Add MSSQL DB client (#37)

undefined

Author: Sylvestre

.babelrc

@@ -0,0 +1,3 @@
+{
+  "presets": ["@babel/preset-env"]
+}

.env.test

@@ -0,0 +1,3 @@
+NODE_ENV=test
+MSSQL_CREDENTIALS:Server=mssql,1433;Database=master;User Id=sa;Password=Pass@word;trustServerCertificate=true;
+MSSQL_CREDENTIALS_READ_ONLY:Server=mssql,1433;Database=master;User Id=reader;Password=re@derP@ssw0rd;trustServerCertificate=true;

.env.test.js

@@ -0,0 +1,11 @@
+
+export const MSSQL_CREDENTIALS = env("MSSQL_CREDENTIALS");
+export const MSSQL_CREDENTIALS_READ_ONLY = env("MSSQL_CREDENTIALS_READ_ONLY");
+export const NODE_ENV = env("NODE_ENV");
+
+function env(key, defaultValue) {
+  const value = process.env[key]; // eslint-disable-line no-process-env
+  if (value !== undefined) return value;
+  if (defaultValue !== undefined) return defaultValue;
+  throw new Error(`Missing environment variable: ${key}`);
+}

.mocharc.cjs

@@ -0,0 +1,8 @@
+module.exports = {
+  color: true,
+  extension: ["js"],
+  global: [],
+  ignore: [],
+  require: "@babel/register",
+  spec: ["test/**/*.test.js"],
+};

Dockerfile

@@ -0,0 +1,17 @@
+FROM node:16.17.0-alpine
+
+RUN mkdir /app
+WORKDIR /app
+
+RUN apk --no-cache add bash
+
+COPY package.json yarn.lock /app/
+RUN \
+  yarn --frozen-lockfile && \
+  yarn cache clean
+
+ENV PATH="/app/node_modules/.bin:${PATH}"
+
+COPY . /app/
+
+CMD yarn test

data/AdventureWorks2019.bak

@@ -0,0 +1,32 @@
+import mssql from "mssql";
+import {MSSQL_CREDENTIALS} from "../.env.test.js";
+
+const credentials = MSSQL_CREDENTIALS;
+
+const seed = async () => {
+  await mssql.connect(credentials);
+
+  await mssql.query`RESTORE DATABASE test
+    FROM DISK = '/var/opt/mssql/backup/test.bak'
+    WITH REPLACE, RECOVERY,
+    MOVE 'AdventureWorksLT2012_Data' TO '/var/opt/mssql/data/aw2019.mdf',
+    MOVE 'AdventureWorksLT2012_Log'  TO '/var/opt/mssql/data/aw2019.ldf';`;
+
+  await mssql.query`IF NOT EXISTS(SELECT name
+                                  FROM sys.syslogins
+                                  WHERE name='reader')
+                     BEGIN
+                       CREATE LOGIN reader WITH PASSWORD = 're@derP@ssw0rd'
+                       CREATE USER reader FOR LOGIN reader
+                     END`;
+};
+
+seed()
+  .then(() => {
+    console.log(`MS_SQL DB seeded.`);
+    process.exit(0);
+  })
+  .catch((err) => {
+    console.error(err.message, err);
+    process.exit(1);
+  });

data/seed.mssql.js

@@ -0,0 +1,7 @@
+version: "3.7"
+
+services:
+  mssql:
+    image: mcr.microsoft.com/azure-sql-edge
+    expose:
+      - "1433"

docker-compose.local.yml

@@ -0,0 +1,30 @@
+version: "3.7"
+
+services:
+  test:
+    build: .
+    depends_on:
+      - mssql
+    env_file:
+      - .env.test
+    networks:
+      - db_proxy_test
+    command: sh -c "set -o pipefail && wait-on -d 10000 -t 30000 tcp:mssql:1433 && node ./data/seed.mssql.js && TZ=UTC NODE_ENV=TEST node_modules/.bin/mocha"
+
+  mssql:
+    image: mcr.microsoft.com/mssql/server:2019-latest
+    environment:
+      - MSSQL_SA_PASSWORD=Pass@word
+      - ACCEPT_EULA=Y
+      - MSSQL_DATABASE=test
+      - MSSQL_SLEEP=7
+    volumes:
+      - ./data/AdventureWorks2019.bak:/var/opt/mssql/backup/test.bak
+    ports:
+      - "1433:1433"
+    networks:
+      - db_proxy_test
+
+networks:
+  db_proxy_test:
+    name: db_proxy_test

