@gencow/core 0.1.18 → 0.1.21

package/src/__tests__/crud-owner-rls.test.ts

@@ -0,0 +1,380 @@
+/**
+ * packages/core/src/__tests__/crud-owner-rls.test.ts
+ *
+ * ownerRls + crud() 통합 테스트 — 2-Layer 방어 Layer 1 검증
+ *
+ * 검증 항목:
+ *   1. 격리: 타 사용자 데이터 접근 차단 (list, get, update, remove)
+ *   2. 자동주입: create 시 userId 강제 설정 (사용자 입력 무시)
+ *   3. read: "public": SELECT 필터 생략 + CUD 소유자 강제
+ *   4. 하위호환: ownerRls 미적용 테이블은 기존 동작 100% 유지
+ *
+ * Run: bun test packages/core/src/__tests__/crud-owner-rls.test.ts
+ */
+
+import { describe, it, expect } from "bun:test";
+import { pgTable, serial, text, timestamp, pgPolicy } from "drizzle-orm/pg-core";
+import { sql } from "drizzle-orm";
+import { crud } from "../crud";
+import { ownerRls, getOwnerRlsMeta, registerOwnerRls } from "../rls";
+import { getQueryDef, getRegisteredMutations } from "../reactive";
+
+// ─── 테스트 테이블 정의 ────────────────────────────────────────────────────
+
+// ownerRls 적용 테이블
+const rlsTasks = pgTable("rls_tasks", {
+    id: serial("id").primaryKey(),
+    title: text("title").notNull(),
+    userId: text("user_id").notNull(),
+    createdAt: timestamp("created_at").defaultNow(),
+    updatedAt: timestamp("updated_at").defaultNow(),
+}, (t) => ownerRls(t.userId));
+
+// ownerRls(read: "public") 테이블
+const rlsPosts = pgTable("rls_posts", {
+    id: serial("id").primaryKey(),
+    content: text("content").notNull(),
+    userId: text("user_id").notNull(),
+    createdAt: timestamp("created_at").defaultNow(),
+}, (t) => ownerRls(t.userId, { read: "public" }));
+
+// ownerRls 미적용 테이블 (하위호환 검증)
+const plainItems = pgTable("plain_items", {
+    id: serial("id").primaryKey(),
+    name: text("name"),
+    userId: text("user_id"),
+    createdAt: timestamp("created_at").defaultNow(),
+});
+
+// ─── Mock 유틸 ─────────────────────────────────────────────────────────
+
+function createMockCtx(userId: string, mockData: any[] = []) {
+    const dataChain: any = {
+        from: () => dataChain,
+        where: () => dataChain,
+        orderBy: () => dataChain,
+        limit: (n?: number) => n === 1
+            ? Promise.resolve(mockData.slice(0, 1))  // get handler: .limit(1) → 단일 행 반환
+            : dataChain,                              // list handler: .limit(n).offset(m)
+        offset: () => Promise.resolve(mockData),
+    };
+    const countChain = {
+        from: () => countChain,
+        where: () => Promise.resolve([{ count: mockData.length }]),
+    };
+
+    let capturedValues: any = null;
+    let capturedWhereArg: any = null;
+    const emitted: { key: string; data: any }[] = [];
+
+    return {
+        ctx: {
+            auth: {
+                requireAuth: () => ({ id: userId, email: `${userId}@test.com` }),
+                getUserIdentity: () => ({ id: userId }),
+                getSession: () => null,
+            },
+            db: {
+                select: (selectArg?: any) => {
+                    if (selectArg && typeof selectArg === "object" && "count" in selectArg) {
+                        return countChain;
+                    }
+                    return dataChain;
+                },
+                insert: () => ({
+                    values: (v: any) => {
+                        capturedValues = v;
+                        return { returning: () => Promise.resolve([{ ...v, id: 1 }]) };
+                    },
+                }),
+                update: () => ({
+                    set: (data: any) => ({
+                        where: (w: any) => {
+                            capturedWhereArg = w;
+                            return { returning: () => Promise.resolve([{ ...data, id: 1 }]) };
+                        },
+                    }),
+                }),
+                delete: () => ({
+                    where: (w: any) => {
+                        capturedWhereArg = w;
+                        return Promise.resolve();
+                    },
+                }),
+            },
+            realtime: {
+                emit: (key: string, data: any) => emitted.push({ key, data }),
+            },
+        },
+        getCapturedValues: () => capturedValues,
+        getCapturedWhere: () => capturedWhereArg,
+        emitted,
+    };
+}
+
+function createUnauthCtx(mockData: any[] = []) {
+    const dataChain = {
+        from: () => dataChain,
+        where: () => dataChain,
+        orderBy: () => dataChain,
+        limit: () => dataChain,
+        offset: () => Promise.resolve(mockData),
+    };
+    const countChain = {
+        from: () => countChain,
+        where: () => Promise.resolve([{ count: mockData.length }]),
+    };
+
+    return {
+        auth: {
