Commit Graph

28 Commits

Author SHA1 Message Date
dimgigov a5abb6031b fix(backup): fix 7 bugs in backup/restore — strip-components, multi-db path, verify+log in HTTP handler, parseBackupFilename for .tar, getArchiveSize gzip -l, dead code removal
CI / test (push) Has been cancelled
CI / verify (push) Has been cancelled
Clients CI / build-server (push) Has been cancelled
Clients CI / test-python (push) Has been cancelled
Clients CI / test-javascript (push) Has been cancelled
Clients CI / test-nim (push) Has been cancelled
Clients CI / test-rust (push) Has been cancelled
2026-05-25 20:44:14 +03:00
dimgigov eb62b381a1 feat: multi-database backup, HTTP API endpoints, admin panel UI
- backup CLI: add --all-databases, --database, --data-root flags
- backup format: tar.gz with databases/<name>/ + backup.json metadata
- HTTP API: new endpoints /databases, /backup, /backups, /restore
- HTTP API: database switching via X-Database header
- Admin panel: database selector dropdown, Databases tab, Backups tab
- Admin panel: backup/restore UI with fetch() to new endpoints
- Update deps: hunos 1.3.0, jwt-nim-baraba 2.1.0
- Docker: backup cron uses --all-databases --data-root=/data/databases
- Docs: update api-http.md, protocol.md with correct endpoints
- OpenAPI spec updated to v1.1.6

Known limitation: DELETE /databases disabled due to ORC SIGSEGV
in LSMTree.close(). Use SQL DROP DATABASE instead.
2026-05-25 18:46:07 +03:00
dimgigov 372e5cf627 fix(query,types): refactor Row to Value-typed map, fix IN list, nkPath, multi-table joins
CI / test (push) Has been cancelled
CI / verify (push) Has been cancelled
Clients CI / build-server (push) Has been cancelled
Clients CI / test-python (push) Has been cancelled
Clients CI / test-javascript (push) Has been cancelled
Clients CI / test-nim (push) Has been cancelled
Clients CI / test-rust (push) Has been cancelled
- Refactored Row from Table[string, string] to Table[string, Value]
- Added Value operators: ==, !=, $, in for string interop
- Fixed valueToString for vkNull to return '\\N' instead of ''
- Fixed evalExpr irekField to return vkNull when field not found
- Added IN (val1, val2, ...) parser support
- Fixed nkPath column names in multi-table joins
- Fixed LATERAL JOIN null padding when no matching rows
- Added CREATE/DROP/USE/SHOW DATABASE parser support
- Adapted all tests for new Value type
2026-05-20 23:22:14 +03:00
dimgigov cd46edcb67 Bump version to 1.1.6; fix storage bugs, tests, CI pipeline and Docker config
CI / test (push) Has been cancelled
CI / verify (push) Has been cancelled
Clients CI / build-server (push) Has been cancelled
Clients CI / test-python (push) Has been cancelled
Clients CI / test-javascript (push) Has been cancelled
Clients CI / test-nim (push) Has been cancelled
Clients CI / test-rust (push) Has been cancelled
Storage fixes:
- Fix bloom filter hash2 OverflowDefect (uint64 instead of int Hash)
- Fix MemTable.put size calculation on overwrite (was leaking size)
- Fix fuzz_test duplicate-key issues in LSM delete and SSTable tests

Test fixes:
- Fix stress_test.nim: replace deprecated threadpool with std/threads
- Fix fuzz_test.nim: add missing imports (tables, algorithm, sets)
- Fix fuzz_test.nim: var sst for close() compatibility
- Remove unused imports from test_all.nim and bench_all.nim

