mbkauthe 4.8.4 → 5.0.0

package/lib/config/cookies.js

@@ -14,6 +14,60 @@ const getEncryptionKey = () => {
     return crypto.createHash('sha256').update(COOKIE_ENCRYPTION_KEY).digest();
 };
 
+const getSigningKey = () => {
+    return crypto.createHash('sha256').update(`${COOKIE_ENCRYPTION_KEY}:cookie-signing`).digest();
+};
+
+const encodePayload = (data) => {
+    return Buffer.from(JSON.stringify(data), 'utf8').toString('base64url');
+};
+
+const decodePayload = (encoded) => {
+    return JSON.parse(Buffer.from(encoded, 'base64url').toString('utf8'));
+};
+
+const signCookiePayload = (encodedPayload) => {
+    return crypto.createHmac('sha256', getSigningKey()).update(encodedPayload).digest('hex');
+};
+
+const verifyCookieSignature = (encodedPayload, signature) => {
+    if (!encodedPayload || !signature || typeof encodedPayload !== 'string' || typeof signature !== 'string') {
+        return false;
+    }
+
+    const expected = signCookiePayload(encodedPayload);
+    const expectedBuffer = Buffer.from(expected, 'hex');
+    const actualBuffer = Buffer.from(signature, 'hex');
+
+    return expectedBuffer.length === actualBuffer.length && crypto.timingSafeEqual(expectedBuffer, actualBuffer);
+};
+
+const createSignedCookiePayload = (data) => {
+    try {
+        const payload = encodePayload(data);
+        return {
+            payload,
+            signature: signCookiePayload(payload)
+        };
+    } catch (error) {
+        console.error(`[mbkauthe] Cookie signing error:`, error);
+        return null;
+    }
+};
+
+const parseSignedCookiePayload = (signedPayload) => {
+    try {
+        if (!signedPayload || !verifyCookieSignature(signedPayload.payload, signedPayload.signature)) {
+            return null;
+        }
+
+        return decodePayload(signedPayload.payload);
+    } catch (error) {
+        console.error(`[mbkauthe] Cookie signature verification error:`, error);
+        return null;
+    }
+};
+
 // Encrypt and sign cookie payload
 const encryptCookiePayload = (data) => {
     try {
@@ -160,33 +214,46 @@ export { getCookieOptions, getClearCookieOptions };
 const parseAccountList = (raw, req) => {
     if (!raw) return [];
     try {
-        // First, decrypt the cookie payload
         const parsed = JSON.parse(raw);
-        const decrypted = decryptCookiePayload(parsed);
+        let data = parseSignedCookiePayload(parsed);
+        let isLegacyEncryptedCookie = false;
+
+        // Backward compatibility for previously encrypted account-list cookies.
+        if (!data && parsed.iv && parsed.authTag && parsed.data) {
+            data = decryptCookiePayload(parsed);
+            isLegacyEncryptedCookie = true;
+        }
 
-        if (!decrypted || !decrypted.accounts || !decrypted.fingerprint) {
+        if (!data || !data.accounts || !data.fingerprint) {
             return [];
         }
 
         // Verify fingerprint matches current request
         const currentFingerprint = generateFingerprint(req);
-        if (decrypted.fingerprint !== currentFingerprint) {
+        if (data.fingerprint !== currentFingerprint) {
             console.warn(`[mbkauthe] Cookie fingerprint mismatch - possible cookie theft attempt`);
             return [];
         }
 
-        const accounts = decrypted.accounts;
+        const accounts = data.accounts;
         if (!Array.isArray(accounts)) return [];
 
         // Accept only minimal safe fields
         return accounts
             .filter(item => item && typeof item === 'object')
-            .map(item => ({
-                sessionId: typeof item.sessionId === 'string' ? item.sessionId : null,
-                username: typeof item.username === 'string' ? item.username : null,
-                fullName: typeof item.fullName === 'string' ? item.fullName : null,
-                image: typeof item.image === 'string' ? item.image : null
-            }))
+            .map(item => {
+                const rawSessionId = typeof item.sessionId === 'string' ? item.sessionId : null;
+                const sessionId = isLegacyEncryptedCookie
+                    ? rawSessionId
+                    : decryptSessionId(rawSessionId);
+
+                return {
+                    sessionId,
+                    username: typeof item.username === 'string' ? item.username : null,
+                    fullName: typeof item.fullName === 'string' ? item.fullName : null,
+                    image: typeof item.image === 'string' ? item.image : null
+                };
+            })
             .filter(item => item.sessionId && item.username)
             .slice(0, MAX_REMEMBERED_ACCOUNTS);
     } catch (error) {
@@ -200,7 +267,7 @@ const writeAccountList = (res, list, req) => {
 
