dbgate-api 7.1.5 → 7.1.8-alpha.7

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "dbgate-api",
   "main": "src/index.js",
-  "version": "7.1.5",
+  "version": "7.1.8-alpha.7",
   "homepage": "https://www.dbgate.io/",
   "repository": {
     "type": "git",
@@ -30,11 +30,11 @@
     "compare-versions": "^3.6.0",
     "cors": "^2.8.5",
     "cross-env": "^6.0.3",
-    "dbgate-datalib": "7.1.5",
+    "dbgate-datalib": "7.1.8-alpha.7",
     "dbgate-query-splitter": "^4.12.0",
-    "dbgate-rest": "7.1.5",
-    "dbgate-sqltree": "7.1.5",
-    "dbgate-tools": "7.1.5",
+    "dbgate-rest": "7.1.8-alpha.7",
+    "dbgate-sqltree": "7.1.8-alpha.7",
+    "dbgate-tools": "7.1.8-alpha.7",
     "debug": "^4.3.4",
     "diff": "^5.0.0",
     "diff2html": "^3.4.13",
@@ -88,7 +88,7 @@
   "devDependencies": {
     "@types/fs-extra": "^9.0.11",
     "@types/lodash": "^4.14.149",
-    "dbgate-types": "7.1.5",
+    "dbgate-types": "7.1.8-alpha.7",
     "env-cmd": "^10.1.0",
     "jsdoc-to-markdown": "^9.0.5",
     "node-loader": "^1.0.2",

package/src/controllers/connections.js

@@ -492,7 +492,61 @@ module.exports = {
       return mask && !platformInfo.allowShellConnection ? maskConnection(res) : encryptConnection(res);
     }
     const res = await this.datastore.get(conid);
-    return res || null;
+    if (res) return res;
+
+    // In a forked runner-script child process, ask the parent for connections that may be
+    // volatile (in-memory only, e.g. ask-for-password).  We only do this when
+    // there really is a parent (process.send exists) to avoid an infinite loop
+    // when the parent's own getCore falls through here.
+    // The check is intentionally narrow: only runner scripts pass
+    // --process-display-name script, so connect/session/ssh-forward subprocesses
+    // are not affected and continue to return null immediately.
+    if (process.send && processArgs.processDisplayName === 'script') {
+      const conn = await new Promise(resolve => {
+        let resolved = false;
+
+        const cleanup = () => {
+          process.removeListener('message', handler);
+          process.removeListener('disconnect', onDisconnect);
+          clearTimeout(timeout);
+        };
+
+        const settle = value => {
+          if (!resolved) {
+            resolved = true;
+            cleanup();
+            resolve(value);
+          }
+        };
+
+        const handler = message => {
+          if (message?.msgtype === 'volatile-connection-response' && message.conid === conid) {
+            settle(message.conn || null);
+          }
+        };
+
+        const onDisconnect = () => settle(null);
+
+        const timeout = setTimeout(() => settle(null), 5000);
+        // Don't let the timer alone keep the process alive if all other work is done
+        timeout.unref();
+
+        process.on('message', handler);
+        process.once('disconnect', onDisconnect);
+
+        try {
+          process.send({ msgtype: 'get-volatile-connection', conid });
+        } catch {
+          settle(null);
+        }
+      });
+      if (conn) {
+        volatileConnections[conn._id] = conn; // cache for subsequent calls
+        return conn;
+      }
+    }
+
+    return null;
   },
 
   get_meta: true,

package/src/controllers/jsldata.js

@@ -1,5 +1,8 @@
-const { filterName } = require('dbgate-tools');
+const { filterName, getLogger, extractErrorLogData } = require('dbgate-tools');
+const logger = getLogger('jsldata');
+const { jsldir, archivedir } = require('../utility/directories');
 const fs = require('fs');
+const path = require('path');
 const lineReader = require('line-reader');
 const _ = require('lodash');
 const { __ } = require('lodash/fp');
@@ -149,6 +152,10 @@ module.exports = {
 
   getRows_meta: true,
   async getRows({ jslid, offset, limit, filters, sort, formatterFunction }) {
+    const fileName = getJslFileName(jslid);
+    if (!fs.existsSync(fileName)) {
+      return [];
+    }
     const datastore = await this.ensureDatastore(jslid, formatterFunction);
     return datastore.getRows(offset, limit, _.isEmpty(filters) ? null : filters, _.isEmpty(sort) ? null : sort);
   },
@@ -159,6 +166,72 @@ module.exports = {
     return fs.existsSync(fileName);
   },
 
