feat(proxy): Add a first draft of Oracle support#75
Merged
Conversation
Detailed spec for extending DBBat to support Oracle database connections alongside PostgreSQL. Covers three phases (auth, proxying, result capture), TTC protocol decoding, go-ora reuse strategy, and comprehensive tests for each of the 10 development steps including integration tests against Oracle XE 18c (TTC-compatible with 19c). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…phases Phase 1: Connection & Authentication (Steps 1-4) - TNS packet reader/writer, connect descriptor parser - Server/session skeleton, auth passthrough with grant checking - Database model changes (protocol, oracle_service_name) Phase 2: Query Interception & Access Control (Steps 5-8) - TTC function code parser, OALL8 SQL extraction - Cursor state tracking, query logging - Shared validation extracted from PG proxy - Oracle-specific blocked patterns Phase 3: Result Capture & Storage (Steps 9-10) - TTC response parser, Oracle data type decoders - Row capture with limits, LOB placeholders - Full integration test suite against Oracle XE 18c Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…hrough Add Oracle TNS/TTC protocol proxy that accepts Oracle client connections, parses connect descriptors to identify target databases, checks DBBat grants, then relays authentication to the upstream Oracle database. New files (internal/proxy/oracle/): - tns.go: TNS packet reader/writer (8-byte header framing) - connect_descriptor.go: SERVICE_NAME/SID/EZ Connect parser - server.go: TCP listener with graceful shutdown - session.go: session lifecycle + bidirectional raw relay - auth.go: TTC AUTH interception, username extraction, grant checking - errors.go: error definitions - *_test.go: 39 tests covering all components Model & config changes: - Database model: add Protocol and OracleServiceName fields - Config: add ListenOracle (DBB_LISTEN_ORA, disabled by default) - Migration: 20260402000000_oracle_protocol (up/down) - main.go: conditionally start Oracle proxy alongside PG proxy Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add session_test.go with 8 tests covering: - TNS Connect parsing and SERVICE_NAME extraction - TNS Refuse sending - Raw bidirectional relay via echo server - Connect-to-upstream forwarding with Accept/Refuse Add integration_test.go (build tag: integration) with testcontainers: - Oracle XE 18c container startup and direct connectivity - TNS packet capture validation against real Oracle - Full proxy passthrough test (PG store + Oracle upstream) Configurable via ORACLE_TEST_IMAGE env var for testing against different Oracle versions. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add Oracle data type decoders (NUMBER, DATE, TIMESTAMP, VARCHAR2, CHAR, RAW, BINARY_FLOAT/DOUBLE, LOB placeholders), TTC response parsing with column definitions and row data extraction, and row capture with limit enforcement (MaxResultRows/MaxResultBytes). Results are stored via the existing QueryRow model. Multi-fetch queries accumulate rows correctly across OALL8 + OFETCH sequences. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Convert dynamic errors to wrapped static errors (err113) - Add mutex to Server.listener for race-safe Addr() access - Extract startOracleProxy() to reduce runServer complexity (cyclop) - Add t.Parallel() and use require in validation_test.go #automerge #nodraft Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
#automerge #nodraft Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add t.Parallel() to all test functions (paralleltest) - Fix errcheck: use _ = for Close/SetDeadline in tests - Fix gofmt formatting issues across source and test files - Rename OracleTypeTIMESTAMP_TZ/LTZ to remove underscores (revive) - Lowercase error strings (staticcheck ST1005) - Add //nolint:nilnil for intentional nil,nil returns - Add doc comments to exported vars and const blocks (revive) - Add default case to exhaustive switch (exhaustive) - Extract persistQuery helper to reduce nesting (nestif) - Preallocate buf in writeTTCError (prealloc) - Apply De Morgan's law in auth.go (staticcheck QF1001) - Fix forcetypeassert, testifylint, gosmopolitan, sloglint - Extract awaitShutdown to reduce runServer length (funlen) #automerge #nodraft Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add t.Parallel() to all remaining test functions - Fix nolint directive placement for nilnil and nestif - Apply De Morgan's law in auth.go (staticcheck QF1001) - Add exhaustive nolint for intentionally partial switch - Use require.ErrorIs in validation_test.go (testifylint) #automerge #nodraft Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
#automerge #nodraft Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
#automerge #nodraft Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add protocol selector to database creation/update endpoints and UI. Oracle databases use service_name instead of database_name, default to port 1521, and skip SSL mode. The database list shows a protocol badge. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Fix ssl_mode type error for Oracle protocol (pass empty string instead of undefined) - Fix gofmt alignment in config.go defaultConfig - Update config_test.go to expect new default ListenAPI :4200 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
All 5 Oracle proxy specs have been implemented: - Phase 1: Connection & Authentication - Phase 2: Query Interception - Phase 3: Result Capture - API Protocol Support - UI Protocol Support Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Merge Oracle proxy implementation covering connection/auth passthrough, query interception, result capture, API protocol support, and UI changes. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Move fully implemented specs to specs/done/2026/01/: - bun ORM migration - AAD credential encryption - extended query protocol - query parameters capture - query result rows storage - rename to dbbat - API keys and rate limiting - API versioning - authentication flow - COPY protocol capture - OpenAPI specification - query rows API - require password change - role-based access control - session-level read-only enforcement - web session authentication - change default port to 5434 - demo mode - GitHub Actions CI - Helm chart - semantic release - admin password reset Remaining specs in specs/ are partially or not yet implemented. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…e and UpdateDatabase CreateDatabase was not copying Protocol and OracleServiceName to the result struct, causing Oracle databases to be saved as postgresql. UpdateDatabase was also missing these fields. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…otocols Tests cover: - PostgreSQL with default protocol - PostgreSQL with explicit protocol - Oracle with service name - Updating protocol from PostgreSQL to Oracle Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The Oracle proxy now falls back to GetDatabaseByOracleServiceName when the SERVICE_NAME from the connect descriptor doesn't match a database name. This allows Oracle databases to be named differently from their service name (e.g., name=abynonprod, service_name=TEST01). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Handle extended Connect packet format where connect data is appended after the initial header (TNS version >= 315 used by modern clients) - Store and forward raw packet bytes to preserve wire format - Add GetDatabaseByOracleServiceName for service name lookup fallback - Switch to raw io.Copy relay instead of TNS-parsed relay for now (TTC auth interception temporarily disabled, needs protocol fixes) - Skip non-Data packets (Control, Marker) in auth phase Tested with oracledb thin Python client against Oracle 19c on RDS. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The default was accidentally changed to :4200 in the Oracle branch. Reverted to :8080 to fix E2E tests in CI. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
fclairamb
changed the title
fclairamb
changed the title
Merged
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This is a first draft implementation, it should not be considered as usable.
Summary
CreateDatabaseandUpdateDatabaseto persistprotocolandoracle_service_namefieldsGetDatabaseByOracleServiceNamefor service name lookup fallbackspecs/done/Test plan
make lintpasses (0 issues)make testpasses (all tests)bun run buildcompiles without errors🤖 Generated with Claude Code