dbgate-api-premium 7.1.6 → 7.1.8-alpha.7

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "dbgate-api-premium",
   "main": "src/index.js",
-  "version": "7.1.6",
+  "version": "7.1.8-alpha.7",
   "homepage": "https://www.dbgate.io/",
   "repository": {
     "type": "git",
@@ -30,11 +30,11 @@
     "compare-versions": "^3.6.0",
     "cors": "^2.8.5",
     "cross-env": "^6.0.3",
-    "dbgate-datalib": "7.1.6",
+    "dbgate-datalib": "7.1.8-alpha.7",
     "dbgate-query-splitter": "^4.12.0",
-    "dbgate-rest": "7.1.6",
-    "dbgate-sqltree": "7.1.6",
-    "dbgate-tools": "7.1.6",
+    "dbgate-rest": "7.1.8-alpha.7",
+    "dbgate-sqltree": "7.1.8-alpha.7",
+    "dbgate-tools": "7.1.8-alpha.7",
     "debug": "^4.3.4",
     "diff": "^5.0.0",
     "diff2html": "^3.4.13",
@@ -88,7 +88,7 @@
   "devDependencies": {
     "@types/fs-extra": "^9.0.11",
     "@types/lodash": "^4.14.149",
-    "dbgate-types": "7.1.6",
+    "dbgate-types": "7.1.8-alpha.7",
     "env-cmd": "^10.1.0",
     "jsdoc-to-markdown": "^9.0.5",
     "node-loader": "^1.0.2",

package/src/auth/storageAuthProvider.js

@@ -592,7 +592,7 @@ function validateEmail(email) {
 }
 
 function extractEmailFromMsEntraPayload(payload) {
-  for (const field of ['email', 'upn', 'unique_name']) {
+  for (const field of ['email', 'preferred_username', 'upn', 'unique_name']) {
     const value = payload[field];
     if (value && validateEmail(value)) {
       return value;

package/src/controllers/connections.js

@@ -492,7 +492,61 @@ module.exports = {
       return mask && !platformInfo.allowShellConnection ? maskConnection(res) : encryptConnection(res);
     }
     const res = await this.datastore.get(conid);
-    return res || null;
+    if (res) return res;
+
+    // In a forked runner-script child process, ask the parent for connections that may be
+    // volatile (in-memory only, e.g. ask-for-password).  We only do this when
+    // there really is a parent (process.send exists) to avoid an infinite loop
+    // when the parent's own getCore falls through here.
+    // The check is intentionally narrow: only runner scripts pass
+    // --process-display-name script, so connect/session/ssh-forward subprocesses
+    // are not affected and continue to return null immediately.
+    if (process.send && processArgs.processDisplayName === 'script') {
+      const conn = await new Promise(resolve => {
+        let resolved = false;
+
+        const cleanup = () => {
+          process.removeListener('message', handler);
+          process.removeListener('disconnect', onDisconnect);
+          clearTimeout(timeout);
+        };
+
+        const settle = value => {
+          if (!resolved) {
+            resolved = true;
+            cleanup();
+            resolve(value);
+          }
+        };
+
+        const handler = message => {
+          if (message?.msgtype === 'volatile-connection-response' && message.conid === conid) {
+            settle(message.conn || null);
+          }
+        };
+
+        const onDisconnect = () => settle(null);
+
+        const timeout = setTimeout(() => settle(null), 5000);
+        // Don't let the timer alone keep the process alive if all other work is done
+        timeout.unref();
+
+        process.on('message', handler);
+        process.once('disconnect', onDisconnect);
+
+        try {
+          process.send({ msgtype: 'get-volatile-connection', conid });
+        } catch {
+          settle(null);
+        }
+      });
+      if (conn) {
+        volatileConnections[conn._id] = conn; // cache for subsequent calls
+        return conn;
+      }
+    }
+
+    return null;
   },
 
   get_meta: true,

package/src/controllers/jsldata.js

@@ -1,5 +1,8 @@
-const { filterName } = require('dbgate-tools');
+const { filterName, getLogger, extractErrorLogData } = require('dbgate-tools');
+const logger = getLogger('jsldata');
+const { jsldir, archivedir } = require('../utility/directories');
 const fs = require('fs');
+const path = require('path');
 const lineReader = require('line-reader');
 const _ = require('lodash');
 const { __ } = require('lodash/fp');
@@ -149,6 +152,10 @@ module.exports = {
 
