-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathsql_interface.py
More file actions
347 lines (284 loc) · 15.2 KB
/
sql_interface.py
File metadata and controls
347 lines (284 loc) · 15.2 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
import duckdb
import yaml
from flask import Flask, request, jsonify, send_file
from flask_cors import CORS
import logging
from pathlib import Path
# Constants
ERROR_DB_SETUP_FAILED = "Failed to setup database"
PARQUET_FILE_PATTERN = "*.parquet"
# Configure logging
logging.basicConfig(level=logging.INFO)
logger = logging.getLogger(__name__)
class Config:
"""Configuration manager for SQL Interface"""
def __init__(self):
self.data = self.load_config()
def load_config(self):
"""Load configuration from yaml file"""
config_path = Path(__file__).parent / "config.yaml"
try:
with open(config_path, 'r') as f:
return yaml.safe_load(f)
except FileNotFoundError:
logger.warning(f"Configuration file not found at {config_path}. Using default settings.")
# Provide default config if file is missing
return {"available_columns": []} # Example default
except Exception as e:
logger.error(f"Error loading configuration: {e}")
return {"available_columns": []} # Fallback default
def get(self, key, default=None):
"""Get a configuration value"""
return self.data.get(key, default)
def __getitem__(self, key):
"""Allow dictionary-like access to configuration"""
return self.data[key]
def __setitem__(self, key, value):
"""Allow dictionary-like setting of configuration"""
self.data[key] = value
class Database:
"""Manages DuckDB database operations"""
def __init__(self, config):
self.config = config
self.db = duckdb.connect(":memory:")
self.setup_success = False
def setup_database(self):
"""Initialize database and create view from local parquet files."""
try:
current_dir = Path(__file__).parent
parquet_files = [str(f) for f in current_dir.glob(PARQUET_FILE_PATTERN)] # Get absolute paths as strings
if not parquet_files:
logger.warning("No parquet files found in the current directory. Cannot create 'all_data' view.")
# Optionally, check if the view exists and drop it
try:
self.db.execute("DROP VIEW IF EXISTS all_data;")
logger.info("Dropped existing 'all_data' view as no parquet files were found.")
except Exception as drop_error:
logger.error(f"Error dropping existing view: {drop_error}")
return False # Indicate setup did not complete fully
logger.info(f"Found parquet files: {parquet_files}")
# Use Python list formatting which is safe for file paths here
# Ensure paths are properly quoted if they contain special characters, though Path usually handles this.
# DuckDB's read_parquet handles a list of files.
file_list_sql = ', '.join([f"'{f}'" for f in parquet_files])
create_view_sql = f"CREATE OR REPLACE VIEW all_data AS SELECT * FROM read_parquet([{file_list_sql}], filename=true);"
logger.info(f"Executing create/replace view query: {create_view_sql}")
self.db.execute(create_view_sql)
# Verify the view was created
try:
logger.info("Verifying view by executing SELECT query...")
result = self.db.execute("SELECT * FROM all_data LIMIT 1").fetchdf()
logger.info(f"Successfully queried view 'all_data'. View contains columns: {list(result.columns)}")
# Update available_columns in config based on the actual view schema
self.config['available_columns'] = list(result.columns)
logger.info(f"Updated available columns: {self.config['available_columns']}")
self.setup_success = True
return True
except Exception as e:
logger.error(f"Failed to verify all_data view: {str(e)}")
try:
logger.info("Attempting to get view information...")
self.db.execute("DESCRIBE all_data;")
except Exception as describe_error:
logger.error(f"Could not get view information: {str(describe_error)}")
return False
except Exception as e:
logger.error(f"Error setting up database: {str(e)}")
return False
def test_parquet_reading(self):
"""Test parquet reading (optional, can be removed if not needed)"""
try:
test_files = list((Path(__file__).parent).glob(PARQUET_FILE_PATTERN))
if test_files:
test_file = str(test_files[0])
logger.info(f"Testing parquet reading with file: {test_file}")
# Use read_parquet directly for testing one file
result = self.db.execute(f"SELECT * FROM read_parquet('{test_file}') LIMIT 1").fetchdf()
logger.info(f"Successfully read test parquet file. Schema: {list(result.columns)}")
else:
logger.warning("No parquet files found for read testing.")
