dbgate-api 7.0.6 → 7.1.1

package/package.json

@@ -1,8 +1,8 @@
 {
   "name": "dbgate-api",
   "main": "src/index.js",
-  "version": "7.0.6",
-  "homepage": "https://dbgate.org/",
+  "version": "7.1.1",
+  "homepage": "https://www.dbgate.io/",
   "repository": {
     "type": "git",
     "url": "https://github.com/dbgate/dbgate.git"
@@ -30,10 +30,11 @@
     "compare-versions": "^3.6.0",
     "cors": "^2.8.5",
     "cross-env": "^6.0.3",
-    "dbgate-datalib": "^7.0.6",
-    "dbgate-query-splitter": "^4.11.9",
-    "dbgate-sqltree": "^7.0.6",
-    "dbgate-tools": "^7.0.6",
+    "dbgate-datalib": "^7.1.1",
+    "dbgate-query-splitter": "^4.12.0",
+    "dbgate-rest": "^7.1.1",
+    "dbgate-sqltree": "^7.1.1",
+    "dbgate-tools": "^7.1.1",
     "debug": "^4.3.4",
     "diff": "^5.0.0",
     "diff2html": "^3.4.13",
@@ -87,7 +88,7 @@
   "devDependencies": {
     "@types/fs-extra": "^9.0.11",
     "@types/lodash": "^4.14.149",
-    "dbgate-types": "^7.0.6",
+    "dbgate-types": "^7.1.1",
     "env-cmd": "^10.1.0",
     "jsdoc-to-markdown": "^9.0.5",
     "node-loader": "^1.0.2",

package/src/controllers/connections.js

@@ -202,7 +202,7 @@ module.exports = {
 
     const storageConnections = await storage.connections(req);
     if (storageConnections) {
-      return storageConnections;
+      return storageConnections.map(maskConnection);
     }
     if (portalConnections) {
       if (platformInfo.allowShellConnection) return portalConnections.map(x => encryptConnection(x));
@@ -484,7 +484,7 @@ module.exports = {
 
     const storageConnection = await storage.getConnection({ conid });
     if (storageConnection) {
-      return storageConnection;
+      return mask ? maskConnection(storageConnection) : storageConnection;
     }
 
     if (portalConnections) {
@@ -502,6 +502,9 @@ module.exports = {
         _id: '__model',
       };
     }
+    if (!conid) {
+      return null;
+    }
     await testConnectionPermission(conid, req);
     return this.getCore({ conid, mask: true });
   },

package/src/controllers/databaseConnections.js

@@ -15,6 +15,7 @@ const {
   getLogger,
   extractErrorLogData,
   filterStructureBySchema,
+  serializeJsTypesForJsonStringify,
 } = require('dbgate-tools');
 const { html, parse } = require('diff2html');
 const { handleProcessCommunication } = require('../utility/processComm');
@@ -165,6 +166,11 @@ module.exports = {
     if (!connection) {
       throw new Error(`databaseConnections: Connection with conid="${conid}" not found`);
     }
+
+    if (connection.engine?.endsWith('@rest')) {
+      return { isApiConnection: true };
+    }
+
     if (connection.passwordMode == 'askPassword' || connection.passwordMode == 'askUser') {
       throw new MissingCredentialsError({ conid, passwordMode: connection.passwordMode });
     }
@@ -219,12 +225,13 @@ module.exports = {
       this.close(conid, database, false);
     });
 
-    subprocess.send({
+    const connectMessage = serializeJsTypesForJsonStringify({
       msgtype: 'connect',
       connection: { ...connection, database },
       structure: lastClosed ? lastClosed.structure : null,
       globalSettings: await config.getSettings(),
     });
+    subprocess.send(connectMessage);
     return newOpened;
   },
 
