1
0
mirror of https://github.com/Jermolene/TiddlyWiki5 synced 2024-12-11 18:50:28 +00:00
TiddlyWiki5/plugins/tiddlywiki/multiwikiserver/modules/store/sql-tiddler-database.js

1402 lines
36 KiB
JavaScript
Raw Normal View History

/*\
title: $:/plugins/tiddlywiki/multiwikiserver/store/sql-tiddler-database.js
type: application/javascript
module-type: library
Low level SQL functions to store and retrieve tiddlers in a SQLite database.
This class is intended to encapsulate all the SQL queries used to access the database.
Validation is for the most part left to the caller
\*/
(function() {
/*
Create a tiddler store. Options include:
databasePath - path to the database file (can be ":memory:" to get a temporary database)
MWS: Add support for node-sqlite-wasm alongside better-sqlite3 (#7996) * Switch from better-sqlite3 to node-sqlite3-wasm Seems to be slower, but might make cloud deployments easier by not having any binary dependencies * More logging * Temporarily use a memory database We will make this configurable * Revert "More logging" * Resume loading demo tiddlers * Cache prepared statements Gives a 20% reduction in startup time on my machine * Some more logging * Update package-lock * More logging * Route regexps should allow for proxies that automatically decode URLs Astonishingly, Azure does this * Go back to a file-based database * Less logging * Update package-lock.json * Simplify startup by not loading the docs edition * Tiddler database layer should mark statements as having been removed * Re-introduce better-sqlite3 * Make the SQLite provider be switchable * Support switchable SQL engines I am not intending to make this a long term feature. We will choose one engine and stick with it until we choose to change to another. * Adjust dependency versions * Setting up default engine * Make transaction handling compatible with node-sqlite3-wasm https://github.com/tndrle/node-sqlite3-wasm doesn't have transaction support so I've tried to implement it using SQL statements directly. @hoelzro do you think this is right? Should we be rolling back the transaction in the finally clause? It would be nice to have tests in this area... I looked at better-sqlite3's implementation - https://github.com/WiseLibs/better-sqlite3/blob/master/lib/methods/transaction.js * Default to better-sqlite3 for compatibility after merging
2024-02-22 11:57:41 +00:00
engine - wasm | better
*/
function SqlTiddlerDatabase(options) {
options = options || {};
const SqlEngine = require("$:/plugins/tiddlywiki/multiwikiserver/store/sql-engine.js").SqlEngine;
this.engine = new SqlEngine({
databasePath: options.databasePath,
engine: options.engine
MWS: Add support for node-sqlite-wasm alongside better-sqlite3 (#7996) * Switch from better-sqlite3 to node-sqlite3-wasm Seems to be slower, but might make cloud deployments easier by not having any binary dependencies * More logging * Temporarily use a memory database We will make this configurable * Revert "More logging" * Resume loading demo tiddlers * Cache prepared statements Gives a 20% reduction in startup time on my machine * Some more logging * Update package-lock * More logging * Route regexps should allow for proxies that automatically decode URLs Astonishingly, Azure does this * Go back to a file-based database * Less logging * Update package-lock.json * Simplify startup by not loading the docs edition * Tiddler database layer should mark statements as having been removed * Re-introduce better-sqlite3 * Make the SQLite provider be switchable * Support switchable SQL engines I am not intending to make this a long term feature. We will choose one engine and stick with it until we choose to change to another. * Adjust dependency versions * Setting up default engine * Make transaction handling compatible with node-sqlite3-wasm https://github.com/tndrle/node-sqlite3-wasm doesn't have transaction support so I've tried to implement it using SQL statements directly. @hoelzro do you think this is right? Should we be rolling back the transaction in the finally clause? It would be nice to have tests in this area... I looked at better-sqlite3's implementation - https://github.com/WiseLibs/better-sqlite3/blob/master/lib/methods/transaction.js * Default to better-sqlite3 for compatibility after merging
2024-02-22 11:57:41 +00:00
});
this.entityTypeToTableMap = {
bag: {
table: "bags",
column: "bag_name"
},
recipe: {
table: "recipes",
column: "recipe_name"
}
};
}
SqlTiddlerDatabase.prototype.close = function() {
this.engine.close();
MWS: Add support for node-sqlite-wasm alongside better-sqlite3 (#7996) * Switch from better-sqlite3 to node-sqlite3-wasm Seems to be slower, but might make cloud deployments easier by not having any binary dependencies * More logging * Temporarily use a memory database We will make this configurable * Revert "More logging" * Resume loading demo tiddlers * Cache prepared statements Gives a 20% reduction in startup time on my machine * Some more logging * Update package-lock * More logging * Route regexps should allow for proxies that automatically decode URLs Astonishingly, Azure does this * Go back to a file-based database * Less logging * Update package-lock.json * Simplify startup by not loading the docs edition * Tiddler database layer should mark statements as having been removed * Re-introduce better-sqlite3 * Make the SQLite provider be switchable * Support switchable SQL engines I am not intending to make this a long term feature. We will choose one engine and stick with it until we choose to change to another. * Adjust dependency versions * Setting up default engine * Make transaction handling compatible with node-sqlite3-wasm https://github.com/tndrle/node-sqlite3-wasm doesn't have transaction support so I've tried to implement it using SQL statements directly. @hoelzro do you think this is right? Should we be rolling back the transaction in the finally clause? It would be nice to have tests in this area... I looked at better-sqlite3's implementation - https://github.com/WiseLibs/better-sqlite3/blob/master/lib/methods/transaction.js * Default to better-sqlite3 for compatibility after merging
2024-02-22 11:57:41 +00:00
};
SqlTiddlerDatabase.prototype.transaction = function(fn) {
return this.engine.transaction(fn);
};
SqlTiddlerDatabase.prototype.createTables = function() {
this.engine.runStatements([`
-- Users table
CREATE TABLE IF NOT EXISTS users (
user_id INTEGER PRIMARY KEY AUTOINCREMENT,
username TEXT UNIQUE NOT NULL,
email TEXT UNIQUE NOT NULL,
password TEXT NOT NULL,
created_at TEXT DEFAULT (datetime('now')),
last_login TEXT
)
`,`
-- User Session table
CREATE TABLE IF NOT EXISTS sessions (
user_id INTEGER NOT NULL,
session_id TEXT NOT NULL,
created_at TEXT NOT NULL,
last_accessed TEXT NOT NULL,
PRIMARY KEY (user_id),
FOREIGN KEY (user_id) REFERENCES users(user_id)
)
`,`
-- Groups table
CREATE TABLE IF NOT EXISTS groups (
group_id INTEGER PRIMARY KEY AUTOINCREMENT,
group_name TEXT UNIQUE NOT NULL,
description TEXT
)
`,`
-- Roles table
CREATE TABLE IF NOT EXISTS roles (
role_id INTEGER PRIMARY KEY AUTOINCREMENT,
role_name TEXT UNIQUE NOT NULL,
description TEXT
)
`,`
-- Permissions table
CREATE TABLE IF NOT EXISTS permissions (
permission_id INTEGER PRIMARY KEY AUTOINCREMENT,
permission_name TEXT UNIQUE NOT NULL,
description TEXT
)
`,`
-- User-Group association table
CREATE TABLE IF NOT EXISTS user_groups (
user_id INTEGER,
group_id INTEGER,
PRIMARY KEY (user_id, group_id),
FOREIGN KEY (user_id) REFERENCES users(user_id),
FOREIGN KEY (group_id) REFERENCES groups(group_id)
)
`,`
-- User-Role association table
CREATE TABLE IF NOT EXISTS user_roles (
user_id INTEGER,
role_id INTEGER,
PRIMARY KEY (user_id, role_id),
FOREIGN KEY (user_id) REFERENCES users(user_id),
FOREIGN KEY (role_id) REFERENCES roles(role_id)
)
`,`
-- Group-Role association table
CREATE TABLE IF NOT EXISTS group_roles (
group_id INTEGER,
role_id INTEGER,
PRIMARY KEY (group_id, role_id),
FOREIGN KEY (group_id) REFERENCES groups(group_id),
FOREIGN KEY (role_id) REFERENCES roles(role_id)
)
`,`
-- Role-Permission association table
CREATE TABLE IF NOT EXISTS role_permissions (
role_id INTEGER,
permission_id INTEGER,
PRIMARY KEY (role_id, permission_id),
FOREIGN KEY (role_id) REFERENCES roles(role_id),
FOREIGN KEY (permission_id) REFERENCES permissions(permission_id)
)
`,`
-- Bags have names and access control settings
CREATE TABLE IF NOT EXISTS bags (
bag_id INTEGER PRIMARY KEY AUTOINCREMENT,
bag_name TEXT UNIQUE NOT NULL,
accesscontrol TEXT NOT NULL,
description TEXT NOT NULL
)
`,`
-- Recipes have names...
