npm - @edge-base/server - Versions diffs - 0.2.2 → 0.2.4 - Mend

@edge-base/server 0.2.2 → 0.2.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (97) hide show

package/src/__tests__/service-key-db-proxy.test.ts CHANGED Viewed

@@ -1,4 +1,4 @@
-import { afterEach, describe, expect, it } from 'vitest';
+import { afterEach, describe, expect, it, vi } from 'vitest';
 import { defineConfig } from '@edge-base/shared';
 import { EdgeBaseError } from '@edge-base/shared';
 import { setConfig } from '../lib/do-router.js';
@@ -117,6 +117,7 @@ describe('DB proxy service key forwarding', () => {
       databases: {
         workspace: {
           provider: 'do',
+          instance: true,
           tables: {
             users: {},
           },
@@ -203,6 +204,7 @@ describe('DB proxy service key forwarding', () => {
       databases: {
         workspace: {
           provider: 'do',
+          instance: true,
           tables: {
             users: {},
           },
@@ -375,6 +377,125 @@ describe('DB proxy service key forwarding', () => {
     await expect(response.json()).resolves.toEqual({ id: 'u1', name: 'June' });
   });
+  it('auto-retries single-instance provider=do namespaces when the DO asks for bootstrap authorization', async () => {
+    setConfig(defineConfig({
+      release: true,
+      databases: {
+        app: {
+          provider: 'do',
+          tables: {
+            posts: {
+              access: {
+                read: () => true,
+              },
+            },
+          },
+        },
+      },
+    }));
+    const forwardedHeaders: Headers[] = [];
+    let callCount = 0;
+    const app = createApp();
+    const response = await app.request('/api/db/app/tables/posts', {
+      method: 'GET',
+    }, createEnv((_input, init) => {
+      forwardedHeaders.push(new Headers(init?.headers));
+      callCount += 1;
+      if (callCount === 1) {
+        return new Response(JSON.stringify({ needsCreate: true, namespace: 'app' }), {
+          status: 201,
+          headers: { 'Content-Type': 'application/json' },
+        });
+      }
+      return new Response(JSON.stringify({ items: [] }), {
+        status: 200,
+        headers: { 'Content-Type': 'application/json' },
+      });
+    }));
+    expect(response.status).toBe(200);
+    await expect(response.json()).resolves.toEqual({ items: [] });
+    expect(forwardedHeaders).toHaveLength(2);
+    expect(forwardedHeaders[0].get('X-DO-Create-Authorized')).toBeNull();
+    expect(forwardedHeaders[1].get('X-DO-Create-Authorized')).toBe('1');
+  });
+  it('rejects instanceId route segments for single-instance namespaces before touching the DO', async () => {
+    setConfig(defineConfig({
+      release: true,
+      databases: {
+        app: {
+          provider: 'do',
+          tables: {
+            posts: {
+              access: {
+                read: () => true,
+              },
+            },
+          },
+        },
+      },
+    }));
+    const onFetch = vi.fn();
+    const app = createApp();
+    const response = await app.request('/api/db/app/attacker/tables/posts', {
+      method: 'GET',
+    }, createEnv(onFetch));
+    expect(response.status).toBe(400);
+    await expect(response.json()).resolves.toMatchObject({
+      code: 400,
+      message: "instanceId is not allowed for single-instance namespace 'app'",
+    });
+    expect(onFetch).not.toHaveBeenCalled();
+  });
+  it('rejects missing instanceId for dynamic namespaces even for service key requests', async () => {
+    setConfig(defineConfig({
+      release: true,
+      databases: {
+        workspace: {
+          provider: 'do',
+          instance: true,
+          tables: {
+            users: {},
+          },
+        },
+      },
+      serviceKeys: {
+        keys: [
+          {
+            kid: 'root',
+            tier: 'root',
+            scopes: ['*'],
+            secretSource: 'inline',
+            inlineSecret: 'sk-root',
+          },
+        ],
+      },
+    }));
+    const onFetch = vi.fn();
+    const app = createApp();
