spindb 0.9.0 → 0.9.2

package/core/start-with-retry.ts

@@ -26,8 +26,8 @@ export type StartWithRetryResult = {
   error?: Error
 }
 
-function isPortInUseError(err: unknown): boolean {
-  const message = (err as Error)?.message?.toLowerCase() || ''
+function isPortInUseError(error: unknown): boolean {
+  const message = (error as Error)?.message?.toLowerCase() || ''
   return (
     message.includes('address already in use') ||
     message.includes('eaddrinuse') ||
@@ -62,14 +62,14 @@ export async function startWithRetry(
         finalPort: config.port,
         retriesUsed: attempt - 1,
       }
-    } catch (err) {
-      const isPortError = isPortInUseError(err)
+    } catch (error) {
+      const isPortError = isPortInUseError(error)
 
       logDebug(`Start attempt ${attempt} failed`, {
         containerName: config.name,
         port: config.port,
         isPortError,
-        error: err instanceof Error ? err.message : String(err),
+        error: error instanceof Error ? error.message : String(error),
       })
 
       if (isPortError && attempt < maxRetries) {
@@ -101,7 +101,7 @@ export async function startWithRetry(
         success: false,
         finalPort: config.port,
         retriesUsed: attempt - 1,
-        error: err instanceof Error ? err : new Error(String(err)),
+        error: error instanceof Error ? error : new Error(String(error)),
       }
     }
   }

package/core/transaction-manager.ts

@@ -36,9 +36,9 @@ export type RollbackAction = {
  *   })
  *
  *   tx.commit() // Success - clear rollback stack
- * } catch (err) {
+ * } catch (error) {
  *   await tx.rollback() // Error - undo everything
- *   throw err
+ *   throw error
  * }
  * ```
  */
@@ -85,14 +85,14 @@ export class TransactionManager {
         logDebug(`Executing rollback: ${action.description}`)
         await action.execute()
         logDebug(`Rollback successful: ${action.description}`)
-      } catch (err) {
+      } catch (error) {
         // Log error but continue with other rollbacks
         logError({
           code: ErrorCodes.ROLLBACK_FAILED,
           message: `Failed to rollback: ${action.description}`,
           severity: 'warning',
           context: {
-            error: err instanceof Error ? err.message : String(err),
+            error: error instanceof Error ? error.message : String(error),
           },
         })
       }
@@ -155,8 +155,8 @@ export async function withTransaction<T>(
     const result = await operation(tx)
     tx.commit()
     return result
-  } catch (err) {
+  } catch (error) {
     await tx.rollback()
-    throw err
+    throw error
   }
 }

package/engines/mysql/backup.ts

@@ -56,6 +56,20 @@ async function createSqlBackup(
   outputPath: string,
 ): Promise<BackupResult> {
   return new Promise((resolve, reject) => {
+    let settled = false
+    const safeResolve = (value: BackupResult) => {
+      if (!settled) {
+        settled = true
+        resolve(value)
+      }
+    }
+    const safeReject = (err: Error) => {
+      if (!settled) {
+        settled = true
+        reject(err)
+      }
+    }
+
     const args = [
       '-h',
       '127.0.0.1',
@@ -79,20 +93,20 @@ async function createSqlBackup(
     })
 
     proc.on('error', (err: NodeJS.ErrnoException) => {
-      reject(err)
+      safeReject(err)
     })
 
     proc.on('close', async (code) => {
       if (code === 0) {
         const stats = await stat(outputPath)
-        resolve({
+        safeResolve({
           path: outputPath,
           format: 'sql',
           size: stats.size,
         })
       } else {
         const errorMessage = stderr || `mysqldump exited with code ${code}`
-        reject(new Error(errorMessage))
+        safeReject(new Error(errorMessage))
       }
     })
   })
@@ -108,52 +122,55 @@ async function createCompressedBackup(
   database: string,
   outputPath: string,
 ): Promise<BackupResult> {
-  return new Promise((resolve, reject) => {
-    const args = [
-      '-h',
-      '127.0.0.1',
-      '-P',
-      String(port),
-      '-u',
-      engineDef.superuser,
-      database,
-    ]
-
-    const proc = spawn(mysqldump, args, {
-      stdio: ['pipe', 'pipe', 'pipe'],
-    })
+  const args = [
+    '-h',
+    '127.0.0.1',
+    '-P',
+    String(port),
+    '-u',
+    engineDef.superuser,
+    database,
+  ]
+
+  const proc = spawn(mysqldump, args, {
+    stdio: ['pipe', 'pipe', 'pipe'],
+  })
 
-    const gzip = createGzip()
