@blamejs/blamejs-shop 0.4.31 → 0.4.33

package/lib/vendor/blamejs/lib/seeders.js

@@ -58,10 +58,13 @@ var nodePath = require("node:path");
 var atomicFile = require("./atomic-file");
 var C = require("./constants");
 var dbSchema = require("./db-schema");
+var frameworkSchema = require("./framework-schema");
 var lazyRequire = require("./lazy-require");
 var { boot } = require("./log");
 var migrationFiles = require("./migration-files");
 var requestHelpers = require("./request-helpers");
+var safeSql = require("./safe-sql");
+var sql = require("./sql");
 var validateOpts = require("./validate-opts");
 var { SeederError } = require("./framework-error");
 
@@ -72,13 +75,29 @@ var observability = lazyRequire(function () { return require("./observability");
 
 var _err = SeederError.factory;
 
-var SEEDERS_TABLE = "_blamejs_seeders";
-var LOCK_TABLE    = "_blamejs_seeders_lock";
-// Pre-quoted forms used at every SQL interpolation site — defense in
-// depth so a future rename to a reserved-word or whitespace-bearing
-// table name doesn't silently break the query.
-var Q_SEEDERS_TABLE = '"' + SEEDERS_TABLE + '"';
-var Q_LOCK_TABLE    = '"' + LOCK_TABLE    + '"';
+// Logical framework-table names, resolved to the configured prefix via
+// frameworkSchema.tableName at every call site. These run against the
+// local node:sqlite handle directly (no clusterStorage rewrite in the
+// path), so b.sql is built with quoteName: true on the resolved name —
+// the `"name"` identifier form the single-node path always prepares.
+var SEEDERS_TABLE = "_blamejs_seeders";       // allow:hand-rolled-sql — logical name declaration; physical name + prefix resolve via frameworkSchema.tableName below
+var LOCK_TABLE    = "_blamejs_seeders_lock";  // allow:hand-rolled-sql — logical name declaration; physical name + prefix resolve via frameworkSchema.tableName below
+
+// b.sql opts for the local single-node handle: the resolved table name,
+// quoted by construction. tableName() applies the configurable prefix
+// (byte-identical to the literal under the default _blamejs_ prefix).
+function _seedersTable() { return frameworkSchema.tableName(SEEDERS_TABLE); }
+function _lockTable() { return frameworkSchema.tableName(LOCK_TABLE); }
+// b.sql opts resolved from the handle's dialect (sqlite by default; an
+// operator's own Postgres / MySQL handle declares `handle.dialect`).
+// quoteName forces the resolved framework name to quote. The
+// handle-dialect / opts / key-text-type resolution is shared with
+// db-schema's reconciler + migrations.js, so it is composed from db-schema
+// rather than re-derived here. The historical default (sqlite) is
+// byte-identical for every local-handle caller.
+var _handleDialect = dbSchema.handleDialect;
+var _sqlOpts = dbSchema.sqlOpts;
+var _keyTextType = dbSchema.keyTextType;
 
 // Filename grammar: leading numeric prefix (any width), '-', non-empty
 // body of [A-Za-z0-9_-], '.js'. Same shape as migrations to avoid
@@ -279,48 +298,63 @@ function _ensureTables(db) {
   // Both _blamejs_seeders + _blamejs_seeders_lock are part of
   // FRAMEWORK_SCHEMA so db.js creates them at boot. The CREATE IF NOT
   // EXISTS here is defensive for tests that hand-seed a fresh
-  // node:sqlite Database without going through b.db.
-  _runSql(db,
-    "CREATE TABLE IF NOT EXISTS " + Q_SEEDERS_TABLE + " (" +
-    "  env         TEXT NOT NULL," +
-    "  name        TEXT NOT NULL," +
-    "  description TEXT," +
-    "  appliedAt   TEXT NOT NULL," +
-    "  rerunnable  INTEGER NOT NULL DEFAULT 0," +
-    "  PRIMARY KEY (env, name)" +
-    ")"
-  );
-  _runSql(db,
-    "CREATE TABLE IF NOT EXISTS " + Q_LOCK_TABLE + " (" +
-    "  scope     TEXT PRIMARY KEY CHECK (scope = 'lock')," +
-    "  lockedAt  INTEGER NOT NULL," +
-    "  lockedBy  TEXT NOT NULL" +
-    ")"
-  );
+  // node:sqlite Database without going through b.db. Built through b.sql
+  // so the identifiers quote by construction (composite PK + the single-
+  // row CHECK fence on the lock table mirror db.js's FRAMEWORK_SCHEMA).
+  // env + name are the composite PRIMARY KEY, so both take the key-safe
+  // text type (VARCHAR on mysql, TEXT elsewhere). The lock's scope CHECK
+  // quotes the column under the handle dialect (backtick on mysql); lockedAt
+  // is ms-epoch (`int` → BIGINT on Postgres/MySQL, INTEGER on SQLite).
+  var dialect = _handleDialect(db);
+  var kt = _keyTextType(db);
+  var scopeCheck = "CHECK (" + safeSql.quoteIdentifier("scope", dialect, { allowReserved: true }) + " = 'lock')";
+  var seedersDdl = sql.createTable(_seedersTable(), [
+    { name: "env",         type: kt,     notNull: true },
+    { name: "name",        type: kt,     notNull: true },
+    { name: "description", type: "text" },
+    { name: "appliedAt",   type: "text", notNull: true },
+    { name: "rerunnable",  type: "int",  notNull: true, default: 0 },
+  ], { quoteName: true, primaryKey: ["env", "name"], dialect: dialect });
+  _runSql(db, seedersDdl.sql);
+  var lockDdl = sql.createTable(_lockTable(), [
+    { name: "scope",    type: kt,     primaryKey: true, constraints: scopeCheck },
+    { name: "lockedAt", type: "int",  notNull: true },
+    { name: "lockedBy", type: "text", notNull: true },
+  ], { quoteName: true, dialect: dialect });
+  _runSql(db, lockDdl.sql);
 }
 