+    const response = await app.request('/api/db/workspace/tables/users', {
+      method: 'POST',
+      headers: {
+        'X-EdgeBase-Service-Key': 'sk-root',
+        'Content-Type': 'application/json',
+      },
+      body: JSON.stringify({ id: 'user-1' }),
+    }, createEnv(onFetch));
+    expect(response.status).toBe(400);
+    await expect(response.json()).resolves.toMatchObject({
+      code: 400,
+      message: "instanceId is required for dynamic namespace 'workspace'",
+    });
+    expect(onFetch).not.toHaveBeenCalled();
+  });
   it('does not trust raw X-EdgeBase-Internal on public DB requests', async () => {
     setConfig(defineConfig({
       release: true,

package/src/__tests__/sql-route.test.ts CHANGED Viewed

@@ -18,22 +18,28 @@ describe('sql route', () => {
   });
   it('rejects unconfigured shared namespace instead of treating it as implicit', async () => {
-    setConfig(defineConfig({
-      databases: {
-        app: {
-          tables: {
-            posts: { schema: { title: { type: 'string' } } },
+    setConfig(
+      defineConfig({
+        databases: {
+          app: {
+            tables: {
+              posts: { schema: { title: { type: 'string' } } },
+            },
           },
         },
-      },
-    }));
+      }),
+    );
     const app = createApp();
-    const response = await app.request('/api/sql', {
-      method: 'POST',
-      headers: { 'Content-Type': 'application/json' },
-      body: JSON.stringify({ namespace: 'shared', sql: 'SELECT 1' }),
-    }, {} as Env);
+    const response = await app.request(
+      '/api/sql',
+      {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({ namespace: 'shared', sql: 'SELECT 1' }),
+      },
+      {} as Env,
+    );
     expect(response.status).toBe(404);
     await expect(response.json()).resolves.toMatchObject({
@@ -42,31 +48,100 @@ describe('sql route', () => {
     });
   });
-  it('retries dynamic DO SQL after create handshake and forwards the DO name', async () => {
-    setConfig(defineConfig({
-      databases: {
-        workspace: {
-          instance: true,
-          tables: {
-            members: { schema: { userId: { type: 'string' } } },
+  it('rejects ids for single-instance namespaces before touching any backend', async () => {
+    setConfig(
+      defineConfig({
+        databases: {
+          shared: {
+            tables: {
+              posts: { schema: { title: { type: 'string' } } },
+            },
           },
         },
+        serviceKeys: {
+          keys: [
+            {
+              kid: 'root',
+              tier: 'root',
+              scopes: ['*'],
+              secretSource: 'inline',
+              inlineSecret: 'sk-root',
+            },
+          ],
+        },
+      }),
+    );
+    const env = {
+      DATABASE: {
+        idFromName: vi.fn(),
+        get: vi.fn(),
       },
-      serviceKeys: {
-        keys: [
-          {
-            kid: 'root',
-            tier: 'root',
-            scopes: ['*'],
-            secretSource: 'inline',
-            inlineSecret: 'sk-root',
-          },
-        ],
+      DB_D1_SHARED: {
+        prepare: vi.fn(),
       },
-    }));
+    } as unknown as Env;
+    const app = createApp();
+    const response = await app.request(
+      '/api/sql',
+      {
+        method: 'POST',
+        headers: {
+          'Content-Type': 'application/json',
+          'X-EdgeBase-Service-Key': 'sk-root',
+        },
+        body: JSON.stringify({
+          namespace: 'shared',
+          id: 'shadow',
+          sql: 'SELECT 1',
+        }),
+      },
+      env,
+    );
+    expect(response.status).toBe(400);
+    await expect(response.json()).resolves.toMatchObject({
+      code: 400,
+      message: "id is not allowed for single-instance namespace 'shared'",
+    });
+    expect(
+      (env as unknown as { DATABASE: { get: ReturnType<typeof vi.fn> } }).DATABASE.get,
+    ).not.toHaveBeenCalled();
+    expect(
+      (env as unknown as { DB_D1_SHARED: { prepare: ReturnType<typeof vi.fn> } }).DB_D1_SHARED
+        .prepare,
+    ).not.toHaveBeenCalled();
+  });