docker-compose.yml

@@ -1,7 +1,13 @@
 import {createError} from "micro";
-export const unauthorized = error => createError(401, "Unauthorized", error);
-export const notFound = error => createError(404, "Not Found", error);
-export const exit = message => {
+export const unauthorized = (error) => createError(401, "Unauthorized", error);
+export const notFound = (error) => createError(404, "Not Found", error);
+export const notImplemented = (error) =>
+  createError(501, "Not Implemented", error);
+export const badRequest = (error) =>
+  createError(400, typeof error === "string" ? error : "Bad request", error);
+export const failedCheck = (error) =>
+  createError(200, typeof error === "string" ? error : "Failed check", error);
+export const exit = (message) => {
   console.error(message); // eslint-disable-line no-console
   process.exit(1);
 };

lib/errors.js

@@ -0,0 +1,205 @@
+import Ajv from "ajv";
+import JSONStream from "JSONStream";
+import {json} from "micro";
+import mssql from "mssql";
+import {failedCheck, badRequest, notImplemented} from "./errors.js";
+
+const TYPES = mssql.TYPES;
+
+const pools = new Map();
+
+const READ_ONLY = new Set(["SELECT", "USAGE"]);
+
+const ajv = new Ajv();
+const validate = ajv.compile({
+  type: "object",
+  additionalProperties: false,
+  required: ["sql"],
+  properties: {
+    sql: {type: "string", minLength: 1},
+    params: {type: "array"},
+  },
+});
+
+// See: https://tediousjs.github.io/node-mssql/#connection-pools
+export const mssqlPool = {
+  get: (name, config) => {
+    if (!pools.has(name)) {
+      if (!config) {
+        throw new Error("Database configuration required");
+      }
+
+      const pool = new mssql.ConnectionPool(config);
+      const close = pool.close.bind(pool);
+      pool.close = (...args) => {
+        pools.delete(name);
+        return close(...args);
+      };
+
+      pools.set(name, pool.connect());
+    }
+
+    return pools.get(name);
+  },
+
+  closeAll: () =>
+    Promise.all(
+      Array.from(pools.values()).map((connect) => {
+        return connect.then((pool) => pool.close());
+      })
+    ),
+};
+
+export async function queryStream(req, res, pool) {
+  const db = await pool;
+  const body = await json(req);
+
+  if (!validate(body)) throw badRequest();
+
+  res.setHeader("Content-Type", "text/plain");
+  const keepAlive = setInterval(() => res.write("\n"), 25e3);
+
+  let {sql, params = []} = body;
+
+  try {
+    await new Promise((resolve, reject) => {
+      const request = new mssql.Request(db);
+      const stream = request.toReadableStream();
+
+      params.forEach((param, idx) => {
+        request.input(`${idx + 1}`, param);
+      });
+
+      request.query(sql);
+      request.once("recordset", () => clearInterval(keepAlive));
+      request.on("recordset", (columns) => {
+        const schema = {
+          type: "array",
+          items: {
+            type: "object",
+            properties: Object.entries(columns).reduce(
+              (schema, [name, props]) => {
+                return {
+                  ...schema,
+                  ...{[name]: dataTypeSchema({type: props.type.name})},
+                };
+              },
+              {}
+            ),
+          },
+        };
+
+        res.write(`${JSON.stringify(schema)}`);
+        res.write("\n");
+      });
+
+      stream.pipe(JSONStream.stringify("", "\n", "\n")).pipe(res);
+      stream.on("done", () => {
+        resolve();
+      });
+      stream.on("error", (error) => {
+        if (!request.canceled) {
+          request.cancel();
+        }
+        reject(error);
+      });
+    });
+  } catch (error) {
+    if (!error.statusCode) error.statusCode = 400;
+    throw error;
+  } finally {
+    clearInterval(keepAlive);
+  }
+
+  res.end();
+}
+
+/*
+ * This function is checking for the permission of the given credentials. It alerts the user setting
+ * them up that these may be too permissive.
+ * */
+export async function check(req, res, pool) {
+  const db = await pool;
+
+  // See: https://learn.microsoft.com/en-us/sql/relational-databases/system-functions/sys-fn-my-permissions-transact-sql
+  const rows = await db.request().query(
+    `USE ${db.config.database};
+     SELECT * FROM fn_my_permissions (NULL, 'DATABASE');`
+  );
+
+  const grants = rows.recordset.map((rs) => rs.permission_name);
+  const permissive = grants.filter((g) => !READ_ONLY.has(g));
+
+  if (permissive.length)
+    throw failedCheck(
+      `User has too permissive grants: ${permissive.join(", ")}`
+    );
+
+  return {ok: true};
+}
+
+export default (credentials) => async (req, res) => {
+  const pool = mssqlPool.get(JSON.stringify(credentials), credentials);
+
+  if (req.method === "POST") {
+    if (req.url === "/check") {
+      return check(req, res, pool);
+    }
+
+    if (["/query-stream"].includes(req.url)) {
+      return queryStream(req, res, pool);
+    }
+
+    throw notImplemented();
+  }
+};
+
+// See https://github.com/tediousjs/node-mssql/blob/66587d97c9ce21bffba8ca360c72a540f2bc47a6/lib/datatypes.js#L6
+const boolean = ["null", "boolean"],
+  integer = ["null", "integer"],
+  number = ["null", "number"],
+  object = ["null", "object"],
+  string = ["null", "string"];
+export function dataTypeSchema({type}) {
+  switch (type) {
+    case TYPES.Bit.name:
+      return {type: boolean};
+    case TYPES.TinyInt.name:
+      return {type: integer, tiny: true};
+    case TYPES.SmallInt.name:
+      return {type: integer, short: true};
+    case TYPES.BigInt.name:
+      return {type: integer, long: true};
+    case TYPES.Int.name:
+      return {type: integer};
+    case TYPES.Float.name:
+      return {type: number, float: true};
+    case TYPES.Numeric.name:
+      return {type: number};
+    case TYPES.Decimal.name:
+      return {type: number, decimal: true};
+    case TYPES.Real.name:
+      return {type: number};
+    case TYPES.Date.name:
+    case TYPES.DateTime.name:
+    case TYPES.DateTime2.name:
+    case TYPES.DateTimeOffset.name:
+    case TYPES.SmallDateTime.name:
+    case TYPES.Time.name:
+      return {type: string, date: true};
+    case TYPES.Binary.name:
+    case TYPES.VarBinary.name:
+    case TYPES.Image.name:
+      return {type: object, buffer: true};
+    case TYPES.SmallMoney.name: // TODO
+    case TYPES.Money.name: //TODO
+    case TYPES.Xml.name: //TODO
+    case TYPES.TVP.name: //TODO
+    case TYPES.UDT.name: //TODO
+    case TYPES.Geography.name: //TODO
+    case TYPES.Geometry.name: //TODO
+    case TYPES.Variant.name: //TODO
+    default:
+      return {type: string};
+  }
+}

