Move SQLite "auth" metadata to a separate package `internal/authentic…

…ation/sqlite` (dapr#3135) Signed-off-by: ItalyPaleAle <[email protected]> Co-authored-by: Bernd Verst <[email protected]> Signed-off-by: Amit Mor <[email protected]>
amimimor · Oct 12, 2023 · 8bde1b9 · 8bde1b9
1 parent d69a9e6
commit 8bde1b9
Show file tree

Hide file tree

Showing 9 changed files with 464 additions and 212 deletions.
diff --git a/internal/authentication/sqlite/metadata.go b/internal/authentication/sqlite/metadata.go
@@ -0,0 +1,180 @@
+/*
+Copyright 2023 The Dapr Authors
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package sqlite
+
+import (
+	"errors"
+	"fmt"
+	"net/url"
+	"strings"
+	"time"
+
+	"github.com/dapr/kit/logger"
+)
+
+const (
+	DefaultTimeout     = 20 * time.Second // Default timeout for database requests, in seconds
+	DefaultBusyTimeout = 2 * time.Second
+)
+
+// SqliteAuthMetadata contains the auth metadata for a SQLite component.
+type SqliteAuthMetadata struct {
+	ConnectionString string        `mapstructure:"connectionString" mapstructurealiases:"url"`
+	Timeout          time.Duration `mapstructure:"timeout" mapstructurealiases:"timeoutInSeconds"`
+	BusyTimeout      time.Duration `mapstructure:"busyTimeout"`
+	DisableWAL       bool          `mapstructure:"disableWAL"` // Disable WAL journaling. You should not use WAL if the database is stored on a network filesystem (or data corruption may happen). This is ignored if the database is in-memory.
+}
+
+// Reset the object
+func (m *SqliteAuthMetadata) Reset() {
+	m.ConnectionString = ""
+	m.Timeout = DefaultTimeout
+	m.BusyTimeout = DefaultBusyTimeout
+	m.DisableWAL = false
+}
+
+func (m *SqliteAuthMetadata) Validate() error {
+	// Validate and sanitize input
+	if m.ConnectionString == "" {
+		return errors.New("missing connection string")
+	}
+	if m.Timeout < time.Second {
+		return errors.New("invalid value for 'timeout': must be greater than 1s")
+	}
+
+	// Busy timeout
+	// Truncate values to milliseconds. Values <= 0 do not set any timeout
+	m.BusyTimeout = m.BusyTimeout.Truncate(time.Millisecond)
+
+	return nil
+}
+
+func (m *SqliteAuthMetadata) GetConnectionString(log logger.Logger) (string, error) {
+	// Check if we're using the in-memory database
+	lc := strings.ToLower(m.ConnectionString)
+	isMemoryDB := strings.HasPrefix(lc, ":memory:") || strings.HasPrefix(lc, "file::memory:")
+
+	// Get the "query string" from the connection string if present
+	idx := strings.IndexRune(m.ConnectionString, '?')
+	var qs url.Values
+	if idx > 0 {
+		qs, _ = url.ParseQuery(m.ConnectionString[(idx + 1):])
+	}
+	if len(qs) == 0 {
+		qs = make(url.Values, 2)
+	}
+
+	// If the database is in-memory, we must ensure that cache=shared is set
+	if isMemoryDB {
+		qs["cache"] = []string{"shared"}
+	}
+
+	// Check if the database is read-only or immutable
+	isReadOnly := false
+	if len(qs["mode"]) > 0 {
+		// Keep the first value only
+		qs["mode"] = []string{
+			qs["mode"][0],
+		}
+		if qs["mode"][0] == "ro" {
+			isReadOnly = true
+		}
+	}
+	if len(qs["immutable"]) > 0 {
+		// Keep the first value only
+		qs["immutable"] = []string{
+			qs["immutable"][0],
+		}
+		if qs["immutable"][0] == "1" {
+			isReadOnly = true
+		}
+	}
+
+	// We do not want to override a _txlock if set, but we'll show a warning if it's not "immediate"
+	if len(qs["_txlock"]) > 0 {
+		// Keep the first value only
+		qs["_txlock"] = []string{
+			strings.ToLower(qs["_txlock"][0]),
+		}
+		if qs["_txlock"][0] != "immediate" {
+			log.Warn("Database connection is being created with a _txlock different from the recommended value 'immediate'")
+		}
+	} else {
+		qs["_txlock"] = []string{"immediate"}
+	}
+
+	// Add pragma values
+	if len(qs["_pragma"]) == 0 {
+		qs["_pragma"] = make([]string, 0, 2)
+	} else {
+		for _, p := range qs["_pragma"] {
+			p = strings.ToLower(p)
+			if strings.HasPrefix(p, "busy_timeout") {
+				log.Error("Cannot set `_pragma=busy_timeout` option in the connection string; please use the `busyTimeout` metadata property instead")
+				return "", errors.New("found forbidden option '_pragma=busy_timeout' in the connection string")
