@nest-boot/row-level-security 7.0.0

package/dist/row-level-security-entity-manager.spec.js

@@ -0,0 +1,200 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const postgresql_1 = require("@mikro-orm/postgresql");
+const request_context_1 = require("@nest-boot/request-context");
+const row_level_security_context_1 = require("./row-level-security-context");
+const row_level_security_entity_manager_1 = require("./row-level-security-entity-manager");
+const set_row_level_security_options_1 = require("./utils/set-row-level-security-options");
+describe("RowLevelSecurityEntityManager", () => {
+    afterEach(() => {
+        jest.restoreAllMocks();
+        (0, set_row_level_security_options_1.setRowLevelSecurityOptions)();
+    });
+    it("sets authenticated row level security transaction context", async () => {
+        const rawSql = [];
+        mockSuperTransactional(rawSql);
+        const result = await request_context_1.RequestContext.run(new request_context_1.RequestContext({ type: "http" }), async () => {
+            (0, set_row_level_security_options_1.setRowLevelSecurityOptions)({
+                authenticatedRole: "app_authenticated",
+                isAuthenticated: () => true,
+                getContext: () => [["tenant_id", "42"]],
+            });
+            return await callTransactional();
+        });
+        expect(result).toBe("transaction-result");
+        expect(rawSql).toEqual([
+            "SET LOCAL ROLE app_authenticated;\nSELECT set_config('app.tenant_id', '42', true);",
+        ]);
+    });
+    it("omits context SQL when no row level security context values are present", async () => {
+        const rawSql = [];
+        mockSuperTransactional(rawSql);
+        await request_context_1.RequestContext.run(new request_context_1.RequestContext({ type: "http" }), async () => {
+            await callTransactional();
+        });
+        expect(rawSql).toEqual(["SET LOCAL ROLE anonymous;"]);
+    });
+    it("throws when a transaction context is unavailable", async () => {
+        jest
+            .spyOn(postgresql_1.EntityManager.prototype, "transactional")
+            .mockImplementation(async (cb) => {
+            return await cb({
+                getTransactionContext: () => undefined,
+            });
+        });
+        await expect(request_context_1.RequestContext.run(new request_context_1.RequestContext({ type: "http" }), callTransactional)).rejects.toThrow("Transaction context is not available");
+    });
+    it("uses the anonymous role when no user is present", async () => {
+        const rawSql = [];
+        mockSuperTransactional(rawSql);
+        await request_context_1.RequestContext.run(new request_context_1.RequestContext({ type: "http" }), async () => {
+            (0, set_row_level_security_options_1.setRowLevelSecurityOptions)({
+                anonymousRole: "app_anonymous",
+                getContext: () => [["tenant_id", "42"]],
+            });
+            await callTransactional();
+        });
+        expect(rawSql).toEqual([
+            "SET LOCAL ROLE app_anonymous;\nSELECT set_config('app.tenant_id', '42', true);",
+        ]);
+    });
+    it("uses the default authenticated role when the tenant authentication marker is present", async () => {
+        const rawSql = [];
+        mockSuperTransactional(rawSql);
+        await request_context_1.RequestContext.run(new request_context_1.RequestContext({ type: "http" }), async () => {
+            (0, set_row_level_security_options_1.setRowLevelSecurityOptions)({
+                isAuthenticated: () => true,
+                getContext: () => [["tenant_id", "42"]],
+            });
+            await callTransactional();
+        });
+        expect(rawSql).toEqual([
+            "SET LOCAL ROLE authenticated;\nSELECT set_config('app.tenant_id', '42', true);",
+        ]);
+    });
+    it("uses the request context role when one is set", async () => {
+        const rawSql = [];
+        mockSuperTransactional(rawSql);
+        await request_context_1.RequestContext.run(new request_context_1.RequestContext({ type: "http" }), async () => {
+            row_level_security_context_1.RowLevelSecurityContext.setRole("service_role");
+            row_level_security_context_1.RowLevelSecurityContext.set("tenant_id", "42");
+            await callTransactional();
+        });
+        expect(rawSql).toEqual([
+            "SET LOCAL ROLE service_role;\nSELECT set_config('app.tenant_id', '42', true);",
+        ]);
+    });
+    it("sets additional row level security context values from RequestContext", async () => {
+        const rawSql = [];
+        mockSuperTransactional(rawSql);
+        await request_context_1.RequestContext.run(new request_context_1.RequestContext({ type: "http" }), async () => {
+            (0, set_row_level_security_options_1.setRowLevelSecurityOptions)({
+                getContext: () => [["tenant_id", "42"]],
+            });
+            row_level_security_context_1.RowLevelSecurityContext.set("user_id", "7");
+            await callTransactional();
+        });
+        expect(rawSql).toEqual([
+            "SET LOCAL ROLE anonymous;\nSELECT set_config('app.tenant_id', '42', true),set_config('app.user_id', '7', true);",
+        ]);
+    });
+    it("uses the default anonymous role when the tenant authentication marker is absent", async () => {
+        const rawSql = [];
+        mockSuperTransactional(rawSql);
