dbgate-api 6.6.1 → 6.6.3

package/src/controllers/files.js

@@ -3,7 +3,7 @@ const path = require('path');
 const crypto = require('crypto');
 const { filesdir, archivedir, resolveArchiveFolder, uploadsdir, appdir, jsldir } = require('../utility/directories');
 const getChartExport = require('../utility/getChartExport');
-const { hasPermission } = require('../utility/hasPermission');
+const { hasPermission, loadPermissionsFromRequest } = require('../utility/hasPermission');
 const socket = require('../utility/socket');
 const scheduler = require('./scheduler');
 const getDiagramExport = require('../utility/getDiagramExport');
@@ -31,7 +31,8 @@ function deserialize(format, text) {
 module.exports = {
   list_meta: true,
   async list({ folder }, req) {
-    if (!hasPermission(`files/${folder}/read`, req)) return [];
+    const loadedPermissions = await loadPermissionsFromRequest(req);
+    if (!hasPermission(`files/${folder}/read`, loadedPermissions)) return [];
     const dir = path.join(filesdir(), folder);
     if (!(await fs.exists(dir))) return [];
     const files = (await fs.readdir(dir)).map(file => ({ folder, file }));
@@ -40,10 +41,11 @@ module.exports = {
 
   listAll_meta: true,
   async listAll(_params, req) {
+    const loadedPermissions = await loadPermissionsFromRequest(req);
     const folders = await fs.readdir(filesdir());
     const res = [];
     for (const folder of folders) {
-      if (!hasPermission(`files/${folder}/read`, req)) continue;
+      if (!hasPermission(`files/${folder}/read`, loadedPermissions)) continue;
       const dir = path.join(filesdir(), folder);
       const files = (await fs.readdir(dir)).map(file => ({ folder, file }));
       res.push(...files);
@@ -53,7 +55,8 @@ module.exports = {
 
   delete_meta: true,
   async delete({ folder, file }, req) {
-    if (!hasPermission(`files/${folder}/write`, req)) return false;
+    const loadedPermissions = await loadPermissionsFromRequest(req);
+    if (!hasPermission(`files/${folder}/write`, loadedPermissions)) return false;
     if (!checkSecureFilePathsWithoutDirectory(folder, file)) {
       return false;
     }
@@ -65,7 +68,8 @@ module.exports = {
 
   rename_meta: true,
   async rename({ folder, file, newFile }, req) {
-    if (!hasPermission(`files/${folder}/write`, req)) return false;
+    const loadedPermissions = await loadPermissionsFromRequest(req);
+    if (!hasPermission(`files/${folder}/write`, loadedPermissions)) return false;
     if (!checkSecureFilePathsWithoutDirectory(folder, file, newFile)) {
       return false;
     }
@@ -86,10 +90,11 @@ module.exports = {
 
   copy_meta: true,
   async copy({ folder, file, newFile }, req) {
+    const loadedPermissions = await loadPermissionsFromRequest(req);
     if (!checkSecureFilePathsWithoutDirectory(folder, file, newFile)) {
       return false;
     }
-    if (!hasPermission(`files/${folder}/write`, req)) return false;
+    if (!hasPermission(`files/${folder}/write`, loadedPermissions)) return false;
     await fs.copyFile(path.join(filesdir(), folder, file), path.join(filesdir(), folder, newFile));
     socket.emitChanged(`files-changed`, { folder });
     socket.emitChanged(`all-files-changed`);
@@ -113,7 +118,8 @@ module.exports = {
       });
       return deserialize(format, text);
     } else {
-      if (!hasPermission(`files/${folder}/read`, req)) return null;
+      const loadedPermissions = await loadPermissionsFromRequest(req);
+      if (!hasPermission(`files/${folder}/read`, loadedPermissions)) return null;
       const text = await fs.readFile(path.join(filesdir(), folder, file), { encoding: 'utf-8' });
       return deserialize(format, text);
     }
@@ -131,18 +137,19 @@ module.exports = {
 
   save_meta: true,
   async save({ folder, file, data, format }, req) {
+    const loadedPermissions = await loadPermissionsFromRequest(req);
     if (!checkSecureFilePathsWithoutDirectory(folder, file)) {
       return false;
     }
 
