dbgate-api-premium 6.6.3 → 6.6.5

package/src/controllers/sessions.js

@@ -8,11 +8,13 @@ const path = require('path');
 const { handleProcessCommunication } = require('../utility/processComm');
 const processArgs = require('../utility/processArgs');
 const { appdir } = require('../utility/directories');
-const { getLogger, extractErrorLogData } = require('dbgate-tools');
+const { getLogger, extractErrorLogData, removeSqlFrontMatter } = require('dbgate-tools');
 const pipeForkLogs = require('../utility/pipeForkLogs');
 const config = require('./config');
 const { sendToAuditLog } = require('../utility/auditlog');
 const { testStandardPermission, testDatabaseRolePermission } = require('../utility/hasPermission');
+const { getStaticTokenSecret } = require('../auth/authCommon');
+const jwt = require('jsonwebtoken');
 
 const logger = getLogger('sessions');
 
@@ -95,7 +97,7 @@ module.exports = {
     socket.emit(`session-initialize-file-${jslid}`);
   },
 
-  handle_ping() { },
+  handle_ping() {},
 
   create_meta: true,
   async create({ conid, database }) {
@@ -149,12 +151,23 @@ module.exports = {
 
   executeQuery_meta: true,
   async executeQuery({ sesid, sql, autoCommit, autoDetectCharts, limitRows, frontMatter }, req) {
-    await testStandardPermission('dbops/query', req);
+    let useTokenIsOk = false;
+    if (frontMatter?.useToken) {
+      const decoded = jwt.verify(frontMatter.useToken, getStaticTokenSecret());
+      if (decoded?.['contentHash'] == crypto.createHash('md5').update(removeSqlFrontMatter(sql)).digest('hex')) {
+        useTokenIsOk = true;
+      }
+    }
+    if (!useTokenIsOk) {
+      await testStandardPermission('dbops/query', req);
+    }
     const session = this.opened.find(x => x.sesid == sesid);
     if (!session) {
       throw new Error('Invalid session');
     }
-    await testDatabaseRolePermission(session.conid, session.database, 'run_script', req);
+    if (!useTokenIsOk) {
+      await testDatabaseRolePermission(session.conid, session.database, 'run_script', req);
+    }
 
     sendToAuditLog(req, {
       category: 'dbop',

package/src/controllers/storage.js

@@ -14,6 +14,7 @@ const {
   storageSaveRelationDiff,
   selectStorageIdentity,
   storageSaveDetailPermissionsDiff,
+  saveStorageTeamFilesPermissions,
 } = require('./storageDb');
 const { hasPermission, loadPermissionsFromRequest } = require('../utility/hasPermission');
 const { changeSetToSql, removeSchemaFromChangeSet } = require('dbgate-datalib');
@@ -485,10 +486,39 @@ module.exports = {
         : (await storageSelectFmt('select ~connection_id from ~user_connections where ~user_id = %v', id)).map(
             x => x.connection_id
           );
+    const usedTeamFilesRead =
+      id == 'new'
+        ? []
+        : (
+            await storageSelectFmt(
+              'select ~team_file_id from ~user_team_files where ~user_id = %v and ~allow_read = 1',
+              id
+            )
+          ).map(x => x.team_file_id);
+    const usedTeamFilesWrite =
+      id == 'new'
+        ? []
+        : (
+            await storageSelectFmt(
+              'select ~team_file_id from ~user_team_files where ~user_id = %v and ~allow_write = 1',
+              id
+            )
+          ).map(x => x.team_file_id);
+    const usedTeamFilesUse =
+      id == 'new'
+        ? []
+        : (
+            await storageSelectFmt(
+              'select ~team_file_id from ~user_team_files where ~user_id = %v and ~allow_use = 1',
+              id
+            )
+          ).map(x => x.team_file_id);
     const databasePermissions =
       id == 'new' ? [] : await storageSelectFmt('select * from ~user_databases where ~user_id = %v', id);
     const tablePermissions =
       id == 'new' ? [] : await storageSelectFmt('select * from ~user_tables where ~user_id = %v', id);
+    const filePermissions =
+      id == 'new' ? [] : await storageSelectFmt('select * from ~user_files where ~user_id = %v', id);
 
