@gencow/core 0.1.26 → 0.1.28

package/src/__tests__/rls-custom-query-handlers.test.ts

@@ -1,128 +0,0 @@
-/**
- * Custom **query** handlers (not `crud()` factory) that use `ctx.db` with Drizzle must respect RLS.
- *
- * Run: bun test packages/core/src/__tests__/rls-custom-query-handlers.test.ts
- */
-
-import { describe, it, expect, beforeAll, afterAll } from "bun:test";
-import { eq, sql } from "drizzle-orm";
-import { PGlite } from "@electric-sql/pglite";
-import { drizzle } from "drizzle-orm/pglite";
-
-import type { GencowCtx } from "../reactive.js";
-import { tasks } from "./fixtures/basic/schema.js";
-import type { BasicTaskRow } from "./helpers/basic-rls-fixture.js";
-import {
-  basicFixtureTasks,
-  basicFixtureUsers,
-  basicUser0Identity,
-  basicUser1Identity,
-  createBasicRlsEnvironment,
-} from "./helpers/basic-rls-fixture.js";
-import { makeTestGencowCtxWithRls } from "./helpers/test-gencow-ctx-rls.js";
-
-/** Simulates a user-defined query: list all tasks the ORM can see (RLS limits rows). */
-async function customQueryListAllTasks(ctx: GencowCtx) {
-  return ctx.db.select().from(tasks);
-}
-
-/** Simulates a dashboard query with filters — still subject to RLS. */
-async function customQueryTasksMatchingTitle(ctx: GencowCtx, substring: string) {
-  return ctx.db
-    .select()
-    .from(tasks)
-    .where(sql`${tasks.title} ilike ${"%" + substring + "%"}`);
-}
-
-/** Simulates fetching a single row by id (e.g. detail view). */
-async function customQueryTaskById(ctx: GencowCtx, id: string) {
-  const rows = await ctx.db.select().from(tasks).where(eq(tasks.id, id));
-  return rows[0] ?? null;
-}
-
-/** Raw SQL count — must run with RLS session vars on the same connection semantics as ORM builders. */
-async function customQueryTaskCountRaw(ctx: GencowCtx) {
-  const r = await ctx.db.execute(sql`select count(*)::int as c from ${tasks}`);
-  const rows = r.rows as { c: number }[];
-  return rows[0]?.c ?? 0;
-}
-
-describe("Custom query handlers + ctx.db + RLS", () => {
-  let client: PGlite;
-  let db: ReturnType<typeof drizzle>;
-
-  beforeAll(async () => {
-    const env = await createBasicRlsEnvironment();
-    client = env.client;
-    db = env.db;
-  });
-
-  afterAll(async () => {
-    try {
-      await client.close();
-    } catch {
-      /* ignore */
-    }
-  });
-
-  it("custom list: user0 only sees own rows (not user1 tasks)", async () => {
-    const ctx = makeTestGencowCtxWithRls(db, basicUser0Identity);
-    const rows = await customQueryListAllTasks(ctx);
-    expect(rows.every((r: BasicTaskRow) => r.userId === basicUser0Identity.id)).toBe(true);
-    const expectedOwn = basicFixtureTasks.filter((t) => t.userId === basicFixtureUsers[0].id).length;
-    expect(rows.length).toBe(expectedOwn);
-  });
-
-  it("custom list: user1 sees a different row set than user0", async () => {
-    const ctx0 = makeTestGencowCtxWithRls(db, basicUser0Identity);
-    const ctx1 = makeTestGencowCtxWithRls(db, basicUser1Identity);
-    const u0 = await customQueryListAllTasks(ctx0);
-    const u1 = await customQueryListAllTasks(ctx1);
-    const u0Ids = new Set(u0.map((r: BasicTaskRow) => r.id));
-    const u1Ids = new Set(u1.map((r: BasicTaskRow) => r.id));
-    expect(u0Ids.has("tk-001")).toBe(false);
-    expect(u1Ids.has("tk-001")).toBe(true);
-    expect(u1Ids.has("tk-000")).toBe(false);
-  });
-
-  it("custom filtered query: cannot see other user's rows even if title matches", async () => {
