Backend for binding sql plan feature

.golangci.yml

@@ -42,10 +42,7 @@ linters:
     - prealloc
     - predeclared
     - revive
-    - rowserrcheck
-    - sqlclosecheck
     - unconvert
-    - wastedassign
     - whitespace
 
 linters-settings:

CONTRIBUTING.md

@@ -12,7 +12,7 @@ Although TiDB Dashboard can also be integrated into [PD], this form is not conve
 
 ### Step 1. Start a TiDB cluster
 
-[TiUP] is the offical component manager for [TiDB]. It can help you set up a local TiDB cluster in a few minutes.
+[TiUP](https://docs.pingcap.com/tidb/stable/tiup-overview) is the official component manager for [TiDB]. It can help you set up a local TiDB cluster in a few minutes.
 
 Download and install TiUP:
 
@@ -33,12 +33,12 @@ source ~/.bash_profile
 Start a local TiDB cluster:
 
 ```bash
-tiup playground nightly
+tiup playground
 ```
 
 You might notice that there is already a TiDB Dashboard integrated into the PD started by TiUP. For development purpose, it will not be used intentionally.
 
-### Step 2. Prepare Prerequisites
+### Step 2. Prepare Dev Prerequisites
 
 The followings are required for developing TiDB Dashboard:
 
@@ -51,21 +51,30 @@ The followings are required for developing TiDB Dashboard:
 
 ### Step 3. Build and Run TiDB Dashboard
 
-1. Clone the repository:
+> Make sure that `tiup playground` is running on the background.
+
+Package frontend and backend into a single binary:
 
    ```bash
-   git clone https://github.com/pingcap/tidb-dashboard.git
-   cd tidb-dashboard
+   # Build a binary into `bin/tidb-dashboard`.
+   make package
+
+   # Run.
+   make run
    ```
 
-2. Build and run TiDB Dashboard back-end server:
+   You can access TiDB Dashboard now: [http://127.0.0.1:12333/dashboard](http://127.0.0.1:12333/dashboard)
+
+#### Develop Frontend and Backend Separately
+
+1. Build and run TiDB Dashboard back-end server:
 
    ```bash
    # In tidb-dashboard directory:
    make dev && make run
    ```
 
-3. Build and run front-end server in a new terminal:
+2. Build and run front-end server in a new terminal:
 
    ```bash
    # In tidb-dashboard directory:
@@ -74,19 +83,7 @@ The followings are required for developing TiDB Dashboard:
    pnpm dev
    ```
 
-4. That's it! You can access TiDB Dashboard now: [http://127.0.0.1:3001](http://127.0.0.1:3001)
-
-5. (Optional) Package frontend and backend into a single binary:
-
-   ```bash
-   # In tidb-dashboard directory:
-   make package
-
-   # Run the binary without separate frontend server:
-   make run
-   ```
-
-   You can access TiDB Dashboard now: [http://127.0.0.1:12333/dashboard](http://127.0.0.1:12333/dashboard)
+3. That's it! You can access TiDB Dashboard now: [http://127.0.0.1:3001](http://127.0.0.1:3001)
 
 ### Step 4. Run E2E Tests (optional)
 

Makefile

@@ -6,7 +6,7 @@ PNPM_INSTALL_TAGS ?=
 
 LDFLAGS ?=
 
-FEATURE_VERSION ?= 6.2.0
+FEATURE_VERSION ?= 6.6.0
 
 WITHOUT_NGM ?= false
 

cmd/tidb-dashboard/main.go

@@ -224,7 +224,7 @@ func main() {
 	log.Info(fmt.Sprintf("API:     http://%s:%d/dashboard/api/", cliConfig.ListenHost, cliConfig.ListenPort))
 	log.Info(fmt.Sprintf("Swagger: http://%s:%d/dashboard/api/swagger/", cliConfig.ListenHost, cliConfig.ListenPort))
 
-	srv := &http.Server{Handler: mux}
+	srv := &http.Server{Handler: mux} // nolint:gosec
 	var wg sync.WaitGroup
 	wg.Add(1)
 	go func() {

pkg/apiserver/clusterinfo/topology.go

@@ -6,7 +6,7 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 
 	"github.com/pingcap/tidb-dashboard/pkg/httpc"
@@ -31,7 +31,7 @@ func fetchAlertManagerCounts(ctx context.Context, alertManagerAddr string, httpC
 		return 0, fmt.Errorf("alert manager API returns non success status code")
 	}
 