lib/mssql.js

@@ -11,6 +11,7 @@ import {notFound, unauthorized, exit} from "./errors.js";
 import mysql from "./mysql.js";
 import postgres from "./postgres.js";
 import snowflake from "./snowflake.js";
+import mssql from "./mssql.js";
 
 export function server(config, argv) {
   const development = process.env.NODE_ENV === "development";
@@ -22,7 +23,7 @@ export function server(config, argv) {
     url,
     ssl = "disabled",
     host = "127.0.0.1",
-    port = 2899
+    port = 2899,
   } = config;
 
   const handler =
@@ -32,6 +33,8 @@ export function server(config, argv) {
       ? postgres(url)
       : type === "snowflake"
       ? snowflake(url)
+      : type === "mssql"
+      ? mssql(url)
       : null;
   if (!handler) {
     return exit(`Unknown database type: ${type}`);
@@ -85,7 +88,7 @@ export function server(config, argv) {
 
     const [payload, hmac] = authorization
       .split(".")
-      .map(encoded => Buffer.from(encoded, "base64"));
+      .map((encoded) => Buffer.from(encoded, "base64"));
     const {name} = JSON.parse(payload);
     if (config.name !== name) throw notFound();
     const {origin, secret} = config;

lib/server.js

@@ -3,20 +3,23 @@
   "description": "A local proxy to connect private Observable notebooks to private databases",
   "version": "2.0.0",
   "type": "module",
-  "engines" : {
-    "node" : ">=14.19.0"
+  "engines": {
+    "node": ">=14.19.0"
   },
-  "exports":{
-    "./postgres.js":  "./lib/postgres.js",
-    "./mysql.js":  "./lib/mysql.js",
-    "./snowflake.js": "./lib/snowflake.js"
+  "exports": {
+    "./postgres.js": "./lib/postgres.js",
+    "./mysql.js": "./lib/mysql.js",
+    "./snowflake.js": "./lib/snowflake.js",
+    "./mssql.js": "./lib/mssql.js"
   },
   "bin": {
     "observable-database-proxy": "./bin/observable-database-proxy.js"
   },
   "dependencies": {
     "JSONStream": "^1.3.5",
+    "ajv": "^8.11.0",
     "micro": "^9.3.4",
+    "mssql": "^9.0.1",
     "mysql": "^2.17.1",
     "open": "^6.3.0",
     "pg": "^8.7.1",
@@ -26,11 +29,22 @@
     "yargs": "^13.2.4"
   },
   "devDependencies": {
-    "nodemon": "^1.19.1"
+    "@babel/core": "^7.19.6",
+    "@babel/preset-env": "^7.19.4",
+    "@babel/register": "^7.18.9",
+    "chai": "^4.3.6",
+    "mocha": "^10.1.0",
+    "mock-req": "^0.2.0",
+    "mock-res": "^0.6.0",
+    "nodemon": "^1.19.1",
+    "wait-on": "^6.0.1"
   },
   "scripts": {
     "dev": "NODE_ENV=development nodemon bin/observable-database-proxy.js",
-    "test": "echo \"Error: no test specified\" && exit 1"
+    "test": "mocha",
+    "test:local": "docker-compose -f docker-compose.yml -f docker-compose.local.yml up --build",
+    "test:ci": "docker-compose -f docker-compose.yml up --build --exit-code-from test",
+    "test:db": "docker-compose -f docker-compose.yml -f docker-compose.local.yml up mssql"
   },
   "author": "Observable",
   "license": "ISC",

