dsql-admin/dsql-app/package-shared/shell/mariadb-users/refreshUsersAndGrants.ts

import path from "path";
require("dotenv").config({ path: path.resolve(__dirname, "../../../.env") });

import generator from "generate-password";
import noDatabaseDbHandler from "../utils/noDatabaseDbHandler";
import dbHandler from "../utils/dbHandler";
import handleGrants, { GrantType } from "./handleGrants";
import encrypt from "../../functions/dsql/encrypt";
import decrypt from "../../functions/dsql/decrypt";
import { MYSQL_mariadb_users_table_def } from "../../types";

const defaultMariadbUserHost = process.env.DSQL_DB_HOST || "127.0.0.1";

type Param = {
    userId?: number | string;
    mariadbUserHost?: string;
    mariadbUsername?: string;
    sqlUserID?: string | number;
};

/**
 * # Refresh Mariadb User Grants
 */
export default async function refreshUsersAndGrants({
    userId,
    mariadbUserHost,
    mariadbUsername,
    sqlUserID,
}: Param) {
    const mariadbUsers = (await dbHandler({
        query: `SELECT * FROM mariadb_users`,
    })) as any[] | null;

    if (!mariadbUsers?.[0]) {
        return;
    }

    const isRootUser = userId
        ? userId == Number(process.env.DSQL_SU_USER_ID)
        : false;

    for (let i = 0; i < mariadbUsers.length; i++) {
        const mariadbUser = mariadbUsers[i];

        if (!mariadbUser) continue;
        if (userId && mariadbUser.user_id != userId) continue;

        try {
            const { mariadb_user, mariadb_host, mariadb_pass, user_id } =
                mariadbUser;
            const existingUser = await noDatabaseDbHandler(
                `SELECT * FROM mysql.user WHERE User = '${mariadb_user}' AND Host = '${mariadb_host}'`
            );

            const existingMariaDBUserArray =
                userId && sqlUserID
                    ? await dbHandler({
                          query: `SELECT * FROM mariadb_users WHERE id = ? AND user_id = ?`,
                          values: [sqlUserID, userId],
                      })
                    : null;

            const activeMariadbUserObject:
                | import("../../types").MYSQL_mariadb_users_table_def
                | undefined = Array.isArray(existingMariaDBUserArray)
                ? existingMariaDBUserArray?.[0]
                : undefined;

            const isPrimary = activeMariadbUserObject
                ? String(activeMariadbUserObject.primary)?.match(/1/)
                    ? true
                    : false
                : false;

            const isUserExisting = Boolean(existingUser?.[0]?.User);

            const isThisPrimaryHost = Boolean(
                mariadbUserHost == defaultMariadbUserHost
            );

            const dslUsername = isRootUser
                ? mariadbUsername
                : `dsql_user_${user_id}`;

            const dsqlPassword = activeMariadbUserObject?.password
                ? activeMariadbUserObject.password
                : isUserExisting
                ? mariadb_pass
                : generator.generate({
                      length: 16,
                      numbers: true,
                      symbols: true,
                      uppercase: true,
                      exclude: "*#.'`\"",
                  });

            const encryptedPassword = activeMariadbUserObject?.password
                ? activeMariadbUserObject.password
                : isUserExisting
                ? mariadb_pass
                : encrypt({
                      data: dsqlPassword,
                      encryptionKey: process.env.DSQL_ENCRYPTION_PASSWORD,
                      encryptionSalt: process.env.DSQL_ENCRYPTION_SALT,
                  });

            if (
                !isUserExisting &&
                !sqlUserID &&
                !isPrimary &&
                !mariadbUserHost &&
                !mariadbUsername
            ) {
                const createNewUser = await noDatabaseDbHandler(
                    `CREATE USER IF NOT EXISTS '${dslUsername}'@'${defaultMariadbUserHost}' IDENTIFIED BY '${dsqlPassword}'`
                );

                console.log("createNewUser", createNewUser);

                console.log(
                    `User ${mariadbUser.id}: ${mariadbUser.first_name} ${mariadbUser.last_name} SQL credentials successfully updated.`
                );

