@edge-base/server 0.2.1 → 0.2.3

package/src/__tests__/sql-route.test.ts

@@ -18,22 +18,28 @@ describe('sql route', () => {
   });
 
   it('rejects unconfigured shared namespace instead of treating it as implicit', async () => {
-    setConfig(defineConfig({
-      databases: {
-        app: {
-          tables: {
-            posts: { schema: { title: { type: 'string' } } },
+    setConfig(
+      defineConfig({
+        databases: {
+          app: {
+            tables: {
+              posts: { schema: { title: { type: 'string' } } },
+            },
           },
         },
-      },
-    }));
+      }),
+    );
 
     const app = createApp();
-    const response = await app.request('/api/sql', {
-      method: 'POST',
-      headers: { 'Content-Type': 'application/json' },
-      body: JSON.stringify({ namespace: 'shared', sql: 'SELECT 1' }),
-    }, {} as Env);
+    const response = await app.request(
+      '/api/sql',
+      {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({ namespace: 'shared', sql: 'SELECT 1' }),
+      },
+      {} as Env,
+    );
 
     expect(response.status).toBe(404);
     await expect(response.json()).resolves.toMatchObject({
@@ -43,30 +49,33 @@ describe('sql route', () => {
   });
 
   it('retries dynamic DO SQL after create handshake and forwards the DO name', async () => {
-    setConfig(defineConfig({
-      databases: {
-        workspace: {
-          instance: true,
-          tables: {
-            members: { schema: { userId: { type: 'string' } } },
+    setConfig(
+      defineConfig({
+        databases: {
+          workspace: {
+            instance: true,
+            tables: {
+              members: { schema: { userId: { type: 'string' } } },
+            },
           },
         },
-      },
-      serviceKeys: {
-        keys: [
-          {
-            kid: 'root',
-            tier: 'root',
-            scopes: ['*'],
-            secretSource: 'inline',
-            inlineSecret: 'sk-root',
-          },
-        ],
-      },
-    }));
+        serviceKeys: {
+          keys: [
+            {
+              kid: 'root',
+              tier: 'root',
+              scopes: ['*'],
+              secretSource: 'inline',
+              inlineSecret: 'sk-root',
+            },
+          ],
+        },
+      }),
+    );
 
     const stub = {
-      fetch: vi.fn()
+      fetch: vi
+        .fn()
         .mockResolvedValueOnce(
           new Response(JSON.stringify({ needsCreate: true, namespace: 'workspace', id: 'ws-1' }), {
             status: 201,
@@ -88,19 +97,23 @@ describe('sql route', () => {
     } as unknown as Env;
 
     const app = createApp();
-    const response = await app.request('/api/sql', {
-      method: 'POST',
-      headers: {
-        'Content-Type': 'application/json',
-        'X-EdgeBase-Service-Key': 'sk-root',
+    const response = await app.request(
+      '/api/sql',
+      {
+        method: 'POST',
+        headers: {
+          'Content-Type': 'application/json',
+          'X-EdgeBase-Service-Key': 'sk-root',
+        },
+        body: JSON.stringify({
+          namespace: 'workspace',
+          id: 'ws-1',
+          sql: 'SELECT COUNT(*) AS total FROM members',
+          params: [],
+        }),
       },
-      body: JSON.stringify({
-        namespace: 'workspace',
-        id: 'ws-1',
-        sql: 'SELECT COUNT(*) AS total FROM members',
-        params: [],
-      }),
-    }, env);
+      env,
+    );
 
     expect(response.status).toBe(200);
     await expect(response.json()).resolves.toMatchObject({
@@ -122,26 +135,28 @@ describe('sql route', () => {
   });
 
   it('uses D1 run() for non-SELECT SQL so schema mutations actually execute', async () => {
-    setConfig(defineConfig({
-      databases: {
-        shared: {
-          tables: {
-            posts: { schema: { title: { type: 'string' } } },
+    setConfig(
+      defineConfig({
+        databases: {
+          shared: {
+            tables: {
+              posts: { schema: { title: { type: 'string' } } },
+            },
           },
         },
-      },
-      serviceKeys: {
-        keys: [
-          {
-            kid: 'root',
-            tier: 'root',
-            scopes: ['*'],
-            secretSource: 'inline',
-            inlineSecret: 'sk-root',
-          },
-        ],
-      },
-    }));
+        serviceKeys: {
+          keys: [
+            {
+              kid: 'root',
+              tier: 'root',
+              scopes: ['*'],
+              secretSource: 'inline',
+              inlineSecret: 'sk-root',
+            },
+          ],
+        },
+      }),
+    );
 