Docker / CI fixes:
- Fix Dockerfile.source: invalid nimlang/nim:2.2.10-alpine tag → 2.2.10 + ubuntu:24.04 runtime
- Fix Dockerfile.source healthcheck (--spider → -qO- for 200 OK)
- Fix Dockerfile run comment ports (9470/9471 → 9912/9913)
- Fix scripts/docker-run.sh healthcheck port (9470 → 9912)
- Add ARG BUILD_DATE/VCS_REF to Dockerfile for docker-build.sh
- Update all version strings 1.1.4 → 1.1.6 across nimble/docker/source/docs
2026-05-19 12:13:33 +03:00
dimgigov 8afa998516 feat: rate limiting, shared DB instance, TCP_NODELAY fix
- Add rate limiter to TCP and HTTP servers
- Share single LSMTree between TCP and HTTP servers
- Replace unsafe cast[string]/cast[seq[byte]] with safe helpers
- Stabilize gossip UDP socket with exponential backoff
- Fix TCP_NODELAY via low-level setSockOptInt(IPPROTO_TCP)
  (asyncnet.setSockOpt(OptNoDelay) uses SOL_SOCKET and fails)
- Apply TCP_NODELAY to server and websocket sockets
2026-05-18 19:33:40 +03:00
dimgigov a28c845476 Bump version to 1.1.4 across all components
CI / test (push) Has been cancelled
CI / verify (push) Has been cancelled
Clients CI / build-server (push) Has been cancelled
Clients CI / test-python (push) Has been cancelled
Clients CI / test-javascript (push) Has been cancelled
Clients CI / test-nim (push) Has been cancelled
Clients CI / test-rust (push) Has been cancelled
2026-05-17 20:57:19 +03:00
dimgigov 073ec41652 fix: issue #9 reserved keyword 'key' + issue #10 empty string treated as NULL
CI / test (push) Has been cancelled
CI / verify (push) Has been cancelled
Clients CI / build-server (push) Has been cancelled
Clients CI / test-python (push) Has been cancelled
Clients CI / test-javascript (push) Has been cancelled
Clients CI / test-nim (push) Has been cancelled
Clients CI / test-rust (push) Has been cancelled
Issue 9: Add backtick-quoted identifier support in lexer.nim
- Users can now write `key` to use reserved keywords as column/table names

Issue 10: Use \N as internal NULL marker instead of empty string
- isNull() now checks for \N instead of value.len == 0
- Empty strings can now be stored in NOT NULL columns
- NULL values properly distinguished from empty strings in storage, wire protocol, and HTTP JSON responses
2026-05-17 01:59:25 +03:00
dimgigov 2e945c1dcb release: bump version to 1.1.2 (forum-tested, nested SQL fixes)
CI / test (push) Has been cancelled
CI / verify (push) Has been cancelled
Clients CI / build-server (push) Has been cancelled
Clients CI / test-python (push) Has been cancelled
Clients CI / test-javascript (push) Has been cancelled
Clients CI / test-nim (push) Has been cancelled
Clients CI / test-rust (push) Has been cancelled
2026-05-15 18:34:47 +03:00
dimgigov c5751b4a0c fix: clean up compiler warnings and unused variables 2026-05-15 18:01:11 +03:00
dimgigov f7d4961125 feat: Multi-tenant ERP support via session variables + RLS
CI / test (push) Has been cancelled
CI / verify (push) Has been cancelled
Clients CI / build-server (push) Has been cancelled
Clients CI / test-python (push) Has been cancelled
Clients CI / test-javascript (push) Has been cancelled
Clients CI / test-nim (push) Has been cancelled
Clients CI / test-rust (push) Has been cancelled
- SET var = value / current_setting('var') for session-scoped variables
- current_user / current_role SQL keywords with auth bridge
- server.nim + httpserver.nim populate ExecutionContext.currentUser/currentRole
- RLS policies can reference current_setting('app.tenant_id') for tenant isolation
- Fixed evalExpr to propagate ctx recursively (fixes current_user in sub-expressions)
- Fixed GROUPING SETS execution (lowerSelect checks selGroupingSetsKind)
- Fixed FTS CREATE INDEX docId mismatch (hash of tableName.$key)
- Fixed all test suites to use isolated temp directories
- Added 5 multi-tenant tests (355 total, all green)
- Updated docs: PLAN_SQL_ADVANCED.md, baraql.md, changelog.md
2026-05-14 16:28:41 +03:00
dimgigov 4e7e568525 release: v1.1.0 — bug fixes, Docker, clients, SCRAM auth
- Bump version to 1.1.0 across all components
- Remove debug CI artifacts (debug.yml, test_all.nim.bak, test_lock)
- Update CHANGELOG with v1.1.0 release notes
- Bug fixes: irNeg, distributed txn, sharding, Raft majority, MVCC,
  LSM-Tree, auth (JWT + SCRAM-SHA-256), wire protocol, SQL injection,
  ReDoS, graph, vector, FTS, build warnings
- Client SDKs: JS/TS, Python, Nim, Rust with tests and examples
- Docker: production + source + test compose configs
- TLA+: crossmodal, backup, recovery specs with symmetry reduction
2026-05-13 15:05:59 +03:00
dimgigov ac55237b72 feat: real SCRAM-SHA-256 authentication (Option C)
Security:
- New scram.nim module with full SCRAM-SHA-256 per RFC 7677
  * PBKDF2-HMAC-SHA-256 key derivation
  * HMAC-SHA-256 with multiple overloads for bytes/strings
  * Secure nonce/salt generation via /dev/urandom
  * Client/server message parsing and proof verification

