From b4c3c8246f051bc5916f21a10658a260e6a9e678 Mon Sep 17 00:00:00 2001 From: Darin Kelkhoff Date: Tue, 28 Jun 2022 11:21:27 -0500 Subject: [PATCH] QQQ-14 Add secret handling in meta data; update to scrub values before insert/update --- pom.xml | 2 +- .../rdbms/actions/AbstractRDBMSAction.java | 22 +++++++++++++++++++ .../rdbms/actions/RDBMSInsertAction.java | 20 ++++++++++------- .../rdbms/actions/RDBMSQueryAction.java | 5 ++++- .../rdbms/actions/RDBMSUpdateAction.java | 5 ++++- .../model/metadata/RDBMSBackendMetaData.java | 17 ++++++++++++++ 6 files changed, 60 insertions(+), 11 deletions(-) diff --git a/pom.xml b/pom.xml index 7e09c774..cb61d6f2 100644 --- a/pom.xml +++ b/pom.xml @@ -51,7 +51,7 @@ com.kingsrook.qqq qqq-backend-core - 0.0.0-20220624.210809-12 + 0.0.0-20220628.161829-14 diff --git a/src/main/java/com/kingsrook/qqq/backend/module/rdbms/actions/AbstractRDBMSAction.java b/src/main/java/com/kingsrook/qqq/backend/module/rdbms/actions/AbstractRDBMSAction.java index 366fa44c..d7837ff3 100644 --- a/src/main/java/com/kingsrook/qqq/backend/module/rdbms/actions/AbstractRDBMSAction.java +++ b/src/main/java/com/kingsrook/qqq/backend/module/rdbms/actions/AbstractRDBMSAction.java @@ -22,10 +22,12 @@ package com.kingsrook.qqq.backend.module.rdbms.actions; +import java.io.Serializable; import java.sql.Connection; import java.sql.SQLException; import com.kingsrook.qqq.backend.core.model.actions.AbstractQTableRequest; import com.kingsrook.qqq.backend.core.model.metadata.QFieldMetaData; +import com.kingsrook.qqq.backend.core.model.metadata.QFieldType; import com.kingsrook.qqq.backend.core.model.metadata.QTableMetaData; import com.kingsrook.qqq.backend.core.utils.StringUtils; import com.kingsrook.qqq.backend.module.rdbms.jdbc.ConnectionManager; @@ -82,4 +84,24 @@ public abstract class AbstractRDBMSAction ConnectionManager connectionManager = new ConnectionManager(); return connectionManager.getConnection((RDBMSBackendMetaData) qTableRequest.getBackend()); } + + + + /******************************************************************************* + ** Handle obvious problems with values - like empty string for integer should be null. + ** + *******************************************************************************/ + protected Serializable scrubValue(QFieldMetaData field, Serializable value) + { + if("".equals(value)) + { + QFieldType type = field.getType(); + if(type.equals(QFieldType.INTEGER) || type.equals(QFieldType.DECIMAL) || type.equals(QFieldType.DATE) || type.equals(QFieldType.DATE_TIME)) + { + value = null; + } + } + + return (value); + } } diff --git a/src/main/java/com/kingsrook/qqq/backend/module/rdbms/actions/RDBMSInsertAction.java b/src/main/java/com/kingsrook/qqq/backend/module/rdbms/actions/RDBMSInsertAction.java index 74b83a8f..c55fff9f 100644 --- a/src/main/java/com/kingsrook/qqq/backend/module/rdbms/actions/RDBMSInsertAction.java +++ b/src/main/java/com/kingsrook/qqq/backend/module/rdbms/actions/RDBMSInsertAction.java @@ -22,6 +22,7 @@ package com.kingsrook.qqq.backend.module.rdbms.actions; +import java.io.Serializable; import java.sql.Connection; import java.util.ArrayList; import java.util.List; @@ -55,7 +56,7 @@ public class RDBMSInsertAction extends AbstractRDBMSAction implements InsertInte try { - InsertResult rs = new InsertResult(); + InsertResult rs = new InsertResult(); QTableMetaData table = insertRequest.getTable(); List insertableFields = table.getFields().values().stream() @@ -69,9 +70,9 @@ public class RDBMSInsertAction extends AbstractRDBMSAction implements InsertInte .map(x -> "?") .collect(Collectors.joining(", ")); - String tableName = getTableName(table); - StringBuilder sql = new StringBuilder("INSERT INTO ").append(tableName).append("(").append(columns).append(") VALUES"); - List params = new ArrayList<>(); + String tableName = getTableName(table); + StringBuilder sql = new StringBuilder("INSERT INTO ").append(tableName).append("(").append(columns).append(") VALUES"); + List params = new ArrayList<>(); int recordIndex = 0; for(QRecord record : insertRequest.getRecords()) @@ -83,7 +84,10 @@ public class RDBMSInsertAction extends AbstractRDBMSAction implements InsertInte sql.append("(").append(questionMarks).append(")"); for(QFieldMetaData field : insertableFields) { - params.add(record.getValue(field.getName())); + Serializable value = record.getValue(field.getName()); + value = scrubValue(field, value); + + params.add(value); } } @@ -95,14 +99,14 @@ public class RDBMSInsertAction extends AbstractRDBMSAction implements InsertInte // todo - non-serial-id