Class: Dbviewer::Configuration

Inherits:

Object

• Object
• Dbviewer::Configuration

Defined in:

lib/dbviewer/configuration.rb

Overview

Configuration class for DBViewer engine settings

Instance Attribute Summary

• #access_control_mode ⇒ Object

  Access control mode: :whitelist, :blacklist, or :none :whitelist - only allowed_tables are accessible (most secure) :blacklist - all tables except blocked_tables are accessible :none - all tables accessible (current behavior).

• #admin_credentials ⇒ Object

  Admin access credentials hash with :username and :password keys.

• #allowed_tables ⇒ Object

  Table access control - whitelist approach (more secure) Only tables listed here will be accessible.

• #blocked_columns ⇒ Object

  Column access control - hide sensitive columns }.

• #blocked_tables ⇒ Object

  Table access control - blacklist approach Tables listed here will be blocked from access.

• #cache_expiry ⇒ Object

  Cache expiration time in seconds.

• #current_connection ⇒ Object

  The key of the current active connection.

• #custom_pii_masks ⇒ Object

  Custom PII masking blocks }.

• #database_connections ⇒ Object

  Multiple database connections configuration }.

• #default_order_column ⇒ Object

  Default column to order table details by (e.g., ‘updated_at’).

• #default_per_page ⇒ Object

  Default number of records per page.

• #disabled ⇒ Object

  Completely disable DBViewer access when set to true When enabled, all DBViewer routes will return 404 responses.

• #enable_data_export ⇒ Object

  Allow downloading of data in various formats.

• #enable_pii_masking ⇒ Object

  Enable/disable PII masking globally.

• #enable_query_logging ⇒ Object

  Enable or disable query logging completely.

• #enable_record_creation ⇒ Object

  Enable or disable record creation functionality.

• #enable_record_deletion ⇒ Object

  Enable or disable record deletion functionality.

• #enable_record_editing ⇒ Object

  Enable or disable record editing functionality.

• #enforce_parameterized_queries ⇒ Object

  Enforce parameterized queries when possible.

• #enhanced_sql_protection ⇒ Object

  Enhanced SQL injection detection patterns.

• #log_queries ⇒ Object

  Enable comprehensive security logging for all database operations.

• #log_security_events ⇒ Object

  Log security threats and blocked queries.

• #max_memory_queries ⇒ Object

  Maximum number of queries to keep in memory.

• #max_query_length ⇒ Object

  Maximum SQL query length allowed.

• #max_records ⇒ Object

  Maximum number of records to return in any query.

• #max_security_events ⇒ Object

  Maximum number of security events to keep in memory.

• #per_page_options ⇒ Object

  Default pagination options.

• #pii_rules ⇒ Object

  PII (Personally Identifiable Information) masking configuration Hash of table.column => masking rule }.

• #query_log_path ⇒ Object

  Path for query log file when in :file mode.

• #query_logging_mode ⇒ Object

  Query logging storage mode (:memory or :file).

• #query_timeout ⇒ Object

  Timeout for SQL queries in seconds.

• #validate_connections_on_startup ⇒ Object

  Whether to validate database connections during application startup Set to false in production/CI environments to avoid startup failures.

Instance Method Summary

• #initialize ⇒ Configuration constructor

  A new instance of Configuration.

Constructor Details

#initialize ⇒ Configuration

Returns a new instance of Configuration.

