npm - saltcorn-db-code - Versions diffs - 0.1.0 - Mend

saltcorn-db-code 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (25) hide show

package/README.md +58 -0
package/index.js +41 -0
package/lib/action-args.js +42 -0
package/lib/auth.js +18 -0
package/lib/db-routine-action.js +146 -0
package/lib/export-import.js +137 -0
package/lib/html.js +16 -0
package/lib/introspection.js +87 -0
package/lib/render-routines.js +265 -0
package/lib/routine-args.js +114 -0
package/lib/sql-builders.js +69 -0
package/lib/validation.js +25 -0
package/lib/view-context.js +58 -0
package/package.json +36 -0
package/routes/ai.js +48 -0
package/routes/create.js +254 -0
package/routes/delete.js +148 -0
package/routes/edit.js +131 -0
package/routes/execute.js +267 -0
package/routes/export.js +119 -0
package/routes/import.js +221 -0
package/routes/list.js +10 -0
package/routes/placeholder.js +11 -0
package/routes/show.js +10 -0
package/viewtemplates/db-code-console.js +39 -0

package/lib/render-routines.js ADDED Viewed

@@ -0,0 +1,265 @@
+const { escapeHtml } = require("./html");
+const { listRoutines, getRoutineByOid } = require("./introspection");
+const { listViewHref, detailViewHref, routeHref, viewContextInput } = require("./view-context");
+const KIND_OPTIONS = [
+  { value: "", label: "All", icon: "fas fa-code" },
+  { value: "function", label: "Functions", icon: "fas fa-cube" },
+  { value: "procedure", label: "Stored procedures", icon: "fas fa-cogs" }
+];
+function unsupportedHtml(error) {
+  return `<div class="alert alert-warning">${escapeHtml(error.message || error)}</div>`;
+}
+function filterUrl(baseUrl, kind, viewBaseUrl) {
+  if (viewBaseUrl) return listViewHref(viewBaseUrl, kind);
+  const suffix = kind ? `?kind=${encodeURIComponent(kind)}` : "";
+  return `${baseUrl}${suffix}`;
+}
+function kindBadge(kind) {
+  const cfg = kind === "procedure"
+    ? { klass: "bg-warning text-dark", icon: "fas fa-cogs", label: "Stored procedure" }
+    : { klass: "bg-primary", icon: "fas fa-cube", label: "Function" };
+  return `<span class="badge ${cfg.klass}"><i class="${cfg.icon} me-1"></i>${cfg.label}</span>`;
+}
+function volatilityBadge(volatility) {
+  if (!volatility) return "";
+  const klass = volatility === "IMMUTABLE" ? "bg-success" : volatility === "STABLE" ? "bg-info text-dark" : "bg-secondary";
+  return `<span class="badge ${klass} me-1">${escapeHtml(volatility)}</span>`;
+}
+async function renderRoutineList({ baseUrl = "/db-code", useViewState = false, showWriteActions = true, kind = "" } = {}) {
+  const viewBaseUrl = useViewState ? baseUrl : null;
+  try {
+    const allRoutines = await listRoutines();
+    const selectedKind = ["function", "procedure"].includes(kind) ? kind : "";
+    const routines = selectedKind ? allRoutines.filter((routine) => routine.kind === selectedKind) : allRoutines;
+    const functionCount = allRoutines.filter((routine) => routine.kind === "function").length;
+    const procedureCount = allRoutines.filter((routine) => routine.kind === "procedure").length;
+    const routineHref = (oid) => {
+      return detailViewHref(viewBaseUrl, oid) + (selectedKind ? `&kind=${encodeURIComponent(selectedKind)}` : "");
+    };
+    const rows = routines.map((routine) => {
+      const searchable = `${routine.name} ${routine.kind} ${routine.identity_arguments || ""} ${routine.result_type || ""} ${routine.language || ""}`.toLowerCase();
+      return `<tr class="db-code-row" data-kind="${escapeHtml(routine.kind)}" data-searchable="${escapeHtml(searchable)}">
+<td>${kindBadge(routine.kind)}</td>
+<td><a class="fw-bold text-decoration-none" href="${routineHref(routine.oid)}">${escapeHtml(routine.name)}</a><div class="small text-muted"><code>${escapeHtml(routine.schema)}.${escapeHtml(routine.name)}</code></div></td>
+<td><code>${escapeHtml(routine.identity_arguments || "")}</code></td>