-	data, err := ioutil.ReadAll(resp.Body)
+	data, err := io.ReadAll(resp.Body)
 	if err != nil {
 		return 0, err
 	}

pkg/apiserver/debugapi/endpoint/payload.go

@@ -65,7 +65,8 @@ func (c HTTPClients) GetHTTPClientByNodeKind(kind topo.Kind) *httpclient.Client
 // RequestPayloadResolver resolves the request payload using specified API definitions.
 //
 // The relationship is below:
-// 	 RequestPayload ---(RequestPayloadResolver.ResolvePayload)---> ResolvedRequestPayload
+//
+//	RequestPayload ---(RequestPayloadResolver.ResolvePayload)---> ResolvedRequestPayload
 type RequestPayloadResolver struct {
 	apis       []APIDefinition
 	apiMapByID map[string]*APIDefinition

pkg/apiserver/diagnose/diagnose.go

@@ -5,7 +5,6 @@ package diagnose
 import (
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
 	"net/http"
 	"net/url"
 	"os"
@@ -91,7 +90,7 @@ func (s *Service) generateMetricsRelation(startTime, endTime time.Time, graphTyp
 		return "", err
 	}
 
-	file, err := ioutil.TempFile("", "metrics*.svg")
+	file, err := os.CreateTemp("", "metrics*.svg")
 	if err != nil {
 		return "", fmt.Errorf("failed to create temp file: %v", err)
 	}
@@ -168,7 +167,7 @@ func (s *Service) metricsRelationViewHandler(c *gin.Context) {
 		return
 	}
 
-	data, err := ioutil.ReadFile(filepath.Clean(path))
+	data, err := os.ReadFile(filepath.Clean(path))
 	if err != nil {
 		rest.Error(c, err)
 		return

pkg/apiserver/logsearch/service.go

@@ -4,8 +4,8 @@ package logsearch
 
 import (
 	"context"
-	"io/ioutil"
 	"net/http"
+	"os"
 	"strconv"
 	"strings"
 
@@ -36,7 +36,7 @@ func NewService(lc fx.Lifecycle, config *config.Config, db *dbstore.DB) *Service
 	dir := config.TempDir
 	if dir == "" {
 		var err error
-		dir, err = ioutil.TempDir("", "dashboard-logs")
+		dir, err = os.MkdirTemp("", "dashboard-logs")
 		if err != nil {
 			log.Fatal("Failed to create directory for storing logs", zap.Error(err))
 		}

pkg/apiserver/metrics/router.go

@@ -4,7 +4,7 @@ package metrics
 
 import (
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"net/url"
 	"strconv"
@@ -84,7 +84,7 @@ func (s *Service) queryMetrics(c *gin.Context) {
 		return
 	}
 
-	body, err := ioutil.ReadAll(promResp.Body)
+	body, err := io.ReadAll(promResp.Body)
 	if err != nil {
 		rest.Error(c, ErrPrometheusQueryFailed.Wrap(err, "failed to read Prometheus query result"))
 		return

pkg/apiserver/profiling/pprof.go

@@ -4,7 +4,7 @@ package profiling
 
 import (
 	"fmt"
-	"io/ioutil"
+	"os"
 	"strconv"
 
 	"github.com/pingcap/tidb-dashboard/pkg/apiserver/model"
@@ -58,7 +58,7 @@ func (f *fetcher) FetchAndWriteToFile(duration uint, fileNameWithoutExt string,
 		fileExtenstion = "*.txt"
 	}
 
-	tmpfile, err := ioutil.TempFile("", fileNameWithoutExt+"_"+fileExtenstion)
+	tmpfile, err := os.CreateTemp("", fileNameWithoutExt+"_"+fileExtenstion)
 	if err != nil {
 		return "", "", fmt.Errorf("failed to create tmpfile to write profile: %v", err)
 	}

pkg/apiserver/profiling/router.go

@@ -6,7 +6,6 @@ import (
 	"archive/zip"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"net/http"
 	"os"
 	"path/filepath"
@@ -399,7 +398,7 @@ func (s *Service) viewSingle(c *gin.Context) {
 		return
 	}
 