+        await request_context_1.RequestContext.run(new request_context_1.RequestContext({ type: "http" }), async () => {
+            (0, set_row_level_security_options_1.setRowLevelSecurityOptions)({
+                getContext: () => [["tenant_id", "42"]],
+            });
+            await callTransactional();
+        });
+        expect(rawSql).toEqual([
+            "SET LOCAL ROLE anonymous;\nSELECT set_config('app.tenant_id', '42', true);",
+        ]);
+    });
+    it("delegates without tenant SQL when shouldApply returns false", async () => {
+        const rawSql = [];
+        const transactionalSpy = mockSuperTransactional(rawSql);
+        (0, set_row_level_security_options_1.setRowLevelSecurityOptions)({
+            shouldApply: () => false,
+        });
+        const result = await callTransactional();
+        expect(result).toBe("transaction-result");
+        expect(rawSql).toEqual([]);
+        expect(transactionalSpy).toHaveBeenCalledTimes(1);
+    });
+    it("rejects unsafe database role names", async () => {
+        const rawSql = [];
+        mockSuperTransactional(rawSql);
+        (0, set_row_level_security_options_1.setRowLevelSecurityOptions)({
+            authenticatedRole: "app.authenticated",
+            isAuthenticated: () => true,
+        });
+        await expect(request_context_1.RequestContext.run(new request_context_1.RequestContext({ type: "http" }), callTransactional)).rejects.toThrow("Row level security database role must be snake_case");
+    });
+    it.each(getDelegatedMethodCases())("wraps %s in a row level security transaction when outside a transaction", async (methodName, args, result) => {
+        const delegatedMethod = jest.fn(() => Promise.resolve(result));
+        const transactional = jest.fn(async (cb) => {
+            return await cb({
+                [methodName]: delegatedMethod,
+            });
+        });
+        const entityManager = {
+            isInTransaction: () => false,
+            transactional,
+        };
+        const actual = await row_level_security_entity_manager_1.RowLevelSecurityEntityManager.prototype[methodName].call(entityManager, ...args);
+        expect(actual).toBe(result);
+        expect(transactional).toHaveBeenCalledTimes(1);
+        expect(delegatedMethod.mock.calls[0]?.slice(0, args.length)).toEqual(args);
+    });
+    it.each(getDelegatedMethodCases())("delegates %s directly when already inside a transaction", async (methodName, args, result) => {
+        const superMethod = jest
+            .spyOn(postgresql_1.EntityManager.prototype, methodName)
+            .mockResolvedValue(result);
+        const entityManager = {
+            isInTransaction: () => true,
+        };
+        const actual = await row_level_security_entity_manager_1.RowLevelSecurityEntityManager.prototype[methodName].call(entityManager, ...args);
+        expect(actual).toBe(result);
+        expect(superMethod.mock.calls[0]?.slice(0, args.length)).toEqual(args);
+    });
+});
+function mockSuperTransactional(rawSql) {
+    return jest
+        .spyOn(postgresql_1.EntityManager.prototype, "transactional")
+        .mockImplementation(async (cb) => {
+        const em = {
+            getTransactionContext: () => ({
+                raw: (sql) => {
+                    rawSql.push(sql);
+                    return Promise.resolve();
+                },
+            }),
+        };
+        return await cb(em);
+    });
+}
+async function callTransactional() {
+    return await row_level_security_entity_manager_1.RowLevelSecurityEntityManager.prototype.transactional.call({}, () => "transaction-result");
+}
+function getDelegatedMethodCases() {
+    class Entity {
+    }
+    return [
+        ["find", [Entity, { id: "1" }, { limit: 1 }], [{ id: "1" }]],
+        ["findAll", [Entity, { limit: 1 }], [{ id: "1" }]],
+        ["findOne", [Entity, { id: "1" }], { id: "1" }],
+        ["findOneOrFail", [Entity, { id: "1" }], { id: "1" }],
+        ["findAndCount", [Entity, { id: "1" }], [[{ id: "1" }], 1]],
+        ["findByCursor", [Entity, {}, { first: 10 }], { items: [] }],
+        ["count", [Entity, { active: true }], 1],
+        ["insert", [Entity, { name: "one" }], "1"],
+        ["insertMany", [Entity, [{ name: "one" }]], ["1"]],
+        ["nativeUpdate", [Entity, { id: "1" }, { name: "one" }], 1],
+        ["nativeDelete", [Entity, { id: "1" }], 1],
+        ["upsert", [Entity, { id: "1", name: "one" }], { id: "1" }],
+        ["upsertMany", [Entity, [{ id: "1", name: "one" }]], [{ id: "1" }]],
+        ["flush", [], undefined],
+    ];
+}
+//# sourceMappingURL=row-level-security-entity-manager.spec.js.map

package/dist/row-level-security-entity-manager.spec.