AuthManager updates:
- registerScramUser(): stores salted credentials (salt + iterations + storedKey + serverKey)
- startScram(): initiates challenge-response handshake
- finishScram(): verifies client proof and returns server signature
- Legacy amSCRAMSHA256 path kept for backward compatibility

HTTP endpoints:
- POST /auth/scram/start — accepts client-first-message, returns server-first
- POST /auth/scram/finish — accepts client-final-message, returns server-final

Tests:
- SCRAM-SHA-256 full handshake test (register → start → compute proof → finish)
- SCRAM-SHA-256 invalid proof rejection test

Build: 0 warnings, all tests pass
2026-05-13 09:50:07 +03:00
dimgigov 8d39d633cf chore: update version strings to v1.0.0 in Docker and Nim code
- Dockerfile, Dockerfile.source: LABEL version=1.0.0
- Dockerfile.source: update Nim base image 2.2.2 -> 2.2.10
- src/baradadb.nim, src/barabadb/core/httpserver.nim: v0.1.0 -> v1.0.0
- Rebuild baradadb binary with v1.0.0
2026-05-07 22:06:04 +03:00
dimgigov c8633b9589 fix: non-blocking replication/disttxn timeouts, OTLP epoch time, test paths, compiler warnings 2026-05-07 15:41:33 +03:00
dimgigov d3b38251c3 update core modules and project config 2026-05-07 15:16:40 +03:00
dimgigov 651375a156 feat: production hardening — JWT security, WAL reader, tracing, 2PC real RPC, stress test fix
- JWT: getEffectiveJwtSecret() helper + warning log when not configured
- WAL: readEntries() with timestamp filter for PITR
- Tracing: core/tracing.nim with span recording + executeQuery integration
- 2PC: real TCP RPC via sendDistTxnRpc (host='' = local fallback)
- Stress test: updated comment, 10K ops confirmed with internal locks
- SSTable metadata comments clarified (offsets patched correctly)
- addParticipant has default params (host='', port=0)
2026-05-07 13:31:29 +03:00
dimgigov 29425c45f8 Add WebSocket auth — JWT token validation on WS upgrade handshake
- websocket.nim: check Authorization Bearer token before WebSocket upgrade
- httpserver.nim: pass config + jwtSecret to WsServer
2026-05-07 00:38:38 +03:00
dimgigov b65b066c36 Fix auth wiring: HTTP + TCP wire protocol authentication
- httpserver.nim:
  - Use config.jwtSecret instead of hardcoded default
  - Enforce auth on /query, /tables, /metrics when authEnabled=true
  - /auth endpoint now validates password against jwtSecret
- server.nim:
  - Add TCP wire protocol auth (mkAuth message)
  - Reject queries with 401 until client authenticates with valid JWT
- wire.nim: Add makeAuthOkMessage, makeAuthChallengeMessage, parseAuthMessage helpers
2026-05-07 00:21:00 +03:00
dimgigov b6cdf8c88e Add Docker deployment support with compose, entrypoint and docs
- Add Dockerfile (pre-built binary) and Dockerfile.source
- Add docker-compose.yml, docker-compose.prod.yml, docker-compose.override.yml
- Add docker-entrypoint.sh with non-root user support
- Add .dockerignore and helper scripts (scripts/docker-build.sh, scripts/docker-run.sh)
- Add docs/en/docker.md with full Docker guide
- Update docs/en/deployment.md and README.md
- Fix src/barabadb/core/config.nim to read BARADB_ADDRESS, BARADB_PORT, BARADB_DATA_DIR from env
- Fix src/barabadb/core/httpserver.nim missing wire import
2026-05-06 23:58:43 +03:00
dimgigov 9b7ed1fca8 chore: change default ports to non-standard ones (9472, 9470, 9471) 2026-05-06 23:23:29 +03:00
dimgigov f9f77b3a18 feat: production blockers — JOINs, deadlock detection, TLS, parameterized queries
- JOIN execution: INNER/LEFT/RIGHT/FULL/CROSS with column disambiguation
- Deadlock detection: wait-for graph wired into TxnManager.write()
- TLS/SSL: OpenSSL via std/net for TCP wire protocol, auto self-signed certs
- Parameterized queries: ? placeholders with WireValue binding
- Wire protocol: mkQueryParams message support
- HTTP /query endpoint accepts JSON params array
- Nim client: query(sql, params) overload
- Tests: 262 passing (15 new)