     const stmt: {
       bind: ReturnType<typeof vi.fn>;
@@ -159,33 +174,129 @@ describe('sql route', () => {
     } as unknown as Env;
 
     const app = createApp();
-    const response = await app.request('/api/sql', {
-      method: 'POST',
-      headers: {
-        'Content-Type': 'application/json',
-        'X-EdgeBase-Service-Key': 'sk-root',
+    const response = await app.request(
+      '/api/sql',
+      {
+        method: 'POST',
+        headers: {
+          'Content-Type': 'application/json',
+          'X-EdgeBase-Service-Key': 'sk-root',
+        },
+        body: JSON.stringify({
+          namespace: 'shared',
+          sql: 'ALTER TABLE "posts" RENAME TO "articles"',
+        }),
       },
-      body: JSON.stringify({
-        namespace: 'shared',
-        sql: 'ALTER TABLE "posts" RENAME TO "articles"',
-      }),
-    }, env);
+      env,
+    );
 
     expect(response.status).toBe(200);
     await expect(response.json()).resolves.toMatchObject({
       rows: [],
       rowCount: 0,
     });
-    expect((env as unknown as { DB_D1_SHARED: { prepare: ReturnType<typeof vi.fn> } }).DB_D1_SHARED.prepare).toHaveBeenCalledWith(
-      'ALTER TABLE "posts" RENAME TO "articles"',
-    );
+    expect(
+      (env as unknown as { DB_D1_SHARED: { prepare: ReturnType<typeof vi.fn> } }).DB_D1_SHARED
+        .prepare,
+    ).toHaveBeenCalledWith('ALTER TABLE "posts" RENAME TO "articles"');
     expect(stmt.run).toHaveBeenCalledTimes(1);
     expect(stmt.all).not.toHaveBeenCalled();
   });
 
+  it.each(['postgres', 'neon'] as const)(
+    'routes %s raw SQL through the provider-aware executor and normalizes ? placeholders',
+    async (provider) => {
+      const fetchMock = vi
+        .fn()
+        .mockResolvedValueOnce(new Response(null, { status: 200 }))
+        .mockResolvedValueOnce(
+          new Response(
+            JSON.stringify({
+              columns: ['literal', 'total'],
+              rows: [{ literal: '?', total: 3 }],
+              rowCount: 1,
+            }),
+            {
+              status: 200,
+              headers: { 'Content-Type': 'application/json' },
+            },
+          ),
+        );
+      vi.stubGlobal('fetch', fetchMock);
+
+      setConfig(
+        defineConfig({
+          databases: {
+            shared: {
+              provider,
+              tables: {
+                posts: { schema: { title: { type: 'string' } } },
+              },
+            },
+          },
+          serviceKeys: {
+            keys: [
+              {
+                kid: 'root',
+                tier: 'root',
+                scopes: ['*'],
+                secretSource: 'inline',
+                inlineSecret: 'sk-root',
+              },
+            ],
+          },
+        }),
+      );
+
+      const env = {
+        DATABASE: {
+          idFromName: vi.fn().mockReturnValue('do-id'),
+          get: vi.fn(),
+        },
+        EDGEBASE_DEV_SIDECAR_PORT: '8788',
+        JWT_ADMIN_SECRET: 'jwt-secret',
+        DB_POSTGRES_SHARED_URL: 'postgres://edgebase:test@localhost/shared',
+      } as unknown as Env;
+
+      const app = createApp();
+      const response = await app.request(
+        '/api/sql',
+        {
+          method: 'POST',
+          headers: {
+            'Content-Type': 'application/json',
+            'X-EdgeBase-Service-Key': 'sk-root',
+          },
+          body: JSON.stringify({
+            namespace: 'shared',
+            sql: "SELECT '?' AS literal, COUNT(*) AS total FROM posts WHERE title = ?",
+            params: ['owner'],
+          }),
+        },
+        env,
+      );
+
+      expect(response.status).toBe(200);
+      await expect(response.json()).resolves.toMatchObject({
+        rows: [{ literal: '?', total: 3 }],
+        rowCount: 1,
+      });
+      expect(fetchMock).toHaveBeenCalledTimes(2);
+      expect(JSON.parse(String(fetchMock.mock.calls[1]?.[1]?.body ?? '{}'))).toEqual({
+        namespace: 'shared',
+        sql: "SELECT '?' AS literal, COUNT(*) AS total FROM posts WHERE title = $1",
+        params: ['owner'],
+      });
+      expect(
+        (env as unknown as { DATABASE: { get: ReturnType<typeof vi.fn> } }).DATABASE.get,
+      ).not.toHaveBeenCalled();
+    },
+  );
+
   it('executeDoSql retries the create handshake before returning rows', async () => {
     const stub = {
-      fetch: vi.fn()
+      fetch: vi
+        .fn()
         .mockResolvedValueOnce(
           new Response(JSON.stringify({ needsCreate: true, namespace: 'workspace', id: 'ws-2' }), {
             status: 201,