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"row-level-security-entity-manager.spec.js","sourceRoot":"","sources":["../src/row-level-security-entity-manager.spec.ts"],"names":[],"mappings":";;AAAA,sDAAsD;AACtD,gEAA4D;AAE5D,6EAAuE;AACvE,2FAAoF;AACpF,2FAAoF;AAEpF,QAAQ,CAAC,+BAA+B,EAAE,GAAG,EAAE;IAC7C,SAAS,CAAC,GAAG,EAAE;QACb,IAAI,CAAC,eAAe,EAAE,CAAC;QACvB,IAAA,2DAA0B,GAAE,CAAC;IAC/B,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,2DAA2D,EAAE,KAAK,IAAI,EAAE;QACzE,MAAM,MAAM,GAAa,EAAE,CAAC;QAC5B,sBAAsB,CAAC,MAAM,CAAC,CAAC;QAE/B,MAAM,MAAM,GAAG,MAAM,gCAAc,CAAC,GAAG,CACrC,IAAI,gCAAc,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,EACpC,KAAK,IAAI,EAAE;YACT,IAAA,2DAA0B,EAAC;gBACzB,iBAAiB,EAAE,mBAAmB;gBACtC,eAAe,EAAE,GAAG,EAAE,CAAC,IAAI;gBAC3B,UAAU,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC;aACxC,CAAC,CAAC;YAEH,OAAO,MAAM,iBAAiB,EAAE,CAAC;QACnC,CAAC,CACF,CAAC;QAEF,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;QAC1C,MAAM,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC;YACrB,oFAAoF;SACrF,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,yEAAyE,EAAE,KAAK,IAAI,EAAE;QACvF,MAAM,MAAM,GAAa,EAAE,CAAC;QAC5B,sBAAsB,CAAC,MAAM,CAAC,CAAC;QAE/B,MAAM,gCAAc,CAAC,GAAG,CAAC,IAAI,gCAAc,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,EAAE,KAAK,IAAI,EAAE;YACxE,MAAM,iBAAiB,EAAE,CAAC;QAC5B,CAAC,CAAC,CAAC;QAEH,MAAM,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,CAAC,2BAA2B,CAAC,CAAC,CAAC;IACxD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,kDAAkD,EAAE,KAAK,IAAI,EAAE;QAChE,IAAI;aACD,KAAK,CAAC,0BAAa,CAAC,SAAS,EAAE,eAAe,CAAC;aAC/C,kBAAkB,CAAC,KAAK,EAAE,EAAO,EAAE,EAAE;YACpC,OAAO,MAAM,EAAE,CAAC;gBACd,qBAAqB,EAAE,GAAG,EAAE,CAAC,SAAS;aACvC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QAEL,MAAM,MAAM,CACV,gCAAc,CAAC,GAAG,CAChB,IAAI,gCAAc,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,EACpC,iBAAiB,CAClB,CACF,CAAC,OAAO,CAAC,OAAO,CAAC,sCAAsC,CAAC,CAAC;IAC5D,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,iDAAiD,EAAE,KAAK,IAAI,EAAE;QAC/D,MAAM,MAAM,GAAa,EAAE,CAAC;QAC5B,sBAAsB,CAAC,MAAM,CAAC,CAAC;QAE/B,MAAM,gCAAc,CAAC,GAAG,CAAC,IAAI,gCAAc,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,EAAE,KAAK,IAAI,EAAE;YACxE,IAAA,2DAA0B,EAAC;gBACzB,aAAa,EAAE,eAAe;gBAC9B,UAAU,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC;aACxC,CAAC,CAAC;YAEH,MAAM,iBAAiB,EAAE,CAAC;QAC5B,CAAC,CAAC,CAAC;QAEH,MAAM,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC;YACrB,gFAAgF;SACjF,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,sFAAsF,EAAE,KAAK,IAAI,EAAE;QACpG,MAAM,MAAM,GAAa,EAAE,CAAC;QAC5B,sBAAsB,CAAC,MAAM,CAAC,CAAC;QAE/B,MAAM,gCAAc,CAAC,GAAG,CAAC,IAAI,gCAAc,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,EAAE,KAAK,IAAI,EAAE;YACxE,IAAA,2DAA0B,EAAC;gBACzB,eAAe,EAAE,GAAG,EAAE,CAAC,IAAI;gBAC3B,UAAU,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC;aACxC,CAAC,CAAC;YAEH,MAAM,iBAAiB,EAAE,CAAC;QAC5B,CAAC,CAAC,CAAC;QAEH,MAAM,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC;YACrB,gFAAgF;SACjF,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,+CAA+C,EAAE,KAAK,IAAI,EAAE;QAC7D,MAAM,MAAM,GAAa,EAAE,CAAC;QAC5B,sBAAsB,CAAC,MAAM,CAAC,CAAC;QAE/B,MAAM,gCAAc,CAAC,GAAG,CAAC,IAAI,gCAAc,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,EAAE,KAAK,IAAI,EAAE;YACxE,oDAAuB,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC;YAChD,oDAAuB,CAAC,GAAG,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC;YAE/C,MAAM,iBAAiB,EAAE,CAAC;QAC5B,CAAC,CAAC,CAAC;QAEH,MAAM,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC;YACrB,+EAA+E;SAChF,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,uEAAuE,EAAE,KAAK,IAAI,EAAE;QACrF,MAAM,MAAM,GAAa,EAAE,CAAC;QAC5B,sBAAsB,CAAC,MAAM,CAAC,CAAC;QAE/B,MAAM,gCAAc,CAAC,GAAG,CAAC,IAAI,gCAAc,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,EAAE,KAAK,IAAI,EAAE;YACxE,IAAA,2DAA0B,EAAC;gBACzB,UAAU,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC;aACxC,CAAC,CAAC;YACH,oDAAuB,CAAC,GAAG,CAAC,SAAS,EAAE,GAAG,CAAC,CAAC;YAE5C,MAAM,iBAAiB,EAAE,CAAC;QAC5B,CAAC,CAAC,CAAC;QAEH,MAAM,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC;YACrB,iHAAiH;SAClH,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,iFAAiF,EAAE,KAAK,IAAI,EAAE;QAC/F,MAAM,MAAM,GAAa,EAAE,CAAC;QAC5B,sBAAsB,CAAC,MAAM,CAAC,CAAC;QAE/B,MAAM,gCAAc,CAAC,GAAG,CAAC,IAAI,gCAAc,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,EAAE,KAAK,IAAI,EAAE;YACxE,IAAA,2DAA0B,EAAC;gBACzB,UAAU,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC;aACxC,CAAC,CAAC;YAEH,MAAM,iBAAiB,EAAE,CAAC;QAC5B,CAAC,CAAC,CAAC;QAEH,MAAM,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC;YACrB,4EAA4E;SAC7E,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,6DAA6D,EAAE,KAAK,IAAI,EAAE;QAC3E,MAAM,MAAM,GAAa,EAAE,CAAC;QAC5B,MAAM,gBAAgB,GAAG,sBAAsB,CAAC,MAAM,CAAC,CAAC;QACxD,IAAA,2DAA0B,EAAC;YACzB,WAAW,EAAE,GAAG,EAAE,CAAC,KAAK;SACzB,CAAC,CAAC;QAEH,MAAM,MAAM,GAAG,MAAM,iBAAiB,EAAE,CAAC;QAEzC,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;QAC1C,MAAM,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;QAC3B,MAAM,CAAC,gBAAgB,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAC;IACpD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,oCAAoC,EAAE,KAAK,IAAI,EAAE;QAClD,MAAM,MAAM,GAAa,EAAE,CAAC;QAC5B,sBAAsB,CAAC,MAAM,CAAC,CAAC;QAC/B,IAAA,2DAA0B,EAAC;YACzB,iBAAiB,EAAE,mBAAmB;YACtC,eAAe,EAAE,GAAG,EAAE,CAAC,IAAI;SAC5B,CAAC,CAAC;QAEH,MAAM,MAAM,CACV,gCAAc,CAAC,GAAG,CAChB,IAAI,gCAAc,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,EACpC,iBAAiB,CAClB,CACF,CAAC,OAAO,CAAC,OAAO,CAAC,qDAAqD,CAAC,CAAC;IAC3E,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,IAAI,CAAC,uBAAuB,EAAE,CAAC,CAChC,yEAAyE,EACzE,KAAK,EAAE,UAAU,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE;QACjC,MAAM,eAAe,GAAG,IAAI,CAAC,EAAE,CAAC,GAAG,EAAE,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC;QAC/D,MAAM,aAAa,GAAG,IAAI,CAAC,EAAE,CAAC,KAAK,EAAE,EAAO,EAAE,EAAE;YAC9C,OAAO,MAAM,EAAE,CAAC;gBACd,CAAC,UAAU,CAAC,EAAE,eAAe;aAC9B,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QACH,MAAM,aAAa,GAAG;YACpB,eAAe,EAAE,GAAG,EAAE,CAAC,KAAK;YAC5B,aAAa;SACd,CAAC;QAEF,MAAM,MAAM,GAAG,MACb,iEAA6B,CAAC,SAAS,CAAC,UAAU,CACnD,CAAC,IAAI,CAAC,aAAa,EAAE,GAAG,IAAI,CAAC,CAAC;QAE/B,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAC5B,MAAM,CAAC,aAAa,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAC;QAC/C,MAAM,CAAC,eAAe,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