@@ -234,7 +241,8 @@ module.exports = {
     const promise = new Promise((resolve, reject) => {
       this.requests[msgid] = [resolve, reject, additionalData];
       try {
-        conn.subprocess.send({ msgid, ...message });
+        const serializedMessage = serializeJsTypesForJsonStringify({ msgid, ...message });
+        conn.subprocess.send(serializedMessage);
       } catch (err) {
         logger.error(extractErrorLogData(err), 'DBGM-00115 Error sending request do process');
         this.close(conn.conid, conn.database);
@@ -468,6 +476,7 @@ module.exports = {
 
     const databasePermissions = await loadDatabasePermissionsFromRequest(req);
     const tablePermissions = await loadTablePermissionsFromRequest(req);
+    const databasePermissionRole = getDatabasePermissionRole(conid, database, databasePermissions);
     const fieldsAndRoles = [
       [changeSet.inserts, 'create_update_delete'],
       [changeSet.deletes, 'create_update_delete'],
@@ -482,7 +491,7 @@ module.exports = {
           operation.schemaName,
           operation.pureName,
           tablePermissions,
-          databasePermissions
+          databasePermissionRole
         );
         if (getTablePermissionRoleLevelIndex(role) < getTablePermissionRoleLevelIndex(requiredRole)) {
           throw new Error('DBGM-00262 Permission not granted');

package/src/controllers/restConnections.js

@@ -0,0 +1,41 @@
+module.exports = {
+  disconnect_meta: true,
+  async disconnect({ conid }, req) {
+    return null;
+  },
+
+  getApiInfo_meta: true,
+  async getApiInfo({ conid }, req) {
+    return null;
+  },
+
+  restStatus_meta: true,
+  async restStatus() {
+    return {};
+  },
+
+  ping_meta: true,
+  async ping({ conidArray, strmid }) {
+    return null;
+  },
+
+  refresh_meta: true,
+  async refresh({ conid, keepOpen }, req) {
+    return null;
+  },
+
+  testConnection_meta: true,
+  async testConnection({ conid }, req) {
+    return null;
+  },
+
+  execute_meta: true,
+  async execute({ conid, method, endpoint, parameters, server }, req) {
+    return null;
+  },
+
+  apiQuery_meta: true,
+  async apiQuery({ conid, server, query, variables }, req) {
+    return null;
+  },
+};

package/src/controllers/runners.js

@@ -172,7 +172,7 @@ module.exports = {
     byline(subprocess.stderr).on('data', pipeDispatcher('error'));
     subprocess.on('exit', code => {
       // console.log('... EXITED', code);
-      this.rejectRequest(runid, { message: 'No data returned, maybe input data source is too big' });
+      this.rejectRequest(runid, { message: 'DBGM-00281 No data returned, maybe input data source is too big' });
       logger.info({ code, pid: subprocess.pid }, 'DBGM-00016 Exited process');
       socket.emit(`runner-done-${runid}`, code);
       this.opened = this.opened.filter(x => x.runid != runid);
@@ -225,7 +225,7 @@ module.exports = {
     subprocess.on('exit', code => {
       console.log('... EXITED', code);
       logger.info({ code, pid: subprocess.pid }, 'DBGM-00017 Exited process');
-      this.dispatchMessage(runid, `Finished external process with code ${code}`);
+      this.dispatchMessage(runid, `DBGM-00282 Finished external process with code ${code}`);
       socket.emit(`runner-done-${runid}`, code);
       if (onFinished) {
         onFinished();
@@ -233,7 +233,7 @@ module.exports = {
       this.opened = this.opened.filter(x => x.runid != runid);
     });
     subprocess.on('spawn', () => {
-      this.dispatchMessage(runid, `Started external process ${command}`);
+      this.dispatchMessage(runid, `DBGM-00283 Started external process ${command}`);
     });
     subprocess.on('error', error => {
       console.log('... ERROR subprocess', error);
@@ -279,7 +279,7 @@ module.exports = {
     if (script.type == 'json') {
       if (!platformInfo.isElectron) {
         if (!checkSecureDirectoriesInScript(script)) {
-          return { errorMessage: 'Unallowed directories in script' };
+          return { errorMessage: 'DBGM-00284 Unallowed directories in script' };
         }
       }
 
@@ -299,10 +299,10 @@ module.exports = {
         action: 'script',
         severity: 'warn',
         detail: script,
-        message: 'Scripts are not allowed',
+        message: 'DBGM-00285 Scripts are not allowed',
       });
 