package/src/durable-objects/database-live-do.ts

@@ -19,6 +19,7 @@ interface DatabaseLiveEvent {
   docId: string;
   data: Record<string, unknown> | null;
   timestamp: string;
+  deliveryId?: string;
 }
 
 export type DatabaseLiveFilterCondition = [
@@ -42,6 +43,8 @@ interface WSMeta {
 }
 
 const MAX_FILTER_CONDITIONS = 5;
+const RECENT_DELIVERY_TTL_MS = 60_000;
+const MAX_RECENT_DELIVERIES = 2048;
 const VALID_FILTER_OPERATORS = new Set<FilterOperator>([
   '==',
   '!=',
@@ -138,6 +141,7 @@ export class DatabaseLiveDO extends DurableObject<DOEnv> {
   private filterRecoveryNeeded = true;
   private pendingAuth = new Map<string, ReturnType<typeof setTimeout>>();
   private metaCache = new Map<WebSocket, WSMeta>();
+  private recentDeliveryIds = new Map<string, number>();
 
   constructor(ctx: DurableObjectState, env: DOEnv) {
     super(ctx, env);
@@ -520,6 +524,10 @@ export class DatabaseLiveDO extends DurableObject<DOEnv> {
       return Response.json({ error: 'Invalid event body' }, { status: 400 });
     }
 
+    if (this.isDuplicateDelivery(event.deliveryId)) {
+      return Response.json({ ok: true, duplicate: true });
+    }
+
     await this.broadcastWithFilters({
       type: 'db_change',
       channel: event.channel,
@@ -540,6 +548,7 @@ export class DatabaseLiveDO extends DurableObject<DOEnv> {
       table: string;
       changes: Array<{ type: string; docId: string; data: Record<string, unknown> | null; timestamp: string }>;
       total: number;
+      deliveryId?: string;
     };
     try {
       batch = await request.json() as typeof batch;
@@ -547,6 +556,10 @@ export class DatabaseLiveDO extends DurableObject<DOEnv> {
       return Response.json({ error: 'Invalid batch event body' }, { status: 400 });
     }
 
+    if (this.isDuplicateDelivery(batch.deliveryId)) {
+      return Response.json({ ok: true, duplicate: true });
+    }
+
     const sockets = this.ctx.getWebSockets();
     const batchMsg = {
       type: 'batch_changes' as const,
@@ -646,13 +659,17 @@ export class DatabaseLiveDO extends DurableObject<DOEnv> {
    * Sends a custom broadcast_event to all clients subscribed to matching DB channels.
    */
   private async handleInternalBroadcast(request: Request): Promise<Response> {
-    let body: { channel?: string; event?: string; payload?: Record<string, unknown> };
+    let body: { channel?: string; event?: string; payload?: Record<string, unknown>; deliveryId?: string };
     try {
       body = await request.json() as typeof body;
     } catch {
       return Response.json({ error: 'Invalid broadcast body' }, { status: 400 });
     }
 