,CAClE,IAAI,CACL,CAAC;IACJ,CAAC,CACF,CAAC;IAEF,EAAE,CAAC,IAAI,CAAC,uBAAuB,EAAE,CAAC,CAChC,yDAAyD,EACzD,KAAK,EAAE,UAAU,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE;QACjC,MAAM,WAAW,GAAG,IAAI;aACrB,KAAK,CACJ,0BAAa,CAAC,SAGb,EACD,UAAU,CACX;aACA,iBAAiB,CAAC,MAAM,CAAC,CAAC;QAC7B,MAAM,aAAa,GAAG;YACpB,eAAe,EAAE,GAAG,EAAE,CAAC,IAAI;SAC5B,CAAC;QAEF,MAAM,MAAM,GAAG,MACb,iEAA6B,CAAC,SAAS,CAAC,UAAU,CACnD,CAAC,IAAI,CAAC,aAAa,EAAE,GAAG,IAAI,CAAC,CAAC;QAE/B,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAC5B,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IACzE,CAAC,CACF,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,SAAS,sBAAsB,CAAC,MAAgB;IAC9C,OAAO,IAAI;SACR,KAAK,CAAC,0BAAa,CAAC,SAAS,EAAE,eAAe,CAAC;SAC/C,kBAAkB,CAAC,KAAK,EAAE,EAAO,EAAE,EAAE;QACpC,MAAM,EAAE,GAAG;YACT,qBAAqB,EAAE,GAAG,EAAE,CAAC,CAAC;gBAC5B,GAAG,EAAE,CAAC,GAAW,EAAE,EAAE;oBACnB,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;oBACjB,OAAO,OAAO,CAAC,OAAO,EAAE,CAAC;gBAC3B,CAAC;aACF,CAAC;SACH,CAAC;QAEF,OAAO,MAAM,EAAE,CAAC,EAAE,CAAC,CAAC;IACtB,CAAC,CAAC,CAAC;AACP,CAAC;AAED,KAAK,UAAU,iBAAiB;IAC9B,OAAO,MAAM,iEAA6B,CAAC,SAAS,CAAC,aAAa,CAAC,IAAI,CACrE,EAAmC,EACnC,GAAG,EAAE,CAAC,oBAAoB,CAC3B,CAAC;AACJ,CAAC;AAkBD,SAAS,uBAAuB;IAK9B,MAAM,MAAM;KAAG;IAEf,OAAO;QACL,CAAC,MAAM,EAAE,CAAC,MAAM,EAAE,EAAE,EAAE,EAAE,GAAG,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,EAAE,EAAE,GAAG,EAAE,CAAC,CAAC;QAC5D,CAAC,SAAS,EAAE,CAAC,MAAM,EAAE,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,EAAE,EAAE,GAAG,EAAE,CAAC,CAAC;QAClD,CAAC,SAAS,EAAE,CAAC,MAAM,EAAE,EAAE,EAAE,EAAE,GAAG,EAAE,CAAC,EAAE,EAAE,EAAE,EAAE,GAAG,EAAE,CAAC;QAC/C,CAAC,eAAe,EAAE,CAAC,MAAM,EAAE,EAAE,EAAE,EAAE,GAAG,EAAE,CAAC,EAAE,EAAE,EAAE,EAAE,GAAG,EAAE,CAAC;QACrD,CAAC,cAAc,EAAE,CAAC,MAAM,EAAE,EAAE,EAAE,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC;QAC3D,CAAC,cAAc,EAAE,CAAC,MAAM,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC;QAC5D,CAAC,OAAO,EAAE,CAAC,MAAM,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC,CAAC;QACxC,CAAC,QAAQ,EAAE,CAAC,MAAM,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,EAAE,GAAG,CAAC;QAC1C,CAAC,YAAY,EAAE,CAAC,MAAM,EAAE,CAAC,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC;QAClD,CAAC,cAAc,EAAE,CAAC,MAAM,EAAE,EAAE,EAAE,EAAE,GAAG,EAAE,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC,CAAC;QAC3D,CAAC,cAAc,EAAE,CAAC,MAAM,EAAE,EAAE,EAAE,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC;QAC1C,CAAC,QAAQ,EAAE,CAAC,MAAM,EAAE,EAAE,EAAE,EAAE,GAAG,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE,EAAE,EAAE,GAAG,EAAE,CAAC;QAC3D,CAAC,YAAY,EAAE,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,EAAE,GAAG,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,EAAE,GAAG,EAAE,CAAC,CAAC;QACnE,CAAC,OAAO,EAAE,EAAE,EAAE,SAAS,CAAC;KACzB,CAAC;AACJ,CAAC"}

package/dist/row-level-security-migration-generator.d.ts

@@ -0,0 +1,14 @@
+import { TSMigrationGenerator } from "@mikro-orm/migrations";
+import type { MigrationDiff } from "./interfaces/row-level-security-migration-generator.interface";
+/** MikroORM TypeScript migration generator that injects generated RLS SQL. */
+export declare class RowLevelSecurityMigrationGenerator extends TSMigrationGenerator {
+    private existingPolicyDefinitions?;
+    private currentPolicyDefinitions?;
+    generate(diff: MigrationDiff, path?: string, name?: string): Promise<[string, string]>;
+    generateMigrationFile(className: string, diff: MigrationDiff): string;
+    private getPolicyDefinitionChanges;
+    private getRelevantPolicyDefinitions;
+    private getPolicyDefinitions;
+    private getEntityMetadata;
+    private getExistingPolicyDefinitionsFromDatabase;
+}

package/dist/row-level-security-migration-generator.js

@@ -0,0 +1,294 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.RowLevelSecurityMigrationGenerator = void 0;
+const migrations_1 = require("@mikro-orm/migrations");
+const policy_decorator_1 = require("./decorators/policy.decorator");
+const policy_command_enum_1 = require("./enums/policy-command.enum");
+const policy_mode_enum_1 = require("./enums/policy-mode.enum");
+const create_policy_bootstrap_sql_statements_1 = require("./utils/create-policy-bootstrap-sql-statements");
+const create_policy_down_sql_1 = require("./utils/create-policy-down-sql");
+const create_policy_up_sql_statements_1 = require("./utils/create-policy-up-sql-statements");
+const escape_sql_literal_1 = require("./utils/escape-sql-literal");
+/** MikroORM TypeScript migration generator that injects generated RLS SQL. */
+class RowLevelSecurityMigrationGenerator extends migrations_1.TSMigrationGenerator {
+    async generate(diff, path, name) {
+        const entityMetadata = this.getEntityMetadata();
+        const currentPolicyDefinitions = this.getPolicyDefinitions(entityMetadata);
+        const tableReferences = getPolicyDefinitionTableReferences(currentPolicyDefinitions);
+        this.existingPolicyDefinitions =
+            await this.getExistingPolicyDefinitionsFromDatabase(tableReferences);
+        this.currentPolicyDefinitions = currentPolicyDefinitions;
+        try {
+            return await super.generate(diff, path, name);
+        }
+        finally {
+            this.existingPolicyDefinitions = undefined;
+            this.currentPolicyDefinitions = undefined;
+        }
+    }
+    generateMigrationFile(className, diff) {
+        const currentPolicyDefinitions = this.currentPolicyDefinitions ?? this.getPolicyDefinitions();
+        const { added, removed } = this.getPolicyDefinitionChanges(diff, currentPolicyDefinitions);