     // Clean and limit fields to safe values (limit image URL length)
     const cleaned = sanitized.map(item => ({
-        sessionId: item && item.sessionId ? item.sessionId : null,
+        sessionId: item && item.sessionId ? encryptSessionId(item.sessionId) : null,
         username: item && item.username ? item.username : null,
         fullName: item && item.fullName ? item.fullName : null,
         image: (item && typeof item.image === 'string' && item.image.length <= 2048) ? item.image : null
@@ -212,14 +279,13 @@ const writeAccountList = (res, list, req) => {
         fingerprint: generateFingerprint(req)
     };
 
-    // Encrypt the payload
-    const encrypted = encryptCookiePayload(payload);
-    if (!encrypted) {
-        console.error(`[mbkauthe] Failed to encrypt account list cookie`);
+    const signed = createSignedCookiePayload(payload);
+    if (!signed) {
+        console.error(`[mbkauthe] Failed to sign account list cookie`);
         return;
     }
 
-    res.cookie(ACCOUNT_LIST_COOKIE, JSON.stringify(encrypted), cachedCookieOptions);
+    res.cookie(ACCOUNT_LIST_COOKIE, JSON.stringify(signed), cachedCookieOptions);
 };
 
 export const readAccountListFromCookie = (req) => {
@@ -243,4 +309,4 @@ export const removeAccountFromCookie = (req, res, sessionId) => {
 
 export const clearAccountListCookie = (res) => {
     res.clearCookie(ACCOUNT_LIST_COOKIE, cachedClearCookieOptions);
-};
+};

package/lib/config/index.js

@@ -1,7 +1,9 @@
 import dotenv from "dotenv";
 import { createRequire } from "module";
+import { createLogger } from "../utils/logger.js";
 
 dotenv.config();
+const logConfig = createLogger("config");
 
 // Comprehensive validation function
 function validateConfiguration() {
@@ -215,7 +217,7 @@ function validateConfiguration() {
         configParts.push(`defaults: ${usedDefaults.length} keys`);
     }
     const configSummary = configParts.length > 0 ? ` (${configParts.join(', ')})` : '';
-    console.log(`[mbkauthe] Configuration loaded${configSummary}`);
+    logConfig(`Configuration loaded${configSummary}`);
     return mbkautheVar;
 }
 

package/lib/config/tokenScopes.js

@@ -56,4 +56,4 @@ export function getAvailableScopes() {
     name: value.name,
     description: value.description
   }));
-}
+}

package/lib/createTable.js

@@ -2,33 +2,120 @@
 import { readFile } from "fs/promises";
 import path from "path";
 import { fileURLToPath } from "url";
+import { performance } from "perf_hooks";
 
 const __filename = fileURLToPath(import.meta.url);
 const __dirname = path.dirname(__filename);
 
 async function main() {
+  const startTime = performance.now();
+
+  console.log("[mbkauthe] Starting schema creation...");
+
   const schemaPath = path.resolve(__dirname, "../docs/db.sql");
+
+  console.log(`[mbkauthe] Schema file: ${schemaPath}`);
+
   const schemaSql = await readFile(schemaPath, "utf8");
 