+            requireAuth: () => { throw new Error("Unauthorized"); },
+            getUserIdentity: () => null,
+            getSession: () => null,
+        },
+        db: {
+            select: (selectArg?: any) => {
+                if (selectArg && typeof selectArg === "object" && "count" in selectArg) {
+                    return countChain;
+                }
+                return dataChain;
+            },
+        },
+        realtime: {
+            emit: () => {},
+        },
+    };
+}
+
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// Phase 1 검증: ownerRls() 메타데이터
+// ═══════════════════════════════════════════════════════════════════════════════
+
+describe("ownerRls() — 메타데이터 레지스트리", () => {
+    it("ownerRls 적용 테이블에서 메타데이터를 감지한다", () => {
+        // ownerRls()가 호출된 rlsTasks 테이블에서 WeakMap으로 건 못 찾더라도
+        // crud()가 getTableConfig().policies로 fallback 감지
+        // 여기서는 registerOwnerRls를 직접 호출하여 테스트
+        registerOwnerRls(rlsTasks, { columnName: "user_id", readPublic: false });
+
+        const meta = getOwnerRlsMeta(rlsTasks);
+        expect(meta).toBeDefined();
+        expect(meta!.columnName).toBe("user_id");
+        expect(meta!.readPublic).toBe(false);
+    });
+
+    it("read: public 옵션이 메타데이터에 반영된다", () => {
+        registerOwnerRls(rlsPosts, { columnName: "user_id", readPublic: true });
+
+        const meta = getOwnerRlsMeta(rlsPosts);
+        expect(meta).toBeDefined();
+        expect(meta!.readPublic).toBe(true);
+    });
+
+    it("ownerRls 미적용 테이블은 undefined 반환", () => {
+        const meta = getOwnerRlsMeta(plainItems);
+        expect(meta).toBeUndefined();
+    });
+});
+
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// Phase 2 검증: crud() ownerRls 감지 + 필터 주입
+// ═══════════════════════════════════════════════════════════════════════════════
+
+describe("crud() + ownerRls — 데이터 격리", () => {
+    // 초기화: crud 등록
+    crud(rlsTasks);
+    crud(rlsPosts);
+    crud(plainItems);
+
+    // ── list 격리 ──
+
+    it("list: ownerRls 테이블에서 requireAuth가 호출된다", async () => {
+        const listDef = getQueryDef("rls_tasks.list");
+        expect(listDef).toBeDefined();
+
+        const { ctx } = createMockCtx("user-A", []);
+        // 에러 없이 실행되면 requireAuth 호출 성공
+        const result = await listDef!.handler(ctx, {});
+        expect(result).toHaveProperty("data");
+        expect(result).toHaveProperty("total");
+    });
+
+    it("list: ownerRls 테이블은 인증 없이 접근 불가", async () => {
+        const listDef = getQueryDef("rls_tasks.list");
+        const unauthCtx = createUnauthCtx();
+
+        await expect(listDef!.handler(unauthCtx, {})).rejects.toThrow("Unauthorized");
+    });
+
+    // ── get 격리 ──
+
+    it("get: ownerRls 테이블에서 requireAuth가 호출된다", async () => {
+        const getDef = getQueryDef("rls_tasks.get");
+        expect(getDef).toBeDefined();
+
+        const { ctx } = createMockCtx("user-A", [{ id: 1, title: "test", userId: "user-A" }]);
+        const result = await getDef!.handler(ctx, { id: 1 });
+        // null 또는 데이터 반환 (mock이므로 체이닝 결과)
+        // 핵심: 에러 없이 실행되면 성공
+    });
+
+    // ── create 자동 주입 ──
+
+    it("create: ownerRls 테이블에서 userId가 인증 사용자로 강제 설정된다", async () => {
+        const mutations = getRegisteredMutations();
+        const createDef = mutations.find((m: any) => m.name === "rls_tasks.create");
+        expect(createDef).toBeDefined();
+
+        const { ctx, getCapturedValues } = createMockCtx("user-A");
+        await createDef!.handler(ctx, { title: "New Task" });
+
+        // userId가 인증된 사용자 ID로 강제 설정됨 (JS 프로퍼티명 사용)
+        const values = getCapturedValues();
+        expect(values).toBeDefined();
+        expect(values.userId).toBe("user-A");
+    });
+
+    it("create: 사용자가 임의의 userId를 주입 시도해도 강제 덮어씀 (보안)", async () => {
+        const mutations = getRegisteredMutations();
+        const createDef = mutations.find((m: any) => m.name === "rls_tasks.create");
+
+        const { ctx, getCapturedValues } = createMockCtx("user-A");
+        // 해커가 user_id를 "hacker-id"로 조작 시도
+        await createDef!.handler(ctx, { title: "Spoofed", user_id: "hacker-id" });
+
+        const values = getCapturedValues();
+        // 인증된 사용자 ID로 강제 덮어씀 (JS 프로퍼티명)
+        expect(values.userId).toBe("user-A");
+    });
+
+    // ── update 격리 ──
+
+    it("update: ownerRls 테이블에서 userId 변경 시도가 차단된다", async () => {
+        const mutations = getRegisteredMutations();
+        const updateDef = mutations.find((m: any) => m.name === "rls_tasks.update");
+        expect(updateDef).toBeDefined();
+
+        // update에서는 set()에 전달되는 데이터에서 user_id 키가 삭제되어야 함
+        let capturedSetData: any = null;