CREATE TABLE IF NOT EXISTS recipes (
recipe_id INTEGER PRIMARY KEY AUTOINCREMENT,
recipe_name TEXT UNIQUE NOT NULL,
description TEXT NOT NULL
)
`,`
-- ...and recipes also have an ordered list of bags
CREATE TABLE IF NOT EXISTS recipe_bags (
recipe_id INTEGER NOT NULL,
bag_id INTEGER NOT NULL,
position INTEGER NOT NULL,
FOREIGN KEY (recipe_id) REFERENCES recipes(recipe_id) ON UPDATE CASCADE ON DELETE CASCADE,
FOREIGN KEY (bag_id) REFERENCES bags(bag_id) ON UPDATE CASCADE ON DELETE CASCADE,
UNIQUE (recipe_id, bag_id)
)
`,`
-- Tiddlers are contained in bags and have titles
CREATE TABLE IF NOT EXISTS tiddlers (
tiddler_id INTEGER PRIMARY KEY AUTOINCREMENT,
bag_id INTEGER NOT NULL,
title TEXT NOT NULL,
is_deleted BOOLEAN NOT NULL,
attachment_blob TEXT, -- null or the name of an attachment blob
FOREIGN KEY (bag_id) REFERENCES bags(bag_id) ON UPDATE CASCADE ON DELETE CASCADE,
UNIQUE (bag_id, title)
)
`,`
-- Tiddlers also have unordered lists of fields, each of which has a name and associated value
CREATE TABLE IF NOT EXISTS fields (
tiddler_id INTEGER,
field_name TEXT NOT NULL,
field_value TEXT NOT NULL,
FOREIGN KEY (tiddler_id) REFERENCES tiddlers(tiddler_id) ON UPDATE CASCADE ON DELETE CASCADE,
UNIQUE (tiddler_id, field_name)
)
`,`
-- ACL table (using bag/recipe ids directly)
CREATE TABLE IF NOT EXISTS acl (
acl_id INTEGER PRIMARY KEY AUTOINCREMENT,
entity_name TEXT NOT NULL,
entity_type TEXT NOT NULL CHECK (entity_type IN ('bag', 'recipe')),
role_id INTEGER,
permission_id INTEGER,
FOREIGN KEY (role_id) REFERENCES roles(role_id),
FOREIGN KEY (permission_id) REFERENCES permissions(permission_id)
)
`,`
-- Indexes for performance (we can add more as needed based on query patterns)
CREATE INDEX IF NOT EXISTS idx_tiddlers_bag_id ON tiddlers(bag_id)
`,`
CREATE INDEX IF NOT EXISTS idx_fields_tiddler_id ON fields(tiddler_id)
`,`
CREATE INDEX IF NOT EXISTS idx_recipe_bags_recipe_id ON recipe_bags(recipe_id)
`,`
CREATE INDEX IF NOT EXISTS idx_acl_entity_id ON acl(entity_name)
`]);
};
SqlTiddlerDatabase.prototype.listBags = function() {
const rows = this.engine.runStatementGetAll(`
SELECT bag_name, bag_id, accesscontrol, description
FROM bags
ORDER BY bag_name
`);
return rows;
};
/*
Create or update a bag
Returns the bag_id of the bag
*/
2024-03-17 14:54:06 +00:00
SqlTiddlerDatabase.prototype.createBag = function(bag_name,description,accesscontrol) {
accesscontrol = accesscontrol || "";
// Run the queries
var bag = this.engine.runStatement(`
INSERT OR IGNORE INTO bags (bag_name, accesscontrol, description)
VALUES ($bag_name, '', '')
`,{
2024-03-17 14:54:06 +00:00
$bag_name: bag_name
});
const updateBags = this.engine.runStatement(`
UPDATE bags
SET accesscontrol = $accesscontrol,
description = $description
WHERE bag_name = $bag_name
`,{
2024-03-17 14:54:06 +00:00
$bag_name: bag_name,
$accesscontrol: accesscontrol,
MWS: Add support for node-sqlite-wasm alongside better-sqlite3 (#7996) * Switch from better-sqlite3 to node-sqlite3-wasm Seems to be slower, but might make cloud deployments easier by not having any binary dependencies * More logging * Temporarily use a memory database We will make this configurable * Revert "More logging" * Resume loading demo tiddlers * Cache prepared statements Gives a 20% reduction in startup time on my machine * Some more logging * Update package-lock * More logging * Route regexps should allow for proxies that automatically decode URLs Astonishingly, Azure does this * Go back to a file-based database * Less logging * Update package-lock.json * Simplify startup by not loading the docs edition * Tiddler database layer should mark statements as having been removed * Re-introduce better-sqlite3 * Make the SQLite provider be switchable * Support switchable SQL engines I am not intending to make this a long term feature. We will choose one engine and stick with it until we choose to change to another. * Adjust dependency versions * Setting up default engine * Make transaction handling compatible with node-sqlite3-wasm https://github.com/tndrle/node-sqlite3-wasm doesn't have transaction support so I've tried to implement it using SQL statements directly. @hoelzro do you think this is right? Should we be rolling back the transaction in the finally clause? It would be nice to have tests in this area... I looked at better-sqlite3's implementation - https://github.com/WiseLibs/better-sqlite3/blob/master/lib/methods/transaction.js * Default to better-sqlite3 for compatibility after merging
2024-02-22 11:57:41 +00:00
$description: description
});
return updateBags.lastInsertRowid;
};
2024-01-23 14:29:50 +00:00
/*
Returns array of {recipe_name:,recipe_id:,description:,bag_names: []}
2024-01-23 14:29:50 +00:00
*/
SqlTiddlerDatabase.prototype.listRecipes = function() {
const rows = this.engine.runStatementGetAll(`
SELECT r.recipe_name, r.recipe_id, r.description, b.bag_name, rb.position
2024-01-28 17:11:23 +00:00
FROM recipes AS r
JOIN recipe_bags AS rb ON rb.recipe_id = r.recipe_id
JOIN bags AS b ON rb.bag_id = b.bag_id
ORDER BY r.recipe_name, rb.position
`);
2024-01-28 17:11:23 +00:00
const results = [];
let currentRecipeName = null, currentRecipeIndex = -1;
for(const row of rows) {
if(row.recipe_name !== currentRecipeName) {
currentRecipeName = row.recipe_name;
currentRecipeIndex += 1;
results.push({
recipe_name: row.recipe_name,
recipe_id: row.recipe_id,
2024-01-28 17:11:23 +00:00
description: row.description,
bag_names: []
});
}
results[currentRecipeIndex].bag_names.push(row.bag_name);
}
return results;
};
/*
Create or update a recipe
Returns the recipe_id of the recipe
*/
2024-03-17 14:54:06 +00:00
SqlTiddlerDatabase.prototype.createRecipe = function(recipe_name,bag_names,description) {
// Run the queries
this.engine.runStatement(`
2024-01-28 17:11:23 +00:00
-- Delete existing recipe_bags entries for this recipe
DELETE FROM recipe_bags WHERE recipe_id = (SELECT recipe_id FROM recipes WHERE recipe_name = $recipe_name)
`,{
2024-03-17 14:54:06 +00:00
$recipe_name: recipe_name
2024-01-28 17:11:23 +00:00
});
const updateRecipes = this.engine.runStatement(`
-- Create the entry in the recipes table if required
2024-01-28 17:11:23 +00:00
INSERT OR REPLACE INTO recipes (recipe_name, description)
2024-01-23 14:29:50 +00:00
VALUES ($recipe_name, $description)
`,{
2024-03-17 14:54:06 +00:00
$recipe_name: recipe_name,