-    const ctx = makeTestGencowCtxWithRls(db, basicUser0Identity);
-    const rows = await customQueryTasksMatchingTitle(ctx, "Project Alpha");
-    expect(rows.every((r: BasicTaskRow) => r.userId === basicUser0Identity.id)).toBe(true);
-    expect(rows.some((r: BasicTaskRow) => r.id === "tk-001")).toBe(false);
-  });
-
-  it("custom get by id: returns null for another user's task id", async () => {
-    const ctx = makeTestGencowCtxWithRls(db, basicUser0Identity);
-    const row = await customQueryTaskById(ctx, "tk-001");
-    expect(row).toBeNull();
-  });
-
-  it("custom get by id: returns own task", async () => {
-    const ctx = makeTestGencowCtxWithRls(db, basicUser0Identity);
-    const row = await customQueryTaskById(ctx, "tk-003");
-    expect(row).not.toBeNull();
-    expect(row!.id).toBe("tk-003");
-  });
-
-  it("raw SQL count on ctx.db matches RLS-visible rows only", async () => {
-    const ctx0 = makeTestGencowCtxWithRls(db, basicUser0Identity);
-    const ctx1 = makeTestGencowCtxWithRls(db, basicUser1Identity);
-    const c0 = await customQueryTaskCountRaw(ctx0);
-    const c1 = await customQueryTaskCountRaw(ctx1);
-    const n0 = basicFixtureTasks.filter((t) => t.userId === basicFixtureUsers[0].id).length;
-    const n1 = basicFixtureTasks.filter((t) => t.userId === basicFixtureUsers[1].id).length;
-    expect(c0).toBe(n0);
-    expect(c1).toBe(n1);
-    expect(c0 + c1).toBe(basicFixtureTasks.length);
-  });
-
-  it("unsafeDb without createRlsDb: no session GUC — owner RLS yields no visible rows", async () => {
-    const ctx = makeTestGencowCtxWithRls(db, basicUser0Identity);
-    const rlsRows = await customQueryListAllTasks(ctx);
-    expect(rlsRows.length).toBeGreaterThan(0);
-
-    const raw = await ctx.unsafeDb.select().from(tasks);
-    expect(raw.length).toBe(0);
-  });
-});

package/src/__tests__/rls-db-leased-connection.test.ts

@@ -1,118 +0,0 @@
-import { describe, it, expect } from "bun:test";
-import { withRlsLeasedConnection } from "../rls-db.js";
-
-/**
- * Mirrors production **node-pg Pool** path (`rls-db.ts` path 4): `connect()` → BEGIN →
- * `set_config` for each RLS field → user work → COMMIT / ROLLBACK → `release()`.
- * Real pools hit PostgreSQL; these tests assert ordering and side effects on a mock client.
- */
-
-describe("withRlsLeasedConnection (pg Pool leased client path)", () => {
-  it("commits on success and releases exactly once", async () => {
-    const phases: string[] = [];
-    let released = 0;
-    const leased = {
-      async query(sql: string) {
-        phases.push(sql);
-        return {};
-      },
-      release() {
-        released++;
-      },
-    };
-    const result = await withRlsLeasedConnection(leased, { userId: "u1" }, async () => "done");
-    expect(result).toBe("done");
-    expect(phases[0]).toBe("begin");
-    expect(phases[phases.length - 1]).toBe("commit");
-    expect(phases).not.toContain("rollback");
-    expect(released).toBe(1);
-  });
-
-  it("rolls back when work fails and never commits", async () => {
-    const phases: string[] = [];
-    let released = 0;
-    const leased = {
-      async query(sql: string) {
-        phases.push(sql);
-        return {};
-      },
-      release() {
-        released++;
-      },
-    };
-    let thrown: unknown;
-    try {
-      await withRlsLeasedConnection(leased, { userId: "u1" }, async () => {
-        throw new Error("work failed");
-      });