-      return { errorMessage: 'Shell scripting is not allowed' };
+      return { errorMessage: 'DBGM-00286 Shell scripting is not allowed' };
     }
 
     sendToAuditLog(req, {
@@ -312,7 +312,7 @@ module.exports = {
       action: 'script',
       severity: 'info',
       detail: script,
-      message: 'Running JS script',
+      message: 'DBGM-00287 Running JS script',
     });
 
     return this.startCore(runid, scriptTemplate(script, false));
@@ -327,7 +327,7 @@ module.exports = {
   async cancel({ runid }) {
     const runner = this.opened.find(x => x.runid == runid);
     if (!runner) {
-      throw new Error('Invalid runner');
+      throw new Error('DBGM-00288 Invalid runner');
     }
     runner.subprocess.kill();
     return { state: 'ok' };
@@ -353,7 +353,7 @@ module.exports = {
   async loadReader({ functionName, props }) {
     if (!platformInfo.isElectron) {
       if (props?.fileName && !checkSecureDirectories(props.fileName)) {
-        return { errorMessage: 'Unallowed file' };
+        return { errorMessage: 'DBGM-00289 Unallowed file' };
       }
     }
     const prefix = extractShellApiPlugins(functionName)
@@ -371,7 +371,7 @@ module.exports = {
   scriptResult_meta: true,
   async scriptResult({ script }) {
     if (script.type != 'json') {
-      return { errorMessage: 'Only JSON scripts are allowed' };
+      return { errorMessage: 'DBGM-00290 Only JSON scripts are allowed' };
     }
 
     const promise = new Promise(async (resolve, reject) => {

package/src/controllers/serverConnections.js

@@ -171,7 +171,7 @@ module.exports = {
       const databasePermissions = await loadDatabasePermissionsFromRequest(req);
       const res = [];
       for (const db of opened?.databases ?? []) {
-        const databasePermissionRole = getDatabasePermissionRole(db.id, db.name, databasePermissions);
+        const databasePermissionRole = getDatabasePermissionRole(conid, db.name, databasePermissions);
         if (databasePermissionRole != 'deny') {
           res.push({
             ...db,

package/src/currentVersion.js

@@ -1,5 +1,5 @@
 
 module.exports = { 
-  version: '7.0.6',
-  buildTime: '2026-02-13T08:57:16.844Z'
+  version: '7.1.1',
+  buildTime: '2026-02-27T15:10:31.914Z'
 };

package/src/main.js

@@ -14,6 +14,7 @@ const socket = require('./utility/socket');
 const connections = require('./controllers/connections');
 const serverConnections = require('./controllers/serverConnections');
 const databaseConnections = require('./controllers/databaseConnections');
+const restConnections = require('./controllers/restConnections');
 const metadata = require('./controllers/metadata');
 const sessions = require('./controllers/sessions');
 const runners = require('./controllers/runners');
@@ -267,6 +268,7 @@ function useAllControllers(app, electron) {
   useController(app, electron, '/auth', auth);
   useController(app, electron, '/cloud', cloud);
   useController(app, electron, '/team-files', teamFiles);
+  useController(app, electron, '/rest-connections', restConnections);
 }
 
 function setElectronSender(electronSender) {

package/src/proc/connectProcess.js

@@ -1,6 +1,6 @@
 const childProcessChecker = require('../utility/childProcessChecker');
 const requireEngineDriver = require('../utility/requireEngineDriver');
-const { connectUtility } = require('../utility/connectUtility');
+const { connectUtility, getRestAuthFromConnection } = require('../utility/connectUtility');
 const { handleProcessCommunication } = require('../utility/processComm');
 const { pickSafeConnectionInfo } = require('../utility/crypting');
 const _ = require('lodash');
@@ -29,6 +29,9 @@ function start() {
     try {
       const driver = requireEngineDriver(connection);
       const connectionChanged = driver?.beforeConnectionSave ? driver.beforeConnectionSave(connection) : connection;
+      if (driver?.databaseEngineTypes?.includes('rest')) {
+        connectionChanged.restAuth = getRestAuthFromConnection(connection);
+      }
 
