Skip to content

sqlite: create authorization api #59928

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
araujogui wants to merge 18 commits into from
Closed

sqlite: create authorization api #59928

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
18 commits
Select commit Hold shift + click to select a range
6bf9173
sqlite: create authz method
araujogui Sep 18, 2025
bf0fc42
sqlite: improve error handling
araujogui Sep 18, 2025
41717ac
doc: create setauthorizer method doc
araujogui Sep 18, 2025
60ad323
doc: lint
araujogui Sep 18, 2025
19cdadf
doc: update doc link
araujogui Sep 18, 2025
e25f0ce
sqlite: remove duplicated proto init
araujogui Sep 18, 2025
e7288f3
sqlite: break long lines
araujogui Sep 18, 2025
3662e71
sqlite: format code
araujogui Sep 18, 2025
f63cba7
sqlite: store callback in internal field
araujogui Sep 22, 2025
2714896
sqlite: restrict valid authz code
araujogui Sep 23, 2025
e66a64c
sqlite: improve authorizer error handling
araujogui Sep 23, 2025
9e96632
sqlite: store authz error in internal object
araujogui Sep 24, 2025
a1553ef
sqlite: refactor authz code validation logic
araujogui Sep 24, 2025
e6ab93d
sqlite: refactor ToLocalChecked usage
araujogui Sep 25, 2025
254680d
sqlite: create constants doc
araujogui Sep 25, 2025
b51043c
sqlite: create sqlite_ignore test cases
araujogui Sep 25, 2025
526216d
sqlite: refactor authz error handling
araujogui Sep 26, 2025
0f4816f
sqlite: fix format
araujogui Sep 26, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
sqlite: improve error handling
  • Loading branch information
@araujogui
araujogui committed Sep 18, 2025
commit bf0fc42fcdaf8af99cfaace60f7789fa5bb81e94
4 changes: 2 additions & 2 deletions src/node_sqlite.cc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1921,15 +1921,15 @@ void DatabaseSync::SetAuthorizer(const FunctionCallbackInfo<Value>& args) {
Environment* env = Environment::GetCurrent(args);
Isolate* isolate = env->isolate();

if (args.Length() == 0 || args[0]->IsNull() || args[0]->IsUndefined()) {
if ( args[0]->IsNull() ) {
// Clear the authorizer
sqlite3_set_authorizer(db->connection_, nullptr, nullptr);
return;
}

if (!args[0]->IsFunction()) {
THROW_ERR_INVALID_ARG_TYPE(isolate,
"The \"callback\" argument must be a function.");
"The \"callback\" argument must be a function or null.");
return;
}

Expand Down
123 changes: 99 additions & 24 deletions test/parallel/test-sqlite-authz.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,90 +1,165 @@
'use strict';

const { skipIfSQLiteMissing } = require('../common');
skipIfSQLiteMissing();

const assert = require('node:assert');
const { DatabaseSync, constants } = require('node:sqlite');
const { suite, it } = require('node:test');

suite('DatabaseSync.prototype.setAuthorizer()', () => {
it('calls the authorizer with the correct parameters', (t) => {
const authorizer = t.mock.fn(() => constants.SQLITE_OK);

const createTestDatabase = () => {
const db = new DatabaseSync(':memory:');
db.exec('CREATE TABLE users (id INTEGER, name TEXT)');
return db;
};

it('receives correct parameters for SELECT operations', (t) => {
const authorizer = t.mock.fn(() => constants.SQLITE_OK);
const db = createTestDatabase();

db.setAuthorizer(authorizer);
db.prepare('SELECT id FROM users').get();

assert.strictEqual(authorizer.mock.callCount(), 2);
const callArguments = authorizer.mock.calls.map((call) => call.arguments);

assert.deepStrictEqual(
callArguments,
[
[constants.SQLITE_SELECT, null, null, null, null],
[constants.SQLITE_READ, 'users', 'id', 'main', null],
]
);
});

const insert = db.prepare('SELECT 1');
insert.run();
it('receives correct parameters for INSERT operations', (t) => {
const authorizer = t.mock.fn(() => constants.SQLITE_OK);
const db = createTestDatabase();