+        if (added.length === 0 && removed.length === 0) {
+            return super.generateMigrationFile(className, diff);
+        }
+        const policyDiff = {
+            up: [
+                ...removed.map((definition) => (0, create_policy_down_sql_1.createPolicyDownSql)(definition)),
+                ...diff.up,
+                ...(added.length > 0 ? (0, create_policy_bootstrap_sql_statements_1.createPolicyBootstrapSqlStatements)() : []),
+                ...getDefinitionBootstrapSql(added),
+                ...added.flatMap((definition) => (0, create_policy_up_sql_statements_1.createPolicyUpSqlStatements)(definition)),
+            ],
+            down: [
+                ...added.map((definition) => (0, create_policy_down_sql_1.createPolicyDownSql)(definition)),
+                ...diff.down,
+                ...(removed.length > 0 ? (0, create_policy_bootstrap_sql_statements_1.createPolicyBootstrapSqlStatements)() : []),
+                ...getDefinitionBootstrapSql(removed),
+                ...removed.flatMap((definition) => (0, create_policy_up_sql_statements_1.createPolicyUpSqlStatements)(definition)),
+            ],
+        };
+        const migrationFile = super.generateMigrationFile(className, policyDiff);
+        return convertMigrationBaseClass(migrationFile);
+    }
+    getPolicyDefinitionChanges(diff, currentPolicyDefinitions) {
+        if (!this.existingPolicyDefinitions) {
+            return {
+                added: this.getRelevantPolicyDefinitions(diff, currentPolicyDefinitions),
+                removed: [],
+            };
+        }
+        const existingPolicyDefinitions = this.existingPolicyDefinitions;
+        return {
+            added: currentPolicyDefinitions.filter((definition) => !hasPolicyDefinitionWithSameContent(existingPolicyDefinitions, definition) || isPolicyDefinitionIntroduced(definition, diff.up)),
+            removed: existingPolicyDefinitions.filter((definition) => !hasPolicyDefinitionWithSameContent(currentPolicyDefinitions, definition)),
+        };
+    }
+    getRelevantPolicyDefinitions(diff, policyDefinitions) {
+        if (diff.up.length === 0 && diff.down.length === 0) {
+            return policyDefinitions;
+        }
+        return policyDefinitions.filter((definition) => isPolicyDefinitionIntroduced(definition, diff.up));
+    }
+    getPolicyDefinitions(metadata = this.getEntityMetadata()) {
+        return sortPolicyDefinitions(metadata.flatMap((entityMetadata) => {
+            if (!entityMetadata.class) {
+                return [];
+            }
+            const entityName = getEntityName(entityMetadata);
+            const schemaName = normalizeSchemaName(entityMetadata.schema);
+            const tableName = getTableName(entityMetadata);
+            const policyEntityMetadata = {
+                entityName,
+                schemaName,
+                tableName,
+                properties: entityMetadata.properties,
+            };
+            return (0, policy_decorator_1.getPolicyDefinitions)(entityMetadata.class, policyEntityMetadata).map((policy) => ({
+                entityName,
+                schemaName,
+                tableName,
+                policyName: policy.name,
+                mode: policy.mode,
+                command: policy.command,
+                using: policy.using,
+                withCheck: policy.withCheck,
+                roles: policy.roles,
+                bootstrapSql: policy.bootstrapSql,
+            }));
+        }));
+    }
+    getEntityMetadata() {
+        const driver = this
+            .driver;
+        const allMetadata = (driver.getMetadata?.() ?? driver.config?.getMetadata?.())?.getAll();
+        if (!allMetadata) {
+            throw new Error("MikroORM metadata storage is not available");
+        }
+        return Array.isArray(allMetadata)
+            ? allMetadata
+            : Object.values(allMetadata);
+    }
+    async getExistingPolicyDefinitionsFromDatabase(tableReferences) {
+        const uniqueTableReferences = dedupeTableReferences(tableReferences);
+        if (uniqueTableReferences.length === 0) {
+            return [];
+        }
+        const driver = this
+            .driver;
+        const connection = driver.getConnection?.();
+        if (!connection) {
+            return undefined;
+        }
+        const rows = await connection.execute(/* SQL */ `
+      SELECT
+        p.polname AS policy_name,
+        n.nspname AS schema_name,
+        c.relname AS table_name,
+        p.polpermissive AS permissive,
+        p.polcmd AS command,
+        pg_get_expr(p.polqual, p.polrelid) AS qual,
+        pg_get_expr(p.polwithcheck, p.polrelid) AS with_check,
+        ARRAY(
+          SELECT roles.rolname
+          FROM unnest(p.polroles) policy_role(role_oid)
+          INNER JOIN pg_roles roles ON roles.oid = policy_role.role_oid
+          WHERE policy_role.role_oid <> 0
+          ORDER BY roles.rolname
+        ) AS roles
+      FROM pg_policy p
+      INNER JOIN pg_class c ON c.oid = p.polrelid
+      INNER JOIN pg_namespace n ON n.oid = c.relnamespace
+      WHERE (n.nspname, c.relname) in (${uniqueTableReferences
+            .map((table) => `('${(0, escape_sql_literal_1.escapeSqlLiteral)(table.schemaName)}', '${(0, escape_sql_literal_1.escapeSqlLiteral)(table.tableName)}')`)
+            .join(", ")})
+      ORDER BY n.nspname, c.relname
+    `);