+    if (this.isDuplicateDelivery(body.deliveryId)) {
+      return Response.json({ ok: true, duplicate: true });
+    }
+
     const { channel, event, payload } = body;
     if (!channel || typeof channel !== 'string') {
       return Response.json({ error: 'channel is required' }, { status: 400 });
@@ -791,6 +808,34 @@ export class DatabaseLiveDO extends DurableObject<DOEnv> {
     this.metaCache.set(ws, meta);
   }
 
+  private isDuplicateDelivery(deliveryId?: string): boolean {
+    if (!deliveryId) return false;
+
+    const now = Date.now();
+    this.pruneRecentDeliveries(now);
+    if (this.recentDeliveryIds.has(deliveryId)) {
+      return true;
+    }
+
+    this.recentDeliveryIds.set(deliveryId, now);
+    while (this.recentDeliveryIds.size > MAX_RECENT_DELIVERIES) {
+      const oldest = this.recentDeliveryIds.keys().next().value;
+      if (!oldest) break;
+      this.recentDeliveryIds.delete(oldest);
+    }
+
+    return false;
+  }
+
+  private pruneRecentDeliveries(now: number): void {
+    for (const [deliveryId, seenAt] of this.recentDeliveryIds) {
+      if (now - seenAt <= RECENT_DELIVERY_TTL_MS) {
+        break;
+      }
+      this.recentDeliveryIds.delete(deliveryId);
+    }
+  }
+
   private getTableReadRule(tableName: string):
     | ((auth: Record<string, unknown> | null, row: Record<string, unknown>) => boolean | Promise<boolean>)
     | boolean

package/src/durable-objects/room-runtime-base.ts

@@ -48,6 +48,7 @@ export interface RoomDOEnv {
 
 export interface RoomWSMeta {
   authenticated: boolean;
+  authStateLost?: boolean;
   userId?: string;
   role?: string;
   auth?: SharedAuthContext;
@@ -70,6 +71,8 @@ const DEFAULT_DELTA_BATCH_MS = 50;
 const DEFAULT_RATE_LIMIT_ACTIONS = 10;
 const DEFAULT_RECONNECT_TIMEOUT_MS = 30000;
 const ROOM_CLIENT_LEAVE_CLOSE_CODE = 4005;
+const ROOM_AUTH_STATE_LOST_CLOSE_CODE = 4006;
+const ROOM_AUTH_STATE_LOST_CLOSE_REASON = 'Room authentication state lost';
 const EMPTY_ROOM_CLEANUP_DELAY_MS = 100;
 const DEFAULT_IDLE_TIMEOUT_SEC = 300;
 const ACTION_TIMEOUT_MS = 5000;
@@ -330,6 +333,7 @@ export class RoomRuntimeBaseDO extends DurableObject<RoomDOEnv> {
     const connectionId = crypto.randomUUID();
     const meta: RoomWSMeta = {
       authenticated: false,
+      authStateLost: false,
       connectionId,
       ip: request.headers.get('CF-Connecting-IP')
         || request.headers.get('X-Forwarded-For')?.split(',')[0]?.trim()
@@ -407,7 +411,7 @@ export class RoomRuntimeBaseDO extends DurableObject<RoomDOEnv> {
 
     // Everything else requires authentication
     if (!meta.authenticated) {
-      this.safeSend(ws, { type: 'error', code: 'NOT_AUTHENTICATED', message: 'Authenticate first' });
+      this.handleUnauthenticatedSocket(ws, meta);
       return;
     }
 
@@ -593,6 +597,7 @@ export class RoomRuntimeBaseDO extends DurableObject<RoomDOEnv> {
         new Request('http://internal/api/room/auth', { headers }),
       );
       meta.authenticated = true;
+      meta.authStateLost = false;
       meta.userId = auth.id;
       meta.role = auth.role;
       meta.auth = {
@@ -656,7 +661,7 @@ export class RoomRuntimeBaseDO extends DurableObject<RoomDOEnv> {
     msg: Record<string, unknown>,
   ): Promise<void> {
     if (!meta.authenticated || !meta.userId) {
-      this.safeSend(ws, { type: 'error', code: 'NOT_AUTHENTICATED', message: 'Authenticate first' });
+      this.handleUnauthenticatedSocket(ws, meta);
       return;
     }
 