MWS: Add support for node-sqlite-wasm alongside better-sqlite3 (#7996) * Switch from better-sqlite3 to node-sqlite3-wasm Seems to be slower, but might make cloud deployments easier by not having any binary dependencies * More logging * Temporarily use a memory database We will make this configurable * Revert "More logging" * Resume loading demo tiddlers * Cache prepared statements Gives a 20% reduction in startup time on my machine * Some more logging * Update package-lock * More logging * Route regexps should allow for proxies that automatically decode URLs Astonishingly, Azure does this * Go back to a file-based database * Less logging * Update package-lock.json * Simplify startup by not loading the docs edition * Tiddler database layer should mark statements as having been removed * Re-introduce better-sqlite3 * Make the SQLite provider be switchable * Support switchable SQL engines I am not intending to make this a long term feature. We will choose one engine and stick with it until we choose to change to another. * Adjust dependency versions * Setting up default engine * Make transaction handling compatible with node-sqlite3-wasm https://github.com/tndrle/node-sqlite3-wasm doesn't have transaction support so I've tried to implement it using SQL statements directly. @hoelzro do you think this is right? Should we be rolling back the transaction in the finally clause? It would be nice to have tests in this area... I looked at better-sqlite3's implementation - https://github.com/WiseLibs/better-sqlite3/blob/master/lib/methods/transaction.js * Default to better-sqlite3 for compatibility after merging
2024-02-22 11:57:41 +00:00
$description: description
});
this.engine.runStatement(`
INSERT INTO recipe_bags (recipe_id, bag_id, position)
SELECT r.recipe_id, b.bag_id, j.key as position
FROM recipes r
JOIN bags b
INNER JOIN json_each($bag_names) AS j ON j.value = b.bag_name
WHERE r.recipe_name = $recipe_name
`,{
2024-03-17 14:54:06 +00:00
$recipe_name: recipe_name,
$bag_names: JSON.stringify(bag_names)
});
return updateRecipes.lastInsertRowid;
};
/*
Returns {tiddler_id:}
*/
2024-03-17 14:54:06 +00:00
SqlTiddlerDatabase.prototype.saveBagTiddler = function(tiddlerFields,bag_name,attachment_blob) {
attachment_blob = attachment_blob || null;
// Update the tiddlers table
var info = this.engine.runStatement(`
INSERT OR REPLACE INTO tiddlers (bag_id, title, is_deleted, attachment_blob)
VALUES (
(SELECT bag_id FROM bags WHERE bag_name = $bag_name),
$title,
FALSE,
$attachment_blob
)
`,{
MWS: Add support for node-sqlite-wasm alongside better-sqlite3 (#7996) * Switch from better-sqlite3 to node-sqlite3-wasm Seems to be slower, but might make cloud deployments easier by not having any binary dependencies * More logging * Temporarily use a memory database We will make this configurable * Revert "More logging" * Resume loading demo tiddlers * Cache prepared statements Gives a 20% reduction in startup time on my machine * Some more logging * Update package-lock * More logging * Route regexps should allow for proxies that automatically decode URLs Astonishingly, Azure does this * Go back to a file-based database * Less logging * Update package-lock.json * Simplify startup by not loading the docs edition * Tiddler database layer should mark statements as having been removed * Re-introduce better-sqlite3 * Make the SQLite provider be switchable * Support switchable SQL engines I am not intending to make this a long term feature. We will choose one engine and stick with it until we choose to change to another. * Adjust dependency versions * Setting up default engine * Make transaction handling compatible with node-sqlite3-wasm https://github.com/tndrle/node-sqlite3-wasm doesn't have transaction support so I've tried to implement it using SQL statements directly. @hoelzro do you think this is right? Should we be rolling back the transaction in the finally clause? It would be nice to have tests in this area... I looked at better-sqlite3's implementation - https://github.com/WiseLibs/better-sqlite3/blob/master/lib/methods/transaction.js * Default to better-sqlite3 for compatibility after merging
2024-02-22 11:57:41 +00:00
$title: tiddlerFields.title,
$attachment_blob: attachment_blob,
2024-03-17 14:54:06 +00:00
$bag_name: bag_name
});
// Update the fields table
this.engine.runStatement(`
INSERT OR REPLACE INTO fields (tiddler_id, field_name, field_value)
SELECT
t.tiddler_id,
json_each.key AS field_name,
json_each.value AS field_value
FROM (
SELECT tiddler_id
FROM tiddlers
WHERE bag_id = (
SELECT bag_id
FROM bags
WHERE bag_name = $bag_name
) AND title = $title
) AS t
JOIN json_each($field_values) AS json_each
`,{
MWS: Add support for node-sqlite-wasm alongside better-sqlite3 (#7996) * Switch from better-sqlite3 to node-sqlite3-wasm Seems to be slower, but might make cloud deployments easier by not having any binary dependencies * More logging * Temporarily use a memory database We will make this configurable * Revert "More logging" * Resume loading demo tiddlers * Cache prepared statements Gives a 20% reduction in startup time on my machine * Some more logging * Update package-lock * More logging * Route regexps should allow for proxies that automatically decode URLs Astonishingly, Azure does this * Go back to a file-based database * Less logging * Update package-lock.json * Simplify startup by not loading the docs edition * Tiddler database layer should mark statements as having been removed * Re-introduce better-sqlite3 * Make the SQLite provider be switchable * Support switchable SQL engines I am not intending to make this a long term feature. We will choose one engine and stick with it until we choose to change to another. * Adjust dependency versions * Setting up default engine * Make transaction handling compatible with node-sqlite3-wasm https://github.com/tndrle/node-sqlite3-wasm doesn't have transaction support so I've tried to implement it using SQL statements directly. @hoelzro do you think this is right? Should we be rolling back the transaction in the finally clause? It would be nice to have tests in this area... I looked at better-sqlite3's implementation - https://github.com/WiseLibs/better-sqlite3/blob/master/lib/methods/transaction.js * Default to better-sqlite3 for compatibility after merging
2024-02-22 11:57:41 +00:00
$title: tiddlerFields.title,
2024-03-17 14:54:06 +00:00
$bag_name: bag_name,
MWS: Add support for node-sqlite-wasm alongside better-sqlite3 (#7996) * Switch from better-sqlite3 to node-sqlite3-wasm Seems to be slower, but might make cloud deployments easier by not having any binary dependencies * More logging * Temporarily use a memory database We will make this configurable * Revert "More logging" * Resume loading demo tiddlers * Cache prepared statements Gives a 20% reduction in startup time on my machine * Some more logging * Update package-lock * More logging * Route regexps should allow for proxies that automatically decode URLs Astonishingly, Azure does this * Go back to a file-based database * Less logging * Update package-lock.json * Simplify startup by not loading the docs edition * Tiddler database layer should mark statements as having been removed * Re-introduce better-sqlite3 * Make the SQLite provider be switchable * Support switchable SQL engines I am not intending to make this a long term feature. We will choose one engine and stick with it until we choose to change to another. * Adjust dependency versions * Setting up default engine * Make transaction handling compatible with node-sqlite3-wasm https://github.com/tndrle/node-sqlite3-wasm doesn't have transaction support so I've tried to implement it using SQL statements directly. @hoelzro do you think this is right? Should we be rolling back the transaction in the finally clause? It would be nice to have tests in this area... I looked at better-sqlite3's implementation - https://github.com/WiseLibs/better-sqlite3/blob/master/lib/methods/transaction.js * Default to better-sqlite3 for compatibility after merging
