@gencow/core 0.1.22 → 0.1.24

package/src/__tests__/fixtures/basic/migrations/meta/_journal.json

@@ -5,8 +5,8 @@
     {
       "idx": 0,
       "version": "7",
-      "when": 1776143474320,
-      "tag": "0000_faithful_silver_sable",
+      "when": 1776398037133,
+      "tag": "0000_last_warstar",
       "breakpoints": true
     }
   ]

package/src/__tests__/fixtures/basic/schema.ts

@@ -7,13 +7,13 @@
  *
  * 변경 후: gencow dev가 자동 반영
  */
-import { ownerRls } from "../../../rls";
+import { ownerRls } from "../../../rls.js";
 import { pgTable } from "drizzle-orm/pg-core";
 import { text, boolean, timestamp } from "drizzle-orm/pg-core";
-import { user } from "../common/auth-schema";
+import { user } from "../common/auth-schema.js";
 import { v4 as uuidv4 } from "uuid";
 
-export { user } from "../common/auth-schema";
+export { user } from "../common/auth-schema.js";
 
 export const tasks = pgTable(
   "tasks",
@@ -33,3 +33,19 @@ export const tasks = pgTable(
   },
   (t) => ownerRls(t.userId)
 );
+
+/**
+ * Public-ish content table **without** `ownerRls()` — no PostgreSQL RLS policies; used for
+ * `crud(..., { public: true })` + no-DB-RLS integration tests.
+ */
+export const news = pgTable("news", {
+  id: text("id")
+    .primaryKey()
+    .$defaultFn(() => uuidv4()),
+  title: text("title").notNull(),
+  userId: text("user_id")
+    .notNull()
+    .references(() => user.id, { onDelete: "cascade" }),
+  createdAt: timestamp("created_at").defaultNow().notNull(),
+  updatedAt: timestamp("updated_at").defaultNow().notNull(),
+});

package/src/__tests__/helpers/basic-rls-fixture.ts

@@ -0,0 +1,133 @@
+/**
+ * Shared PGlite + `fixtures/basic` schema seed + RLS app role for integration tests.
+ */
+import { dirname, join } from "path";
+import { fileURLToPath } from "url";
+import type { InferSelectModel } from "drizzle-orm";
+import { getTableName, sql } from "drizzle-orm";
+import type { PgTable } from "drizzle-orm/pg-core";
+import { PGlite } from "@electric-sql/pglite";
+import { drizzle } from "drizzle-orm/pglite";
+
+import type { UserIdentity } from "../../reactive.js";
+import { news, tasks, user } from "../fixtures/basic/schema.js";
+import { createPgliteRlsAppRole, DEFAULT_PGLITE_RLS_APP_ROLE, setPgliteSessionRole } from "./pglite-rls-session.js";
+import { loadAndApplyMigrations } from "./pglite-migrations.js";
+import { fillPartialRowsForInsert } from "./seed-like-fill.js";
+
+const __dirname = dirname(fileURLToPath(import.meta.url));
+
+export const basicFixtureUsers = [
+    { id: "us_000", name: "User 0", email: "user-0@s.com", emailVerified: true },
+    { id: "us_001", name: "User 1", email: "user-1@s.com", emailVerified: true },
+];
+
+/** Stable ids/titles; overlaps across users for search / RLS tests. */
+export const basicFixtureTasks = [
+    {
+        id: "tk-000",
+        userId: basicFixtureUsers[0].id,
+        done: false,
+        title: "Project Alpha — Q4 review prep",
+    },
+    {
+        id: "tk-001",
+        userId: basicFixtureUsers[1].id,
+        done: true,
+        title: "Project Alpha — teammate handoff",
+    },
+    {
+        id: "tk-002",
+        userId: basicFixtureUsers[0].id,
+        done: false,