-    } catch (e) {
-      thrown = e;
-    }
-    expect(thrown).toBeInstanceOf(Error);
-    expect((thrown as Error).message).toBe("work failed");
-
-    expect(phases[0]).toBe("begin");
-    expect(phases[phases.length - 1]).toBe("rollback");
-    expect(phases.includes("commit")).toBe(false);
-    expect(released).toBe(1);
-  });
-
-  it("issues set_config for userId, role, tenantId, and custom vars before commit", async () => {
-    const phases: string[] = [];
-    let released = 0;
-    const leased = {
-      async query(q: string) {
-        phases.push(q);
-        return {};
-      },
-      release() {
-        released++;
-      },
-    };
-    await withRlsLeasedConnection(
-      leased,
-      {
-        userId: "u1",
-        role: "admin",
-        tenantId: "t1",
-        vars: { "app.org_slug": "acme" },
-      },
-      async () => "ok",
-    );
-    expect(phases[0]).toBe("begin");
-    const setCalls = phases.filter((p) => p.includes("set_config"));
-    expect(setCalls.length).toBe(4);
-    expect(phases[phases.length - 1]).toBe("commit");
-    expect(released).toBe(1);
-  });
-
-  it("still rolls back and releases when commit fails after successful work", async () => {
-    const phases: string[] = [];
-    let released = 0;
-    let commitCalls = 0;
-    const leased = {
-      async query(q: string) {
-        phases.push(q);
-        if (q === "commit") {
-          commitCalls++;
-          throw new Error("commit failed");
-        }
-        return {};
-      },
-      release() {
-        released++;
-      },
-    };
-    let thrown: unknown;
-    try {
-      await withRlsLeasedConnection(leased, { userId: "u1" }, async () => "done");
-    } catch (e) {
-      thrown = e;
-    }
-    expect(thrown).toBeInstanceOf(Error);
-    expect((thrown as Error).message).toBe("commit failed");
-    expect(commitCalls).toBe(1);
-    expect(phases[phases.length - 1]).toBe("rollback");
-    expect(released).toBe(1);
-  });
-});

package/src/__tests__/rls-session-and-policies.test.ts

@@ -1,228 +0,0 @@
-/**
- * RLS session GUCs + PostgreSQL policies — PGlite integration tests.
- *
- * **Parity with production (`packages/server/src/index.ts`):**
- * - Server builds `ctx.db` with `createRlsDb(db, { userId: authCtx?.getUserIdentity()?.id || "" })`.
- * - Tests use the same helper shape via {@link makeTestGencowCtxWithRls} (only `userId` from identity),
- *   or `createRlsDb` directly with `role` / `tenantId` / `vars` when exercising those code paths.
- *
- * **Parity with PostgreSQL RLS enforcement:**
- * - After {@link createPgliteRlsAppRole} + {@link setPgliteSessionRole}, the session runs as a
- *   non-table-owner role, so `ENABLE ROW LEVEL SECURITY` policies apply (same as production DB users).
- * - Policies in `fixtures/basic/migrations` use `current_setting('app.current_user_id', true)` with
- *   `missing_ok`, matching `ownerRls()` in `rls.ts` and avoiding errors before `set_config`.
- *
- * **Execution paths exercised:**
- * - **Autocommit / PGlite `transaction()`**: `makeTestGencowCtxWithRls(db)` — each statement opens a
- *   short transaction with session GUCs (see `rls-db.ts` path 3).
- * - **Reuse outer Drizzle transaction**: `runWithRollbackTestGencowCtxWithRls` — matches handlers that
- *   run inside an outer `db.transaction()`; `createRlsDb` detects the tx object and applies GUCs on
- *   the same connection without a nested top-level `BEGIN` (path 1).
