api, common, live: Add a new Execute() function to the API server

It's for executing SQLite statements (eg INSERT, UPDATE, DELETE)
on live databases.

Author: justinclift

api/handlers.go

@@ -615,6 +615,106 @@ func downloadHandler(w http.ResponseWriter, r *http.Request) {
 	}
 }
 
+// executeHandler executes a SQL query on a SQLite database.  It's used for running SQL queries which don't
+// return a result set, like `INSERT`, `UPDATE`, `DELETE`, and so forth.
+// This can be run from the command line using curl, like this:
+//   $ curl -kD headers.out -F apikey="YOUR_API_KEY_HERE" -F dbowner="justinclift" -F dbname="Join Testing.sqlite" \
+//       -F sql="VVBEQVRFIHRhYmxlMSBTRVQgTmFtZSA9ICdUZXN0aW5nIDEnIFdIRVJFIGlkID0gMQ==" \
+//       https://api.dbhub.io/v1/execute
+//   * "apikey" is one of your API keys.  These can be generated from your Settings page once logged in
+//   * "dbowner" is the owner of the database
+//   * "dbname" is the name of the database
+//   * "sql" is the SQL query to execute, base64 encoded
+//   NOTE that the above example (base64) encoded sql is: "UPDATE table1 SET Name = 'Testing 1' WHERE id = 1"
+func executeHandler(w http.ResponseWriter, r *http.Request) {
+	loggedInUser, err := checkAuth(w, r)
+	if err != nil {
+		jsonErr(w, err.Error(), http.StatusUnauthorized)
+		return
+	}
+
+	// Extract the database owner name, database name, and (optional) commit ID for the database from the request
+	dbOwner, dbName, _, err := com.GetFormODC(r)
+	if err != nil {
+		jsonErr(w, err.Error(), http.StatusInternalServerError)
+		return
+	}
+	dbFolder := "/"
+
+	// Grab the incoming SQLite query
+	rawInput := r.FormValue("sql")
+	query, err := com.CheckUnicode(rawInput)
+	if err != nil {
+		jsonErr(w, err.Error(), http.StatusBadRequest)
+		return
+	}
+
+	// Check if the requested database exists
+	exists, err := com.CheckDBPermissions(loggedInUser, dbOwner, dbFolder, dbName, false)
+	if err != nil {
+		jsonErr(w, err.Error(), http.StatusInternalServerError)
+		return
+	}
+	if !exists {
+		jsonErr(w, fmt.Sprintf("Database '%s%s%s' doesn't exist", dbOwner, dbFolder, dbName),
+			http.StatusNotFound)
+		return
+	}
+
+	// Check if the database is a live database, and get the node/queue to send the request to
+	isLive, liveNode, err := com.CheckDBLive(dbOwner, dbFolder, dbName)
+	if err != nil {
+		jsonErr(w, err.Error(), http.StatusInternalServerError)
+		return
+	}
+
+	// Reject attempts to run Exec() on non-live databases
+	if !isLive {
+		jsonErr(w, "Exec() only runs on Live databases, which this isn't.", http.StatusInternalServerError)
+		return
+	}
+
+	// If a live database has been uploaded but doesn't have a live node handling its requests, then create one
+	if isLive && liveNode == "" {
+		// Send a request to the AMQP backend to set up the database there, ready for querying
+		err = com.LiveCreateDB(com.AmqpChan, dbOwner, dbName)
+		if err != nil {
+			log.Println(err) // FIXME: Debug output while developing
+			jsonErr(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+	}
+
+	// Send the query execution request to our AMQP backend
+	var rawResponse []byte
+	rawResponse, err = com.MQSendRequest(com.AmqpChan, liveNode, "exec", loggedInUser, dbOwner, dbName, query)
+	if err != nil {
+		return
+	}
+
+	// Decode the response
+	var resp com.LiveDBErrorResponse
+	err = json.Unmarshal(rawResponse, &resp)
+	if err != nil {
+		log.Println(err)
+		return
+	}
+	if resp.Error != "" {
+		err = errors.New(resp.Error)
+		return
+	}
+
+	// Return a "success" message
+	z := com.StatusResponseContainer{Status: "OK"}
+	jsonData, err := json.MarshalIndent(z, "", "  ")
+	if err != nil {
+		log.Printf("Error when JSON marshalling returned data in execHandler(): %v\n", err)
+		jsonErr(w, err.Error(), http.StatusInternalServerError)
+		return
+	}
+	fmt.Fprintf(w, string(jsonData))
+}
+
 // indexesHandler returns the details of all indexes in a SQLite database
 // This can be run from the command line using curl, like this:
 //   $ curl -F apikey="YOUR_API_KEY_HERE" -F dbowner="justinclift" -F dbname="Join Testing.sqlite" https://api.dbhub.io/v1/indexes

