postgresql

package

v0.10.1 Latest Latest Go to latest Published: May 11, 2026 License: AGPL-3.0 Imports: 39 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/fclairamb/dbbat

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
type Server
- func NewServer(dataStore *store.Store, encryptionKey []byte, ...) (*Server, error)
- func (s *Server) Shutdown(ctx context.Context) error
- func (s *Server) Start(addr string) error
type Session
- func NewSession(clientConn net.Conn, dataStore *store.Store, encryptionKey []byte, ...) *Session
- func (s *Session) Run() error

Constants ¶

View Source

const (
	// Authentication failures
	FailureReasonProxyInvalidUsername = "invalid_username" // Username not found
	FailureReasonProxyInvalidPassword = "invalid_password" // Wrong password
	FailureReasonProxyUserDisabled    = "user_disabled"    // Account disabled

	// Authorization failures
	FailureReasonNoGrant          = "no_grant"           // No grant for database
	FailureReasonGrantExpired     = "grant_expired"      // Grant expired
	FailureReasonGrantNotStarted  = "grant_not_started"  // Grant not yet active
	FailureReasonWrongAccessLevel = "wrong_access_level" // Write attempt with read-only grant

	// Quota failures
	FailureReasonQueryQuotaExceeded = "query_quota_exceeded" // Max queries reached
	FailureReasonBytesQuotaExceeded = "bytes_quota_exceeded" // Max bytes reached

	// Database failures
	FailureReasonDatabaseNotFound   = "database_not_found"   // Database config doesn't exist
	FailureReasonDatabaseDisabled   = "database_disabled"    // Database disabled by admin
	FailureReasonUpstreamConnFailed = "upstream_conn_failed" // Can't connect to target database
)

Proxy failure reasons

Variables ¶

View Source

var (
	ErrExpectedStartupMessage   = errors.New("expected StartupMessage")
	ErrMissingCredentials       = errors.New("missing username or database")
	ErrInvalidPassword          = errors.New("invalid password")
	ErrQueryLimitExceeded       = errors.New("query limit exceeded")
	ErrDataLimitExceeded        = errors.New("data transfer limit exceeded")
	ErrWriteNotPermitted        = errors.New("write operations not permitted with read-only access")
	ErrPasswordChangeNotAllowed = errors.New("password modification is not allowed through the proxy")
	ErrReadOnlyBypassAttempt    = errors.New("attempt to disable read-only mode is not permitted: " +
		"your access grant is read-only and cannot be changed for this session")
	ErrDDLNotPermitted  = errors.New("DDL operations not permitted: your access grant blocks schema modifications")
	ErrCopyNotPermitted = errors.New("COPY not permitted: your access grant blocks COPY commands")

	ErrUpstreamAuthFailed  = errors.New("upstream authentication failed")
	ErrAPIKeyOwnerMismatch = errors.New("API key does not belong to user")
	ErrAPIKeyVerifyFailed  = errors.New("API key verification failed")

	// Startup negotiation errors. SSL/GSS encryption probes are length-8
	// frames with a magic version code; anything else of that shape is
	// rejected, and runaway clients are bounded by the round limit.
	ErrUnknownStartupMagic      = errors.New("unknown length-8 startup magic")
	ErrTooManyNegotiationRounds = errors.New("too many SSL/GSS negotiation rounds")

	// Upstream TLS errors raised when negotiating SSL with the target
	// Postgres server (see negotiateUpstreamSSL).
	ErrUpstreamTLSRequired = errors.New("upstream rejected TLS but ssl_mode requires it")
	ErrUpstreamSSLResponse = errors.New("unexpected upstream SSL response byte")

	// Upstream SCRAM/SASL errors raised when authenticating with the target
	// Postgres server using SCRAM-SHA-256.
	ErrSCRAMNoSupportedMechanism = errors.New("upstream offered no SCRAM mechanism we support")
	ErrSCRAMServerNonceMismatch  = errors.New("SCRAM server nonce did not extend client nonce")
	ErrSCRAMServerSignature      = errors.New("SCRAM server signature mismatch")
	ErrSCRAMUnexpectedMessage    = errors.New("unexpected SASL message from upstream")
	ErrSCRAMMalformedMessage     = errors.New("malformed SCRAM message from upstream")
)

Authentication and authorization errors.

View Source

var ErrTLSConfigInvalid = errors.New("postgresql tls: cert_file and key_file must both be set or both empty")

ErrTLSConfigInvalid is returned when only one of cert/key files is set.

View Source

var ErrUpstreamReadOnlyMode = errors.New("upstream error setting read-only mode")

ErrUpstreamReadOnlyMode is returned when the upstream fails to set read-only mode.

Functions ¶

This section is empty.

Types ¶

type Server ¶

type Server struct {
	// contains filtered or unexported fields
}

Server is the PostgreSQL proxy server.

func NewServer ¶

func NewServer(
	dataStore *store.Store,
	encryptionKey []byte,
	queryStorage config.QueryStorageConfig,
	dumpConfig config.DumpConfig,
	authCache *cache.AuthCache,
	pgConfig config.PGConfig,
	logger *slog.Logger,
) (*Server, error)

NewServer creates a new proxy server.

func (*Server) Shutdown ¶

func (s *Server) Shutdown(ctx context.Context) error

Shutdown gracefully shuts down the server.

func (*Server) Start ¶

func (s *Server) Start(addr string) error

Start starts the proxy server.

type Session ¶

type Session struct {
	// contains filtered or unexported fields
}

Session represents a proxy session.

func NewSession ¶

func NewSession(
	clientConn net.Conn,
	dataStore *store.Store,
	encryptionKey []byte,
	logger *slog.Logger,
	ctx context.Context,
	queryStorage config.QueryStorageConfig,
	dumpConfig config.DumpConfig,
	authCache *cache.AuthCache,
	tlsConfig *tls.Config,
) *Session

NewSession creates a new session.

func (*Session) Run ¶

func (s *Session) Run() error

Run runs the session.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL