fix high severity vulnerabilities by using my fork sqlite3 package

3 years ago · a40816b948
parent d3e24df225
commit a40816b948
2 changed files with 20 additions and 3 deletions
--- a/server/database.js
+++ b/server/database.js
@ -4,6 +4,7 @@ const { R } = require("redbean-node");
 const {
    setSetting, setting,
 } = require("./util-server");
+const knex = require("knex");

 class Database {

@ -12,6 +13,24 @@ class Database {
    static latestVersion = 5;
    static noReject = true;

+    static connect() {
+        const Dialect = require("knex/lib/dialects/sqlite3/index.js");
+        Dialect.prototype._driver = () => require("@louislam/sqlite3");
+
+        R.setup(knex({
+            client: Dialect,
+            connection: {
+                filename: Database.path,
+            },
+            useNullAsDefault: true,
+            pool: {
+                min: 1,
+                max: 1,
+                idleTimeoutMillis: 30000,
+            }
+        }));
+    }
+
    static async patch() {
        let version = parseInt(await setting("database_version"));

--- a/server/server.js
+++ b/server/server.js
@ -649,9 +649,7 @@ async function initDatabase() {
    }

    console.log("Connecting to Database")
-    R.setup("sqlite", {
-        filename: Database.path,
-    });
+    Database.connect();
    console.log("Connected")

    // Patch the database