pg 7.8.1 → 7.11.0

package/CHANGELOG.md

@@ -4,6 +4,16 @@ For richer information consult the commit log on github with referenced pull req
 
 We do not include break-fix version release in this file.
 
+### 7.11.0
+- Add support for [connection_timeout](https://github.com/brianc/node-postgres/pull/1847/files#diff-5391bde944956870128be1136e7bc176R63) and [keepalives_idle](https://github.com/brianc/node-postgres/pull/1847).
+
+### 7.10.0
+- Add support for [per-query types](https://github.com/brianc/node-postgres/pull/1825).
+
+### 7.9.0
+
+- Add support for [sasl/scram authentication](https://github.com/brianc/node-postgres/pull/1835).
+
 ### 7.8.0
 
 - Add support for passing [secureOptions](https://github.com/brianc/node-postgres/pull/1804) SSL config.

package/README.md

@@ -67,7 +67,7 @@ The causes and solutions to common errors can be found among the [Frequently Ask
 
 ## License
 
-Copyright (c) 2010-2018 Brian Carlson (brian.m.carlson@gmail.com)
+Copyright (c) 2010-2019 Brian Carlson (brian.m.carlson@gmail.com)
 
  Permission is hereby granted, free of charge, to any person obtaining a copy
  of this software and associated documentation files (the "Software"), to deal

package/SPONSORS.md

@@ -2,6 +2,7 @@ node-postgres is made possible by the helpful contributors from the community we
 
 # Leaders
 - [MadKudu](https://www.madkudu.com) - [@madkudu](https://twitter.com/madkudu)
+- [Third Iron](https://thirdiron.com/)
 
 # Supporters
 - John Fawcett

package/lib/client.js

@@ -10,6 +10,7 @@
 var EventEmitter = require('events').EventEmitter
 var util = require('util')
 var utils = require('./utils')
+var sasl = require('./sasl')
 var pgPass = require('pgpass')
 var TypeOverrides = require('./type-overrides')
 
@@ -43,6 +44,7 @@ var Client = function (config) {
     stream: c.stream,
     ssl: this.connectionParameters.ssl,
     keepAlive: c.keepAlive || false,
+    keepAliveInitialDelayMillis: c.keepAliveInitialDelayMillis || 0,
     encoding: this.connectionParameters.client_encoding || 'utf8'
   })
   this.queryQueue = []
@@ -50,6 +52,7 @@ var Client = function (config) {
   this.processID = null
   this.secretKey = null
   this.ssl = this.connectionParameters.ssl || false
+  this._connectionTimeoutMillis = c.connectionTimeoutMillis || 0
 }
 
 util.inherits(Client, EventEmitter)
@@ -82,6 +85,14 @@ Client.prototype._connect = function (callback) {
   }
   this._connecting = true
 
+  var connectionTimeoutHandle
+  if (this._connectionTimeoutMillis > 0) {
+    connectionTimeoutHandle = setTimeout(() => {
+      con._ending = true
+      con.stream.destroy(new Error('timeout expired'))
+    }, this._connectionTimeoutMillis)
+  }
+
   if (this.host && this.host.indexOf('/') === 0) {
     con.connect(this.host + '/.s.PGSQL.' + this.port)
   } else {
@@ -126,6 +137,28 @@ Client.prototype._connect = function (callback) {
     con.password(utils.postgresMd5PasswordHash(self.user, self.password, msg.salt))
   }))
 
