@@ -318,6 +318,81 @@ added:
318318This method is used to create SQLite user-defined functions. This method is a
319319wrapper around [ ` sqlite3_create_function_v2() ` ] [ ] .
320320
321+ ### ` database.setAuthorizer(callback) `
322+
323+ <!-- YAML
324+ added: REPLACEME
325+ -->
326+
327+ * ` callback ` {Function|null} The authorizer function to set, or ` null ` to
328+ clear the current authorizer.
329+
330+ Sets an authorizer callback that SQLite will invoke whenever it attempts to
331+ access data or modify the database schema through prepared statements.
332+ This can be used to implement security policies, audit access, or restrict certain operations.
333+ This method is a wrapper around [ ` sqlite3_set_authorizer() ` ] [ ] .
334+
335+ When invoked, the callback receives five arguments:
336+
337+ * ` actionCode ` {number} The type of operation being performed (e.g.,
338+ ` SQLITE_INSERT ` , ` SQLITE_UPDATE ` , ` SQLITE_SELECT ` ).
339+ * ` arg1 ` {string|null} The first argument (context-dependent, often a table name).
340+ * ` arg2 ` {string|null} The second argument (context-dependent, often a column name).
341+ * ` dbName ` {string|null} The name of the database.
342+ * ` triggerOrView ` {string|null} The name of the trigger or view causing the access.
343+
344+ The callback must return one of the following constants:
345+
346+ * ` SQLITE_OK ` - Allow the operation.
347+ * ` SQLITE_DENY ` - Deny the operation (causes an error).
348+ * ` SQLITE_IGNORE ` - Ignore the operation (silently skip).
349+
350+ ``` cjs
351+ const { DatabaseSync , constants } = require (' node:sqlite'
352+ const db = new DatabaseSync (' :memory:'
353+
354+ // Set up an authorizer that denies all table creation
355+ db .setAuthorizer ((actionCode ) => {
356+ if (actionCode === constants .SQLITE_CREATE_TABLE ) {
357+ return constants .SQLITE_DENY ;
358+ }
359+ return constants .SQLITE_OK ;
360+ });
361+
362+ // This will work
363+ db .prepare (' SELECT 1' get ()
364+
365+ // This will throw an error due to authorization denial
366+ try {
367+ db .exec (' CREATE TABLE blocked (id INTEGER)'
368+ } catch (err) {
369+ console .log (' Operation blocked:' err .message );
370+ }
371+ ```
372+
373+ ``` mjs
374+ import { DatabaseSync , constants } from ' node:sqlite'
375+ const db = new DatabaseSync (' :memory:'
376+
377+ // Set up an authorizer that denies all table creation
378+ db .setAuthorizer ((actionCode ) => {
379+ if (actionCode === constants .SQLITE_CREATE_TABLE ) {
380+ return constants .SQLITE_DENY ;
381+ }
382+ return constants .SQLITE_OK ;
383+ });
384+
385+ // This will work
386+ db .prepare (' SELECT 1' get ()
387+
388+ // This will throw an error due to authorization denial
389+ try {
390+ db .exec (' CREATE TABLE blocked (id INTEGER)'
391+ } catch (err) {
392+ console .log (' Operation blocked:' err .message );
393+ }
394+ ```
395+
321396### ` database.isOpen `
322397
323398<!-- YAML
@@ -1078,6 +1153,7 @@ resolution handler passed to [`database.applyChangeset()`][]. See also
10781153[ `sqlite3_last_insert_rowid()` ] : https://www.sqlite.org/c3ref/last_insert_rowid.html
10791154[ `sqlite3_load_extension()` ] : https://www.sqlite.org/c3ref/load_extension.html
10801155[ `sqlite3_prepare_v2()` ] : https://www.sqlite.org/c3ref/prepare.html
1156+ [ `sqlite3_set_authorizer()` ] : https://www.sqlite.org/c3ref/set_authorizer.html
10811157[ `sqlite3_sql()` ] : https://www.sqlite.org/c3ref/expanded_sql.html
10821158[ `sqlite3changeset_apply()` ] : https://www.sqlite.org/session/sqlite3changeset_apply.html
10831159[ `sqlite3session_attach()` ] : https://www.sqlite.org/session/sqlite3session_attach.html
0 commit comments