Conversation
There was a problem hiding this comment.
Pull request overview
This PR adds automatic database creation functionality to the ConnectDatabase() function, eliminating the need for manual database initialization before first-time setup. The implementation checks for database existence using PostgreSQL CLI commands and creates the database if it doesn't exist.
Key changes:
- Added
checkDatabaseExists()function to query PostgreSQL for database existence - Added
createDatabase()function to create the database via psql command - Modified
ConnectDatabase()to automatically create the database if not found
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
core/database/database.go
Outdated
| "-p", dbConfig.PsqlConf.Port, | ||
| "-d", "postgres", | ||
| "-tAc", | ||
| fmt.Sprintf("SELECT 1 FROM pg_database WHERE datname = '%s';", dbConfig.PsqlConf.Dbname), |
There was a problem hiding this comment.
SQL injection vulnerability: the database name is directly interpolated into the SQL query without proper escaping. A malicious database name in the config could be used to execute arbitrary SQL commands. Use parameterized queries or properly escape the database name using PostgreSQL's quote_ident function.
| fmt.Sprintf("SELECT 1 FROM pg_database WHERE datname = '%s';", dbConfig.PsqlConf.Dbname), | |
| fmt.Sprintf("SELECT 1 FROM pg_database WHERE datname = quote_ident('%s');", dbConfig.PsqlConf.Dbname), |
There was a problem hiding this comment.
Leaving this for now as the databsae name is provided by admin only
|
Why not use postgres gorm for this instead of raw commands? |
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 1 out of 1 changed files in this pull request and generated 2 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
You can also share your feedback on Copilot code review. Take the survey.
| dsn := fmt.Sprintf("user=%s password=%s dbname=postgres host=%s port=%s sslmode=%s", | ||
| dbConfig.PsqlConf.User, | ||
| dbConfig.PsqlConf.Password, | ||
| dbConfig.PsqlConf.Host, | ||
| dbConfig.PsqlConf.Port, | ||
| dbConfig.PsqlConf.SslMode) | ||
|
|
||
| db, err := gorm.Open(postgres.Open(dsn), &gorm.Config{}) | ||
| if err != nil { | ||
| return fmt.Errorf("failed to connect to postgres database: %w", err) | ||
| } | ||
|
|
||
| sqlDB, err := db.DB() | ||
| if err != nil { | ||
| return fmt.Errorf("failed to get underlying sql.DB: %w", err) | ||
| } | ||
| defer sqlDB.Close() | ||
|
|
||
| // Check if database exists | ||
| var exists bool | ||
| result := db.Raw("SELECT EXISTS(SELECT 1 FROM pg_database WHERE datname = ?)", | ||
| dbConfig.PsqlConf.Dbname).Scan(&exists) | ||
|
|
||
| if result.Error != nil { | ||
| return fmt.Errorf("failed to check if database exists: %w", result.Error) | ||
| } | ||
|
|
||
| if !exists { | ||
| log.Infof("Database '%s' does not exist. Creating...", dbConfig.PsqlConf.Dbname) | ||
|
|
||
| // Create the database | ||
| createSQL := fmt.Sprintf("CREATE DATABASE %s", dbConfig.PsqlConf.Dbname) | ||
| if err := db.Exec(createSQL).Error; err != nil { | ||
| return fmt.Errorf("failed to create database: %w", err) | ||
| } | ||
|
|
||
| log.Infof("Database '%s' created successfully.", dbConfig.PsqlConf.Dbname) | ||
| } | ||
|
|
||
| return nil |
|
The code is fine. Please fix the indentation. |
Currently, DB was not being created if not exist, so we had to manually init it before setting up beast for first time. Added a check for db existence and then db creation if not exist