dbgate-api 6.5.5 → 6.6.0

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "dbgate-api",
   "main": "src/index.js",
-  "version": "6.5.5",
+  "version": "6.6.0",
   "homepage": "https://dbgate.org/",
   "repository": {
     "type": "git",
@@ -30,10 +30,10 @@
     "compare-versions": "^3.6.0",
     "cors": "^2.8.5",
     "cross-env": "^6.0.3",
-    "dbgate-datalib": "^6.5.5",
+    "dbgate-datalib": "^6.6.0",
     "dbgate-query-splitter": "^4.11.5",
-    "dbgate-sqltree": "^6.5.5",
-    "dbgate-tools": "^6.5.5",
+    "dbgate-sqltree": "^6.6.0",
+    "dbgate-tools": "^6.6.0",
     "debug": "^4.3.4",
     "diff": "^5.0.0",
     "diff2html": "^3.4.13",
@@ -68,6 +68,7 @@
   },
   "scripts": {
     "start": "env-cmd -f .env node src/index.js --listen-api",
+    "start:debug": "env-cmd -f .env node --inspect src/index.js --listen-api",
     "start:portal": "env-cmd -f env/portal/.env node src/index.js --listen-api",
     "start:singledb": "env-cmd -f env/singledb/.env node src/index.js --listen-api",
     "start:auth": "env-cmd -f env/auth/.env node src/index.js --listen-api",
@@ -85,7 +86,7 @@
   "devDependencies": {
     "@types/fs-extra": "^9.0.11",
     "@types/lodash": "^4.14.149",
-    "dbgate-types": "^6.5.5",
+    "dbgate-types": "^6.6.0",
     "env-cmd": "^10.1.0",
     "jsdoc-to-markdown": "^9.0.5",
     "node-loader": "^1.0.2",

package/src/controllers/auth.js

@@ -21,7 +21,13 @@ const {
 } = require('../utility/cloudIntf');
 const socket = require('../utility/socket');
 const { sendToAuditLog } = require('../utility/auditlog');
-const { isLoginLicensed, LOGIN_LIMIT_ERROR } = require('../utility/loginchecker');
+const {
+  isLoginLicensed,
+  LOGIN_LIMIT_ERROR,
+  markTokenAsLoggedIn,
+  markUserAsActive,
+  markLoginAsLoggedOut,
+} = require('../utility/loginchecker');
 
 const logger = getLogger('auth');
 
@@ -61,6 +67,11 @@ function authMiddleware(req, res, next) {
 
   // const isAdminPage = req.headers['x-is-admin-page'] == 'true';
 
+  if (process.env.SKIP_ALL_AUTH) {
+    // API is not authorized for basic auth
+    return next();
+  }
+
   if (process.env.BASIC_AUTH) {
     // API is not authorized for basic auth
     return next();
@@ -79,7 +90,7 @@ function authMiddleware(req, res, next) {
   try {
     const decoded = jwt.verify(token, getTokenSecret());
     req.user = decoded;
-    storage.markUserAsActive(decoded.licenseUid);
+    markUserAsActive(decoded.licenseUid, token);
 
     return next();
   } catch (err) {
@@ -124,19 +135,23 @@ module.exports = {
           message: 'Administration login successful',
         });
 
+        const licenseUid = `superadmin`;
+        const accessToken = jwt.sign(
+          {
+            login: 'superadmin',
+            permissions: await storage.loadSuperadminPermissions(),
+            roleId: -3,
+            licenseUid,
+          },
+          getTokenSecret(),
+          {
+            expiresIn: getTokenLifetime(),
+          }
+        );
+        markTokenAsLoggedIn(licenseUid, accessToken);
+
         return {
-          accessToken: jwt.sign(
-            {
-              login: 'superadmin',
-              permissions: await storage.loadSuperadminPermissions(),
-              roleId: -3,
-              licenseUid: `superadmin`,
-            },
-            getTokenSecret(),
-            {
-              expiresIn: getTokenLifetime(),
-            }
-          ),
+          accessToken,
         };
       }
 