+  // password request handling (SASL)
+  var saslSession
+  con.on('authenticationSASL', checkPgPass(function (msg) {
+    saslSession = sasl.startSession(msg.mechanisms)
+
+    con.sendSASLInitialResponseMessage(saslSession.mechanism, saslSession.response)
+  }))
+
+  // password request handling (SASL)
+  con.on('authenticationSASLContinue', function (msg) {
+    sasl.continueSession(saslSession, self.password, msg.data)
+
+    con.sendSCRAMClientFinalMessage(saslSession.response)
+  })
+
+  // password request handling (SASL)
+  con.on('authenticationSASLFinal', function (msg) {
+    sasl.finalizeSession(saslSession, msg.data)
+
+    saslSession = null
+  })
+
   con.once('backendKeyData', function (msg) {
     self.processID = msg.processID
     self.secretKey = msg.secretKey
@@ -136,6 +169,7 @@ Client.prototype._connect = function (callback) {
       return
     }
     this._connectionError = true
+    clearTimeout(connectionTimeoutHandle)
     if (callback) {
       return callback(err)
     }
@@ -173,6 +207,7 @@ Client.prototype._connect = function (callback) {
     con.removeListener('errorMessage', connectingErrorHandler)
     con.on('error', connectedErrorHandler)
     con.on('errorMessage', connectedErrorMessageHandler)
+    clearTimeout(connectionTimeoutHandle)
 
     // process possible callback argument to Client#connect
     if (callback) {
@@ -276,7 +311,7 @@ Client.prototype._attachListeners = function (con) {
   // it again on the same client
   con.on('parseComplete', function (msg) {
     if (self.activeQuery.name) {
-      con.parsedStatements[self.activeQuery.name] = true
+      con.parsedStatements[self.activeQuery.name] = self.activeQuery.text
     }
   })
 
@@ -455,8 +490,9 @@ Client.prototype.query = function (config, values, callback) {
   if (this.binary && !query.binary) {
     query.binary = true
   }
-  if (query._result) {
-    query._result._getTypeParser = this._types.getTypeParser.bind(this._types)
+
+  if (query._result && !query._result._types) {
+    query._result._types = this._types
   }
 
   if (!this._queryable) {

package/lib/connection-parameters.js

@@ -66,6 +66,22 @@ var ConnectionParameters = function (config) {
   this.fallback_application_name = val('fallback_application_name', config, false)
   this.statement_timeout = val('statement_timeout', config, false)
   this.query_timeout = val('query_timeout', config, false)
+
+  if (config.connectionTimeoutMillis === undefined) {
+    this.connect_timeout = process.env.PGCONNECT_TIMEOUT || 0
+  } else {
+    this.connect_timeout = Math.floor(config.connectionTimeoutMillis / 1000)
+  }
+
+  if (config.keepAlive === false) {
+    this.keepalives = 0
+  } else if (config.keepAlive === true) {
+    this.keepalives = 1
+  }
+
+  if (typeof config.keepAliveInitialDelayMillis === 'number') {
+    this.keepalives_idle = Math.floor(config.keepAliveInitialDelayMillis / 1000)
+  }
 }
 
 // Convert arg to a string, surround in single quotes, and escape single quotes and backslashes
@@ -75,7 +91,7 @@ var quoteParamValue = function (value) {
 
 var add = function (params, config, paramName) {
   var value = config[paramName]
-  if (value) {
+  if (value !== undefined && value !== null) {
     params.push(paramName + '=' + quoteParamValue(value))
   }
 }
@@ -87,8 +103,9 @@ ConnectionParameters.prototype.getLibpqConnectionString = function (cb) {
   add(params, this, 'port')
   add(params, this, 'application_name')
   add(params, this, 'fallback_application_name')
+  add(params, this, 'connect_timeout')
 
-  var ssl = typeof this.ssl === 'object' ? this.ssl : { sslmode: this.ssl }
+  var ssl = typeof this.ssl === 'object' ? this.ssl : this.ssl ? { sslmode: this.ssl } : {}
   add(params, ssl, 'sslmode')
   add(params, ssl, 'sslca')
   add(params, ssl, 'sslkey')

package/lib/connection.js

@@ -21,6 +21,7 @@ var Connection = function (config) {
   config = config || {}
   this.stream = config.stream || new net.Socket()
   this._keepAlive = config.keepAlive
+  this._keepAliveInitialDelayMillis = config.keepAliveInitialDelayMillis
   this.lastBuffer = false
   this.lastOffset = 0
   this.buffer = null
@@ -47,17 +48,17 @@ var Connection = function (config) {
 util.inherits(Connection, EventEmitter)
 