     if (folder.startsWith('archive:')) {
-      if (!hasPermission(`archive/write`, req)) return false;
+      if (!hasPermission(`archive/write`, loadedPermissions)) return false;
       const dir = resolveArchiveFolder(folder.substring('archive:'.length));
       await fs.writeFile(path.join(dir, file), serialize(format, data));
       socket.emitChanged(`archive-files-changed`, { folder: folder.substring('archive:'.length) });
       return true;
     } else if (folder.startsWith('app:')) {
-      if (!hasPermission(`apps/write`, req)) return false;
+      if (!hasPermission(`apps/write`, loadedPermissions)) return false;
       const app = folder.substring('app:'.length);
       await fs.writeFile(path.join(appdir(), app, file), serialize(format, data));
       socket.emitChanged(`app-files-changed`, { app });
@@ -150,7 +157,7 @@ module.exports = {
       apps.emitChangedDbApp(folder);
       return true;
     } else {
-      if (!hasPermission(`files/${folder}/write`, req)) return false;
+      if (!hasPermission(`files/${folder}/write`, loadedPermissions)) return false;
       const dir = path.join(filesdir(), folder);
       if (!(await fs.exists(dir))) {
         await fs.mkdir(dir);
@@ -177,7 +184,8 @@ module.exports = {
 
   favorites_meta: true,
   async favorites(_params, req) {
-    if (!hasPermission(`files/favorites/read`, req)) return [];
+    const loadedPermissions = await loadPermissionsFromRequest(req);
+    if (!hasPermission(`files/favorites/read`, loadedPermissions)) return [];
     const dir = path.join(filesdir(), 'favorites');
     if (!(await fs.exists(dir))) return [];
     const files = await fs.readdir(dir);
@@ -234,16 +242,17 @@ module.exports = {
 
   getFileRealPath_meta: true,
   async getFileRealPath({ folder, file }, req) {
+    const loadedPermissions = await loadPermissionsFromRequest(req);
     if (folder.startsWith('archive:')) {
-      if (!hasPermission(`archive/write`, req)) return false;
+      if (!hasPermission(`archive/write`, loadedPermissions)) return false;
       const dir = resolveArchiveFolder(folder.substring('archive:'.length));
       return path.join(dir, file);
     } else if (folder.startsWith('app:')) {
-      if (!hasPermission(`apps/write`, req)) return false;
+      if (!hasPermission(`apps/write`, loadedPermissions)) return false;
       const app = folder.substring('app:'.length);
       return path.join(appdir(), app, file);
     } else {
-      if (!hasPermission(`files/${folder}/write`, req)) return false;
+      if (!hasPermission(`files/${folder}/write`, loadedPermissions)) return false;
       const dir = path.join(filesdir(), folder);
       if (!(await fs.exists(dir))) {
         await fs.mkdir(dir);
@@ -297,7 +306,8 @@ module.exports = {
 
   exportFile_meta: true,
   async exportFile({ folder, file, filePath }, req) {
-    if (!hasPermission(`files/${folder}/read`, req)) return false;
+    const loadedPermissions = await loadPermissionsFromRequest(req);
+    if (!hasPermission(`files/${folder}/read`, loadedPermissions)) return false;
     await fs.copyFile(path.join(filesdir(), folder, file), filePath);
     return true;
   },

package/src/controllers/plugins.js

@@ -7,7 +7,7 @@ const socket = require('../utility/socket');
 const compareVersions = require('compare-versions');
 const requirePlugin = require('../shell/requirePlugin');
 const downloadPackage = require('../utility/downloadPackage');
-const { hasPermission } = require('../utility/hasPermission');
+const { hasPermission, loadPermissionsFromRequest } = require('../utility/hasPermission');
 const _ = require('lodash');
 const packagedPluginsContent = require('../packagedPluginsContent');
 
@@ -118,7 +118,8 @@ module.exports = {
 
   install_meta: true,
   async install({ packageName }, req) {
-    if (!hasPermission(`plugins/install`, req)) return;
+    const loadedPermissions = await loadPermissionsFromRequest(req);
+    if (!hasPermission(`plugins/install`, loadedPermissions)) return;
     const dir = path.join(pluginsdir(), packageName);
     // @ts-ignore
     if (!(await fs.exists(dir))) {
@@ -132,7 +133,8 @@ module.exports = {
 
   uninstall_meta: true,
   async uninstall({ packageName }, req) {
-    if (!hasPermission(`plugins/install`, req)) return;
+    const loadedPermissions = await loadPermissionsFromRequest(req);
+    if (!hasPermission(`plugins/install`, loadedPermissions)) return;
     const dir = path.join(pluginsdir(), packageName);
     await fs.rmdir(dir, { recursive: true });
     socket.emitChanged(`installed-plugins-changed`);
@@ -143,7 +145,8 @@ module.exports = {
 