@@ -192,5 +207,17 @@ module.exports = {
     return tokenHolder;
   },
 
+  logoutAdmin_meta: true,
+  async logoutAdmin() {
+    await markLoginAsLoggedOut('superadmin');
+    return true;
+  },
+
+  logoutUser_meta: true,
+  async logoutUser({}, req) {
+    await markLoginAsLoggedOut(req?.user?.licenseUid);
+    return true;
+  },
+
   authMiddleware,
 };

package/src/controllers/cloud.js

@@ -16,6 +16,7 @@ const { getConnectionLabel, getLogger, extractErrorLogData } = require('dbgate-t
 const logger = getLogger('cloud');
 const _ = require('lodash');
 const fs = require('fs-extra');
+const { getAiGatewayServer } = require('../utility/authProxy');
 
 module.exports = {
   publicFiles_meta: true,
@@ -276,4 +277,17 @@ module.exports = {
     const resp = await callCloudApiPost(`content-folders/remove-user/${folid}`, { email });
     return resp;
   },
+
+  getAiGateway_meta: true,
+  async getAiGateway() {
+    return getAiGatewayServer();
+  },
+
+  // chatStream_meta: {
+  //   raw: true,
+  //   method: 'post',
+  // },
+  // chatStream(req, res) {
+  //   callChatStream(req.body, res);
+  // },
 };

package/src/controllers/config.js

@@ -16,7 +16,7 @@ const connections = require('../controllers/connections');
 const { getAuthProviderFromReq } = require('../auth/authProvider');
 const { checkLicense, checkLicenseKey } = require('../utility/checkLicense');
 const storage = require('./storage');
-const { getAuthProxyUrl } = require('../utility/authProxy');
+const { getAuthProxyUrl, tryToGetRefreshedLicense } = require('../utility/authProxy');
 const { getPublicHardwareFingerprint } = require('../utility/hardwareFingerprint');
 const { extractErrorMessage } = require('dbgate-tools');
 const {
@@ -109,6 +109,7 @@ module.exports = {
       ),
       isAdminPasswordMissing,
       isInvalidToken: req?.isInvalidToken,
+      skipAllAuth: !!process.env.SKIP_ALL_AUTH,
       adminPasswordState: adminConfig?.adminPasswordState,
       storageDatabase: process.env.STORAGE_DATABASE,
       logsFilePath: getLogsFilePath(),
@@ -191,6 +192,7 @@ module.exports = {
         return {
           ...this.fillMissingSettings(JSON.parse(settingsText)),
           'other.licenseKey': platformInfo.isElectron ? await this.loadLicenseKey() : undefined,
+          // 'other.licenseKey': await this.loadLicenseKey(),
         };
       }
     } catch (err) {
@@ -208,21 +210,34 @@ module.exports = {
   },
 
   saveLicenseKey_meta: true,
-  async saveLicenseKey({ licenseKey }) {
-    const decoded = jwt.decode(licenseKey?.trim());
-    if (!decoded) {
-      return {
-        status: 'error',
-        errorMessage: 'Invalid license key',
-      };
-    }
+  async saveLicenseKey({ licenseKey, forceSave = false, tryToRenew = false }) {
+    if (!forceSave) {
+      const decoded = jwt.decode(licenseKey?.trim());
+      if (!decoded) {
+        return {
+          status: 'error',
+          errorMessage: 'Invalid license key',
+        };
+      }
 
-    const { exp } = decoded;
-    if (exp * 1000 < Date.now()) {
-      return {
-        status: 'error',
-        errorMessage: 'License key is expired',
-      };
+      const { exp } = decoded;
+      if (exp * 1000 < Date.now()) {
+        let renewed = false;
+        if (tryToRenew) {
+          const newLicenseKey = await tryToGetRefreshedLicense(licenseKey);
+          if (newLicenseKey.status == 'ok') {
+            licenseKey = newLicenseKey.token;
+            renewed = true;
+          }
+        }
+
+        if (!renewed) {
+          return {
+            status: 'error',
+            errorMessage: 'License key is expired',
+          };
+        }
+      }
     }
 
     try {
@@ -297,7 +312,7 @@ module.exports = {
           // this.settingsValue = updated;
 
           if (currentValue['other.licenseKey'] != values['other.licenseKey']) {
-            await this.saveLicenseKey({ licenseKey: values['other.licenseKey'] });
+            await this.saveLicenseKey({ licenseKey: values['other.licenseKey'], forceSave: true });
             socket.emitChanged(`config-changed`);
           }
         }
@@ -327,6 +342,16 @@ module.exports = {
     return resp;
   },
 
+  getNewLicense_meta: true,
+  async getNewLicense({ oldLicenseKey }) {
+    const newLicenseKey = await tryToGetRefreshedLicense(oldLicenseKey);
+    const res = await checkLicenseKey(newLicenseKey.token);
+    if (res.status == 'ok') {
+      res.licenseKey = newLicenseKey.token;
+    }
+    return res;
+  },
+
   recryptDatabaseForExport(db) {
     const encryptionKey = generateTransportEncryptionKey();
     const transportEncryptor = createTransportEncryptor(encryptionKey);

package/src/controllers/storage.js

@@ -41,6 +41,4 @@ module.exports = {
   async getUsedEngines() {
     return null;
   },
-
-  markUserAsActive(licenseUid) {},
 };