+<td><code>${escapeHtml(routine.result_type || "")}</code></td>
+<td><span class="badge bg-light text-dark border me-1">${escapeHtml(routine.language)}</span>${volatilityBadge(routine.volatility)}${routine.prosecdef ? `<span class="badge bg-danger">SECURITY DEFINER</span>` : ""}</td>
+<td class="text-nowrap">
+  <a class="btn btn-sm btn-outline-primary" href="${routineHref(routine.oid)}"><i class="fas fa-eye me-1"></i>View</a>
+  <a class="btn btn-sm btn-outline-secondary" href="${routeHref(`/db-code/routine/${routine.oid}/edit`, viewBaseUrl)}"><i class="fas fa-edit me-1"></i>Edit</a>
+</td>
+</tr>`;
+    }).join("");
+    const filterButtons = `<div class="btn-group btn-group-sm" role="group" aria-label="Routine type filters">
+${KIND_OPTIONS.map((opt) => `<a class="btn btn-${selectedKind === opt.value ? "" : "outline-"}primary" href="${filterUrl(baseUrl, opt.value, viewBaseUrl)}"><i class="${opt.icon} me-1"></i>${escapeHtml(opt.label)}</a>`).join("")}
+</div>`;
+    const styles = `<style>
+.db-code-console .db-code-row td { vertical-align: middle; }
+.db-code-console .db-code-toolbar { gap: .5rem; }
+.db-code-console .db-code-stat { min-width: 8rem; }
+.db-code-console .db-code-empty { min-height: 10rem; }
+.db-code-console .table-responsive { border-radius: .375rem; }
+</style>`;
+    const script = `<script>
+(function(){
+  const root = document.currentScript.closest('.db-code-console');
+  if (!root) return;
+  const search = root.querySelector('.db-code-search');
+  const rows = Array.from(root.querySelectorAll('.db-code-row'));
+  const empty = root.querySelector('.db-code-empty');
+  function applySearch(){
+    const q = (search && search.value || '').toLowerCase().trim();
+    let visible = 0;
+    rows.forEach((row) => {
+      const ok = !q || (row.getAttribute('data-searchable') || '').includes(q);
+      row.classList.toggle('d-none', !ok);
+      if (ok) visible += 1;
+    });
+    if (empty) empty.classList.toggle('d-none', visible !== 0);
+  }
+  if (search) search.addEventListener('input', applySearch);
+  applySearch();
+})();
+</script>`;
+    return `${styles}<div class="db-code-console">
+<div class="card mt-0 card-max-full-screen">
+  <div class="card-header d-flex justify-content-between align-items-center flex-wrap db-code-toolbar">
+    <div>
+      <h5 class="mb-0"><i class="fas fa-database me-2"></i>DB Code Console</h5>
+      <div class="small text-muted">PostgreSQL functions and stored procedures in the current tenant schema</div>
+    </div>
+    ${showWriteActions ? `<div class="d-flex flex-wrap gap-1" role="group" aria-label="Routine actions">
+      <div class="btn-group btn-group-sm" role="group">
+        <a class="btn btn-primary" href="${routeHref("/db-code/new", viewBaseUrl)}"><i class="fas fa-plus me-1"></i>New function</a>
+        <a class="btn btn-outline-primary" href="${routeHref("/db-code/new-procedure", viewBaseUrl)}"><i class="fas fa-plus me-1"></i>New stored procedure</a>
+        <a class="btn btn-outline-secondary" href="${routeHref("/db-code/new-ddl", viewBaseUrl)}"><i class="fas fa-file-code me-1"></i>New from DDL</a>
+      </div>
+      <div class="btn-group btn-group-sm" role="group">
+        <a class="btn btn-info text-white" href="${routeHref("/db-code/export", viewBaseUrl)}"><i class="fas fa-download me-1"></i>Export</a>
+        <a class="btn btn-outline-success" href="${routeHref("/db-code/import", viewBaseUrl)}"><i class="fas fa-upload me-1"></i>Import</a>
+      </div>
+    </div>` : ""}
+  </div>
+  <div class="card-body">
+    <div class="d-flex flex-wrap align-items-center justify-content-between mb-3 db-code-toolbar">
+      <div class="d-flex flex-wrap align-items-center db-code-toolbar">
+        ${filterButtons}
+        <div class="input-group input-group-sm" style="max-width: 320px;">
+          <span class="input-group-text"><i class="fas fa-search"></i></span>
