Merge pull request #11200 from Budibase/budi-7265-sql-ntlm-configuration

Allow MSSQL ntlm configuration
2023-07-11 15:33:49 +01:00 · 2023-07-11 15:33:49 +01:00 · 02fa87b59b
parent 09e3cd2b9a 119506fcc7
commit 02fa87b59b
1 changed files with 87 additions and 23 deletions
--- a/packages/server/src/integrations/microsoftSqlServer.ts
+++ b/packages/server/src/integrations/microsoftSqlServer.ts
@ -27,11 +27,14 @@ const DEFAULT_SCHEMA = "dbo"

 import { ConfidentialClientApplication } from "@azure/msal-node"

+import { utils } from "@budibase/shared-core"
+
 enum MSSQLConfigAuthType {
-  ACTIVE_DIRECTORY = "Active Directory",
+  AZURE_ACTIVE_DIRECTORY = "Azure Active Directory",
+  NTLM = "NTLM",
 }

-interface MSSQLConfig {
+interface BasicMSSQLConfig {
  user: string
  password: string
  server: string
@ -40,13 +43,30 @@ interface MSSQLConfig {
  schema: string
  encrypt?: boolean
  authType?: MSSQLConfigAuthType
-  adConfig?: {
+}
+
+interface AzureADMSSQLConfig extends BasicMSSQLConfig {
+  authType: MSSQLConfigAuthType.AZURE_ACTIVE_DIRECTORY
+  adConfig: {
    clientId: string
    clientSecret: string
    tenantId: string
  }
 }

+interface NTLMMSSQLConfig extends BasicMSSQLConfig {
+  authType: MSSQLConfigAuthType.NTLM
+  ntlmConfig: {
+    domain?: string
+    trustServerCertificate?: boolean
+  }
+}
+
+type MSSQLConfig =
+  | (BasicMSSQLConfig & { authType: undefined })
+  | AzureADMSSQLConfig
+  | NTLMMSSQLConfig
+
 const SCHEMA: Integration = {
  docs: "https://github.com/tediousjs/node-mssql",
  plus: true,
@ -93,13 +113,18 @@ const SCHEMA: Integration = {
    authType: {
      type: DatasourceFieldType.SELECT,
      display: "Advanced auth",
-      config: { options: [MSSQLConfigAuthType.ACTIVE_DIRECTORY] },
+      config: {
+        options: [
+          MSSQLConfigAuthType.AZURE_ACTIVE_DIRECTORY,
+          MSSQLConfigAuthType.NTLM,
+        ],
+      },
    },
    adConfig: {
      type: DatasourceFieldType.FIELD_GROUP,
      default: true,
      display: "Configure Active Directory",
-      hidden: "'{{authType}}' !== 'Active Directory'",
+      hidden: `'{{authType}}' !== '${MSSQLConfigAuthType.AZURE_ACTIVE_DIRECTORY}'`,
      config: {
        openByDefault: true,
        nestedFields: true,
@ -122,6 +147,28 @@ const SCHEMA: Integration = {
        },
      },
    },
+    ntlmConfig: {
+      type: DatasourceFieldType.FIELD_GROUP,
+      default: true,
+      display: "Configure NTLM",
+      hidden: `'{{authType}}' !== '${MSSQLConfigAuthType.NTLM}'`,
+      config: {
+        openByDefault: true,
+        nestedFields: true,
+      },
+      fields: {
+        domain: {
+          type: DatasourceFieldType.STRING,
+          required: false,
+          display: "Domain",
+        },
+        trustServerCertificate: {
+          type: DatasourceFieldType.BOOLEAN,
+          required: false,
+          display: "Trust server certificate",
+        },
+      },
+    },
  },
  query: {
    create: {
@ -199,26 +246,43 @@ class SqlServerIntegration extends Sql implements DatasourcePlus {
      }
      delete clientCfg.encrypt

-      if (this.config.authType === MSSQLConfigAuthType.ACTIVE_DIRECTORY) {
-        const { clientId, tenantId, clientSecret } = this.config.adConfig!
-        const clientApp = new ConfidentialClientApplication({
-          auth: {
-            clientId,
-            authority: `https://login.microsoftonline.com/${tenantId}`,
-            clientSecret,
-          },
-        })
+      switch (this.config.authType) {
+        case MSSQLConfigAuthType.AZURE_ACTIVE_DIRECTORY:
+          const { clientId, tenantId, clientSecret } = this.config.adConfig
+          const clientApp = new ConfidentialClientApplication({
+            auth: {
+              clientId,
+              authority: `https://login.microsoftonline.com/${tenantId}`,
+              clientSecret,
+            },
+          })

-        const response = await clientApp.acquireTokenByClientCredential({
-          scopes: ["https://database.windows.net/.default"],
-        })
+          const response = await clientApp.acquireTokenByClientCredential({
+            scopes: ["https://database.windows.net/.default"],
+          })

-        clientCfg.authentication = {
-          type: "azure-active-directory-access-token",
-          options: {
-            token: response!.accessToken,
-          },
-        }
+          clientCfg.authentication = {
+            type: "azure-active-directory-access-token",
+            options: {
+              token: response!.accessToken,
+            },
+          }
+          break
+        case MSSQLConfigAuthType.NTLM:
+          const { domain, trustServerCertificate } = this.config.ntlmConfig
+          clientCfg.authentication = {
+            type: "ntlm",
+            options: {
+              domain,
+            },
+          }
+          clientCfg.options ??= {}
+          clientCfg.options.trustServerCertificate = trustServerCertificate
+          break
+        case undefined:
+          break
+        default:
+          utils.unreachable(this.config)
      }

      const pool = new sqlServer.ConnectionPool(clientCfg)