From cdcd442d9e248b86c37d5711a15c86a99ad0e3bd Mon Sep 17 00:00:00 2001
From: karminski <code.karminski@outlook.com>
Date: Tue, 2 Jan 2024 11:31:05 +0800
Subject: [PATCH] ADD password encode method for database connection DSN.

---
 src/actionruntime/couchdb/base.go    |  7 ++++++-
 src/actionruntime/mongodb/base.go    |  7 ++++++-
 src/actionruntime/mssql/base.go      |  7 ++++++-
 src/actionruntime/mysql/base.go      | 13 +++++++++++--
 src/actionruntime/postgresql/base.go | 13 +++++++++++--
 5 files changed, 40 insertions(+), 7 deletions(-)

diff --git a/src/actionruntime/couchdb/base.go b/src/actionruntime/couchdb/base.go
index 5c4d1cfd..cbb28c4b 100644
--- a/src/actionruntime/couchdb/base.go
+++ b/src/actionruntime/couchdb/base.go
@@ -16,6 +16,7 @@ package couchdb
 
 import (
 	"fmt"
+	"net/url"
 
 	_ "github.com/go-kivik/couchdb/v4"
 	"github.com/go-kivik/kivik/v4"
@@ -42,7 +43,11 @@ func (c *Connector) getClient(resourceOptions map[string]interface{}) (*kivik.Cl
 	if c.resourceOptions.SSL {
 		protocolStr = "https"
 	}
-	dsn := fmt.Sprintf("%s://%s:%s@%s:%s/", protocolStr, c.resourceOptions.Username, c.resourceOptions.Password,
+	escapedPassword, errInEscape := url.QueryUnescape(c.resourceOptions.Password)
+	if errInEscape != nil {
+		escapedPassword = c.resourceOptions.Password
+	}
+	dsn := fmt.Sprintf("%s://%s:%s@%s:%s/", protocolStr, c.resourceOptions.Username, escapedPassword,
 		c.resourceOptions.Host, c.resourceOptions.Port)
 	client, err := kivik.New("couch", dsn)
 	if err != nil {
diff --git a/src/actionruntime/mongodb/base.go b/src/actionruntime/mongodb/base.go
index 3ff2494c..c9d3ff26 100644
--- a/src/actionruntime/mongodb/base.go
+++ b/src/actionruntime/mongodb/base.go
@@ -22,6 +22,7 @@ import (
 	"encoding/pem"
 	"errors"
 	"fmt"
+	"net/url"
 	"strings"
 
 	"github.com/mitchellh/mapstructure"
@@ -42,8 +43,12 @@ func (m *Connector) getConnectionWithOptions(resourceOptions map[string]interfac
 			return nil, err
 		}
 		if mOptions.DatabaseUsername != "" && mOptions.DatabasePassword != "" {
+			escapedPassword, errInEscape := url.QueryUnescape(mOptions.DatabasePassword)
+			if errInEscape != nil {
+				escapedPassword = mOptions.DatabasePassword
+			}
 			uri = fmt.Sprintf("%s://%s:%s@%s", CONNECTION_FORMAT[mOptions.ConnectionFormat],
-				mOptions.DatabaseUsername, mOptions.DatabasePassword, mOptions.Host)
+				mOptions.DatabaseUsername, escapedPassword, mOptions.Host)
 		} else {
 			uri = fmt.Sprintf("%s://%s", CONNECTION_FORMAT[mOptions.ConnectionFormat], mOptions.Host)
 		}
diff --git a/src/actionruntime/mssql/base.go b/src/actionruntime/mssql/base.go
index 615d0095..87d2b4e5 100644
--- a/src/actionruntime/mssql/base.go
+++ b/src/actionruntime/mssql/base.go
@@ -21,6 +21,7 @@ import (
 	"encoding/pem"
 	"errors"
 	"fmt"
+	"net/url"
 
 	mssqldb "github.com/microsoft/go-mssqldb"
 	"github.com/microsoft/go-mssqldb/msdsn"
@@ -42,10 +43,14 @@ func (m *Connector) getConnectionWithOptions(resourceOptions map[string]interfac
 	if err := mapstructure.Decode(resourceOptions, &m.ResourceOpts); err != nil {
 		return nil, err
 	}
+	escapedPassword, errInEscape := url.QueryUnescape(m.ResourceOpts.Password)
+	if errInEscape != nil {
+		escapedPassword = m.ResourceOpts.Password
+	}
 