+          <input class="form-control db-code-search" placeholder="Search routines">
+        </div>
+      </div>
+      <div class="d-flex flex-wrap db-code-toolbar small">
+        <span class="badge bg-secondary db-code-stat">${allRoutines.length} routines</span>
+        <span class="badge bg-primary db-code-stat">${functionCount} functions</span>
+        <span class="badge bg-warning text-dark db-code-stat">${procedureCount} procedures</span>
+      </div>
+    </div>
+    <div class="table-responsive">
+      <table class="table table-sm table-hover align-middle mb-0">
+        <thead><tr><th>Type</th><th>Name</th><th>Arguments</th><th>Returns</th><th>Metadata</th><th>Actions</th></tr></thead>
+        <tbody>${rows}</tbody>
+      </table>
+    </div>
+    <div class="db-code-empty text-center text-muted py-5 ${rows ? "d-none" : ""}">
+      <div class="h5">No routines found</div>
+      <div>Try adjusting your search or filter options.</div>
+    </div>
+  </div>
+</div>
+${script}
+</div>`;
+  } catch (error) {
+    return unsupportedHtml(error);
+  }
+}
+async function renderRoutineDetail(oid, { baseUrl = "/db-code", useViewState = false, showWriteActions = true, kind = "" } = {}) {
+  const viewBaseUrl = useViewState ? baseUrl : null;
+  try {
+    const routine = await getRoutineByOid(oid);
+    if (!routine) return `<div class="alert alert-warning">Routine not found in the current tenant schema.</div>`;
+    const backHref = viewBaseUrl ? listViewHref(viewBaseUrl, kind) : baseUrl;
+    const routineIcon = routine.kind === "procedure" ? "fas fa-cogs" : "fas fa-cube";
+    const securityBadge = routine.prosecdef
+      ? `<span class="badge bg-danger"><i class="fas fa-user-shield me-1"></i>SECURITY DEFINER</span>`
+      : `<span class="badge bg-light text-dark border"><i class="fas fa-user me-1"></i>SECURITY INVOKER</span>`;
+    const styles = `<style>
+.db-code-detail .db-code-detail-icon { width: 2.25rem; height: 2.25rem; display: inline-flex; align-items: center; justify-content: center; }
+.db-code-detail .db-code-toolbar { gap: .5rem; }
+.db-code-detail .db-code-meta th { width: 38%; color: var(--bs-secondary-color, #6c757d); font-weight: 600; }
+.db-code-detail .db-code-definition { max-height: 65vh; overflow: auto; }
+.db-code-detail .db-code-definition textarea { border: none; background: transparent; }
+.db-code-detail .db-code-definition .monaco-editor { border-radius: .375rem; }
+.db-code-detail .sticky-meta { position: sticky; top: 1rem; }
+</style>`;
+    const copyScript = `<script>
+(function(){
+  const root = document.currentScript.closest('.db-code-detail');
+  if (!root) return;
+  const wrap = root.querySelector('.db-code-definition');
+  // Make Monaco read-only once it initializes
+  function lockEditor() {
+    var edta = wrap ? wrap.querySelector('textarea') : null;
+    if (!edta) return;
+    var m = edta.nextElementSibling;
+    if (!m) return;
+    var ed = $(m).data('monaco-editor');
+    if (ed && ed.updateOptions) ed.updateOptions({ readOnly: true, domReadOnly: true });
+  }
+  // Try immediately and after a delay (Monaco init is async)
+  lockEditor();
+  setTimeout(lockEditor, 500);
+  setTimeout(lockEditor, 1500);
+  // Copy button
+  const btn = root.querySelector('.db-code-copy-definition');
+  if (!btn || !wrap || !navigator.clipboard) return;
+  btn.addEventListener('click', async function(){
+    var edta2 = wrap.querySelector('textarea');
+    var m2 = edta2 ? edta2.nextElementSibling : null;
+    var ed2 = m2 ? $(m2).data('monaco-editor') : null;
+    var text = '';
+    if (ed2 && ed2.getModel) text = ed2.getModel().getValue();
+    else if (edta2) text = edta2.value;
+    else text = wrap.textContent || '';
+    await navigator.clipboard.writeText(text);
+    const old = btn.innerHTML;
+    btn.innerHTML = '<i class="fas fa-check me-1"></i>Copied';
+    setTimeout(function(){ btn.innerHTML = old; }, 1200);