# File 'lib/dbviewer/configuration.rb', line 129

def initialize
  @per_page_options = [ 10, 20, 50, 100 ]
  @default_per_page = 20
  @max_records = 10000
  @max_query_length = 10000
  @cache_expiry = 300
  @enable_data_export = false
  @enable_record_deletion = true
  @enable_record_editing = true
  @enable_record_creation = true
  @query_timeout = 30
  @query_logging_mode = :memory
  @query_log_path = "log/dbviewer.log"
  @max_memory_queries = 1000
  @enable_query_logging = true
  @admin_credentials = nil
  @default_order_column = "updated_at"
  @validate_connections_on_startup = false  # Default to false for safer deployments
  @disabled = false  # Default to false - DBViewer is enabled by default
  @database_connections = {
    default: {
      connection_class: "ActiveRecord::Base",
      name: "Default Database"
    }
  }
  @current_connection = :default
  @pii_rules = {}
  @enable_pii_masking = true
  @custom_pii_masks = {}

  # Initialize access control settings
  @allowed_tables = []
  @blocked_tables = []
  @blocked_columns = {}
  @access_control_mode = :none  # Default to current behavior

  # Initialize security settings
  @log_queries = true
  @log_security_events = true
  @enhanced_sql_protection = true
  @enforce_parameterized_queries = false
  @max_security_events = 1000
end

Instance Attribute Details

#access_control_mode ⇒ Object

Access control mode: :whitelist, :blacklist, or :none :whitelist - only allowed_tables are accessible (most secure) :blacklist - all tables except blocked_tables are accessible :none - all tables accessible (current behavior)

# File 'lib/dbviewer/configuration.rb', line 101

def access_control_mode
  @access_control_mode
end

#admin_credentials ⇒ Object

Admin access credentials hash with :username and :password keys

Examples:

{ username: ‘admin’, password: ‘secret’ }

# File 'lib/dbviewer/configuration.rb', line 39

def admin_credentials
  @admin_credentials
end

#allowed_tables ⇒ Object

Table access control - whitelist approach (more secure) Only tables listed here will be accessible

Examples:

‘users’, ‘orders’, ‘products’

# File 'lib/dbviewer/configuration.rb', line 83

def allowed_tables
  @allowed_tables
end

#blocked_columns ⇒ Object

Column access control - hide sensitive columns }

Examples:

{

'users' => ['password_digest', 'api_key', 'secret_token'],
'orders' => ['internal_notes']

# File 'lib/dbviewer/configuration.rb', line 95

def blocked_columns
  @blocked_columns
end

#blocked_tables ⇒ Object

Table access control - blacklist approach Tables listed here will be blocked from access

Examples:

‘admin_users’, ‘sensitive_data’, ‘audit_logs’

# File 'lib/dbviewer/configuration.rb', line 88

def blocked_tables
  @blocked_tables
end

#cache_expiry ⇒ Object

Cache expiration time in seconds

# File 'lib/dbviewer/configuration.rb', line 17

def cache_expiry
  @cache_expiry
end

#current_connection ⇒ Object

The key of the current active connection

# File 'lib/dbviewer/configuration.rb', line 52

def current_connection
  @current_connection
end

#custom_pii_masks ⇒ Object

Custom PII masking blocks }

Examples:

{

custom_mask: ->(value) { value ? '***REDACTED***' : value }

# File 'lib/dbviewer/configuration.rb', line 78

def custom_pii_masks
  @custom_pii_masks
end

#database_connections ⇒ Object

Multiple database connections configuration }

Examples:

{

primary: { connection_class: "ActiveRecord::Base", name: "Primary DB" },
secondary: { connection_class: "SomeClass", name: "Secondary DB" }

# File 'lib/dbviewer/configuration.rb', line 49

def database_connections
  @database_connections
end

#default_order_column ⇒ Object

Default column to order table details by (e.g., ‘updated_at’)

# File 'lib/dbviewer/configuration.rb', line 42

def default_order_column
  @default_order_column
end

#default_per_page ⇒ Object

Default number of records per page

# File 'lib/dbviewer/configuration.rb', line 8

def default_per_page
  @default_per_page
end

#disabled ⇒ Object

Completely disable DBViewer access when set to true When enabled, all DBViewer routes will return 404 responses