+        return sortPolicyDefinitions(rows.map(createPolicyDefinitionFromPolicyRow));
+    }
+}
+exports.RowLevelSecurityMigrationGenerator = RowLevelSecurityMigrationGenerator;
+function convertMigrationBaseClass(migrationFile) {
+    const migrationImport = "import { Migration } from '@mikro-orm/migrations';";
+    const migrationBaseClass = "extends Migration";
+    if (!migrationFile.includes(migrationImport) ||
+        !migrationFile.includes(migrationBaseClass)) {
+        throw new Error("MikroORM migration output format is not supported");
+    }
+    return migrationFile
+        .replace(migrationImport, "import { RowLevelSecurityMigration } from '@nest-boot/row-level-security';")
+        .replace(migrationBaseClass, "extends RowLevelSecurityMigration");
+}
+function getDefinitionBootstrapSql(definitions) {
+    return [
+        ...new Set(definitions.flatMap((definition) => definition.bootstrapSql ?? [])),
+    ];
+}
+function getPolicyDefinitionTableReferences(definitions) {
+    return definitions.map((definition) => ({
+        schemaName: definition.schemaName,
+        tableName: definition.tableName,
+    }));
+}
+function dedupeTableReferences(tableReferences) {
+    return [
+        ...new Map(tableReferences.map((table) => [
+            `${table.schemaName}.${table.tableName}`,
+            table,
+        ])).values(),
+    ];
+}
+function isPolicyDefinitionIntroduced(definition, upSql) {
+    return upSql.some((sql) => isCreateTableStatement(sql, definition));
+}
+function hasPolicyDefinitionWithSameContent(definitions, definition) {
+    return definitions.some((candidate) => getPolicyDefinitionKey(candidate) ===
+        getPolicyDefinitionKey(definition) &&
+        hasSamePolicyDefinitionContent(candidate, definition));
+}
+function hasSamePolicyDefinitionContent(left, right) {
+    return (normalizePolicyMode(left.mode) === normalizePolicyMode(right.mode) &&
+        normalizePolicyCommand(left.command) ===
+            normalizePolicyCommand(right.command) &&
+        normalizePolicyExpression(left.using) ===
+            normalizePolicyExpression(right.using) &&
+        normalizePolicyExpression(left.withCheck) ===
+            normalizePolicyExpression(right.withCheck) &&
+        normalizePolicyRoles(left.roles).join("\n") ===
+            normalizePolicyRoles(right.roles).join("\n"));
+}
+function normalizePolicyMode(mode) {
+    return mode ?? policy_mode_enum_1.PolicyMode.PERMISSIVE;
+}
+function normalizePolicyCommand(command) {
+    return command ?? policy_command_enum_1.PolicyCommand.ALL;
+}
+function normalizePolicyExpression(expression) {
+    return expression?.trim() ?? "";
+}
+function normalizePolicyRoles(roles) {
+    return [
+        ...new Set((roles ?? []).filter((role) => role.toLowerCase() !== "public")),
+    ].sort();
+}
+function sortPolicyDefinitions(definitions) {
+    return [...definitions].sort((left, right) => getPolicyDefinitionKey(left).localeCompare(getPolicyDefinitionKey(right)));
+}
+function getPolicyDefinitionKey(definition) {
+    return [
+        definition.schemaName,
+        definition.tableName,
+        definition.policyName,
+    ].join(".");
+}
+function createPolicyDefinitionFromPolicyRow(row) {
+    return {
+        entityName: `${row.schema_name}.${row.table_name}`,
+        schemaName: row.schema_name,
+        tableName: row.table_name,
+        policyName: row.policy_name,
+        mode: row.permissive === false ? policy_mode_enum_1.PolicyMode.RESTRICTIVE : policy_mode_enum_1.PolicyMode.PERMISSIVE,
+        command: getPolicyCommandFromDatabase(row.command),
+        using: row.qual ?? undefined,
+        withCheck: row.with_check ?? undefined,
+        roles: normalizePolicyRowRoles(row.roles),
+    };
+}
+function normalizePolicyRowRoles(roles) {
+    if (!roles) {
+        return [];
+    }
+    if (Array.isArray(roles)) {
+        return normalizePolicyRoles(roles);
+    }
+    return normalizePolicyRoles(roles
+        .replace(/^{|}$/g, "")
+        .split(",")
+        .map((role) => role.trim())
+        .filter(Boolean));
+}
+function getPolicyCommandFromDatabase(command) {
+    if (command === "r") {
+        return policy_command_enum_1.PolicyCommand.SELECT;
+    }
+    if (command === "a") {
+        return policy_command_enum_1.PolicyCommand.INSERT;
+    }
+    if (command === "w") {
+        return policy_command_enum_1.PolicyCommand.UPDATE;
+    }
+    if (command === "d") {
+        return policy_command_enum_1.PolicyCommand.DELETE;
+    }
+    return policy_command_enum_1.PolicyCommand.ALL;
+}
+function isCreateTableStatement(sql, definition) {
+    return new RegExp(`create\\s+table\\s+(?:if\\s+not\\s+exists\\s+)?${createTableReferencePattern(definition)}(?:\\s|\\()`, "i").test(sql);
+}
+function createTableReferencePattern(definition) {
+    const table = `"${escapeRegExp(definition.tableName)}"`;
+    if (definition.schemaName === "public") {
+        return `(?:"public"\\.)?${table}`;
+    }
+    return `"${escapeRegExp(definition.schemaName)}"\\.${table}`;
+}
+function normalizeSchemaName(schemaName) {
+    return !schemaName || schemaName === "*" ? "public" : schemaName;
+}
+function getTableName(entityMetadata) {
+    const tableName = entityMetadata.tableName ?? entityMetadata.collection;
+    if (!tableName) {
+        throw new Error(`Policy entity ${getEntityName(entityMetadata)} does not have a table name`);
+    }
+    return tableName;
+}
+function getEntityName(entityMetadata) {
+    return (entityMetadata.class?.name ??
