dennii/dbgate
1
0
Fork 0
mirror of https://github.com/DeNNiiInc/dbgate.git synced 2026-04-20 03:06:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

SYNC: Merge pull request #12 from dbgate/feature/team-files

Browse Source
This commit is contained in:
Jan Prochazka
2025-09-26 12:44:08 +02:00
committed by Diflow
parent 925e3a67da
commit 494b33bd7a
15 changed files with 510 additions and 104 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
packages/api/src/controllers/apps.js
View File

@@ -21,7 +21,7 @@ module.exports = {
const filePermissions = await loadFilePermissionsFromRequest(req);
for (const file of await fs.readdir(dir)) {
if (!hasPermission(`all-files`, loadedPermissions)) {
if (!hasPermission(`all-disk-files`, loadedPermissions)) {
const role = getFilePermissionRole('apps', file, filePermissions);
if (role == 'deny') continue;
}

21
packages/api/src/controllers/sessions.js
View File

@@ -8,11 +8,13 @@ const path = require('path');
const { handleProcessCommunication } = require('../utility/processComm');
const processArgs = require('../utility/processArgs');
const { appdir } = require('../utility/directories');
const { getLogger, extractErrorLogData } = require('dbgate-tools');
const { getLogger, extractErrorLogData, removeSqlFrontMatter } = require('dbgate-tools');
const pipeForkLogs = require('../utility/pipeForkLogs');
const config = require('./config');
const { sendToAuditLog } = require('../utility/auditlog');
const { testStandardPermission, testDatabaseRolePermission } = require('../utility/hasPermission');
const { getStaticTokenSecret } = require('../auth/authCommon');
const jwt = require('jsonwebtoken');
const logger = getLogger('sessions');
@@ -95,7 +97,7 @@ module.exports = {
socket.emit(`session-initialize-file-${jslid}`);
},
handle_ping() { },
handle_ping() {},
create_meta: true,
async create({ conid, database }) {
@@ -149,12 +151,23 @@ module.exports = {
executeQuery_meta: true,
async executeQuery({ sesid, sql, autoCommit, autoDetectCharts, limitRows, frontMatter }, req) {
await testStandardPermission('dbops/query', req);
let useTokenIsOk = false;
if (frontMatter?.useToken) {
const decoded = jwt.verify(frontMatter.useToken, getStaticTokenSecret());
if (decoded?.['contentHash'] == crypto.createHash('md5').update(removeSqlFrontMatter(sql)).digest('hex')) {
useTokenIsOk = true;
}
}
if (!useTokenIsOk) {
await testStandardPermission('dbops/query', req);
}
const session = this.opened.find(x => x.sesid == sesid);
if (!session) {
throw new Error('Invalid session');
}
await testDatabaseRolePermission(session.conid, session.database, 'run_script', req);
if (!useTokenIsOk) {
await testDatabaseRolePermission(session.conid, session.database, 'run_script', req);
}
sendToAuditLog(req, {
category: 'dbop',