+  streamRows_meta: {
+    method: 'get',
+    raw: true,
+  },
+  streamRows(req, res) {
+    const { jslid } = req.query;
+    if (!jslid) {
+      res.status(400).json({ apiErrorMessage: 'Missing jslid' });
+      return;
+    }
+
+    // Reject file:// jslids — they resolve to arbitrary server-side paths
+    if (jslid.startsWith('file://')) {
+      res.status(403).json({ apiErrorMessage: 'Forbidden jslid scheme' });
+      return;
+    }
+
+    const fileName = getJslFileName(jslid);
+
+    if (!fs.existsSync(fileName)) {
+      res.status(404).json({ apiErrorMessage: 'File not found' });
+      return;
+    }
+
+    // Dereference symlinks and normalize case (Windows) before the allow-list check.
+    // realpathSync is safe here because existsSync confirmed the file is present.
+    // path.resolve() alone cannot dereference symlinks, so a symlink inside an allowed
+    // root could otherwise point to an arbitrary external path.
+    const normalize = p => (process.platform === 'win32' ? p.toLowerCase() : p);
+    const resolveRoot = r => { try { return fs.realpathSync(r); } catch { return path.resolve(r); } };
+
+    let realFile;
+    try {
+      realFile = fs.realpathSync(fileName);
+    } catch {
+      res.status(403).json({ apiErrorMessage: 'Forbidden path' });
+      return;
+    }
+
+    const allowedRoots = [jsldir(), archivedir()].map(r => normalize(resolveRoot(r)) + path.sep);
+    const isAllowed = allowedRoots.some(root => normalize(realFile).startsWith(root));
+    if (!isAllowed) {
+      logger.warn({ jslid, realFile }, 'DBGM-00000 streamRows rejected path outside allowed roots');
+      res.status(403).json({ apiErrorMessage: 'Forbidden path' });
+      return;
+    }
+    res.setHeader('Content-Type', 'application/x-ndjson');
+    res.setHeader('Cache-Control', 'no-cache');
+    const stream = fs.createReadStream(realFile, 'utf-8');
+
+    req.on('close', () => {
+      stream.destroy();
+    });
+
+    stream.on('error', err => {
+      logger.error(extractErrorLogData(err), 'DBGM-00000 Error streaming JSONL file');
+      if (!res.headersSent) {
+        res.status(500).json({ apiErrorMessage: 'Stream error' });
+      } else {
+        res.end();
+      }
+    });
+
+    stream.pipe(res);
+  },
+
   getStats_meta: true,
   getStats({ jslid }) {
     const file = `${getJslFileName(jslid)}.stats`;

package/src/controllers/queryHistory.js

@@ -33,19 +33,35 @@ function readCore(reader, skip, limit, filter) {
   });
 }
 
-module.exports = {
-  read_meta: true,
-  async read({ skip, limit, filter }) {
+function readJsonl({ skip, limit, filter }) {
+  return new Promise(async (resolve, reject) => {
     const fileName = path.join(datadir(), 'query-history.jsonl');
     // @ts-ignore
-    if (!(await fs.exists(fileName))) return [];
+    if (!(await fs.exists(fileName))) return resolve([]);
     const reader = fsReverse(fileName);
     const res = await readCore(reader, skip, limit, filter);
-    return res;
+    resolve(res);
+  });
+}
+
+module.exports = {
+  read_meta: true,
+  async read({ skip, limit, filter }, req) {
+    const storage = require('./storage');
+    const storageResult = await storage.readQueryHistory({ skip, limit, filter }, req);
+    if (storageResult) return storageResult;
+    return readJsonl({ skip, limit, filter });
   },
 
   write_meta: true,
-  async write({ data }) {
+  async write({ data }, req) {
+    const storage = require('./storage');
+    const written = await storage.writeQueryHistory({ data }, req);
+    if (written) {
+      socket.emit('query-history-changed');
+      return 'OK';
+    }
+
     const fileName = path.join(datadir(), 'query-history.jsonl');
     await fs.appendFile(fileName, JSON.stringify(data) + '\n');
     socket.emit('query-history-changed');