 Connection.prototype.connect = function (port, host) {
+  var self = this
+
   if (this.stream.readyState === 'closed') {
     this.stream.connect(port, host)
   } else if (this.stream.readyState === 'open') {
     this.emit('connect')
   }
 
-  var self = this
-
   this.stream.on('connect', function () {
     if (self._keepAlive) {
-      self.stream.setKeepAlive(true)
+      self.stream.setKeepAlive(true, self._keepAliveInitialDelayMillis)
     }
     self.emit('connect')
   })
@@ -191,6 +192,24 @@ Connection.prototype.password = function (password) {
   this._send(0x70, this.writer.addCString(password))
 }
 
+Connection.prototype.sendSASLInitialResponseMessage = function (mechanism, initialResponse) {
+  // 0x70 = 'p'
+  this.writer
+    .addCString(mechanism)
+    .addInt32(Buffer.byteLength(initialResponse))
+    .addString(initialResponse)
+
+  this._send(0x70)
+}
+
+Connection.prototype.sendSCRAMClientFinalMessage = function (additionalData) {
+  // 0x70 = 'p'
+  this.writer
+    .addString(additionalData)
+
+  this._send(0x70)
+}
+
 Connection.prototype._send = function (code, more) {
   if (!this.stream.writable) {
     return false
@@ -421,25 +440,53 @@ Connection.prototype.parseMessage = function (buffer) {
 }
 
 Connection.prototype.parseR = function (buffer, length) {
-  var code = 0
+  var code = this.parseInt32(buffer)
+
   var msg = new Message('authenticationOk', length)
-  if (msg.length === 8) {
-    code = this.parseInt32(buffer)
-    if (code === 3) {
-      msg.name = 'authenticationCleartextPassword'
-    }
-    return msg
-  }
-  if (msg.length === 12) {
-    code = this.parseInt32(buffer)
-    if (code === 5) { // md5 required
-      msg.name = 'authenticationMD5Password'
-      msg.salt = Buffer.alloc(4)
-      buffer.copy(msg.salt, 0, this.offset, this.offset + 4)
-      this.offset += 4
+
+  switch (code) {
+    case 0: // AuthenticationOk
+      return msg
+    case 3: // AuthenticationCleartextPassword
+      if (msg.length === 8) {
+        msg.name = 'authenticationCleartextPassword'
+        return msg
+      }
+      break
+    case 5: // AuthenticationMD5Password
+      if (msg.length === 12) {
+        msg.name = 'authenticationMD5Password'
+        msg.salt = Buffer.alloc(4)
+        buffer.copy(msg.salt, 0, this.offset, this.offset + 4)
+        this.offset += 4
+        return msg
+      }
+
+      break
+    case 10: // AuthenticationSASL
+      msg.name = 'authenticationSASL'
+      msg.mechanisms = []
+      do {
+        var mechanism = this.parseCString(buffer)
+
+        if (mechanism) {
+          msg.mechanisms.push(mechanism)
+        }
+      } while (mechanism)
+
+      return msg
+    case 11: // AuthenticationSASLContinue
+      msg.name = 'authenticationSASLContinue'
+      msg.data = this.readString(buffer, length - 4)
+
+      return msg
+    case 12: // AuthenticationSASLFinal
+      msg.name = 'authenticationSASLFinal'
+      msg.data = this.readString(buffer, length - 4)
+
       return msg
-    }
   }
+
   throw new Error('Unknown authenticationOk message type' + util.inspect(msg))
 }
 