db.setAuthorizer(authorizer);
db.prepare('INSERT INTO users (id, name) VALUES (?, ?)').run(1, 'node');

assert.strictEqual(authorizer.mock.callCount(), 1);

const call = authorizer.mock.calls[0];
assert.deepStrictEqual(call.arguments, [constants.SQLITE_SELECT, null, null, null, null]);
assert.strictEqual(call.result, constants.SQLITE_OK);
assert.strictEqual(call.error, undefined);
const callArguments = authorizer.mock.calls.map((call) => call.arguments);
assert.deepStrictEqual(
callArguments,
[[constants.SQLITE_INSERT, 'users', null, 'main', null]],
);
});

it('allows operations when authorizer returns SQLITE_OK', () => {
const db = new DatabaseSync(':memory:');

db.setAuthorizer(() => constants.SQLITE_OK);

db.exec('CREATE TABLE users (id INTEGER, name TEXT)');

const tables = db.prepare("SELECT name FROM sqlite_master WHERE type='table'").all();

assert.strictEqual(tables[0].name, 'users');
});

it('blocks operations when authorizer returns SQLITE_DENY', () => {
const db = new DatabaseSync(':memory:');

db.setAuthorizer(() => constants.SQLITE_DENY);

assert.throws(() => {
db.exec('SELECT 1');
}, {
code: 'ERR_SQLITE_ERROR',
message: /not authorized/,
message: /not authorized/
});
});

it('clears authorizer with null', (t) => {
const authorizer = t.mock.fn(() => constants.SQLITE_OK);

it('blocks operations when authorizer throws error', () => {
const db = new DatabaseSync(':memory:');
db.setAuthorizer(() => {
throw new Error('Unknown error');
});

db.setAuthorizer(authorizer);
assert.throws(() => {
db.exec('SELECT 1');
}, {
code: 'ERR_SQLITE_ERROR',
message: /not authorized/
});
});

it('clears authorizer when set to null', (t) => {
const authorizer = t.mock.fn(() => constants.SQLITE_OK);
const db = new DatabaseSync(':memory:');
const statement = db.prepare('SELECT 1');
statement.run();

// Set authorizer and verify it's called
db.setAuthorizer(authorizer);
statement.run();
assert.strictEqual(authorizer.mock.callCount(), 1);

// Clear authorizer
// Clear authorizer and verify it's no longer called
db.setAuthorizer(null);

statement.run();

assert.strictEqual(authorizer.mock.callCount(), 1);
});

it('throws with invalid callback type', () => {
it('throws when callback is a string', () => {
const db = new DatabaseSync(':memory:');

assert.throws(() => {
db.setAuthorizer('not a function');
}, {
code: 'ERR_INVALID_ARG_TYPE',
message: /The "callback" argument must be a function/,
message: /The "callback" argument must be a function/
});
});

it('throws when callback is a number', () => {
const db = new DatabaseSync(':memory:');

assert.throws(() => {
db.setAuthorizer(1);
}, {
code: 'ERR_INVALID_ARG_TYPE',
message: /The "callback" argument must be a function/,
message: /The "callback" argument must be a function/
});
});

it('throws when callback is an object', () => {
const db = new DatabaseSync(':memory:');

assert.throws(() => {
db.setAuthorizer({});
}, {
code: 'ERR_INVALID_ARG_TYPE',
message: /The "callback" argument must be a function/
});
});

it('throws when callback is an array', () => {
const db = new DatabaseSync(':memory:');

assert.throws(() => {
db.setAuthorizer([]);
}, {
code: 'ERR_INVALID_ARG_TYPE',
message: /The "callback" argument must be a function/
});
});

it('throws when callback is undefined', () => {
const db = new DatabaseSync(':memory:');

assert.throws(() => {
db.setAuthorizer();
}, {
code: 'ERR_INVALID_ARG_TYPE',
message: /The "callback" argument must be a function/
});
});

it('accepts null as valid input for clearing authorizer', () => {
const db = new DatabaseSync(':memory:');

// does not throw
db.setAuthorizer(null);
});
});