+        title: "Project Alpha — backlog grooming",
+    },
+    {
+        id: "tk-003",
+        userId: basicFixtureUsers[0].id,
+        done: false,
+        title: "Quarterly planning — Q4",
+    },
+    {
+        id: "tk-004",
+        userId: basicFixtureUsers[1].id,
+        done: false,
+        title: "Project Beta — API docs",
+    },
+    {
+        id: "tk-005",
+        userId: basicFixtureUsers[1].id,
+        done: false,
+        title: "Project Gamma — research notes",
+    },
+    {
+        id: "tk-006",
+        userId: basicFixtureUsers[0].id,
+        done: false,
+        title: "Project Beta — spike",
+    },
+];
+
+/** No `ownerRls()` — two rows for user0 / user1 (no DB RLS on `news`). */
+export const basicFixtureNews = [
+    { id: "nw-000", userId: basicFixtureUsers[0].id, title: "owned by user0" },
+    { id: "nw-001", userId: basicFixtureUsers[1].id, title: "owned by user1" },
+];
+
+export const basicUser0Identity = {
+    id: basicFixtureUsers[0].id,
+    email: basicFixtureUsers[0].email,
+} satisfies UserIdentity;
+
+export const basicUser1Identity = {
+    id: basicFixtureUsers[1].id,
+    email: basicFixtureUsers[1].email,
+} satisfies UserIdentity;
+
+export type BasicTaskRow = InferSelectModel<typeof tasks>;
+export type BasicNewsRow = InferSelectModel<typeof news>;
+
+/**
+ * Bootstrap user migrations, seed users/tasks as table owner, then `SET ROLE` to non-owner app role
+ * so PostgreSQL RLS policies apply (same as `rls-crud-basic.test.ts`).
+ */
+export async function createBasicRlsEnvironment(): Promise<{
+    client: PGlite;
+    db: ReturnType<typeof drizzle>;
+    taskRows: BasicTaskRow[];
+}> {
+    const client = new PGlite();
+    await client.waitReady;
+    await loadAndApplyMigrations(client, join(__dirname, "../fixtures/basic/migrations"));
+    const db = drizzle(client);
+    await db.insert(user).values(fillPartialRowsForInsert(user, basicFixtureUsers));
+    const taskRows = fillPartialRowsForInsert(tasks, basicFixtureTasks) as BasicTaskRow[];
+    await db.insert(tasks).values(taskRows);
+    const newsRows = fillPartialRowsForInsert(news, basicFixtureNews) as BasicNewsRow[];
+    await db.insert(news).values(newsRows);
+    await createPgliteRlsAppRole(client, {
+        roleName: DEFAULT_PGLITE_RLS_APP_ROLE,
+    });
+    await setPgliteSessionRole(client, DEFAULT_PGLITE_RLS_APP_ROLE);
+    return { client, db, taskRows };
+}
+
+/** Asserts `pg_class.relrowsecurity` is false (table was never `ENABLE ROW LEVEL SECURITY`). */
+export async function assertTableRowLevelSecurityDisabled(
+    db: ReturnType<typeof drizzle>,
+    table: PgTable,
+): Promise<void> {
+    const relname = getTableName(table);
+    const q = await db.execute(sql`
+        select c.relrowsecurity as rls_enabled
+        from pg_class c
+        join pg_namespace n on n.oid = c.relnamespace
+        where n.nspname = 'public' and c.relname = ${relname}
+    `);
+    const row = (q as unknown as { rows: { rls_enabled: boolean }[] }).rows[0];
+    if (row?.rls_enabled !== false) {
+        throw new Error(
+            `expected relrowsecurity = false for public.${relname}, got ${JSON.stringify(row)}`,
+        );
+    }
+}

