Fix to handle special characters in username and database name

isotoma · Oct 30, 2024 · f471ca8 · f471ca8
1 parent 1c3cf99
commit f471ca8
Showing 1 changed file with 14 additions and 14 deletions.
diff --git a/handler/main.ts b/handler/main.ts
@@ -259,7 +259,7 @@ const handleCreate = async (event: CreateEvent): Promise<Response> => {
         onCreateIfExists: event.ResourceProperties.onCreateIfExists,
     });
 
-    const createUserQuery = `CREATE USER ${userCredentials.username} IDENTIFIED BY '${userCredentials.password}'; GRANT ALL PRIVILEGES ON ${event.ResourceProperties.databaseName}.* TO ${userCredentials.username}@'%';`;
+    const createUserQuery = `CREATE USER '${userCredentials.username}' IDENTIFIED BY '${userCredentials.password}'; GRANT ALL PRIVILEGES ON \`${event.ResourceProperties.databaseName}\`.* TO '${userCredentials.username}'@'%';`;
 
     try {
         await adminClient.query(createUserQuery);
@@ -270,17 +270,17 @@ const handleCreate = async (event: CreateEvent): Promise<Response> => {
 
         if (event.ResourceProperties.onCreateIfExists === 'Adopt' && e.code === MysqlErrorCodes.DUPLICATE_OBJECT) {
             // User already exists, so we'll just adopt it. Set the password to the new value and grant CREATEDB and LOGIN
-            await adminClient.query(`ALTER USER ${userCredentials.username} WITH PASSWORD '${userCredentials.password}';`);
-            await adminClient.query(`GRANT ALL PRIVILEGES ON ${event.ResourceProperties.databaseName}.* TO ${userCredentials.username}@'%';`);
+            await adminClient.query(`ALTER USER '${userCredentials.username}' WITH PASSWORD '${userCredentials.password}';`);
+            await adminClient.query(`GRANT ALL PRIVILEGES ON \`${event.ResourceProperties.databaseName}\`.* TO '${userCredentials.username}'@'%';`);
         } else if (event.ResourceProperties.onCreateIfExists === 'DeleteAndRecreate' && e.code === MysqlErrorCodes.DUPLICATE_OBJECT) {
-            await adminClient.query(`DROP USER ${userCredentials.username};`);
+            await adminClient.query(`DROP USER '${userCredentials.username}';`);
             await adminClient.query(createUserQuery);
         } else {
             throw e;
         }
     }
 
-    const createDatabaseQuery = `CREATE DATABASE ${event.ResourceProperties.databaseName};`;
+    const createDatabaseQuery = `CREATE DATABASE \`${event.ResourceProperties.databaseName}\`;`;
 