All PLAN.md production blockers resolved.
2026-05-06 16:42:53 +03:00
dimgigov 856a07c030 feat: HTTP server in main entry point + background compaction scheduling
- baradadb.nim now starts both TCP wire protocol and HTTP REST servers
- HTTP server runs in background thread via hunos on port TCP+440
- WebSocket server auto-starts on HTTP port + 1
- CompactionManager with background async loop (default 60s interval)
- CompactionStrategy wired to LSMTree SSTables
- Fixed forward declaration for lowerExpr in executor.nim
- 216 tests passing
2026-05-06 14:23:13 +03:00
dimgigov f135d8c61d feat: wire WebSocket broadcast, CHECK constraints, VIEW persistence, migration tracking
- WebSocket: WsServer wired to HttpServer via ExecutionContext.onChange
  - INSERT/UPDATE/DELETE now broadcast to subscribed WebSocket clients
- CHECK constraints: evaluate AST expressions via evalExpr(lowerExpr())
  - Works on both INSERT and UPDATE paths
- VIEW persistence: CREATE VIEW stores to LSM-Tree, restoreSchema loads views
- Migration tracking: APPLY MIGRATION marks applied with _schema:migrations:applied:<name>
- Update PLAN.md honesty for WebSocket, CHECK, Views, Migrations
- 216 tests passing
2026-05-06 14:12:52 +03:00
dimgigov 675ab26a6e feat: Phase 5-6 — CREATE VIEW, migrations, deadlock detection, JSON logging, admin UI
Phase 5 — ERP Features:
- CREATE VIEW name AS SELECT ... — parser + executor with view expansion
- DROP VIEW — parser + executor
- CREATE MIGRATION name AS 'sql' — parser + executor, stored in LSM-Tree
- APPLY MIGRATION name — parser + executor, replays stored migration SQL
- Views table in ExecutionContext, expanded on SELECT FROM view

Phase 6 — Production Readiness:
- Deadlock detection: timeout-based auto-abort for stale transactions (30s default)
- TxnManager.txnTimeoutMs configurable
- Structured JSON logging module (logging.nim) with levels: debug/info/warn/error
- Admin dashboard Web UI at GET /admin — SQL playground, schema browser, metrics
- Dark theme HTML/CSS with tabs

