Class SqlLoggingConfigResolver

GraphQL resolver for SQL logging configuration and session management. Provides queries and mutations for controlling SQL logging functionality.

Security: All operations require Owner-level privileges.

Example

// Start a new logging session
const session = await startSqlLogging({
  fileName: "my-session.sql",
  filterToCurrentUser: true,
  options: {
    prettyPrint: true,
    statementTypes: "both"
  }
});

// Get current configuration
const config = await sqlLoggingConfig();

// List active sessions
const sessions = await activeSqlLoggingSessions();

// Stop a session
await stopSqlLogging(session.id);

Hierarchy (view full)

Constructors

constructor

Properties

LOG_FILE_PREFIX

Accessors

EventSubscriptions MJCoreSchema

Methods

AfterCreate AfterDelete AfterUpdate ArrayFilterEncryptedFieldsForAPI ArrayMapFieldNamesToCodeNames BeforeCreate BeforeDelete BeforeUpdate CheckUserReadPermissions CreateRecord DeleteRecord EmitCloudEvent FilterEncryptedFieldsForAPI GetUserFromEmail GetUserFromPayload ListenForEntityMessages MapFieldNamesToCodeNames RunDynamicViewGeneric RunViewByIDGeneric RunViewByNameGeneric RunViewGenericInternal RunViewsGeneric RunViewsGenericInternal TestAndSetClientOldValuesToDBValues UpdateRecord activeSqlLoggingSessions checkOwnerAccess createAuditLogRecord createRecordAccessAuditLogRecord debugCurrentUserEmail ensureDirectoryExists findBy getRowLevelSecurityWhereClause packageSPParam readSqlLogFile safeFirstArrayElement sqlLoggingConfig startSqlLogging stopAllSqlLogging stopSqlLogging updateSqlLoggingDefaults

Constructors

constructor

Properties

Private Static Readonly LOG_FILE_PREFIX

LOG_FILE_PREFIX: "sql-log-" = 'sql-log-'

Default prefix for auto-generated SQL log filenames

Accessors

Private EventSubscriptions

MJCoreSchema

Methods

Protected AfterCreate

Protected AfterDelete

Protected AfterUpdate

Protected ArrayFilterEncryptedFieldsForAPI

Protected ArrayMapFieldNamesToCodeNames

Protected BeforeCreate

Protected BeforeDelete

Protected BeforeUpdate

Protected CheckUserReadPermissions

Protected CreateRecord

Protected DeleteRecord

Protected EmitCloudEvent

Protected FilterEncryptedFieldsForAPI

  • FilterEncryptedFieldsForAPI(entityName, dataObject, contextUser): Promise<Record<string, unknown>>

  • Filters encrypted field values before sending to the API client.

    For each encrypted field in the entity:

    • If AllowDecryptInAPI is true: value passes through unchanged (already decrypted by data provider)
    • If AllowDecryptInAPI is false and SendEncryptedValue is true: re-encrypt and send ciphertext
    • If AllowDecryptInAPI is false and SendEncryptedValue is false: replace with sentinel value

    Parameters

    • entityName: string

      Name of the entity

    • dataObject: Record<string, unknown>

      The data object containing field values

    • contextUser: UserInfo

      User context for encryption operations

    Returns Promise<Record<string, unknown>>

    The filtered data object

Protected GetUserFromEmail

Protected GetUserFromPayload

Protected ListenForEntityMessages

Protected MapFieldNamesToCodeNames

  • MapFieldNamesToCodeNames(entityName, dataObject, contextUser?): Promise<any>

  • Maps field names to their GraphQL-safe CodeNames and handles encryption for API responses.

    For encrypted fields coming from raw SQL queries (not entity objects):

    • AllowDecryptInAPI=true: Decrypt the value before sending to client
    • AllowDecryptInAPI=false + SendEncryptedValue=true: Keep encrypted ciphertext
    • AllowDecryptInAPI=false + SendEncryptedValue=false: Replace with sentinel

    Parameters

    • entityName: string

      The entity name

    • dataObject: any

      The data object with field values

    • Optional contextUser: UserInfo

      Optional user context for decryption (required for encrypted fields)

    Returns Promise<any>

    The processed data object

RunDynamicViewGeneric

RunViewByIDGeneric

RunViewByNameGeneric

Protected RunViewGenericInternal

  • RunViewGenericInternal(provider, viewInfo, extraFilter, orderBy, userSearchString, excludeUserViewRunID, overrideExcludeFilter, saveViewResults, fields, ignoreMaxRows, excludeDataFromAllPriorViewRuns, forceAuditLog, auditLogDescription, resultType, userPayload, maxRows, startRow): Promise<RunViewResult<any>>

  • Optimized RunViewGenericInternal implementation with:

    • Field filtering at source (Fix #7)
    • Improved error handling (Fix #9)