     return {
       ...resp[0],
@@ -500,7 +530,11 @@ module.exports = {
       usedConnections,
       databasePermissions,
       tablePermissions,
+      filePermissions,
       encryptPassword: !!(resp[0]?.password?.startsWith('crypt:') || id == 'new'),
+      usedTeamFilesRead,
+      usedTeamFilesWrite,
+      usedTeamFilesUse,
     };
   },
 
@@ -508,8 +542,20 @@ module.exports = {
   async saveUserDetail(user) {
     const [conn, driver] = await getStorageConnection();
 
-    const { login, password, email, usedRoles, usedConnections, permissions, databasePermissions, tablePermissions } =
-      encryptUser(user);
+    const {
+      login,
+      password,
+      email,
+      usedRoles,
+      usedConnections,
+      usedTeamFilesRead,
+      usedTeamFilesWrite,
+      usedTeamFilesUse,
+      permissions,
+      databasePermissions,
+      tablePermissions,
+      filePermissions,
+    } = encryptUser(user);
     let id = user.id;
 
     if (id == null) {
@@ -538,6 +584,15 @@ module.exports = {
     await storageSaveRelationDiff('user_roles', 'user_id', 'role_id', id, usedRoles);
     await storageSaveRelationDiff('user_connections', 'user_id', 'connection_id', id, usedConnections);
 
+    await saveStorageTeamFilesPermissions(
+      'user_team_files',
+      'user_id',
+      id,
+      usedTeamFilesRead,
+      usedTeamFilesWrite,
+      usedTeamFilesUse
+    );
+
     await storageSaveDetailPermissionsDiff(
       'user_databases',
       'user_id',
@@ -564,6 +619,14 @@ module.exports = {
       tablePermissions
     );
 
+    await storageSaveDetailPermissionsDiff(
+      'user_files',
+      'user_id',
+      id,
+      ['folder_name', 'file_names_list', 'file_names_regex', 'file_permission_role_id'],
+      filePermissions
+    );
+
     return true;
   },
 
@@ -708,11 +771,39 @@ module.exports = {
         : (await storageSelectFmt('select ~connection_id from ~role_connections where ~role_id = %v', id)).map(
             x => x.connection_id
           );
+    const usedTeamFilesRead =
+      id == 'new'
+        ? []
+        : (
+            await storageSelectFmt(
+              'select ~team_file_id from ~role_team_files where ~role_id = %v and ~allow_read = 1',
+              id
+            )
+          ).map(x => x.team_file_id);
+    const usedTeamFilesWrite =
+      id == 'new'
+        ? []
+        : (
+            await storageSelectFmt(
+              'select ~team_file_id from ~role_team_files where ~role_id = %v and ~allow_write = 1',
+              id
+            )
+          ).map(x => x.team_file_id);
+    const usedTeamFilesUse =
+      id == 'new'
+        ? []
+        : (
+            await storageSelectFmt(
+              'select ~team_file_id from ~role_team_files where ~role_id = %v and ~allow_use = 1',
+              id
+            )
+          ).map(x => x.team_file_id);
     const databasePermissions =
       id == 'new' ? [] : await storageSelectFmt('select * from ~role_databases where ~role_id = %v', id);
     const tablePermissions =
       id == 'new' ? [] : await storageSelectFmt('select * from ~role_tables where ~role_id = %v', id);
-
+    const filePermissions =
+      id == 'new' ? [] : await storageSelectFmt('select * from ~role_files where ~role_id = %v', id);
 
     return {
       ...resp[0],
@@ -722,8 +813,12 @@ module.exports = {
       usedUsers,
       allConnections,
       usedConnections,
+      usedTeamFilesRead,
+      usedTeamFilesWrite,
+      usedTeamFilesUse,
       databasePermissions,
       tablePermissions,
+      filePermissions,
     };
   },
 