@@ -1582,6 +1587,7 @@ export class RoomRuntimeBaseDO extends DurableObject<RoomDOEnv> {
 
       const meta: RoomWSMeta = {
         authenticated: false, // Must re-auth after hibernation
+        authStateLost: true,
         connectionId,
         ip,
       };
@@ -1596,6 +1602,24 @@ export class RoomRuntimeBaseDO extends DurableObject<RoomDOEnv> {
     this._metaCache.set(ws, meta);
   }
 
+  protected handleUnauthenticatedSocket(ws: WebSocket, meta: RoomWSMeta): void {
+    if (meta.authStateLost) {
+      this.safeSend(ws, {
+        type: 'error',
+        code: 'AUTH_STATE_LOST',
+        message: 'Room authentication state lost. Reconnect required.',
+      });
+      try {
+        ws.close(ROOM_AUTH_STATE_LOST_CLOSE_CODE, ROOM_AUTH_STATE_LOST_CLOSE_REASON);
+      } catch {
+        // Socket may already be closing.
+      }
+      return;
+    }
+
+    this.safeSend(ws, { type: 'error', code: 'NOT_AUTHENTICATED', message: 'Authenticate first' });
+  }
+
   // ─── Config ───
 
   private parseConfig(env: RoomDOEnv): EdgeBaseConfig {

package/src/durable-objects/rooms-do.ts

@@ -2359,7 +2359,7 @@ export class RoomsDO extends RoomRuntimeBaseDO {
     }
 
     if (!meta.authenticated) {
-      this.safeSend(ws, { type: 'error', code: 'NOT_AUTHENTICATED', message: 'Authenticate first' });
+      this.handleUnauthenticatedSocket(ws, meta);
       return null;
     }
 

package/src/lib/admin-db-target.ts

@@ -4,16 +4,7 @@ import type {
   AdminInstanceDiscoveryOption,
   EdgeBaseConfig,
 } from '@edge-base/shared';
-import { executeD1Sql } from './d1-sql.js';
-import { executeDoSql } from './do-sql.js';
-import { getD1BindingName, shouldRouteToD1 } from './do-router.js';
-import {
-  ensureLocalDevPostgresSchema,
-  getLocalDevPostgresExecOptions,
-  getProviderBindingName,
-  withPostgresConnection,
-} from './postgres-executor.js';
-import { ensurePgSchema } from './postgres-schema-init.js';
+import { executeProviderAwareSql } from './provider-aware-sql.js';
 import type { Env } from '../types.js';
 
 export interface AdminDbQueryResult {
@@ -47,13 +38,15 @@ interface ResolveAdminInstanceOptions {
 }
 
 function isDynamicDbBlock(
-  dbBlock: {
-    instance?: boolean;
-    access?: {
-      canCreate?: unknown;
-      access?: unknown;
-    };
-  } | undefined,
+  dbBlock:
+    | {
+        instance?: boolean;
+        access?: {
+          canCreate?: unknown;
+          access?: unknown;
+        };
+      }
+    | undefined,
 ): boolean {
   if (!dbBlock) return false;
   return !!(dbBlock.instance || dbBlock.access?.canCreate || dbBlock.access?.access);
@@ -108,7 +101,9 @@ function uniqueStrings(values: Array<string | undefined>): string[] {
   return result;
 }
 