-    const output = createWriteStream(outputPath)
+  const gzip = createGzip()
+  const output = createWriteStream(outputPath)
 
-    let stderr = ''
+  let stderr = ''
 
-    proc.stderr?.on('data', (data: Buffer) => {
-      stderr += data.toString()
-    })
+  proc.stderr?.on('data', (data: Buffer) => {
+    stderr += data.toString()
+  })
 
-    // Pipe mysqldump stdout -> gzip -> file
-    pipeline(proc.stdout!, gzip, output)
-      .then(async () => {
-        const stats = await stat(outputPath)
-        resolve({
-          path: outputPath,
-          format: 'compressed',
-          size: stats.size,
-        })
-      })
-      .catch(reject)
+  // Create promise for pipeline completion
+  const pipelinePromise = pipeline(proc.stdout!, gzip, output)
 
+  // Create promise for process exit
+  const exitPromise = new Promise<void>((resolve, reject) => {
     proc.on('error', (err: NodeJS.ErrnoException) => {
       reject(err)
     })
 
     proc.on('close', (code) => {
-      if (code !== 0) {
+      if (code === 0) {
+        resolve()
+      } else {
         const errorMessage = stderr || `mysqldump exited with code ${code}`
         reject(new Error(errorMessage))
       }
-      // If code is 0, the pipeline promise will resolve
     })
   })
+
+  // Wait for both pipeline AND process exit to succeed
+  await Promise.all([pipelinePromise, exitPromise])
+
+  const stats = await stat(outputPath)
+  return {
+    path: outputPath,
+    format: 'compressed',
+    size: stats.size,
+  }
 }

package/engines/mysql/index.ts

@@ -6,7 +6,7 @@
 import { spawn, exec } from 'child_process'
 import { promisify } from 'util'
 import { existsSync, createReadStream } from 'fs'
-import { mkdir, writeFile, readFile, unlink } from 'fs/promises'
+import { mkdir, writeFile, readFile, unlink, rm } from 'fs/promises'
 import { join } from 'path'
 import { BaseEngine } from '../base-engine'
 import { paths } from '../../config/paths'
@@ -16,6 +16,7 @@ import {
   logWarning,
   ErrorCodes,
   SpinDBError,
+  assertValidDatabaseName,
 } from '../../core/error-handler'
 import {
   getMysqldPath,
@@ -135,9 +136,27 @@ export class MySQLEngine extends BaseEngine {
       engine: ENGINE,
     })
 
+    // Track if we created the directory (for cleanup on failure)
+    let createdDataDir = false
+
     // Create data directory if it doesn't exist
     if (!existsSync(dataDir)) {
       await mkdir(dataDir, { recursive: true })
+      createdDataDir = true
+    }
+
+    // Helper to clean up on failure
+    const cleanupOnFailure = async () => {
+      if (createdDataDir) {
+        try {
+          await rm(dataDir, { recursive: true, force: true })
+          logDebug(`Cleaned up data directory after init failure: ${dataDir}`)
+        } catch (cleanupErr) {
+          logDebug(
+            `Failed to clean up data directory: ${cleanupErr instanceof Error ? cleanupErr.message : String(cleanupErr)}`,
+          )
+        }
+      }
     }
 
     // Check if we're using MariaDB or MySQL
@@ -148,6 +167,7 @@ export class MySQLEngine extends BaseEngine {
       const installDb =
         (await getMariadbInstallDbPath()) || (await getMysqlInstallDbPath())
       if (!installDb) {
+        await cleanupOnFailure()
         throw new Error(
           'MariaDB detected but mysql_install_db not found.\n' +
             'Install MariaDB server package which includes the initialization script.',
@@ -177,10 +197,11 @@ export class MySQLEngine extends BaseEngine {
           stderr += data.toString()
         })
 
-        proc.on('close', (code) => {
+        proc.on('close', async (code) => {
           if (code === 0) {
             resolve(dataDir)
           } else {
+            await cleanupOnFailure()
             reject(
               new Error(
                 `MariaDB initialization failed with code ${code}: ${stderr || stdout}`,
@@ -189,12 +210,16 @@ export class MySQLEngine extends BaseEngine {
           }
         })
 
-        proc.on('error', reject)
+        proc.on('error', async (err) => {
+          await cleanupOnFailure()
+          reject(err)
+        })
       })
     } else {
       // MySQL uses mysqld --initialize-insecure
       const mysqld = await getMysqldPath()
       if (!mysqld) {
+        await cleanupOnFailure()
         throw new Error(getInstallInstructions())
       }
 
@@ -221,10 +246,11 @@ export class MySQLEngine extends BaseEngine {