package/src/currentVersion.js

@@ -1,5 +1,5 @@
 
 module.exports = { 
-  version: '6.5.5',
-  buildTime: '2025-07-04T07:10:46.574Z'
+  version: '6.6.0',
+  buildTime: '2025-07-25T07:23:15.741Z'
 };

package/src/storageModel.js

@@ -519,6 +519,12 @@ module.exports = {
           "dataType": "int",
           "notNull": false
         },
+        {
+          "pureName": "connections",
+          "columnName": "useSeparateSchemas",
+          "dataType": "int",
+          "notNull": false
+        },
         {
           "pureName": "connections",
           "columnName": "defaultDatabase",
@@ -668,6 +674,12 @@ module.exports = {
           "columnName": "awsRegion",
           "dataType": "varchar(250)",
           "notNull": false
+        },
+        {
+          "pureName": "connections",
+          "columnName": "connectionDefinition",
+          "dataType": "text",
+          "notNull": false
         }
       ],
       "foreignKeys": [],
@@ -682,6 +694,49 @@ module.exports = {
         ]
       }
     },
+    {
+      "pureName": "roles",
+      "columns": [
+        {
+          "pureName": "roles",
+          "columnName": "id",
+          "dataType": "int",
+          "autoIncrement": true,
+          "notNull": true
+        },
+        {
+          "pureName": "roles",
+          "columnName": "name",
+          "dataType": "varchar(250)",
+          "notNull": false
+        }
+      ],
+      "foreignKeys": [],
+      "primaryKey": {
+        "pureName": "roles",
+        "constraintType": "primaryKey",
+        "constraintName": "PK_roles",
+        "columns": [
+          {
+            "columnName": "id"
+          }
+        ]
+      },
+      "preloadedRows": [
+        {
+          "id": -1,
+          "name": "anonymous-user"
+        },
+        {
+          "id": -2,
+          "name": "logged-user"
+        },
+        {
+          "id": -3,
+          "name": "superadmin"
+        }
+      ]
+    },
     {
       "pureName": "role_connections",
       "columns": [
@@ -794,47 +849,45 @@ module.exports = {
       }
     },
     {
-      "pureName": "roles",
+      "pureName": "users",
       "columns": [
         {
-          "pureName": "roles",
+          "pureName": "users",
           "columnName": "id",
           "dataType": "int",
           "autoIncrement": true,
           "notNull": true
         },
         {
-          "pureName": "roles",
-          "columnName": "name",
+          "pureName": "users",
+          "columnName": "login",
+          "dataType": "varchar(250)",
+          "notNull": false
+        },
+        {
+          "pureName": "users",
+          "columnName": "password",
+          "dataType": "varchar(250)",
+          "notNull": false
+        },
+        {
+          "pureName": "users",
+          "columnName": "email",
           "dataType": "varchar(250)",
           "notNull": false
         }
       ],
       "foreignKeys": [],
       "primaryKey": {
-        "pureName": "roles",
+        "pureName": "users",
         "constraintType": "primaryKey",
-        "constraintName": "PK_roles",
+        "constraintName": "PK_users",
         "columns": [
           {
             "columnName": "id"
           }
         ]
-      },
-      "preloadedRows": [
-        {
-          "id": -1,
-          "name": "anonymous-user"
-        },
-        {
-          "id": -2,
-          "name": "logged-user"
-        },
-        {
-          "id": -3,
-          "name": "superadmin"
-        }
-      ]
+      }
     },
     {
       "pureName": "user_connections",
@@ -1008,47 +1061,6 @@ module.exports = {
           }
         ]
       }
-    },
-    {
-      "pureName": "users",
-      "columns": [
-        {
-          "pureName": "users",
-          "columnName": "id",
-          "dataType": "int",
-          "autoIncrement": true,
-          "notNull": true
-        },
-        {
-          "pureName": "users",
-          "columnName": "login",
-          "dataType": "varchar(250)",
-          "notNull": false
-        },
-        {
-          "pureName": "users",
-          "columnName": "password",
-          "dataType": "varchar(250)",
-          "notNull": false
-        },
-        {
-          "pureName": "users",
-          "columnName": "email",
-          "dataType": "varchar(250)",
-          "notNull": false
-        }
-      ],
-      "foreignKeys": [],
-      "primaryKey": {
-        "pureName": "users",
-        "constraintType": "primaryKey",
-        "constraintName": "PK_users",
-        "columns": [
-          {
-            "columnName": "id"
-          }
-        ]
-      }
     }
   ],
   "collections": [],