package/lib/defaults.js

@@ -58,7 +58,13 @@ module.exports = {
   statement_timeout: false,
 
   // max miliseconds to wait for query to complete (client side)
-  query_timeout: false
+  query_timeout: false,
+
+  connect_timeout: 0,
+
+  keepalives: 1,
+
+  keepalives_idle: 0
 }
 
 var pgTypes = require('pg-types')

package/lib/native/query.js

@@ -139,12 +139,16 @@ NativeQuery.prototype.submit = function (client) {
     // check if the client has already executed this named query
     // if so...just execute it again - skip the planning phase
     if (client.namedQueries[this.name]) {
+      if (this.text && client.namedQueries[this.name] !== this.text) {
+        const err = new Error(`Prepared statements must be unique - '${this.name}' was used for a different statement`)
+        return after(err)
+      }
       return client.native.execute(this.name, values, after)
     }
     // plan the named query the first time, then execute it
     return client.native.prepare(this.name, this.text, values.length, function (err) {
       if (err) return after(err)
-      client.namedQueries[self.name] = true
+      client.namedQueries[self.name] = self.text
       return self.native.execute(self.name, values, after)
     })
   } else if (this.values) {

package/lib/query.js

@@ -148,6 +148,10 @@ Query.prototype.submit = function (connection) {
   if (typeof this.text !== 'string' && typeof this.name !== 'string') {
     return new Error('A query must have either text or a name. Supplying neither is unsupported.')
   }
+  const previous = connection.parsedStatements[this.name]
+  if (this.text && previous && this.text !== previous) {
+    return new Error(`Prepared statements must be unique - '${this.name}' was used for a different statement`)
+  }
   if (this.values && !Array.isArray(this.values)) {
     return new Error('Query values must be an array')
   }
@@ -190,7 +194,12 @@ Query.prototype.prepare = function (connection) {
   }
 
   if (self.values) {
-    self.values = self.values.map(utils.prepareValue)
+    try {
+      self.values = self.values.map(utils.prepareValue)
+    } catch (err) {
+      this.handleError(err, connection)
+      return
+    }
   }
 
   // http://developer.postgresql.org/pgdocs/postgres/protocol-flow.html#PROTOCOL-FLOW-EXT-QUERY

package/lib/result.js

@@ -12,13 +12,14 @@ var types = require('pg-types')
 // result object returned from query
 // in the 'end' event and also
 // passed as second argument to provided callback
-var Result = function (rowMode) {
+var Result = function (rowMode, types) {
   this.command = null
   this.rowCount = null
   this.oid = null
   this.rows = []
   this.fields = []
   this._parsers = []
+  this._types = types
   this.RowCtor = null
   this.rowAsArray = rowMode === 'array'
   if (this.rowAsArray) {
@@ -94,11 +95,9 @@ Result.prototype.addFields = function (fieldDescriptions) {
   for (var i = 0; i < fieldDescriptions.length; i++) {
     var desc = fieldDescriptions[i]
     this.fields.push(desc)
-    var parser = this._getTypeParser(desc.dataTypeID, desc.format || 'text')
+    var parser = (this._types || types).getTypeParser(desc.dataTypeID, desc.format || 'text')
     this._parsers.push(parser)
   }
 }
 
-Result.prototype._getTypeParser = types.getTypeParser
-
 module.exports = Result

