Skip to content

sqlite: create authorization api #59928

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
araujogui wants to merge 18 commits into from
Closed

sqlite: create authorization api #59928

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
18 commits
Select commit Hold shift + click to select a range
6bf9173
sqlite: create authz method
araujogui Sep 18, 2025
bf0fc42
sqlite: improve error handling
araujogui Sep 18, 2025
41717ac
doc: create setauthorizer method doc
araujogui Sep 18, 2025
60ad323
doc: lint
araujogui Sep 18, 2025
19cdadf
doc: update doc link
araujogui Sep 18, 2025
e25f0ce
sqlite: remove duplicated proto init
araujogui Sep 18, 2025
e7288f3
sqlite: break long lines
araujogui Sep 18, 2025
3662e71
sqlite: format code
araujogui Sep 18, 2025
f63cba7
sqlite: store callback in internal field
araujogui Sep 22, 2025
2714896
sqlite: restrict valid authz code
araujogui Sep 23, 2025
e66a64c
sqlite: improve authorizer error handling
araujogui Sep 23, 2025
9e96632
sqlite: store authz error in internal object
araujogui Sep 24, 2025
a1553ef
sqlite: refactor authz code validation logic
araujogui Sep 24, 2025
e6ab93d
sqlite: refactor ToLocalChecked usage
araujogui Sep 25, 2025
254680d
sqlite: create constants doc
araujogui Sep 25, 2025
b51043c
sqlite: create sqlite_ignore test cases
araujogui Sep 25, 2025
526216d
sqlite: refactor authz error handling
araujogui Sep 26, 2025
0f4816f
sqlite: fix format
araujogui Sep 26, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
sqlite: store callback in internal field
  • Loading branch information
@araujogui
araujogui committed Sep 22, 2025
commit f63cba72a50dcd4a18f4e71e999b6eeceb5c21a4
124 changes: 61 additions & 63 deletions src/node_sqlite.cc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -664,66 +664,6 @@ void UserDefinedFunction::xDestroy(void* self) {
delete static_cast<UserDefinedFunction*>(self);
}

AuthorizerFunction::AuthorizerFunction(Environment* env,
Local<Function> fn,
DatabaseSync* db)
: env_(env), fn_(env->isolate(), fn), db_(db) {}

AuthorizerFunction::~AuthorizerFunction() {}

int AuthorizerFunction::xAuthorizer(void* user_data,
int action_code,
const char* param1,
const char* param2,
const char* param3,
const char* param4) {
AuthorizerFunction* self = static_cast<AuthorizerFunction*>(user_data);
Environment* env = self->env_;
Isolate* isolate = env->isolate();
HandleScope handle_scope(isolate);
Local<Context> context = env->context();

auto fn = self->fn_.Get(isolate);
LocalVector<Value> js_argv(isolate);

// Convert SQLite authorizer parameters to JavaScript values
js_argv.emplace_back(Integer::New(isolate, action_code));
js_argv.emplace_back(
NullableSQLiteStringToValue(isolate, param1).ToLocalChecked());
js_argv.emplace_back(
NullableSQLiteStringToValue(isolate, param2).ToLocalChecked());
js_argv.emplace_back(
NullableSQLiteStringToValue(isolate, param3).ToLocalChecked());
js_argv.emplace_back(
NullableSQLiteStringToValue(isolate, param4).ToLocalChecked());

TryCatch try_catch(isolate);
MaybeLocal<Value> retval =
fn->Call(context, Undefined(isolate), js_argv.size(), js_argv.data());

if (try_catch.HasCaught()) {
// If there's an exception in the callback, deny the operation
return SQLITE_DENY;
}

Local<Value> result;
if (!retval.ToLocal(&result)) {
return SQLITE_DENY;
}

if (result->IsNumber()) {
double num_result = result.As<Number>()->Value();
return static_cast<int>(num_result);
}

// Default to OK if the result isn't a number
return SQLITE_OK;
}

void AuthorizerFunction::xDestroy(void* self) {
delete static_cast<AuthorizerFunction*>(self);
}

DatabaseSync::DatabaseSync(Environment* env,
Local<Object> object,
DatabaseOpenConfiguration&& open_config,
Expand Down Expand Up @@ -1929,6 +1869,7 @@ void DatabaseSync::SetAuthorizer(const FunctionCallbackInfo<Value>& args) {
if (args[0]->IsNull()) {
// Clear the authorizer
sqlite3_set_authorizer(db->connection_, nullptr, nullptr);
db->object()->SetInternalField(kAuthorizerCallback, Null(isolate));
return;
}