except Exception as e:
logger.error(f"Failed to read test parquet file: {str(e)}")
def execute_query(self, query, params=None):
"""Execute a query with optional parameters"""
try:
if params:
return self.db.execute(query, params)
else:
return self.db.execute(query)
except Exception as e:
logger.error(f"Error executing query: {query}, Error: {str(e)}")
raise
class SQLInterface:
"""Main interface for SQL operations and API endpoints"""
def __init__(self):
# Initialize components
self.app = Flask(__name__)
CORS(self.app)
self.config = Config()
self.db = Database(self.config)
# Register routes
self.register_routes()
# Setup database on initialization
if not self.db.setup_database():
logger.error("Initial database setup failed. View 'all_data' might not be available.")
# Test parquet reading
self.db.test_parquet_reading()
def register_routes(self):
"""Register all Flask routes"""
self.app.route("/query", methods=["POST"])(self.find_parquet_files_route)
self.app.route("/execute_sql", methods=["POST"])(self.execute_sql)
self.app.route("/download/<filename>", methods=["GET"])(self.download_file)
def _validate_columns(self):
"""Ensure columns are available, attempts setup if needed."""
available_cols = set(self.config.get("available_columns", []))
if not available_cols:
# Attempt setup again if columns aren't available, maybe it failed initially?
logger.warning("Available columns not detected, attempting database setup again.")
if not self.db.setup_database():
return None, (jsonify({"error": "Database setup failed, cannot determine valid columns for filtering."}), 500)
available_cols = set(self.config.get("available_columns", []))
if not available_cols:
return None, (jsonify({"error": "Could not determine columns from parquet files."}), 500)
return available_cols, None
def _process_filter(self, filter_item, available_cols):
"""Process a single filter item and return clause and params"""
col = filter_item.get("column")
op = filter_item.get("operator")
val = filter_item.get("value")
# Validate filter format
if not all([col, op, val is not None]): # Check val explicitly for None
return None, (jsonify({"error": f"Invalid filter format: {filter_item}"}), 400)
# Validate column exists
if col not in available_cols and col != 'filename':
return None, (jsonify({"error": f"Invalid column in filter: {col}. Available: {list(available_cols)}"}), 400)
# Process different operators
clause = None
params = []
if op.upper() == "IN" or op.upper() == "NOT IN":
if isinstance(val, list):
placeholders = ', '.join(['?'] * len(val))
clause = f"\"{col}\" {op.upper()} ({placeholders})" # Quote column names
params.extend(val)
else:
return None, (jsonify({"error": f"Value for {op} must be a list."}), 400)
elif op.upper() == "LIKE":
clause = f"\"{col}\" {op.upper()} ?"
params.append(f"%{val}%") # Add wildcards for LIKE
else:
# Assume other operators are safe (e.g., =, !=, >, <, >=, <=)
clause = f"\"{col}\" {op} ?" # Quote column names
params.append(val)
return (clause, params), None
def _get_parquet_files(self):
"""Get list of parquet files in current directory"""
current_dir = Path(__file__).parent
return [str(f) for f in current_dir.glob(PARQUET_FILE_PATTERN)]
def _build_query(self, parquet_files, where_clauses):
"""Build the SQL query from file list and where clauses"""
file_list_sql = ', '.join([f"'{f}'" for f in parquet_files])
base_query = f"SELECT DISTINCT filename FROM read_parquet([{file_list_sql}], filename=true)"
if where_clauses:
return f"{base_query} WHERE {' AND '.join(where_clauses)}"
else:
return base_query # No filters, just get all distinct filenames
def find_parquet_files_route(self):
"""Finds parquet files matching the given filters."""
