diff options
Diffstat (limited to 'includes/js/dojox/_sql/common.js')
-rw-r--r-- | includes/js/dojox/_sql/common.js | 538 |
1 files changed, 538 insertions, 0 deletions
diff --git a/includes/js/dojox/_sql/common.js b/includes/js/dojox/_sql/common.js new file mode 100644 index 0000000..00f4893 --- /dev/null +++ b/includes/js/dojox/_sql/common.js @@ -0,0 +1,538 @@ +if(!dojo._hasResource["dojox._sql.common"]){ //_hasResource checks added by build. Do not use _hasResource directly in your code. +dojo._hasResource["dojox._sql.common"] = true; +dojo.provide("dojox._sql.common"); + +dojo.require("dojox._sql._crypto"); + +// summary: +// Executes a SQL expression. +// description: +// There are four ways to call this: +// 1) Straight SQL: dojox.sql("SELECT * FROM FOOBAR"); +// 2) SQL with parameters: dojox.sql("INSERT INTO FOOBAR VALUES (?)", someParam) +// 3) Encrypting particular values: +// dojox.sql("INSERT INTO FOOBAR VALUES (ENCRYPT(?))", someParam, "somePassword", callback) +// 4) Decrypting particular values: +// dojox.sql("SELECT DECRYPT(SOMECOL1), DECRYPT(SOMECOL2) FROM +// FOOBAR WHERE SOMECOL3 = ?", someParam, +// "somePassword", callback) +// +// For encryption and decryption the last two values should be the the password for +// encryption/decryption, and the callback function that gets the result set. +// +// Note: We only support ENCRYPT(?) statements, and +// and DECRYPT(*) statements for now -- you can not have a literal string +// inside of these, such as ENCRYPT('foobar') +// +// Note: If you have multiple columns to encrypt and decrypt, you can use the following +// convenience form to not have to type ENCRYPT(?)/DECRYPT(*) many times: +// +// dojox.sql("INSERT INTO FOOBAR VALUES (ENCRYPT(?, ?, ?))", +// someParam1, someParam2, someParam3, +// "somePassword", callback) +// +// dojox.sql("SELECT DECRYPT(SOMECOL1, SOMECOL2) FROM +// FOOBAR WHERE SOMECOL3 = ?", someParam, +// "somePassword", callback) +dojox.sql = new Function("return dojox.sql._exec(arguments);"); + +dojo.mixin(dojox.sql, { + dbName: null, + + // summary: + // If true, then we print out any SQL that is executed + // to the debug window + debug: (dojo.exists("dojox.sql.debug")?dojox.sql.debug:false), + + open: function(dbName){ + if(this._dbOpen && (!dbName || dbName == this.dbName)){ + return; + } + + if(!this.dbName){ + this.dbName = "dot_store_" + + window.location.href.replace(/[^0-9A-Za-z_]/g, "_"); + // database names in Gears are limited to 64 characters long + if(this.dbName.length > 63){ + this.dbName = this.dbName.substring(0, 63); + } + } + + if(!dbName){ + dbName = this.dbName; + } + + try{ + this._initDb(); + this.db.open(dbName); + this._dbOpen = true; + }catch(exp){ + throw exp.message||exp; + } + }, + + close: function(dbName){ + // on Internet Explorer, Google Gears throws an exception + // "Object not a collection", when we try to close the + // database -- just don't close it on this platform + // since we are running into a Gears bug; the Gears team + // said it's ok to not close a database connection + if(dojo.isIE){ return; } + + if(!this._dbOpen && (!dbName || dbName == this.dbName)){ + return; + } + + if(!dbName){ + dbName = this.dbName; + } + + try{ + this.db.close(dbName); + this._dbOpen = false; + }catch(exp){ + throw exp.message||exp; + } + }, + + _exec: function(params){ + try{ + // get the Gears Database object + this._initDb(); + + // see if we need to open the db; if programmer + // manually called dojox.sql.open() let them handle + // it; otherwise we open and close automatically on + // each SQL execution + if(!this._dbOpen){ + this.open(); + this._autoClose = true; + } + + // determine our parameters + var sql = null; + var callback = null; + var password = null; + + var args = dojo._toArray(params); + + sql = args.splice(0, 1)[0]; + + // does this SQL statement use the ENCRYPT or DECRYPT + // keywords? if so, extract our callback and