                const updateUser = await dbHandler({
                    query: `UPDATE users SET mariadb_user = ?, mariadb_host = ?, mariadb_pass = ? WHERE id = ?`,
                    values: [
                        dslUsername,
                        defaultMariadbUserHost,
                        encryptedPassword,
                        mariadbUser.id,
                    ],
                });
            } else if (!isUserExisting && mariadbUserHost) {
                const createNewUser = await noDatabaseDbHandler(
                    `CREATE USER IF NOT EXISTS '${dslUsername}'@'${mariadbUserHost}' IDENTIFIED BY '${dsqlPassword}'`
                );
            }

            if (isPrimary) {
                const finalHost = mariadbUserHost
                    ? mariadbUserHost
                    : mariadb_host;

                const updateUser = await dbHandler({
                    query: `UPDATE users SET mariadb_user = ?, mariadb_host = ?, mariadb_pass = ? WHERE id = ?`,
                    values: [
                        dslUsername,
                        finalHost,
                        encryptedPassword,
                        mariadbUser.id,
                    ],
                });
            }

            //////////////////////////////////////////////
            //////////////////////////////////////////////
            //////////////////////////////////////////////

            /**
             * @description Handle mariadb_users table
             */
            const existingMariadbPrimaryUser = await dbHandler({
                query: `SELECT * FROM mariadb_users WHERE user_id = ? AND \`primary\` = 1`,
                values: [user_id],
            });

            const isPrimaryUserExisting = Boolean(
                Array.isArray(existingMariadbPrimaryUser) &&
                    existingMariadbPrimaryUser?.[0]?.user_id
            );

            const primaryUserGrants: GrantType[] = [
                {
                    database: "*",
                    table: "*",
                    privileges: ["ALL"],
                },
            ];

            if (!isPrimaryUserExisting) {
                const insertPrimaryMariadbUser = await dbHandler({
                    query: `INSERT INTO mariadb_users (user_id, username, password, \`primary\`, grants) VALUES (?, ?, ?, ?, ?)`,
                    values: [
                        user_id,
                        dslUsername,
                        encryptedPassword,
                        "1",
                        JSON.stringify(primaryUserGrants),
                    ],
                });
            }

            //////////////////////////////////////////////

            const existingExtraMariadbUsers = await dbHandler({
                query: `SELECT * FROM mariadb_users WHERE user_id = ? AND \`primary\` != '1'`,
                values: [user_id],
            });

            if (Array.isArray(existingExtraMariadbUsers)) {
                for (let i = 0; i < existingExtraMariadbUsers.length; i++) {
                    const _mariadbUser = existingExtraMariadbUsers[
                        i
                    ] as MYSQL_mariadb_users_table_def;

                    if (
                        _mariadbUser &&
                        _mariadbUser.username != mariadbUsername
                    )
                        continue;
                    if (mariadbUserHost && _mariadbUser.host != mariadbUserHost)
                        continue;

                    const decrptedPassword = decrypt({
                        encryptedString: _mariadbUser.password || "",
                        encryptionKey: process.env.DSQL_ENCRYPTION_PASSWORD,
                        encryptionSalt: process.env.DSQL_ENCRYPTION_SALT,
                    });

                    const existingExtraMariadbUser = await noDatabaseDbHandler(
                        `SELECT * FROM mysql.user WHERE User='${_mariadbUser.username}' AND Host='${_mariadbUser.host}'`
                    );

                    const isExtraMariadbUserExisting = Boolean(
                        existingExtraMariadbUser?.[0]?.User
                    );

                    if (!isExtraMariadbUserExisting) {
                        await noDatabaseDbHandler(
                            `CREATE USER IF NOT EXISTS '${_mariadbUser.username}'@'${_mariadbUser.host}' IDENTIFIED BY '${decrptedPassword}'`
                        );
                    }

                    const isGrantHandled = await handleGrants({
                        username: _mariadbUser.username,
                        host: _mariadbUser.host,
                        grants:
                            _mariadbUser.grants &&
                            typeof _mariadbUser.grants == "string"
                                ? JSON.parse(_mariadbUser.grants)
                                : [],
                        userId: String(userId),
                    });

                    if (!isGrantHandled) {
                        console.log(
                            `Error in handling grants for user ${_mariadbUser.username}@${_mariadbUser.host}`
                        );
                    }
                }
            }
        } catch (error: any) {
            console.log(`Error in adding SQL user =>`, error.message);
        }
    }
}
Updates 2025-01-13 08:00:21 +00:00			`import path from "path";`
Updates 2024-12-06 13:24:26 +00:00			`require("dotenv").config({ path: path.resolve(__dirname, "../../../.env") });`