package/src/utility/authProxy.js

@@ -40,6 +40,16 @@ function getLicenseHttpHeaders() {
   return {};
 }
 
+async function tryToGetRefreshedLicense(oldLicenseKey) {
+  return {
+    status: 'error',
+  };
+}
+
+function getAiGatewayServer() {
+  return {};
+}
+
 module.exports = {
   isAuthProxySupported,
   authProxyGetRedirectUrl,
@@ -52,4 +62,6 @@ module.exports = {
   callCompleteOnCursorApi,
   callRefactorSqlQueryApi,
   getLicenseHttpHeaders,
+  tryToGetRefreshedLicense,
+  getAiGatewayServer,
 };

package/src/utility/cloudIntf.js

@@ -1,4 +1,5 @@
 const axios = require('axios');
+const crypto = require('crypto');
 const fs = require('fs-extra');
 const _ = require('lodash');
 const path = require('path');
@@ -216,7 +217,7 @@ async function updateCloudFiles(isRefresh) {
     {
       headers: {
         ...getLicenseHttpHeaders(),
-        ...(await getCloudSigninHeaders()),
+        ...(await getCloudInstanceHeaders()),
         'x-app-version': currentVersion.version,
       },
     }
@@ -300,6 +301,17 @@ async function callCloudApiGet(endpoint, signinHolder = null, additionalHeaders
   return resp.data;
 }
 
+async function getCloudInstanceHeaders() {
+  if (!(await fs.exists(path.join(datadir(), 'cloud-instance.txt')))) {
+    const newInstanceId = crypto.randomUUID();
+    await fs.writeFile(path.join(datadir(), 'cloud-instance.txt'), newInstanceId);
+  }
+  const instanceId = await fs.readFile(path.join(datadir(), 'cloud-instance.txt'), 'utf-8');
+  return {
+    'x-cloud-instance': instanceId,
+  };
+}
+
 async function callCloudApiPost(endpoint, body, signinHolder = null) {
   if (!signinHolder) {
     signinHolder = await getCloudSigninHolder();

package/src/utility/crypting.js

@@ -101,24 +101,26 @@ function decryptObjectPasswordField(obj, field, encryptor = null) {
   return obj;
 }
 
+const fieldsToEncrypt = ['password', 'sshPassword', 'sshKeyfilePassword', 'connectionDefinition'];
+
 function encryptConnection(connection, encryptor = null) {
   if (connection.passwordMode != 'saveRaw') {
-    connection = encryptObjectPasswordField(connection, 'password', encryptor);
-    connection = encryptObjectPasswordField(connection, 'sshPassword', encryptor);
-    connection = encryptObjectPasswordField(connection, 'sshKeyfilePassword', encryptor);
+    for (const field of fieldsToEncrypt) {
+      connection = encryptObjectPasswordField(connection, field, encryptor);
+    }
   }
   return connection;
 }
 
 function maskConnection(connection) {
   if (!connection) return connection;
-  return _.omit(connection, ['password', 'sshPassword', 'sshKeyfilePassword']);
+  return _.omit(connection, fieldsToEncrypt);
 }
 
-function decryptConnection(connection, encryptor = null) {
-  connection = decryptObjectPasswordField(connection, 'password', encryptor);
-  connection = decryptObjectPasswordField(connection, 'sshPassword', encryptor);
-  connection = decryptObjectPasswordField(connection, 'sshKeyfilePassword', encryptor);
+function decryptConnection(connection) {
+  for (const field of fieldsToEncrypt) {
+    connection = decryptObjectPasswordField(connection, field);
+  }
   return connection;
 }
 
@@ -188,9 +190,9 @@ function recryptObjectPasswordFieldInPlace(obj, field, decryptEncryptor, encrypt
 }
 
 function recryptConnection(connection, decryptEncryptor, encryptEncryptor) {
-  connection = recryptObjectPasswordField(connection, 'password', decryptEncryptor, encryptEncryptor);
-  connection = recryptObjectPasswordField(connection, 'sshPassword', decryptEncryptor, encryptEncryptor);
-  connection = recryptObjectPasswordField(connection, 'sshKeyfilePassword', decryptEncryptor, encryptEncryptor);
+  for (const field of fieldsToEncrypt) {
+    connection = recryptObjectPasswordField(connection, field, decryptEncryptor, encryptEncryptor);
+  }
   return connection;
 }
 

package/src/utility/loginchecker.js

@@ -1,15 +1,18 @@
 // only in DbGate Premium
 
-function markUserAsActive(licenseUid) {}
+function markUserAsActive(licenseUid, token) {}
 
 async function isLoginLicensed(req, licenseUid) {
   return true;
 }
 
+function markLoginAsLoggedOut(licenseUid) {}
+
 const LOGIN_LIMIT_ERROR = '';
 
 module.exports = {
   markUserAsActive,
   isLoginLicensed,
+  markLoginAsLoggedOut,
   LOGIN_LIMIT_ERROR,
 };