api/main.go

@@ -126,6 +126,7 @@ func main() {
 	http.Handle("/v1/delete", gz.GzipHandler(handleWrapper(deleteHandler)))
 	http.Handle("/v1/diff", gz.GzipHandler(handleWrapper(diffHandler)))
 	http.Handle("/v1/download", gz.GzipHandler(handleWrapper(downloadHandler)))
+	http.Handle("/v1/execute", gz.GzipHandler(handleWrapper(executeHandler)))
 	http.Handle("/v1/indexes", gz.GzipHandler(handleWrapper(indexesHandler)))
 	http.Handle("/v1/metadata", gz.GzipHandler(handleWrapper(metadataHandler)))
 	http.Handle("/v1/query", gz.GzipHandler(handleWrapper(queryHandler)))

api/templates/root.html

@@ -58,7 +58,7 @@
         <div class="col-md-12"><a href="https://dbhub.io"><h1>DBHub API (in early development)</h1></a></div>
     </div>
     <div class="row">
-        <div class="col-md-12 version">API version 0.2, last modified 2023-03-20</div>
+        <div class="col-md-12 version">API version 0.2, last modified 2023-03-22</div>
     </div>
     <div class="panel panel-primary" id="note">
         <div class="panel-heading heading">Note</div>
@@ -98,9 +98,10 @@
             <li class="list-group-item"><a href="#delete" class="apiheading">Delete</a> - Deletes a database from the requesting users account</li>
             <li class="list-group-item"><a href="#diff" class="apiheading">Diff</a> - Generates a diff between two databases or two versions of a database</li>
             <li class="list-group-item"><a href="#download" class="apiheading">Download</a> - Returns the requested SQLite database file</li>
+            <li class="list-group-item" style="color: #a01e1a"><a href="#execute" class="apiheading" style="color: #a01e1a">Execute</a> - Executes a SQLite statement on a LIVE database <span style="font-style: italic">(new in version 0.2)</span> - <span style="font-weight: bold">EXPERIMENTAL ONLY</span></li>
             <li class="list-group-item"><a href="#indexes" class="apiheading">Indexes</a> - Returns the details of all indexes in a SQLite database</li>
             <li class="list-group-item"><a href="#metadata" class="apiheading">Metadata</a> - Returns the commit, branch, release, tag and web page information for a database</li>
-            <li class="list-group-item"><a href="#query" class="apiheading">Query</a> - Run a SQLite query on a database</li>
+            <li class="list-group-item"><a href="#query" class="apiheading">Query</a> - Runs a SQLite SELECT query on a database</li>
             <li class="list-group-item"><a href="#releases" class="apiheading">Releases</a> - Returns the details of all releases for a database</li>
             <li class="list-group-item"><a href="#tables" class="apiheading">Tables</a> - Returns the list of tables in a SQLite database</li>
             <li class="list-group-item"><a href="#tags" class="apiheading">Tags</a> - Returns the details of all tags for a database</li>
@@ -810,6 +811,85 @@
         </div>
     </div>
 