 function _lockHolderId() {
   return String(process.pid) + "@" + (require("node:os").hostname() || "unknown");
 }
 
+// b.sql-built statements for the single advisory-lock row. Each binds
+// every value as a placeholder (the constant scope "lock" included) and
+// quotes the resolved table name by construction.
+function _lockInsertSql(db, nowMs, holder) {
+  return sql.insert(_lockTable(), _sqlOpts(db))
+    .values({ scope: "lock", lockedAt: nowMs, lockedBy: holder }).toSql();
+}
+
 function _acquireLock(db, lockStaleAfterMs, clock) {
   var holder = _lockHolderId();
   var nowMs = clock();
   try {
-    db.prepare(
-      "INSERT INTO " + Q_LOCK_TABLE + " (scope, lockedAt, lockedBy) VALUES ('lock', ?, ?)"
-    ).run(nowMs, holder);
+    var ins = _lockInsertSql(db, nowMs, holder);
+    var insStmt = db.prepare(ins.sql);
+    insStmt.run.apply(insStmt, ins.params);
     return holder;
   } catch (_e) {
-    var existing = db.prepare(
-      "SELECT lockedAt, lockedBy FROM " + Q_LOCK_TABLE + " WHERE scope = 'lock'"
-    ).get();
+    var selBuilt = sql.select(_lockTable(), _sqlOpts(db))
+      .columns(["lockedAt", "lockedBy"]).where("scope", "lock").toSql();
+    var selStmt = db.prepare(selBuilt.sql);
+    var existing = selStmt.get.apply(selStmt, selBuilt.params);
     if (!existing) {
       // Race window between INSERT failure and SELECT — try once more.
       try {
-        db.prepare(
-          "INSERT INTO " + Q_LOCK_TABLE + " (scope, lockedAt, lockedBy) VALUES ('lock', ?, ?)"
-        ).run(nowMs, holder);
+        var ins2 = _lockInsertSql(db, nowMs, holder);
+        var ins2Stmt = db.prepare(ins2.sql);
+        ins2Stmt.run.apply(ins2Stmt, ins2.params);
         return holder;
       } catch (e2) {
         throw _err("LOCK_BUSY",
@@ -329,23 +363,32 @@ function _acquireLock(db, lockStaleAfterMs, clock) {
     }
     var ageMs = nowMs - Number(existing.lockedAt);
     if (lockStaleAfterMs > 0 && ageMs > lockStaleAfterMs) {
-      _runSql(db, "BEGIN IMMEDIATE");
+      // Force-replace the stale lock atomically. The transaction boundary
+      // is dialect-aware: only SQLite has the `BEGIN IMMEDIATE`
+      // write-lock-up-front form — Postgres + MySQL reject the `IMMEDIATE`
+      // keyword, so the shared runInTransaction helper emits a plain
+      // portable `BEGIN`/`COMMIT`/`ROLLBACK` there.
+      var lockMode = _handleDialect(db) === "sqlite" ? "IMMEDIATE" : null;
       try {
-        db.prepare("DELETE FROM " + Q_LOCK_TABLE + " WHERE scope = 'lock' AND lockedAt = ?")
-          .run(existing.lockedAt);
-        db.prepare(
-          "INSERT INTO " + Q_LOCK_TABLE + " (scope, lockedAt, lockedBy) VALUES ('lock', ?, ?)"
-        ).run(nowMs, holder);
-        _runSql(db, "COMMIT");
-        return holder;
+        return dbSchema.runInTransaction(db, function () {
+          var delBuilt = sql.delete(_lockTable(), _sqlOpts(db))
+            .where("scope", "lock").where("lockedAt", existing.lockedAt).toSql();
+          var delStmt = db.prepare(delBuilt.sql);
+          delStmt.run.apply(delStmt, delBuilt.params);
+          var insForce = _lockInsertSql(db, nowMs, holder);
+          var insForceStmt = db.prepare(insForce.sql);
+          insForceStmt.run.apply(insForceStmt, insForce.params);
+          return holder;
+        }, {
+          lockMode: lockMode,
+          onRollbackFail: function (rollbackErr) {
+            log.debug("rollback-failed", {
+              op: "lock-stale-replace",
+              error: rollbackErr && rollbackErr.message,
+            });
+          },
+        });
       } catch (forceErr) {
-        try { _runSql(db, "ROLLBACK"); }
-        catch (rollbackErr) {
-          log.debug("rollback-failed", {
-            op: "lock-stale-replace",
-            error: rollbackErr && rollbackErr.message,
-          });
-        }
         throw _err("LOCK_STALE_REPLACE_FAILED",
           "seeders: could not replace stale lock: " +
           ((forceErr && forceErr.message) || String(forceErr)));
@@ -359,9 +402,10 @@ function _acquireLock(db, lockStaleAfterMs, clock) {
 