   upgrade_meta: true,
   async upgrade({ packageName }, req) {
-    if (!hasPermission(`plugins/install`, req)) return;
+    const loadedPermissions = await loadPermissionsFromRequest(req);
+    if (!hasPermission(`plugins/install`, loadedPermissions)) return;
     const dir = path.join(pluginsdir(), packageName);
     // @ts-ignore
     if (await fs.exists(dir)) {

package/src/controllers/runners.js

@@ -21,6 +21,7 @@ const processArgs = require('../utility/processArgs');
 const platformInfo = require('../utility/platformInfo');
 const { checkSecureDirectories, checkSecureDirectoriesInScript } = require('../utility/security');
 const { sendToAuditLog, logJsonRunnerScript } = require('../utility/auditlog');
+const { testStandardPermission } = require('../utility/hasPermission');
 const logger = getLogger('runners');
 
 function extractPlugins(script) {
@@ -273,6 +274,8 @@ module.exports = {
 
   start_meta: true,
   async start({ script }, req) {
+    await testStandardPermission('run-shell-script', req);
+    
     const runid = crypto.randomUUID();
 
     if (script.type == 'json') {

package/src/controllers/scheduler.js

@@ -3,7 +3,7 @@ const fs = require('fs-extra');
 const path = require('path');
 const cron = require('node-cron');
 const runners = require('./runners');
-const { hasPermission } = require('../utility/hasPermission');
+const { hasPermission, loadPermissionsFromRequest } = require('../utility/hasPermission');
 const { getLogger } = require('dbgate-tools');
 
 const logger = getLogger('scheduler');
@@ -30,7 +30,8 @@ module.exports = {
   },
 
   async reload(_params, req) {
-    if (!hasPermission('files/shell/read', req)) return;
+    const loadedPermissions = await loadPermissionsFromRequest(req);
+    if (!hasPermission('files/shell/read', loadedPermissions)) return;
     const shellDir = path.join(filesdir(), 'shell');
     await this.unload();
     if (!(await fs.exists(shellDir))) return;

package/src/controllers/serverConnections.js

@@ -8,7 +8,13 @@ const { handleProcessCommunication } = require('../utility/processComm');
 const lock = new AsyncLock();
 const config = require('./config');
 const processArgs = require('../utility/processArgs');
-const { testConnectionPermission } = require('../utility/hasPermission');
+const {
+  testConnectionPermission,
+  loadPermissionsFromRequest,
+  hasPermission,
+  loadDatabasePermissionsFromRequest,
+  getDatabasePermissionRole,
+} = require('../utility/hasPermission');
 const { MissingCredentialsError } = require('../utility/exceptions');
 const pipeForkLogs = require('../utility/pipeForkLogs');
 const { getLogger, extractErrorLogData } = require('dbgate-tools');
@@ -40,7 +46,7 @@ module.exports = {
     existing.status = status;
     socket.emitChanged(`server-status-changed`);
   },
-  handle_ping() {},
+  handle_ping() { },
   handle_response(conid, { msgid, ...response }) {
     const [resolve, reject] = this.requests[msgid];
     resolve(response);
@@ -135,7 +141,7 @@ module.exports = {
 
   disconnect_meta: true,
   async disconnect({ conid }, req) {
-    testConnectionPermission(conid, req);
+    await testConnectionPermission(conid, req);
     await this.close(conid, true);
     return { status: 'ok' };
   },
@@ -144,7 +150,9 @@ module.exports = {
   async listDatabases({ conid }, req) {
     if (!conid) return [];
     if (conid == '__model') return [];
-    testConnectionPermission(conid, req);
+    const loadedPermissions = await loadPermissionsFromRequest(req);
+
+    await testConnectionPermission(conid, req, loadedPermissions);
     const opened = await this.ensureOpened(conid);
     sendToAuditLog(req, {
       category: 'serverop',
@@ -157,12 +165,29 @@ module.exports = {
       sessionGroup: 'listDatabases',
       message: `Loaded databases for connection`,
     });
+
+    if (!hasPermission(`all-databases`, loadedPermissions)) {
+      // filter databases by permissions
+      const databasePermissions = await loadDatabasePermissionsFromRequest(req);
+      const res = [];
+      for (const db of opened?.databases ?? []) {
+        const databasePermissionRole = getDatabasePermissionRole(db.id, db.name, databasePermissions);
+        if (databasePermissionRole != 'deny') {
+          res.push({
+            ...db,
+            databasePermissionRole,
+          });
+        }
+      }
+      return res;
+    }
+
     return opened?.databases ?? [];
   },
 
