Lines
0 %
Functions
use std::collections::BTreeMap;
use sqlx::AssertSqlSafe;
use sqlx::MySqlConnection;
use sqlx::prelude::*;
use serde::{Deserialize, Serialize};
use crate::core::protocol::CompleteDatabaseNameResponse;
use crate::core::protocol::request_validation::GroupDenylist;
use crate::core::protocol::request_validation::validate_db_or_user_request;
use crate::core::types::DbOrUser;
use crate::core::types::MySQLDatabase;
use crate::core::types::MySQLUser;
use crate::{
core::{
common::UnixUser,
protocol::{
CreateDatabaseError, CreateDatabasesResponse, DropDatabaseError, DropDatabasesResponse,
ListAllDatabasesError, ListAllDatabasesResponse, ListDatabasesError,
ListDatabasesResponse,
},
server::{common::create_user_group_matching_regex, sql::quote_identifier},
};
// NOTE: this function is unsafe because it does no input validation.
pub(super) async fn unsafe_database_exists(
database_name: &str,
connection: &mut MySqlConnection,
) -> Result<bool, sqlx::Error> {
let result =
sqlx::query("SELECT SCHEMA_NAME FROM information_schema.SCHEMATA WHERE SCHEMA_NAME = ?")
.bind(database_name)
.fetch_optional(connection)
.await;
if let Err(err) = &result {
tracing::error!(
"Failed to check if database '{}' exists: {:?}",
&database_name,
err
);
}
Ok(result?.is_some())
pub async fn complete_database_name(
database_prefix: &str,
unix_user: &UnixUser,
_db_is_mariadb: bool,
group_denylist: &GroupDenylist,
) -> CompleteDatabaseNameResponse {
let result = sqlx::query(
r"
SELECT CAST(`SCHEMA_NAME` AS CHAR(64)) AS `database`
FROM `information_schema`.`SCHEMATA`
WHERE `SCHEMA_NAME` NOT IN ('information_schema', 'performance_schema', 'mysql', 'sys')
AND `SCHEMA_NAME` REGEXP ?
AND `SCHEMA_NAME` LIKE ?
",
)
.bind(create_user_group_matching_regex(unix_user, group_denylist))
.bind(format!("{database_prefix}%"))
.fetch_all(connection)
match result {
Ok(rows) => rows
.into_iter()
.filter_map(|row| {
let database: String = row.try_get("database").ok()?;
Some(database.into())
})
.collect(),
Err(err) => {
"Failed to complete database name for prefix '{}' and user '{}': {:?}",
database_prefix,
unix_user.username,
vec![]
pub async fn create_databases(
database_names: &[MySQLDatabase],
) -> CreateDatabasesResponse {
let mut results = BTreeMap::new();
for database_name in database_names.iter().cloned() {
if let Err(err) = validate_db_or_user_request(
&DbOrUser::Database(database_name.clone()),
unix_user,
group_denylist,
.map_err(CreateDatabaseError::ValidationError)
{
results.insert(database_name.clone(), Err(err));
continue;
match unsafe_database_exists(&database_name, &mut *connection).await {
Ok(true) => {
results.insert(
database_name.clone(),
Err(CreateDatabaseError::DatabaseAlreadyExists),
Err(CreateDatabaseError::MySqlError(err.to_string())),
_ => {}
let statement = AssertSqlSafe(format!(
"CREATE DATABASE {}",
quote_identifier(&database_name)
));
let result = sqlx::query(statement)
.execute(&mut *connection)
.await
.map(|_| ())
.map_err(|err| CreateDatabaseError::MySqlError(err.to_string()));
tracing::error!("Failed to create database '{}': {:?}", &database_name, err);