- *
- * Run: bun test packages/core/src/__tests__/rls-session-and-policies.test.ts
- */
-
-import { describe, it, expect, beforeAll, afterAll } from "bun:test";
-import { eq, sql } from "drizzle-orm";
-
-import { createRlsDb } from "../rls-db.js";
-import { tasks } from "./fixtures/basic/schema.js";
-import {
-  basicFixtureTasks,
-  basicUser0Identity,
-  basicUser1Identity,
-  createBasicRlsEnvironment,
-} from "./helpers/basic-rls-fixture.js";
-import { fillPartialRowsForInsert } from "./helpers/seed-like-fill.js";
-import {
-  makeTestGencowCtxWithRls,
-  runWithRollbackTestGencowCtxWithRls,
-} from "./helpers/test-gencow-ctx-rls.js";
-
-type PgliteDb = ReturnType<typeof import("drizzle-orm/pglite").drizzle>;
-
-describe("RLS session + policies (PGlite, non-owner session)", () => {
-  let client: import("@electric-sql/pglite").PGlite;
-  let db: PgliteDb;
-
-  beforeAll(async () => {
-    const env = await createBasicRlsEnvironment();
-    client = env.client;
-    db = env.db;
-  });
-
-  afterAll(async () => {
-    try {
-      await client.close();
-    } catch {
-      /* ignore */
-    }
-  });
-
-  function expectedCountForUser(userId: string): number {
-    return basicFixtureTasks.filter((t) => t.userId === userId).length;
-  }
-
-  it("empty userId matches unauthenticated server contract — no rows visible", async () => {
-    const scoped = createRlsDb(db as Parameters<typeof createRlsDb>[0], {
-      userId: "",
-    });
-    const rows = await scoped.select().from(tasks);
-    expect(rows.length).toBe(0);
-  });
-
-  it("authenticated userId sees only own rows (policy USING)", async () => {
-    const scoped = createRlsDb(db as Parameters<typeof createRlsDb>[0], {
-      userId: basicUser0Identity.id,
-    });
-    const rows = await scoped.select().from(tasks);
-    expect(rows.length).toBe(expectedCountForUser(basicUser0Identity.id));
-    expect(rows.every((r) => r.userId === basicUser0Identity.id)).toBe(true);
-  });
-
-  it("createRlsDb sets optional role and tenantId GUCs (readable via execute)", async () => {
-    const scoped = createRlsDb(db as Parameters<typeof createRlsDb>[0], {
-      userId: basicUser0Identity.id,
-      role: "editor",
-      tenantId: "tenant_test",
-    });
-    const r = await scoped.execute(
-      sql`select current_setting('app.current_user_role', true) as role,
-                       current_setting('app.tenant_id', true) as tid`,
-    );
-    const row = (r as { rows: { role: string; tid: string }[] }).rows[0];
-    expect(row?.role).toBe("editor");
-    expect(row?.tid).toBe("tenant_test");
-  });
-
-  it("custom vars (validated app.* names) are applied for set_config", async () => {
-    const scoped = createRlsDb(db as Parameters<typeof createRlsDb>[0], {
-      userId: basicUser0Identity.id,
-      vars: { "app.org_slug": "acme" },
-    });
-    const r = await scoped.execute(sql`select current_setting('app.org_slug', true) as slug`);
-    const row = (r as { rows: { slug: string }[] }).rows[0];
-    expect(row?.slug).toBe("acme");
-  });
-
-  it("invalid GUC name in vars throws before executing SQL", async () => {
-    const bad = createRlsDb(db as Parameters<typeof createRlsDb>[0], {
-      userId: basicUser0Identity.id,
-      vars: { "App.invalid": "x" },
-    });
-    await expect(Promise.resolve(bad.select().from(tasks))).rejects.toThrow(/invalid/);
-  });
-
-  it("reserved keys must not appear in vars", async () => {
-    const bad = createRlsDb(db as Parameters<typeof createRlsDb>[0], {
-      userId: basicUser0Identity.id,
-      vars: { "app.current_user_id": "hijack" },
-    });
-    await expect(Promise.resolve(bad.select().from(tasks))).rejects.toThrow(/vars must not set/);
-  });
-
-  it("autocommit path and outer-transaction path return the same RLS-visible counts", async () => {
-    const expected = expectedCountForUser(basicUser0Identity.id);
-
-    const ctxPlain = makeTestGencowCtxWithRls(db, basicUser0Identity);