 function _releaseLock(db, holder) {
   try {
-    db.prepare(
-      "DELETE FROM " + Q_LOCK_TABLE + " WHERE scope = 'lock' AND lockedBy = ?"
-    ).run(holder);
+    var built = sql.delete(_lockTable(), _sqlOpts(db))
+      .where("scope", "lock").where("lockedBy", holder).toSql();
+    var stmt = db.prepare(built.sql);
+    stmt.run.apply(stmt, built.params);
   } catch (_e) { /* best-effort */ }
 }
 
@@ -406,10 +450,13 @@ function create(opts) {
   }
 
   function _appliedRows(db, env) {
-    return db.prepare(
-      "SELECT name, description, appliedAt, rerunnable FROM " + Q_SEEDERS_TABLE +
-      " WHERE env = ? ORDER BY appliedAt ASC, name ASC"
-    ).all(env);
+    var built = sql.select(_seedersTable(), _sqlOpts(db))
+      .columns(["name", "description", "appliedAt", "rerunnable"])
+      .where("env", env)
+      .orderBy("appliedAt", "asc").orderBy("name", "asc")
+      .toSql();
+    var stmt = db.prepare(built.sql);
+    return stmt.all.apply(stmt, built.params);
   }
 
   function status(callerOpts) {
@@ -469,8 +516,11 @@ function create(opts) {
 
     var holder = _acquireLock(db, lockStaleAfterMs, clock);
     try {
+      var appliedSelBuilt = sql.select(_seedersTable(), _sqlOpts(db))
+        .columns(["name"]).where("env", env).toSql();
+      var appliedSelStmt = db.prepare(appliedSelBuilt.sql);
       var appliedSet = new Set(
-        db.prepare("SELECT name FROM " + Q_SEEDERS_TABLE + " WHERE env = ?").all(env)
+        appliedSelStmt.all.apply(appliedSelStmt, appliedSelBuilt.params)
           .map(function (r) { return r.name; })
       );
 
@@ -503,27 +553,25 @@ function create(opts) {
             _runSql(db, "BEGIN");
             try {
               await mod.run(db, ctx);
+              var nowIso = new Date(clock()).toISOString();
+              var writeBuilt;
               if (alreadyApplied && mod.rerunnable) {
-                db.prepare(
-                  "UPDATE " + Q_SEEDERS_TABLE +
-                  " SET appliedAt = ?, description = ?, rerunnable = ?" +
-                  " WHERE env = ? AND name = ?"
-                ).run(new Date(clock()).toISOString(), mod.description || "",
-                      mod.rerunnable ? 1 : 0, env, name);
+                writeBuilt = sql.update(_seedersTable(), _sqlOpts(db))
+                  .set({ appliedAt: nowIso, description: mod.description || "",
+                         rerunnable: mod.rerunnable ? 1 : 0 })
+                  .where("env", env).where("name", name).toSql();
               } else if (alreadyApplied && force) {
-                db.prepare(
-                  "UPDATE " + Q_SEEDERS_TABLE +
-                  " SET appliedAt = ?, description = ?" +
-                  " WHERE env = ? AND name = ?"
-                ).run(new Date(clock()).toISOString(), mod.description || "",
-                      env, name);
+                writeBuilt = sql.update(_seedersTable(), _sqlOpts(db))
+                  .set({ appliedAt: nowIso, description: mod.description || "" })
+                  .where("env", env).where("name", name).toSql();
               } else {
-                db.prepare(
-                  "INSERT INTO " + Q_SEEDERS_TABLE +
-                  " (env, name, description, appliedAt, rerunnable) VALUES (?, ?, ?, ?, ?)"
-                ).run(env, name, mod.description || "",
-                      new Date(clock()).toISOString(), mod.rerunnable ? 1 : 0);
+                writeBuilt = sql.insert(_seedersTable(), _sqlOpts(db))
+                  .values({ env: env, name: name, description: mod.description || "",
+                            appliedAt: nowIso, rerunnable: mod.rerunnable ? 1 : 0 })
+                  .toSql();
               }
+              var writeStmt = db.prepare(writeBuilt.sql);
+              writeStmt.run.apply(writeStmt, writeBuilt.params);
               _runSql(db, "COMMIT");
             } catch (e) {
               try { _runSql(db, "ROLLBACK"); }