2024-02-22 11:57:41 +00:00
$field_values: JSON.stringify(Object.assign({},tiddlerFields,{title: undefined}))
});
return {
tiddler_id: info.lastInsertRowid
}
};
/*
2024-01-23 14:29:50 +00:00
Returns {tiddler_id:,bag_name:} or null if the recipe is empty
*/
2024-03-17 14:54:06 +00:00
SqlTiddlerDatabase.prototype.saveRecipeTiddler = function(tiddlerFields,recipe_name,attachment_blob) {
// Find the topmost bag in the recipe
var row = this.engine.runStatementGet(`
SELECT b.bag_name
FROM bags AS b
JOIN (
SELECT rb.bag_id
FROM recipe_bags AS rb
WHERE rb.recipe_id = (
SELECT recipe_id
FROM recipes
WHERE recipe_name = $recipe_name
)
ORDER BY rb.position DESC
LIMIT 1
) AS selected_bag
ON b.bag_id = selected_bag.bag_id
`,{
2024-03-17 14:54:06 +00:00
$recipe_name: recipe_name
});
2024-01-23 14:29:50 +00:00
if(!row) {
return null;
}
// Save the tiddler to the topmost bag
var info = this.saveBagTiddler(tiddlerFields,row.bag_name,attachment_blob);
return {
tiddler_id: info.tiddler_id,
bag_name: row.bag_name
};
};
2024-03-20 17:56:47 +00:00
/*
Returns {tiddler_id:} of the delete marker
*/
2024-03-17 14:54:06 +00:00
SqlTiddlerDatabase.prototype.deleteTiddler = function(title,bag_name) {
// Delete the fields of this tiddler
this.engine.runStatement(`
DELETE FROM fields
WHERE tiddler_id IN (
SELECT t.tiddler_id
FROM tiddlers AS t
INNER JOIN bags AS b ON t.bag_id = b.bag_id
WHERE b.bag_name = $bag_name AND t.title = $title
)
`,{
MWS: Add support for node-sqlite-wasm alongside better-sqlite3 (#7996) * Switch from better-sqlite3 to node-sqlite3-wasm Seems to be slower, but might make cloud deployments easier by not having any binary dependencies * More logging * Temporarily use a memory database We will make this configurable * Revert "More logging" * Resume loading demo tiddlers * Cache prepared statements Gives a 20% reduction in startup time on my machine * Some more logging * Update package-lock * More logging * Route regexps should allow for proxies that automatically decode URLs Astonishingly, Azure does this * Go back to a file-based database * Less logging * Update package-lock.json * Simplify startup by not loading the docs edition * Tiddler database layer should mark statements as having been removed * Re-introduce better-sqlite3 * Make the SQLite provider be switchable * Support switchable SQL engines I am not intending to make this a long term feature. We will choose one engine and stick with it until we choose to change to another. * Adjust dependency versions * Setting up default engine * Make transaction handling compatible with node-sqlite3-wasm https://github.com/tndrle/node-sqlite3-wasm doesn't have transaction support so I've tried to implement it using SQL statements directly. @hoelzro do you think this is right? Should we be rolling back the transaction in the finally clause? It would be nice to have tests in this area... I looked at better-sqlite3's implementation - https://github.com/WiseLibs/better-sqlite3/blob/master/lib/methods/transaction.js * Default to better-sqlite3 for compatibility after merging
2024-02-22 11:57:41 +00:00
$title: title,
2024-03-17 14:54:06 +00:00
$bag_name: bag_name
});
// Mark the tiddler itself as deleted
2024-03-20 17:56:47 +00:00
const rowDeleteMarker = this.engine.runStatement(`
INSERT OR REPLACE INTO tiddlers (bag_id, title, is_deleted, attachment_blob)
VALUES (
(SELECT bag_id FROM bags WHERE bag_name = $bag_name),
$title,
TRUE,
NULL
)
`,{
MWS: Add support for node-sqlite-wasm alongside better-sqlite3 (#7996) * Switch from better-sqlite3 to node-sqlite3-wasm Seems to be slower, but might make cloud deployments easier by not having any binary dependencies * More logging * Temporarily use a memory database We will make this configurable * Revert "More logging" * Resume loading demo tiddlers * Cache prepared statements Gives a 20% reduction in startup time on my machine * Some more logging * Update package-lock * More logging * Route regexps should allow for proxies that automatically decode URLs Astonishingly, Azure does this * Go back to a file-based database * Less logging * Update package-lock.json * Simplify startup by not loading the docs edition * Tiddler database layer should mark statements as having been removed * Re-introduce better-sqlite3 * Make the SQLite provider be switchable * Support switchable SQL engines I am not intending to make this a long term feature. We will choose one engine and stick with it until we choose to change to another. * Adjust dependency versions * Setting up default engine * Make transaction handling compatible with node-sqlite3-wasm https://github.com/tndrle/node-sqlite3-wasm doesn't have transaction support so I've tried to implement it using SQL statements directly. @hoelzro do you think this is right? Should we be rolling back the transaction in the finally clause? It would be nice to have tests in this area... I looked at better-sqlite3's implementation - https://github.com/WiseLibs/better-sqlite3/blob/master/lib/methods/transaction.js * Default to better-sqlite3 for compatibility after merging
2024-02-22 11:57:41 +00:00
$title: title,
2024-03-17 14:54:06 +00:00
$bag_name: bag_name
});
2024-03-20 17:56:47 +00:00
return {tiddler_id: rowDeleteMarker.lastInsertRowid};
};
/*
returns {tiddler_id:,tiddler:,attachment_blob:}
*/
2024-03-17 14:54:06 +00:00
SqlTiddlerDatabase.prototype.getBagTiddler = function(title,bag_name) {
const rowTiddler = this.engine.runStatementGet(`
SELECT t.tiddler_id, t.attachment_blob
FROM bags AS b
INNER JOIN tiddlers AS t ON b.bag_id = t.bag_id
WHERE t.title = $title AND b.bag_name = $bag_name AND t.is_deleted = FALSE
`,{
$title: title,
2024-03-17 14:54:06 +00:00
$bag_name: bag_name
});
if(!rowTiddler) {
return null;
}
const rows = this.engine.runStatementGetAll(`
SELECT field_name, field_value, tiddler_id
FROM fields
WHERE tiddler_id = $tiddler_id
`,{
$tiddler_id: rowTiddler.tiddler_id
});
if(rows.length === 0) {
return null;
} else {
return {
tiddler_id: rows[0].tiddler_id,
attachment_blob: rowTiddler.attachment_blob,
tiddler: rows.reduce((accumulator,value) => {
accumulator[value["field_name"]] = value.field_value;
return accumulator;
},{title: title})
};
}
};
/*
Returns {bag_name:, tiddler: {fields}, tiddler_id:, attachment_blob:}
*/
2024-03-17 14:54:06 +00:00
SqlTiddlerDatabase.prototype.getRecipeTiddler = function(title,recipe_name) {
const rowTiddlerId = this.engine.runStatementGet(`
SELECT t.tiddler_id, t.attachment_blob, b.bag_name
FROM bags AS b
INNER JOIN recipe_bags AS rb ON b.bag_id = rb.bag_id
INNER JOIN recipes AS r ON rb.recipe_id = r.recipe_id
INNER JOIN tiddlers AS t ON b.bag_id = t.bag_id
WHERE r.recipe_name = $recipe_name
AND t.title = $title
AND t.is_deleted = FALSE
ORDER BY rb.position DESC
LIMIT 1
`,{
