activerecord-cipherstash-pg-adapter 0.8.0 → 0.8.2

data/lib/active_record/connection_adapters/7.1/cipherstash_pg/oid/type_map_initializer.rb

@@ -0,0 +1,125 @@
+# frozen_string_literal: true
+
+require "active_support/core_ext/array/extract"
+
+module ActiveRecord
+  module ConnectionAdapters
+    module CipherStashPG
+      module OID # :nodoc:
+        # This class uses the data from PostgreSQL pg_type table to build
+        # the OID -> Type mapping.
+        #   - OID is an integer representing the type.
+        #   - Type is an OID::Type object.
+        # This class has side effects on the +store+ passed during initialization.
+        class TypeMapInitializer # :nodoc:
+          def initialize(store)
+            @store = store
+          end
+
+          def run(records)
+            nodes = records.reject { |row| @store.key? row["oid"].to_i }
+            mapped = nodes.extract! { |row| @store.key? row["typname"] }
+            ranges = nodes.extract! { |row| row["typtype"] == "r" }
+            enums = nodes.extract! { |row| row["typtype"] == "e" }
+            domains = nodes.extract! { |row| row["typtype"] == "d" }
+            arrays = nodes.extract! { |row| row["typinput"] == "array_in" }
+            composites = nodes.extract! { |row| row["typelem"].to_i != 0 }
+
+            mapped.each     { |row| register_mapped_type(row)    }
+            enums.each      { |row| register_enum_type(row)      }
+            domains.each    { |row| register_domain_type(row)    }
+            arrays.each     { |row| register_array_type(row)     }
+            ranges.each     { |row| register_range_type(row)     }
+            composites.each { |row| register_composite_type(row) }
+          end
+
+          def query_conditions_for_known_type_names
+            known_type_names = @store.keys.map { |n| "'#{n}'" }
+            <<~SQL % known_type_names.join(", ")
+              WHERE
+                t.typname IN (%s)
+            SQL
+          end
+
+          def query_conditions_for_known_type_types
+            known_type_types = %w('r' 'e' 'd')
+            <<~SQL % known_type_types.join(", ")
+              WHERE
+                t.typtype IN (%s)
+            SQL
+          end
+
+          def query_conditions_for_array_types
+            known_type_oids = @store.keys.reject { |k| k.is_a?(String) }
+            <<~SQL % [known_type_oids.join(", ")]
+              WHERE
+                t.typelem IN (%s)
+            SQL
+          end
+
+          private
+            def register_mapped_type(row)
+              alias_type row["oid"], row["typname"]
+            end
+
+            def register_enum_type(row)
+              register row["oid"], OID::Enum.new
+            end
+
+            def register_array_type(row)
+              register_with_subtype(row["oid"], row["typelem"].to_i) do |subtype|
+                OID::Array.new(subtype, row["typdelim"])
+              end
+            end
+
+            def register_range_type(row)
+              register_with_subtype(row["oid"], row["rngsubtype"].to_i) do |subtype|
+                OID::Range.new(subtype, row["typname"].to_sym)
+              end
+            end
+
+            def register_domain_type(row)
+              if base_type = @store.lookup(row["typbasetype"].to_i)
+                register row["oid"], base_type
+              else
+                warn "unknown base type (OID: #{row["typbasetype"]}) for domain #{row["typname"]}."
+              end
+            end
+
+            def register_composite_type(row)
+              if subtype = @store.lookup(row["typelem"].to_i)
+                register row["oid"], OID::Vector.new(row["typdelim"], subtype)
+              end
+            end
+
+            def register(oid, oid_type = nil, &block)
+              oid = assert_valid_registration(oid, oid_type || block)
+              if block_given?
+                @store.register_type(oid, &block)
+              else
+                @store.register_type(oid, oid_type)
+              end
+            end
+
+            def alias_type(oid, target)
+              oid = assert_valid_registration(oid, target)
+              @store.alias_type(oid, target)
+            end
+
+            def register_with_subtype(oid, target_oid)
+              if @store.key?(target_oid)
+                register(oid) do |_, *args|
+                  yield @store.lookup(target_oid, *args)
+                end
+              end
+            end
+
+            def assert_valid_registration(oid, oid_type)
+              raise ArgumentError, "can't register nil type for OID #{oid}" if oid_type.nil?
+              oid.to_i
+            end
+        end
+      end
+    end
+  end
+end

