Merge branch 'devel' into CB-5524-scripts-can-rename-folders-with-res…

…tricted-symbols
dbeaver · Nov 22, 2024 · 1ac46ef · 1ac46ef
2 parents 21c4c4b + ae1f0b7
commit 1ac46ef
Show file tree

Hide file tree

Showing 7 changed files with 145 additions and 14 deletions.
diff --git a/deploy/docker/base-java/Dockerfile b/deploy/docker/base-java/Dockerfile
@@ -23,8 +23,7 @@ RUN set -eux; \
         tzdata \
         # locales ensures proper character encoding and locale-specific behaviors using en_US.UTF-8
         locales \
-        nano \
-    ; \
+        nano && \
     echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen; \
     locale-gen en_US.UTF-8; \
     rm -rf /var/lib/apt/lists/*

diff --git a/deploy/docker/cloudbeaver-ce/Dockerfile b/deploy/docker/cloudbeaver-ce/Dockerfile
@@ -2,12 +2,24 @@ FROM dbeaver/base-java
 
 MAINTAINER DBeaver Corp, [email protected]
 
-RUN apt-get update; \
-    apt-get upgrade -y; 
-
+ENV DBEAVER_GID=8978
+ENV DBEAVER_UID=8978
+
+RUN apt-get update && \
+    apt-get upgrade -y
+
+RUN groupadd -g $DBEAVER_GID dbeaver && \
+    useradd -g $DBEAVER_GID -M -u $DBEAVER_UID -s /bin/bash dbeaver
+
 COPY cloudbeaver /opt/cloudbeaver
+COPY scripts/launch-product.sh /opt/cloudbeaver/launch-product.sh
+
+RUN chown -R $DBEAVER_UID:$DBEAVER_GID /opt/cloudbeaver
 
 EXPOSE 8978
 RUN find /opt/cloudbeaver -type d -exec chmod 775 {} \;
 WORKDIR /opt/cloudbeaver/
-ENTRYPOINT ["./run-server.sh"]
+
+RUN chmod +x "run-server.sh" "/opt/cloudbeaver/launch-product.sh"
+
+ENTRYPOINT ["./launch-product.sh"]
diff --git a/deploy/scripts/launch-product.sh b/deploy/scripts/launch-product.sh
@@ -0,0 +1,11 @@
+#!/bin/bash
+
+# This script is needed to change ownership and run the application as user dbeaver during the upgrade from version 24.2.0
+
+# Change ownership of the WORKDIR to the dbeaver user and group
+# Variables DBEAVER_<UID|GID> are defined in the Dockerfile and exported to the runtime environment
+# PWD equals WORKDIR value from product Dockerfile
+chown -R $DBEAVER_UID:$DBEAVER_GID $PWD
+
+# Execute run-server.sh as the dbeaver user with the JAVA_HOME and PATH environment variables
+exec su dbeaver -c "JAVA_HOME=$JAVA_HOME PATH=$PATH ./run-server.sh"
diff --git a/server/bundles/io.cloudbeaver.server/plugin.xml b/server/bundles/io.cloudbeaver.server/plugin.xml
@@ -75,4 +75,12 @@
         </eventHandler>
     </extension>
 
+    <extension point="org.jkiss.dbeaver.settings">
+        <propertyGroup id="log" label="Logger">
+            <property id="log.api.graphql.debug" label="Enable detailed logging"
+                      type="boolean" scopes="global"
+                      description="Enable detailed logging of GraphQL queries in the server log, including all provided variables"/>
+        </propertyGroup>
+    </extension>
+
 </plugin>
diff --git a/server/bundles/io.cloudbeaver.server/src/io/cloudbeaver/server/graphql/GraphQLEndpoint.java b/server/bundles/io.cloudbeaver.server/src/io/cloudbeaver/server/graphql/GraphQLEndpoint.java
@@ -51,10 +51,7 @@
 import java.io.Reader;
 import java.lang.reflect.InvocationTargetException;
 import java.net.URL;
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.List;
-import java.util.Map;
+import java.util.*;
 import java.util.concurrent.CompletableFuture;
 
 public class GraphQLEndpoint extends HttpServlet {
@@ -68,7 +65,6 @@ public class GraphQLEndpoint extends HttpServlet {
     private static final String HEADER_ACCESS_CONTROL_ALLOW_CREDENTIALS = "Access-Control-Allow-Credentials";
 
     private static final String CORE_SCHEMA_FILE_NAME = "schema/schema.graphqls";
-
     private final GraphQL graphQL;
 