       if (!connection.isVolatileResolved) {
         if (connectionChanged.useRedirectDbLogin) {

package/src/proc/index.js

@@ -1,6 +1,7 @@
 const connectProcess = require('./connectProcess');
 const databaseConnectionProcess = require('./databaseConnectionProcess');
 const serverConnectionProcess = require('./serverConnectionProcess');
+const restConnectionProcess = require('./restConnectionProcess');
 const sessionProcess = require('./sessionProcess');
 const jslDatastoreProcess = require('./jslDatastoreProcess');
 const sshForwardProcess = require('./sshForwardProcess');
@@ -9,6 +10,7 @@ module.exports = {
   connectProcess,
   databaseConnectionProcess,
   serverConnectionProcess,
+  restConnectionProcess,
   sessionProcess,
   jslDatastoreProcess,
   sshForwardProcess,

package/src/proc/restConnectionProcess.js

@@ -0,0 +1,7 @@
+const childProcessChecker = require('../utility/childProcessChecker');
+
+function start() {
+  childProcessChecker();
+}
+
+module.exports = { start };

package/src/shell/requirePlugin.js

@@ -4,7 +4,8 @@ const { pluginsdir, packagedPluginsDir, getPluginBackendPath } = require('../uti
 const platformInfo = require('../utility/platformInfo');
 const authProxy = require('../utility/authProxy');
 const { getLogger } = require('dbgate-tools');
-// 
+const { openApiDriver, graphQlDriver, oDataDriver } = require('dbgate-rest');
+//
 const logger = getLogger('requirePlugin');
 
 const loadedPlugins = {};
@@ -13,16 +14,21 @@ const dbgateEnv = {
   dbgateApi: null,
   platformInfo,
   authProxy,
-  isProApp: () =>{
+  isProApp: () => {
     const { isProApp } = require('../utility/checkLicense');
     return isProApp();
-  }
+  },
 };
 function requirePlugin(packageName, requiredPlugin = null) {
   if (!packageName) throw new Error('Missing packageName in plugin');
   if (loadedPlugins[packageName]) return loadedPlugins[packageName];
 
   if (requiredPlugin == null) {
+    if (packageName.endsWith('@rest') || packageName === 'rest') {
+      return {
+        drivers: [openApiDriver, graphQlDriver, oDataDriver],
+      };
+    }
     let module;
     const modulePath = getPluginBackendPath(packageName);
     logger.info(`DBGM-00062 Loading module ${packageName} from ${modulePath}`);