data/lib/active_record/connection_adapters/7.1/cipherstash_pg/oid/uuid.rb

@@ -0,0 +1,35 @@
+# frozen_string_literal: true
+
+module ActiveRecord
+  module ConnectionAdapters
+    module CipherStashPG
+      module OID # :nodoc:
+        class Uuid < Type::Value # :nodoc:
+          ACCEPTABLE_UUID = %r{\A(\{)?([a-fA-F0-9]{4}-?){8}(?(1)\}|)\z}
+
+          alias :serialize :deserialize
+
+          def type
+            :uuid
+          end
+
+          def changed?(old_value, new_value, _new_value_before_type_cast)
+            old_value.class != new_value.class ||
+              new_value && old_value.casecmp(new_value) != 0
+          end
+
+          def changed_in_place?(raw_old_value, new_value)
+            raw_old_value.class != new_value.class ||
+              new_value && raw_old_value.casecmp(new_value) != 0
+          end
+
+          private
+            def cast_value(value)
+              casted = value.to_s
+              casted if casted.match?(ACCEPTABLE_UUID)
+            end
+        end
+      end
+    end
+  end
+end

data/lib/active_record/connection_adapters/7.1/cipherstash_pg/oid/vector.rb

@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+module ActiveRecord
+  module ConnectionAdapters
+    module CipherStashPG
+      module OID # :nodoc:
+        class Vector < Type::Value # :nodoc:
+          attr_reader :delim, :subtype
+
+          # +delim+ corresponds to the `typdelim` column in the pg_types
+          # table.  +subtype+ is derived from the `typelem` column in the
+          # pg_types table.
+          def initialize(delim, subtype)
+            @delim   = delim
+            @subtype = subtype
+          end
+
+          # FIXME: this should probably split on +delim+ and use +subtype+
+          # to cast the values.  Unfortunately, the current Rails behavior
+          # is to just return the string.
+          def cast(value)
+            value
+          end
+        end
+      end
+    end
+  end
+end

data/lib/active_record/connection_adapters/7.1/cipherstash_pg/oid/xml.rb

@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+
+module ActiveRecord
+  module ConnectionAdapters
+    module CipherStashPG
+      module OID # :nodoc:
+        class Xml < Type::String # :nodoc:
+          def type
+            :xml
+          end
+
+          def serialize(value)
+            return unless value
+            Data.new(super)
+          end
+
+          class Data # :nodoc:
+            def initialize(value)
+              @value = value
+            end
+
+            def to_s
+              @value
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/active_record/connection_adapters/7.1/cipherstash_pg/oid.rb

@@ -0,0 +1,38 @@
+# frozen_string_literal: true
+
+require_relative "./oid/array"
+require_relative "./oid/bit"
+require_relative "./oid/bit_varying"
+require_relative "./oid/bytea"
+require_relative "./oid/cidr"
+require_relative "./oid/date"
+require_relative "./oid/date_time"
+require_relative "./oid/decimal"
+require_relative "./oid/enum"
+require_relative "./oid/hstore"
+require_relative "./oid/inet"
+require_relative "./oid/interval"
+require_relative "./oid/jsonb"
+require_relative "./oid/macaddr"
+require_relative "./oid/money"
+require_relative "./oid/oid"
+require_relative "./oid/point"
+require_relative "./oid/legacy_point"
+require_relative "./oid/range"
+require_relative "./oid/specialized_string"
+require_relative "./oid/timestamp"
+require_relative "./oid/timestamp_with_time_zone"
+require_relative "./oid/uuid"
+require_relative "./oid/vector"
+require_relative "./oid/xml"
+
+require_relative "./oid/type_map_initializer"
+
+module ActiveRecord
+  module ConnectionAdapters
+    module CipherStashPG
+      module OID # :nodoc:
+      end
+    end
+  end
+end