+			} else if strings.HasPrefix(p, "journal_mode") {
+				log.Error("Cannot set `_pragma=journal_mode` option in the connection string; please use the `disableWAL` metadata property instead")
+				return "", errors.New("found forbidden option '_pragma=journal_mode' in the connection string")
+			}
+		}
+	}
+	if m.BusyTimeout > 0 {
+		qs["_pragma"] = append(qs["_pragma"], fmt.Sprintf("busy_timeout(%d)", m.BusyTimeout.Milliseconds()))
+	}
+	if isMemoryDB {
+		// For in-memory databases, set the journal to MEMORY, the only allowed option besides OFF (which would make transactions ineffective)
+		qs["_pragma"] = append(qs["_pragma"], "journal_mode(MEMORY)")
+	} else if m.DisableWAL || isReadOnly {
+		// Set the journaling mode to "DELETE" (the default) if WAL is disabled or if the database is read-only
+		qs["_pragma"] = append(qs["_pragma"], "journal_mode(DELETE)")
+	} else {
+		// Enable WAL
+		qs["_pragma"] = append(qs["_pragma"], "journal_mode(WAL)")
+	}
+
+	// Build the final connection string
+	connString := m.ConnectionString
+	if idx > 0 {
+		connString = connString[:idx]
+	}
+	connString += "?" + qs.Encode()
+
+	// If the connection string doesn't begin with "file:", add the prefix
+	if !strings.HasPrefix(lc, "file:") {
+		log.Debug("prefix 'file:' added to the connection string")
+		connString = "file:" + connString
+	}
+
+	return connString, nil
+}
+
+// Validates an identifier, such as table or DB name.
+func ValidIdentifier(v string) bool {
+	if v == "" {
+		return false
+	}
+
+	// Loop through the string as byte slice as we only care about ASCII characters
+	b := []byte(v)
+	for i := 0; i < len(b); i++ {
+		if (b[i] >= '0' && b[i] <= '9') ||
+			(b[i] >= 'a' && b[i] <= 'z') ||
+			(b[i] >= 'A' && b[i] <= 'Z') ||
+			b[i] == '_' {
+			continue
+		}
+		return false
+	}
+	return true
+}
diff --git a/internal/authentication/sqlite/metadata_test.go b/internal/authentication/sqlite/metadata_test.go
@@ -0,0 +1,95 @@
+/*
+Copyright 2023 The Dapr Authors
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package sqlite
+
+import (
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+
+	"github.com/dapr/components-contrib/metadata"
+	"github.com/dapr/components-contrib/state"
+)
+
+func TestSqliteMetadata(t *testing.T) {
+	stateMetadata := func(props map[string]string) state.Metadata {
+		return state.Metadata{Base: metadata.Base{Properties: props}}
+	}
+
+	t.Run("default options", func(t *testing.T) {
+		md := &SqliteAuthMetadata{}
+		md.Reset()
+
+		err := metadata.DecodeMetadata(stateMetadata(map[string]string{
+			"connectionString": "file:data.db",
+		}), &md)
+		require.NoError(t, err)
+
+		err = md.Validate()
+
+		require.NoError(t, err)
+		assert.Equal(t, "file:data.db", md.ConnectionString)
+		assert.Equal(t, DefaultTimeout, md.Timeout)
+		assert.Equal(t, DefaultBusyTimeout, md.BusyTimeout)
+		assert.False(t, md.DisableWAL)
+	})
+
+	t.Run("empty connection string", func(t *testing.T) {
+		md := &SqliteAuthMetadata{}
+		md.Reset()
+
+		err := metadata.DecodeMetadata(stateMetadata(map[string]string{}), &md)
+		require.NoError(t, err)
+
+		err = md.Validate()
+
+		require.Error(t, err)
+		assert.ErrorContains(t, err, "missing connection string")
+	})
+
+	t.Run("invalid timeout", func(t *testing.T) {
+		md := &SqliteAuthMetadata{}
+		md.Reset()
+
+		err := metadata.DecodeMetadata(stateMetadata(map[string]string{
+			"connectionString": "file:data.db",
+			"timeout":          "500ms",
+		}), &md)
+		require.NoError(t, err)
+
+		err = md.Validate()
+
+		require.Error(t, err)
+		assert.ErrorContains(t, err, "timeout")
+	})
+
+	t.Run("aliases", func(t *testing.T) {
+		md := &SqliteAuthMetadata{}
+		md.Reset()
+
+		err := metadata.DecodeMetadata(stateMetadata(map[string]string{
+			"url":              "file:data.db",
+			"timeoutinseconds": "1200",
+		}), &md)
+		require.NoError(t, err)
+
+		err = md.Validate()
+
+		require.NoError(t, err)
+		assert.Equal(t, "file:data.db", md.ConnectionString)
+		assert.Equal(t, 20*time.Minute, md.Timeout)
+	})
+}
diff --git a/metadata/utils.go b/metadata/utils.go
@@ -158,7 +158,7 @@ func DecodeMetadata(input any, result any) error {
 	}
 