@@ -743,7 +838,18 @@ module.exports = {
   async saveRoleDetail(role) {
     const [conn, driver] = await getStorageConnection();
 
-    const { name, usedConnections, usedUsers, permissions, databasePermissions, tablePermissions } = role;
+    const {
+      name,
+      usedConnections,
+      usedUsers,
+      usedTeamFilesRead,
+      usedTeamFilesWrite,
+      usedTeamFilesUse,
+      permissions,
+      databasePermissions,
+      tablePermissions,
+      filePermissions,
+    } = role;
     let id = role.id;
 
     if (id == null) {
@@ -759,6 +865,16 @@ module.exports = {
     await storageSaveRelationDiff('user_roles', 'role_id', 'user_id', id, usedUsers);
     await storageSaveRelationDiff('role_connections', 'role_id', 'connection_id', id, usedConnections);
 
+    // await storageSaveRelationDiff('role_team_files', 'role_id', 'team_file_id', id, usedTeamFiles);
+    await saveStorageTeamFilesPermissions(
+      'role_team_files',
+      'role_id',
+      id,
+      usedTeamFilesRead,
+      usedTeamFilesWrite,
+      usedTeamFilesUse
+    );
+
     await storageSaveDetailPermissionsDiff(
       'role_databases',
       'role_id',
@@ -785,6 +901,14 @@ module.exports = {
       tablePermissions
     );
 
+    await storageSaveDetailPermissionsDiff(
+      'role_files',
+      'role_id',
+      id,
+      ['folder_name', 'file_names_list', 'file_names_regex', 'file_permission_role_id'],
+      filePermissions
+    );
+
     return true;
   },
 

package/src/controllers/storageDb.js

@@ -365,6 +365,44 @@ async function storageSaveDetailPermissionsDiff(table, idColumn, idValue, valueC
   }
 }
 
+async function saveStorageTeamFilesPermissions(
+  table,
+  idColumn,
+  idValue,
+  usedTeamFilesRead,
+  usedTeamFilesWrite,
+  usedTeamFilesUse
+) {
+  const [conn, driver] = await getStorageConnection();
+  if (!conn) {
+    return null;
+  }
+
+  const records = _.uniq([...usedTeamFilesRead, ...usedTeamFilesWrite, ...usedTeamFilesUse]).map(teamFileId => ({
+    team_file_id: teamFileId,
+    allow_read: usedTeamFilesRead.includes(teamFileId) ? 1 : 0,
+    allow_write: usedTeamFilesWrite.includes(teamFileId) ? 1 : 0,
+    allow_use: usedTeamFilesUse.includes(teamFileId) ? 1 : 0,
+  }));
+
+  await runQueryFmt(driver, conn, 'delete from %i where %i = %v', table, idColumn, idValue);
+
+  for (const record of records) {
+    await runQueryFmt(
+      driver,
+      conn,
+      'insert into %i (%i, ~team_file_id, ~allow_read, ~allow_write, ~allow_use) values (%v, %v, %v, %v, %v)',
+      table,
+      idColumn,
+      idValue,
+      record.team_file_id,
+      record.allow_read,
+      record.allow_write,
+      record.allow_use
+    );
+  }
+}
+
 function getStorageConnectionError() {
   return storageConnectionError;
 }
@@ -409,6 +447,285 @@ async function storageCheckUserRoleConnectionAccess(userId, conid) {
   return respByUser.length > 0 || respByRole.length > 0 || respByLogged.length > 0;
 }
 