style tables // todo - other generated values, e.g., createDate... maybe need to re-select? - Connection connection = getConnection(insertRequest); - List idList = QueryManager.executeInsertForGeneratedIds(connection, sql.toString(), params); + Connection connection = getConnection(insertRequest); + List idList = QueryManager.executeInsertForGeneratedIds(connection, sql.toString(), params); List outputRecords = new ArrayList<>(); rs.setRecords(outputRecords); int index = 0; for(QRecord record : insertRequest.getRecords()) { - Integer id = idList.get(index++); + Integer id = idList.get(index++); QRecord outputRecord = new QRecord(record); outputRecord.setValue(table.getPrimaryKeyField(), id); outputRecords.add(outputRecord); diff --git a/src/main/java/com/kingsrook/qqq/backend/module/rdbms/actions/RDBMSQueryAction.java b/src/main/java/com/kingsrook/qqq/backend/module/rdbms/actions/RDBMSQueryAction.java index 67837e73..6c892ee8 100644 --- a/src/main/java/com/kingsrook/qqq/backend/module/rdbms/actions/RDBMSQueryAction.java +++ b/src/main/java/com/kingsrook/qqq/backend/module/rdbms/actions/RDBMSQueryAction.java @@ -45,6 +45,8 @@ import com.kingsrook.qqq.backend.core.model.metadata.QTableMetaData; import com.kingsrook.qqq.backend.core.modules.interfaces.QueryInterface; import com.kingsrook.qqq.backend.core.utils.CollectionUtils; import com.kingsrook.qqq.backend.module.rdbms.jdbc.QueryManager; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; /******************************************************************************* @@ -52,6 +54,7 @@ import com.kingsrook.qqq.backend.module.rdbms.jdbc.QueryManager; *******************************************************************************/ public class RDBMSQueryAction extends AbstractRDBMSAction implements QueryInterface { + private static final Logger LOG = LogManager.getLogger(RDBMSQueryAction.class); /******************************************************************************* ** @@ -127,7 +130,7 @@ public class RDBMSQueryAction extends AbstractRDBMSAction implements QueryInterf } catch(Exception e) { - e.printStackTrace(); + LOG.warn("Error executing query", e); throw new QException("Error executing query", e); } } diff --git a/src/main/java/com/kingsrook/qqq/backend/module/rdbms/actions/RDBMSUpdateAction.java b/src/main/java/com/kingsrook/qqq/backend/module/rdbms/actions/RDBMSUpdateAction.java index 6bd0a720..c9bdb280 100644 --- a/src/main/java/com/kingsrook/qqq/backend/module/rdbms/actions/RDBMSUpdateAction.java +++ b/src/main/java/com/kingsrook/qqq/backend/module/rdbms/actions/RDBMSUpdateAction.java @@ -22,6 +22,7 @@ package com.kingsrook.qqq.backend.module.rdbms.actions; +import java.io.Serializable; import java.sql.Connection; import java.util.ArrayList; import java.util.List; @@ -85,7 +86,9 @@ public class RDBMSUpdateAction extends AbstractRDBMSAction implements UpdateInte List params = new ArrayList<>(); for(QFieldMetaData field : updateableFields) { - params.add(record.getValue(field.getName())); + Serializable value = record.getValue(field.getName()); + value = scrubValue(field, value); + params.add(value); } params.add(record.getValue(table.getPrimaryKeyField())); diff --git a/src/main/java/com/kingsrook/qqq/backend/module/rdbms/model/metadata/RDBMSBackendMetaData.java b/src/main/java/com/kingsrook/qqq/backend/module/rdbms/model/metadata/RDBMSBackendMetaData.java index e5fa34bb..4c5e73df 100644 --- a/src/main/java/com/kingsrook/qqq/backend/module/rdbms/model/metadata/RDBMSBackendMetaData.java +++ b/src/main/java/com/kingsrook/qqq/backend/module/rdbms/model/metadata/RDBMSBackendMetaData.java @@ -23,6 +23,7 @@ package com.kingsrook.qqq.backend.module.rdbms.model.metadata; import com.kingsrook.qqq.backend.core.model.metadata.QBackendMetaData; +import com.kingsrook.qqq.backend.core.model.metadata.QSecretReader; import com.kingsrook.qqq.backend.module.rdbms.RDBMSBackendModule; @@ -252,4 +253,20 @@ public class RDBMSBackendMetaData extends QBackendMetaData this.password = password; return (this); } + + + + /******************************************************************************* + ** Called by the QInstanceEnricher - to do backend-type-specific enrichments. + ** Original use case is: reading secrets into fields (e.g., passwords). + *******************************************************************************/ + @Override + public void enrich() + { + super.enrich(); + QSecretReader secretReader = new QSecretReader(); + username = secretReader.readSecret(username); + password = secretReader.readSecret(password); + } + }