+        const mockCtx = {
+            auth: {
+                requireAuth: () => ({ id: "user-A", email: "a@test.com" }),
+                getUserIdentity: () => ({ id: "user-A" }),
+            },
+            db: {
+                select: (selectArg?: any) => {
+                    if (selectArg && typeof selectArg === "object" && "count" in selectArg) {
+                        return { from: () => ({ where: () => Promise.resolve([{ count: 0 }]) }) };
+                    }
+                    return {
+                        from: () => ({ where: () => ({ orderBy: () => Promise.resolve([]) }) }),
+                    };
+                },
+                update: () => ({
+                    set: (data: any) => {
+                        capturedSetData = data;
+                        return {
+                            where: () => ({
+                                returning: () => Promise.resolve([{ id: 1, title: "Updated" }]),
+                            }),
+                        };
+                    },
+                }),
+            },
+            realtime: { emit: () => {} },
+        };
+
+        await updateDef!.handler(mockCtx, {
+            id: 1,
+            title: "Updated",
+            user_id: "hacker-id",  // userId 변경 시도
+        });
+
+        // user_id가 set 데이터에서 삭제되었는지 확인 (JS 프로퍼티명 + DB명 양쪽)
+        expect(capturedSetData).toBeDefined();
+        expect(capturedSetData).not.toHaveProperty("userId");
+        expect(capturedSetData).not.toHaveProperty("user_id");
+        expect(capturedSetData.title).toBe("Updated");
+    });
+
+    // ── remove 격리 ──
+
+    it("remove: ownerRls 테이블에서 requireAuth가 호출된다", async () => {
+        const mutations = getRegisteredMutations();
+        const removeDef = mutations.find((m: any) => m.name === "rls_tasks.remove");
+        expect(removeDef).toBeDefined();
+
+        const { ctx } = createMockCtx("user-A");
+        const result = await removeDef!.handler(ctx, { id: 1 });
+        expect(result).toEqual({ success: true });
+    });
+});
+
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// read: "public" 테스트
+// ═══════════════════════════════════════════════════════════════════════════════
+
+describe("crud() + ownerRls(read: 'public') — 공개 읽기", () => {
+    it("list: 인증 없이 접근 가능 (read: public이므로 auth skip)", async () => {
+        // rlsPosts는 ownerRls(userId, { read: "public" })
+        // readPublic: true → list에서 userId 필터 생략
+        const listDef = getQueryDef("rls_posts.list");
+        expect(listDef).toBeDefined();
+
+        // crud는 isPublic=false로 생성되었으므로 requireAuth는 호출됨
+        // 하지만 readPublic=true이므로 userId 필터는 추가되지 않음
+        const { ctx } = createMockCtx("user-A", [{ id: 1, content: "hello" }]);
+        const result = await listDef!.handler(ctx, {});
+        expect(result.data).toHaveLength(1);
+    });
+
+    it("create: 인증 필수 + userId 강제 주입", async () => {
+        const mutations = getRegisteredMutations();
+        const createDef = mutations.find((m: any) => m.name === "rls_posts.create");
+        expect(createDef).toBeDefined();
+
+        const { ctx, getCapturedValues } = createMockCtx("user-B");
+        await createDef!.handler(ctx, { content: "Public post" });
+
+        const values = getCapturedValues();
+        expect(values.userId).toBe("user-B");
+    });
+});
+
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// 하위호환 테스트 — ownerRls 미적용 테이블
+// ═══════════════════════════════════════════════════════════════════════════════
+
+describe("crud() — ownerRls 미적용 하위호환", () => {
+    it("ownerRls 없는 테이블에서 기존 userId 자동 주입 동작 유지", async () => {
+        const mutations = getRegisteredMutations();
+        const createDef = mutations.find((m: any) => m.name === "plain_items.create");
+        expect(createDef).toBeDefined();
+
+        const { ctx, getCapturedValues } = createMockCtx("user-C");
+        await createDef!.handler(ctx, { name: "Widget" });
+
+        const values = getCapturedValues();
+        // ownerRls 미적용 → 기존 자동 주입 로직: userId 컬럼이 있고 인증됐으면 주입
+        expect(values.userId).toBe("user-C");
+    });
+
+    it("ownerRls 없는 테이블의 list는 userId 필터 없이 전체 반환", async () => {
+        const listDef = getQueryDef("plain_items.list");
+        expect(listDef).toBeDefined();
+
+        const allData = [
+            { id: 1, name: "A", userId: "user-A" },
+            { id: 2, name: "B", userId: "user-B" },
+        ];
+        const { ctx } = createMockCtx("user-A", allData);
+        const result = await listDef!.handler(ctx, {});
+
+        // ownerRls 미적용 → 모든 데이터 반환 (기존 동작)
+        expect(result.data).toHaveLength(2);
+    });
+});