+  console.log(
+    `[mbkauthe] Schema loaded (${Buffer.byteLength(schemaSql, "utf8")} bytes)`
+  );
+
+  const statementCount = schemaSql
+    .split(";")
+    .map(s => s.trim())
+    .filter(Boolean).length;
+
+  console.log(
+    `[mbkauthe] Detected approximately ${statementCount} SQL statements`
+  );
+
   try {
+    console.log("[mbkauthe] Testing database connection...");
+
+    const ping = await dblogin.query("SELECT version()");
+
+    console.log(
+      `[mbkauthe] Connected to PostgreSQL`
+    );
+
+    console.log(
+      `[mbkauthe] PostgreSQL version: ${ping.rows[0].version}`
+    );
+
+    console.log("[mbkauthe] Applying schema...");
+
+    const queryStart = performance.now();
+
     const res = await dblogin.query(schemaSql);
-    console.log(`[mbkauthe] Schema applied successfully.`);
+
+    const queryDuration = (
+      performance.now() - queryStart
+    ).toFixed(2);
+
+    console.log(
+      `[mbkauthe] Schema applied successfully in ${queryDuration} ms`
+    );
+
+    console.log(
+      `[mbkauthe] Command: ${res.command ?? "MULTI"}`
+    );
+
+    console.log(
+      `[mbkauthe] Row count: ${res.rowCount ?? 0}`
+    );
+
     if (res?.rows?.length) {
-      console.log(`[mbkauthe] Rows returned by schema query:`, res.rows);
-    } else {
-      console.log(`[mbkauthe] No rows returned by schema query (expected). If you want to verify table creation, query the database separately.`);
+      console.log(
+        `[mbkauthe] Returned rows: ${res.rows.length}`
+      );
     }
+
   } catch (err) {
     const IGNORE_CODES = ["42710", "42P07"];
-    if (err && typeof err.code === "string" && IGNORE_CODES.includes(err.code)) {
-      console.warn(`[mbkauthe] Schema already exists (ignored):`, err.message);
+
+    if (
+      err &&
+      typeof err.code === "string" &&
+      IGNORE_CODES.includes(err.code)
+    ) {
+      console.warn(
+        `[mbkauthe] Schema object already exists (ignored)`
+      );
+
+      console.warn(`Code: ${err.code}`);
+      console.warn(`Message: ${err.message}`);
     } else {
-      console.error(`[mbkauthe] Failed to apply schema:`, err);
+      console.error(
+        `[mbkauthe] Failed to apply schema`
+      );
+
+      console.error("Code:", err.code);
+      console.error("Severity:", err.severity);
+      console.error("Position:", err.position);
+      console.error("Table:", err.table);
+      console.error("Column:", err.column);
+      console.error("Constraint:", err.constraint);
+      console.error("Detail:", err.detail);
+      console.error("Hint:", err.hint);
+      console.error("Message:", err.message);
+
       process.exitCode = 1;
     }
   } finally {
+    console.log("[mbkauthe] Closing database connection...");
+
     await dblogin.end();
+
+    const totalDuration = (
+      performance.now() - startTime
+    ).toFixed(2);
+
+    console.log(
+      `[mbkauthe] Finished in ${totalDuration} ms`
+    );
   }
 }
 
-main();
+main();