-function normalizeDiscoveryItems(items: AdminInstanceDiscoveryOption[]): AdminInstanceDiscoveryOption[] {
+function normalizeDiscoveryItems(
+  items: AdminInstanceDiscoveryOption[],
+): AdminInstanceDiscoveryOption[] {
   const seen = new Set<string>();
   const normalized: AdminInstanceDiscoveryOption[] = [];
   for (const item of items) {
@@ -132,60 +127,17 @@ export async function executeAdminDbQuery({
   sql,
   params = [],
 }: ExecuteAdminDbQueryOptions): Promise<AdminDbQueryResult> {
-  const dbBlock = config.databases?.[namespace];
-  if (!dbBlock) {
-    throw new Error(`Namespace not found: ${namespace}`);
-  }
-
-  if (!id && (dbBlock.provider === 'neon' || dbBlock.provider === 'postgres')) {
-    const bindingName = getProviderBindingName(namespace);
-    const envRecord = env as unknown as Record<string, unknown>;
-    const hyperdrive = envRecord[bindingName] as { connectionString?: string } | undefined;
-    const envKey = dbBlock.connectionString ?? `${bindingName}_URL`;
-    const connectionString = hyperdrive?.connectionString ?? (envRecord[envKey] as string | undefined);
-    if (!connectionString) {
-      throw new Error(`PostgreSQL connection '${envKey}' not found.`);
-    }
-
-    const localDevOptions = getLocalDevPostgresExecOptions(env as unknown as Record<string, unknown>, namespace);
-    if (localDevOptions) {
-      await ensureLocalDevPostgresSchema(localDevOptions);
-    }
-    return withPostgresConnection(connectionString, async (query) => {
-      if (!localDevOptions) {
-        await ensurePgSchema(connectionString, namespace, dbBlock.tables ?? {}, query);
-      }
-      return query(sql, params);
-    }, localDevOptions);
-  }
-
-  if (!id && shouldRouteToD1(namespace, config)) {
-    const bindingName = getD1BindingName(namespace);
-    const d1 = (env as unknown as Record<string, unknown>)[bindingName] as D1Database | undefined;
-    if (!d1) {
-      throw new Error(`D1 binding '${bindingName}' not found.`);
-    }
-    const result = await executeD1Sql(d1, sql, params);
-    const rows = result.rows;
-    return {
-      columns: rows.length > 0 ? Object.keys(rows[0]) : [],
-      rows,
-      rowCount: result.rowCount,
-    };
-  }
-
-  const rows = await executeDoSql({
-    databaseNamespace: env.DATABASE,
+  return executeProviderAwareSql(
+    {
+      env,
+      config,
+      databaseNamespace: env.DATABASE,
+    },
     namespace,
     id,
-    query: sql,
+    sql,
     params,
-  });
-  return {
-    columns: rows.length > 0 ? Object.keys(rows[0]) : [],
-    rows,
-    rowCount: rows.length,
-  };
+  );
 }
 
 export async function resolveAdminInstanceOptions({
@@ -245,7 +197,11 @@ export async function resolveAdminInstanceOptions({
   const sourceLimit = clampLimit(discovery.limit, 12);
   const effectiveLimit = Math.min(requestedLimit, sourceLimit);
   const sourceDbBlock = config.databases?.[sourceNamespace];
-  const usesPostgres = Boolean(sourceDbBlock && !isDynamicDbBlock(sourceDbBlock) && (sourceDbBlock.provider === 'neon' || sourceDbBlock.provider === 'postgres'));
+  const usesPostgres = Boolean(
+    sourceDbBlock &&
+    !isDynamicDbBlock(sourceDbBlock) &&
+    (sourceDbBlock.provider === 'neon' || sourceDbBlock.provider === 'postgres'),
+  );
   const idField = discovery.idField ?? 'id';
   const labelField = discovery.labelField;
   const descriptionField = discovery.descriptionField;
@@ -254,14 +210,14 @@ export async function resolveAdminInstanceOptions({
   const aliasId = '__edgebase_id';
   const aliasLabel = '__edgebase_label';
   const aliasDescription = '__edgebase_description';
-  const selectParts = [
-    `${quoteIdentifier(idField)} AS ${quoteIdentifier(aliasId)}`,
-  ];
+  const selectParts = [`${quoteIdentifier(idField)} AS ${quoteIdentifier(aliasId)}`];
   if (labelField) {
     selectParts.push(`${quoteIdentifier(labelField)} AS ${quoteIdentifier(aliasLabel)}`);
   }
   if (descriptionField) {
-    selectParts.push(`${quoteIdentifier(descriptionField)} AS ${quoteIdentifier(aliasDescription)}`);
+    selectParts.push(
+      `${quoteIdentifier(descriptionField)} AS ${quoteIdentifier(aliasDescription)}`,
+    );
   }
 
   const params: unknown[] = [];