mysql2 - npm Package Compare versions

Comparing version 0.4.0 to 0.5.0

benchmarks/http-select-and-render.js

@@ -7,2 +7,3 @@ var http   = require('http');
 var conn = common.createConnection();
+
 var render = common.createTemplate();
@@ -28,2 +29,3 @@ var port = process.env.PORT;
         conn.query(sql, function(err, rows) {
+          //console.log(err, rows);
           // TODO: handle error
@@ -30,0 +32,0 @@ rowsTotal = rowsTotal.concat(rows);

examples/simple-select.js

 var mysql = require('../test/common').createConnection();
 
-mysql.query("select * from foos limit 10", function(err, rows, fields) {
+mysql.query("select 10+10", function(err, rows, fields) {
     console.log(rows, fields);
 });

lib/commands/handshake.js

 var Command  = require('./command');
 var Packets  = require('../packets/index.js');
 var util    = require('util');
+var ClientConstants = require('../constants/client');
 
 function Handshake()
 {
+  this.handshake = null;
   Command.call(this);
@@ -15,12 +17,34 @@ }
 
-Handshake.prototype.handshakeInit = function(init, connection) {
-  var handshake = new Packets.Handshake(init);
-  var initReply = new Packets.HandshakeResponse({
+Handshake.prototype.sendSSLRequest = function(connection) {
+  var sslRequest = new Packets.HandshakeResponse({ ssl: true });
+  connection.writePacket(sslRequest.toPacket(1));
+};
+
+Handshake.prototype.sendCredentials = function(connection, packetIndex) {
+  var handshakeResponse = new Packets.HandshakeResponse({
     password: connection.opts.password,
     user    : connection.opts.user,
     database: connection.opts.database,
-    authPluginData1: handshake.authPluginData1,
-    authPluginData2: handshake.authPluginData2
+    authPluginData1: this.handshake.authPluginData1,
+    authPluginData2: this.handshake.authPluginData2
   });
-  connection.writePacket(initReply.toPacket());
+  connection.writePacket(handshakeResponse.toPacket(packetIndex));
+};
+
+Handshake.prototype.handshakeInit = function(helloPacket, connection) {
+  var command = this;
+  this.handshake = new Packets.Handshake(helloPacket);
+  var serverSSLSupport = this.handshake.capabilityFlags & ClientConstants.SSL;
+  if (connection.opts.ssl) {
+    if (!serverSSLSupport)
+      throw new Error('Server does not support secure connnection');
+    // send ssl upgrade request and immediately upgrade connection to secure
+    this.sendSSLRequest(connection);
+    connection.startTLS(function() {
+      // after connection is secure
+      command.sendCredentials(connection, 2);
+    });
+  } else {
+    this.sendCredentials(connection, 1);
+  }
   return Handshake.prototype.handshakeResult;
@@ -27,0 +51,0 @@ };

lib/connection.js

@@ -7,3 +7,3 @@ var _            = require('underscore');
 var EventEmitter = require('events').EventEmitter;
-var util = require('util');
+var util   = require('util');
 
@@ -63,5 +63,11 @@ function Connection(opts)
   // TODO: check stream instanceof net.Stream, fallback if not
-  this.stream.ondata = function(data, start, end) {
-    connection.packetParser.execute(data, start, end);
-  };
+  if (this.stream instanceof net.Stream) {
+    this.stream.ondata = function(data, start, end) {
+      connection.packetParser.execute(data, start, end);
+    };
+  } else {
+    this.stream.on('data', function(data) {
+      connection.packetParser.execute(data.parent, data.offset, data.offset + data.length);
+    });
+  }
   this.addCommand(new Commands.Handshake());
@@ -76,2 +82,28 @@ }
 
+Connection.prototype.startTLS = function(onSecure) {
+  var connection = this;
+  var crypto = require('crypto');
+  var tls = require('tls');
+  var credentials = crypto.createCredentials({
+    key: this.opts.ssl.key,
+    cert: this.opts.ssl.cert,
+    passphrase: this.opts.ssl.passphrase
+    // TODO ca-certs list
+  });
+  var securePair = tls.createSecurePair(credentials, false);
+  if (this.stream.ondata)
+    this.stream.ondata = null;
+  this.stream.removeAllListeners('data');
+  this.stream.pipe(securePair.encrypted);
+  securePair.encrypted.pipe(this.stream);
+  securePair.cleartext.on('data', function(data) {
+    connection.packetParser.execute(data.parent, data.offset, data.offset + data.length);
+  });
+  connection.writePacket = function(packet) {
+    packet.writeHeader();
+    securePair.cleartext.write(packet.buffer);
+  };
+  securePair.on('secure', onSecure);
+};
+
 Connection.prototype.handlePacket = function(packet) {
@@ -78,0 +110,0 @@ var commands = this.commands;

