Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

✨ allow running AQL against local database #2326

Merged
merged 3 commits into from
Feb 5, 2024
Merged

✨ allow running AQL against local database #2326

merged 3 commits into from
Feb 5, 2024

Conversation

MatissJanis
Copy link
Member

@MatissJanis MatissJanis commented Feb 3, 2024
edited
Loading

Allow running AQL against the local database.

Is this secure?

I think so (but please disagree if you think otherwise).

My argument for allowing this outside dev mode is:

  1. it's a pretty useful feature - especially for support when we need to get some data from the user;
  2. if an attacker gains access to window - he might as well have gotten access to the entire local database, so exposing this new query mechanism isn't really introducing a bigger vector of attack

Sample:

window
  .$query(window.$q('accounts').select('*'))
  .then(({ data }) => console.log(data));

@netlify Netlify
Copy link

netlify bot commented Feb 3, 2024
edited
Loading

Deploy Preview for actualbudget ready!

Name Link
🔨 Latest commit ff7a972
🔍 Latest deploy log https://app.netlify.com/sites/actualbudget/deploys/65be7bad7e81f20008207908
😎 Deploy Preview https://deploy-preview-2326.demo.actualbudget.org
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Feb 3, 2024

Bundle Stats — desktop-client

Hey there, this message comes from a GitHub action that helps you and reviewers to understand how these changes affect the size of this project's bundle.

As this PR is updated, I'll keep you updated on how the bundle size is impacted.

Total

Files count Total bundle size % Changed
10 4.99 MB → 4.99 MB (-1.54 kB) -0.03%
Changeset
File Δ Size
src/components/transactions/SelectedTransactions.jsx 📉 -51 B (-1.04%) 4.79 kB → 4.74 kB
src/components/Modals.tsx 📉 -145 B (-1.66%) 8.54 kB → 8.4 kB
src/components/schedules/ScheduleDetails.jsx 📉 -691 B (-2.46%) 27.46 kB → 26.78 kB
src/components/schedules/ScheduleLink.tsx 📉 -693 B (-23.82%) 2.84 kB → 2.16 kB
View detailed bundle breakdown

Added

No assets were added

Removed

No assets were removed

Bigger

No assets were bigger

Smaller

Asset File Size % Changed
static/js/index.js 2.64 MB → 2.64 MB (-1.49 kB) -0.06%
static/js/wide.js 240.49 kB → 240.44 kB (-51 B) -0.02%

Unchanged

Asset File Size % Changed
static/js/resize-observer.js 18.37 kB 0%
static/js/indexeddb-main-thread-worker-e59fee74.js 13.5 kB 0%
static/js/ButtonLink.js 379 B 0%
static/js/BackgroundImage.js 122.29 kB 0%
static/js/BalanceTooltip.js 6.06 kB 0%
static/js/AppliedFilters.js 28.99 kB 0%
static/js/narrow.js 80.18 kB 0%
static/js/ReportRouter.js 1.84 MB 0%

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Feb 3, 2024

Bundle Stats — loot-core

Hey there, this message comes from a GitHub action that helps you and reviewers to understand how these changes affect the size of this project's bundle.

As this PR is updated, I'll keep you updated on how the bundle size is impacted.

Total

Files count Total bundle size % Changed
1 1.18 MB 0%
Changeset
File Δ Size
packages/loot-core/src/server/main.ts 📈 +32 B (+0.05%) 65.98 kB → 66.01 kB
View detailed bundle breakdown

Added

No assets were added

Removed

No assets were removed

Bigger

No assets were bigger

Smaller

No assets were smaller

Unchanged

Asset File Size % Changed
kcab.worker.js 1.18 MB 0%

@youngcw
Copy link
Member

youngcw commented Feb 3, 2024

This seems fine to me. I would even be open to a way to do this inside the gui at some point. Maybe a url path that isn't ever linked to so its hard to get to accidentally.

I think being able to run aql in the form of an action to get really fine tuned rules like behavior would be cool.

@MatissJanis MatissJanis merged commit 7a18827 into master Feb 5, 2024
19 checks passed
@MatissJanis MatissJanis deleted the matiss/local-queries branch February 5, 2024 19:16
@trafico-bot trafico-bot bot added ✨ Merged Pull Request has been merged successfully and removed ✅ Approved labels Feb 5, 2024
FlorianLang06 pushed a commit to FlorianLang06/actual that referenced this pull request Mar 7, 2024
@MatissJanis
✨ allow running AQL against local database (actualbudget#2326)
2d0915e
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@youngcw youngcw youngcw approved these changes

Assignees
No one assigned
Labels
✨ Merged Pull Request has been merged successfully
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@MatissJanis @youngcw