dsql-admin/dsql-app/init/init-sql/(functions)/check-dsql-users.ts
Benjamin Toby e0a030f10d Updates
2025-01-13 09:00:21 +01:00

94 lines
3.1 KiB
TypeScript

import dsql from "@moduletrace/datasquirel";
type MysqlUser = {
User: string;
Host: string;
};
export default async function initSQLCheckDsqlUsers() {
const readOnlyUser = await dsql.utils.connDbHandler<MysqlUser[]>(
global.INIT_SQL_ROOT_DB_CONN,
`SELECT user,host FROM mysql.user WHERE user=? AND host=?`,
[
process.env.DSQL_DB_READ_ONLY_USERNAME,
process.env.DSQL_DB_TARGET_IP_ADDRESS,
]
);
if (!readOnlyUser?.[0]?.User) {
console.log(`Read Only User Does not Exit.`);
const createReadOnlyUser = await dsql.utils.connDbHandler(
global.INIT_SQL_ROOT_DB_CONN,
`CREATE USER IF NOT EXISTS \
'${process.env.DSQL_DB_READ_ONLY_USERNAME}'@'${process.env.DSQL_DB_TARGET_IP_ADDRESS}' \
IDENTIFIED BY '${process.env.DSQL_DB_READ_ONLY_PASSWORD}'`
);
} else {
console.log("Read Only User Exists");
const grants = await dsql.utils.connDbHandler(
global.INIT_SQL_ROOT_DB_CONN,
`SHOW GRANTS FOR \
'${process.env.DSQL_DB_READ_ONLY_USERNAME}'@'${process.env.DSQL_DB_TARGET_IP_ADDRESS}'`
);
if (checkGrantsArrayForSSL(grants)) {
const removeSSL = await dsql.utils.connDbHandler(
global.INIT_SQL_ROOT_DB_CONN,
`ALTER USER \
'${process.env.DSQL_DB_READ_ONLY_USERNAME}'@'${process.env.DSQL_DB_TARGET_IP_ADDRESS}' \
REQUIRE NONE`
);
}
}
const fullAccessUser = await dsql.utils.connDbHandler<MysqlUser[]>(
global.INIT_SQL_ROOT_DB_CONN,
`SELECT user,host FROM mysql.user WHERE user=? AND host=?`,
[
process.env.DSQL_DB_FULL_ACCESS_USERNAME,
process.env.DSQL_DB_TARGET_IP_ADDRESS,
]
);
if (!fullAccessUser?.[0]?.User) {
console.log(`Read Only User Does not Exit.`);
const createReadOnlyUser = await dsql.utils.connDbHandler(
global.INIT_SQL_ROOT_DB_CONN,
`CREATE USER IF NOT EXISTS \
'${process.env.DSQL_DB_FULL_ACCESS_USERNAME}'@'${process.env.DSQL_DB_TARGET_IP_ADDRESS}' \
IDENTIFIED BY '${process.env.DSQL_DB_FULL_ACCESS_PASSWORD}'`
);
} else {
console.log("Full Access User Exists");
const grants = await dsql.utils.connDbHandler(
global.INIT_SQL_ROOT_DB_CONN,
`SHOW GRANTS FOR \
'${process.env.DSQL_DB_FULL_ACCESS_USERNAME}'@'${process.env.DSQL_DB_TARGET_IP_ADDRESS}'`
);
if (checkGrantsArrayForSSL(grants)) {
const removeSSL = await dsql.utils.connDbHandler(
global.INIT_SQL_ROOT_DB_CONN,
`ALTER USER \
'${process.env.DSQL_DB_FULL_ACCESS_USERNAME}'@'${process.env.DSQL_DB_TARGET_IP_ADDRESS}' \
REQUIRE NONE`
);
}
}
}
function checkGrantsArrayForSSL(array: any[]) {
for (let i = 0; i < array.length; i++) {
const element = array[i];
const firstKey = Object.keys(element)[0];
if (element[firstKey].match(/require ssl/i)) return true;
}
return false;
}