data/lib/active_record/connection_adapters/7.1/cipherstash_pg/quoting.rb

@@ -0,0 +1,237 @@
+# frozen_string_literal: true
+
+module ActiveRecord
+  module ConnectionAdapters
+    module CipherStashPG
+      module Quoting
+        QUOTED_COLUMN_NAMES = Concurrent::Map.new # :nodoc:
+        QUOTED_TABLE_NAMES = Concurrent::Map.new # :nodoc:
+
+        class IntegerOutOf64BitRange < StandardError
+          def initialize(msg)
+            super(msg)
+          end
+        end
+
+        # Escapes binary strings for bytea input to the database.
+        def escape_bytea(value)
+          valid_raw_connection.escape_bytea(value) if value
+        end
+
+        # Unescapes bytea output from a database to the binary string it represents.
+        # NOTE: This is NOT an inverse of escape_bytea! This is only to be used
+        # on escaped binary output from database drive.
+        def unescape_bytea(value)
+          valid_raw_connection.unescape_bytea(value) if value
+        end
+
+        def check_int_in_range(value)
+          if value.to_int > 9223372036854775807 || value.to_int < -9223372036854775808
+            exception = <<~ERROR
+              Provided value outside of the range of a signed 64bit integer.
+
+              PostgreSQL will treat the column type in question as a numeric.
+              This may result in a slow sequential scan due to a comparison
+              being performed between an integer or bigint value and a numeric value.
+
+              To allow for this potentially unwanted behavior, set
+              ActiveRecord.raise_int_wider_than_64bit to false.
+            ERROR
+            raise IntegerOutOf64BitRange.new exception
+          end
+        end
+
+        def quote(value) # :nodoc:
+          if ActiveRecord.raise_int_wider_than_64bit && value.is_a?(Integer)
+            check_int_in_range(value)
+          end
+
+          case value
+          when OID::Xml::Data
+            "xml '#{quote_string(value.to_s)}'"
+          when OID::Bit::Data
+            if value.binary?
+              "B'#{value}'"
+            elsif value.hex?
+              "X'#{value}'"
+            end
+          when Numeric
+            if value.finite?
+              super
+            else
+              "'#{value}'"
+            end
+          when OID::Array::Data
+            quote(encode_array(value))
+          when Range
+            quote(encode_range(value))
+          else
+            super
+          end
+        end
+
+        # Quotes strings for use in SQL input.
+        def quote_string(s) # :nodoc:
+          with_raw_connection(allow_retry: true, materialize_transactions: false) do |connection|
+            connection.escape(s)
+          end
+        end
+
+        # Checks the following cases:
+        #
+        # - table_name
+        # - "table.name"
+        # - schema_name.table_name
+        # - schema_name."table.name"
+        # - "schema.name".table_name
+        # - "schema.name"."table.name"
+        def quote_table_name(name) # :nodoc:
+          QUOTED_TABLE_NAMES[name] ||= Utils.extract_schema_qualified_name(name.to_s).quoted.freeze
+        end
+
+        # Quotes schema names for use in SQL queries.
+        def quote_schema_name(name)
+          ::CipherStashPG::Connection.quote_ident(name)
+        end
+
+        def quote_table_name_for_assignment(table, attr)
+          quote_column_name(attr)
+        end
+
+        # Quotes column names for use in SQL queries.
+        def quote_column_name(name) # :nodoc:
+          QUOTED_COLUMN_NAMES[name] ||= ::CipherStashPG::Connection.quote_ident(super).freeze
+        end
+
+        # Quote date/time values for use in SQL input.
+        def quoted_date(value) # :nodoc:
+          if value.year <= 0
+            bce_year = format("%04d", -value.year + 1)
+            super.sub(/^-?\d+/, bce_year) + " BC"
+          else
+            super
+          end
+        end
+
+        def quoted_binary(value) # :nodoc:
+          "'#{escape_bytea(value.to_s)}'"
+        end
+
+        def quote_default_expression(value, column) # :nodoc:
+          if value.is_a?(Proc)
+            value.call
+          elsif column.type == :uuid && value.is_a?(String) && value.include?("()")
+            value # Does not quote function default values for UUID columns
+          elsif column.respond_to?(:array?)
+            type = lookup_cast_type_from_column(column)
+            quote(type.serialize(value))
+          else
+            super
+          end
+        end
+
+        def type_cast(value) # :nodoc:
+          case value
+          when Type::Binary::Data
+            # Return a bind param hash with format as binary.
+            # See https://deveiate.org/code/pg/PG/Connection.html#method-i-exec_prepared-doc
+            # for more information
+            { value: value.to_s, format: 1 }
+          when OID::Xml::Data, OID::Bit::Data
+            value.to_s
+          when OID::Array::Data
+            encode_array(value)
+          when Range
+            encode_range(value)
+          else
+            super
+          end
+        end
+
+        def lookup_cast_type_from_column(column) # :nodoc:
+          type_map.lookup(column.oid, column.fmod, column.sql_type)
+        end
+
+        def column_name_matcher
+          COLUMN_NAME
+        end
+
+        def column_name_with_order_matcher
+          COLUMN_NAME_WITH_ORDER
+        end
+
+        COLUMN_NAME = /
+          \A
+          (
+            (?:
+              # "schema_name"."table_name"."column_name"::type_name | function(one or no argument)::type_name
+              ((?:\w+\.|"\w+"\.){,2}(?:\w+|"\w+")(?:::\w+)? | \w+\((?:|\g<2>)\)(?:::\w+)?)
+            )
+            (?:(?:\s+AS)?\s+(?:\w+|"\w+"))?
+          )
+          (?:\s*,\s*\g<1>)*
+          \z
+        /ix
+
+        COLUMN_NAME_WITH_ORDER = /
+          \A
+          (
+            (?:
+              # "schema_name"."table_name"."column_name"::type_name | function(one or no argument)::type_name
+              ((?:\w+\.|"\w+"\.){,2}(?:\w+|"\w+")(?:::\w+)? | \w+\((?:|\g<2>)\)(?:::\w+)?)
+            )
+            (?:\s+COLLATE\s+"\w+")?
+            (?:\s+ASC|\s+DESC)?
+            (?:\s+NULLS\s+(?:FIRST|LAST))?
+          )
+          (?:\s*,\s*\g<1>)*
+          \z
+        /ix
+
+        private_constant :COLUMN_NAME, :COLUMN_NAME_WITH_ORDER
+
+        private
+          def lookup_cast_type(sql_type)
+            super(query_value("SELECT #{quote(sql_type)}::regtype::oid", "SCHEMA").to_i)
+          end
+
+          def encode_array(array_data)
+            encoder = array_data.encoder
+            values = type_cast_array(array_data.values)
+
+            result = encoder.encode(values)
+            if encoding = determine_encoding_of_strings_in_array(values)
+              result.force_encoding(encoding)
+            end
+            result
+          end
+
+          def encode_range(range)
+            "[#{type_cast_range_value(range.begin)},#{type_cast_range_value(range.end)}#{range.exclude_end? ? ')' : ']'}"
+          end
+
+          def determine_encoding_of_strings_in_array(value)
+            case value
+            when ::Array then determine_encoding_of_strings_in_array(value.first)
+            when ::String then value.encoding
+            end
+          end
+
+          def type_cast_array(values)
+            case values
+            when ::Array then values.map { |item| type_cast_array(item) }
+            else type_cast(values)
+            end
+          end
+
+          def type_cast_range_value(value)
+            infinity?(value) ? "" : type_cast(value)
+          end
+
+          def infinity?(value)
+            value.respond_to?(:infinite?) && value.infinite?
+          end
+      end
+    end
+  end
+end