Expand All @@ -1939,17 +1880,74 @@ void DatabaseSync::SetAuthorizer(const FunctionCallbackInfo<Value>& args) {
}

Local<Function> fn = args[0].As<Function>();
AuthorizerFunction* user_data = new AuthorizerFunction(env, fn, db);

db->object()->SetInternalField(kAuthorizerCallback, fn);

int r = sqlite3_set_authorizer(
db->connection_, AuthorizerFunction::xAuthorizer, user_data);
db->connection_, DatabaseSync::AuthorizerCallback, db);

if (r != SQLITE_OK) {
delete user_data;
CHECK_ERROR_OR_THROW(isolate, db, r, SQLITE_OK, void());
}
}

int DatabaseSync::AuthorizerCallback(void* user_data,
int action_code,
const char* param1,
const char* param2,
const char* param3,
const char* param4) {
DatabaseSync* db = static_cast<DatabaseSync*>(user_data);
Environment* env = db->env();
Isolate* isolate = env->isolate();
HandleScope handle_scope(isolate);
Local<Context> context = env->context();

Local<Value> cb =
db->object()->GetInternalField(kAuthorizerCallback).template As<Value>();

if (!cb->IsFunction()) {
return SQLITE_DENY;
}
Comment thread
araujogui marked this conversation as resolved.
Outdated

Local<Function> callback = cb.As<Function>();
LocalVector<Value> js_argv(isolate);

// Convert SQLite authorizer parameters to JavaScript values
js_argv.emplace_back(Integer::New(isolate, action_code));
js_argv.emplace_back(
NullableSQLiteStringToValue(isolate, param1).ToLocalChecked());
js_argv.emplace_back(
NullableSQLiteStringToValue(isolate, param2).ToLocalChecked());
js_argv.emplace_back(
NullableSQLiteStringToValue(isolate, param3).ToLocalChecked());
js_argv.emplace_back(
NullableSQLiteStringToValue(isolate, param4).ToLocalChecked());

TryCatch try_catch(isolate);
MaybeLocal<Value> retval = callback->Call(
context, Undefined(isolate), js_argv.size(), js_argv.data());

if (try_catch.HasCaught()) {
// If there's an exception in the callback, deny the operation
// TODO: Rethrow exepction
return SQLITE_DENY;
}

Local<Value> result;
if (!retval.ToLocal(&result)) {
return SQLITE_DENY;
}

if (result->IsNumber()) {
double num_result = result.As<Number>()->Value();
return static_cast<int>(num_result);
}

// Default to OK if the result isn't a number
return SQLITE_OK;
}

StatementSync::StatementSync(Environment* env,
Local<Object> object,
BaseObjectPtr<DatabaseSync> db,
Expand Down
31 changes: 11 additions & 20 deletions src/node_sqlite.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -111,6 +111,11 @@ class StatementExecutionHelper {

class DatabaseSync : public BaseObject {
public:
enum InternalFields {
kAuthorizerCallback = BaseObject::kInternalFieldCount,
kInternalFieldCount
};

DatabaseSync(Environment* env,
v8::Local<v8::Object> object,
DatabaseOpenConfiguration&& open_config,
Expand All @@ -137,6 +142,12 @@ class DatabaseSync : public BaseObject {
const v8::FunctionCallbackInfo<v8::Value>& args);
static void LoadExtension(const v8::FunctionCallbackInfo<v8::Value>& args);
static void SetAuthorizer(const v8::FunctionCallbackInfo<v8::Value>& args);
static int AuthorizerCallback(void* user_data,
int action_code,
const char* param1,
const char* param2,
const char* param3,
const char* param4);
void FinalizeStatements();
void RemoveBackup(BackupJob* backup);
void AddBackup(BackupJob* backup);
Expand Down Expand Up @@ -318,26 +329,6 @@ class SQLTagStore : public BaseObject {
friend class StatementExecutionHelper;
};

class AuthorizerFunction {
public:
AuthorizerFunction(Environment* env,
v8::Local<v8::Function> fn,
DatabaseSync* db);
~AuthorizerFunction();
static int xAuthorizer(void* user_data,
int action_code,
const char* param1,
const char* param2,
const char* param3,
const char* param4);
static void xDestroy(void* self);

private:
Environment* env_;
v8::Global<v8::Function> fn_;
DatabaseSync* db_;
};

class UserDefinedFunction {
public:
UserDefinedFunction(Environment* env,
Expand Down