crypto + // password + if(this._needsEncrypt(sql) || this._needsDecrypt(sql)){ + callback = args.splice(args.length - 1, 1)[0]; + password = args.splice(args.length - 1, 1)[0]; + } + + // 'args' now just has the SQL parameters + + // print out debug SQL output if the developer wants that + if(this.debug){ + this._printDebugSQL(sql, args); + } + + // handle SQL that needs encryption/decryption differently + // do we have an ENCRYPT SQL statement? if so, handle that first + if(this._needsEncrypt(sql)){ + var crypto = new dojox.sql._SQLCrypto("encrypt", sql, + password, args, + callback); + return; // encrypted results will arrive asynchronously + }else if(this._needsDecrypt(sql)){ // otherwise we have a DECRYPT statement + var crypto = new dojox.sql._SQLCrypto("decrypt", sql, + password, args, + callback); + return; // decrypted results will arrive asynchronously + } + + // execute the SQL and get the results + var rs = this.db.execute(sql, args); + + // Gears ResultSet object's are ugly -- normalize + // these into something JavaScript programmers know + // how to work with, basically an array of + // JavaScript objects where each property name is + // simply the field name for a column of data + rs = this._normalizeResults(rs); + + if(this._autoClose){ + this.close(); + } + + return rs; + }catch(exp){ + exp = exp.message||exp; + + console.debug("SQL Exception: " + exp); + + if(this._autoClose){ + try{ + this.close(); + }catch(e){ + console.debug("Error closing database: " + + e.message||e); + } + } + + throw exp; + } + }, + + _initDb: function(){ + if(!this.db){ + try{ + this.db = google.gears.factory.create('beta.database', '1.0'); + }catch(exp){ + dojo.setObject("google.gears.denied", true); + dojox.off.onFrameworkEvent("coreOperationFailed"); + throw "Google Gears must be allowed to run"; + } + } + }, + + _printDebugSQL: function(sql, args){ + var msg = "dojox.sql(\"" + sql + "\""; + for(var i = 0; i < args.length; i++){ + if(typeof args[i] == "string"){ + msg += ", \"" + args[i] + "\""; + }else{ + msg += ", " + args[i]; + } + } + msg += ")"; + + console.debug(msg); + }, + + _normalizeResults: function(rs){ + var results = []; + if(!rs){ return []; } + + while(rs.isValidRow()){ + var row = {}; + + for(var i = 0; i < rs.fieldCount(); i++){ + var fieldName = rs.fieldName(i); + var fieldValue = rs.field(i); + row[fieldName] = fieldValue; + } + + results.push(row); + + rs.next(); + } + + rs.close(); + + return results; + }, + + _needsEncrypt: function(sql){ + return /encrypt\([^\)]*\)/i.test(sql); + }, + + _needsDecrypt: function(sql){ + return /decrypt\([^\)]*\)/i.test(sql); + } +}); + +// summary: +// A private class encapsulating any cryptography that must be done +// on a SQL statement. We instantiate this class and have it hold +// it's state so that we can potentially have several encryption +// operations happening at the same time by different SQL statements. +dojo.declare("dojox.sql._SQLCrypto", null, { + constructor: function(action, sql, password, args, callback){ + if(action == "encrypt"){ + this._execEncryptSQL(sql, password, args, callback); + }else{ + this._execDecryptSQL(sql, password, args, callback); + } + }, + + _execEncryptSQL: function(sql, password, args, callback){ + // strip the ENCRYPT/DECRYPT keywords from the SQL + var strippedSQL = this._stripCryptoSQL(sql); + + // determine what arguments need encryption + var encryptColumns = this._flagEncryptedArgs(sql, args); + + // asynchronously encrypt each argument that needs it + var self = this; + this._encrypt(strippedSQL, password, args, encryptColumns, function(finalArgs){ + // execute the SQL + var error = false; + var resultSet = []; + var exp = null; + try{ + resultSet = dojox.sql.db.execute(strippedSQL, finalArgs); + }catch(execError){ + error = true; + exp = execError.message||execError; + } + + // was there an error during SQL execution? + if(exp != null){ + if(dojox.sql._autoClose){ + try{ dojox.sql.close(); }catch(e){} + } + + callback(null, true, exp.toString()); + return; + } + + // normalize SQL results into a JavaScript object + // we can work with + resultSet = dojox.sql._normalizeResults(resultSet); + + if(dojox.sql._autoClose){ + dojox.sql.close(); + } + + // are any decryptions necessary on the result set? + if(dojox.sql._needsDecrypt(sql)){ + // determine which of the result set columns needs decryption + var needsDecrypt = self._determineDecryptedColumns(sql); + + // now decrypt columns asynchronously + // decrypt columns that need it + self._decrypt(resultSet, needsDecrypt, password, function(finalResultSet){ + callback(finalResultSet, false, null); + }); + }else{ + callback(resultSet, false, null); + } + }); + }, + + _execDecryptSQL: function(sql, password, args, callback){ + // strip the ENCRYPT/DECRYPT keywords from the SQL + var strippedSQL = this._stripCryptoSQL(sql); + + // determine which columns needs decryption; this either + // returns the value *, which means all result set columns will + // be decrypted, or it will return the column names that need + // decryption set on a hashtable so we can quickly test a given + // column name; the key is the column name that needs + // decryption and the value is 'true' (i.e. needsDecrypt["someColumn"] + // would return 'true' if it needs decryption, and would be 'undefined' + // or false otherwise) + var needsDecrypt = this._determineDecryptedColumns(sql); + + // execute the SQL + var error = false; + var resultSet = []; + var exp = null; + try{ + resultSet = dojox.sql.db.execute(strippedSQL, args); + }catch(execError){ + error = true; + exp = execError.message||execError; + } + + // was there an error during SQL execution? + if(exp != null){ + if(dojox.sql._autoClose){ + try{ dojox.sql.close(); }catch(e){} + } + + callback(resultSet, true, exp.toString()); + return; + } + + // normalize SQL results into a JavaScript object + // we can work with + resultSet = dojox.sql._normalizeResults(resultSet); + + if(dojox.sql._autoClose){ + dojox.sql.close(); + } + + // decrypt columns that need it + this._decrypt(resultSet, needsDecrypt, password, function(finalResultSet){ + callback(finalResultSet, false, null); + }); + }, + + _encrypt: function(sql, password, args, encryptColumns, callback){ + //console.debug("_encrypt, sql="+sql+", password="+password+", encryptColumns="+encryptColumns+", args="+args); + + this._totalCrypto = 0; + this._finishedCrypto = 0; + this._finishedSpawningCrypto = false; + this._finalArgs = args; + + for(var i = 0; i < args.length; i++){ + if(encryptColumns[i]){ + // we have an encrypt() keyword -- get just the value inside + // the encrypt() parantheses -- for now this must be a ? + var sqlParam = args[i]; + var paramIndex = i; + + // update the total number of encryptions we know must be done asynchronously + this._totalCrypto++; + + // FIXME: This currently uses DES as a proof-of-concept since the + // DES code used is quite fast and was easy to work with. Modify dojox.sql + // to be able to specify a different encryption provider through a + // a SQL-like syntax, such as dojox.sql("SET ENCRYPTION BLOWFISH"), + // and modify the dojox.crypto.Blowfish code to be able to work using + // a Google Gears Worker Pool + + // do the actual encryption now, asychronously on a Gears worker thread + dojox._sql._crypto.encrypt(sqlParam, password, dojo.hitch(this, function(results){ + // set the new encrypted value + this._finalArgs[paramIndex] = results; + this._finishedCrypto++; + // are we done with all encryption? + if(this._finishedCrypto >= this._totalCrypto + && this._finishedSpawningCrypto){ + callback(this._finalArgs); + } + })); + } + } + + this._finishedSpawningCrypto = true; + }, + + _decrypt: function(resultSet, needsDecrypt, password, callback){ + //console.debug("decrypt, resultSet="+resultSet+", needsDecrypt="+needsDecrypt+", password="+password); + + this._totalCrypto = 0; + this._finishedCrypto = 0; + this._finishedSpawningCrypto = false; + this._finalResultSet = resultSet; + + for(var i = 0; i < resultSet.length; i++){ + var row = resultSet[i]; + + // go through each of the column names in row, + // seeing if they need decryption + for(var columnName in row){ + if(needsDecrypt == "*" || needsDecrypt[columnName]){ + this._totalCrypto++; + var columnValue = row[columnName]; + + // forming a closure here can cause issues, with values not cleanly + // saved on Firefox/Mac OS X for some of the values above that + // are needed in the callback below; call a subroutine that will form + // a closure inside of itself instead + this._decryptSingleColumn(columnName, columnValue, password, i, + function(finalResultSet){ + callback(finalResultSet); + }); + } + } + } + + this._finishedSpawningCrypto = true; + }, + + _stripCryptoSQL: function(sql){ + // replace all DECRYPT(*) occurrences with a * + sql = sql.replace(/DECRYPT\(\*\)/ig, "*"); + + // match any ENCRYPT(?, ?, ?, etc) occurrences, + // then replace with just the question marks in the + // middle + var matches = sql.match(/ENCRYPT\([^\)]*\)/ig); + if(matches != null){ + for(var i = 0; i < matches.length; i++){ + var encryptStatement = matches[i]; + var encryptValue = encryptStatement.match(/ENCRYPT\(([^\)]*)\)/i)[1]; + sql = sql.replace(encryptStatement, encryptValue); + } + } + + // match any DECRYPT(COL1, COL2, etc) occurrences, + // then replace with just the column names + // in the middle + matches = sql.match(/DECRYPT\([^\)]*\)/ig); + if(matches != null){ + for(var i = 0; i < matches.length; i++){ + var decryptStatement = matches[i]; + var decryptValue = decryptStatement.match(/DECRYPT\(([^\)]*)\)/i)[1]; + sql = sql.replace(decryptStatement, decryptValue); + } + } + + return sql; + }, + + _flagEncryptedArgs: function(sql, args){ + // capture literal strings that have question marks in them, + // and also capture question marks that stand alone + var tester = new RegExp(/([\"][^\"]*\?[^\"]*[\"])|([\'][^\']*\?[^\']*[\'])|(\?)/ig); + var matches; + var currentParam = 0; + var results = []; + while((matches = tester.exec(sql)) != null){ + var currentMatch = RegExp.lastMatch+""; + + // are we a literal string? then ignore it + if(/^[\"\']/.test(currentMatch)){ + continue; + } + + // do we have an encrypt keyword to our left? + var needsEncrypt = false; + if(/ENCRYPT\([^\)]*$/i.test(RegExp.leftContext)){ + needsEncrypt = true; + } + + // set the encrypted flag + results[currentParam] = needsEncrypt; + + currentParam++; + } + + return results; + }, + + _determineDecryptedColumns: function(sql){ + var results = {}; + + if(/DECRYPT\(\*\)/i.test(sql)){ + results = "*"; + }else{ + var tester = /DECRYPT\((?:\s*\w*\s*\,?)*\)/ig; + var matches; + while(matches = tester.exec(sql)){ + var lastMatch = new String(RegExp.lastMatch); + var columnNames = lastMatch.replace(/DECRYPT\(/i, ""); + columnNames = columnNames.replace(/\)/, ""); + columnNames = columnNames.split(/\s*,\s*/); + dojo.forEach(columnNames, function(column){ + if(/\s*\w* AS (\w*)/i.test(column)){ + column = column.match(/\s*\w* AS (\w*)/i)[1]; + } + results[column] = true; + }); + } + } + + return results; + }, + + _decryptSingleColumn: function(columnName, columnValue, password, currentRowIndex, + callback){ + //console.debug("decryptSingleColumn, columnName="+columnName+", columnValue="+columnValue+", currentRowIndex="+currentRowIndex) + dojox._sql._crypto.decrypt(columnValue, password, dojo.hitch(this, function(results){ + // set the new decrypted value + this._finalResultSet[currentRowIndex][columnName] = results; + this._finishedCrypto++; + + // are we done with all encryption? + if(this._finishedCrypto >= this._totalCrypto + && this._finishedSpawningCrypto){ + //console.debug("done with all decrypts"); + callback(this._finalResultSet); + } + })); + } +}); + +} |