+  });
+})();
+</script>`;
+    return `${styles}<div class="db-code-detail">
+<p><a class="text-decoration-none" href="${backHref}"><i class="fas fa-arrow-left me-1"></i>Back to DB Code</a></p>
+<div class="card mt-0 card-max-full-screen">
+  <div class="card-header d-flex justify-content-between align-items-center flex-wrap db-code-toolbar">
+    <div class="d-flex align-items-center">
+      <span class="db-code-detail-icon rounded bg-primary text-white me-2"><i class="${routineIcon}"></i></span>
+      <div>
+        <h5 class="mb-0">${escapeHtml(routine.name)}</h5>
+        <div class="small text-muted"><code>${escapeHtml(routine.schema)}.${escapeHtml(routine.name)}(${escapeHtml(routine.identity_arguments || "")})</code></div>
+      </div>
+    </div>
+    ${showWriteActions ? `<div class="btn-group btn-group-sm" role="group" aria-label="Routine actions">
+      <a class="btn btn-primary" href="${routeHref(`/db-code/routine/${routine.oid}/edit`, viewBaseUrl)}"><i class="fas fa-edit me-1"></i>Edit</a>
+      <a class="btn btn-outline-secondary" href="${routeHref(`/db-code/routine/${routine.oid}/execute`, viewBaseUrl)}"><i class="fas fa-play me-1"></i>Test / execute</a>
+      <a class="btn btn-outline-danger" href="${routeHref(`/db-code/routine/${routine.oid}/delete`, viewBaseUrl)}"><i class="fas fa-trash me-1"></i>Delete</a>
+    </div>` : ""}
+  </div>
+  <div class="card-body">
+    <div class="row g-4">
+      <div class="col-lg-8">
+        <div class="d-flex justify-content-between align-items-center mb-2">
+          <div class="form-section-title text-muted fw-bold text-uppercase small mb-0">Definition</div>
+          <button type="button" class="btn btn-sm btn-outline-secondary db-code-copy-definition"><i class="fas fa-copy me-1"></i>Copy SQL</button>
+        </div>
+        <div class="db-code-definition border rounded bg-light mb-0">
+          <textarea class="to-code font-monospace" mode="text/x-sql" readonly style="width:100%;min-height:12rem;border:none;background:transparent;resize:vertical;">${escapeHtml(routine.definition)}</textarea>
+        </div>
+      </div>
+      <div class="col-lg-4">
+        <div class="sticky-meta">
+          <div class="card bg-light border-0 mb-3"><div class="card-body">
+            <div class="form-section-title text-muted fw-bold text-uppercase small">Metadata</div>
+            <div class="mb-3 d-flex flex-wrap gap-1">
+              ${kindBadge(routine.kind)}
+              <span class="badge bg-light text-dark border">${escapeHtml(routine.language)}</span>
+              ${volatilityBadge(routine.volatility)}
+              ${securityBadge}
+            </div>
+            <table class="table table-sm db-code-meta mb-0">
+              <tr><th>OID</th><td><code>${escapeHtml(routine.oid)}</code></td></tr>
+              <tr><th>Schema</th><td><code>${escapeHtml(routine.schema)}</code></td></tr>
+              <tr><th>Type</th><td>${escapeHtml(routine.kind)}</td></tr>
+              <tr><th>Arguments</th><td><code>${escapeHtml(routine.arguments || "")}</code></td></tr>
+              <tr><th>Identity args</th><td><code>${escapeHtml(routine.identity_arguments || "")}</code></td></tr>
+              <tr><th>Returns</th><td><code>${escapeHtml(routine.result_type || "")}</code></td></tr>
+            </table>
+          </div></div>
+          <div class="card border-0 bg-light"><div class="card-body">
+            <div class="form-section-title text-muted fw-bold text-uppercase small">Description</div>
+            <p class="mb-0 small">${escapeHtml(routine.description || "No description set for this routine.")}</p>
+          </div></div>
+        </div>
+      </div>
+    </div>
+  </div>
+</div>
+${copyScript}
+</div>`;
+  } catch (error) {
+    return unsupportedHtml(error);
+  }
+}
+module.exports = { renderRoutineList, renderRoutineDetail };