     private static final Gson gson = new GsonBuilder()
@@ -253,10 +249,13 @@ private void executeQuery(HttpServletRequest request, HttpServletResponse respon
 //                    apiCall += " (" + variables + ")";
 //                }
 //            }
+            String sessionId = GraphQLLoggerUtil.getSessionId(request);
+            String userId = GraphQLLoggerUtil.getUserId(request);
+            String loggerMessage = GraphQLLoggerUtil.buildLoggerMessage(sessionId, userId, variables);
             if (apiCall != null) {
-                log.debug("API > " + apiCall);
+                log.debug("API > " + apiCall + loggerMessage);
             } else if (DEBUG) {
-                log.debug("API > " + query);
+                log.debug("API > " + query + loggerMessage);
             }
         }
         ExecutionInput executionInput = contextBuilder.build();

diff --git a/...er/bundles/io.cloudbeaver.server/src/io/cloudbeaver/server/graphql/GraphQLLoggerUtil.java b/...er/bundles/io.cloudbeaver.server/src/io/cloudbeaver/server/graphql/GraphQLLoggerUtil.java
@@ -0,0 +1,102 @@
+/*
+ * DBeaver - Universal Database Manager
+ * Copyright (C) 2010-2024 DBeaver Corp and others
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package io.cloudbeaver.server.graphql;
+
+import io.cloudbeaver.model.session.WebSession;
+import io.cloudbeaver.server.CBApplication;
+import io.cloudbeaver.server.CBPlatform;
+import jakarta.servlet.http.HttpServletRequest;
+import org.jkiss.utils.CommonUtils;
+
+import java.util.Map;
+import java.util.Set;
+
+public class GraphQLLoggerUtil {
+
+    public static final String LOG_API_GRAPHQL_DEBUG_PARAMETER = "log.api.graphql.debug";
+    private static final Set<String> PROHIBITED_VARIABLES =
+        Set.of("password", "config", "parameters", "settings", "licenseText", "credentials", "username");
+
+    public static String getUserId(HttpServletRequest request) {
+        WebSession session = getWebSession(request);
+        if (session == null) {
+            return null;
+        }
+        String userId = session.getUserContext().getUserId();
+        if (userId == null && session.getUserContext().isAuthorizedInSecurityManager()) {
+            return "anonymous";
+        }
+        return userId;
+    }
+
+    public static String getSessionId(HttpServletRequest request) {
+        WebSession session = getWebSession(request);
+        if (session == null) {
+            return null;
+        }
+        return session.getUserContext().getSmSessionId();
+    }
+
+    private static WebSession getWebSession(HttpServletRequest request) {
+        if (request.getSession() == null) {
+            return null;
+        }
+        return (WebSession) CBApplication.getInstance()
+            .getSessionManager()
+            .getSession(request.getSession().getId());
+    }
+
+    public static String buildLoggerMessage(String sessionId, String userId, Map<String, Object> variables) {
+        StringBuilder loggerMessage = new StringBuilder(" [user: ").append(userId)
+            .append(", sessionId: ").append(sessionId).append("]");
+
+        if (CBPlatform.getInstance().getPreferenceStore().getBoolean(LOG_API_GRAPHQL_DEBUG_PARAMETER)
+                && variables != null
+        ) {
+            loggerMessage.append(" [variables] ");
+            String parsedVariables = parseVarialbes(variables);
+            if (CommonUtils.isNotEmpty(parsedVariables)) {
+                loggerMessage.append(parseVarialbes(variables));
+            }
+        }
+        return loggerMessage.toString();
+    }
+
+    private static String parseVarialbes(Map<String, Object> map) {
+        StringBuilder result = new StringBuilder();
+
+        for (Map.Entry<String, Object> entry : map.entrySet()) {
+            String key = entry.getKey();
+            Object value = entry.getValue();
+
+            boolean isProhibited = PROHIBITED_VARIABLES.stream()
+                .anyMatch(prohibitedKey -> key.toLowerCase().contains(prohibitedKey.toLowerCase()));
+
+            if (isProhibited) {
+                result.append(key).append(": ").append("******** ");
+                continue;
+            }
+
+            if (value instanceof Map) {
+                result.append(parseVarialbes((Map<String, Object>) value));
+            } else {
+                result.append(key).append(": ").append(value).append(" ");
+            }
+        }
+        return result.toString().trim();
+    }
+}
diff --git a/webapp/packages/core-projects/src/ProjectsService.ts b/webapp/packages/core-projects/src/ProjectsService.ts
@@ -107,7 +107,7 @@ export class ProjectsService extends Dependency {
     this.getActiveProjectTask = new SyncExecutor();
     this.onActiveProjectChange = new Executor();
 
-    this.onActiveProjectChange.before(navigationService.navigationTask);
+    this.onActiveProjectChange.before(navigationService.navigationTask, undefined, data => !isArraysEqual(data.projects, this.activeProjectIds));
 
     this.userInfoResource.onUserChange.addHandler(() => {
       this.onActiveProjectChange.execute({