   version_meta: true,
   async version({ conid }, req) {
-    testConnectionPermission(conid, req);
+    await testConnectionPermission(conid, req);
     const opened = await this.ensureOpened(conid);
     return opened?.version ?? null;
   },
@@ -202,7 +227,7 @@ module.exports = {
 
   refresh_meta: true,
   async refresh({ conid, keepOpen }, req) {
-    testConnectionPermission(conid, req);
+    await testConnectionPermission(conid, req);
     if (!keepOpen) this.close(conid);
 
     await this.ensureOpened(conid);
@@ -210,7 +235,7 @@ module.exports = {
   },
 
   async sendDatabaseOp({ conid, msgtype, name }, req) {
-    testConnectionPermission(conid, req);
+    await testConnectionPermission(conid, req);
     const opened = await this.ensureOpened(conid);
     if (!opened) {
       return null;
@@ -252,7 +277,7 @@ module.exports = {
   },
 
   async loadDataCore(msgtype, { conid, ...args }, req) {
-    testConnectionPermission(conid, req);
+    await testConnectionPermission(conid, req);
     const opened = await this.ensureOpened(conid);
     if (!opened) {
       return null;
@@ -270,13 +295,43 @@ module.exports = {
 
   serverSummary_meta: true,
   async serverSummary({ conid }, req) {
-    testConnectionPermission(conid, req);
+    await testConnectionPermission(conid, req);
+    logger.info({ conid }, 'DBGM-00260 Processing server summary');
     return this.loadDataCore('serverSummary', { conid });
   },
 
+  listDatabaseProcesses_meta: true,
+  async listDatabaseProcesses(ctx, req) {
+    const { conid } = ctx;
+    // logger.info({ conid }, 'DBGM-00261 Listing processes of database server');
+    testConnectionPermission(conid, req);
+
+    const opened = await this.ensureOpened(conid);
+    if (!opened) {
+      return null;
+    }
+    if (opened.connection.isReadOnly) return false;
+
+    return this.sendRequest(opened, { msgtype: 'listDatabaseProcesses' });
+  },
+
+  killDatabaseProcess_meta: true,
+  async killDatabaseProcess(ctx, req) {
+    const { conid, pid } = ctx;
+    testConnectionPermission(conid, req);
+
+    const opened = await this.ensureOpened(conid);
+    if (!opened) {
+      return null;
+    }
+    if (opened.connection.isReadOnly) return false;
+
+    return this.sendRequest(opened, { msgtype: 'killDatabaseProcess', pid });
+  },
+
   summaryCommand_meta: true,
   async summaryCommand({ conid, command, row }, req) {
-    testConnectionPermission(conid, req);
+    await testConnectionPermission(conid, req);
     const opened = await this.ensureOpened(conid);
     if (!opened) {
       return null;

package/src/controllers/sessions.js

@@ -12,6 +12,7 @@ const { getLogger, extractErrorLogData } = require('dbgate-tools');
 const pipeForkLogs = require('../utility/pipeForkLogs');
 const config = require('./config');
 const { sendToAuditLog } = require('../utility/auditlog');
+const { testStandardPermission, testDatabaseRolePermission } = require('../utility/hasPermission');
 
 const logger = getLogger('sessions');
 
@@ -94,7 +95,7 @@ module.exports = {
     socket.emit(`session-initialize-file-${jslid}`);
   },
 
-  handle_ping() {},
+  handle_ping() { },
 
   create_meta: true,
   async create({ conid, database }) {
@@ -148,10 +149,12 @@ module.exports = {
 
   executeQuery_meta: true,
   async executeQuery({ sesid, sql, autoCommit, autoDetectCharts, limitRows, frontMatter }, req) {
+    await testStandardPermission('dbops/query', req);
     const session = this.opened.find(x => x.sesid == sesid);
     if (!session) {
       throw new Error('Invalid session');
     }
+    await testDatabaseRolePermission(session.conid, session.database, 'run_script', req);
 
     sendToAuditLog(req, {
       category: 'dbop',

package/src/controllers/storage.js

@@ -13,10 +13,6 @@ module.exports = {
     return null;
   },
 
-  async loadSuperadminPermissions() {
-    return [];
-  },
-
   getConnectionsForLoginPage_meta: true,
   async getConnectionsForLoginPage() {
     return null;

package/src/currentVersion.js

@@ -1,5 +1,5 @@
 
 module.exports = { 
-  version: '6.6.1',
-  buildTime: '2025-08-14T15:32:31.645Z'
+  version: '6.6.3',
+  buildTime: '2025-09-01T13:24:11.293Z'
 };

package/src/index.js

@@ -5,6 +5,7 @@ const moment = require('moment');
 const path = require('path');
 const { logsdir, setLogsFilePath, getLogsFilePath } = require('./utility/directories');
 const currentVersion = require('./currentVersion');
+const _ = require('lodash');
 
 const logger = getLogger('apiIndex');
 