+    <!-- Execute -->
+    <div class="panel panel-default" id="execute">
+        <div class="panel-heading heading" style="color: #a01e1a;"><span style="font-size: x-large;">Execute</span> &nbsp; (new in version 0.2)</div>
+        <div class="panel-body">
+            <div class="row">
+                <div class="col-md-11 heading" style="color: #a01e1a; padding-bottom: 10px;">This function is EXPERIMENTAL, and may change</div>
+                <div class="col-md-1">&nbsp;</div>
+            </div>
+            <div class="row">
+                <div class="col-md-2 heading">URL</div>
+                <div class="col-md-10 heading">Description</div>
+            </div>
+            <div class="row indent">
+                <div class="col-md-2"><a href="/v1/execute">/v1/execute</a></div>
+                <div class="col-md-10">Executes a SQLite statement on a LIVE database.  eg INSERT, UPDATE, DELETE</div>
+            </div>
+            <div class="row">
+                <div class="col-md-2 heading pad">Parameters (POST)</div>
+                <div class="col-md-10"></div>
+            </div>
+            <div class="row indent">
+                <div class="col-md-2 paramname">apikey</div>
+                <div class="col-md-10">Your API key.  These can be generated in your <a href="https://[[ .ServerName ]]/pref">Settings</a> page, when logged in</div>
+            </div>
+            <div class="row indent">
+                <div class="col-md-2 paramname">dbowner</div>
+                <div class="col-md-10">The owner of the database</div>
+            </div>
+            <div class="row indent">
+                <div class="col-md-2 paramname">dbname</div>
+                <div class="col-md-10">The name of the database</div>
+            </div>
+            <div class="row indent">
+                <div class="col-md-2 paramname">sql</div>
+                <div class="col-md-10">The SQL query, <span style="font-weight: bold;">Base64</span> encoded</div>
+            </div>
+            <div class="row">
+                <div class="col-md-2 heading pad">Return values (JSON)</div>
+                <div class="col-md-10"></div>
+            </div>
+            <div class="row returndesc">
+                <div class="col-md-12">
+                    On successful execution, the returned JSON will be a simple status name/value pair
+                </div>
+            </div>
+            <div class="row indent returnhdr">
+                <div class="col-md-4">Name</div>
+                <div class="col-md-1">Type</div>
+                <div class="col-md-7">Description</div>
+            </div>
+            <div class="row indent">
+                <div class="col-md-4 paramname">status</div>
+                <div class="col-md-1 type">string</div>
+                <div class="col-md-7">Contains the string "OK" on successful execution</div>
+            </div>
+            <div class="row">
+                <div class="col-md-12 heading">Example</div>
+            </div>
+            <div class="row indent">
+                <div class="col-md-12">To execute this statement on <a href="https://dbhub.io/justinclift/Join%20Testing.sqlite">dbhub.io/justinclift/Join Testing.sqlite</a>:
+                    <pre>UPDATE table1
+SET Name = 'Testing 1'
+WHERE id = 1</pre>
+                    Using <a href="https://curl.haxx.se">curl</a>, it would be:
+                    <pre>$ curl -F apikey="YOUR_API_KEY_HERE" -F dbowner="justinclift" -F dbname="Join Testing.sqlite" \
+    -F sql="VVBEQVRFIHRhYmxlMSBTRVQgTmFtZSA9ICdUZXN0aW5nIDEnIFdIRVJFIGlkID0gMQ==" \
+    https://api.dbhub.io/v1/execute</pre>
+                    Output:
+                    <pre>{
+  "status": "OK"
+}</pre>
+                    <span style="color: darkred; font-size: larger; font-weight: bolder;">Note</span> - This is a newly added EXPERIMENTAL function, that only works with
+                    LIVE databases.  To try it out, <a href="https://dbhub.io/upload/">Upload</a> a new database and
+                    select the LIVE option under "Advanced".
+                </div>
+            </div>
+        </div>
+    </div>
+
     <!-- Indexes -->
     <div class="panel panel-default" id="indexes">
         <div class="panel-heading heading" style="font-size: x-large; color: #2e6da4;">Indexes</div>
@@ -1077,7 +1157,7 @@
             </div>
             <div class="row indent">
                 <div class="col-md-2"><a href="/v1/query">/v1/query</a></div>
-                <div class="col-md-10">Run a SQLite query on a database</div>
+                <div class="col-md-10">Run a SQLite SELECT query on a database</div>
             </div>
             <div class="row">
                 <div class="col-md-2 heading pad">Parameters (POST)</div>

common/live.go

@@ -274,7 +274,7 @@ func MQCreateResponse(msg amqp.Delivery, channel *amqp.Channel, nodeName, result
 // It is probably only useful for returning errors that occur before we've decoded the incoming AMQP
 // request to know what type it is
 func MQErrorResponse(msg amqp.Delivery, channel *amqp.Channel, nodeName string, errMsg string) (err error) {
-	// Construct the query response request
+	// Construct the response
 	resp := LiveDBErrorResponse{
 		Node:  nodeName,
 		Error: errMsg,
@@ -307,7 +307,7 @@ func MQErrorResponse(msg amqp.Delivery, channel *amqp.Channel, nodeName string,
 
 // MQDeleteResponse sends an error message in response to an AMQP database deletion request
 func MQDeleteResponse(msg amqp.Delivery, channel *amqp.Channel, nodeName string, errMsg string) (err error) {
-	// Construct the query response request
+	// Construct the response
 	resp := LiveDBErrorResponse{ // Yep, we're reusing this super basic error response instead of creating a new one
 		Node:  nodeName,
 		Error: errMsg,
@@ -338,6 +338,39 @@ func MQDeleteResponse(msg amqp.Delivery, channel *amqp.Channel, nodeName string,
 	return
 }
 