+  it('retries dynamic DO SQL after create handshake and forwards the DO name', async () => {
+    setConfig(
+      defineConfig({
+        databases: {
+          workspace: {
+            instance: true,
+            tables: {
+              members: { schema: { userId: { type: 'string' } } },
+            },
+          },
+        },
+        serviceKeys: {
+          keys: [
+            {
+              kid: 'root',
+              tier: 'root',
+              scopes: ['*'],
+              secretSource: 'inline',
+              inlineSecret: 'sk-root',
+            },
+          ],
+        },
+      }),
+    );
     const stub = {
-      fetch: vi.fn()
+      fetch: vi
+        .fn()
         .mockResolvedValueOnce(
           new Response(JSON.stringify({ needsCreate: true, namespace: 'workspace', id: 'ws-1' }), {
             status: 201,
@@ -88,19 +163,23 @@ describe('sql route', () => {
     } as unknown as Env;
     const app = createApp();
-    const response = await app.request('/api/sql', {
-      method: 'POST',
-      headers: {
-        'Content-Type': 'application/json',
-        'X-EdgeBase-Service-Key': 'sk-root',
+    const response = await app.request(
+      '/api/sql',
+      {
+        method: 'POST',
+        headers: {
+          'Content-Type': 'application/json',
+          'X-EdgeBase-Service-Key': 'sk-root',
+        },
+        body: JSON.stringify({
+          namespace: 'workspace',
+          id: 'ws-1',
+          sql: 'SELECT COUNT(*) AS total FROM members',
+          params: [],
+        }),
       },
-      body: JSON.stringify({
-        namespace: 'workspace',
-        id: 'ws-1',
-        sql: 'SELECT COUNT(*) AS total FROM members',
-        params: [],
-      }),
-    }, env);
+      env,
+    );
     expect(response.status).toBe(200);
     await expect(response.json()).resolves.toMatchObject({
@@ -122,26 +201,28 @@ describe('sql route', () => {
   });
   it('uses D1 run() for non-SELECT SQL so schema mutations actually execute', async () => {
-    setConfig(defineConfig({
-      databases: {
-        shared: {
-          tables: {
-            posts: { schema: { title: { type: 'string' } } },
+    setConfig(
+      defineConfig({
+        databases: {
+          shared: {
+            tables: {
+              posts: { schema: { title: { type: 'string' } } },
+            },
           },
         },
-      },
-      serviceKeys: {
-        keys: [
-          {
-            kid: 'root',
-            tier: 'root',
-            scopes: ['*'],
-            secretSource: 'inline',
-            inlineSecret: 'sk-root',
-          },
-        ],
-      },
-    }));
+        serviceKeys: {
+          keys: [
+            {
+              kid: 'root',
+              tier: 'root',
+              scopes: ['*'],
+              secretSource: 'inline',
+              inlineSecret: 'sk-root',
+            },
+          ],
+        },
+      }),
+    );
     const stmt: {
       bind: ReturnType<typeof vi.fn>;
@@ -159,33 +240,129 @@ describe('sql route', () => {
     } as unknown as Env;
     const app = createApp();
-    const response = await app.request('/api/sql', {
-      method: 'POST',
-      headers: {
-        'Content-Type': 'application/json',
-        'X-EdgeBase-Service-Key': 'sk-root',
+    const response = await app.request(
+      '/api/sql',
+      {
+        method: 'POST',
+        headers: {
+          'Content-Type': 'application/json',
+          'X-EdgeBase-Service-Key': 'sk-root',
+        },
+        body: JSON.stringify({
+          namespace: 'shared',
+          sql: 'ALTER TABLE "posts" RENAME TO "articles"',
+        }),
       },
-      body: JSON.stringify({
-        namespace: 'shared',
-        sql: 'ALTER TABLE "posts" RENAME TO "articles"',
-      }),
-    }, env);
+      env,
+    );
     expect(response.status).toBe(200);
     await expect(response.json()).resolves.toMatchObject({
       rows: [],
       rowCount: 0,
     });
-    expect((env as unknown as { DB_D1_SHARED: { prepare: ReturnType<typeof vi.fn> } }).DB_D1_SHARED.prepare).toHaveBeenCalledWith(