@@ -68,7 +69,7 @@ function configureLogger() {
             }
             const additionals = {};
             const finalMsg =
-              msg.msg && msg.msg.match(/^DBGM-\d\d\d\d\d/)
+              _.isString(msg.msg) && msg.msg.match(/^DBGM-\d\d\d\d\d/)
                 ? {
                     ...msg,
                     msg: msg.msg.substring(10).trimStart(),

package/src/proc/databaseConnectionProcess.js

@@ -17,13 +17,14 @@ const requireEngineDriver = require('../utility/requireEngineDriver');
 const { connectUtility } = require('../utility/connectUtility');
 const { handleProcessCommunication } = require('../utility/processComm');
 const generateDeploySql = require('../shell/generateDeploySql');
-const { dumpSqlSelect } = require('dbgate-sqltree');
+const { dumpSqlSelect, scriptToSql } = require('dbgate-sqltree');
 const { allowExecuteCustomScript, handleQueryStream } = require('../utility/handleQueryStream');
 const dbgateApi = require('../shell');
 const requirePlugin = require('../shell/requirePlugin');
 const path = require('path');
 const { rundir } = require('../utility/directories');
 const fs = require('fs-extra');
+const { changeSetToSql } = require('dbgate-datalib');
 
 const logger = getLogger('dbconnProcess');
 
@@ -348,6 +349,27 @@ async function handleUpdateCollection({ msgid, changeSet }) {
   }
 }
 
+async function handleSaveTableData({ msgid, changeSet }) {
+  await waitStructure();
+  try {
+    const driver = requireEngineDriver(storedConnection);
+    const script = driver.createSaveChangeSetScript(changeSet, analysedStructure, () =>
+      changeSetToSql(changeSet, analysedStructure, driver.dialect)
+    );
+    const sql = scriptToSql(driver, script);
+    await driver.script(dbhan, sql, { useTransaction: true });
+    process.send({ msgtype: 'response', msgid });
+  } catch (err) {
+    process.send({
+      msgtype: 'response',
+      msgid,
+      errorMessage: extractErrorMessage(err, 'Error executing SQL script'),
+    });
+  }
+
+
+}
+
 async function handleSqlPreview({ msgid, objects, options }) {
   await waitStructure();
   const driver = requireEngineDriver(storedConnection);
@@ -464,6 +486,7 @@ const messageHandlers = {
   runScript: handleRunScript,
   runOperation: handleRunOperation,
   updateCollection: handleUpdateCollection,
+  saveTableData: handleSaveTableData,
   collectionData: handleCollectionData,
   loadKeys: handleLoadKeys,
   scanKeys: handleScanKeys,

package/src/proc/serverConnectionProcess.js

@@ -146,6 +146,30 @@ async function handleServerSummary({ msgid }) {
   return handleDriverDataCore(msgid, driver => driver.serverSummary(dbhan));
 }
 
+async function handleKillDatabaseProcess({ msgid, pid }) {
+  await waitConnected();
+  const driver = requireEngineDriver(storedConnection);
+
+  try {
+    const result = await driver.killProcess(dbhan, Number(pid));
+    process.send({ msgtype: 'response', msgid, result });
+  } catch (err) {
+    process.send({ msgtype: 'response', msgid, errorMessage: err.message });
+  }
+}
+
+async function handleListDatabaseProcesses({ msgid }) {
+  await waitConnected();
+  const driver = requireEngineDriver(storedConnection);
+
+  try {
+    const result = await driver.listProcesses(dbhan);
+    process.send({ msgtype: 'response', msgid, result });
+  } catch (err) {
+    process.send({ msgtype: 'response', msgid, errorMessage: err.message });
+  }
+}
+
 async function handleSummaryCommand({ msgid, command, row }) {
   return handleDriverDataCore(msgid, driver => driver.summaryCommand(dbhan, command, row));
 }
@@ -154,6 +178,8 @@ const messageHandlers = {
   connect: handleConnect,
   ping: handlePing,
   serverSummary: handleServerSummary,
+  killDatabaseProcess: handleKillDatabaseProcess,
+  listDatabaseProcesses: handleListDatabaseProcesses,
   summaryCommand: handleSummaryCommand,
   createDatabase: props => handleDatabaseOp('createDatabase', props),
   dropDatabase: props => handleDatabaseOp('dropDatabase', props),