package/src/controllers/runners.js

@@ -196,6 +196,27 @@ module.exports = {
       // @ts-ignore
       const { msgtype } = message;
       if (handleProcessCommunication(message, subprocess)) return;
+      if (msgtype === 'get-volatile-connection') {
+        const connections = require('./connections');
+        // @ts-ignore
+        const conid = message.conid;
+        if (!conid || typeof conid !== 'string') return;
+        const trySend = payload => {
+          if (!subprocess.connected) return;
+          try {
+            subprocess.send(payload);
+          } catch {
+            // child disconnected between the check and the send — ignore
+          }
+        };
+        connections.getCore({ conid }).then(conn => {
+          trySend({ msgtype: 'volatile-connection-response', conid, conn: conn?.unsaved ? conn : null });
+        }).catch(err => {
+          logger.error({ ...extractErrorLogData(err), conid }, 'DBGM-00000 Error resolving volatile connection for child process');
+          trySend({ msgtype: 'volatile-connection-response', conid, conn: null });
+        });
+        return;
+      }
       this[`handle_${msgtype}`](runid, message);
     });
     return _.pick(newOpened, ['runid']);

package/src/currentVersion.js

@@ -1,5 +1,5 @@
 
 module.exports = { 
-  version: '7.1.5',
-  buildTime: '2026-03-25T15:24:06.958Z'
+  version: '7.1.8-alpha.7',
+  buildTime: '2026-04-09T13:28:37.511Z'
 };

package/src/shell/runScript.js

@@ -7,6 +7,7 @@ async function runScript(func) {
   if (processArgs.checkParent) {
     childProcessChecker();
   }
+
   try {
     await func();
     process.exit(0);

package/src/storageModel.js

@@ -874,6 +874,114 @@ module.exports = {
         }
       ]
     },
+    {
+      "pureName": "query_history",
+      "columns": [
+        {
+          "pureName": "query_history",
+          "columnName": "id",
+          "dataType": "int",
+          "autoIncrement": true,
+          "notNull": true
+        },
+        {
+          "pureName": "query_history",
+          "columnName": "created",
+          "dataType": "bigint",
+          "notNull": true
+        },
+        {
+          "pureName": "query_history",
+          "columnName": "user_id",
+          "dataType": "int",
+          "notNull": false
+        },
+        {
+          "pureName": "query_history",
+          "columnName": "role_id",
+          "dataType": "int",
+          "notNull": false
+        },
+        {
+          "pureName": "query_history",
+          "columnName": "sql",
+          "dataType": "text",
+          "notNull": false
+        },
+        {
+          "pureName": "query_history",
+          "columnName": "conid",
+          "dataType": "varchar(100)",
+          "notNull": false
+        },
+        {
+          "pureName": "query_history",
+          "columnName": "database",
+          "dataType": "varchar(200)",
+          "notNull": false
+        }
+      ],
+      "foreignKeys": [
+        {
+          "constraintType": "foreignKey",
+          "constraintName": "FK_query_history_user_id",
+          "pureName": "query_history",
+          "refTableName": "users",
+          "deleteAction": "CASCADE",
+          "columns": [
+            {
+              "columnName": "user_id",
+              "refColumnName": "id"
+            }
+          ]
+        },
+        {
+          "constraintType": "foreignKey",
+          "constraintName": "FK_query_history_role_id",
+          "pureName": "query_history",
+          "refTableName": "roles",
+          "deleteAction": "CASCADE",
+          "columns": [
+            {
+              "columnName": "role_id",
+              "refColumnName": "id"
+            }
+          ]
+        }
+      ],
+      "indexes": [
+        {
+          "constraintName": "idx_query_history_user_id",
+          "pureName": "query_history",
+          "constraintType": "index",
+          "columns": [
+            {
+              "columnName": "user_id"
+            }
+          ]
+        },
+        {
+          "constraintName": "idx_query_history_role_id",
+          "pureName": "query_history",
+          "constraintType": "index",
+          "columns": [
+            {
+              "columnName": "role_id"
+            }
+          ]
+        }
+      ],
+      "primaryKey": {
+        "pureName": "query_history",
+        "constraintType": "primaryKey",
+        "constraintName": "PK_query_history",
+        "columns": [
+          {
+            "columnName": "id"
+          }
+        ]
+      }
+    },
     {
       "pureName": "roles",
       "columns": [