MWS: Add support for node-sqlite-wasm alongside better-sqlite3 (#7996) * Switch from better-sqlite3 to node-sqlite3-wasm Seems to be slower, but might make cloud deployments easier by not having any binary dependencies * More logging * Temporarily use a memory database We will make this configurable * Revert "More logging" * Resume loading demo tiddlers * Cache prepared statements Gives a 20% reduction in startup time on my machine * Some more logging * Update package-lock * More logging * Route regexps should allow for proxies that automatically decode URLs Astonishingly, Azure does this * Go back to a file-based database * Less logging * Update package-lock.json * Simplify startup by not loading the docs edition * Tiddler database layer should mark statements as having been removed * Re-introduce better-sqlite3 * Make the SQLite provider be switchable * Support switchable SQL engines I am not intending to make this a long term feature. We will choose one engine and stick with it until we choose to change to another. * Adjust dependency versions * Setting up default engine * Make transaction handling compatible with node-sqlite3-wasm https://github.com/tndrle/node-sqlite3-wasm doesn't have transaction support so I've tried to implement it using SQL statements directly. @hoelzro do you think this is right? Should we be rolling back the transaction in the finally clause? It would be nice to have tests in this area... I looked at better-sqlite3's implementation - https://github.com/WiseLibs/better-sqlite3/blob/master/lib/methods/transaction.js * Default to better-sqlite3 for compatibility after merging
2024-02-22 11:57:41 +00:00
$title: title,
2024-03-17 14:54:06 +00:00
$recipe_name: recipe_name
});
if(!rowTiddlerId) {
return null;
}
// Get the fields
const rows = this.engine.runStatementGetAll(`
SELECT field_name, field_value
FROM fields
WHERE tiddler_id = $tiddler_id
`,{
MWS: Add support for node-sqlite-wasm alongside better-sqlite3 (#7996) * Switch from better-sqlite3 to node-sqlite3-wasm Seems to be slower, but might make cloud deployments easier by not having any binary dependencies * More logging * Temporarily use a memory database We will make this configurable * Revert "More logging" * Resume loading demo tiddlers * Cache prepared statements Gives a 20% reduction in startup time on my machine * Some more logging * Update package-lock * More logging * Route regexps should allow for proxies that automatically decode URLs Astonishingly, Azure does this * Go back to a file-based database * Less logging * Update package-lock.json * Simplify startup by not loading the docs edition * Tiddler database layer should mark statements as having been removed * Re-introduce better-sqlite3 * Make the SQLite provider be switchable * Support switchable SQL engines I am not intending to make this a long term feature. We will choose one engine and stick with it until we choose to change to another. * Adjust dependency versions * Setting up default engine * Make transaction handling compatible with node-sqlite3-wasm https://github.com/tndrle/node-sqlite3-wasm doesn't have transaction support so I've tried to implement it using SQL statements directly. @hoelzro do you think this is right? Should we be rolling back the transaction in the finally clause? It would be nice to have tests in this area... I looked at better-sqlite3's implementation - https://github.com/WiseLibs/better-sqlite3/blob/master/lib/methods/transaction.js * Default to better-sqlite3 for compatibility after merging
2024-02-22 11:57:41 +00:00
$tiddler_id: rowTiddlerId.tiddler_id
});
return {
bag_name: rowTiddlerId.bag_name,
tiddler_id: rowTiddlerId.tiddler_id,
attachment_blob: rowTiddlerId.attachment_blob,
tiddler: rows.reduce((accumulator,value) => {
accumulator[value["field_name"]] = value.field_value;
return accumulator;
},{title: title})
};
};
/*
Checks if a user has permission to access a recipe
*/
SqlTiddlerDatabase.prototype.hasRecipePermission = function(userId, recipeName, permissionName) {
return this.checkACLPermission(userId, "recipe", recipeName, permissionName)
};
/*
Checks if a user has permission to access a bag
*/
SqlTiddlerDatabase.prototype.hasBagPermission = function(userId, bagName, permissionName) {
return this.checkACLPermission(userId, "bag", bagName, permissionName)
};
SqlTiddlerDatabase.prototype.getACLByName = function(entityType, entityName, fetchAll) {
const entityInfo = this.entityTypeToTableMap[entityType];
if (!entityInfo) {
throw new Error("Invalid entity type: " + entityType);
}
// First, check if there's an ACL record for the entity and get the permission_id
var checkACLExistsQuery = `
SELECT *
FROM acl
WHERE entity_type = $entity_type
AND entity_name = $entity_name
`;
if (!fetchAll) {
checkACLExistsQuery += ' LIMIT 1'
}
const aclRecord = this.engine[fetchAll ? 'runStatementGetAll' : 'runStatementGet'](checkACLExistsQuery, {
$entity_type: entityType,
$entity_name: entityName
});
return aclRecord;
}
SqlTiddlerDatabase.prototype.checkACLPermission = function(userId, entityType, entityName) {
// if the entityName starts with "$:/", we'll assume its a system bag/recipe, then grant the user permission
if(entityName.startsWith("$:/")) {
return true;
}
const aclRecord = this.getACLByName(entityType, entityName);
// If no ACL record exists, return true for hasPermission
if (!aclRecord) {
return true;
}
// If ACL record exists, check for user permission using the retrieved permission_id
const checkPermissionQuery = `
SELECT 1
FROM users u
JOIN user_roles ur ON u.user_id = ur.user_id
JOIN roles r ON ur.role_id = r.role_id
JOIN acl a ON r.role_id = a.role_id
WHERE u.user_id = $user_id
AND a.entity_type = $entity_type
AND a.entity_name = $entity_name
AND a.permission_id = $permission_id
LIMIT 1
`;
const result = this.engine.runStatementGet(checkPermissionQuery, {
$user_id: userId,
$entity_type: entityType,
$entity_name: entityName,
$permission_id: aclRecord.permission_id
});
const hasPermission = result !== undefined;
return hasPermission;
};
/**
* Returns the ACL records for an entity (bag or recipe)
*/
SqlTiddlerDatabase.prototype.getEntityAclRecords = function(entityName) {
const checkACLExistsQuery = `
SELECT *
FROM acl
WHERE entity_name = $entity_name
`;
const aclRecords = this.engine.runStatementGetAll(checkACLExistsQuery, {
$entity_name: entityName
});
return aclRecords
}
/*
Get the titles of the tiddlers in a bag. Returns an empty array for bags that do not exist
*/
2024-03-17 14:54:06 +00:00
SqlTiddlerDatabase.prototype.getBagTiddlers = function(bag_name) {
const rows = this.engine.runStatementGetAll(`
SELECT DISTINCT title, tiddler_id
FROM tiddlers
WHERE bag_id IN (
SELECT bag_id
FROM bags
WHERE bag_name = $bag_name
)
AND tiddlers.is_deleted = FALSE
ORDER BY title ASC
`,{
2024-03-17 14:54:06 +00:00
$bag_name: bag_name
});
return rows;
};
/*
Get the tiddler_id of the newest tiddler in a bag. Returns null for bags that do not exist
*/
SqlTiddlerDatabase.prototype.getBagLastTiddlerId = function(bag_name) {
const row = this.engine.runStatementGet(`
SELECT tiddler_id
FROM tiddlers
WHERE bag_id IN (
SELECT bag_id
FROM bags
WHERE bag_name = $bag_name
)
ORDER BY tiddler_id DESC
LIMIT 1
`,{
$bag_name: bag_name
});
if(row) {
return row.tiddler_id;
} else {
return null;
}
};
/*
Get the metadata of the tiddlers in a recipe as an array [{title:,tiddler_id:,bag_name:,is_deleted:}],
sorted in ascending order of tiddler_id.