 	// build base Microsoft SQL Server connection string
 	connString := fmt.Sprintf("server=%s;port=%s;database=%s;user id=%s;password=%s", m.ResourceOpts.Host,
-		m.ResourceOpts.Port, m.ResourceOpts.DatabaseName, m.ResourceOpts.Username, m.ResourceOpts.Password)
+		m.ResourceOpts.Port, m.ResourceOpts.DatabaseName, m.ResourceOpts.Username, escapedPassword)
 	// append connection options
 	for _, opt := range m.ResourceOpts.ConnectionOpts {
 		if opt["key"] != "" {
diff --git a/src/actionruntime/mysql/base.go b/src/actionruntime/mysql/base.go
index 71ed8867..53df47af 100644
--- a/src/actionruntime/mysql/base.go
+++ b/src/actionruntime/mysql/base.go
@@ -21,6 +21,7 @@ import (
 	"encoding/pem"
 	"errors"
 	"fmt"
+	"net/url"
 
 	"github.com/go-sql-driver/mysql"
 	_ "github.com/go-sql-driver/mysql"
@@ -47,8 +48,12 @@ func (m *MySQLConnector) getConnectionWithOptions(resourceOptions map[string]int
 }
 
 func (m *MySQLConnector) connectPure() (db *sql.DB, err error) {
+	escapedPassword, errInEscape := url.QueryUnescape(m.Resource.DatabasePassword)
+	if errInEscape != nil {
+		escapedPassword = m.Resource.DatabasePassword
+	}
 	dsn := fmt.Sprintf("%s:%s@tcp(%s:%s)/%s", m.Resource.DatabaseUsername,
-		m.Resource.DatabasePassword, m.Resource.Host, m.Resource.Port, m.Resource.DatabaseName)
+		escapedPassword, m.Resource.Host, m.Resource.Port, m.Resource.DatabaseName)
 	db, err = sql.Open("mysql", dsn+"?timeout=30s")
 	if err != nil {
 		return nil, err
@@ -57,8 +62,12 @@ func (m *MySQLConnector) connectPure() (db *sql.DB, err error) {
 }
 
 func (m *MySQLConnector) connectViaSSL() (db *sql.DB, err error) {
+	escapedPassword, errInEscape := url.QueryUnescape(m.Resource.DatabasePassword)
+	if errInEscape != nil {
+		escapedPassword = m.Resource.DatabasePassword
+	}
 	dsn := fmt.Sprintf("%s:%s@tcp(%s:%s)/%s", m.Resource.DatabaseUsername,
-		m.Resource.DatabasePassword, m.Resource.Host, m.Resource.Port, m.Resource.DatabaseName)
+		escapedPassword, m.Resource.Host, m.Resource.Port, m.Resource.DatabaseName)
 	pool := x509.NewCertPool()
 	if ok := pool.AppendCertsFromPEM([]byte(m.Resource.SSL.ServerCert)); !ok {
 		return nil, errors.New("MySQL SSL/TLS Connection failed")
diff --git a/src/actionruntime/postgresql/base.go b/src/actionruntime/postgresql/base.go
index 2587c2c3..ec5e76b9 100644
--- a/src/actionruntime/postgresql/base.go
+++ b/src/actionruntime/postgresql/base.go
@@ -21,6 +21,7 @@ import (
 	"encoding/pem"
 	"errors"
 	"fmt"
+	"net/url"
 	"reflect"
 
 	"github.com/google/uuid"
@@ -48,8 +49,12 @@ func (p *Connector) getConnectionWithOptions(resourceOptions map[string]interfac
 }
 
 func (p *Connector) connectPure() (db *pgx.Conn, err error) {
+	escapedPassword, errInEscape := url.QueryUnescape(p.Resource.DatabasePassword)
+	if errInEscape != nil {
+		escapedPassword = p.Resource.DatabasePassword
+	}
 	dsn := fmt.Sprintf("postgresql://%s:%s@%s:%s/%s", p.Resource.DatabaseUsername,
-		p.Resource.DatabasePassword, p.Resource.Host, p.Resource.Port, p.Resource.DatabaseName)
+		escapedPassword, p.Resource.Host, p.Resource.Port, p.Resource.DatabaseName)
 	pgCfg, err := pgx.ParseConfig(dsn)
 	if err != nil {
 		return nil, err
@@ -62,8 +67,12 @@ func (p *Connector) connectPure() (db *pgx.Conn, err error) {
 }
 
 func (p *Connector) connectViaSSL() (db *pgx.Conn, err error) {
+	escapedPassword, errInEscape := url.QueryUnescape(p.Resource.DatabasePassword)
+	if errInEscape != nil {
+		escapedPassword = p.Resource.DatabasePassword
+	}
 	dsn := fmt.Sprintf("postgresql://%s:%s@%s:%s/%s", p.Resource.DatabaseUsername,
-		p.Resource.DatabasePassword, p.Resource.Host, p.Resource.Port, p.Resource.DatabaseName)
+		escapedPassword, p.Resource.Host, p.Resource.Port, p.Resource.DatabaseName)
 	pgCfg, err := pgx.ParseConfig(dsn)
 	if err != nil {
 		return nil, err