package/lib/vendor/blamejs/lib/session-stores.js

@@ -37,22 +37,50 @@
  *     b.session.useStore(sessionStore);
  */
 
+var frameworkSchema = require("./framework-schema");
 var localDbThin  = require("./local-db-thin");
+var sql          = require("./sql");
 var validateOpts = require("./validate-opts");
 
-var SESSION_SCHEMA_SQL = [
-  "CREATE TABLE IF NOT EXISTS _blamejs_sessions (",
-  '  "sidHash"      TEXT PRIMARY KEY,',
-  '  "userId"       TEXT,',
-  '  "userIdHash"   TEXT,',
-  '  "data"         TEXT,',
-  '  "createdAt"    INTEGER,',
-  '  "expiresAt"    INTEGER,',
-  '  "lastActivity" INTEGER',
-  ");",
-  'CREATE INDEX IF NOT EXISTS "_blamejs_sessions_userIdHash_idx" ON _blamejs_sessions ("userIdHash");',
-  'CREATE INDEX IF NOT EXISTS "_blamejs_sessions_expiresAt_idx"  ON _blamejs_sessions ("expiresAt");',
-].join("\n");
+// Logical session-table name — resolved through frameworkSchema.tableName
+// so a configured table prefix (b.frameworkSchema.setTablePrefix) is
+// honored. This isolated localDbThin file owns its own schema; the name
+// must agree with the main-DB / cluster-mode session table b.session
+// reads + the sealedFields registry key (db.js registers under the
+// logical name).
+var SESSION_LOGICAL = "_blamejs_sessions";   // allow:hand-rolled-sql — canonical logical table-name declaration
+
+// b.sql opts for this adapter's schema DDL + every statement b.session
+// builds against it. The localDbThin backend is a dedicated node:sqlite
+// file (always sqlite, independent of cluster mode — see local-db-thin.js),
+// so the dialect is the literal "sqlite": this store NEVER dispatches to an
+// external Postgres / MySQL backend. Making the dialect explicit (rather than
+// leaning on b.sql's "sqlite" default) keeps the quoting intent documented +
+// matches the cluster-routed data-layer files threading
+// clusterStorage.dialect() through the same opts seam.
+var SQL_OPTS = { dialect: "sqlite" };
+
+// CREATE TABLE + the two session-side indexes (userIdHash for
+// destroyAllForUser, expiresAt for purgeExpired), built through b.sql so
+// every identifier is quoted by construction and the table name resolves
+// through the configurable prefix. DDL binds no values, so each builder
+// returns { sql } only; the statements are joined for the adapter's
+// schemaSql.
+function _sessionSchemaSql() {
+  var table = frameworkSchema.tableName(SESSION_LOGICAL);
+  var create = sql.createTable(table, [
+    { name: "sidHash",      type: "text", primaryKey: true },
+    { name: "userId",       type: "text" },
+    { name: "userIdHash",   type: "text" },
+    { name: "data",         type: "text" },
+    { name: "createdAt",    type: "int" },
+    { name: "expiresAt",    type: "int" },
+    { name: "lastActivity", type: "int" },
+  ], SQL_OPTS).sql;
+  var idxUser = sql.createIndex(table + "_userIdHash_idx", table, ["userIdHash"], SQL_OPTS).sql;
+  var idxExp  = sql.createIndex(table + "_expiresAt_idx", table, ["expiresAt"], SQL_OPTS).sql;
+  return [create + ";", idxUser + ";", idxExp + ";"].join("\n");
+}
 
 /**
  * @primitive b.session.stores.localDbThin
@@ -99,7 +127,7 @@ function localDbThinStore(opts) {
   // logging out every user; operators wanting clear-on-corrupt opt in.
   var handle = localDbThin.thin({
     file:       opts.file,
-    schemaSql:  SESSION_SCHEMA_SQL,
+    schemaSql:  _sessionSchemaSql(),
     recovery:   opts.recovery || "refuse",
     pragmas:    opts.pragmas,
     audit:      opts.audit !== false,