           stderr += data.toString()
         })
 
-        proc.on('close', (code) => {
+        proc.on('close', async (code) => {
           if (code === 0) {
             resolve(dataDir)
           } else {
+            await cleanupOnFailure()
             reject(
               new Error(
                 `MySQL initialization failed with code ${code}: ${stderr || stdout}`,
@@ -233,7 +259,10 @@ export class MySQLEngine extends BaseEngine {
           }
         })
 
-        proc.on('error', reject)
+        proc.on('error', async (err) => {
+          await cleanupOnFailure()
+          reject(err)
+        })
       })
     }
   }
@@ -313,6 +342,14 @@ export class MySQLEngine extends BaseEngine {
                 connectionString: this.getConnectionString(container),
               })
               return
+            } else {
+              // mysqladmin not found - cannot verify MySQL is ready
+              reject(
+                new Error(
+                  'mysqladmin not found - cannot verify MySQL startup. Install MySQL client tools.',
+                ),
+              )
+              return
             }
           } catch {
             if (attempts < maxAttempts) {
@@ -413,8 +450,8 @@ export class MySQLEngine extends BaseEngine {
         await this.cleanupPidFile(pidFile)
         return null
       }
-    } catch (err) {
-      const e = err as NodeJS.ErrnoException
+    } catch (error) {
+      const e = error as NodeJS.ErrnoException
       if (e.code !== 'ENOENT') {
         logWarning(`Failed to read PID file: ${e.message}`, {
           pidFile,
@@ -442,8 +479,8 @@ export class MySQLEngine extends BaseEngine {
           `"${mysqladmin}" -h 127.0.0.1 -P ${port} -u root shutdown`,
           { timeout: 5000 },
         )
-      } catch (err) {
-        const e = err as Error
+      } catch (error) {
+        const e = error as Error
         logDebug(`mysqladmin shutdown failed: ${e.message}`)
         // Continue to wait for process to die or send SIGTERM
       }
@@ -505,8 +542,8 @@ export class MySQLEngine extends BaseEngine {
         await this.cleanupPidFile(pidFile)
         return
       }
-    } catch (err) {
-      const e = err as NodeJS.ErrnoException
+    } catch (error) {
+      const e = error as NodeJS.ErrnoException
       if (e.code === 'ESRCH') {
         // Process already dead
         await this.cleanupPidFile(pidFile)
@@ -538,9 +575,9 @@ export class MySQLEngine extends BaseEngine {
         logDebug(`Process ${pid} terminated after SIGKILL`)
         await this.cleanupPidFile(pidFile)
       }
-    } catch (err) {
-      if (err instanceof SpinDBError) throw err
-      const e = err as NodeJS.ErrnoException
+    } catch (error) {
+      if (error instanceof SpinDBError) throw error
+      const e = error as NodeJS.ErrnoException
       if (e.code === 'ESRCH') {
         // Process already dead
         await this.cleanupPidFile(pidFile)
@@ -557,8 +594,8 @@ export class MySQLEngine extends BaseEngine {
     try {
       await unlink(pidFile)
       logDebug('PID file cleaned up')
-    } catch (err) {
-      const e = err as NodeJS.ErrnoException
+    } catch (error) {
+      const e = error as NodeJS.ErrnoException
       if (e.code !== 'ENOENT') {
         logDebug(`Failed to clean up PID file: ${e.message}`)
       }
@@ -687,6 +724,7 @@ export class MySQLEngine extends BaseEngine {
     container: ContainerConfig,
     database: string,
   ): Promise<void> {
+    assertValidDatabaseName(database)
     const { port } = container
 
     const mysql = await getMysqlClientPath()
@@ -720,6 +758,7 @@ export class MySQLEngine extends BaseEngine {
     container: ContainerConfig,
     database: string,
   ): Promise<void> {
+    assertValidDatabaseName(database)
     const { port } = container
 
     const mysql = await getMysqlClientPath()
@@ -748,6 +787,9 @@ export class MySQLEngine extends BaseEngine {
     const { port, database } = container
     const db = database || 'mysql'
 
+    // Validate database name to prevent SQL injection
+    assertValidDatabaseName(db)
+
     try {
       const mysql = await getMysqlClientPath()
       if (!mysql) return null
@@ -856,6 +898,7 @@ export class MySQLEngine extends BaseEngine {
   ): Promise<void> {
     const { port } = container
     const db = options.database || container.database || 'mysql'
+    assertValidDatabaseName(db)
 
     const mysql = await getMysqlClientPath()