-	content, err := ioutil.ReadFile(task.FilePath)
+	content, err := os.ReadFile(task.FilePath)
 	if err != nil {
 		rest.Error(c, err)
 		return

pkg/apiserver/statement/models.go

@@ -170,3 +170,11 @@ func filterFieldsByColumns(fields []Field, columns []string) []Field {
 
 	return filteredFields
 }
+
+// Binding struct maps to the response of `SHOW BINDINGS` query.
+type Binding struct {
+	Status     string `json:"status" example:"enabled" enums:"enabled,using,disabled,deleted,invalid,rejected,pending verify"`
+	Source     string `json:"source" example:"manual" enums:"manual,history,capture,evolve"`
+	SQLDigest  string `json:"-" gorm:"column:Sql_digest"`
+	PlanDigest string `json:"plan_digest" gorm:"column:Plan_digest"`
+}

pkg/apiserver/statement/queries.go

@@ -6,14 +6,18 @@ import (
 	"fmt"
 	"regexp"
 	"strings"
+	"time"
 
+	"github.com/pingcap/errors"
 	"gorm.io/gorm"
 )
 
 const (
 	statementsTable = "INFORMATION_SCHEMA.CLUSTER_STATEMENTS_SUMMARY_HISTORY"
 )
 
+var injectChecker = regexp.MustCompile(`\s`)
+
 func queryStmtTypes(db *gorm.DB) (result []string, err error) {
 	// why should put DISTINCT inside the `Pluck()` method, see here:
 	// https://github.com/jinzhu/gorm/issues/496
@@ -172,3 +176,61 @@ func (s *Service) queryPlanDetail(
 	err = query.Scan(&result).Error
 	return
 }
+
+func (s *Service) queryPlanBinding(db *gorm.DB, sqlDigest string, beginTime, endTime int) (bindings []Binding, err error) {
+	// The binding sql digest is newly generated and different from the original sql digest,
+	// we have to do one more query here.
+
+	// First, get plan digests by sql digest.
+	q1 := db.
+		Table(statementsTable).
+		Select("plan_digest").
+		Where("digest = ? AND summary_begin_time <= FROM_UNIXTIME(?) AND summary_end_time > FROM_UNIXTIME(?)", sqlDigest, endTime, beginTime)
+	q1Res := make([]map[string]any, 0)
+	if err := q1.Find(&q1Res).Error; err != nil {
+		return nil, err
+	}
+	planDigests := make([]string, 0, len(q1Res))
+	for _, row := range q1Res {
+		s, ok := row["plan_digest"].(string)
+		if !ok {
+			return nil, errors.New("invalid plan digest value")
+		}
+		planDigests = append(planDigests, s)
+	}
+
+	// Second, get bindings.
+	query := db.Raw("SHOW GLOBAL BINDINGS WHERE plan_digest IN (?) AND source = ? AND status IN (?)", planDigests, "history", []string{"enabled", "using"})
+	return bindings, query.Scan(&bindings).Error
+}
+
+func (s *Service) createPlanBinding(db *gorm.DB, planDigest string) (err error) {
+	// Caution! SQL injection vulnerability!
+	// We have to interpolate sql string here, since plan binding stmt does not support session level prepare.
+	// go-sql-driver can enable interpolation globally. Refer to https://github.com/go-sql-driver/mysql#interpolateparams.
+	if injectChecker.MatchString(planDigest) {
+		return errors.New("invalid planDigest")
+	}
+
+	query := db.Exec(fmt.Sprintf("CREATE GLOBAL BINDING FROM HISTORY USING PLAN DIGEST '%s'", planDigest))
+	return query.Error
+}
+
+func (s *Service) dropPlanBinding(db *gorm.DB, sqlDigest string) (err error) {
+	// The binding sql digest is newly generated and different from the original sql digest,
+	// we have to do one more query here.
+	bindings, err := s.queryPlanBinding(db, sqlDigest, 0, int(time.Now().Unix()))
+	if err != nil {
+		return err
+	}
+
+	for _, binding := range bindings {
+		// No SQL injection vulnerability here.
+		query := db.Exec(fmt.Sprintf("DROP GLOBAL BINDING FOR SQL DIGEST '%s'", binding.SQLDigest))
+		if query.Error != nil {
+			return query.Error
+		}
+	}
+
+	return nil
+}