lib/constants/client.js

 // Manually extracted from mysql-5.5.23/include/mysql_com.h
-exports.CLIENT_LONG_PASSWORD     = 1; /* new more secure passwords */
-exports.CLIENT_FOUND_ROWS        = 2; /* Found instead of affected rows */
-exports.CLIENT_LONG_FLAG         = 4; /* Get all column flags */
-exports.CLIENT_CONNECT_WITH_DB   = 8; /* One can specify db on connect */
-exports.CLIENT_NO_SCHEMA         = 16; /* Don't allow database.table.column */
-exports.CLIENT_COMPRESS          = 32; /* Can use compression protocol */
-exports.CLIENT_ODBC              = 64; /* Odbc client */
-exports.CLIENT_LOCAL_FILES       = 128; /* Can use LOAD DATA LOCAL */
-exports.CLIENT_IGNORE_SPACE      = 256; /* Ignore spaces before '(' */
-exports.CLIENT_PROTOCOL_41       = 512; /* New 4.1 protocol */
-exports.CLIENT_INTERACTIVE       = 1024; /* This is an interactive client */
-exports.CLIENT_SSL               = 2048; /* Switch to SSL after handshake */
-exports.CLIENT_IGNORE_SIGPIPE    = 4096;    /* IGNORE sigpipes */
-exports.CLIENT_TRANSACTIONS      = 8192; /* Client knows about transactions */
-exports.CLIENT_RESERVED          = 16384;   /* Old flag for 4.1 protocol  */
-exports.CLIENT_SECURE_CONNECTION = 32768;  /* New 4.1 authentication */
+exports.LONG_PASSWORD     = 1; /* new more secure passwords */
+exports.FOUND_ROWS        = 2; /* Found instead of affected rows */
+exports.LONG_FLAG         = 4; /* Get all column flags */
+exports.CONNECT_WITH_DB   = 8; /* One can specify db on connect */
+exports.NO_SCHEMA         = 16; /* Don't allow database.table.column */
+exports.COMPRESS          = 32; /* Can use compression protocol */
+exports.ODBC              = 64; /* Odbc client */
+exports.LOCAL_FILES       = 128; /* Can use LOAD DATA LOCAL */
+exports.IGNORE_SPACE      = 256; /* Ignore spaces before '(' */
+exports.PROTOCOL_41       = 512; /* New 4.1 protocol */
+exports.INTERACTIVE       = 1024; /* This is an interactive client */
+exports.SSL               = 2048; /* Switch to SSL after handshake */
+exports.IGNORE_SIGPIPE    = 4096;    /* IGNORE sigpipes */
+exports.TRANSACTIONS      = 8192; /* Client knows about transactions */
+exports.RESERVED          = 16384;   /* Old flag for 4.1 protocol  */
+exports.SECURE_CONNECTION = 32768;  /* New 4.1 authentication */
 
-exports.CLIENT_MULTI_STATEMENTS = 65536; /* Enable/disable multi-stmt support */
-exports.CLIENT_MULTI_RESULTS    = 131072; /* Enable/disable multi-results */
-exports.CLIENT_PS_MULTI_RESULTS = 262144; /* Multi-results in PS-protocol */
+exports.MULTI_STATEMENTS = 65536; /* Enable/disable multi-stmt support */
+exports.MULTI_RESULTS    = 131072; /* Enable/disable multi-results */
+exports.PS_MULTI_RESULTS = 262144; /* Multi-results in PS-protocol */
 
-exports.CLIENT_PLUGIN_AUTH = 524288; /* Client supports plugin authentication */
+exports.PLUGIN_AUTH = 524288; /* Client supports plugin authentication */
 
-exports.CLIENT_SSL_VERIFY_SERVER_CERT = 1073741824;
-exports.CLIENT_REMEMBER_OPTIONS       = 2147483648;
+exports.SSL_VERIFY_SERVER_CERT = 1073741824;
+exports.REMEMBER_OPTIONS       = 2147483648;

lib/packets/handshake_response.js

@@ -42,2 +42,7 @@ var _ = require('underscore');
 {
+  if (handshake.ssl) {
+    this.ssl = true;
+    return;
+  }
+  this.ssl = false;
   _.extend(this, handshake);
@@ -47,13 +52,25 @@ this.authToken = token(this.password, this.authPluginData1, this.authPluginData2);
 