package/lib/routine-args.js ADDED Viewed

@@ -0,0 +1,114 @@
+const { parseArgumentsJson } = require("./action-args");
+function routineArity(routine) {
+  const total = Number.isInteger(routine?.pronargs) ? routine.pronargs : Number(routine?.pronargs || 0);
+  const defaults = Number.isInteger(routine?.pronargdefaults)
+    ? routine.pronargdefaults
+    : Number(routine?.pronargdefaults || 0);
+  const required = Math.max(0, total - defaults);
+  return { required, total };
+}
+function coerceRoutineInputArgs(routine) {
+  if (Array.isArray(routine?.input_args)) return routine.input_args;
+  if (typeof routine?.input_args === "string") {
+    try {
+      const parsed = JSON.parse(routine.input_args);
+      return Array.isArray(parsed) ? parsed : [];
+    } catch {
+      return [];
+    }
+  }
+  return [];
+}
+function resolveRoutineArguments(routine, argumentsJson, context) {
+  const parsed = parseArgumentsJson(argumentsJson, context, { allowObject: true });
+  const argMeta = coerceRoutineInputArgs(routine);
+  const { required, total } = routineArity(routine);
+  if (Array.isArray(parsed)) {
+    if (parsed.length < required || parsed.length > total) {
+      throw new Error(`DB_Routine expected ${required}-${total} positional arguments, got ${parsed.length}.`);
+    }
+    return parsed;
+  }
+  if (!parsed || typeof parsed !== "object") {
+    throw new Error("DB_Routine arguments must be a JSON array or object.");
+  }
+  const unnamedRequired = argMeta.slice(0, required).filter((arg) => !arg.name).length;
+  if (unnamedRequired > 0) {
+    throw new Error("This routine has unnamed required parameters. Use positional JSON array arguments.");
+  }
+  const values = [];
+  for (let i = 0; i < total; i += 1) {
+    const name = argMeta[i]?.name;
+    const hasValue = name && Object.prototype.hasOwnProperty.call(parsed, name);
+    if (hasValue) {
+      values.push(parsed[name]);
+      continue;
+    }
+    if (i < required) throw new Error(`Missing required argument: ${name || `#${i + 1}`}.`);
+    break;
+  }
+  return values;
+}
+function encodeTemplateValue(str) {
+  return Buffer.from(String(str || ""), "utf8").toString("base64");
+}
+function decodeTemplateValue(str) {
+  if (!str) return "";
+  return Buffer.from(String(str), "base64").toString("utf8");
+}
+function buildArgumentTemplates(routine) {
+  const args = coerceRoutineInputArgs(routine);
+  const { required, total } = routineArity(routine);
+  const reqArgs = args.slice(0, required);
+  const allArgs = args.slice(0, total);
+  const positionalRequired = JSON.stringify(
+    reqArgs.map((arg, i) => `{{row.${arg?.name || `arg${i + 1}`}}}`),
+    null,
+    2
+  );
+  const positionalAll = JSON.stringify(
+    allArgs.map((arg, i) => `{{row.${arg?.name || `arg${i + 1}`}}}`),
+    null,
+    2
+  );
+  const namedRequiredObj = {};
+  reqArgs.forEach((arg, i) => {
+    if (arg?.name) namedRequiredObj[arg.name] = `{{row.${arg.name}}}`;
+    else namedRequiredObj[`arg${i + 1}`] = `{{row.arg${i + 1}}}`;
+  });
+  const namedRequired = JSON.stringify(namedRequiredObj, null, 2);
+  return {
+    positionalRequired,
+    positionalAll,
+    namedRequired,
+    encoded: {
+      positionalRequired: encodeTemplateValue(positionalRequired),
+      positionalAll: encodeTemplateValue(positionalAll),
+      namedRequired: encodeTemplateValue(namedRequired),
+    },
+    required,
+    total,
+  };
+}
+module.exports = {
+  routineArity,
+  resolveRoutineArguments,
+  coerceRoutineInputArgs,
+  buildArgumentTemplates,
+  encodeTemplateValue,
+  decodeTemplateValue,
+};