package/src/__tests__/fixtures/basic/auth.ts

@@ -0,0 +1,32 @@
+/**
+ * gencow/auth.ts
+ *
+ * Auth 설정 파일. 이 파일을 수정하여 인증 동작을 커스터마이즈할 수 있습니다.
+ * shadcn처럼 이 파일은 사용자가 소유합니다 — 자유롭게 수정하세요.
+ *
+ * @example Email Verification 활성화:
+ *   1. `bun add resend`
+ *   2. 아래 emailVerification 블록 주석 해제
+ *   3. `gencow env set RESEND_API_KEY re_xxxx`
+ *
+ * @see https://docs.gencow.com/auth
+ */
+import { defineAuth } from "../../../auth-config";
+
+export default defineAuth({
+    // ── Email Verification (선택) ──────────────────────
+    // 아래 주석을 해제하면 가입 시 이메일 인증이 활성화됩니다.
+    //
+    // emailVerification: {
+    //     sendVerificationEmail: async ({ user, url }) => {
+    //         const { Resend } = await import("resend");
+    //         const resend = new Resend(process.env.RESEND_API_KEY);
+    //         await resend.emails.send({
+    //             from: "noreply@yourapp.com",
+    //             to: user.email,
+    //             subject: "이메일 인증",
+    //             html: `<a href="${url}">인증하기</a>`,
+    //         });
+    //     },
+    // },
+});

package/src/__tests__/fixtures/basic/drizzle.config.ts

@@ -0,0 +1,15 @@
+import { defineConfig } from "drizzle-kit";
+import { dirname, resolve } from "node:path";
+import { fileURLToPath } from "node:url";
+
+/** Config dir — schema/out paths must not depend on process.cwd (pnpm exec uses package root). */
+const here = dirname(fileURLToPath(import.meta.url));
+
+export default defineConfig({
+  dialect: "postgresql",
+  schema: [
+    resolve(here, "schema.ts"),
+    resolve(here, "../common/auth-schema.ts"),
+  ],
+  out: resolve(here, "migrations"),
+});

package/src/__tests__/fixtures/basic/index.ts

@@ -0,0 +1,6 @@
+/**
+ * gencow/index.ts — Entry point
+ *
+ * Gencow 런타임이 이 파일을 로드하여 query/mutation을 자동 등록합니다.
+ */
+import "./tasks";