-HandshakeResponse.prototype.toPacket = function()
+HandshakeResponse.prototype.toPacket = function(packetIndex)
 {
-  // TODO: cleanup
-  this.clientFlags = 0x02f3cf; //constants.CLIENT_PROTOCOL_41; TODO: correct list of contants
+  // TODO: move flags to command?
+  var flags =
+    ClientConstants.LONG_PASSWORD | ClientConstants.FOUND_ROWS | ClientConstants.LONG_FLAG |
+    ClientConstants.CONNECT_WITH_DB | ClientConstants.ODBC | ClientConstants.MULTI_RESULTS |
+    ClientConstants.SECURE_CONNECTION | ClientConstants.RESERVED | ClientConstants.TRANSACTIONS |
+    ClientConstants.IGNORE_SIGPIPE | ClientConstants.PROTOCOL_41 | ClientConstants.IGNORE_SPACE | ClientConstants.LOCAL_FILES;
+  this.clientFlags = flags;
   this.characterSet = Charsets.UTF8_GENERAL_CI;
 
-  var length = 59 + this.user.length + this.database.length;
+  var length = 36;
+  if (!this.ssl)
+    length += 23 + this.user.length + this.database.length;
+
   var buffer = new Buffer(length);
-  var packet = new Packet(1, buffer);
+  var packet = new Packet(packetIndex, buffer);
   buffer.fill(0);
   packet.offset = 4;
+
+  if (this.ssl)
+    this.clientFlags |= ClientConstants.SSL;
+
   packet.writeInt32(this.clientFlags);
@@ -63,6 +80,8 @@ packet.writeInt32(0); // max packet size. todo: move to config
   packet.skip(23);
-  packet.writeNullTerminatedString(this.user);
-  packet.writeInt8(this.authToken.length);
-  packet.writeBuffer(this.authToken);
-  packet.writeNullTerminatedString(this.database);
+  if (!this.ssl) {
+    packet.writeNullTerminatedString(this.user);
+    packet.writeInt8(this.authToken.length);
+    packet.writeBuffer(this.authToken);
+    packet.writeNullTerminatedString(this.database);
+  }
   return packet;
@@ -69,0 +88,0 @@ };

lib/packets/packet.js

@@ -251,3 +251,3 @@ //var BigNumber = require("bignumber.js");
   var sqlState = this.readBuffer(7);
-  var message = this.buffer.slice(this.offset);
+  var message = this.buffer.slice(this.offset, this.end);
   console.log('SqlState', sqlState.toString(), 'message', message.toString());
@@ -254,0 +254,0 @@ var err = new Error(message.toString());

package.json

 {
   "name": "mysql2",
-  "version": "0.4.0",
+  "version": "0.5.0",
   "description": "fast mysql driver",
@@ -5,0 +5,0 @@ "main": "index.js",

test/common.js

@@ -17,3 +17,3 @@ module.exports.createConnection = function(callback) {
       user: 'root',
-      password: 'test',
+      password: '',
       db: 'test'
@@ -62,3 +62,3 @@ });
    user: process.env.MYSQL_USER  || 'root',
-   password: process.env.CI ? null : 'test',
+   password: process.env.CI ? null : '',
    database: 'test',
@@ -69,2 +69,19 @@ port: process.env.MYSQL_PORT || 3306
 
+module.exports.createRRPool = function(n) {
+  var pool = {
+    conns: new Array(n),
+    nextIndex: 0
+  };
+  pool.getConnection = function() {
+    var next = this.nextIndex + 1;
+    if (next == n)
+      next = 0;
+    this.nextIndex = next;
+    return this.conns[next];
+  };
+  for (var i=0; i < n; ++i)
+    pool.conns[i] = module.exports.createConnection();
+  return pool;
+};
+
 module.exports.createTemplate = function() {
@@ -71,0 +88,0 @@ var jade = require('jade');

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Network access

Supply chain risk

This module accesses the network.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

134843

increased by0.53%

Number of package files

78

increased by9.86%

Lines of code

3341

increased by10.05%

Worsened metrics

Number of low supply chain risk alerts

26

increased by30%

Number of medium supply chain risk alerts

9

increased by350%

No dependency changes