package/src/storageModel.js

@@ -850,84 +850,6 @@ module.exports = {
         }
       ]
     },
-    {
-      "pureName": "password_reset_tokens",
-      "columns": [
-        {
-          "pureName": "password_reset_tokens",
-          "columnName": "id",
-          "dataType": "int",
-          "autoIncrement": true,
-          "notNull": true
-        },
-        {
-          "pureName": "password_reset_tokens",
-          "columnName": "user_id",
-          "dataType": "int",
-          "notNull": true
-        },
-        {
-          "pureName": "password_reset_tokens",
-          "columnName": "token",
-          "dataType": "varchar(500)",
-          "notNull": true
-        },
-        {
-          "pureName": "password_reset_tokens",
-          "columnName": "created_at",
-          "dataType": "datetime",
-          "notNull": true
-        },
-        {
-          "pureName": "password_reset_tokens",
-          "columnName": "expires_at",
-          "dataType": "datetime",
-          "notNull": true
-        },
-        {
-          "pureName": "password_reset_tokens",
-          "columnName": "used_at",
-          "dataType": "datetime",
-          "notNull": false
-        }
-      ],
-      "foreignKeys": [
-        {
-          "constraintType": "foreignKey",
-          "constraintName": "FK_password_reset_tokens_user_id",
-          "pureName": "password_reset_tokens",
-          "refTableName": "users",
-          "columns": [
-            {
-              "columnName": "user_id",
-              "refColumnName": "id"
-            }
-          ]
-        }
-      ],
-      "indexes": [
-        {
-          "constraintName": "idx_token",
-          "pureName": "password_reset_tokens",
-          "constraintType": "index",
-          "columns": [
-            {
-              "columnName": "token"
-            }
-          ]
-        }
-      ],
-      "primaryKey": {
-        "pureName": "password_reset_tokens",
-        "constraintType": "primaryKey",
-        "constraintName": "PK_password_reset_tokens",
-        "columns": [
-          {
-            "columnName": "id"
-          }
-        ]
-      }
-    },
     {
       "pureName": "roles",
       "columns": [
@@ -2252,6 +2174,84 @@ module.exports = {
         ]
       }
     },
+    {
+      "pureName": "user_password_reset_tokens",
+      "columns": [
+        {
+          "pureName": "user_password_reset_tokens",
+          "columnName": "id",
+          "dataType": "int",
+          "autoIncrement": true,
+          "notNull": true
+        },
+        {
+          "pureName": "user_password_reset_tokens",
+          "columnName": "user_id",
+          "dataType": "int",
+          "notNull": true
+        },
+        {
+          "pureName": "user_password_reset_tokens",
+          "columnName": "token",
+          "dataType": "varchar(500)",
+          "notNull": true
+        },
+        {
+          "pureName": "user_password_reset_tokens",
+          "columnName": "created_at",
+          "dataType": "varchar(32)",
+          "notNull": true
+        },
+        {
+          "pureName": "user_password_reset_tokens",
+          "columnName": "expires_at",
+          "dataType": "varchar(32)",
+          "notNull": true
+        },
+        {
+          "pureName": "user_password_reset_tokens",
+          "columnName": "used_at",
+          "dataType": "varchar(32)",
+          "notNull": false
+        }
+      ],
+      "foreignKeys": [
+        {
+          "constraintType": "foreignKey",
+          "constraintName": "FK_user_password_reset_tokens_user_id",
+          "pureName": "user_password_reset_tokens",
+          "refTableName": "users",
+          "columns": [
+            {
+              "columnName": "user_id",
+              "refColumnName": "id"
+            }
+          ]
+        }
+      ],
+      "indexes": [
+        {
+          "constraintName": "idx_token",
+          "pureName": "user_password_reset_tokens",
+          "constraintType": "index",
+          "columns": [
+            {
+              "columnName": "token"
+            }
+          ]
+        }
+      ],
+      "primaryKey": {
+        "pureName": "user_password_reset_tokens",
+        "constraintType": "primaryKey",
+        "constraintName": "PK_user_password_reset_tokens",
+        "columns": [
+          {
+            "columnName": "id"
+          }
+        ]
+      }
+    },
     {
       "pureName": "user_permissions",
       "columns": [

package/src/utility/connectUtility.js

@@ -1,9 +1,10 @@
 const fs = require('fs-extra');
-const { decryptConnection } = require('./crypting');
+const { decryptConnection, decryptPasswordString } = require('./crypting');
 const { getSshTunnelProxy } = require('./sshTunnelProxy');
 const platformInfo = require('../utility/platformInfo');
 const connections = require('../controllers/connections');
 const _ = require('lodash');
+const axios = require('axios');
 
 async function loadConnection(driver, storedConnection, connectionMode) {
   const { allowShellConnection, allowConnectionFromEnvVariables } = platformInfo;
@@ -131,12 +132,39 @@ async function connectUtility(driver, storedConnection, connectionMode, addition
   }
 
   connection.ssl = await extractConnectionSslParams(connection);
+  connection.axios = axios.default;
 
   const conn = await driver.connect({ conid: connectionLoaded?._id, ...connection, ...additionalOptions });
   return conn;
 }
 