    Parameters

    • provider: DatabaseProviderBase
    • viewInfo: UserViewEntityExtended
    • extraFilter: string
    • orderBy: string
    • userSearchString: string
    • excludeUserViewRunID: string
    • overrideExcludeFilter: string
    • saveViewResults: boolean
    • fields: string[]
    • ignoreMaxRows: boolean
    • excludeDataFromAllPriorViewRuns: boolean
    • forceAuditLog: boolean
    • auditLogDescription: string
    • resultType: string
    • userPayload: UserPayload
    • maxRows: number
    • startRow: number

    Returns Promise<RunViewResult<any>>

RunViewsGeneric

Protected RunViewsGenericInternal

Protected TestAndSetClientOldValuesToDBValues

  • TestAndSetClientOldValuesToDBValues(input, clientNewValues, entityObject, contextUser): Promise<void>

  • This routine compares the OldValues property in the input object to the values in the DB that we just loaded. If there are differences, we need to check to see if the client is trying to update any of those fields (e.g. overlap). If there is overlap, we throw an error. If there is no overlap, we can proceed with the update even if the DB Values and the ClientOldValues are not 100% the same, so long as there is no overlap in the specific FIELDS that are different.

    ASSUMES: input object has an OldValues___ property that is an array of Key/Value pairs that represent the old values of the record that the client is trying to update.

    Parameters

    Returns Promise<void>

Protected UpdateRecord

activeSqlLoggingSessions

  • activeSqlLoggingSessions(context): Promise<SqlLoggingSession[]>

  • Retrieves a list of all currently active SQL logging sessions.

    Returns detailed information for each active session including:

    • Unique session identifier and file path
    • Start time and statement count
    • Session configuration options
    • User filtering settings

    Parameters

    • context: AppContext

      GraphQL context (requires Owner privileges)

    Returns Promise<SqlLoggingSession[]>

    Promise resolving to array of active SqlLoggingSession objects

    Throws

    Error if user lacks Owner privileges

    Example

    query {
      activeSqlLoggingSessions {
        id
        sessionName
        filePath
        startTime
        statementCount
        filterByUserId
        options {
          prettyPrint
          statementTypes
        }
      }
    }

Private checkOwnerAccess

  • checkOwnerAccess(context): Promise<UserInfo>
  • Private

    Validates that the current user has Owner-level privileges required for SQL logging operations.

    This method performs authentication and authorization checks:

    • Verifies user is authenticated (has email in context)
    • Looks up user in UserCache by email (case-insensitive)
    • Checks that user Type field equals 'Owner' (trimmed for nchar padding)

    Parameters

    • context: AppContext

      The GraphQL application context containing user authentication data

    Returns Promise<UserInfo>

    Promise resolving to the authenticated UserInfo object

    Throws

    Error if user is not authenticated, not found, or lacks Owner privileges

Protected createAuditLogRecord

Protected createRecordAccessAuditLogRecord

debugCurrentUserEmail

  • debugCurrentUserEmail(context): Promise<string>

  • Debug query to check what the current user email is in the SQL provider. This helps diagnose user filtering issues when SQL statements aren't being captured.

    Returns a comparison of the user email stored in the SQLServerDataProvider versus the user email from the GraphQL context, which helps identify mismatches that could prevent SQL filtering from working correctly.

    Parameters

    • context: AppContext

      GraphQL context containing user information

    Returns Promise<string>

    Formatted string showing both email values and whether they match

    Throws

    Error if user doesn't have Owner privileges

Private ensureDirectoryExists

  • ensureDirectoryExists(dir): Promise<void>
  • Private

    Ensures the specified log directory exists, creating it if necessary.

    This method:

    • Attempts to access the directory to check if it exists
    • Creates the directory recursively if it doesn't exist
    • Handles permission and file system errors gracefully

    Parameters

    • dir: string

      Absolute path to the directory to ensure exists

    Returns Promise<void>

    Throws

    Error if directory cannot be created due to permissions or other issues

Protected findBy

Protected getRowLevelSecurityWhereClause

Protected packageSPParam

readSqlLogFile

  • readSqlLogFile(sessionId, maxLines, context): Promise<string>

  • Reads the contents of a specific SQL log file.

    This method:

    • Validates the session exists and user has access
    • Ensures the file path is within the allowed log directory
    • Reads the file content with optional line limits
    • Returns the content as a string

    Parameters

    • sessionId: string

      Unique identifier of the logging session

    • maxLines: number

      Maximum number of lines to read (optional, defaults to all)

    • context: AppContext

      GraphQL context (requires Owner privileges)

    Returns Promise<string>

    Promise resolving to the log file content

    Throws

    Error if session not found, file not accessible, or user lacks privileges

    Example

    query {
      readSqlLogFile(sessionId: "session-123", maxLines: 100)
    }

Protected safeFirstArrayElement

sqlLoggingConfig

  • sqlLoggingConfig(context): Promise<SqlLoggingConfig>

  • Retrieves the current SQL logging configuration and status information.