     if (!mysql) {

package/engines/mysql/restore.ts

@@ -174,13 +174,13 @@ export async function restoreBackup(
   if (validateVersion) {
     try {
       await validateRestoreCompatibility({ dumpPath: backupPath })
-    } catch (err) {
+    } catch (error) {
       // Re-throw SpinDBError, log and continue for other errors
-      if (err instanceof Error && err.name === 'SpinDBError') {
-        throw err
+      if (error instanceof Error && error.name === 'SpinDBError') {
+        throw error
       }
       logDebug('Version validation failed, proceeding anyway', {
-        error: err instanceof Error ? err.message : String(err),
+        error: error instanceof Error ? error.message : String(error),
       })
     }
   }

package/engines/mysql/version-validator.ts

@@ -197,10 +197,10 @@ export async function parseDumpVersion(dumpPath: string): Promise<DumpInfo> {
     }
 
     return { version: null, variant }
-  } catch (err) {
+  } catch (error) {
     logDebug('Failed to parse dump version', {
       dumpPath,
-      error: err instanceof Error ? err.message : String(err),
+      error: error instanceof Error ? error.message : String(error),
     })
     return { version: null, variant: 'unknown' }
   }

package/engines/postgresql/binary-manager.ts

@@ -2,7 +2,7 @@ import { exec } from 'child_process'
 import { promisify } from 'util'
 import chalk from 'chalk'
 import { createSpinner } from '../../cli/ui/spinner'
-import { warning, error as themeError, success } from '../../cli/ui/theme'
+import { uiWarning, uiError, uiSuccess } from '../../cli/ui/theme'
 import {
   detectPackageManager as detectPM,
   installEngineDependencies,
@@ -311,7 +311,7 @@ export async function installPostgresBinaries(): Promise<boolean> {
   const packageManager = await detectPM()
   if (!packageManager) {
     spinner.fail('No supported package manager found')
-    console.log(themeError('Please install PostgreSQL client tools manually:'))
+    console.log(uiError('Please install PostgreSQL client tools manually:'))
 
     // Show platform-specific instructions from the registry
     const platform = getCurrentPlatform()
@@ -348,21 +348,21 @@ export async function installPostgresBinaries(): Promise<boolean> {
 
     if (allSuccess) {
       console.log()
-      console.log(success('PostgreSQL client tools installed successfully'))
+      console.log(uiSuccess('PostgreSQL client tools installed successfully'))
       return true
     } else {
       const failed = results.filter((r) => !r.success)
       console.log()
-      console.log(themeError('Some installations failed:'))
+      console.log(uiError('Some installations failed:'))
       for (const f of failed) {
-        console.log(themeError(`  ${f.dependency.name}: ${f.error}`))
+        console.log(uiError(`  ${f.dependency.name}: ${f.error}`))
       }
       return false
     }
   } catch (error: unknown) {
     console.log()
-    console.log(themeError('Failed to install PostgreSQL client tools'))
-    console.log(warning('Please install manually'))
+    console.log(uiError('Failed to install PostgreSQL client tools'))
+    console.log(uiWarning('Please install manually'))
     if (error instanceof Error) {
       console.log(chalk.gray(`Error details: ${error.message}`))
     }
@@ -408,7 +408,7 @@ export async function updatePostgresClientTools(): Promise<boolean> {
 
       spinner.succeed('PostgreSQL client tools updated')
       console.log(
-        success(
+        uiSuccess(
           `Client tools successfully linked to PostgreSQL ${latestMajor}`,
         ),
       )
@@ -418,13 +418,13 @@ export async function updatePostgresClientTools(): Promise<boolean> {
       // For other package managers, use the standard update
       await execWithTimeout(packageManager.updateCommand('postgresql'), 120000)
       spinner.succeed('PostgreSQL client tools updated')
-      console.log(success('Update completed successfully'))
+      console.log(uiSuccess('Update completed successfully'))
       return true
     }
   } catch (error: unknown) {
     spinner.fail('Update failed')
-    console.log(themeError('Failed to update PostgreSQL client tools'))
-    console.log(warning('Please update manually:'))
+    console.log(uiError('Failed to update PostgreSQL client tools'))
+    console.log(uiWarning('Please update manually:'))
 
     if (packageManager.name === 'brew') {
       const olderVersions = ['14', '15', '16'].filter((v) => v !== latestMajor)