+async function storageCreateTeamFile({ fileType, file, data, ownerUserId, metadata }) {
+  const [conn, driver] = await getStorageConnection();
+  if (!conn) {
+    return null;
+  }
+
+  const typeIdRows = await storageSelectFmt('select ~id from ~team_file_types where ~name = %v', fileType);
+  const typeId = typeIdRows?.[0]?.id;
+  if (!typeId) {
+    return null;
+  }
+  await storageSqlCommandFmt(
+    'insert into ~team_files (~file_type_id, ~file_name, ~file_content, ~owner_user_id, ~metadata) values (%v, %v, %v, %v, %v)',
+    typeId,
+    file,
+    data,
+    ownerUserId ?? null,
+    metadata
+  );
+  const teamFileId = await selectStorageIdentity('team_files');
+  return { teamFileId };
+}
+
+async function storageListTeamFilesForUser(userId) {
+  const [conn, driver] = await getStorageConnection();
+  if (!conn) {
+    return null;
+  }
+
+  const sqlCond =
+    additionalCond => `exists (select 1 from ~user_team_files where ~user_team_files.~user_id = ${userId} and ~user_team_files.~team_file_id = ~team_files.~id ${additionalCond(
+      'user_team_files'
+    )})) 
+    or (exists (select 1 from ~role_team_files where ~role_team_files.~role_id in (select ~role_id from ~user_roles where ~user_roles.~user_id = ${userId}) and ~role_team_files.~team_file_id = ~team_files.~id ${additionalCond(
+      'role_team_files'
+    )}))
+    or (exists (select 1 from ~role_team_files where ~role_team_files.~role_id = -2 and ~role_team_files.~team_file_id = ~team_files.~id ${additionalCond(
+      'role_team_files'
+    )})`;
+
+  const resp = await storageSelectFmt(
+    `
+    select ~team_files.~id, ~team_files.~file_name, ~team_files.~metadata, ~team_file_types.~name as ~type_name, ~team_files.~owner_user_id,
+
+    case when (
+    ${sqlCond(table => `and ~${table}.~allow_read = 1`)}
+    ) then 1 else 0 end as ~allow_read,
+    case when (
+    ${sqlCond(table => `and ~${table}.~allow_write = 1`)}
+    ) then 1 else 0 end as ~allow_write,
+    case when (
+    ${sqlCond(table => `and ~${table}.~allow_use = 1`)}
+    ) then 1 else 0 end as ~allow_use
+
+    from ~team_files
+    inner join ~team_file_types on ~team_files.~file_type_id = ~team_file_types.~id
+    where ~team_files.~owner_user_id = ${userId}
+    or (exists (select 1 from ~user_team_files where ~user_team_files.~user_id = ${userId} and ~user_team_files.~team_file_id = ~team_files.~id)) 
+    or (exists (select 1 from ~role_team_files where ~role_team_files.~role_id in (select ~role_id from ~user_roles where ~user_roles.~user_id = ${userId}) and ~role_team_files.~team_file_id = ~team_files.~id))
+    or (exists (select 1 from ~role_team_files where ~role_team_files.~role_id = -2 and ~role_team_files.~team_file_id = ~team_files.~id))`
+  );
+  return resp;
+}
+
+async function storageListAllTeamFiles() {
+  const [conn, driver] = await getStorageConnection();
+  if (!conn) {
+    return null;
+  }
+
+  const resp =
+    await storageSelectFmt(`select ~team_files.~id, ~team_files.~file_name, ~team_files.~metadata, ~team_file_types.~name as ~type_name, ~team_files.~owner_user_id 
+    from ~team_files inner join ~team_file_types on ~team_files.~file_type_id = ~team_file_types.~id`);
+  return resp;
+}
+
+async function storageListTeamFilesForRole(roleId) {
+  const [conn, driver] = await getStorageConnection();
+  if (!conn) {
+    return null;
+  }
+  const sqlCond = additionalCond =>
+    `exists (select 1 from ~role_team_files where ~role_team_files.~role_id = ${roleId} and ~role_team_files.~team_file_id = ~team_files.~id ${additionalCond(