-      'ALTER TABLE "posts" RENAME TO "articles"',
-    );
+    expect(
+      (env as unknown as { DB_D1_SHARED: { prepare: ReturnType<typeof vi.fn> } }).DB_D1_SHARED
+        .prepare,
+    ).toHaveBeenCalledWith('ALTER TABLE "posts" RENAME TO "articles"');
     expect(stmt.run).toHaveBeenCalledTimes(1);
     expect(stmt.all).not.toHaveBeenCalled();
   });
+  it.each(['postgres', 'neon'] as const)(
+    'routes %s raw SQL through the provider-aware executor and normalizes ? placeholders',
+    async (provider) => {
+      const fetchMock = vi
+        .fn()
+        .mockResolvedValueOnce(new Response(null, { status: 200 }))
+        .mockResolvedValueOnce(
+          new Response(
+            JSON.stringify({
+              columns: ['literal', 'total'],
+              rows: [{ literal: '?', total: 3 }],
+              rowCount: 1,
+            }),
+            {
+              status: 200,
+              headers: { 'Content-Type': 'application/json' },
+            },
+          ),
+        );
+      vi.stubGlobal('fetch', fetchMock);
+      setConfig(
+        defineConfig({
+          databases: {
+            shared: {
+              provider,
+              tables: {
+                posts: { schema: { title: { type: 'string' } } },
+              },
+            },
+          },
+          serviceKeys: {
+            keys: [
+              {
+                kid: 'root',
+                tier: 'root',
+                scopes: ['*'],
+                secretSource: 'inline',
+                inlineSecret: 'sk-root',
+              },
+            ],
+          },
+        }),
+      );
+      const env = {
+        DATABASE: {
+          idFromName: vi.fn().mockReturnValue('do-id'),
+          get: vi.fn(),
+        },
+        EDGEBASE_DEV_SIDECAR_PORT: '8788',
+        JWT_ADMIN_SECRET: 'jwt-secret',
+        DB_POSTGRES_SHARED_URL: 'postgres://edgebase:test@localhost/shared',
+      } as unknown as Env;
+      const app = createApp();
+      const response = await app.request(
+        '/api/sql',
+        {
+          method: 'POST',
+          headers: {
+            'Content-Type': 'application/json',
+            'X-EdgeBase-Service-Key': 'sk-root',
+          },
+          body: JSON.stringify({
+            namespace: 'shared',
+            sql: "SELECT '?' AS literal, COUNT(*) AS total FROM posts WHERE title = ?",
+            params: ['owner'],
+          }),
+        },
+        env,
+      );
+      expect(response.status).toBe(200);
+      await expect(response.json()).resolves.toMatchObject({
+        rows: [{ literal: '?', total: 3 }],
+        rowCount: 1,
+      });
+      expect(fetchMock).toHaveBeenCalledTimes(2);
+      expect(JSON.parse(String(fetchMock.mock.calls[1]?.[1]?.body ?? '{}'))).toEqual({
+        namespace: 'shared',
+        sql: "SELECT '?' AS literal, COUNT(*) AS total FROM posts WHERE title = $1",
+        params: ['owner'],
+      });
+      expect(
+        (env as unknown as { DATABASE: { get: ReturnType<typeof vi.fn> } }).DATABASE.get,
+      ).not.toHaveBeenCalled();
+    },
+  );
   it('executeDoSql retries the create handshake before returning rows', async () => {
     const stub = {
-      fetch: vi.fn()
+      fetch: vi
+        .fn()
         .mockResolvedValueOnce(
           new Response(JSON.stringify({ needsCreate: true, namespace: 'workspace', id: 'ws-2' }), {
             status: 201,

package/src/__tests__/table-hook-runtime.test.ts ADDED Viewed

@@ -0,0 +1,137 @@
+import { beforeEach, describe, expect, it, vi } from 'vitest';
+import type { Env } from '../types.js';
+const {
+  ensureAuthSchemaMock,
+  resolveAuthDbMock,
+  sendToDatabaseLiveDOMock,
+  createPushProviderMock,
+  getDevicesForUserMock,
+  providerSendMock,
+} = vi.hoisted(() => ({
+  ensureAuthSchemaMock: vi.fn(),
+  resolveAuthDbMock: vi.fn(),
+  sendToDatabaseLiveDOMock: vi.fn(),
+  createPushProviderMock: vi.fn(),
+  getDevicesForUserMock: vi.fn(),
+  providerSendMock: vi.fn(),
+}));
+vi.mock('../lib/auth-d1.js', () => ({
+  ensureAuthSchema: ensureAuthSchemaMock,
+}));
+vi.mock('../lib/auth-db-adapter.js', () => ({