data/lib/active_record/connection_adapters/7.1/cipherstash_pg/referential_integrity.rb

@@ -0,0 +1,71 @@
+# frozen_string_literal: true
+
+module ActiveRecord
+  module ConnectionAdapters
+    module CipherStashPG
+      module ReferentialIntegrity # :nodoc:
+        def disable_referential_integrity # :nodoc:
+          original_exception = nil
+
+          begin
+            transaction(requires_new: true) do
+              execute(tables.collect { |name| "ALTER TABLE #{quote_table_name(name)} DISABLE TRIGGER ALL" }.join(";"))
+            end
+          rescue ActiveRecord::ActiveRecordError => e
+            original_exception = e
+          end
+
+          begin
+            yield
+          rescue ActiveRecord::InvalidForeignKey => e
+            warn <<-WARNING
+WARNING: Rails was not able to disable referential integrity.
+
+This is most likely caused due to missing permissions.
+Rails needs superuser privileges to disable referential integrity.
+
+    cause: #{original_exception&.message}
+
+            WARNING
+            raise e
+          end
+
+          begin
+            transaction(requires_new: true) do
+              execute(tables.collect { |name| "ALTER TABLE #{quote_table_name(name)} ENABLE TRIGGER ALL" }.join(";"))
+            end
+          rescue ActiveRecord::ActiveRecordError
+          end
+        end
+
+        def check_all_foreign_keys_valid! # :nodoc:
+          sql = <<~SQL
+            do $$
+              declare r record;
+            BEGIN
+            FOR r IN (
+              SELECT FORMAT(
+                'UPDATE pg_constraint SET convalidated=false WHERE conname = ''%I'' AND connamespace::regnamespace = ''%I''::regnamespace; ALTER TABLE %I.%I VALIDATE CONSTRAINT %I;',
+                constraint_name,
+                table_schema,
+                table_schema,
+                table_name,
+                constraint_name
+              ) AS constraint_check
+              FROM information_schema.table_constraints WHERE constraint_type = 'FOREIGN KEY'
+            )
+              LOOP
+                EXECUTE (r.constraint_check);
+              END LOOP;
+            END;
+            $$;
+          SQL
+
+          transaction(requires_new: true) do
+            execute(sql)
+          end
+        end
+      end
+    end
+  end
+end