   getRows_meta: true,
   async getRows({ jslid, offset, limit, filters, sort, formatterFunction }) {
+    const fileName = getJslFileName(jslid);
+    if (!fs.existsSync(fileName)) {
+      return [];
+    }
     const datastore = await this.ensureDatastore(jslid, formatterFunction);
     return datastore.getRows(offset, limit, _.isEmpty(filters) ? null : filters, _.isEmpty(sort) ? null : sort);
   },
@@ -159,6 +166,72 @@ module.exports = {
     return fs.existsSync(fileName);
   },
 
+  streamRows_meta: {
+    method: 'get',
+    raw: true,
+  },
+  streamRows(req, res) {
+    const { jslid } = req.query;
+    if (!jslid) {
+      res.status(400).json({ apiErrorMessage: 'Missing jslid' });
+      return;
+    }
+
+    // Reject file:// jslids — they resolve to arbitrary server-side paths
+    if (jslid.startsWith('file://')) {
+      res.status(403).json({ apiErrorMessage: 'Forbidden jslid scheme' });
+      return;
+    }
+
+    const fileName = getJslFileName(jslid);
+
+    if (!fs.existsSync(fileName)) {
+      res.status(404).json({ apiErrorMessage: 'File not found' });
+      return;
+    }
+
+    // Dereference symlinks and normalize case (Windows) before the allow-list check.
+    // realpathSync is safe here because existsSync confirmed the file is present.
+    // path.resolve() alone cannot dereference symlinks, so a symlink inside an allowed
+    // root could otherwise point to an arbitrary external path.
+    const normalize = p => (process.platform === 'win32' ? p.toLowerCase() : p);
+    const resolveRoot = r => { try { return fs.realpathSync(r); } catch { return path.resolve(r); } };
+
+    let realFile;
+    try {
+      realFile = fs.realpathSync(fileName);
+    } catch {
+      res.status(403).json({ apiErrorMessage: 'Forbidden path' });
+      return;
+    }
+
+    const allowedRoots = [jsldir(), archivedir()].map(r => normalize(resolveRoot(r)) + path.sep);
+    const isAllowed = allowedRoots.some(root => normalize(realFile).startsWith(root));
+    if (!isAllowed) {
+      logger.warn({ jslid, realFile }, 'DBGM-00000 streamRows rejected path outside allowed roots');
+      res.status(403).json({ apiErrorMessage: 'Forbidden path' });
+      return;
+    }
+    res.setHeader('Content-Type', 'application/x-ndjson');
+    res.setHeader('Cache-Control', 'no-cache');
+    const stream = fs.createReadStream(realFile, 'utf-8');
+
+    req.on('close', () => {
+      stream.destroy();
+    });
+
+    stream.on('error', err => {
+      logger.error(extractErrorLogData(err), 'DBGM-00000 Error streaming JSONL file');
+      if (!res.headersSent) {
+        res.status(500).json({ apiErrorMessage: 'Stream error' });
+      } else {
+        res.end();
+      }
+    });
+
+    stream.pipe(res);
+  },
+
   getStats_meta: true,
   getStats({ jslid }) {
     const file = `${getJslFileName(jslid)}.stats`;

package/src/controllers/queryHistory.js

@@ -33,19 +33,35 @@ function readCore(reader, skip, limit, filter) {
   });
 }
 
-module.exports = {
-  read_meta: true,
-  async read({ skip, limit, filter }) {
+function readJsonl({ skip, limit, filter }) {
+  return new Promise(async (resolve, reject) => {
     const fileName = path.join(datadir(), 'query-history.jsonl');
     // @ts-ignore
-    if (!(await fs.exists(fileName))) return [];
+    if (!(await fs.exists(fileName))) return resolve([]);
     const reader = fsReverse(fileName);
     const res = await readCore(reader, skip, limit, filter);
-    return res;
+    resolve(res);
+  });
+}
+
+module.exports = {
+  read_meta: true,
+  async read({ skip, limit, filter }, req) {
+    const storage = require('./storage');
+    const storageResult = await storage.readQueryHistory({ skip, limit, filter }, req);
+    if (storageResult) return storageResult;
+    return readJsonl({ skip, limit, filter });
   },
 