+  resolveAuthDb: resolveAuthDbMock,
+}));
+vi.mock('../lib/database-live-emitter.js', () => ({
+  sendToDatabaseLiveDO: sendToDatabaseLiveDOMock,
+}));
+vi.mock('../lib/push-provider.js', () => ({
+  createPushProvider: createPushProviderMock,
+}));
+vi.mock('../lib/push-token.js', () => ({
+  getDevicesForUser: getDevicesForUserMock,
+}));
+describe('buildTableHookRuntimeServices', () => {
+  beforeEach(() => {
+    vi.resetModules();
+    ensureAuthSchemaMock.mockReset().mockResolvedValue(undefined);
+    resolveAuthDbMock.mockReset().mockReturnValue({ kind: 'auth-db' });
+    sendToDatabaseLiveDOMock.mockReset().mockResolvedValue(undefined);
+    createPushProviderMock.mockReset().mockReturnValue({ send: providerSendMock });
+    getDevicesForUserMock.mockReset().mockResolvedValue([]);
+    providerSendMock.mockReset().mockResolvedValue({ success: true });
+  });
+  it('broadcasts hook events through DatabaseLiveDO', async () => {
+    const { buildTableHookRuntimeServices } = await import('../lib/table-hook-runtime.js');
+    const env = {
+      DATABASE_LIVE: {} as DurableObjectNamespace,
+    } as Env;
+    const services = buildTableHookRuntimeServices({} as never, env);
+    await services.databaseLive.broadcast('posts', 'created', { id: 'post-1' });
+    expect(sendToDatabaseLiveDOMock).toHaveBeenCalledWith(
+      env,
+      {
+        channel: 'posts',
+        event: 'created',
+        payload: { id: 'post-1' },
+      },
+      '/internal/broadcast',
+    );
+  });
+  it('sends push notifications using auth-backed device lookups when available', async () => {
+    const { buildTableHookRuntimeServices } = await import('../lib/table-hook-runtime.js');
+    const authDb = { kind: 'auth-db' };
+    resolveAuthDbMock.mockReturnValue(authDb);
+    getDevicesForUserMock.mockResolvedValue([
+      { token: 'token-1', platform: 'ios' },
+      { token: 'token-2', platform: 'android' },
+    ]);
+    const env = {
+      KV: {} as KVNamespace,
+      AUTH_DB: {} as D1Database,
+    } as Env;
+    const pushConfig = {
+      fcm: {
+        projectId: 'demo-project',
+        serviceAccount: '{"client_email":"demo@example.com"}',
+      },
+    };
+    const services = buildTableHookRuntimeServices({ push: pushConfig } as never, env);
+    await services.push.send('user-123', { title: 'Hello', body: 'World' });
+    expect(resolveAuthDbMock).toHaveBeenCalledWith(env);
+    expect(ensureAuthSchemaMock).toHaveBeenCalledWith(authDb);
+    expect(createPushProviderMock).toHaveBeenCalledWith(pushConfig, env);
+    expect(getDevicesForUserMock).toHaveBeenCalledWith({ kv: env.KV, authDb }, 'user-123');
+    expect(providerSendMock).toHaveBeenCalledTimes(2);
+    expect(providerSendMock).toHaveBeenNthCalledWith(1, {
+      token: 'token-1',
+      platform: 'ios',
+      payload: { title: 'Hello', body: 'World' },
+    });
+    expect(providerSendMock).toHaveBeenNthCalledWith(2, {
+      token: 'token-2',
+      platform: 'android',
+      payload: { title: 'Hello', body: 'World' },
+    });
+  });
+  it('falls back to KV-only token lookups when auth db resolution fails', async () => {
+    const { buildTableHookRuntimeServices } = await import('../lib/table-hook-runtime.js');
+    resolveAuthDbMock.mockImplementation(() => {
+      throw new Error('missing auth db');
+    });
+    getDevicesForUserMock.mockResolvedValue([{ token: 'token-1', platform: 'web' }]);
+    const env = {
+      KV: {} as KVNamespace,
+    } as Env;
+    const pushConfig = {
+      fcm: {
+        projectId: 'demo-project',
+        serviceAccount: '{"client_email":"demo@example.com"}',
+      },
+    };
+    const services = buildTableHookRuntimeServices({ push: pushConfig } as never, env);
+    await services.push.send('user-123', { body: 'Fallback works' });
+    expect(ensureAuthSchemaMock).not.toHaveBeenCalled();
+    expect(getDevicesForUserMock).toHaveBeenCalledWith(env.KV, 'user-123');
+    expect(providerSendMock).toHaveBeenCalledWith({
+      token: 'token-1',
+      platform: 'web',
+      payload: { body: 'Fallback works' },
+    });
+  });
+});