results.insert(database_name, result);
results
pub async fn drop_databases(
) -> DropDatabasesResponse {
.map_err(DropDatabaseError::ValidationError)
Ok(false) => {
Err(DropDatabaseError::DatabaseDoesNotExist),
Err(DropDatabaseError::MySqlError(err.to_string())),
"DROP DATABASE {}",
.map_err(|err| DropDatabaseError::MySqlError(err.to_string()));
tracing::error!("Failed to drop database '{}': {:?}", &database_name, err);
#[derive(Debug, Clone, PartialEq, Serialize, Deserialize)]
pub struct DatabaseRow {
pub database: MySQLDatabase,
pub tables: Vec<String>,
pub users: Vec<MySQLUser>,
pub collation: Option<String>,
pub character_set: Option<String>,
pub size_bytes: u64,
impl FromRow<'_, sqlx::mysql::MySqlRow> for DatabaseRow {
fn from_row(row: &sqlx::mysql::MySqlRow) -> Result<Self, sqlx::Error> {
Ok(DatabaseRow {
database: row.try_get::<String, _>("database")?.into(),
tables: {
let s: Option<String> = row.try_get("tables")?;
s.and_then(|s| {
if s.is_empty() {
None
} else {
Some(s.split(',').map(std::borrow::ToOwned::to_owned).collect())
.unwrap_or_default()
users: {
let s: Option<String> = row.try_get("users")?;
Some(s.split(',').map(|s| s.to_owned().into()).collect())
collation: row.try_get::<Option<String>, _>("collation")?,
character_set: row.try_get::<Option<String>, _>("character_set")?,
size_bytes: row.try_get::<u64, _>("size_bytes")?,
pub async fn list_databases(
) -> ListDatabasesResponse {
.map_err(ListDatabasesError::ValidationError)
let result = sqlx::query_as::<_, DatabaseRow>(
SELECT
CAST(s.SCHEMA_NAME AS CHAR(64)) AS `database`,
t.tables,
u.users,
s.DEFAULT_COLLATION_NAME AS `collation`,
s.DEFAULT_CHARACTER_SET_NAME AS `character_set`,
CAST(COALESCE(t.size_bytes, 0) AS UNSIGNED) AS `size_bytes`
FROM information_schema.SCHEMATA s
LEFT JOIN (
TABLE_SCHEMA,
GROUP_CONCAT(
DISTINCT CAST(TABLE_NAME AS CHAR(64))
ORDER BY TABLE_NAME
SEPARATOR ','
) AS tables,
SUM(DATA_LENGTH + INDEX_LENGTH) AS size_bytes
FROM information_schema.TABLES
WHERE TABLE_SCHEMA = ?
GROUP BY TABLE_SCHEMA
) t
ON t.TABLE_SCHEMA = s.SCHEMA_NAME
DB,
DISTINCT CAST(User AS CHAR(64))
ORDER BY User
) AS users
FROM mysql.db
WHERE DB = ?
GROUP BY DB
) u
ON u.DB = s.SCHEMA_NAME
WHERE s.SCHEMA_NAME = ?;
.bind(database_name.to_string())
.fetch_optional(&mut *connection)
.map_err(|err| ListDatabasesError::MySqlError(err.to_string()))
.and_then(|database| {
database.map_or_else(|| Err(ListDatabasesError::DatabaseDoesNotExist), Ok)
});
tracing::error!("Failed to list database '{}': {:?}", &database_name, err);
// TODO: should we assert that the users are also owned by the unix_user from the request?
pub async fn list_all_databases_for_user(
) -> ListAllDatabasesResponse {
s.DEFAULT_COLLATION_NAME AS collation,
s.DEFAULT_CHARACTER_SET_NAME AS character_set,
CAST(COALESCE(t.size_bytes, 0) AS UNSIGNED) AS size_bytes
WHERE TABLE_SCHEMA REGEXP ?
WHERE DB REGEXP ?
WHERE s.SCHEMA_NAME REGEXP ?
AND s.SCHEMA_NAME NOT IN (
'information_schema',
'performance_schema',
'mysql',
'sys'
ORDER BY s.SCHEMA_NAME
.map_err(|err| ListAllDatabasesError::MySqlError(err.to_string()));
"Failed to list databases for user '{}': {:?}",
result