     const userClient = await userClientManager.getClient();
     try {
@@ -297,11 +297,11 @@ const handleCreate = async (event: CreateEvent): Promise<Response> => {
         if (event.ResourceProperties.onCreateIfExists === 'Adopt' && e.code === MysqlErrorCodes.DUPLICATE_DATABASE) {
             // Database already exists, so we'll just adopt it
             log('Database already exists, adopting');
-            await adminClient.query(`GRANT ALL PRIVILEGES ON ${event.ResourceProperties.databaseName}.* TO ${userCredentials.username}@'%';`);
+            await adminClient.query(`GRANT ALL PRIVILEGES ON \`${event.ResourceProperties.databaseName}\`.* TO '${userCredentials.username}'@'%';`);
         } else if (event.ResourceProperties.onCreateIfExists === 'DeleteAndRecreate') {
             if (e.code === MysqlErrorCodes.DUPLICATE_DATABASE) {
                 log('Database already exists, deleting and recreating');
-                await adminClient.query(`DROP DATABASE ${event.ResourceProperties.databaseName};`);
+                await adminClient.query(`DROP DATABASE \`${event.ResourceProperties.databaseName}\`;`);
                 await userClient.query(createDatabaseQuery);
             }
         } else {
@@ -341,7 +341,7 @@ const handleUpdate = async (event: UpdateEvent): Promise<Response> => {
         log('Creating user if it does not exist', { username: userCredentials.username });
         try {
             const client = await adminClient.getClient();
-            await client.query(`CREATE USER ${userCredentials.username} IDENTIFIED BY '${userCredentials.password}';`);
+            await client.query(`CREATE USER '${userCredentials.username}' IDENTIFIED BY '${userCredentials.password}';`);
         } catch (e) {
             if (!isMysqlError(e)) {
                 throw e;
@@ -360,15 +360,15 @@ const handleUpdate = async (event: UpdateEvent): Promise<Response> => {
     if (event.ResourceProperties.onUpdateSetUserPassword === 'Always') {
         log('Setting user password', { username: userCredentials.username });
         const client = await adminClient.getClient();
-        await client.query(`ALTER USER ${userCredentials.username} WITH PASSWORD '${userCredentials.password}';`);
+        await client.query(`ALTER USER '${userCredentials.username}' WITH PASSWORD '${userCredentials.password}';`);
     } else {
         log('Not setting user password', { username: userCredentials.username });
     }
 
     if (event.ResourceProperties.onUpdateSetUserPermissions === 'Always') {
         log('Setting user permissions', { username: userCredentials.username });
         const client = await adminClient.getClient();
-        await client.query(`GRANT ALL PRIVILEGES ON ${event.ResourceProperties.databaseName}.* TO ${userCredentials.username}@'%';`);
+        await client.query(`GRANT ALL PRIVILEGES ON \`${event.ResourceProperties.databaseName}\`.* TO '${userCredentials.username}'@'%';`);
     } else {
         log('Not setting user permissions', { username: userCredentials.username });
     }
@@ -377,7 +377,7 @@ const handleUpdate = async (event: UpdateEvent): Promise<Response> => {
         log('Creating database if it does not exist', { databaseName: event.ResourceProperties.databaseName });
         try {
             const client = await userClient.getClient();
-            await client.query(`CREATE DATABASE ${event.ResourceProperties.databaseName};`);
+            await client.query(`CREATE DATABASE \`${event.ResourceProperties.databaseName}\`;`);
         } catch (e) {
             if (!isMysqlError(e)) {
                 throw e;
@@ -396,7 +396,7 @@ const handleUpdate = async (event: UpdateEvent): Promise<Response> => {
     if (event.ResourceProperties.onUpdateSetDatabaseOwnership === 'Always') {
         log('Setting database ownership', { databaseName: event.ResourceProperties.databaseName });
         const client = await adminClient.getClient();
-        await client.query(`GRANT ALL PRIVILEGES ON ${event.ResourceProperties.databaseName}.* TO ${userCredentials.username}@'%';`);
+        await client.query(`GRANT ALL PRIVILEGES ON \`${event.ResourceProperties.databaseName}\`.* TO '${userCredentials.username}'@'%';`);
     } else {
         log('Not setting database ownership', { databaseName: event.ResourceProperties.databaseName });
     }
@@ -440,10 +440,10 @@ const handleDelete = async (event: DeleteEvent): Promise<Response> => {
     const adminClient = await adminClientManager.getClient();
 
     log('Dropping database if exists', { databaseName: event.ResourceProperties.databaseName });
-    await adminClient.query(`DROP DATABASE IF EXISTS ${event.ResourceProperties.databaseName};`);
+    await adminClient.query(`DROP DATABASE IF EXISTS \`${event.ResourceProperties.databaseName}\`;`);
 
     log('Dropping user if exists', { databaseName: event.ResourceProperties.databaseName });
-    await adminClient.query(`DROP USER IF EXISTS ${userCredentials.username};`);
+    await adminClient.query(`DROP USER IF EXISTS '${userCredentials.username}';`);
 
     await adminClient.end();