+        entityMetadata.className ??
+        entityMetadata.name ??
+        "UnknownEntity");
+}
+function escapeRegExp(value) {
+    return value.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
+}
+//# sourceMappingURL=row-level-security-migration-generator.js.map

package/dist/row-level-security-migration-generator.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"row-level-security-migration-generator.js","sourceRoot":"","sources":["../src/row-level-security-migration-generator.ts"],"names":[],"mappings":";;;AAAA,sDAA6D;AAE7D,oEAAqE;AACrE,qEAA4D;AAC5D,+DAAsD;AAUtD,2GAAoG;AACpG,2EAAqE;AACrE,6FAAsF;AACtF,mEAA8D;AAE9D,8EAA8E;AAC9E,MAAa,kCAAmC,SAAQ,iCAAoB;IAIjE,KAAK,CAAC,QAAQ,CACrB,IAAmB,EACnB,IAAa,EACb,IAAa;QAEb,MAAM,cAAc,GAAG,IAAI,CAAC,iBAAiB,EAAE,CAAC;QAChD,MAAM,wBAAwB,GAAG,IAAI,CAAC,oBAAoB,CAAC,cAAc,CAAC,CAAC;QAC3E,MAAM,eAAe,GAAG,kCAAkC,CACxD,wBAAwB,CACzB,CAAC;QAEF,IAAI,CAAC,yBAAyB;YAC5B,MAAM,IAAI,CAAC,wCAAwC,CAAC,eAAe,CAAC,CAAC;QACvE,IAAI,CAAC,wBAAwB,GAAG,wBAAwB,CAAC;QAEzD,IAAI,CAAC;YACH,OAAO,MAAM,KAAK,CAAC,QAAQ,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;QAChD,CAAC;gBAAS,CAAC;YACT,IAAI,CAAC,yBAAyB,GAAG,SAAS,CAAC;YAC3C,IAAI,CAAC,wBAAwB,GAAG,SAAS,CAAC;QAC5C,CAAC;IACH,CAAC;IAEQ,qBAAqB,CAC5B,SAAiB,EACjB,IAAmB;QAEnB,MAAM,wBAAwB,GAC5B,IAAI,CAAC,wBAAwB,IAAI,IAAI,CAAC,oBAAoB,EAAE,CAAC;QAC/D,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,GAAG,IAAI,CAAC,0BAA0B,CACxD,IAAI,EACJ,wBAAwB,CACzB,CAAC;QAEF,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC/C,OAAO,KAAK,CAAC,qBAAqB,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;QACtD,CAAC;QAED,MAAM,UAAU,GAAG;YACjB,EAAE,EAAE;gBACF,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,UAAU,EAAE,EAAE,CAAC,IAAA,4CAAmB,EAAC,UAAU,CAAC,CAAC;gBAC/D,GAAG,IAAI,CAAC,EAAE;gBACV,GAAG,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,IAAA,2EAAkC,GAAE,CAAC,CAAC,CAAC,EAAE,CAAC;gBACjE,GAAG,yBAAyB,CAAC,KAAK,CAAC;gBACnC,GAAG,KAAK,CAAC,OAAO,CAAC,CAAC,UAAU,EAAE,EAAE,CAC9B,IAAA,6DAA2B,EAAC,UAAU,CAAC,CACxC;aACF;YACD,IAAI,EAAE;gBACJ,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC,UAAU,EAAE,EAAE,CAAC,IAAA,4CAAmB,EAAC,UAAU,CAAC,CAAC;gBAC7D,GAAG,IAAI,CAAC,IAAI;gBACZ,GAAG,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,IAAA,2EAAkC,GAAE,CAAC,CAAC,CAAC,EAAE,CAAC;gBACnE,GAAG,yBAAyB,CAAC,OAAO,CAAC;gBACrC,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC,UAAU,EAAE,EAAE,CAChC,IAAA,6DAA2B,EAAC,UAAU,CAAC,CACxC;aACF;SACF,CAAC;QAEF,MAAM,aAAa,GAAG,KAAK,CAAC,qBAAqB,CAAC,SAAS,EAAE,UAAU,CAAC,CAAC;QAEzE,OAAO,yBAAyB,CAAC,aAAa,CAAC,CAAC;IAClD,CAAC;IAEO,0BAA0B,CAChC,IAAmB,EACnB,wBAAsD;QAEtD,IAAI,CAAC,IAAI,CAAC,yBAAyB,EAAE,CAAC;YACpC,OAAO;gBACL,KAAK,EAAE,IAAI,CAAC,4BAA4B,CACtC,IAAI,EACJ,wBAAwB,CACzB;gBACD,OAAO,EAAE,EAAE;aACZ,CAAC;QACJ,CAAC;QAED,MAAM,yBAAyB,GAAG,IAAI,CAAC,yBAAyB,CAAC;QAEjE,OAAO;YACL,KAAK,EAAE,wBAAwB,CAAC,MAAM,CACpC,CAAC,UAAU,EAAE,EAAE,CACb,CAAC,kCAAkC,CACjC,yBAAyB,EACzB,UAAU,CACX,IAAI,4BAA4B,CAAC,UAAU,EAAE,IAAI,CAAC,EAAE,CAAC,CACzD;YACD,OAAO,EAAE,yBAAyB,CAAC,MAAM,CACvC,CAAC,UAAU,EAAE,EAAE,CACb,CAAC,kCAAkC,CACjC,wBAAwB,EACxB,UAAU,CACX,CACJ;SACF,CAAC;IACJ,CAAC;IAEO,4BAA4B,CAClC,IAAmB,EACnB,iBAA+C;QAE/C,IAAI,