package/lib/sasl.js

@@ -0,0 +1,146 @@
+const crypto = require('crypto')
+
+function startSession (mechanisms) {
+  if (mechanisms.indexOf('SCRAM-SHA-256') === -1) {
+    throw new Error('SASL: Only mechanism SCRAM-SHA-256 is currently supported')
+  }
+
+  const clientNonce = crypto.randomBytes(18).toString('base64')
+
+  return {
+    mechanism: 'SCRAM-SHA-256',
+    clientNonce,
+    response: 'n,,n=*,r=' + clientNonce,
+    message: 'SASLInitialResponse'
+  }
+}
+
+function continueSession (session, password, serverData) {
+  if (session.message !== 'SASLInitialResponse') {
+    throw new Error('SASL: Last message was not SASLInitialResponse')
+  }
+
+  const sv = extractVariablesFromFirstServerMessage(serverData)
+
+  if (!sv.nonce.startsWith(session.clientNonce)) {
+    throw new Error('SASL: SCRAM-SERVER-FIRST-MESSAGE: server nonce does not start with client nonce')
+  }
+
+  var saltBytes = Buffer.from(sv.salt, 'base64')
+
+  var saltedPassword = Hi(password, saltBytes, sv.iteration)
+
+  var clientKey = createHMAC(saltedPassword, 'Client Key')
+  var storedKey = crypto.createHash('sha256').update(clientKey).digest()
+
+  var clientFirstMessageBare = 'n=*,r=' + session.clientNonce
+  var serverFirstMessage = 'r=' + sv.nonce + ',s=' + sv.salt + ',i=' + sv.iteration
+
+  var clientFinalMessageWithoutProof = 'c=biws,r=' + sv.nonce
+
+  var authMessage = clientFirstMessageBare + ',' + serverFirstMessage + ',' + clientFinalMessageWithoutProof
+
+  var clientSignature = createHMAC(storedKey, authMessage)
+  var clientProofBytes = xorBuffers(clientKey, clientSignature)
+  var clientProof = clientProofBytes.toString('base64')
+
+  var serverKey = createHMAC(saltedPassword, 'Server Key')
+  var serverSignatureBytes = createHMAC(serverKey, authMessage)
+
+  session.message = 'SASLResponse'
+  session.serverSignature = serverSignatureBytes.toString('base64')
+  session.response = clientFinalMessageWithoutProof + ',p=' + clientProof
+}
+
+function finalizeSession (session, serverData) {
+  if (session.message !== 'SASLResponse') {
+    throw new Error('SASL: Last message was not SASLResponse')
+  }
+
+  var serverSignature
+
+  String(serverData).split(',').forEach(function (part) {
+    switch (part[0]) {
+      case 'v':
+        serverSignature = part.substr(2)
+        break
+    }
+  })
+
+  if (serverSignature !== session.serverSignature) {
+    throw new Error('SASL: SCRAM-SERVER-FINAL-MESSAGE: server signature does not match')
+  }
+}
+
+function extractVariablesFromFirstServerMessage (data) {
+  var nonce, salt, iteration
+
+  String(data).split(',').forEach(function (part) {
+    switch (part[0]) {
+      case 'r':
+        nonce = part.substr(2)
+        break
+      case 's':
+        salt = part.substr(2)
+        break
+      case 'i':
+        iteration = parseInt(part.substr(2), 10)
+        break
+    }
+  })
+
+  if (!nonce) {
+    throw new Error('SASL: SCRAM-SERVER-FIRST-MESSAGE: nonce missing')
+  }
+
+  if (!salt) {
+    throw new Error('SASL: SCRAM-SERVER-FIRST-MESSAGE: salt missing')
+  }
+
+  if (!iteration) {
+    throw new Error('SASL: SCRAM-SERVER-FIRST-MESSAGE: iteration missing')
+  }
+
+  return {
+    nonce,
+    salt,
+    iteration
+  }
+}
+
+function xorBuffers (a, b) {
+  if (!Buffer.isBuffer(a)) a = Buffer.from(a)
+  if (!Buffer.isBuffer(b)) b = Buffer.from(b)
+  var res = []
+  if (a.length > b.length) {
+    for (var i = 0; i < b.length; i++) {
+      res.push(a[i] ^ b[i])
+    }
+  } else {
+    for (var j = 0; j < a.length; j++) {
+      res.push(a[j] ^ b[j])
+    }
+  }
+  return Buffer.from(res)
+}
+
+function createHMAC (key, msg) {
+  return crypto.createHmac('sha256', key).update(msg).digest()
+}
+
+function Hi (password, saltBytes, iterations) {
+  var ui1 = createHMAC(password, Buffer.concat([saltBytes, Buffer.from([0, 0, 0, 1])]))
+  var ui = ui1
+  for (var i = 0; i < iterations - 1; i++) {
+    ui1 = createHMAC(password, ui1)
+    ui = xorBuffers(ui, ui1)
+  }
+
+  return ui
+}
+
+module.exports = {
+  startSession,
+  continueSession,
+  finalizeSession
+}

