// @ts-check //////////////////////////////////////// //////////////////////////////////////// //////////////////////////////////////// // require("dotenv").config({ path: "../../.env" }); const noDatabaseDbHandler = require("../utils/noDatabaseDbHandler"); const dbHandler = require("../utils/dbHandler"); /** ****************************************************************************** */ /** ****************************************************************************** */ /** ****************************************************************************** */ /** ****************************************************************************** */ /** ****************************************************************************** */ /** ****************************************************************************** */ /** * @typedef {object} GrantType * @property {string} database - Database Name * @property {string} table - Table Name * @property {string[]} privileges - Privileges */ // const mariadbUserFlagIndex = process.argv.findIndex((arg) => arg == "--user"); // const mariadbUser = // mariadbUserFlagIndex > 0 ? process.argv[mariadbUserFlagIndex + 1] : null; // ////////////////////////////////////////////// // ////////////////////////////////////////////// // const mariadbUserHostFlagIndex = process.argv.findIndex( // (arg) => arg == "--host" // ); // const mariadbUserHost = // mariadbUserHostFlagIndex > 0 // ? process.argv[mariadbUserHostFlagIndex + 1] // : null; // ////////////////////////////////////////////// // ////////////////////////////////////////////// // const newGrantsJSONFlagIndex = process.argv.findIndex( // (arg) => arg == "--grants" // ); // const newGrantsJSON = // newGrantsJSONFlagIndex > 0 // ? process.argv[newGrantsJSONFlagIndex + 1] // : null; // ////////////////////////////////////////////// // ////////////////////////////////////////////// // if (!mariadbUser) { // console.log(`No user provided. \x1b[35m\`--user\`\x1b[0m flag is required`); // process.exit(); // } // if (!mariadbUserHost) { // console.log(`No Host provided. \x1b[35m\`--host\`\x1b[0m flag is required`); // process.exit(); // } // if (!newGrantsJSON) { // console.log( // `No grants JSON provided. \x1b[35m\`--grants\`\x1b[0m flag is required, and it must be a JSON string` // ); // process.exit(); // } ////////////////////////////////////////////// ////////////////////////////////////////////// /** * Handle Grants for Users * ============================================================================== * @param {object} params - Single object params * @param {string} params.username - Username * @param {string} params.host - Host * @param {GrantType[]} params.grants - Grants * @param {string} params.userId * * @returns {Promise} success */ async function handleGrants({ username, host, grants, userId }) { let success = false; console.log(`Handling Grants for User =>`, username, host); if (!username) { console.log(`No username provided.`); return success; } if (!host) { console.log( `No Host provided. \x1b[35m\`--host\`\x1b[0m flag is required` ); return success; } if (!grants) { console.log(`No grants Array provided.`); return success; } try { const existingUser = await noDatabaseDbHandler( `SELECT * FROM mysql.user WHERE User = '${username}' AND Host = '${host}'` ); const isUserExisting = Boolean(existingUser?.[0]?.User); if (isUserExisting) { const userGrants = await noDatabaseDbHandler( `SHOW GRANTS FOR '${username}'@'${host}'` ); for (let i = 0; i < userGrants.length; i++) { const grantObject = userGrants[i]; const grant = grantObject?.[Object.keys(grantObject)[0]]; if (grant?.match(/GRANT .* PRIVILEGES ON .* TO/)) { const revokeGrantText = grant .replace(/GRANT/, "REVOKE") .replace(/ TO /, " FROM "); const revokePrivilege = await noDatabaseDbHandler( revokeGrantText ); } } /** * @type {GrantType[]} */ const grantsArray = grants; for (let i = 0; i < grantsArray.length; i++) { const grantObject = grantsArray[i]; const { database, table, privileges } = grantObject; const tableText = table == "*" ? "*" : `\`${table}\``; const databaseText = database == "*" ? `\`${process.env.DSQL_USER_DB_PREFIX}${userId}_%\`` : `\`${database}\``; const privilegesText = privileges.includes("ALL") ? "ALL PRIVILEGES" : privileges.join(", "); const grantText = `GRANT ${privilegesText} ON ${databaseText}.${tableText} TO '${username}'@'${host}'`; const grantPriviledge = await noDatabaseDbHandler(grantText); } } success = true; ////////////////////////////////////////////// ////////////////////////////////////////////// ////////////////////////////////////////////// } catch (/** @type {any} */ error) { console.log(`Error in adding SQL user =>`, error.message); } return success; //////////////////////////////////////// //////////////////////////////////////// //////////////////////////////////////// } /** ****************************************************************************** */ /** ****************************************************************************** */ /** ****************************************************************************** */ /** ****************************************************************************** */ /** ****************************************************************************** */ module.exports = handleGrants;