@@ -473,12 +473,12 @@ export async function updatePostgresBinaries(): Promise<boolean> {
   try {
     await execWithTimeout(packageManager.updateCommand('postgresql'), 120000) // 2 minute timeout
     updateSpinner.succeed('PostgreSQL client tools updated')
-    console.log(success('Update completed successfully'))
+    console.log(uiSuccess('Update completed successfully'))
     return true
   } catch (error: unknown) {
     updateSpinner.fail('Update failed')
-    console.log(themeError('Failed to update PostgreSQL client tools'))
-    console.log(warning('Please update manually:'))
+    console.log(uiError('Failed to update PostgreSQL client tools'))
+    console.log(uiWarning('Please update manually:'))
     console.log(`  ${packageManager.updateCommand('postgresql')}`)
     if (error instanceof Error) {
       console.log(chalk.gray(`Error details: ${error.message}`))
@@ -505,7 +505,7 @@ export async function ensurePostgresBinary(
       return { success: false, info: null, action: 'install_required' }
     }
 
-    console.log(warning(`${binary} not found on your system`))
+    console.log(uiWarning(`${binary} not found on your system`))
     const success = await installPostgresBinaries()
     if (!success) {
       return { success: false, info: null, action: 'install_failed' }
@@ -527,13 +527,13 @@ export async function ensurePostgresBinary(
     }
 
     console.log(
-      warning(
+      uiWarning(
         `Your ${binary} version (${info.version}) is incompatible with the dump file`,
       ),
     )
     if (info.requiredVersion) {
       console.log(
-        warning(`Required version: ${info.requiredVersion} or compatible`),
+        uiWarning(`Required version: ${info.requiredVersion} or compatible`),
       )
     }
 

package/engines/postgresql/index.ts

@@ -18,6 +18,7 @@ import {
 } from './binary-urls'
 import { detectBackupFormat, restoreBackup } from './restore'
 import { createBackup } from './backup'
+import { assertValidDatabaseName } from '../../core/error-handler'
 import type {
   ContainerConfig,
   ProgressCallback,
@@ -154,8 +155,13 @@ export class PostgreSQLEngine extends BaseEngine {
 
     // Configure max_connections after initdb creates postgresql.conf
     const maxConnections =
-      (options.maxConnections as number) || getEngineDefaults('postgresql').maxConnections
-    await this.setConfigValue(dataDir, 'max_connections', String(maxConnections))
+      (options.maxConnections as number) ||
+      getEngineDefaults('postgresql').maxConnections
+    await this.setConfigValue(
+      dataDir,
+      'max_connections',
+      String(maxConnections),
+    )
 
     return dataDir
   }
@@ -395,6 +401,7 @@ export class PostgreSQLEngine extends BaseEngine {
     container: ContainerConfig,
     database: string,
   ): Promise<void> {
+    assertValidDatabaseName(database)
     const { port } = container
     const psqlPath = await this.getPsqlPath()
 
@@ -418,6 +425,7 @@ export class PostgreSQLEngine extends BaseEngine {
     container: ContainerConfig,
     database: string,
   ): Promise<void> {
+    assertValidDatabaseName(database)
     const { port } = container
     const psqlPath = await this.getPsqlPath()
 
@@ -443,6 +451,9 @@ export class PostgreSQLEngine extends BaseEngine {
     const { port, database } = container
     const db = database || 'postgres'
 
+    // Validate database name to prevent SQL injection
+    assertValidDatabaseName(db)
+
     try {
       const psqlPath = await this.getPsqlPath()
       // Query pg_database_size for the specific database

package/engines/postgresql/restore.ts

@@ -219,8 +219,8 @@ export async function restoreBackup(
         format: detectedFormat,
         ...result,
       }
-    } catch (err) {
-      const e = err as Error & { stdout?: string; stderr?: string }
+    } catch (error) {
+      const e = error as Error & { stdout?: string; stderr?: string }
       // pg_restore often returns non-zero even on partial success
       return {
         format: detectedFormat,

package/engines/postgresql/version-validator.ts

@@ -135,11 +135,11 @@ export async function parseDumpVersion(
         }
       }
     }
-  } catch (err) {
+  } catch (error) {
     logDebug('Failed to parse dump version', {
       dumpPath,
       format,
-      error: err instanceof Error ? err.message : String(err),
+      error: error instanceof Error ? error.message : String(error),
     })
   }