 	// Handle aliases
-	err = resolveAliases(inputMap, result)
+	err = resolveAliases(inputMap, reflect.TypeOf(result))
 	if err != nil {
 		return fmt.Errorf("failed to resolve aliases: %w", err)
 	}
@@ -183,7 +183,7 @@ func DecodeMetadata(input any, result any) error {
 	return err
 }
 
-func resolveAliases(md map[string]string, result any) error {
+func resolveAliases(md map[string]string, t reflect.Type) error {
 	// Get the list of all keys in the map
 	keys := make(map[string]string, len(md))
 	for k := range md {
@@ -199,7 +199,6 @@ func resolveAliases(md map[string]string, result any) error {
 	}
 
 	// Error if result is not pointer to struct, or pointer to pointer to struct
-	t := reflect.TypeOf(result)
 	if t.Kind() != reflect.Pointer {
 		return fmt.Errorf("not a pointer: %s", t.Kind().String())
 	}
@@ -211,7 +210,14 @@ func resolveAliases(md map[string]string, result any) error {
 		return fmt.Errorf("not a struct: %s", t.Kind().String())
 	}
 
-	// Iterate through all the properties of result to see if anyone has the "mapstructurealiases" property
+	// Iterate through all the properties, possibly recursively
+	resolveAliasesInType(md, keys, t)
+
+	return nil
+}
+
+func resolveAliasesInType(md map[string]string, keys map[string]string, t reflect.Type) {
+	// Iterate through all the properties of the type to see if anyone has the "mapstructurealiases" property
 	for i := 0; i < t.NumField(); i++ {
 		currentField := t.Field(i)
 
@@ -221,6 +227,12 @@ func resolveAliases(md map[string]string, result any) error {
 			continue
 		}
 
+		// Check if this is an embedded struct
+		if mapstructureTag == ",squash" {
+			resolveAliasesInType(md, keys, currentField.Type)
+			continue
+		}
+
 		// If the current property has a value in the metadata, then we don't need to handle aliases
 		_, ok := keys[strings.ToLower(mapstructureTag)]
 		if ok {
@@ -246,8 +258,6 @@ func resolveAliases(md map[string]string, result any) error {
 			break
 		}
 	}
-
-	return nil
 }
 
 func toTruthyBoolHookFunc() mapstructure.DecodeHookFunc {