Updates 2025-01-13 08:00:21 +00:00			`import generator from "generate-password";`
			`import noDatabaseDbHandler from "../utils/noDatabaseDbHandler";`
			`import dbHandler from "../utils/dbHandler";`
			`import handleGrants, { GrantType } from "./handleGrants";`
			`import encrypt from "../../functions/dsql/encrypt";`
			`import decrypt from "../../functions/dsql/decrypt";`
			`import { MYSQL_mariadb_users_table_def } from "../../types";`
Updates 2024-12-06 13:24:26 +00:00
			`const defaultMariadbUserHost = process.env.DSQL_DB_HOST \|\| "127.0.0.1";`

Updates 2025-01-13 08:00:21 +00:00			`type Param = {`
			`userId?: number \| string;`
			`mariadbUserHost?: string;`
			`mariadbUsername?: string;`
			`sqlUserID?: string \| number;`
			`};`

Updates 2024-12-06 13:24:26 +00:00			`/**`
Updates 2025-01-13 08:00:21 +00:00			`* # Refresh Mariadb User Grants`
Updates 2024-12-06 13:24:26 +00:00			`*/`
Updates 2025-01-13 08:00:21 +00:00			`export default async function refreshUsersAndGrants({`
Updates 2024-12-06 13:24:26 +00:00			`userId,`
			`mariadbUserHost,`
Updates 2025-01-13 08:00:21 +00:00			`mariadbUsername,`
Updates 2024-12-06 13:24:26 +00:00			`sqlUserID,`
Updates 2025-01-13 08:00:21 +00:00			`}: Param) {`
			`const mariadbUsers = (await dbHandler({`
			query: `SELECT * FROM mariadb_users`,
			`})) as any[] \| null;`

			`if (!mariadbUsers?.[0]) {`
			`return;`
Updates 2024-12-06 13:24:26 +00:00			`}`

Updates 2025-01-13 08:00:21 +00:00			`const isRootUser = userId`
			`? userId == Number(process.env.DSQL_SU_USER_ID)`
			`: false;`
Updates 2024-12-06 13:24:26 +00:00
Updates 2025-01-13 08:00:21 +00:00			`for (let i = 0; i < mariadbUsers.length; i++) {`
			`const mariadbUser = mariadbUsers[i];`

			`if (!mariadbUser) continue;`
			`if (userId && mariadbUser.user_id != userId) continue;`
Updates 2024-12-06 13:24:26 +00:00
			`try {`
Updates 2025-01-13 08:00:21 +00:00			`const { mariadb_user, mariadb_host, mariadb_pass, user_id } =`
			`mariadbUser;`
Updates 2024-12-06 13:24:26 +00:00			`const existingUser = await noDatabaseDbHandler(`
			`SELECT * FROM mysql.user WHERE User = '${mariadb_user}' AND Host = '${mariadb_host}'`
			`);`

			`const existingMariaDBUserArray =`
			`userId && sqlUserID`
			`? await dbHandler({`
			query: `SELECT * FROM mariadb_users WHERE id = ? AND user_id = ?`,
			`values: [sqlUserID, userId],`
			`})`
			`: null;`

Updates 2025-01-13 08:00:21 +00:00			`const activeMariadbUserObject:`
			`\| import("../../types").MYSQL_mariadb_users_table_def`
			`\| undefined = Array.isArray(existingMariaDBUserArray)`
Updates 2024-12-06 13:24:26 +00:00			`? existingMariaDBUserArray?.[0]`
			`: undefined;`

			`const isPrimary = activeMariadbUserObject`
			`? String(activeMariadbUserObject.primary)?.match(/1/)`
			`? true`
			`: false`
			`: false;`

			`const isUserExisting = Boolean(existingUser?.[0]?.User);`

			`const isThisPrimaryHost = Boolean(`
			`mariadbUserHost == defaultMariadbUserHost`
			`);`