   write_meta: true,
-  async write({ data }) {
+  async write({ data }, req) {
+    const storage = require('./storage');
+    const written = await storage.writeQueryHistory({ data }, req);
+    if (written) {
+      socket.emit('query-history-changed');
+      return 'OK';
+    }
+
     const fileName = path.join(datadir(), 'query-history.jsonl');
     await fs.appendFile(fileName, JSON.stringify(data) + '\n');
     socket.emit('query-history-changed');

package/src/controllers/runners.js

@@ -196,6 +196,27 @@ module.exports = {
       // @ts-ignore
       const { msgtype } = message;
       if (handleProcessCommunication(message, subprocess)) return;
+      if (msgtype === 'get-volatile-connection') {
+        const connections = require('./connections');
+        // @ts-ignore
+        const conid = message.conid;
+        if (!conid || typeof conid !== 'string') return;
+        const trySend = payload => {
+          if (!subprocess.connected) return;
+          try {
+            subprocess.send(payload);
+          } catch {
+            // child disconnected between the check and the send — ignore
+          }
+        };
+        connections.getCore({ conid }).then(conn => {
+          trySend({ msgtype: 'volatile-connection-response', conid, conn: conn?.unsaved ? conn : null });
+        }).catch(err => {
+          logger.error({ ...extractErrorLogData(err), conid }, 'DBGM-00000 Error resolving volatile connection for child process');
+          trySend({ msgtype: 'volatile-connection-response', conid, conn: null });
+        });
+        return;
+      }
       this[`handle_${msgtype}`](runid, message);
     });
     return _.pick(newOpened, ['runid']);

package/src/controllers/storage.js

@@ -1282,4 +1282,111 @@ DbGate Team
 
     return { success: true };
   },
+
+  async readQueryHistory({ skip, limit, filter }, req) {
+    if (!process.env.STORAGE_DATABASE) {
+      return null;
+    }
+
+    const [conn, driver] = await getStorageConnection();
+    if (!conn) return null;
+
+    const userId = req?.user?.userId;
+    const roleId = req?.user?.roleId;
+
+    const conditions = [];
+
+    if (userId) {
+      conditions.push({
+        conditionType: 'binary',
+        operator: '=',
+        left: { exprType: 'column', columnName: 'user_id' },
+        right: { exprType: 'value', value: userId },
+      });
+    } else {
+      conditions.push({
+        conditionType: 'binary',
+        operator: '=',
+        left: { exprType: 'column', columnName: 'role_id' },
+        right: { exprType: 'value', value: roleId ?? -1 },
+      });
+    }
+
+    if (filter) {
+      conditions.push({
+        conditionType: 'or',
+        conditions: [
+          {
+            conditionType: 'like',
+            left: { exprType: 'column', columnName: 'sql' },
+            right: { exprType: 'value', value: `%${filter}%` },
+          },
+          {
+            conditionType: 'like',
+            left: { exprType: 'column', columnName: 'database' },
+            right: { exprType: 'value', value: `%${filter}%` },
+          },
+        ],
+      });
+    }
+
+    const select = {
+      commandType: 'select',
+      from: {
+        name: { pureName: 'query_history' },
+      },
+      columns: ['id', 'created', 'user_id', 'role_id', 'sql', 'conid', 'database'].map(columnName => ({
+        exprType: 'column',
+        columnName,
+      })),
+      orderBy: [{ exprType: 'column', columnName: 'id', direction: 'desc' }],
+    };
+
+    if (conditions.length > 1) {
+      select.where = { conditionType: 'and', conditions };
+    } else {
+      select.where = conditions[0];
+    }
+
+    if (limit || skip != null) {
+      select.range = {
+        limit,
+        offset: skip ?? 0,
+      };
+    }
+
+    const dmp = driver.createDumper();
+    dumpSqlSelect(dmp, select);
+    const resp = await driver.query(conn, dmp.s);
+
+    if (!resp || !resp.rows) return [];
+
+    return resp.rows.map(row => ({
+      sql: row.sql,
+      conid: row.conid,
+      database: row.database,
+      date: Number(row.created),
+    }));
+  },
+
+  async writeQueryHistory({ data }, req) {
+    if (!process.env.STORAGE_DATABASE) {
+      return false;
+    }
+
+    const userId = req?.user?.userId;
+    const roleId = req?.user?.roleId;
+
+    await storageSqlCommandFmt(
+      `^insert ^into ~query_history (~created, ~user_id, ~role_id, ~sql, ~conid, ~database) values (%v, %v, %v, %v, %v, %v)`,
+      data.date || new Date().getTime(),
+      userId || null,
+      userId ? null : roleId ?? -1,
+      data.sql || null,
+      data.conid || null,
+      data.database || null
+    );
+
+    return true;
+  },
 };

