1
0
mirror of https://github.com/node-red/node-red-nodes.git synced 2023-10-10 13:36:58 +02:00

Added a few SQL modes (#360)

This commit is contained in:
atsage 2018-03-20 15:04:23 -04:00 committed by Dave Conway-Jones
parent b9da5d87d8
commit babff3ff26
2 changed files with 149 additions and 21 deletions

View File

@ -20,22 +20,49 @@
<script type="text/x-red" data-template-name="sqlite">
<div class="form-row">
<label for="node-input-name"><i class="fa fa-tag"></i> Name</label>
<input type="text" id="node-input-name" placeholder="Name">
</div>
<div class="form-row">
<label for="node-input-mydb"><i class="fa fa-database"></i> Database</label>
<input type="text" id="node-input-mydb">
</div>
<div class="form-row">
<label for="node-input-name"><i class="fa fa-tag"></i> Name</label>
<input type="text" id="node-input-name" placeholder="Name">
<label for=""><i class="fa fa-code"></i> SQL Query</label>
<select id="node-input-sqlquery">
<option value="msg.topic">Via msg.topic</option>
<option value="fixed">Fixed Statement</option>
<option value="prepared">Prepared Statement</option>
</select>
</div>
<div class="form-row" style="margin-bottom: 0px;">
<label for="" style="width: unset;" id="node-input-sqllabel"><i class="fa fa-code"></i> SQL Statement</label>
</div>
<div>
<input type="hidden" id="node-input-sql" autofocus="autofocus">
</div>
<div class="form-row node-text-editor-row">
<div style="height: 250px; min-height:150px;" class="node-text-editor" id="node-input-sql-editor" ></div>
</div>
</script>
<script type="text/x-red" data-help-name="sqlite">
<p>Allows basic access to a Sqlite database.</p>
<p>This node uses the <b>db.all</b> operation against the configured database. This does allow INSERTS, UPDATES and DELETES.
<p>Allows access to a Sqlite database.</p>
<p>SQL Query sets how the query is passed to the node.</p>
<p>SQL Query <i>Via msg.topic</i> and <i>Fixed Statement</i> uses the <b>db.all</b> operation against the configured database. This does allow INSERTS, UPDATES and DELETES.
By its very nature it is SQL injection... so <i>be careful out there...</i></p>
<p><code>msg.topic</code> must hold the <i>query</i> for the database, and the result is returned in <code>msg.payload</code>.</p>
<p><code>msg.payload</code> can contain an array of values to bind to the topic.</p>
<p>SQL Type <i>Prepared Statement</i> also uses <b>db.all</b> but sanitizes parameters passed, eliminating the possibility of SQL injection.</p>
<p>When using msg.topic <code>msg.topic</code> must hold the <i>query</i> for the database.</p>
<p>When using Normal or Prepared the <i>query</i> must be entered in the node config.</p>
<p>Pass in the parameters as an object in <code>msg.params</code> for Prepared. Ex:<br />
<code>msg.params = {<br />
&nbsp;&nbsp;&nbsp;&nbsp;$id:1,<br />
&nbsp;&nbsp;&nbsp;&nbsp;$name:"John Doe"<br />
}</code><br />
Parameter object names must match parameters set up in the Prepared Statement. If you get the error <code>SQLITE_RANGE: bind or column index out of range</code>
be sure to include $ on the parameter object key.</p>
<p>Using any SQL Query, the result is returned in <code>msg.payload</code></p>
<p>Typically the returned payload will be an array of the result rows, (or an error).</p>
<p>The reconnect timeout in milliseconds can be changed by adding a line to <b>settings.js</b>
<pre>sqliteReconnectTime: 20000,</pre></p>
@ -47,6 +74,8 @@
color:"#e97b00",
defaults: {
mydb: {type:"sqlitedb",required:true},
sqlquery: {value:"msg.topic",required:true},
sql: {value:""},
name: {value:""}
},
inputs:1,
@ -56,8 +85,59 @@
var dbNode = RED.nodes.node(this.mydb);
return this.name||(dbNode?dbNode.label():"sqlite");
},
labelStyle: function() {
labelStyle: function() {
return this.name?"node_label_italic":"";
},
oneditprepare: function() {
var ace = this;
this.editor = RED.editor.createEditor({
id: 'node-input-sql-editor',
mode: 'ace/mode/sql',
value: $("#node-input-sql").val(),
globals: {
msg:true,
context:true,
RED: true,
util: true,
flow: true,
global: true,
console: true,
Buffer: true,
setTimeout: true,
clearTimeout: true,
setInterval: true,
clearInterval: true
}
});
$("#node-input-sqlquery").change(function() {
if ($("#node-input-sqlquery").val() == "msg.topic"){
$("#node-input-sqllabel").hide();
$("#node-input-sql-editor").hide();
}
else{
$("#node-input-sqllabel").show();
$("#node-input-sql-editor").show();
ace.editor.renderer.updateFull();
}
});
$("#node-input-sqlquery").change();
},
oneditsave: function() {
$("#node-input-sql").val(this.editor.getValue());
this.editor.destroy();
delete this.editor;
},
oneditresize: function(size) {
var rows = $("#dialog-form>div:not(.node-text-editor-row)");
var height = $("#dialog-form").height();
for (var i=0; i<rows.size(); i++) {
height -= $(rows[i]).outerHeight(true);
}
var editorRow = $("#dialog-form>div.node-text-editor-row");
height -= (parseInt(editorRow.css("marginTop"))+parseInt(editorRow.css("marginBottom")));
$(".node-text-editor").css("height",height+"px");
this.editor.resize();
}
});
</script>