package/src/__tests__/fixtures/basic/migrations/0000_faithful_silver_sable.sql

@@ -0,0 +1,66 @@
+CREATE TABLE "tasks" (
+	"id" text PRIMARY KEY NOT NULL,
+	"title" text NOT NULL,
+	"description" text,
+	"done" boolean DEFAULT false NOT NULL,
+	"user_id" text NOT NULL,
+	"created_at" timestamp DEFAULT now() NOT NULL,
+	"updated_at" timestamp DEFAULT now() NOT NULL
+);
+--> statement-breakpoint
+ALTER TABLE "tasks" ENABLE ROW LEVEL SECURITY;--> statement-breakpoint
+CREATE TABLE "user" (
+	"id" text PRIMARY KEY NOT NULL,
+	"name" text NOT NULL,
+	"email" text NOT NULL,
+	"email_verified" boolean DEFAULT false NOT NULL,
+	"image" text,
+	"created_at" timestamp DEFAULT now() NOT NULL,
+	"updated_at" timestamp DEFAULT now() NOT NULL,
+	CONSTRAINT "user_email_unique" UNIQUE("email")
+);
+--> statement-breakpoint
+CREATE TABLE "account" (
+	"id" text PRIMARY KEY NOT NULL,
+	"account_id" text NOT NULL,
+	"provider_id" text NOT NULL,
+	"user_id" text NOT NULL,
+	"access_token" text,
+	"refresh_token" text,
+	"id_token" text,
+	"access_token_expires_at" timestamp,
+	"refresh_token_expires_at" timestamp,
+	"scope" text,
+	"password" text,
+	"created_at" timestamp DEFAULT now() NOT NULL,
+	"updated_at" timestamp DEFAULT now() NOT NULL
+);
+--> statement-breakpoint
+CREATE TABLE "session" (
+	"id" text PRIMARY KEY NOT NULL,
+	"expires_at" timestamp NOT NULL,
+	"token" text NOT NULL,
+	"created_at" timestamp DEFAULT now() NOT NULL,
+	"updated_at" timestamp DEFAULT now() NOT NULL,
+	"ip_address" text,
+	"user_agent" text,
+	"user_id" text NOT NULL,
+	CONSTRAINT "session_token_unique" UNIQUE("token")
+);
+--> statement-breakpoint
+CREATE TABLE "verification" (
+	"id" text PRIMARY KEY NOT NULL,
+	"identifier" text NOT NULL,
+	"value" text NOT NULL,
+	"expires_at" timestamp NOT NULL,
+	"created_at" timestamp DEFAULT now(),
+	"updated_at" timestamp DEFAULT now()
+);
+--> statement-breakpoint
+ALTER TABLE "tasks" ADD CONSTRAINT "tasks_user_id_user_id_fk" FOREIGN KEY ("user_id") REFERENCES "public"."user"("id") ON DELETE cascade ON UPDATE no action;--> statement-breakpoint
+ALTER TABLE "account" ADD CONSTRAINT "account_user_id_user_id_fk" FOREIGN KEY ("user_id") REFERENCES "public"."user"("id") ON DELETE cascade ON UPDATE no action;--> statement-breakpoint
+ALTER TABLE "session" ADD CONSTRAINT "session_user_id_user_id_fk" FOREIGN KEY ("user_id") REFERENCES "public"."user"("id") ON DELETE cascade ON UPDATE no action;--> statement-breakpoint
+CREATE POLICY "rls-select" ON "tasks" AS PERMISSIVE FOR SELECT TO public USING ("tasks"."user_id" = current_setting('app.current_user_id', true));--> statement-breakpoint
+CREATE POLICY "rls-insert" ON "tasks" AS PERMISSIVE FOR INSERT TO public WITH CHECK ("tasks"."user_id" = current_setting('app.current_user_id', true));--> statement-breakpoint
+CREATE POLICY "rls-update" ON "tasks" AS PERMISSIVE FOR UPDATE TO public USING ("tasks"."user_id" = current_setting('app.current_user_id', true)) WITH CHECK ("tasks"."user_id" = current_setting('app.current_user_id', true));--> statement-breakpoint
+CREATE POLICY "rls-delete" ON "tasks" AS PERMISSIVE FOR DELETE TO public USING ("tasks"."user_id" = current_setting('app.current_user_id', true));