From a40816b94823f6fa8972f959538ad3cb72e0e98e Mon Sep 17 00:00:00 2001 From: LouisLam Date: Fri, 6 Aug 2021 19:09:00 +0800 Subject: [PATCH] fix high severity vulnerabilities by using my fork sqlite3 package --- server/database.js | 19 +++++++++++++++++++ server/server.js | 4 +--- 2 files changed, 20 insertions(+), 3 deletions(-) diff --git a/server/database.js b/server/database.js index 4accbc32e..2e60ae407 100644 --- a/server/database.js +++ b/server/database.js @@ -4,6 +4,7 @@ const { R } = require("redbean-node"); const { setSetting, setting, } = require("./util-server"); +const knex = require("knex"); class Database { @@ -12,6 +13,24 @@ class Database { static latestVersion = 5; static noReject = true; + static connect() { + const Dialect = require("knex/lib/dialects/sqlite3/index.js"); + Dialect.prototype._driver = () => require("@louislam/sqlite3"); + + R.setup(knex({ + client: Dialect, + connection: { + filename: Database.path, + }, + useNullAsDefault: true, + pool: { + min: 1, + max: 1, + idleTimeoutMillis: 30000, + } + })); + } + static async patch() { let version = parseInt(await setting("database_version")); diff --git a/server/server.js b/server/server.js index daaf9555a..cff7a8ad7 100644 --- a/server/server.js +++ b/server/server.js @@ -649,9 +649,7 @@ async function initDatabase() { } console.log("Connecting to Database") - R.setup("sqlite", { - filename: Database.path, - }); + Database.connect(); console.log("Connected") // Patch the database