Updates 2025-01-13 08:00:21 +00:00			`const dslUsername = isRootUser`
			`? mariadbUsername`
			: `dsql_user_${user_id}`;

Updates 2024-12-06 13:24:26 +00:00			`const dsqlPassword = activeMariadbUserObject?.password`
			`? activeMariadbUserObject.password`
			`: isUserExisting`
			`? mariadb_pass`
			`: generator.generate({`
			`length: 16,`
			`numbers: true,`
			`symbols: true,`
			`uppercase: true,`
			exclude: "*#.'`\"",
			`});`

			`const encryptedPassword = activeMariadbUserObject?.password`
			`? activeMariadbUserObject.password`
			`: isUserExisting`
			`? mariadb_pass`
			`: encrypt({`
			`data: dsqlPassword,`
			`encryptionKey: process.env.DSQL_ENCRYPTION_PASSWORD,`
			`encryptionSalt: process.env.DSQL_ENCRYPTION_SALT,`
			`});`
Updates 2025-01-13 08:00:21 +00:00
Updates 2024-12-06 13:24:26 +00:00			`if (`
			`!isUserExisting &&`
			`!sqlUserID &&`
			`!isPrimary &&`
			`!mariadbUserHost &&`
Updates 2025-01-13 08:00:21 +00:00			`!mariadbUsername`
Updates 2024-12-06 13:24:26 +00:00			`) {`
			`const createNewUser = await noDatabaseDbHandler(`
Updates 2024-12-08 19:39:44 +00:00			`CREATE USER IF NOT EXISTS '${dslUsername}'@'${defaultMariadbUserHost}' IDENTIFIED BY '${dsqlPassword}'`
Updates 2024-12-06 13:24:26 +00:00			`);`

			`console.log("createNewUser", createNewUser);`

			`console.log(`
Updates 2025-01-13 08:00:21 +00:00			`User ${mariadbUser.id}: ${mariadbUser.first_name} ${mariadbUser.last_name} SQL credentials successfully updated.`
Updates 2024-12-06 13:24:26 +00:00			`);`

			`const updateUser = await dbHandler({`
			query: `UPDATE users SET mariadb_user = ?, mariadb_host = ?, mariadb_pass = ? WHERE id = ?`,
			`values: [`
			`dslUsername,`
			`defaultMariadbUserHost,`
			`encryptedPassword,`
Updates 2025-01-13 08:00:21 +00:00			`mariadbUser.id,`
Updates 2024-12-06 13:24:26 +00:00			`],`
			`});`
Updates 2025-01-13 08:00:21 +00:00			`} else if (!isUserExisting && mariadbUserHost) {`
			`const createNewUser = await noDatabaseDbHandler(`
			`CREATE USER IF NOT EXISTS '${dslUsername}'@'${mariadbUserHost}' IDENTIFIED BY '${dsqlPassword}'`
			`);`
Updates 2024-12-06 13:24:26 +00:00			`}`

			`if (isPrimary) {`
			`const finalHost = mariadbUserHost`
			`? mariadbUserHost`
			`: mariadb_host;`

			`const updateUser = await dbHandler({`
			query: `UPDATE users SET mariadb_user = ?, mariadb_host = ?, mariadb_pass = ? WHERE id = ?`,
			`values: [`
			`dslUsername,`
			`finalHost,`
			`encryptedPassword,`
Updates 2025-01-13 08:00:21 +00:00			`mariadbUser.id,`
Updates 2024-12-06 13:24:26 +00:00			`],`
			`});`
			`}`

			`//////////////////////////////////////////////`
			`//////////////////////////////////////////////`
			`//////////////////////////////////////////////`

			`/**`
			`* @description Handle mariadb_users table`
			`*/`
			`const existingMariadbPrimaryUser = await dbHandler({`
			query: `SELECT * FROM mariadb_users WHERE user_id = ? AND \`primary\` = 1`,
Updates 2025-01-13 08:00:21 +00:00			`values: [user_id],`
Updates 2024-12-06 13:24:26 +00:00			`});`

			`const isPrimaryUserExisting = Boolean(`
			`Array.isArray(existingMariadbPrimaryUser) &&`
			`existingMariadbPrimaryUser?.[0]?.user_id`
			`);`

