From 0c017774a28368b8dddb49c4b2ccd265737b6302 Mon Sep 17 00:00:00 2001 From: Shaun Davis Date: Wed, 15 Feb 2023 17:00:27 -0600 Subject: [PATCH 1/2] Grant normal users access to the public schema --- internal/api/handle_databases.go | 19 ++++++++++++++----- internal/flypg/admin/admin.go | 11 ++++++++++- 2 files changed, 24 insertions(+), 6 deletions(-) diff --git a/internal/api/handle_databases.go b/internal/api/handle_databases.go index c9530f4e..4b1b8a97 100644 --- a/internal/api/handle_databases.go +++ b/internal/api/handle_databases.go @@ -65,22 +65,31 @@ func handleCreateDatabase(w http.ResponseWriter, r *http.Request) { } defer close() - input := createDatabaseRequest{} - err = json.NewDecoder(r.Body).Decode(&input) - if err != nil { + var input createDatabaseRequest + if err := json.NewDecoder(r.Body).Decode(&input); err != nil { renderErr(w, err) return } defer r.Body.Close() - err = admin.CreateDatabase(ctx, conn, input.Name) + if err := admin.CreateDatabase(ctx, conn, input.Name); err != nil { + renderErr(w, err) + return + } + + dbConn, close, err := localConnection(ctx, input.Name) if err != nil { renderErr(w, err) return } + defer close() - res := &Response{Result: true} + if err = admin.GrantCreateOnPublic(ctx, dbConn); err != nil { + renderErr(w, err) + return + } + res := &Response{Result: true} renderJSON(w, res, http.StatusOK) } diff --git a/internal/flypg/admin/admin.go b/internal/flypg/admin/admin.go index 267be42f..38713ecb 100644 --- a/internal/flypg/admin/admin.go +++ b/internal/flypg/admin/admin.go @@ -11,7 +11,6 @@ import ( func GrantAccess(ctx context.Context, pg *pgx.Conn, username string) error { sql := fmt.Sprintf("GRANT pg_read_all_data, pg_write_all_data TO %q", username) - _, err := pg.Exec(ctx, sql) return err } @@ -66,6 +65,16 @@ func CreateDatabase(ctx context.Context, pg *pgx.Conn, name string) error { return err } +// PG 15 by default removes the ability for normal users to create +// tables within the public schema. This re-enables it to keep the +// experience consistent for users. We should explore create user +// schemas for better isolation in the future. +func GrantCreateOnPublic(ctx context.Context, pg *pgx.Conn) error { + sql := fmt.Sprintf(`GRANT CREATE on SCHEMA PUBLIC to PUBLIC;`) + _, err := pg.Exec(ctx, sql) + return err +} + func DeleteDatabase(ctx context.Context, pg *pgx.Conn, name string) error { sql := fmt.Sprintf("DROP DATABASE %s;", name) From 93862b9d7c7462c3137d7aacb730f26610e132a3 Mon Sep 17 00:00:00 2001 From: Shaun Davis Date: Wed, 15 Feb 2023 17:04:00 -0600 Subject: [PATCH 2/2] Lint fix --- internal/api/handle_databases.go | 2 +- internal/flypg/admin/admin.go | 8 +++----- 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/internal/api/handle_databases.go b/internal/api/handle_databases.go index 4b1b8a97..f502d2a0 100644 --- a/internal/api/handle_databases.go +++ b/internal/api/handle_databases.go @@ -84,7 +84,7 @@ func handleCreateDatabase(w http.ResponseWriter, r *http.Request) { } defer close() - if err = admin.GrantCreateOnPublic(ctx, dbConn); err != nil { + if err := admin.GrantCreateOnPublic(ctx, dbConn); err != nil { renderErr(w, err) return } diff --git a/internal/flypg/admin/admin.go b/internal/flypg/admin/admin.go index 38713ecb..e6cf8eb6 100644 --- a/internal/flypg/admin/admin.go +++ b/internal/flypg/admin/admin.go @@ -65,12 +65,10 @@ func CreateDatabase(ctx context.Context, pg *pgx.Conn, name string) error { return err } -// PG 15 by default removes the ability for normal users to create -// tables within the public schema. This re-enables it to keep the -// experience consistent for users. We should explore create user -// schemas for better isolation in the future. +// GrantCreateOnPublic re-enables the public schema for normal users. +// We should look into creating better isolation in the future. func GrantCreateOnPublic(ctx context.Context, pg *pgx.Conn) error { - sql := fmt.Sprintf(`GRANT CREATE on SCHEMA PUBLIC to PUBLIC;`) + sql := "GRANT CREATE on SCHEMA PUBLIC to PUBLIC;" _, err := pg.Exec(ctx, sql) return err }