    Returns comprehensive configuration details including:

    • Whether SQL logging is enabled in server config
    • Default logging options (formatting, statement types, etc.)
    • File system settings (log directory, cleanup options)
    • Session limits and timeout settings
    • Count of currently active logging sessions

    Parameters

    • context: AppContext

      GraphQL context (requires Owner privileges)

    Returns Promise<SqlLoggingConfig>

    Promise resolving to complete SQL logging configuration

    Throws

    Error if user lacks Owner privileges

    Example

    query {
      sqlLoggingConfig {
        enabled
        activeSessionCount
        maxActiveSessions
        allowedLogDirectory
        defaultOptions {
          prettyPrint
          statementTypes
        }
      }
    }

startSqlLogging

  • startSqlLogging(input, context): Promise<SqlLoggingSession>

  • Creates and starts a new SQL logging session with specified configuration.

    This mutation:

    • Validates SQL logging is enabled and session limits
    • Creates a secure file path within the allowed log directory
    • Configures session options (filtering, formatting, etc.)
    • Starts the logging session in SQLServerDataProvider
    • Sets up automatic cleanup after session timeout

    Parameters

    Returns Promise<SqlLoggingSession>

    Promise resolving to the created SqlLoggingSession object

    Throws

    Error if logging disabled, session limit reached, or invalid file path

    Example

    mutation {
      startSqlLogging(input: {
        fileName: "debug-session.sql"
        filterToCurrentUser: true
        options: {
          prettyPrint: true
          statementTypes: "both"
          sessionName: "Debug Session"
        }
      }) {
        id
        filePath
        sessionName
      }
    }

stopAllSqlLogging

  • stopAllSqlLogging(context): Promise<boolean>

  • Stops and disposes of all currently active SQL logging sessions.

    This is a convenience method that:

    • Calls DisposeAllSqlLoggingSessions() on the data provider
    • Ensures all file handles are properly closed
    • Clears the active sessions map
    • Performs cleanup for all sessions at once

    Parameters

    • context: AppContext

      GraphQL context (requires Owner privileges)

    Returns Promise<boolean>

    Promise resolving to true if all sessions were successfully stopped

    Throws

    Error if user lacks Owner privileges

    Example

    mutation {
      stopAllSqlLogging
    }

stopSqlLogging

  • stopSqlLogging(sessionId, context): Promise<boolean>

  • Stops and disposes of a specific SQL logging session.

    This mutation:

    • Validates the session exists and user has access
    • Calls dispose() on the session to close file handles
    • Removes the session from the active sessions map
    • Performs any configured cleanup operations

    Parameters

    • sessionId: string

      Unique identifier of the session to stop

    • context: AppContext

      GraphQL context (requires Owner privileges)

    Returns Promise<boolean>

    Promise resolving to true if session was successfully stopped

    Throws

    Error if session not found or user lacks Owner privileges

    Example

    mutation {
      stopSqlLogging(sessionId: "session-123-456")
    }

updateSqlLoggingDefaults

  • updateSqlLoggingDefaults(options, context): Promise<SqlLoggingOptions>

  • Updates the default SQL logging options for new sessions.

    Note: This updates runtime configuration only, not the static config file. Changes apply to new sessions but do not persist across server restarts. In a production system, consider persisting changes to a database.

    Parameters

    Returns Promise<SqlLoggingOptions>

    Promise resolving to the updated SqlLoggingOptions object

    Throws

    Error if SQL logging not configured or user lacks Owner privileges

    Example

    mutation {
      updateSqlLoggingDefaults(options: {
        prettyPrint: true
        statementTypes: "both"
        logRecordChangeMetadata: false
      }) {
        prettyPrint
        statementTypes
        formatAsMigration
      }
    }

Settings

Member Visibility

Theme

On This Page

constructorLOG_FILE_PREFIXEventSubscriptionsMJCoreSchemaAfterCreateAfterDeleteAfterUpdateArrayFilterEncryptedFieldsForAPIArrayMapFieldNamesToCodeNamesBeforeCreateBeforeDeleteBeforeUpdateCheckUserReadPermissionsCreateRecordDeleteRecordEmitCloudEventFilterEncryptedFieldsForAPIGetUserFromEmailGetUserFromPayloadListenForEntityMessagesMapFieldNamesToCodeNamesRunDynamicViewGenericRunViewByIDGenericRunViewByNameGenericRunViewGenericInternalRunViewsGenericRunViewsGenericInternalTestAndSetClientOldValuesToDBValuesUpdateRecordactiveSqlLoggingSessionscheckOwnerAccesscreateAuditLogRecordcreateRecordAccessAuditLogRecorddebugCurrentUserEmailensureDirectoryExistsfindBygetRowLevelSecurityWhereClausepackageSPParamreadSqlLogFilesafeFirstArrayElementsqlLoggingConfigstartSqlLoggingstopAllSqlLoggingstopSqlLoggingupdateSqlLoggingDefaults