Options include:
limit: optional maximum number of results to return
last_known_tiddler_id: tiddler_id of the last known update. Only returns tiddlers that have been created, modified or deleted since
include_deleted: boolean, defaults to false
Returns null for recipes that do not exist
*/
SqlTiddlerDatabase.prototype.getRecipeTiddlers = function(recipe_name,options) {
options = options || {};
// Get the recipe ID
const rowsCheckRecipe = this.engine.runStatementGet(`
SELECT recipe_id FROM recipes WHERE recipes.recipe_name = $recipe_name
`,{
2024-03-17 14:54:06 +00:00
$recipe_name: recipe_name
});
if(!rowsCheckRecipe) {
return null;
}
const recipe_id = rowsCheckRecipe.recipe_id;
// Compose the query to get the tiddlers
const params = {
$recipe_id: recipe_id
}
if(options.limit) {
params.$limit = options.limit.toString();
}
if(options.last_known_tiddler_id) {
params.$last_known_tiddler_id = options.last_known_tiddler_id;
}
const rows = this.engine.runStatementGetAll(`
SELECT title, tiddler_id, is_deleted, bag_name
FROM (
SELECT t.title, t.tiddler_id, t.is_deleted, b.bag_name, MAX(rb.position) AS position
FROM bags AS b
INNER JOIN recipe_bags AS rb ON b.bag_id = rb.bag_id
INNER JOIN tiddlers AS t ON b.bag_id = t.bag_id
WHERE rb.recipe_id = $recipe_id
${options.include_deleted ? "" : "AND t.is_deleted = FALSE"}
${options.last_known_tiddler_id ? "AND tiddler_id > $last_known_tiddler_id" : ""}
2024-01-29 08:29:26 +00:00
GROUP BY t.title
ORDER BY t.title, tiddler_id DESC
${options.limit ? "LIMIT $limit" : ""}
)
`,params);
return rows;
};
/*
Get the tiddler_id of the newest tiddler in a recipe. Returns null for recipes that do not exist
*/
SqlTiddlerDatabase.prototype.getRecipeLastTiddlerId = function(recipe_name) {
const row = this.engine.runStatementGet(`
SELECT t.title, t.tiddler_id, b.bag_name, MAX(rb.position) AS position
FROM bags AS b
INNER JOIN recipe_bags AS rb ON b.bag_id = rb.bag_id
INNER JOIN recipes AS r ON rb.recipe_id = r.recipe_id
INNER JOIN tiddlers AS t ON b.bag_id = t.bag_id
WHERE r.recipe_name = $recipe_name
GROUP BY t.title
ORDER BY t.tiddler_id DESC
LIMIT 1
`,{
2024-03-17 14:54:06 +00:00
$recipe_name: recipe_name
});
if(row) {
return row.tiddler_id;
} else {
return null;
}
};
2024-03-17 14:54:06 +00:00
SqlTiddlerDatabase.prototype.deleteAllTiddlersInBag = function(bag_name) {
// Delete the fields
this.engine.runStatement(`
DELETE FROM fields
WHERE tiddler_id IN (
SELECT tiddler_id
FROM tiddlers
WHERE bag_id = (SELECT bag_id FROM bags WHERE bag_name = $bag_name)
AND is_deleted = FALSE
2024-01-23 16:53:12 +00:00
)
`,{
2024-03-17 14:54:06 +00:00
$bag_name: bag_name
2024-01-23 16:53:12 +00:00
});
// Mark the tiddlers as deleted
this.engine.runStatement(`
UPDATE tiddlers
SET is_deleted = TRUE
WHERE bag_id = (SELECT bag_id FROM bags WHERE bag_name = $bag_name)
AND is_deleted = FALSE
`,{
2024-03-17 14:54:06 +00:00
$bag_name: bag_name
});
2024-01-23 16:53:12 +00:00
};
/*
Get the names of the bags in a recipe. Returns an empty array for recipes that do not exist
*/
2024-03-17 14:54:06 +00:00
SqlTiddlerDatabase.prototype.getRecipeBags = function(recipe_name) {
const rows = this.engine.runStatementGetAll(`
SELECT bags.bag_name
FROM bags
JOIN (
2024-01-28 17:11:23 +00:00
SELECT rb.bag_id, rb.position as position
FROM recipe_bags AS rb
JOIN recipes AS r ON rb.recipe_id = r.recipe_id
WHERE r.recipe_name = $recipe_name
ORDER BY rb.position
) AS bag_priority ON bags.bag_id = bag_priority.bag_id
2024-01-28 17:11:23 +00:00
ORDER BY position
`,{
2024-03-17 14:54:06 +00:00
$recipe_name: recipe_name
});
return rows.map(value => value.bag_name);
};
/*
Get the attachment value of a bag, if any exist
*/
SqlTiddlerDatabase.prototype.getBagTiddlerAttachmentBlob = function(title,bag_name) {
const row = this.engine.runStatementGet(`
SELECT t.attachment_blob
FROM bags AS b
INNER JOIN tiddlers AS t ON b.bag_id = t.bag_id
WHERE t.title = $title AND b.bag_name = $bag_name AND t.is_deleted = FALSE
`, {
$title: title,
$bag_name: bag_name
});
return row ? row.attachment_blob : null;
};
/*
Get the attachment value of a recipe, if any exist
*/
SqlTiddlerDatabase.prototype.getRecipeTiddlerAttachmentBlob = function(title,recipe_name) {
const row = this.engine.runStatementGet(`
SELECT t.attachment_blob
FROM bags AS b
INNER JOIN recipe_bags AS rb ON b.bag_id = rb.bag_id
INNER JOIN recipes AS r ON rb.recipe_id = r.recipe_id
INNER JOIN tiddlers AS t ON b.bag_id = t.bag_id
WHERE r.recipe_name = $recipe_name AND t.title = $title AND t.is_deleted = FALSE
ORDER BY rb.position DESC
LIMIT 1
`, {
$title: title,
$recipe_name: recipe_name
});
return row ? row.attachment_blob : null;
};
// User CRUD operations
SqlTiddlerDatabase.prototype.createUser = function(username, email, password) {
const result = this.engine.runStatement(`
INSERT INTO users (username, email, password)
VALUES ($username, $email, $password)
`, {
$username: username,
$email: email,
$password: password
});
return result.lastInsertRowid;
};
SqlTiddlerDatabase.prototype.getUser = function(userId) {
return this.engine.runStatementGet(`
SELECT * FROM users WHERE user_id = $userId
`, {
$userId: userId
});
};
SqlTiddlerDatabase.prototype.getUserByUsername = function(username) {
return this.engine.runStatementGet(`
SELECT * FROM users WHERE username = $username
`, {
$username: username
});
};
Add success and error message feedback for user profile operations (#8716) * mws authentication * add more tests and permission checkers * add logic to ensure that only authenticated users' requests are handled * add custom login page * Implement user authentication as well as session handling * work on user operations authorization * add middleware to route handlers for bags & tiddlers routes * add feature that only returns the tiddlers and bags which the user has permission to access on index page * refactor auth routes & added user management page * fix Ci Test failure issue * fix users list page, add manage roles page * add commands and scripts to create new user & assign roles and permissions * resolved ci-test failure * add ACL permissions to bags & tiddlers on creation * fix comments and access control list bug * fix indentation issues * working on user profile edit * remove list users command & added support for database in server options * implement user profile update and password change feature * update plugin readme * implement command which triggers protected mode on the server * revert server-wide auth flag. Implement selective authorization * ACL management feature * Complete Access control list implementation * Added support to manage users' assigned role by admin * fix comments * fix comment * Add user profile management and account deletion functionality * add success and error message feedback for user profile operations * fix indentation issues * Add command to create admin user if none exists when the start command is executed * refactor annonymous user flow with create admin implementation * remove mws-add-user from start command
2024-11-08 10:09:42 +00:00
SqlTiddlerDatabase.prototype.listUsersByRoleId = function(roleId) {
return this.engine.runStatementGetAll(`
SELECT u.*
FROM users u
JOIN user_roles ur ON u.user_id = ur.user_id
WHERE ur.role_id = $roleId
ORDER BY u.username
`, {
$roleId: roleId
});
};
SqlTiddlerDatabase.prototype.updateUser = function (userId, username, email, roleId) {
const existingUser = this.engine.runStatement(`
SELECT user_id FROM users
WHERE email = $email AND user_id != $userId
`, {
$email: email,
$userId: userId
});
if (existingUser.length > 0) {
return {
success: false,
message: "Email address already in use by another user."