package/lib/sql-builders.js ADDED Viewed

@@ -0,0 +1,69 @@
+const { assertIdentifier, assertAllowed, ALLOWED_LANGUAGES, ALLOWED_VOLATILITY, ALLOWED_SECURITY } = require("./validation");
+function quoteIdent(identifier) {
+  assertIdentifier(identifier);
+  return `"${identifier.replace(/"/g, '""')}"`;
+}
+function normalizeRoutineBody(body, language) {
+  const text = String(body || "").trim();
+  if (language !== "plpgsql" || /^\s*(BEGIN|DECLARE)\b/i.test(text)) return text;
+  const bodyWithSemicolon = /;\s*$/.test(text) ? text : `${text};`;
+  return `BEGIN\n  ${bodyWithSemicolon}\nEND`;
+}
+function dollarQuote(body) {
+  const tag = "$scdbcode$";
+  if (String(body || "").includes(tag)) throw new Error("Routine body cannot contain the $scdbcode$ delimiter.");
+  return `${tag}\n${body || ""}\n${tag}`;
+}
+function buildCreateFunctionSql({ schema, name, argumentsSql = "", returnType, language = "plpgsql", volatility = "VOLATILE", security = "INVOKER", body = "", description }) {
+  assertIdentifier(schema, "schema");
+  assertIdentifier(name, "function name");
+  assertAllowed(language, ALLOWED_LANGUAGES, "language");
+  assertAllowed(volatility, ALLOWED_VOLATILITY, "volatility");
+  assertAllowed(security, ALLOWED_SECURITY, "security");
+  if (!String(returnType || "").trim()) throw new Error("Return type is required.");
+  const normalizedBody = normalizeRoutineBody(body, language);
+  const createSql = `CREATE OR REPLACE FUNCTION ${quoteIdent(schema)}.${quoteIdent(name)}(${argumentsSql || ""})\nRETURNS ${returnType}\nLANGUAGE ${language}\n${volatility}\nSECURITY ${security}\nAS ${dollarQuote(normalizedBody)};`;
+  if (!description) return createSql;
+  return `${createSql}\n\nCOMMENT ON FUNCTION ${quoteIdent(schema)}.${quoteIdent(name)}(${argumentsSql || ""}) IS ${literal(description)};`;
+}
+function buildCreateProcedureSql({ schema, name, argumentsSql = "", language = "plpgsql", security = "INVOKER", body = "", description }) {
+  assertIdentifier(schema, "schema");
+  assertIdentifier(name, "procedure name");
+  assertAllowed(language, ALLOWED_LANGUAGES, "language");
+  assertAllowed(security, ALLOWED_SECURITY, "security");
+  const normalizedBody = normalizeRoutineBody(body, language);
+  const createSql = `CREATE OR REPLACE PROCEDURE ${quoteIdent(schema)}.${quoteIdent(name)}(${argumentsSql || ""})\nLANGUAGE ${language}\nSECURITY ${security}\nAS ${dollarQuote(normalizedBody)};`;
+  if (!description) return createSql;
+  return `${createSql}\n\nCOMMENT ON PROCEDURE ${quoteIdent(schema)}.${quoteIdent(name)}(${argumentsSql || ""}) IS ${literal(description)};`;
+}
+function buildDropRoutineSql({ schema, name, identityArguments = "", kind = "function" }) {
+  assertIdentifier(schema, "schema");
+  assertIdentifier(name, "routine name");
+  const command = kind === "procedure" ? "DROP PROCEDURE" : "DROP FUNCTION";
+  return `${command} ${quoteIdent(schema)}.${quoteIdent(name)}(${identityArguments || ""});`;
+}
+function validateCreateRoutineDdl(sql, schema) {
+  const ddl = String(sql || "").trim();
+  if (!ddl) throw new Error("DDL is required.");
+  if (!/^CREATE\s+(OR\s+REPLACE\s+)?(FUNCTION|PROCEDURE)\s+/i.test(ddl)) {
+    throw new Error("DDL must start with CREATE FUNCTION, CREATE OR REPLACE FUNCTION, CREATE PROCEDURE, or CREATE OR REPLACE PROCEDURE.");
+  }
+  const schemaPattern = new RegExp(`^CREATE\\s+(OR\\s+REPLACE\\s+)?(FUNCTION|PROCEDURE)\\s+("${schema.replace(/"/g, '""')}"|${schema})\\.`, "i");
+  if (!schemaPattern.test(ddl)) throw new Error(`DDL must create the routine explicitly in the current tenant schema: ${schema}.`);
+  return ddl;
+}
+function literal(value) {
+  return `'${String(value).replace(/'/g, "''")}'`;
+}
+module.exports = { quoteIdent, normalizeRoutineBody, normalizeFunctionBody: normalizeRoutineBody, buildCreateFunctionSql, buildCreateProcedureSql, buildDropRoutineSql, validateCreateRoutineDdl };