# File 'lib/dbviewer/configuration.rb', line 60

def disabled
  @disabled
end

#enable_data_export ⇒ Object

Allow downloading of data in various formats

# File 'lib/dbviewer/configuration.rb', line 20

def enable_data_export
  @enable_data_export
end

#enable_pii_masking ⇒ Object

Enable/disable PII masking globally

# File 'lib/dbviewer/configuration.rb', line 72

def enable_pii_masking
  @enable_pii_masking
end

#enable_query_logging ⇒ Object

Enable or disable query logging completely

# File 'lib/dbviewer/configuration.rb', line 35

def enable_query_logging
  @enable_query_logging
end

#enable_record_creation ⇒ Object

Enable or disable record creation functionality

# File 'lib/dbviewer/configuration.rb', line 127

def enable_record_creation
  @enable_record_creation
end

#enable_record_deletion ⇒ Object

Enable or disable record deletion functionality

# File 'lib/dbviewer/configuration.rb', line 121

def enable_record_deletion
  @enable_record_deletion
end

#enable_record_editing ⇒ Object

Enable or disable record editing functionality

# File 'lib/dbviewer/configuration.rb', line 124

def enable_record_editing
  @enable_record_editing
end

#enforce_parameterized_queries ⇒ Object

Enforce parameterized queries when possible

# File 'lib/dbviewer/configuration.rb', line 115

def enforce_parameterized_queries
  @enforce_parameterized_queries
end

#enhanced_sql_protection ⇒ Object

Enhanced SQL injection detection patterns

# File 'lib/dbviewer/configuration.rb', line 112

def enhanced_sql_protection
  @enhanced_sql_protection
end

#log_queries ⇒ Object

Enable comprehensive security logging for all database operations

# File 'lib/dbviewer/configuration.rb', line 106

def log_queries
  @log_queries
end

#log_security_events ⇒ Object

Log security threats and blocked queries

# File 'lib/dbviewer/configuration.rb', line 109

def log_security_events
  @log_security_events
end

#max_memory_queries ⇒ Object

Maximum number of queries to keep in memory

# File 'lib/dbviewer/configuration.rb', line 32

def max_memory_queries
  @max_memory_queries
end

#max_query_length ⇒ Object

Maximum SQL query length allowed

# File 'lib/dbviewer/configuration.rb', line 14

def max_query_length
  @max_query_length
end

#max_records ⇒ Object

Maximum number of records to return in any query

# File 'lib/dbviewer/configuration.rb', line 11

def max_records
  @max_records
end

#max_security_events ⇒ Object

Maximum number of security events to keep in memory

# File 'lib/dbviewer/configuration.rb', line 118

def max_security_events
  @max_security_events
end

#per_page_options ⇒ Object

Default pagination options

# File 'lib/dbviewer/configuration.rb', line 5

def per_page_options
  @per_page_options
end

#pii_rules ⇒ Object

PII (Personally Identifiable Information) masking configuration Hash of table.column => masking rule }

Examples:

{

'users.email' => :email,
'users.phone' => :phone,
'customers.ssn' => :custom_mask

# File 'lib/dbviewer/configuration.rb', line 69

def pii_rules
  @pii_rules
end

#query_log_path ⇒ Object

Path for query log file when in :file mode

# File 'lib/dbviewer/configuration.rb', line 29

def query_log_path
  @query_log_path
end

#query_logging_mode ⇒ Object

Query logging storage mode (:memory or :file)

# File 'lib/dbviewer/configuration.rb', line 26

def query_logging_mode
  @query_logging_mode
end

#query_timeout ⇒ Object

Timeout for SQL queries in seconds

# File 'lib/dbviewer/configuration.rb', line 23

def query_timeout
  @query_timeout
end

#validate_connections_on_startup ⇒ Object

Whether to validate database connections during application startup Set to false in production/CI environments to avoid startup failures

# File 'lib/dbviewer/configuration.rb', line 56

def validate_connections_on_startup
  @validate_connections_on_startup
end