package/lib/db/AuthRepository.js

@@ -0,0 +1,336 @@
+import { BaseRepository } from "./BaseRepository.js";
+
+const OAUTH_PROVIDERS = {
+  github: {
+    table: "user_github",
+    idColumn: "github_id",
+    queryName: "github-login-get-user"
+  },
+  google: {
+    table: "user_google",
+    idColumn: "google_id",
+    queryName: "google-login-get-user"
+  }
+};
+
+export class AuthRepository extends BaseRepository {
+  buildSessionUserSelect({ includeProfile = false, includeTwoFA = false } = {}) {
+    const fields = [
+      `s.id as sid`,
+      `s.expires_at`,
+      `u.id as uid`,
+      `u."UserName"`,
+      `u."Active"`,
+      `u."Role"`,
+      `u."AllowedApps"`
+    ];
+
+    if (includeProfile) {
+      fields.push(`u."FullName"`, `u."Image"`);
+    }
+
+    if (includeTwoFA) {
+      fields.push(`tfa."TwoFAStatus"`);
+    }
+
+    return fields.join(", ");
+  }
+
+  resolveOAuthProvider(provider) {
+    const key = String(provider || "").toLowerCase();
+    const config = OAUTH_PROVIDERS[key];
+    if (!config) {
+      throw new Error(`Unsupported OAuth provider: ${provider}`);
+    }
+    return config;
+  }
+
+  async fetchActiveSession(sessionId) {
+    const query = `SELECT ${this.buildSessionUserSelect({ includeProfile: true })}
+                 FROM "Sessions" s
+                 JOIN "Users" u ON s."UserName" = u."UserName"
+                 WHERE s.id = $1 LIMIT 1`;
+    const result = await this.executeRaw({ name: "multi-session-fetch", text: query, values: [sessionId] });
+    return result.rows?.[0] || null;
+  }
+
+  async deleteAppSessionById(sessionId, queryName = "invalidate-app-session") {
+    const query = `DELETE FROM "Sessions" WHERE id = $1`;
+    return this.executeRaw({ name: queryName, text: query, values: [sessionId] });
+  }
+
+  async deleteSessionBySid(sessionId, queryName = "login-delete-old-session-before-regen") {
+    const query = `DELETE FROM "session" WHERE sid = $1`;
+    return this.executeRaw({ name: queryName, text: query, values: [sessionId] });
+  }
+
+  async getSessionsWithUsersByIds(sessionIds, queryName = "multi-session-fetch-many") {
+    if (!Array.isArray(sessionIds) || sessionIds.length === 0) return [];
+
+    const query = `SELECT ${this.buildSessionUserSelect({ includeProfile: true })}
+                 FROM "Sessions" s
+                 JOIN "Users" u ON s."UserName" = u."UserName"
+                 WHERE s.id = ANY($1)`;
+    const result = await this.executeRaw({ name: queryName, text: query, values: [sessionIds] });
+    return result.rows || [];
+  }
+
+  async touchTrustedDevice(deviceTokenHash, username) {
+    const query = `
+      UPDATE "TrustedDevices" td
+      SET "LastUsed" = NOW()
+      FROM "Users" u
+      WHERE td."DeviceToken" = $1
+        AND td."UserName" = $2
+        AND td."ExpiresAt" > NOW()
+        AND u."UserName" = td."UserName"
+        AND u."Active" = TRUE
+      RETURNING td."UserName", td."ExpiresAt", u."id" as id, u."Active", u."Role", u."AllowedApps"
+    `;
+
+    const result = await this.executeRaw({
+      name: "check-trusted-device",
+      text: query,
+      values: [deviceTokenHash, username]
+    });
+    return result.rows?.[0] || null;
+  }
+
+  async cleanupAndCountUserSessions(username, queryName = "cleanup-and-count-user-sessions") {
+    const query = `
+          WITH deleted AS (
+            DELETE FROM "Sessions"
+            WHERE "UserName" = $1
+              AND expires_at IS NOT NULL
+              AND expires_at <= NOW()
+          )
+          SELECT COUNT(*)::int AS count
+          FROM "Sessions"
+          WHERE "UserName" = $1
+        `;
+
+    const result = await this.executeRaw({ name: queryName, text: query, values: [username] });
+    return Number(result.rows?.[0]?.count ?? 0);
+  }
+
+  async deleteOldestSessionsForUser(username, limit, queryName = "prune-oldest-user-session") {
+    if (!Number.isFinite(limit) || limit <= 0) return 0;
+    const query = `DELETE FROM "Sessions" WHERE id IN (SELECT id FROM "Sessions" WHERE "UserName" = $1 ORDER BY created_at ASC LIMIT $2)`;
+    const result = await this.executeRaw({ name: queryName, text: query, values: [username, limit] });
+    return result.rowCount || 0;
+  }
+
+  async deleteExpiredSessionsForUser(username) {
+    const query = this.sql`
+      DELETE FROM ${this.table("Sessions")}