Lexer: added tkView, tkMigration, tkApply tokens
Parser: parseCreateView, parseDropView, parseCreateMigration, parseApplyMigration
AST: nkCreateView, nkDropView, nkCreateMigration, nkApplyMigration nodes

All 216 tests pass
2026-05-06 13:54:16 +03:00
dimgigov 1fb715a1d4 feat: integrate hunos web server + jwt-nim-baraba + real WAL recovery + compaction
HTTP Server:
- Replaced asynchttpserver with hunos (multi-threaded, trie router, CORS middleware)
- JWT authentication via jwt-nim-baraba (HS256 with BearSSL crypto)
- POST /query, GET /health, GET /metrics, POST /auth, GET /api (OpenAPI spec)
- Proper CORS headers via hunos corsMiddleware

WAL Recovery:
- recover() now actually applies committed entries (REDO)
- Skips uncommitted entries (UNDO)
- Takes optional LSMTree parameter to apply recovery

SSTable Compaction:
- Real compaction: reads SSTable entries, merges by key (newest wins), writes merged file
- Deduplication: keeps only newest version per key
- Tombstone cleanup: removes deleted entries
- Old SSTable files deleted after merge

Dependencies:
- Added hunos >= 1.2.0 and jwt >= 2.1.0 to nimble

SSTable fields exported for compaction access.

All 216 tests pass
2026-05-06 13:42:37 +03:00
dimgigov a7e274d846 feat: major improvements — FK, CHECK, CREATE INDEX, rate limiter, CORS, GROUP BY
Executor:
- FOREIGN KEY enforcement: checks referenced row exists on INSERT
- Type enforcement: INTEGER, FLOAT, BOOLEAN, TIMESTAMP validated
- GROUP BY execution: actual row grouping with count(*) aggregation
- WebSocket broadcast: onChange callback wired into INSERT/UPDATE/DELETE
- CREATE INDEX handler: creates B-Tree index + populates from existing data
- ALTER TABLE ADD COLUMN: actually adds column to table definition
- LIKE evaluation with regex pattern matching
- FK metadata stored in ColumnDef (fkTable, fkColumn)

Parser:
- CREATE INDEX / CREATE UNIQUE INDEX parser added
- ALTER TABLE now parses ADD COLUMN with type

HTTP Server:
- Rate limiter wired (token bucket per client IP)
- CORS headers on all responses (Allow-Origin: *, OPTIONS preflight)
- 429 Too Many Requests when rate limit exceeded

All 216 tests pass
2026-05-06 12:23:11 +03:00
dimgigov 5cb26ca74d fix: major bug audit + fixes — honest PLAN.md
Critical bugs fixed:
- SELECT now returns actual row data (was returning empty arrays)
- WHERE filter evaluation now works (was pass-through stub)
- ORDER BY sorting now works (was no-op)
- UPDATE execution implemented (was no-op stub)
- DELETE uses WHERE filter (was key-match only)
- B-Tree point reads return actual row data (was returning count only)
- EXPLAIN returns plan string (was computed then discarded)
- UNIQUE constraint uses B-Tree index (was memtable scan only)
- DEFAULT values work for int/bool/float (was string-only)
- HTTP /query returns real JSON rows with columns
- Docker healthcheck uses wget (Alpine has no curl)

Updated PLAN.md with honest status:
- Marked what's truly done vs stub vs not implemented
- Honest score: 8/10 (not 9.5/10)
- Clear list of what actually works in production

All 216 tests pass
2026-05-06 11:55:43 +03:00
dimgigov 775703e008 feat: Phase 3 — HTTP REST API + JWT auth + Prometheus metrics
- New HTTP server (core/httpserver.nim) with async HTTP/1.1
- POST /query — execute SQL, return JSON
- GET /health — readiness/liveness probe
- GET /metrics — Prometheus-format counters
- JWT bearer token auth via Authorization header
- Per-request MVCC transaction context isolation
- Fixed B-Tree index mutable access in executor
- All 216 tests pass
2026-05-06 11:28:09 +03:00