package/src/controllers/teamFiles.js

@@ -83,15 +83,42 @@ module.exports = {
     const readAll = hasPermission(`all-team-files/read`, loadedPermissions);
     const writeAll = hasPermission(`all-team-files/write`, loadedPermissions);
     const useAll = hasPermission(`all-team-files/use`, loadedPermissions);
-    if (readAll || writeAll || useAll) {
-      res = await storageListAllTeamFiles();
-      res = res?.map(item => ({ ...item, allow_read: readAll, allow_write: writeAll, allow_use: useAll }));
+    const hasAllGlobal = readAll && writeAll && useAll;
+    const hasAnyGlobal = readAll || writeAll || useAll;
+
+    if (hasAllGlobal) {
+      // All global flags granted, no need to query per-file permissions
+      res = (await storageListAllTeamFiles()) || [];
+      res = res.map(item => ({ ...item, allow_read: true, allow_write: true, allow_use: true }));
+    } else if (hasAnyGlobal) {
+      // Partial global permissions - merge with per-file permissions
+      const userId = req?.user?.userId;
+      let perFileRes = [];
+      if (userId) {
+        perFileRes = (await storageListTeamFilesForUser(userId)) || [];
+      } else {
+        perFileRes = (await storageListTeamFilesForRole(getBuiltinRoleIdFromRequest(req))) || [];
+      }
+      const allFiles = (await storageListAllTeamFiles()) || [];
+      const perFileMap = {};
+      for (const f of perFileRes) {
+        perFileMap[f.id] = f;
+      }
+      res = allFiles.map(item => {
+        const perFile = perFileMap[item.id];
+        return {
+          ...item,
+          allow_read: readAll || !!perFile?.allow_read,
+          allow_write: writeAll || !!perFile?.allow_write,
+          allow_use: useAll || !!perFile?.allow_use,
+        };
+      });
     } else {
       const userId = req?.user?.userId;
       if (userId) {
-        res = await storageListTeamFilesForUser(userId);
+        res = (await storageListTeamFilesForUser(userId)) || [];
       } else {
-        res = await storageListTeamFilesForRole(getBuiltinRoleIdFromRequest(req));
+        res = (await storageListTeamFilesForRole(getBuiltinRoleIdFromRequest(req))) || [];
       }
     }
     return (
@@ -120,21 +147,43 @@ module.exports = {
     const readAll = hasPermission(`all-team-files/read`, loadedPermissions);
     const writeAll = hasPermission(`all-team-files/write`, loadedPermissions);
     const useAll = hasPermission(`all-team-files/use`, loadedPermissions);
-    if (readAll || writeAll || useAll || createAll) {
-      res = await storageListAllTeamFolders();
-      res = res?.map(item => ({
-        ...item,
-        allow_create: createAll,
-        allow_read: readAll,
-        allow_write: writeAll,
-        allow_use: useAll,
-      }));
+    const hasAllGlobal = createAll && readAll && writeAll && useAll;
+    const hasAnyGlobal = readAll || writeAll || useAll || createAll;
+
+    if (hasAllGlobal) {
+      // All global flags granted, no need to query per-folder permissions
+      res = (await storageListAllTeamFolders()) || [];
+      res = res.map(item => ({ ...item, allow_create: true, allow_read: true, allow_write: true, allow_use: true }));
+    } else if (hasAnyGlobal) {
+      // Partial global permissions - merge with per-folder permissions
+      const userId = req?.user?.userId;
+      let perFolderRes = [];
+      if (userId) {
+        perFolderRes = (await storageListTeamFoldersForUser(userId)) || [];
+      } else {
+        perFolderRes = (await storageListTeamFoldersForRole(getBuiltinRoleIdFromRequest(req))) || [];
+      }
+      const allFolders = (await storageListAllTeamFolders()) || [];
+      const perFolderMap = {};
+      for (const f of perFolderRes) {
+        perFolderMap[f.id] = f;
+      }
+      res = allFolders.map(item => {
+        const perFolder = perFolderMap[item.id];
+        return {
+          ...item,
+          allow_create: createAll || !!perFolder?.allow_create,
+          allow_read: readAll || !!perFolder?.allow_read,
+          allow_write: writeAll || !!perFolder?.allow_write,
+          allow_use: useAll || !!perFolder?.allow_use,
+        };
+      });
     } else {
       const userId = req?.user?.userId;
       if (userId) {
-        res = await storageListTeamFoldersForUser(userId);
+        res = (await storageListTeamFoldersForUser(userId)) || [];
       } else {
-        res = await storageListTeamFoldersForRole(getBuiltinRoleIdFromRequest(req));
+        res = (await storageListTeamFoldersForRole(getBuiltinRoleIdFromRequest(req))) || [];
       }
     }
     return (

