
|
576
|
+
const value = payload[field];
|
|
577
|
+
if (value && validateEmail(value)) {
|
|
578
|
+
return value;
|
|
579
|
+
}
|
|
580
|
+
}
|
|
581
|
+
return null;
|
|
582
|
+
}
|
|
583
|
+
|
|
540
584
|
class MsEntraProvider extends StorageProviderBase {
|
|
541
585
|
constructor(config) {
|
|
542
586
|
super(config);
|
|
@@ -555,7 +599,7 @@ class MsEntraProvider extends StorageProviderBase {
|
|
|
555
599
|
|
|
556
600
|
logger.info({ payload }, 'DBGM-00004 User payload returned from MS Entra');
|
|
557
601
|
|
|
558
|
-
const
|
|
602
|
+
const email = extractEmailFromMsEntraPayload(payload);
|
|
559
603
|
|
|
560
604
|
const loginRows = await storageSelectFmt('select * from ~users where ~email = %v', email);
|
|
561
605
|
|
|
@@ -660,4 +704,5 @@ function createStorageAuthProvider(config) {
|
|
|
660
704
|
module.exports = {
|
|
661
705
|
createStorageAuthProvider,
|
|
662
706
|
SuperadminAuthProvider,
|
|
707
|
+
getBuiltinRoleIdFromRequest
|
|
663
708
|
};
|