Add DB init if not exist #436
Conversation
There was a problem hiding this comment.
Pull request overview
This PR adds automatic database creation functionality to the ConnectDatabase() function, eliminating the need for manual database initialization before first-time setup. The implementation checks for database existence using PostgreSQL CLI commands and creates the database if it doesn't exist.
Key changes:
- Added
checkDatabaseExists()function to query PostgreSQL for database existence - Added
createDatabase()function to create the database via psql command - Modified
ConnectDatabase()to automatically create the database if not found
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
core/database/database.go
Outdated
| "-p", dbConfig.PsqlConf.Port, | ||
| "-d", "postgres", | ||
| "-tAc", | ||
| fmt.Sprintf("SELECT 1 FROM pg_database WHERE datname = '%s';", dbConfig.PsqlConf.Dbname), |
There was a problem hiding this comment.
SQL injection vulnerability: the database name is directly interpolated into the SQL query without proper escaping. A malicious database name in the config could be used to execute arbitrary SQL commands. Use parameterized queries or properly escape the database name using PostgreSQL's quote_ident function.
| fmt.Sprintf("SELECT 1 FROM pg_database WHERE datname = '%s';", dbConfig.PsqlConf.Dbname), | |
| fmt.Sprintf("SELECT 1 FROM pg_database WHERE datname = quote_ident('%s');", dbConfig.PsqlConf.Dbname), |
There was a problem hiding this comment.
Leaving this for now as the databsae name is provided by admin only
|
Why not use postgres gorm for this instead of raw commands? |
2 participants
Currently, DB was not being created if not exist, so we had to manually init it before setting up beast for first time. Added a check for db existence and then db creation if not exist