package/src/currentVersion.js

@@ -1,5 +1,5 @@
 
 module.exports = { 
-  version: '7.1.6',
-  buildTime: '2026-03-26T11:49:35.154Z'
+  version: '7.1.8-alpha.7',
+  buildTime: '2026-04-09T13:29:00.133Z'
 };

package/src/shell/runScript.js

@@ -7,6 +7,7 @@ async function runScript(func) {
   if (processArgs.checkParent) {
     childProcessChecker();
   }
+
   try {
     await func();
     process.exit(0);

package/src/storageModel.js

@@ -874,6 +874,114 @@ module.exports = {
         }
       ]
     },
+    {
+      "pureName": "query_history",
+      "columns": [
+        {
+          "pureName": "query_history",
+          "columnName": "id",
+          "dataType": "int",
+          "autoIncrement": true,
+          "notNull": true
+        },
+        {
+          "pureName": "query_history",
+          "columnName": "created",
+          "dataType": "bigint",
+          "notNull": true
+        },
+        {
+          "pureName": "query_history",
+          "columnName": "user_id",
+          "dataType": "int",
+          "notNull": false
+        },
+        {
+          "pureName": "query_history",
+          "columnName": "role_id",
+          "dataType": "int",
+          "notNull": false
+        },
+        {
+          "pureName": "query_history",
+          "columnName": "sql",
+          "dataType": "text",
+          "notNull": false
+        },
+        {
+          "pureName": "query_history",
+          "columnName": "conid",
+          "dataType": "varchar(100)",
+          "notNull": false
+        },
+        {
+          "pureName": "query_history",
+          "columnName": "database",
+          "dataType": "varchar(200)",
+          "notNull": false
+        }
+      ],
+      "foreignKeys": [
+        {
+          "constraintType": "foreignKey",
+          "constraintName": "FK_query_history_user_id",
+          "pureName": "query_history",
+          "refTableName": "users",
+          "deleteAction": "CASCADE",
+          "columns": [
+            {
+              "columnName": "user_id",
+              "refColumnName": "id"
+            }
+          ]
+        },
+        {
+          "constraintType": "foreignKey",
+          "constraintName": "FK_query_history_role_id",
+          "pureName": "query_history",
+          "refTableName": "roles",
+          "deleteAction": "CASCADE",
+          "columns": [
+            {
+              "columnName": "role_id",
+              "refColumnName": "id"
+            }
+          ]
+        }
+      ],
+      "indexes": [
+        {
+          "constraintName": "idx_query_history_user_id",
+          "pureName": "query_history",
+          "constraintType": "index",
+          "columns": [
+            {
+              "columnName": "user_id"
+            }
+          ]
+        },
+        {
+          "constraintName": "idx_query_history_role_id",
+          "pureName": "query_history",
+          "constraintType": "index",
+          "columns": [
+            {
+              "columnName": "role_id"
+            }
+          ]
+        }
+      ],
+      "primaryKey": {
+        "pureName": "query_history",
+        "constraintType": "primaryKey",
+        "constraintName": "PK_query_history",
+        "columns": [
+          {
+            "columnName": "id"
+          }
+        ]
+      }
+    },
     {
       "pureName": "roles",
       "columns": [