package/lib/validation.js ADDED Viewed

@@ -0,0 +1,25 @@
+const IDENTIFIER_RE = /^[A-Za-z_][A-Za-z0-9_]*$/;
+const ALLOWED_LANGUAGES = new Set(["sql", "plpgsql"]);
+const ALLOWED_VOLATILITY = new Set(["VOLATILE", "STABLE", "IMMUTABLE"]);
+const ALLOWED_SECURITY = new Set(["INVOKER", "DEFINER"]);
+function assertIdentifier(name, label = "identifier") {
+  if (!IDENTIFIER_RE.test(String(name || ""))) throw new Error(`Invalid ${label}. Use letters, numbers, and underscores; do not start with a number.`);
+  return name;
+}
+function assertAllowed(value, allowed, label) {
+  if (!allowed.has(String(value))) throw new Error(`Invalid ${label}: ${value}`);
+  return value;
+}
+function assertSafeSqlFragment(value, label, { required = false } = {}) {
+  const text = String(value || "").trim();
+  if (required && !text) throw new Error(`${label} is required.`);
+  if (!text) return text;
+  if (/[;]|--|\/\*/.test(text)) throw new Error(`${label} contains disallowed SQL tokens.`);
+  if (!/^[A-Za-z0-9_.,\s\[\]()"']+$/.test(text)) throw new Error(`${label} contains unsupported characters.`);
+  return text;
+}
+module.exports = { IDENTIFIER_RE, ALLOWED_LANGUAGES, ALLOWED_VOLATILITY, ALLOWED_SECURITY, assertIdentifier, assertAllowed, assertSafeSqlFragment };

package/lib/view-context.js ADDED Viewed

@@ -0,0 +1,58 @@
+/**
+ * Helpers to build navigation URLs that respect the view context.
+ *
+ * When the user navigates from a DBCodeConsole view (e.g. /view/MyConsole),
+ * `viewBaseUrl` is set to that URL and all links stay within the view.
+ * When the user navigates from the direct /db-code routes, `viewBaseUrl`
+ * is null and all links use the /db-code paths as before.
+ */
+/**
+ * Build the list-page URL for the current context.
+ * @param {string|null} viewBaseUrl
+ * @param {string} kind  Optional kind filter ("function" or "procedure")
+ */
+function listViewHref(viewBaseUrl, kind) {
+  if (!viewBaseUrl) {
+    return kind ? `/db-code?kind=${encodeURIComponent(kind)}` : "/db-code";
+  }
+  const params = new URLSearchParams();
+  if (kind) params.set("kind", kind);
+  const qs = params.toString();
+  return qs ? `${viewBaseUrl}?${qs}` : viewBaseUrl;
+}
+/**
+ * Build the detail-page URL for the current context.
+ */
+function detailViewHref(viewBaseUrl, oid) {
+  if (!viewBaseUrl) return `/db-code/routine/${oid}`;
+  return `${viewBaseUrl}?routine_oid=${oid}`;
+}
+/**
+ * Build a link to a direct plugin route, appending view_base_url when
+ * the user is in a view context so the route can redirect back.
+ */
+function routeHref(routePath, viewBaseUrl) {
+  if (!viewBaseUrl) return routePath;
+  const sep = routePath.includes("?") ? "&" : "?";
+  return `${routePath}${sep}view_base_url=${encodeURIComponent(viewBaseUrl)}`;
+}
+/**
+ * Hidden form input that carries view_base_url through POST requests.
+ */
+function viewContextInput(viewBaseUrl) {
+  if (!viewBaseUrl) return "";
+  return `<input type="hidden" name="view_base_url" value="${viewBaseUrl.replace(/"/g, "&quot;")}">`;
+}
+/**
+ * Read view_base_url from a request (query on GET, body on POST).
+ */
+function getViewBaseUrl(req) {
+  return req.query?.view_base_url || req.body?.view_base_url || null;
+}
+module.exports = { listViewHref, detailViewHref, routeHref, viewContextInput, getViewBaseUrl };