package/src/__tests__/helpers/test-gencow-ctx-rls.ts

@@ -7,7 +7,7 @@ export function makeTestGencowCtxWithRls(
   db: ReturnType<typeof drizzle>,
   identity: UserIdentity
 ): GencowCtx {
-  const scoped = createRlsDb(db, identity.id);
+  const scoped = createRlsDb(db, { userId: identity.id });
   return {
     db: scoped,
     unsafeDb: db,

package/src/__tests__/reactive.test.ts

@@ -294,3 +294,164 @@ describe("mutation(name, def) — query와 동일 패턴", () => {
         console.warn = originalWarn;
     });
 });
+
+// ─── _flushRefresh — buildCtxForRefresh 통합 테스트 ──────────────────────────
+
+describe("_flushRefresh() — query re-run via buildCtxForRefresh", () => {
+
+    it("buildCtxForRefresh 전달 시 query handler가 정상 ctx로 re-run된다", async () => {
+        // 테스트용 query 등록
+        const testQueryKey = "flush.test.rerun";
+        const handler = mock(async (ctx: any) => {
+            // ctx.db가 존재하는지 확인 (이전 버그: ctx = {} → crash)
+            if (!ctx.db) throw new Error("ctx.db is undefined!");
+            return [{ id: 1, count: ctx.db.mockValue }];
+        });
+
+        query(testQueryKey, { public: true, handler });
+
+        // buildCtxForRefresh 콜백 제공
+        const mockDb = { mockValue: 42 };
+        const rt = buildRealtimeCtx({
+            buildCtxForRefresh: () => ({
+                db: mockDb,
+                auth: { getUserIdentity: () => null, requireAuth: () => { throw new Error(); } },
+                realtime: { emit: () => {}, refresh: () => {} },
+            } as any),
+        });
+
+        rt.refresh(testQueryKey);
+        await rt._flushRefresh();
+
+        // handler가 호출됐는지 확인
+        expect(handler).toHaveBeenCalledTimes(1);
+        // ctx.db가 올바르게 전달됐는지 확인
+        const callCtx = handler.mock.calls[0][0];
+        expect(callCtx.db).toBe(mockDb);
+    });
+
+    it("buildCtxForRefresh 미전달 시 ({} as ctx) 사용 + 경고 로그 출력", async () => {
+        const testQueryKey = "flush.test.noCallback";
+        const handler = mock(async (_ctx: any) => [{ id: 1 }]);
+        query(testQueryKey, { public: true, handler });
+
+        const warnSpy = mock(() => {});
+        const originalWarn = console.warn;
+        console.warn = warnSpy;
+
+        // buildCtxForRefresh 없이 생성
+        const rt = buildRealtimeCtx();
+        rt.refresh(testQueryKey);
+        await rt._flushRefresh();
+
+        // 경고 출력 확인
+        const warnCalls = warnSpy.mock.calls.map(c => String(c[0]));
+        const hasWarning = warnCalls.some(msg =>
+            msg.includes("buildCtxForRefresh not provided")
+        );
+        expect(hasWarning).toBe(true);
+
+        console.warn = originalWarn;
+    });
+
+    it("refresh 결과가 WS 구독자에게 query:updated로 push된다", async () => {
+        const testQueryKey = "flush.test.push";
+        const freshData = [{ id: 99, name: "Refreshed" }];
+        query(testQueryKey, {
+            public: true,
+            handler: async () => freshData,
+        });
+
+        const ws = makeMockWs();
+        subscribe(testQueryKey, ws);
+
+        const rt = buildRealtimeCtx({
+            buildCtxForRefresh: () => ({
+                db: {},
+                auth: { getUserIdentity: () => null, requireAuth: () => { throw new Error(); } },
+                realtime: { emit: () => {}, refresh: () => {} },
+            } as any),
+        });
+
+        rt.refresh(testQueryKey);
+        await rt._flushRefresh();
+
+        // 50ms debounce 대기
+        await new Promise(r => setTimeout(r, 80));
+
+        expect(ws._sent.length).toBeGreaterThanOrEqual(1);
+        const msg = JSON.parse(ws._sent[ws._sent.length - 1]);
+        expect(msg.type).toBe("query:updated");
+        expect(msg.query).toBe(testQueryKey);
+        expect(msg.data).toEqual(freshData);
+
+        deregisterClient(ws);
+    });
+
+    it("httpCallback 모드에서 refresh 결과가 callback으로 전달된다", async () => {
+        const testQueryKey = "flush.test.http";
+        const freshData = [{ id: 77, title: "HTTP Push" }];
+        query(testQueryKey, {
+            public: true,
+            handler: async () => freshData,
+        });
+
+        const httpCallback = mock((_event: any) => {});
+
+        const rt = buildRealtimeCtx({
+            httpCallback,
+            buildCtxForRefresh: () => ({
+                db: {},
+                auth: { getUserIdentity: () => null, requireAuth: () => { throw new Error(); } },
+                realtime: { emit: () => {}, refresh: () => {} },
+            } as any),
+        });
+
+        rt.refresh(testQueryKey);
+        await rt._flushRefresh();
+
+        expect(httpCallback).toHaveBeenCalledTimes(1);
+        const event = httpCallback.mock.calls[0][0];
+        expect(event.type).toBe("emit");
+        expect(event.queryKey).toBe(testQueryKey);
+        expect(event.data).toEqual(freshData);
+    });
+
+    it("flush 후 _pendingRefresh가 비워진다", async () => {
+        const testQueryKey = "flush.test.clear";
+        query(testQueryKey, { public: true, handler: async () => [] });
+
+        const rt = buildRealtimeCtx({
+            buildCtxForRefresh: () => ({
+                db: {},
+                auth: { getUserIdentity: () => null, requireAuth: () => { throw new Error(); } },
+                realtime: { emit: () => {}, refresh: () => {} },
+            } as any),
+        });
+
+        rt.refresh(testQueryKey);
+        expect(rt._pendingRefresh).toHaveLength(1);
+
+        await rt._flushRefresh();
+        expect(rt._pendingRefresh).toHaveLength(0);
+    });
+
+    it("미등록 queryKey refresh는 무시되고 경고 출력", async () => {
+        const warnSpy = mock(() => {});
+        const originalWarn = console.warn;
+        console.warn = warnSpy;
+
+        const rt = buildRealtimeCtx({
+            buildCtxForRefresh: () => ({} as any),
+        });
+        rt.refresh("nonexistent.query.key.xyz");
+        await rt._flushRefresh();
+
+        const hasWarning = warnSpy.mock.calls.some(c =>
+            String(c[0]).includes("query not found in registry")
+        );
+        expect(hasWarning).toBe(true);
+
+        console.warn = originalWarn;
+    });
+});