+      'role_team_files'
+    )})`;
+
+  const resp = await storageSelectFmt(
+    `
+    select ~team_files.~id, ~team_files.~file_name, ~team_files.~metadata, ~team_file_types.~name as ~type_name, ~team_files.~owner_user_id,
+    case when (
+    ${sqlCond(table => `and ~${table}.~allow_read = 1`)}
+    ) then 1 else 0 end as ~allow_read,
+    case when (
+    ${sqlCond(table => `and ~${table}.~allow_write = 1`)}
+    ) then 1 else 0 end as ~allow_write,
+    case when (
+    ${sqlCond(table => `and ~${table}.~allow_use = 1`)}
+    ) then 1 else 0 end as ~allow_use
+    from ~team_files 
+    inner join ~team_file_types on ~team_files.~file_type_id = ~team_file_types.~id
+    where ~team_files.~owner_user_id = ${roleId}
+    or (${sqlCond(() => '')})`
+  );
+  return resp;
+}
+
+async function storageGetTeamFileUserAccess(teamFileId, userId) {
+  const [conn, driver] = await getStorageConnection();
+  if (!conn) {
+    return null;
+  }
+
+  const respUser = await storageSelectFmt(
+    'select allow_read, allow_write, allow_use from ~user_team_files where ~user_team_files.~user_id = %v and ~user_team_files.~team_file_id = %v',
+    userId,
+    teamFileId
+  );
+  const respRole = await storageSelectFmt(
+    'select allow_read, allow_write, allow_use from ~role_team_files where ~role_team_files.~role_id in (select ~role_id from ~user_roles where ~user_roles.~user_id = %v) and ~role_team_files.~team_file_id = %v',
+    userId,
+    teamFileId
+  );
+  const respFile = await storageSelectFmt(
+    'select owner_user_id from ~team_files where ~team_files.~id = %v',
+    teamFileId
+  );
+
+  const resp = {
+    allowRead: false,
+    allowWrite: false,
+    allowUse: false,
+    owner: false,
+  };
+
+  resp.owner = respFile?.[0]?.owner_user_id == userId;
+
+  for (const row of respUser) {
+    resp.allowRead ||= row.allow_read;
+    resp.allowWrite ||= row.allow_write;
+    resp.allowUse ||= row.allow_use;
+  }
+
+  for (const row of respRole) {
+    resp.allowRead ||= row.allow_read;
+    resp.allowWrite ||= row.allow_write;
+    resp.allowUse ||= row.allow_use;
+  }
+
+  return resp;
+}
+
+async function storageGetTeamFileRoleAccess(teamFileId, roleId) {
+  const [conn, driver] = await getStorageConnection();
+  if (!conn) {
+    return null;
+  }
+  const respRole = await storageSelectFmt(
+    'select allow_read, allow_write, allow_use from ~role_team_files where ~role_team_files.~role_id = %v and ~role_team_files.~team_file_id = %v',
+    roleId,
+    teamFileId
+  );
+  const resp = {
+    allowRead: false,
+    allowWrite: false,
+    allowUse: false,
+  };
+
+  for (const row of respRole) {
+    resp.allowRead ||= row.allow_read;
+    resp.allowWrite ||= row.allow_write;
+    resp.allowUse ||= row.allow_use;
+  }
+
+  return resp;
+}
+
+async function storageGetExistingFile(teamFileId) {
+  const [conn, driver] = await getStorageConnection();
+  if (!conn) {
+    return null;
+  }
+  const resp = await storageSelectFmt(
+    `select ~team_files.~id, ~team_files.~owner_user_id, ~team_file_types.~name as ~type_name
+    from ~team_files inner join ~team_file_types on ~team_files.~file_type_id = ~team_file_types.~id where ~team_files.~id = %v`,
+    teamFileId
+  );
+  return resp?.[0];
+}
+
+async function storageGetExistingFileWithContent(teamFileId) {
+  const [conn, driver] = await getStorageConnection();
+  if (!conn) {
+    return null;
+  }
+  const resp = await storageSelectFmt(
