From a40816b94823f6fa8972f959538ad3cb72e0e98e Mon Sep 17 00:00:00 2001
From: LouisLam <louislam@users.noreply.github.com>
Date: Fri, 6 Aug 2021 19:09:00 +0800
Subject: [PATCH] fix high severity vulnerabilities by using my fork sqlite3
 package

---
 server/database.js | 19 +++++++++++++++++++
 server/server.js   |  4 +---
 2 files changed, 20 insertions(+), 3 deletions(-)

diff --git a/server/database.js b/server/database.js
index 4accbc32e..2e60ae407 100644
--- a/server/database.js
+++ b/server/database.js
@@ -4,6 +4,7 @@ const { R } = require("redbean-node");
 const {
     setSetting, setting,
 } = require("./util-server");
+const knex = require("knex");
 
 class Database {
 
@@ -12,6 +13,24 @@ class Database {
     static latestVersion = 5;
     static noReject = true;
 
+    static connect() {
+        const Dialect = require("knex/lib/dialects/sqlite3/index.js");
+        Dialect.prototype._driver = () => require("@louislam/sqlite3");
+
+        R.setup(knex({
+            client: Dialect,
+            connection: {
+                filename: Database.path,
+            },
+            useNullAsDefault: true,
+            pool: {
+                min: 1,
+                max: 1,
+                idleTimeoutMillis: 30000,
+            }
+        }));
+    }
+
     static async patch() {
         let version = parseInt(await setting("database_version"));
 
diff --git a/server/server.js b/server/server.js
index daaf9555a..cff7a8ad7 100644
--- a/server/server.js
+++ b/server/server.js
@@ -649,9 +649,7 @@ async function initDatabase() {
     }
 
     console.log("Connecting to Database")
-    R.setup("sqlite", {
-        filename: Database.path,
-    });
+    Database.connect();
     console.log("Connected")
 
     // Patch the database