+      WHERE ${this.ident("UserName")} = ${this.value(username)}
+        AND ${this.ident("expires_at")} IS NOT NULL
+        AND ${this.ident("expires_at")} <= ${this.now()}
+    `;
+
+    const result = await this.execute("cleanup-expired-user-sessions", query);
+    return result.rowCount || 0;
+  }
+
+  async countActiveSessionsForUser(username) {
+    const columns = this.columns([`COUNT(*) AS ${this.quoteIdentifier("count")}`]);
+    const query = this.sql`
+      SELECT ${columns}
+      FROM ${this.table("Sessions")}
+      WHERE ${this.ident("UserName")} = ${this.value(username)}
+    `;
+    const result = await this.execute("count-user-sessions", query);
+    return Number(result.rows?.[0]?.count ?? 0);
+  }
+
+  async getOldestSessionIds(username, limit) {
+    if (!Number.isFinite(limit) || limit <= 0) return [];
+
+    const query = this.sql`
+      SELECT ${this.column("id")}
+      FROM ${this.table("Sessions")}
+      WHERE ${this.ident("UserName")} = ${this.value(username)}
+      ORDER BY ${this.ident("created_at")} ASC
+      ${this.limit(limit)}
+    `;
+
+    const result = await this.execute("oldest-user-sessions", query);
+    return (result.rows || []).map((row) => row.id).filter(Boolean);
+  }
+
+  async insertAppSession(username, expiresAt, meta) {
+    const query = `INSERT INTO "Sessions" ("UserName", expires_at, meta) VALUES ($1, $2, $3) RETURNING id`;
+    const result = await this.executeRaw({
+      name: "insert-app-session",
+      text: query,
+      values: [username, expiresAt, meta]
+    });
+    return result.rows?.[0] || null;
+  }
+
+  async updateLastLoginReturnProfile(userId) {
+    const query = `UPDATE "Users" SET "last_login" = NOW() WHERE "id" = $1 RETURNING "FullName", "Image"`;
+    const result = await this.executeRaw({
+      name: "login-update-last-login-return-profile",
+      text: query,
+      values: [userId]
+    });
+    return result.rows?.[0] || null;
+  }
+
+  async getUserProfileByUsername(username, queryName = "login-get-fullname-and-image") {
+    const query = `SELECT "FullName", "Image" FROM "Users" WHERE "UserName" = $1 LIMIT 1`;
+    const result = await this.executeRaw({ name: queryName, text: query, values: [username] });
+    return result.rows?.[0] || null;
+  }
+
+  async insertTrustedDevice({ username, deviceTokenHash, deviceName, userAgent, ipAddress, expiresAt }) {
+    const query = `INSERT INTO "TrustedDevices" ("UserName", "DeviceToken", "DeviceName", "UserAgent", "IpAddress", "ExpiresAt") 
+                   VALUES ($1, $2, $3, $4, $5, $6)`;
+    return this.executeRaw({
+      name: "insert-trusted-device",
+      text: query,
+      values: [username, deviceTokenHash, deviceName, userAgent, ipAddress, expiresAt]
+    });
+  }
+
+  async getUserWithTwoFA(username, queryName = "login-get-user") {
+    const query = `
+      SELECT u.id, u."UserName", u."PasswordEnc", u."Active", u."Role", u."AllowedApps",
+             tfa."TwoFAStatus", u."FullName", u."Image"
+      FROM "Users" u
+      LEFT JOIN "TwoFA" tfa ON u."UserName" = tfa."UserName"
+      WHERE u."UserName" = $1
+    `;
+
+    const result = await this.executeRaw({ name: queryName, text: query, values: [username] });
+    return result.rows?.[0] || null;
+  }
+
+  async getTwoFASecret(username) {
+    const query = `SELECT tfa."TwoFASecret" FROM "TwoFA" tfa WHERE tfa."UserName" = $1`;
+    const result = await this.executeRaw({ name: "verify-2fa-secret", text: query, values: [username] });
+    return result.rows?.[0] || null;
+  }
+
+  async deleteSessionsByIds(ids, queryName = "delete-sessions-by-ids") {
+    if (!Array.isArray(ids) || ids.length === 0) return 0;
+    const query = `DELETE FROM "Sessions" WHERE id = ANY($1)`;
+    const result = await this.executeRaw({ name: queryName, text: query, values: [ids] });
+    return result.rowCount || 0;
+  }
+
+  async getOAuthUserByProviderId(provider, providerId) {
+    const { table, idColumn, queryName } = this.resolveOAuthProvider(provider);
+    const query = `SELECT ug.*, u."UserName", u."Role", u."Active", u."AllowedApps", u."id", tfa."TwoFAStatus"
+                   FROM ${table} ug
+                   JOIN "Users" u ON ug.user_name = u."UserName"
+                   LEFT JOIN "TwoFA" tfa ON u."UserName" = tfa."UserName"
+                   WHERE ug.${idColumn} = $1`;