+    `select ~team_files.~id, ~team_files.~file_name, ~team_files.~owner_user_id, ~team_file_types.~name as ~type_name, ~team_files.~file_content, 
+      ~users.login as ~owner_login, ~users.~email as ~owner_email
+    from ~team_files inner join ~team_file_types on ~team_files.~file_type_id = ~team_file_types.~id 
+    left join ~users on ~team_files.~owner_user_id = ~users.~id
+    where ~team_files.~id = %v`,
+    teamFileId
+  );
+  return resp?.[0];
+}
+
+async function storageUpdateTeamFile({ teamFileId, data, name, metadata }) {
+  const [conn, driver] = await getStorageConnection();
+  if (!conn) {
+    return null;
+  }
+  if (data != null) {
+    await storageSqlCommandFmt(
+      'update ~team_files set ~file_content = %v, metadata = %v where ~id = %v',
+      data,
+      metadata,
+      teamFileId
+    );
+  }
+  if (name != null) {
+    await storageSqlCommandFmt('update ~team_files set ~file_name = %v where ~id = %v', name, teamFileId);
+  }
+  return true;
+}
+
+async function storageUpdateTeamFileAdmin({ teamFileId, name }) {
+  const [conn, driver] = await getStorageConnection();
+  if (!conn) {
+    return null;
+  }
+  await storageSqlCommandFmt('update ~team_files set ~file_name = %v where ~id = %v', name, teamFileId);
+  return true;
+}
+
+async function storageListAllAdminFiles() {
+  const [conn, driver] = await getStorageConnection();
+  if (!conn) {
+    return null;
+  }
+
+  const resp =
+    await storageSelectFmt(`select ~team_files.~id, ~team_files.~file_name, ~team_files.~metadata, ~team_file_types.~name as ~type_name 
+    from ~team_files inner join ~team_file_types on ~team_files.~file_type_id = ~team_file_types.~id`);
+  return resp;
+}
+
+async function storageDeleteFile(id) {
+  const [conn, driver] = await getStorageConnection();
+  if (!conn) {
+    return null;
+  }
+
+  await storageSqlCommandFmt('delete from ~team_files where ~id = %v', id);
+  return true;
+}
+
+async function storageCopyFile(id, newName, userId) {
+  const [conn, driver] = await getStorageConnection();
+  if (!conn) {
+    return null;
+  }
+  const resp = await storageSelectFmt(`select * from ~team_files where ~team_files.~id = %v`, id);
+
+  const existingFile = resp?.[0];
+  if (!existingFile) {
+    return null;
+  }
+
+  await storageSqlCommandFmt(
+    'insert into ~team_files (~file_type_id, ~file_name, ~file_content, ~owner_user_id, ~metadata) values (%v, %v, %v, %v, %v)',
+    existingFile.file_type_id,
+    newName,
+    existingFile.file_content,
+    userId,
+    existingFile.metadata
+  );
+  const teamFileId = await selectStorageIdentity('team_files');
+  return { teamFileId };
+}
+
 module.exports = {
   getStorageConnection,
   storageSelectFmt,
@@ -416,6 +733,7 @@ module.exports = {
   storageReadUserRolePermissions,
   storageReadUserPermissions,
   storageReadRolePermissions,
+  storageGetTeamFileUserAccess,
   loadSuperadminPermissions,
   storageReadConfig,
   storageWriteConfig,
@@ -428,4 +746,17 @@ module.exports = {
   readComplexRolePermissions,
   storageCheckRoleConnectionAccess,
   storageCheckUserRoleConnectionAccess,
+  storageCreateTeamFile,
+  storageGetExistingFile,
+  storageGetTeamFileRoleAccess,
+  storageListTeamFilesForUser,
+  storageListTeamFilesForRole,
+  storageUpdateTeamFile,
+  storageListAllTeamFiles,
+  storageGetExistingFileWithContent,
+  storageListAllAdminFiles,
+  storageUpdateTeamFileAdmin,
+  storageDeleteFile,
+  saveStorageTeamFilesPermissions,
+  storageCopyFile,
 };