dbgate-api 6.6.0 → 6.6.2

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "dbgate-api",
   "main": "src/index.js",
-  "version": "6.6.0",
+  "version": "6.6.2",
   "homepage": "https://dbgate.org/",
   "repository": {
     "type": "git",
@@ -30,10 +30,10 @@
     "compare-versions": "^3.6.0",
     "cors": "^2.8.5",
     "cross-env": "^6.0.3",
-    "dbgate-datalib": "^6.6.0",
+    "dbgate-datalib": "^6.6.2",
     "dbgate-query-splitter": "^4.11.5",
-    "dbgate-sqltree": "^6.6.0",
-    "dbgate-tools": "^6.6.0",
+    "dbgate-sqltree": "^6.6.2",
+    "dbgate-tools": "^6.6.2",
     "debug": "^4.3.4",
     "diff": "^5.0.0",
     "diff2html": "^3.4.13",
@@ -56,7 +56,7 @@
     "ncp": "^2.0.0",
     "node-cron": "^2.0.3",
     "on-finished": "^2.4.1",
-    "pinomin": "^1.0.4",
+    "pinomin": "^1.0.5",
     "portfinder": "^1.0.28",
     "rimraf": "^3.0.0",
     "semver": "^7.6.3",
@@ -86,7 +86,7 @@
   "devDependencies": {
     "@types/fs-extra": "^9.0.11",
     "@types/lodash": "^4.14.149",
-    "dbgate-types": "^6.6.0",
+    "dbgate-types": "^6.6.2",
     "env-cmd": "^10.1.0",
     "jsdoc-to-markdown": "^9.0.5",
     "node-loader": "^1.0.2",

package/src/auth/authProvider.js

@@ -36,12 +36,24 @@ class AuthProviderBase {
     return !!req?.user || !!req?.auth;
   }
 
-  getCurrentPermissions(req) {
+  async getCurrentPermissions(req) {
     const login = this.getCurrentLogin(req);
     const permissions = process.env[`LOGIN_PERMISSIONS_${login}`];
     return permissions || process.env.PERMISSIONS;
   }
 
+  async checkCurrentConnectionPermission(req, conid) {
+    return true;
+  }
+
+  async getCurrentDatabasePermissions(req) {
+    return [];
+  }
+
+  async getCurrentTablePermissions(req) {
+    return [];
+  }
+  
   getLoginPageConnections() {
     return null;
   }
@@ -94,7 +106,7 @@ class OAuthProvider extends AuthProviderBase {
       payload = jwt.decode(id_token);
     }
 
-    logger.info({ payload }, 'User payload returned from OAUTH');
+    logger.info({ payload }, 'DBGM-00002 User payload returned from OAUTH');
 
     const login =
       process.env.OAUTH_LOGIN_FIELD && payload && payload[process.env.OAUTH_LOGIN_FIELD]

package/src/controllers/archive.js

@@ -102,7 +102,7 @@ module.exports = {
         ...fileType('.matview.sql', 'matview.sql'),
       ];
     } catch (err) {
-      logger.error(extractErrorLogData(err), 'Error reading archive files');
+      logger.error(extractErrorLogData(err), 'DBGM-00001 Error reading archive files');
       return [];
     }
   },

package/src/controllers/auth.js

@@ -51,6 +51,7 @@ function authMiddleware(req, res, next) {
     '/auth/oauth-token',
     '/auth/login',
     '/auth/redirect',
+    '/redirect',
     '/stream',
     '/storage/get-connections-for-login-page',
     '/storage/set-admin-password',
@@ -99,7 +100,7 @@ function authMiddleware(req, res, next) {
       return next();
     }
 
-    logger.error(extractErrorLogData(err), 'Sending invalid token error');
+    logger.error(extractErrorLogData(err), 'DBGM-00098 Sending invalid token error');
 
     return unauthorizedResponse(req, res, 'invalid token');
   }
@@ -139,9 +140,9 @@ module.exports = {
         const accessToken = jwt.sign(
           {
             login: 'superadmin',
-            permissions: await storage.loadSuperadminPermissions(),
             roleId: -3,
             licenseUid,
+            amoid: 'superadmin',
           },
           getTokenSecret(),
           {

package/src/controllers/cloud.js

@@ -45,7 +45,7 @@ module.exports = {
       const resp = await callCloudApiGet('content-list');
       return resp;
     } catch (err) {
-      logger.error(extractErrorLogData(err), 'Error getting cloud content list');
+      logger.error(extractErrorLogData(err), 'DBGM-00099 Error getting cloud content list');
 
       return [];
     }

package/src/controllers/config.js

@@ -3,7 +3,7 @@ const os = require('os');
 const path = require('path');
 const axios = require('axios');
 const { datadir, getLogsFilePath } = require('../utility/directories');
-const { hasPermission } = require('../utility/hasPermission');
+const { hasPermission, loadPermissionsFromRequest } = require('../utility/hasPermission');
 const socket = require('../utility/socket');
 const _ = require('lodash');
 const AsyncLock = require('async-lock');
@@ -46,7 +46,7 @@ module.exports = {
   async get(_params, req) {
     const authProvider = getAuthProviderFromReq(req);
     const login = authProvider.getCurrentLogin(req);
-    const permissions = authProvider.getCurrentPermissions(req);
+    const permissions = await authProvider.getCurrentPermissions(req);
     const isUserLoggedIn = authProvider.isUserLoggedIn(req);
 
     const singleConid = authProvider.getSingleConnectionId(req);
@@ -280,7 +280,8 @@ module.exports = {
 
   updateSettings_meta: true,
   async updateSettings(values, req) {
-    if (!hasPermission(`settings/change`, req)) return false;
+    const loadedPermissions = await loadPermissionsFromRequest(req);
+    if (!hasPermission(`settings/change`, loadedPermissions)) return false;
     cachedSettingsValue = null;
 
     const res = await lock.acquire('settings', async () => {
@@ -392,7 +393,8 @@ module.exports = {
 
   exportConnectionsAndSettings_meta: true,
   async exportConnectionsAndSettings(_params, req) {
-    if (!hasPermission(`admin/config`, req)) {
+    const loadedPermissions = await loadPermissionsFromRequest(req);
+    if (!hasPermission(`admin/config`, loadedPermissions)) {
       throw new Error('Permission denied: admin/config');
     }
 