Updates 2025-01-13 08:00:21 +00:00			`const primaryUserGrants: GrantType[] = [`
Updates 2024-12-06 13:24:26 +00:00			`{`
			`database: "*",`
			`table: "*",`
			`privileges: ["ALL"],`
			`},`
			`];`

			`if (!isPrimaryUserExisting) {`
			`const insertPrimaryMariadbUser = await dbHandler({`
			query: `INSERT INTO mariadb_users (user_id, username, password, \`primary\`, grants) VALUES (?, ?, ?, ?, ?)`,
			`values: [`
Updates 2025-01-13 08:00:21 +00:00			`user_id,`
Updates 2024-12-06 13:24:26 +00:00			`dslUsername,`
			`encryptedPassword,`
			`"1",`
			`JSON.stringify(primaryUserGrants),`
			`],`
			`});`
			`}`

			`//////////////////////////////////////////////`

			`const existingExtraMariadbUsers = await dbHandler({`
			query: `SELECT * FROM mariadb_users WHERE user_id = ? AND \`primary\` != '1'`,
Updates 2025-01-13 08:00:21 +00:00			`values: [user_id],`
Updates 2024-12-06 13:24:26 +00:00			`});`

			`if (Array.isArray(existingExtraMariadbUsers)) {`
			`for (let i = 0; i < existingExtraMariadbUsers.length; i++) {`
Updates 2025-01-13 08:00:21 +00:00			`const _mariadbUser = existingExtraMariadbUsers[`
			`i`
			`] as MYSQL_mariadb_users_table_def;`

			`if (`
			`_mariadbUser &&`
			`_mariadbUser.username != mariadbUsername`
			`)`
			`continue;`
			`if (mariadbUserHost && _mariadbUser.host != mariadbUserHost)`
			`continue;`
Updates 2024-12-06 13:24:26 +00:00
			`const decrptedPassword = decrypt({`
Updates 2025-01-13 08:00:21 +00:00			`encryptedString: _mariadbUser.password \|\| "",`
Updates 2024-12-06 13:24:26 +00:00			`encryptionKey: process.env.DSQL_ENCRYPTION_PASSWORD,`
			`encryptionSalt: process.env.DSQL_ENCRYPTION_SALT,`
			`});`

			`const existingExtraMariadbUser = await noDatabaseDbHandler(`
Updates 2025-01-13 08:00:21 +00:00			`SELECT * FROM mysql.user WHERE User='${_mariadbUser.username}' AND Host='${_mariadbUser.host}'`
Updates 2024-12-06 13:24:26 +00:00			`);`

			`const isExtraMariadbUserExisting = Boolean(`
			`existingExtraMariadbUser?.[0]?.User`
			`);`

			`if (!isExtraMariadbUserExisting) {`
			`await noDatabaseDbHandler(`
Updates 2025-01-13 08:00:21 +00:00			`CREATE USER IF NOT EXISTS '${_mariadbUser.username}'@'${_mariadbUser.host}' IDENTIFIED BY '${decrptedPassword}'`
Updates 2024-12-06 13:24:26 +00:00			`);`
			`}`

			`const isGrantHandled = await handleGrants({`
Updates 2025-01-13 08:00:21 +00:00			`username: _mariadbUser.username,`
			`host: _mariadbUser.host,`
Updates 2024-12-06 13:24:26 +00:00			`grants:`
Updates 2025-01-13 08:00:21 +00:00			`_mariadbUser.grants &&`
			`typeof _mariadbUser.grants == "string"`
			`? JSON.parse(_mariadbUser.grants)`
Updates 2024-12-06 13:24:26 +00:00			`: [],`
			`userId: String(userId),`
			`});`

			`if (!isGrantHandled) {`
			`console.log(`
Updates 2025-01-13 08:00:21 +00:00			`Error in handling grants for user ${_mariadbUser.username}@${_mariadbUser.host}`
Updates 2024-12-06 13:24:26 +00:00			`);`
			`}`
			`}`
			`}`
Updates 2025-01-13 08:00:21 +00:00			`} catch (error: any) {`
Updates 2024-12-06 13:24:26 +00:00			console.log(`Error in adding SQL user =>`, error.message);
			`}`
			`}`
			`}`