try:
# Get filter data from request
data = request.json
filters = data.get('filters', [])
# Initialize where clauses and params
where_clauses = []
params = []
# Process filters if present
if filters:
# Validate columns
available_cols, error_response = self._validate_columns()
if error_response:
return error_response
# Process each filter
for filter_item in filters:
result, error_response = self._process_filter(filter_item, available_cols)
if error_response:
return error_response
clause, filter_params = result
where_clauses.append(clause)
params.extend(filter_params)
# Get parquet files
parquet_files = self._get_parquet_files()
if not parquet_files:
return jsonify({"parquet_files": []}) # No files to query
# Build and execute query
query = self._build_query(parquet_files, where_clauses)
logger.info(f"Executing file search query: {query} with params: {params}")
result = self.db.execute_query(query, params).fetchall()
# Extract filenames from the result tuples
matching_files = [row[0] for row in result] # Filename is the first column
return jsonify({"parquet_files": matching_files})
except Exception as e:
logger.exception(f"Error in /query (find files) endpoint: {str(e)}") # Use logger.exception for stack trace
return jsonify({"error": f"An internal error occurred: {str(e)}"}), 500
def execute_sql(self):
"""Execute custom SQL query from the frontend."""
try:
# Ensure database view 'all_data' is available if the query uses it.
# Re-running setup_database() could be inefficient. Check view existence?
try:
self.db.execute_query("SELECT 1 FROM all_data LIMIT 0;") # Quick check if view exists
except Exception as view_error:
logger.warning(f"'all_data' view might not be ready ({view_error}). Attempting setup...")
if not self.db.setup_database():
# If setup fails here, the custom SQL might still work if it doesn't use 'all_data'
logger.error(f"{ERROR_DB_SETUP_FAILED} during custom SQL execution attempt.")
# Allow query execution anyway, but log the setup failure.
data = request.json
if not data or "sql" not in data:
return jsonify({"error": "No SQL query provided"}), 400
sql_query = data["sql"].strip()
# Basic safety check: rudimentary blocklist (can be expanded)
# This is NOT foolproof SQL injection prevention. Proper defense is complex.
# Consider read-only mode for the connection if feasible.
disallowed_keywords = ['DROP', 'DELETE', 'INSERT', 'UPDATE', 'ALTER', 'CREATE USER', 'GRANT']
if any(keyword in sql_query.upper() for keyword in disallowed_keywords):
# Allow CREATE VIEW specifically for our setup, maybe relax for CREATE TABLE/VIEW?
# Fine-tune based on allowed operations. For now, disallow common destructive ones.
# Let's be strict for now on custom SQL.
if not sql_query.upper().startswith("SELECT"): # A very basic read-only check
# Allow DESCRIBE and SHOW
if not (sql_query.upper().startswith("DESCRIBE") or sql_query.upper().startswith("SHOW")):
logger.warning(f"Potentially unsafe SQL query blocked: {sql_query}")
return jsonify({"error": "Query blocked for safety reasons (only SELECT, DESCRIBE, SHOW allowed)."}), 400
logger.info(f"Executing custom SQL: {sql_query}")
result_df = self.db.execute_query(sql_query).fetchdf() # fetchdf is convenient
# Convert to dict for JSON serialization
return jsonify({
"results": result_df.to_dict(orient='records'),
"columns": list(result_df.columns),
"row_count": len(result_df)
})
except Exception as e:
logger.error(f"Error executing custom SQL: {str(e)}")
# Provide more specific DuckDB errors if possible
return jsonify({"error": f"SQL execution error: {str(e)}"}), 500
def download_file(self, filename):
"""Download a parquet file."""
try:
# Basic security validation - ensure the file exists in our directory
current_dir = Path(__file__).parent
file_path = current_dir / filename
if not file_path.exists() or not file_path.is_file() or file_path.suffix != '.parquet':
return jsonify({"error": "File not found or invalid"}), 404
return send_file(file_path, as_attachment=True, download_name=filename)
except Exception as e:
logger.exception(f"Error downloading file {filename}: {str(e)}")
return jsonify({"error": f"Error downloading file: {str(e)}"}), 500
def run(self, debug=True, host='0.0.0.0', port=5001):
"""Run the Flask application"""
self.app.run(debug=debug, host=host, port=port)
if __name__ == '__main__':
# Create the SQL Interface instance
sql_interface = SQLInterface()
# Run the application
# Make sure the host is set to '0.0.0.0' to be accessible externally if needed
sql_interface.run(debug=True, host='0.0.0.0', port=5001)