Skip to content

sqlite: create authorization api #59928

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
araujogui wants to merge 18 commits into from
Closed

sqlite: create authorization api #59928

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
18 commits
Select commit Hold shift + click to select a range
6bf9173
sqlite: create authz method
araujogui Sep 18, 2025
bf0fc42
sqlite: improve error handling
araujogui Sep 18, 2025
41717ac
doc: create setauthorizer method doc
araujogui Sep 18, 2025
60ad323
doc: lint
araujogui Sep 18, 2025
19cdadf
doc: update doc link
araujogui Sep 18, 2025
e25f0ce
sqlite: remove duplicated proto init
araujogui Sep 18, 2025
e7288f3
sqlite: break long lines
araujogui Sep 18, 2025
3662e71
sqlite: format code
araujogui Sep 18, 2025
f63cba7
sqlite: store callback in internal field
araujogui Sep 22, 2025
2714896
sqlite: restrict valid authz code
araujogui Sep 23, 2025
e66a64c
sqlite: improve authorizer error handling
araujogui Sep 23, 2025
9e96632
sqlite: store authz error in internal object
araujogui Sep 24, 2025
a1553ef
sqlite: refactor authz code validation logic
araujogui Sep 24, 2025
e6ab93d
sqlite: refactor ToLocalChecked usage
araujogui Sep 25, 2025
254680d
sqlite: create constants doc
araujogui Sep 25, 2025
b51043c
sqlite: create sqlite_ignore test cases
araujogui Sep 25, 2025
526216d
sqlite: refactor authz error handling
araujogui Sep 26, 2025
0f4816f
sqlite: fix format
araujogui Sep 26, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
sqlite: restrict valid authz code
  • Loading branch information
@araujogui
araujogui committed Sep 23, 2025
commit 27148962813326ab84772a7355fafe593a1868b3
18 changes: 12 additions & 6 deletions src/node_sqlite.cc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1930,7 +1930,7 @@ int DatabaseSync::AuthorizerCallback(void* user_data,

if (try_catch.HasCaught()) {
// If there's an exception in the callback, deny the operation
// TODO: Rethrow exepction
// TODO: Rethrow exception
Comment thread
araujogui marked this conversation as resolved.
Outdated
return SQLITE_DENY;
}

Expand All @@ -1939,13 +1939,19 @@ int DatabaseSync::AuthorizerCallback(void* user_data,
return SQLITE_DENY;
}

if (result->IsNumber()) {
double num_result = result.As<Number>()->Value();
return static_cast<int>(num_result);
if (!result->IsNumber()) {
return SQLITE_DENY;
}

double num_result = result.As<Number>()->Value();
int int_result = static_cast<int>(num_result);
Comment thread
araujogui marked this conversation as resolved.
Outdated

if (int_result == SQLITE_OK || int_result == SQLITE_DENY ||
int_result == SQLITE_IGNORE) {
return int_result;
}

// Default to OK if the result isn't a number
return SQLITE_OK;
return SQLITE_DENY;
}

StatementSync::StatementSync(Environment* env,
Expand Down
35 changes: 28 additions & 7 deletions test/parallel/test-sqlite-authz.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -85,6 +85,34 @@ suite('DatabaseSync.prototype.setAuthorizer()', () => {
});
});

it('blocks operations when authorizer returns NaN', () => {
const db = new DatabaseSync(':memory:');
db.setAuthorizer(() => {
return '1';
});

assert.throws(() => {
db.exec('SELECT 1');
}, {
code: 'ERR_SQLITE_ERROR',
message: /not authorized/
});
});

it('blocks operations when authorizer returns a invalid code', () => {
const db = new DatabaseSync(':memory:');
db.setAuthorizer(() => {
return 3;
});

assert.throws(() => {
db.exec('SELECT 1');
}, {
code: 'ERR_SQLITE_ERROR',
message: /not authorized/
});
});

it('clears authorizer when set to null', (t) => {
const authorizer = t.mock.fn(() => constants.SQLITE_OK);
const db = new DatabaseSync(':memory:');
Expand Down Expand Up @@ -155,11 +183,4 @@ suite('DatabaseSync.prototype.setAuthorizer()', () => {
message: /The "callback" argument must be a function/
});
});

it('accepts null as valid input for clearing authorizer', () => {
const db = new DatabaseSync(':memory:');

// does not throw
db.setAuthorizer(null);
});
});
Loading