UNPKG

@osiris-ai/postgres-sdk

Version:

Osiris Postgres SDK

github.com/FetcchX/osiris-ai

FetcchX/osiris-ai

119 lines (116 loc) 3.15 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
import { z } from 'zod'; import { SecretSharingAuthenticator } from '@osiris-ai/sdk'; import { Client } from 'pg'; // @osiris-ai/postgres-sdk - PostgreSQL SDK for Authentication and API Clients var PostgresSecretSchema = z.object({ db_url: z.string().url({ message: "Invalid database URL format" }) }); var PostgresSecretSharingAuthenticator = class extends SecretSharingAuthenticator { secrets = null; constructor() { super("postgres", PostgresSecretSchema); } set(secrets) { const result = PostgresSecretSchema.safeParse(secrets); if (!result.success) { return false; } this.secrets = result.data; return true; } getDbUrl() { return this.secrets?.db_url ?? null; } /** * Execute SQL queries against the PostgreSQL database * @param params Action parameters containing SQL query * @param secrets Database connection secrets * @returns Query results or error response */ async action(params, secrets) { if (!params.data) { return { status: 400, statusText: "No data provided", data: null }; } const sql = params.data.sql; const queryParams = params.data.params; if (!sql || !queryParams) { return { status: 400, statusText: "No SQL query provided", data: null }; } const validation = this.validateSql(sql); if (!validation.isValid) { return { status: 400, statusText: validation.error || "Invalid SQL query", data: null }; } if (!this.secrets?.db_url) { return { status: 400, statusText: "No database connection configured", data: null }; } const client = new Client({ connectionString: this.secrets.db_url }); try { await client.connect(); const result = await client.query(sql, queryParams); await client.end(); return { status: 200, statusText: "OK", data: { rows: result.rows, rowCount: result.rowCount, command: result.command }, headers: {} }; } catch (error) { await client.end().catch(() => { }); return { status: 500, statusText: error.message || "Database query failed", data: null }; } } /** * Validate SQL query for safety (basic checks) * @param sql SQL query to validate * @returns true if query appears safe */ validateSql(sql) { const trimmedSql = sql.trim().toLowerCase(); const dangerousPatterns = [ /^\s*drop\s+/, /^\s*delete\s+.*\s+where\s+1\s*=\s*1/, /^\s*truncate\s+/, /^\s*alter\s+/, /;\s*drop\s+/, /;\s*delete\s+/, /;\s*truncate\s+/ ]; for (const pattern of dangerousPatterns) { if (pattern.test(trimmedSql)) { return { isValid: false, error: "SQL query contains potentially dangerous operations" }; } } return { isValid: true }; } }; export { PostgresSecretSharingAuthenticator }; //# sourceMappingURL=authenticator.js.map //# sourceMappingURL=authenticator.js.map