-    const plainCount = (await ctxPlain.db.select().from(tasks)).length;
-    expect(plainCount).toBe(expected);
-
-    await runWithRollbackTestGencowCtxWithRls(db, basicUser0Identity, async (ctx) => {
-      const txCount = (await ctx.db.select().from(tasks)).length;
-      expect(txCount).toBe(expected);
-    });
-  });
-
-  it("createRlsDb(db).transaction() injects session vars — inner selects respect RLS", async () => {
-    const scoped = createRlsDb(db as Parameters<typeof createRlsDb>[0], {
-      userId: basicUser0Identity.id,
-    });
-    await scoped.transaction(async (tx) => {
-      const rows = await tx.select().from(tasks);
-      expect(rows.length).toBe(expectedCountForUser(basicUser0Identity.id));
-    });
-  });
-
-  it("parallel selects on the same ctx.db both see RLS-consistent results", async () => {
-    const ctx = makeTestGencowCtxWithRls(db, basicUser0Identity);
-    const expected = expectedCountForUser(basicUser0Identity.id);
-    const [a, b] = await Promise.all([ctx.db.select().from(tasks), ctx.db.select().from(tasks)]);
-    expect(a.length).toBe(expected);
-    expect(b.length).toBe(expected);
-  });
-
-  it("unsafeDb INSERT without session GUC fails RLS withCheck (non-owner)", async () => {
-    const [row] = fillPartialRowsForInsert(tasks, [
-      {
-        id: "tk-rls-unsafe-insert",
-        title: "should not persist",
-        userId: basicUser0Identity.id,
-        done: false,
-      },
-    ]);
-    await expect(Promise.resolve(db.insert(tasks).values(row))).rejects.toThrow();
-  });
-
-  it("unsafeDb UPDATE touches 0 rows when session GUC is unset", async () => {
-    const updated = await db
-      .update(tasks)
-      .set({ title: "nope", updatedAt: new Date() })
-      .where(eq(tasks.id, "tk-000"))
-      .returning();
-    expect(updated.length).toBe(0);
-  });
-
-  it("scoped INSERT cannot forge another user row (withCheck)", async () => {
-    const scoped = createRlsDb(db as Parameters<typeof createRlsDb>[0], {
-      userId: basicUser0Identity.id,
-    });
-    const [row] = fillPartialRowsForInsert(tasks, [
-      {
-        id: "tk-forge-other",
-        title: "forged",
-        userId: basicUser1Identity.id,
-        done: false,
-      },
-    ]);
-    await expect(Promise.resolve(scoped.insert(tasks).values(row))).rejects.toThrow();
-  });
-
-  it("wrong scoped userId cannot read other user's row by primary key", async () => {
-    const scoped = createRlsDb(db as Parameters<typeof createRlsDb>[0], {
-      userId: basicUser0Identity.id,
-    });
-    const rows = await scoped.select().from(tasks).where(eq(tasks.id, "tk-001"));
-    expect(rows.length).toBe(0);
-  });
-
-  it("scoped UPDATE affects 0 rows for another user's task (policy USING)", async () => {
-    const scoped = createRlsDb(db as Parameters<typeof createRlsDb>[0], {
-      userId: basicUser0Identity.id,
-    });
-    const updated = await scoped
-      .update(tasks)
-      .set({ title: "blocked", updatedAt: new Date() })
-      .where(eq(tasks.id, "tk-001"))
-      .returning();
-    expect(updated.length).toBe(0);
-  });
-
-  it("scoped DELETE removes 0 rows for another user's task (policy USING)", async () => {
-    const scoped = createRlsDb(db as Parameters<typeof createRlsDb>[0], {
-      userId: basicUser0Identity.id,
-    });
-    const removed = await scoped.delete(tasks).where(eq(tasks.id, "tk-001")).returning();
-    expect(removed.length).toBe(0);
-  });
-
-  it("nested raw SQL count matches builder select count for same session", async () => {
-    const scoped = createRlsDb(db as Parameters<typeof createRlsDb>[0], {
-      userId: basicUser0Identity.id,
-    });
-    const fromBuilder = await scoped.select().from(tasks);
-    const raw = await scoped.execute(sql`select count(*)::int as c from ${tasks}`);
-    const c = (raw as { rows: { c: number }[] }).rows[0]?.c ?? -1;
-    expect(c).toBe(fromBuilder.length);
-  });
-});