+    const result = await this.executeRaw({ name: queryName, text: query, values: [providerId] });
+    return result.rows?.[0] || null;
+  }
+
+  async getApiTokenByHash(tokenHash, queryName = "validate-api-token") {
+    const query = `
+      SELECT t.id, t."UserName", t."ExpiresAt", t."Permissions",
+             u.id as uid, u."Active", u."Role", u."AllowedApps" as user_allowed_apps, u."FullName"
+      FROM "ApiTokens" t
+      JOIN "Users" u ON t."UserName" = u."UserName"
+      WHERE t."TokenHash" = $1 LIMIT 1
+    `;
+
+    const result = await this.executeRaw({ name: queryName, text: query, values: [tokenHash] });
+    return result.rows?.[0] || null;
+  }
+
+  async updateApiTokenLastUsed(tokenId, queryName = null, minIntervalMinutes = 15) {
+    const query = `
+      UPDATE "ApiTokens"
+      SET "LastUsed" = NOW()
+      WHERE id = $1
+        AND (
+          "LastUsed" IS NULL
+          OR "LastUsed" < NOW() - ($2::int * INTERVAL '1 minute')
+        )
+    `;
+    const values = [tokenId, minIntervalMinutes];
+    if (queryName) {
+      return this.executeRaw({ name: queryName, text: query, values });
+    }
+    return this.executeRaw({ text: query, values });
+  }
+
+  async getSessionAuthData(sessionId, queryName = "validate-app-session") {
+    const query = `
+  SELECT s.expires_at, u."Active", u."Role", u."AllowedApps", u."UserName"
+  FROM "Sessions" s
+  JOIN "Users" u ON s."UserName" = u."UserName"
+  WHERE s.id = $1
+  LIMIT 1
+`;
+
+    const result = await this.executeRaw({ name: queryName, text: query, values: [sessionId] });
+    return result.rows?.[0] || null;
+  }
+
+  async getSessionWithUserById(sessionId, queryName = "restore-user-session") {
+    const query = `SELECT ${this.buildSessionUserSelect({ includeProfile: true })}
+                     FROM "Sessions" s
+                     JOIN "Users" u ON s."UserName" = u."UserName"
+                     WHERE s.id = $1 LIMIT 1`;
+    const result = await this.executeRaw({ name: queryName, text: query, values: [sessionId] });
+    return result.rows?.[0] || null;
+  }
+
+  async getSessionWithUserForReload(sessionId, queryName = "reload-session-user") {
+    return this.getSessionWithUserById(sessionId, queryName);
+  }
+
+  async getSessionValidationRow(sessionId, queryName = "check-session-validity-by-id") {
+    const query = `SELECT s.expires_at, u."Active", u."UserName", u."Role" FROM "Sessions" s JOIN "Users" u ON s."UserName" = u."UserName" WHERE s.id = $1 LIMIT 1`;
+    const result = await this.executeRaw({ name: queryName, text: query, values: [sessionId] });
+    return result.rows?.[0] || null;
+  }
+
+  async getUserFullNameByUsername(username, queryName = "get-fullname-by-username") {
+    const query = `SELECT "FullName" FROM "Users" WHERE "UserName" = $1 LIMIT 1`;
+    const result = await this.executeRaw({ name: queryName, text: query, values: [username] });
+    return result.rows?.[0] || null;
+  }
+
+  async getUserImageByUsername(username, queryName = "get-user-profile-pic") {
+    const query = `SELECT "Image" FROM "Users" WHERE "UserName" = $1 LIMIT 1`;
+    const result = await this.executeRaw({ name: queryName, text: query, values: [username] });
+    return result.rows?.[0] || null;
+  }
+
+  async getSessionValidity(sessionId, sessionStoreSid, queryName = "check-session-validity") {
+    const query = `
+        SELECT
+          s.expires_at,
+          u."Active",
+          CASE
+            WHEN s.expires_at IS NULL THEN (SELECT expire FROM "session" WHERE sid = $2)
+            ELSE NULL
+          END AS connect_expire
+        FROM "Sessions" s
+        JOIN "Users" u ON s."UserName" = u."UserName"
+        WHERE s.id = $1
+        LIMIT 1
+      `;
+
+    const result = await this.executeRaw({ name: queryName, text: query, values: [sessionId, sessionStoreSid] });
+    return result.rows?.[0] || null;
+  }
+
+  async deleteAllAppSessions(queryName = "delete-all-app-sessions") {
+    const query = `DELETE FROM "Sessions"`;
+    return this.executeRaw({ name: queryName, text: query, values: [] });
+  }
+
+  async deleteActiveSessionStoreRows(queryName = "delete-active-session-store-rows") {
+    const query = `DELETE FROM "session" WHERE expire > NOW()`;
+    return this.executeRaw({ name: queryName, text: query, values: [] });
+  }
+}