package.json

@@ -0,0 +1,135 @@
+import {expect} from "chai";
+import MockReq from "mock-req";
+import MockRes from "mock-res";
+
+import {MSSQL_CREDENTIALS} from "../.env.test.js";
+import mssql, {dataTypeSchema} from "../lib/mssql.js";
+
+const credentials = MSSQL_CREDENTIALS;
+describe("mssql", () => {
+  describe("when checking", () => {
+    describe("with system admin user", () => {
+      it("should throw a too permissive error", () => {
+        const req = new MockReq({
+          method: "POST",
+          url: "/check",
+        });
+        const res = new MockRes();
+        const index = mssql(credentials);
+
+        return index(req, res).then(
+          () => Promise.reject("Expect call to throw!"),
+          (err) => {
+            expect(err.statusCode).to.equal(200);
+            expect(
+              err.message.includes("User has too permissive grants")
+            ).to.equal(true);
+          }
+        );
+      });
+    });
+  });
+
+  describe("when querying", () => {
+    it("should stream the results of simple query", () => {
+      return new Promise(async (resolve, reject) => {
+        const req = new MockReq({method: "POST", url: "/query-stream"}).end({
+          sql: "SELECT TOP 2 CustomerID FROM test.SalesLT.Customer",
+          params: [],
+        });
+
+        const res = new MockRes(onEnd);
+
+        const index = mssql(credentials);
+        await index(req, res);
+
+        function onEnd() {
+          const [schema, row] = this._getString().split("\n");
+
+          expect(schema).to.equal(
+            JSON.stringify({
+              type: "array",
+              items: {
+                type: "object",
+                properties: {CustomerID: {type: ["null", "integer"]}},
+              },
+            })
+          );
+          expect(row).to.equal(JSON.stringify({CustomerID: 12}));
+
+          resolve();
+        }
+      });
+    });
+    it("should handle parameter graciously", () => {
+      return new Promise(async (resolve, reject) => {
+        const testCustomerId = 3;
+        const req = new MockReq({method: "POST", url: "/query-stream"}).end({
+          sql: "SELECT TOP 2 CustomerID FROM test.SalesLT.Customer WHERE CustomerID=@1",
+          params: [testCustomerId],
+        });
+
+        const res = new MockRes(onEnd);
+
+        const index = mssql(credentials);
+        await index(req, res);
+
+        function onEnd() {
+          const [schema, row] = this._getString().split("\n");
+
+          expect(schema).to.equal(
+            JSON.stringify({
+              type: "array",
+              items: {
+                type: "object",
+                properties: {CustomerID: {type: ["null", "integer"]}},
+              },
+            })
+          );
+          expect(row).to.equal(JSON.stringify({CustomerID: testCustomerId}));
+
+          resolve();
+        }
+      });
+    });
+    it("should replace cell reference in the SQL query", () => {
+      return new Promise(async (resolve, reject) => {
+        const testCustomerId = 5;
+        const req = new MockReq({method: "POST", url: "/query-stream"}).end({
+          sql: "SELECT TOP 2 CustomerID FROM test.SalesLT.Customer WHERE CustomerID=@1",
+          params: [testCustomerId],
+        });
+
+        const res = new MockRes(onEnd);
+
+        const index = mssql(credentials);
+        await index(req, res);
+
+        function onEnd() {
+          const [schema, row] = this._getString().split("\n");
+
+          expect(schema).to.equal(
+            JSON.stringify({
+              type: "array",
+              items: {
+                type: "object",
+                properties: {CustomerID: {type: ["null", "integer"]}},
+              },
+            })
+          );
+          expect(row).to.equal(JSON.stringify({CustomerID: testCustomerId}));
+
+          resolve();
+        }
+      });
+    });
+  });
+
+  describe("when check the dataTypeSchema", () => {
+    it("should TYPES.Image.name to object", () => {
+      const {type} = dataTypeSchema({type: "Image"});
+      expect(type[0]).to.equal("null");
+      expect(type[1]).to.equal("object");
+    });
+  });
+});