+// MQExecResponse sends a message in response to an AMQP database query exec request
+func MQExecResponse(msg amqp.Delivery, channel *amqp.Channel, nodeName string, errMsg string) (err error) {
+	// Construct the response
+	resp := LiveDBErrorResponse{ // Yep, we're reusing this super basic error response instead of creating a new one
+		Node:  nodeName,
+		Error: errMsg,
+	}
+	var z []byte
+	z, err = json.Marshal(resp)
+	if err != nil {
+		log.Println(err)
+		return
+	}
+
+	// Send the message
+	ctx, cancel := context.WithTimeout(context.Background(), contextTimeout)
+	defer cancel()
+	err = channel.PublishWithContext(ctx, "", msg.ReplyTo, false, false,
+		amqp.Publishing{
+			ContentType:   "text/json",
+			CorrelationId: msg.CorrelationId,
+			Body:          z,
+		})
+	if err != nil {
+		log.Println(err)
+	}
+	msg.Ack(false)
+	if AmqpDebug {
+		log.Printf("[EXEC] Live node '%s' responded with ACK to message with correlationID: '%s', msg.ReplyTo: '%s'", nodeName, msg.CorrelationId, msg.ReplyTo)
+	}
+	return
+}
+
 // MQIndexesResponse sends an indexes list response
 func MQIndexesResponse(msg amqp.Delivery, channel *amqp.Channel, nodeName string, indexes []APIJSONIndex, errMsg string) (err error) {
 	// Construct the response
@@ -374,7 +407,7 @@ func MQIndexesResponse(msg amqp.Delivery, channel *amqp.Channel, nodeName string
 
 // MQQueryResponse sends a successful query response back
 func MQQueryResponse(msg amqp.Delivery, channel *amqp.Channel, nodeName string, results SQLiteRecordSet, errMsg string) (err error) {
-	// Construct the query response request
+	// Construct the response
 	resp := LiveDBQueryResponse{
 		Node:    nodeName,
 		Results: results,

common/sqlite.go

@@ -814,6 +814,40 @@ func ReadSQLiteDBCSV(sdb *sqlite.Conn, dbTable string) ([][]string, error) {
 	return resultSet, nil
 }
 
+// SQLiteExecQueryLive is used by our AMQP backend infrastructure to execute a user provided SQLite query
+func SQLiteExecQueryLive(baseDir, dbOwner, dbName, loggedInUser, query string) (err error) {
+	// Open the Live database on the local node
+	var sdb *sqlite.Conn
+	sdb, err = OpenSQLiteDatabaseLive(baseDir, dbOwner, dbName)
+	if err != nil {
+		return
+	}
+	defer sdb.Close()
+
+	// TODO: Probably add in the before and after logging info at some point (as per query function),
+	//       so we can analyse query execution times, memory use, etc
+
+	// Prepare the statement
+	// FIXME: Do we need to do this prepare step?  Am suspecting "no", as we don't (yet) have a way to
+	//        batch call the matching stmt.Exec() below.  Not remembering what else it might benefit though.
+	var stmt *sqlite.Stmt
+	stmt, err = sdb.Prepare(query)
+	if err != nil {
+		return
+	}
+	defer stmt.Finalize()
+
+	// Execute the statement
+	err = stmt.Exec()
+	if err != nil {
+		log.Printf("Error when executing query by '%s' for LIVE database (%s/%s): '%s'\n",
+			SanitiseLogString(loggedInUser), SanitiseLogString(dbOwner), SanitiseLogString(dbName),
+			SanitiseLogString(err.Error()))
+		return
+	}
+	return
+}
+
 // SQLiteGetColumnsLive is used by our AMQP backend nodes to retrieve the list of columns from a SQLite database
 func SQLiteGetColumnsLive(baseDir, dbOwner, dbName, table string) (columns []sqlite.Column, err error) {
 	// Open the database on the local node

live/main.go

@@ -182,6 +182,21 @@ func main() {
 				}
 				continue
 
+			case "exec":
+				// Execute a query on the database file
+				err = com.SQLiteExecQueryLive(baseDir, req.DBOwner, req.DBName, req.RequestingUser, req.Query)
+				if err != nil {
+					err = com.MQExecResponse(msg, ch, com.NodeName, err.Error())
+					continue
+				}
+
+				// Return a success message (empty string in this case) to the caller
+				err = com.MQExecResponse(msg, ch, com.NodeName, "")
+				if err != nil {
+					log.Printf("Error: occurred on '%s' in MQExecResponse() while constructing the AMQP execute query response: '%s'", com.NodeName, err)
+				}
+				continue
+
 			case "indexes":
 				var indexes []com.APIJSONIndex
 				indexes, err = com.SQLiteGetIndexesLive(baseDir, req.DBOwner, req.DBName)