package/package.json ADDED Viewed

@@ -0,0 +1,36 @@
+{
+  "name": "saltcorn-db-code",
+  "version": "0.1.0",
+  "description": "Saltcorn plugin to inspect and manage PostgreSQL database routines (functions and stored procedures) from the Saltcorn UI.",
+  "main": "index.js",
+  "scripts": {
+    "test": "node --test",
+    "lint": "node --check index.js && node --check lib/*.js && node --check routes/*.js && node --check viewtemplates/*.js"
+  },
+  "keywords": [
+    "saltcorn",
+    "saltcorn-plugin",
+    "postgresql",
+    "database",
+    "functions",
+    "stored-procedures",
+    "sql",
+    "ddl"
+  ],
+  "author": "DevGiu",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/DevGiuDev/saltcorn-db-code.git"
+  },
+  "bugs": {
+    "url": "https://github.com/DevGiuDev/saltcorn-db-code/issues"
+  },
+  "homepage": "https://github.com/DevGiuDev/saltcorn-db-code#readme",
+  "engines": {
+    "node": ">=18.0.0"
+  },
+  "peerDependencies": {
+    "@saltcorn/data": "*"
+  }
+}

package/routes/ai.js ADDED Viewed

@@ -0,0 +1,48 @@
+const { getState } = require("@saltcorn/data/db/state");
+const { requireAdmin } = require("../lib/auth");
+/**
+ * Strip markdown code fences that LLMs sometimes add despite instructions.
+ * Handles ```sql ... ```, ``` ... ```, and leading/trailing whitespace.
+ */
+function stripMarkdownFences(text) {
+  let out = String(text || "").trim();
+  // Remove opening fence with optional language tag
+  out = out.replace(/^```(?:sql|postgresql|plpgsql)?\s*\n?/i, "");
+  // Remove closing fence
+  out = out.replace(/\n?```\s*$/,
+ "");
+  return out.trim();
+}
+async function generateRoutineSqlRoute(req, res) {
+  if (!requireAdmin(req, res)) return;
+  try {
+    const description = String(req.body?.description || "").trim();
+    const existingCode = String(req.body?.existing_code || "");
+    const routineType = String(req.body?.routine_type || "function");
+    if (!description) return res.json({ error: "Prompt is required." });
+    const copilot = getState()?.functions?.copilot_generate_javascript;
+    if (!copilot?.run) return res.json({ error: "Copilot generation is not available." });
+    const sqlPrompt = [
+      `You are a PostgreSQL code generator.`,
+      `Task: ${description}`,
+      existingCode ? `Existing code to modify:\n${existingCode}` : "",
+      `Constraints:`,
+      `- Output MUST be a single valid PostgreSQL ${routineType} DDL statement.`,
+      `- It MUST start with CREATE OR REPLACE ${routineType === "stored procedure" ? "PROCEDURE" : "FUNCTION"}.`,
+      `- Do NOT include markdown fences, comments, or any text outside the SQL statement.`,
+      `- Do NOT wrap output in backticks or code blocks.`,
+      `- Use dollar-quoting ($body$...$body$) for the routine body.`,
+      `- Output raw SQL only. Nothing else.`,
+    ].filter(Boolean).join("\n\n");
+    const code = stripMarkdownFences(await copilot.run(sqlPrompt, existingCode, null));
+    return res.json({ code });
+  } catch (error) {
+    return res.json({ error: error.message || "AI generation failed." });
+  }
+}
+module.exports = { generateRoutineSqlRoute };