dbgate-api-premium 6.6.3 → 6.6.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +6 -6
- package/src/auth/authCommon.js +6 -0
- package/src/auth/authProvider.js +6 -1
- package/src/auth/storageAuthProvider.js +51 -6
- package/src/controllers/apps.js +342 -220
- package/src/controllers/auth.js +3 -1
- package/src/controllers/databaseConnections.js +1 -1
- package/src/controllers/files.js +6 -1
- package/src/controllers/serverConnections.js +2 -2
- package/src/controllers/sessions.js +17 -4
- package/src/controllers/storage.js +128 -4
- package/src/controllers/storageDb.js +331 -0
- package/src/controllers/teamFiles.js +250 -0
- package/src/controllers/uploads.js +66 -95
- package/src/currentVersion.js +2 -2
- package/src/main.js +3 -0
- package/src/proc/databaseConnectionProcess.js +0 -2
- package/src/storageModel.js +506 -37
- package/src/utility/hasPermission.js +51 -2
- package/src/gistSecret.js +0 -2
|
@@ -85,6 +85,16 @@ async function loadTablePermissionsFromRequest(req) {
|
|
|
85
85
|
return tablePermissions;
|
|
86
86
|
}
|
|
87
87
|
|
|
88
|
+
async function loadFilePermissionsFromRequest(req) {
|
|
89
|
+
const authProvider = getAuthProviderFromReq(req);
|
|
90
|
+
if (!req) {
|
|
91
|
+
return null;
|
|
92
|
+
}
|
|
93
|
+
|
|
94
|
+
const filePermissions = await authProvider.getCurrentFilePermissions(req);
|
|
95
|
+
return filePermissions;
|
|
96
|
+
}
|
|
97
|
+
|
|
88
98
|
function matchDatabasePermissionRow(conid, database, permissionRow) {
|
|
89
99
|
if (permissionRow.connection_id) {
|
|
90
100
|
if (conid != permissionRow.connection_id) {
|
|
@@ -135,6 +145,27 @@ function matchTablePermissionRow(objectTypeField, schemaName, pureName, permissi
|
|
|
135
145
|
return true;
|
|
136
146
|
}
|
|
137
147
|
|
|
148
|
+
function matchFilePermissionRow(folder, file, permissionRow) {
|
|
149
|
+
if (permissionRow.folder_name) {
|
|
150
|
+
if (folder != permissionRow.folder_name) {
|
|
151
|
+
return false;
|
|
152
|
+
}
|
|
153
|
+
}
|
|
154
|
+
if (permissionRow.file_names_list) {
|
|
155
|
+
const items = permissionRow.file_names_list.split('\n');
|
|
156
|
+
if (!items.find(item => item.trim()?.toLowerCase() === file?.toLowerCase())) {
|
|
157
|
+
return false;
|
|
158
|
+
}
|
|
159
|
+
}
|
|
160
|
+
if (permissionRow.file_names_regex) {
|
|
161
|
+
const regex = new RegExp(permissionRow.file_names_regex, 'i');
|
|
162
|
+
if (!regex.test(file)) {
|
|
163
|
+
return false;
|
|
164
|
+
}
|
|
165
|
+
}
|
|
166
|
+
return true;
|
|
167
|
+
}
|
|
168
|
+
|
|
138
169
|
const DATABASE_ROLE_ID_NAMES = {
|
|
139
170
|
'-1': 'view',
|
|
140
171
|
'-2': 'read_content',
|
|
@@ -143,6 +174,11 @@ const DATABASE_ROLE_ID_NAMES = {
|
|
|
143
174
|
'-5': 'deny',
|
|
144
175
|
};
|
|
145
176
|
|
|
177
|
+
const FILE_ROLE_ID_NAMES = {
|
|
178
|
+
'-1': 'allow',
|
|
179
|
+
'-2': 'deny',
|
|
180
|
+
};
|
|
181
|
+
|
|
146
182
|
function getDatabaseRoleLevelIndex(roleName) {
|
|
147
183
|
if (!roleName) {
|
|
148
184
|
return 6;
|
|
@@ -198,6 +234,17 @@ function getDatabasePermissionRole(conid, database, loadedDatabasePermissions) {
|
|
|
198
234
|
return res;
|
|
199
235
|
}
|
|
200
236
|
|
|
237
|
+
function getFilePermissionRole(folder, file, loadedFilePermissions) {
|
|
238
|
+
let res = 'deny';
|
|
239
|
+
for (const permissionRow of loadedFilePermissions) {
|
|
240
|
+
if (!matchFilePermissionRow(folder, file, permissionRow)) {
|
|
241
|
+
continue;
|
|
242
|
+
}
|
|
243
|
+
res = FILE_ROLE_ID_NAMES[permissionRow.file_permission_role_id];
|
|
244
|
+
}
|
|
245
|
+
return res;
|
|
246
|
+
}
|
|
247
|
+
|
|
201
248
|
const TABLE_ROLE_ID_NAMES = {
|
|
202
249
|
'-1': 'read',
|
|
203
250
|
'-2': 'update_only',
|
|
@@ -280,7 +327,7 @@ async function testStandardPermission(permission, req, loadedPermissions) {
|
|
|
280
327
|
loadedPermissions = await loadPermissionsFromRequest(req);
|
|
281
328
|
}
|
|
282
329
|
if (!hasPermission(permission, loadedPermissions)) {
|
|
283
|
-
throw new Error(
|
|
330
|
+
throw new Error(`DBGM-00265 Permission ${permission} not granted`);
|
|
284
331
|
}
|
|
285
332
|
}
|
|
286
333
|
|
|
@@ -297,7 +344,7 @@ async function testDatabaseRolePermission(conid, database, requiredRole, req) {
|
|
|
297
344
|
const requiredIndex = getDatabaseRoleLevelIndex(requiredRole);
|
|
298
345
|
const roleIndex = getDatabaseRoleLevelIndex(role);
|
|
299
346
|
if (roleIndex < requiredIndex) {
|
|
300
|
-
throw new Error(
|
|
347
|
+
throw new Error(`DBGM-00266 Permission ${requiredRole} not granted`);
|
|
301
348
|
}
|
|
302
349
|
}
|
|
303
350
|
|
|
@@ -308,8 +355,10 @@ module.exports = {
|
|
|
308
355
|
loadPermissionsFromRequest,
|
|
309
356
|
loadDatabasePermissionsFromRequest,
|
|
310
357
|
loadTablePermissionsFromRequest,
|
|
358
|
+
loadFilePermissionsFromRequest,
|
|
311
359
|
getDatabasePermissionRole,
|
|
312
360
|
getTablePermissionRole,
|
|
361
|
+
getFilePermissionRole,
|
|
313
362
|
testStandardPermission,
|
|
314
363
|
testDatabaseRolePermission,
|
|
315
364
|
getTablePermissionRoleLevelIndex,
|
package/src/gistSecret.js
DELETED