package/lib/utils.js

@@ -97,7 +97,12 @@ function pad (number, digits) {
 
 function dateToString (date) {
   var offset = -date.getTimezoneOffset()
-  var ret = pad(date.getFullYear(), 4) + '-' +
+
+  var year = date.getFullYear()
+  var isBCYear = year < 1
+  if (isBCYear) year = Math.abs(year) + 1 // negative years are 1 off their BC representation
+
+  var ret = pad(year, 4) + '-' +
     pad(date.getMonth() + 1, 2) + '-' +
     pad(date.getDate(), 2) + 'T' +
     pad(date.getHours(), 2) + ':' +
@@ -110,11 +115,17 @@ function dateToString (date) {
     offset *= -1
   } else { ret += '+' }
 
-  return ret + pad(Math.floor(offset / 60), 2) + ':' + pad(offset % 60, 2)
+  ret += pad(Math.floor(offset / 60), 2) + ':' + pad(offset % 60, 2)
+  if (isBCYear) ret += ' BC'
+  return ret
 }
 
 function dateToStringUTC (date) {
-  var ret = pad(date.getUTCFullYear(), 4) + '-' +
+  var year = date.getUTCFullYear()
+  var isBCYear = year < 1
+  if (isBCYear) year = Math.abs(year) + 1 // negative years are 1 off their BC representation
+
+  var ret = pad(year, 4) + '-' +
     pad(date.getUTCMonth() + 1, 2) + '-' +
     pad(date.getUTCDate(), 2) + 'T' +
     pad(date.getUTCHours(), 2) + ':' +
@@ -122,7 +133,9 @@ function dateToStringUTC (date) {
     pad(date.getUTCSeconds(), 2) + '.' +
     pad(date.getUTCMilliseconds(), 3)
 
-  return ret + '+00:00'
+  ret += '+00:00'
+  if (isBCYear) ret += ' BC'
+  return ret
 }
 
 function normalizeQueryConfig (config, values, callback) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "pg",
-  "version": "7.8.1",
+  "version": "7.11.0",
   "description": "PostgreSQL client - pure javascript & libpq with the same API",
   "keywords": [
     "database",

package/.travis.yml

@@ -1,38 +0,0 @@
-language: node_js
-sudo: false
-dist: trusty
-before_script:
-  - node script/create-test-tables.js pg://postgres@127.0.0.1:5432/postgres
-env:
-  - CC=clang CXX=clang++ npm_config_clang=1 PGUSER=postgres PGDATABASE=postgres
-
-matrix:
-  include:
-    - node_js: "lts/boron"
-      addons:
-        postgresql: "9.6"
-    - node_js: "lts/argon"
-      addons:
-        postgresql: "9.6"
-    - node_js: "10"
-      addons:
-        postgresql: "9.6"
-    - node_js: "lts/carbon"
-      addons:
-        postgresql: "9.1"
-      dist: precise
-    - node_js: "lts/carbon"
-      addons:
-        postgresql: "9.2"
-    - node_js: "lts/carbon"
-      addons:
-        postgresql: "9.3"
-    - node_js: "lts/carbon"
-      addons:
-        postgresql: "9.4"
-    - node_js: "lts/carbon"
-      addons:
-        postgresql: "9.5"
-    - node_js: "lts/carbon"
-      addons:
-        postgresql: "9.6"