View File

@ -1,4 +1,3 @@
module.exports = function(RED) {
"use strict";
var reconnect = RED.settings.sqliteReconnectTime || 20000;
@ -33,26 +32,75 @@ module.exports = function(RED) {
function SqliteNodeIn(n) {
RED.nodes.createNode(this,n);
this.mydb = n.mydb;
this.sqlquery = n.sqlquery||"msg.topic";
this.sql = n.sql;
this.mydbConfig = RED.nodes.getNode(this.mydb);
var node = this;
node.status({});
if (this.mydbConfig) {
this.mydbConfig.doConnect();
var node = this;
var bind = [];
node.on("input", function(msg) {
if (typeof msg.topic === 'string') {
//console.log("query:",msg.topic);
var bind = Array.isArray(msg.payload) ? msg.payload : [];
node.mydbConfig.db.all(msg.topic, bind, function(err, row) {
if (err) { node.error(err,msg); }
else {
msg.payload = row;
node.send(msg);
if (this.sqlquery == "msg.topic"){
if (typeof msg.topic === 'string') {
bind = Array.isArray(msg.payload) ? msg.payload : [];
node.mydbConfig.db.all(msg.topic, bind, function(err, row) {
if (err) { node.error(err,msg); }
else {
msg.payload = row;
node.send(msg);
}
});
}
else {
if (typeof msg.topic !== 'string') {
node.error("msg.topic : the query is not defined as a string",msg);
node.status({fill:"red",shape:"dot",text:"msg.topic error"});
}
});
}
}
else {
if (typeof msg.topic !== 'string') {
node.error("msg.topic : the query is not defined as a string",msg);
if (this.sqlquery == "fixed"){
if (typeof this.sql === 'string'){
bind = Array.isArray(msg.payload) ? msg.payload : [];
node.mydbConfig.db.all(this.sql, bind, function(err, row) {
if (err) { node.error(err,msg); }
else {
msg.payload = row;
node.send(msg);
}
});
}
else{
if (this.sql === null || this.sql == ""){
node.error("SQL statement config not set up",msg);
node.status({fill:"red",shape:"dot",text:"SQL config not set up"});
}
}
}
if (this.sqlquery == "prepared"){
if (typeof this.sql === 'string' && typeof msg.params !== "undefined" && typeof msg.params === "object"){
node.mydbConfig.db.all(this.sql, msg.params, function(err, row) {
if (err) { node.error(err,msg); }
else {
msg.payload = row;
node.send(msg);
}
});
}
else{
if (this.sql === null || this.sql == ""){
node.error("Prepared statement config not set up",msg);
node.status({fill:"red",shape:"dot",text:"Prepared statement not set up"});
}
if (typeof msg.params == "undefined"){
node.error("msg.params not passed");
node.status({fill:"red",shape:"dot",text:"msg.params not passed",msg});
}
else if (typeof msg.params != "object"){
node.error("msg.params not an object");
node.status({fill:"red",shape:"dot",text:"msg.params not an object",msg});
}
}
}
});