+function getRestAuthFromConnection(connection) {
+  if (!connection) return null;
+  if (connection.authType == 'basic') {
+    return {
+      type: 'basic',
+      user: connection.user,
+      password: decryptPasswordString(connection.password),
+    };
+  }
+  if (connection.authType == 'bearer') {
+    return {
+      type: 'bearer',
+      token: connection.authToken,
+    };
+  }
+  if (connection.authType == 'apikey') {
+    return {
+      type: 'apikey',
+      header: connection.apiKeyHeader,
+      value: connection.apiKeyValue,
+    };
+  }
+  return null;
+}
+
 module.exports = {
   extractConnectionSslParams,
   connectUtility,
+  getRestAuthFromConnection,
 };

package/src/utility/crypting.js

@@ -102,6 +102,26 @@ function decryptObjectPasswordField(obj, field, encryptor = null) {
 }
 
 const fieldsToEncrypt = ['password', 'sshPassword', 'sshKeyfilePassword', 'connectionDefinition'];
+const additionalFieldsToMask = [
+  'databaseUrl',
+  'server',
+  'port',
+  'user',
+  'sshBastionHost',
+  'sshHost',
+  'sshKeyFile',
+  'sshLogin',
+  'sshMode',
+  'sshPort',
+  'sslCaFile',
+  'sslCertFilePassword',
+  'sslKeyFile',
+  'sslRejectUnauthorized',
+  'secretAccessKey',
+  'accessKeyId',
+  'endpoint',
+  'endpointKey',
+];
 
 function encryptConnection(connection, encryptor = null) {
   if (connection.passwordMode != 'saveRaw') {
@@ -114,7 +134,7 @@ function encryptConnection(connection, encryptor = null) {
 
 function maskConnection(connection) {
   if (!connection) return connection;
-  return _.omit(connection, fieldsToEncrypt);
+  return _.omit(connection, [...fieldsToEncrypt, ...additionalFieldsToMask]);
 }
 
 function decryptConnection(connection) {

package/src/utility/envtools.js

@@ -25,8 +25,14 @@ function extractConnectionsFromEnv(env) {
     socketPath: env[`SOCKET_PATH_${id}`],
     serviceName: env[`SERVICE_NAME_${id}`],
     authType: env[`AUTH_TYPE_${id}`] || (env[`SOCKET_PATH_${id}`] ? 'socket' : undefined),
-    defaultDatabase: env[`DATABASE_${id}`] || (env[`FILE_${id}`] ? getDatabaseFileLabel(env[`FILE_${id}`]) : null),
-    singleDatabase: !!env[`DATABASE_${id}`] || !!env[`FILE_${id}`],
+    defaultDatabase:
+      env[`DATABASE_${id}`] ||
+      (env[`FILE_${id}`]
+        ? getDatabaseFileLabel(env[`FILE_${id}`])
+        : env[`APISERVERURL1_${id}`]
+        ? '_api_database_'
+        : null),
+    singleDatabase: !!env[`DATABASE_${id}`] || !!env[`FILE_${id}`] || !!env[`APISERVERURL1_${id}`],
     displayName: env[`LABEL_${id}`],
     isReadOnly: env[`READONLY_${id}`],
     databases: env[`DBCONFIG_${id}`] ? safeJsonParse(env[`DBCONFIG_${id}`]) : null,
@@ -54,6 +60,11 @@ function extractConnectionsFromEnv(env) {
     sslKeyFile: env[`SSL_KEY_FILE_${id}`],
     sslRejectUnauthorized: env[`SSL_REJECT_UNAUTHORIZED_${id}`],
     trustServerCertificate: env[`SSL_TRUST_CERTIFICATE_${id}`],
+
+    apiServerUrl1: env[`APISERVERURL1_${id}`],
+    apiServerUrl2: env[`APISERVERURL2_${id}`],
+    apiKeyHeader: env[`APIKEYHEADER_${id}`],
+    apiKeyValue: env[`APIKEYVALUE_${id}`],
   }));
 
   return connections;

package/src/utility/hasPermission.js

@@ -96,8 +96,9 @@ async function loadFilePermissionsFromRequest(req) {
 }
 
 function matchDatabasePermissionRow(conid, database, permissionRow) {
-  if (permissionRow.connection_id) {
-    if (conid != permissionRow.connection_id) {
+  const connectionIdentifier = permissionRow.connection_conid ?? permissionRow.connection_id;
+  if (connectionIdentifier) {
+    if (conid != connectionIdentifier) {
       return false;
     }
   }