@@ -416,7 +418,8 @@ module.exports = {
 
   importConnectionsAndSettings_meta: true,
   async importConnectionsAndSettings({ db }, req) {
-    if (!hasPermission(`admin/config`, req)) {
+    const loadedPermissions = await loadPermissionsFromRequest(req);
+    if (!hasPermission(`admin/config`, loadedPermissions)) {
       throw new Error('Permission denied: admin/config');
     }
 

package/src/controllers/connections.js

@@ -14,7 +14,7 @@ const JsonLinesDatabase = require('../utility/JsonLinesDatabase');
 const processArgs = require('../utility/processArgs');
 const { safeJsonParse, getLogger, extractErrorLogData } = require('dbgate-tools');
 const platformInfo = require('../utility/platformInfo');
-const { connectionHasPermission, testConnectionPermission } = require('../utility/hasPermission');
+const { connectionHasPermission, testConnectionPermission, loadPermissionsFromRequest } = require('../utility/hasPermission');
 const pipeForkLogs = require('../utility/pipeForkLogs');
 const requireEngineDriver = require('../utility/requireEngineDriver');
 const { getAuthProviderById } = require('../auth/authProvider');
@@ -116,12 +116,12 @@ function getPortalCollections() {
       }
     }
 
-    logger.info({ connections: connections.map(pickSafeConnectionInfo) }, 'Using connections from ENV variables');
+    logger.info({ connections: connections.map(pickSafeConnectionInfo) }, 'DBGM-00005 Using connections from ENV variables');
     const noengine = connections.filter(x => !x.engine);
     if (noengine.length > 0) {
       logger.warn(
         { connections: noengine.map(x => x._id) },
-        'Invalid CONNECTIONS configuration, missing ENGINE for connection ID'
+        'DBGM-00006 Invalid CONNECTIONS configuration, missing ENGINE for connection ID'
       );
     }
     return connections;
@@ -227,6 +227,7 @@ module.exports = {
   list_meta: true,
   async list(_params, req) {
     const storage = require('./storage');
+    const loadedPermissions = await loadPermissionsFromRequest(req);
 
     const storageConnections = await storage.connections(req);
     if (storageConnections) {
@@ -234,9 +235,9 @@ module.exports = {
     }
     if (portalConnections) {
       if (platformInfo.allowShellConnection) return portalConnections;
-      return portalConnections.map(maskConnection).filter(x => connectionHasPermission(x, req));
+      return portalConnections.map(maskConnection).filter(x => connectionHasPermission(x, loadedPermissions));
     }
-    return (await this.datastore.find()).filter(x => connectionHasPermission(x, req));
+    return (await this.datastore.find()).filter(x => connectionHasPermission(x, loadedPermissions));
   },
 
   async getUsedEngines() {
@@ -375,7 +376,7 @@ module.exports = {
   update_meta: true,
   async update({ _id, values }, req) {
     if (portalConnections) return;
-    testConnectionPermission(_id, req);
+    await testConnectionPermission(_id, req);
     const res = await this.datastore.patch(_id, values);
     socket.emitChanged('connection-list-changed');
     return res;
@@ -392,7 +393,7 @@ module.exports = {
   updateDatabase_meta: true,
   async updateDatabase({ conid, database, values }, req) {
     if (portalConnections) return;
-    testConnectionPermission(conid, req);
+    await testConnectionPermission(conid, req);
     const conn = await this.datastore.get(conid);
     let databases = (conn && conn.databases) || [];
     if (databases.find(x => x.name == database)) {
@@ -410,7 +411,7 @@ module.exports = {
   delete_meta: true,
   async delete(connection, req) {
     if (portalConnections) return;
-    testConnectionPermission(connection, req);
+    await testConnectionPermission(connection, req);
     const res = await this.datastore.remove(connection._id);
     socket.emitChanged('connection-list-changed');
     return res;
@@ -452,7 +453,7 @@ module.exports = {
         _id: '__model',
       };
     }
-    testConnectionPermission(conid, req);
+    await testConnectionPermission(conid, req);
     return this.getCore({ conid, mask: true });
   },
 
@@ -530,7 +531,7 @@ module.exports = {
       socket.emit('got-volatile-token', { strmid, savedConId: conid, volatileConId: volatile._id });
       return { success: true };
     } catch (err) {
-      logger.error(extractErrorLogData(err), 'Error getting DB token');
+      logger.error(extractErrorLogData(err), 'DBGM-00100 Error getting DB token');
       return { error: err.message };
     }
   },
@@ -546,7 +547,7 @@ module.exports = {
       const resp = await authProvider.login(null, null, { conid: volatile._id }, req);
       return resp;
     } catch (err) {
-      logger.error(extractErrorLogData(err), 'Error getting DB token');
+      logger.error(extractErrorLogData(err), 'DBGM-00101 Error getting DB token');
       return { error: err.message };
     }
   },