};
}
try {
this.engine.transaction(() => {
// Update user information
this.engine.runStatement(`
UPDATE users
SET username = $username, email = $email
WHERE user_id = $userId
`, {
$userId: userId,
$username: username,
$email: email
});
if (roleId) {
// Remove all existing roles for the user
this.engine.runStatement(`
DELETE FROM user_roles
WHERE user_id = $userId
`, {
$userId: userId
});
// Add the new role
this.engine.runStatement(`
INSERT INTO user_roles (user_id, role_id)
VALUES ($userId, $roleId)
`, {
$userId: userId,
$roleId: roleId
});
}
});
return {
success: true,
message: "User profile and role updated successfully."
};
} catch (error) {
return {
success: false,
message: "Failed to update user profile: " + error.message
};
}
};
SqlTiddlerDatabase.prototype.updateUserPassword = function (userId, newHash) {
try {
this.engine.runStatement(`
UPDATE users
SET password = $newHash
WHERE user_id = $userId
`, {
$userId: userId,
$newHash: newHash,
});
return {
success: true,
message: "Password updated successfully."
};
} catch (error) {
return {
success: false,
message: "Failed to update password: " + error.message
};
}
};
SqlTiddlerDatabase.prototype.deleteUser = function(userId) {
this.engine.runStatement(`
DELETE FROM users WHERE user_id = $userId
`, {
$userId: userId
});
};
SqlTiddlerDatabase.prototype.listUsers = function() {
return this.engine.runStatementGetAll(`
SELECT * FROM users ORDER BY username
`);
};
SqlTiddlerDatabase.prototype.createOrUpdateUserSession = function(userId, sessionId) {
const currentTimestamp = new Date().toISOString();
// First, try to update an existing session
const updateResult = this.engine.runStatement(`
UPDATE sessions
SET session_id = $sessionId, last_accessed = $timestamp
WHERE user_id = $userId
`, {
$userId: userId,
$sessionId: sessionId,
$timestamp: currentTimestamp
});
// If no existing session was updated, create a new one
if (updateResult.changes === 0) {
this.engine.runStatement(`
INSERT INTO sessions (user_id, session_id, created_at, last_accessed)
VALUES ($userId, $sessionId, $timestamp, $timestamp)
`, {
$userId: userId,
$sessionId: sessionId,
$timestamp: currentTimestamp
});
}
return sessionId;
};
SqlTiddlerDatabase.prototype.findUserBySessionId = function(sessionId) {
// First, get the user_id from the sessions table
const sessionResult = this.engine.runStatementGet(`
SELECT user_id, last_accessed
FROM sessions
WHERE session_id = $sessionId
`, {
$sessionId: sessionId
});
if (!sessionResult) {
return null; // Session not found
}
const lastAccessed = new Date(sessionResult.last_accessed);
const expirationTime = 24 * 60 * 60 * 1000; // 24 hours in milliseconds
if (new Date() - lastAccessed > expirationTime) {
// Session has expired
this.deleteSession(sessionId);
return null;
}
// Update the last_accessed timestamp
const currentTimestamp = new Date().toISOString();
this.engine.runStatement(`
UPDATE sessions
SET last_accessed = $timestamp
WHERE session_id = $sessionId
`, {
$sessionId: sessionId,
$timestamp: currentTimestamp
});
const userResult = this.engine.runStatementGet(`
SELECT *
FROM users
WHERE user_id = $userId
`, {
$userId: sessionResult.user_id
});
if (!userResult) {
return null;
}
return userResult;
};
SqlTiddlerDatabase.prototype.deleteSession = function(sessionId) {
this.engine.runStatement(`
DELETE FROM sessions
WHERE session_id = $sessionId
`, {
$sessionId: sessionId
});
};
SqlTiddlerDatabase.prototype.deleteUserSessions = function(userId) {
this.engine.runStatement(`
DELETE FROM sessions
WHERE user_id = $userId
`, {
$userId: userId
});
};
Add success and error message feedback for user profile operations (#8716) * mws authentication * add more tests and permission checkers * add logic to ensure that only authenticated users' requests are handled * add custom login page * Implement user authentication as well as session handling * work on user operations authorization * add middleware to route handlers for bags & tiddlers routes * add feature that only returns the tiddlers and bags which the user has permission to access on index page * refactor auth routes & added user management page * fix Ci Test failure issue * fix users list page, add manage roles page * add commands and scripts to create new user & assign roles and permissions * resolved ci-test failure * add ACL permissions to bags & tiddlers on creation * fix comments and access control list bug * fix indentation issues * working on user profile edit * remove list users command & added support for database in server options * implement user profile update and password change feature * update plugin readme * implement command which triggers protected mode on the server * revert server-wide auth flag. Implement selective authorization * ACL management feature * Complete Access control list implementation * Added support to manage users' assigned role by admin * fix comments * fix comment * Add user profile management and account deletion functionality * add success and error message feedback for user profile operations * fix indentation issues * Add command to create admin user if none exists when the start command is executed * refactor annonymous user flow with create admin implementation * remove mws-add-user from start command
2024-11-08 10:09:42 +00:00
// Set the user as an admin
SqlTiddlerDatabase.prototype.setUserAdmin = function(userId) {
var admin = this.getRoleByName("ADMIN");
if(admin) {
this.addRoleToUser(userId, admin.role_id);
}
};
// Group CRUD operations
SqlTiddlerDatabase.prototype.createGroup = function(groupName, description) {
const result = this.engine.runStatement(`
INSERT INTO groups (group_name, description)
VALUES ($groupName, $description)
`, {
$groupName: groupName,
$description: description
});
return result.lastInsertRowid;
};
SqlTiddlerDatabase.prototype.getGroup = function(groupId) {
return this.engine.runStatementGet(`
SELECT * FROM groups WHERE group_id = $groupId
`, {
$groupId: groupId
});
};
SqlTiddlerDatabase.prototype.updateGroup = function(groupId, groupName, description) {
this.engine.runStatement(`
UPDATE groups
SET group_name = $groupName, description = $description
WHERE group_id = $groupId
`, {
$groupId: groupId,
$groupName: groupName,
$description: description
});
};
SqlTiddlerDatabase.prototype.deleteGroup = function(groupId) {
this.engine.runStatement(`
DELETE FROM groups WHERE group_id = $groupId
`, {
$groupId: groupId
});
};
SqlTiddlerDatabase.prototype.listGroups = function() {
return this.engine.runStatementGetAll(`
SELECT * FROM groups ORDER BY group_name
`);
};
// Role CRUD operations
SqlTiddlerDatabase.prototype.createRole = function(roleName, description) {
const result = this.engine.runStatement(`
INSERT OR IGNORE INTO roles (role_name, description)
VALUES ($roleName, $description)
`, {
$roleName: roleName,
$description: description
});
return result.lastInsertRowid;
};
SqlTiddlerDatabase.prototype.getRole = function(roleId) {
return this.engine.runStatementGet(`
SELECT * FROM roles WHERE role_id = $roleId
`, {
$roleId: roleId
});
};
SqlTiddlerDatabase.prototype.getRoleByName = function(roleName) {
return this.engine.runStatementGet(`
SELECT * FROM roles WHERE role_name = $roleName
`, {
$roleName: roleName
});
}
SqlTiddlerDatabase.prototype.updateRole = function(roleId, roleName, description) {
this.engine.runStatement(`
UPDATE roles
SET role_name = $roleName, description = $description
WHERE role_id = $roleId
`, {
$roleId: roleId,
$roleName: roleName,
$description: description
});
};
SqlTiddlerDatabase.prototype.deleteRole = function(roleId) {
this.engine.runStatement(`
DELETE FROM roles WHERE role_id = $roleId
`, {
$roleId: roleId
});
};
SqlTiddlerDatabase.prototype.listRoles = function() {
return this.engine.runStatementGetAll(`
SELECT * FROM roles ORDER BY role_name
`);
};
// Permission CRUD operations
SqlTiddlerDatabase.prototype.createPermission = function(permissionName, description) {
const result = this.engine.runStatement(`
INSERT OR IGNORE INTO permissions (permission_name, description)
VALUES ($permissionName, $description)
`, {
$permissionName: permissionName,
$description: description
});
return result.lastInsertRowid;
};
SqlTiddlerDatabase.prototype.getPermission = function(permissionId) {
return this.engine.runStatementGet(`
SELECT * FROM permissions WHERE permission_id = $permissionId
`, {
$permissionId: permissionId
});
};
SqlTiddlerDatabase.prototype.getPermissionByName = function(permissionName) {
return this.engine.runStatementGet(`
SELECT * FROM permissions WHERE permission_name = $permissionName
`, {
$permissionName: permissionName
});
};
SqlTiddlerDatabase.prototype.updatePermission = function(permissionId, permissionName, description) {
this.engine.runStatement(`
UPDATE permissions
SET permission_name = $permissionName, description = $description
WHERE permission_id = $permissionId
`, {
$permissionId: permissionId,
$permissionName: permissionName,
$description: description
});
};
SqlTiddlerDatabase.prototype.deletePermission = function(permissionId) {
this.engine.runStatement(`
DELETE FROM permissions WHERE permission_id = $permissionId
`, {
$permissionId: permissionId
});
};
SqlTiddlerDatabase.prototype.listPermissions = function() {
return this.engine.runStatementGetAll(`
SELECT * FROM permissions ORDER BY permission_name
`);
};
// ACL CRUD operations
SqlTiddlerDatabase.prototype.createACL = function(entityName, entityType, roleId, permissionId) {
if(!entityName.startsWith("$:/")) {
const result = this.engine.runStatement(`
INSERT OR IGNORE INTO acl (entity_name, entity_type, role_id, permission_id)
VALUES ($entityName, $entityType, $roleId, $permissionId)
`,
{
$entityName: entityName,
$entityType: entityType,
$roleId: roleId,
$permissionId: permissionId
});
return result.lastInsertRowid;
}
};
SqlTiddlerDatabase.prototype.getACL = function(aclId) {
return this.engine.runStatementGet(`
SELECT * FROM acl WHERE acl_id = $aclId
`, {
$aclId: aclId
});
};
SqlTiddlerDatabase.prototype.updateACL = function(aclId, entityId, entityType, roleId, permissionId) {
this.engine.runStatement(`
UPDATE acl
SET entity_name = $entityId, entity_type = $entityType,
role_id = $roleId, permission_id = $permissionId
WHERE acl_id = $aclId
`, {
$aclId: aclId,
$entityId: entityId,
$entityType: entityType,
$roleId: roleId,
$permissionId: permissionId
});
};
SqlTiddlerDatabase.prototype.deleteACL = function(aclId) {
this.engine.runStatement(`
DELETE FROM acl WHERE acl_id = $aclId
`, {
$aclId: aclId
});
};
SqlTiddlerDatabase.prototype.listACLs = function() {
return this.engine.runStatementGetAll(`
SELECT * FROM acl ORDER BY entity_type, entity_name
`);
};
// Association management functions
SqlTiddlerDatabase.prototype.addUserToGroup = function(userId, groupId) {
this.engine.runStatement(`
INSERT OR IGNORE INTO user_groups (user_id, group_id)
VALUES ($userId, $groupId)
`, {
$userId: userId,
$groupId: groupId
});
};
SqlTiddlerDatabase.prototype.isUserInGroup = function(userId, groupId) {
const result = this.engine.runStatementGet(`
SELECT 1 FROM user_groups
WHERE user_id = $userId AND group_id = $groupId
`, {
$userId: userId,
$groupId: groupId
});
return result !== undefined;
};
SqlTiddlerDatabase.prototype.removeUserFromGroup = function(userId, groupId) {
this.engine.runStatement(`
DELETE FROM user_groups
WHERE user_id = $userId AND group_id = $groupId
`, {
$userId: userId,
$groupId: groupId
});
};
SqlTiddlerDatabase.prototype.addRoleToUser = function(userId, roleId) {
this.engine.runStatement(`
INSERT OR IGNORE INTO user_roles (user_id, role_id)
VALUES ($userId, $roleId)
`, {
$userId: userId,
$roleId: roleId
});
};
SqlTiddlerDatabase.prototype.removeRoleFromUser = function(userId, roleId) {
this.engine.runStatement(`
DELETE FROM user_roles
WHERE user_id = $userId AND role_id = $roleId
`, {
$userId: userId,
$roleId: roleId
});
};
SqlTiddlerDatabase.prototype.addRoleToGroup = function(groupId, roleId) {
this.engine.runStatement(`
INSERT OR IGNORE INTO group_roles (group_id, role_id)
VALUES ($groupId, $roleId)
`, {
$groupId: groupId,
$roleId: roleId
});
};
SqlTiddlerDatabase.prototype.removeRoleFromGroup = function(groupId, roleId) {
this.engine.runStatement(`
DELETE FROM group_roles
WHERE group_id = $groupId AND role_id = $roleId
`, {
$groupId: groupId,
$roleId: roleId
});
};
SqlTiddlerDatabase.prototype.addPermissionToRole = function(roleId, permissionId) {
this.engine.runStatement(`
INSERT OR IGNORE INTO role_permissions (role_id, permission_id)
VALUES ($roleId, $permissionId)
`, {
$roleId: roleId,
$permissionId: permissionId
});
};
SqlTiddlerDatabase.prototype.removePermissionFromRole = function(roleId, permissionId) {
this.engine.runStatement(`
DELETE FROM role_permissions
WHERE role_id = $roleId AND permission_id = $permissionId
`, {
$roleId: roleId,
$permissionId: permissionId
});
};
SqlTiddlerDatabase.prototype.getUserRoles = function(userId) {
const query = `
SELECT r.role_id, r.role_name
FROM user_roles ur
JOIN roles r ON ur.role_id = r.role_id
WHERE ur.user_id = $userId
LIMIT 1
`;
return this.engine.runStatementGet(query, { $userId: userId });
};
SqlTiddlerDatabase.prototype.deleteUserRolesByRoleId = function(roleId) {
this.engine.runStatement(`
DELETE FROM user_roles
WHERE role_id = $roleId
`, {
$roleId: roleId
});
};
SqlTiddlerDatabase.prototype.deleteUserRolesByUserId = function(userId) {
this.engine.runStatement(`
DELETE FROM user_roles
WHERE user_id = $userId
`, {
$userId: userId
});
};
SqlTiddlerDatabase.prototype.isRoleInUse = function(roleId) {
// Check if the role is assigned to any users
const userRoleCheck = this.engine.runStatementGet(`
SELECT 1
FROM user_roles
WHERE role_id = $roleId
LIMIT 1
`, {
$roleId: roleId
});
if(userRoleCheck) {
return true;
}
// Check if the role is used in any ACLs
const aclRoleCheck = this.engine.runStatementGet(`
SELECT 1
FROM acl
WHERE role_id = $roleId
LIMIT 1
`, {
$roleId: roleId
});
if(aclRoleCheck) {
return true;
}
// If we've reached this point, the role is not in use
return false;
};
SqlTiddlerDatabase.prototype.getRoleById = function(roleId) {
const role = this.engine.runStatementGet(`
SELECT role_id, role_name, description
FROM roles
WHERE role_id = $roleId
`, {
$roleId: roleId
});
return role;
};
exports.SqlTiddlerDatabase = SqlTiddlerDatabase;
})();