IAAI,CAAC,EAAE,CAAC,MAAM,KAAK,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACnD,OAAO,iBAAiB,CAAC;QAC3B,CAAC;QAED,OAAO,iBAAiB,CAAC,MAAM,CAAC,CAAC,UAAU,EAAE,EAAE,CAC7C,4BAA4B,CAAC,UAAU,EAAE,IAAI,CAAC,EAAE,CAAC,CAClD,CAAC;IACJ,CAAC;IAEO,oBAAoB,CAC1B,QAAQ,GAAG,IAAI,CAAC,iBAAiB,EAAE;QAEnC,OAAO,qBAAqB,CAC1B,QAAQ,CAAC,OAAO,CAAC,CAAC,cAAc,EAAE,EAAE;YAClC,IAAI,CAAC,cAAc,CAAC,KAAK,EAAE,CAAC;gBAC1B,OAAO,EAAE,CAAC;YACZ,CAAC;YAED,MAAM,UAAU,GAAG,aAAa,CAAC,cAAc,CAAC,CAAC;YACjD,MAAM,UAAU,GAAG,mBAAmB,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC;YAC9D,MAAM,SAAS,GAAG,YAAY,CAAC,cAAc,CAAC,CAAC;YAC/C,MAAM,oBAAoB,GAAyB;gBACjD,UAAU;gBACV,UAAU;gBACV,SAAS;gBACT,UAAU,EAAE,cAAc,CAAC,UAAU;aACtC,CAAC;YAEF,OAAO,IAAA,uCAAoB,EACzB,cAAc,CAAC,KAAK,EACpB,oBAAoB,CACrB,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;gBACjB,UAAU;gBACV,UAAU;gBACV,SAAS;gBACT,UAAU,EAAE,MAAM,CAAC,IAAI;gBACvB,IAAI,EAAE,MAAM,CAAC,IAAI;gBACjB,OAAO,EAAE,MAAM,CAAC,OAAO;gBACvB,KAAK,EAAE,MAAM,CAAC,KAAK;gBACnB,SAAS,EAAE,MAAM,CAAC,SAAS;gBAC3B,KAAK,EAAE,MAAM,CAAC,KAAK;gBACnB,YAAY,EAAE,MAAM,CAAC,YAAY;aAClC,CAAC,CAAC,CAAC;QACN,CAAC,CAAC,CACH,CAAC;IACJ,CAAC;IAEO,iBAAiB;QACvB,MAAM,MAAM,GAAG,IAAI;aAChB,MAAiE,CAAC;QACrE,MAAM,WAAW,GAAG,CAClB,MAAM,CAAC,WAAW,EAAE,EAAE,IAAI,MAAM,CAAC,MAAM,EAAE,WAAW,EAAE,EAAE,CACzD,EAAE,MAAM,EAAE,CAAC;QAEZ,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAC;QAChE,CAAC;QAED,OAAO,KAAK,CAAC,OAAO,CAAC,WAAW,CAAC;YAC/B,CAAC,CAAC,WAAW;YACb,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;IACjC,CAAC;IAEO,KAAK,CAAC,wCAAwC,CACpD,eAAiC;QAEjC,MAAM,qBAAqB,GAAG,qBAAqB,CAAC,eAAe,CAAC,CAAC;QAErE,IAAI,qBAAqB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACvC,OAAO,EAAE,CAAC;QACZ,CAAC;QAED,MAAM,MAAM,GAAG,IAAI;aAChB,MAAiE,CAAC;QACrE,MAAM,UAAU,GAAG,MAAM,CAAC,aAAa,EAAE,EAAE,CAAC;QAE5C,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,OAAO,SAAS,CAAC;QACnB,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,UAAU,CAAC,OAAO,CAAc,SAAS,CAAC;;;;;;;;;;;;;;;;;;;yCAmBxB,qBAAqB;aACrD,GAAG,CACF,CAAC,KAAK,EAAE,EAAE,CACR,KAAK,IAAA,qCAAgB,EAAC,KAAK,CAAC,UAAU,CAAC,OAAO,IAAA,qCAAgB,EAAC,KAAK,CAAC,SAAS,CAAC,IAAI,CACtF;aACA,IAAI,CAAC,IAAI,CAAC;;KAEd,CAAC,CAAC;QAEH,OAAO,qBAAqB,CAAC,IAAI,CAAC,GAAG,CAAC,mCAAmC,CAAC,CAAC,CAAC;IAC9E,CAAC;CACF;AAxND,gFAwNC;AAED,SAAS,yBAAyB,CAAC,aAAqB;IACtD,MAAM,eAAe,GAAG,oDAAoD,CAAC;IAC7E,MAAM,kBAAkB,GAAG,mBAAmB,CAAC;IAE/C,IACE,CAAC,aAAa,CAAC,QAAQ,CAAC,eAAe,CAAC;QACxC,CAAC,aAAa,CAAC,QAAQ,CAAC,kBAAkB,CAAC,EAC3C,CAAC;QACD,MAAM,IAAI,KAAK,CAAC,mDAAmD,CAAC,CAAC;IACvE,CAAC;IAED,OAAO,aAAa;SACjB,OAAO,CACN,eAAe,EACf,4EAA4E,CAC7E;SACA,OAAO,CAAC,kBAAkB,EAAE,mCAAmC,CAAC,CAAC;AACtE,CAAC;AAED,SAAS,yBAAyB,CAAC,WAAyC;IAC1E,OAAO;QACL,GAAG,IAAI,GAAG,CACR,WAAW,CAAC,OAAO,CAAC,CAAC,UAAU,EAAE,EAAE,CAAC,UAAU,CAAC,YAAY,IAAI,EAAE,CAAC,CACnE;KACF,CAAC;AACJ,CAAC;AAED,SAAS,kCAAkC,CACzC,WAAyC;IAEzC,OAAO,WAAW,CAAC,GAAG,CAAC,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC;QACtC,UAAU,EAAE,UAAU,CAAC,UAAU;QACjC,SAAS,EAAE,UAAU,CAAC,SAAS;KAChC,CAAC,CAAC,CAAC;AACN,CAAC;AAED,SAAS,qBAAqB,CAAC,eAAiC;IAC9D,OAAO;QACL,GAAG,IAAI,GAAG,CACR,eAAe,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC;YAC7B,GAAG,KAAK,CAAC,UAAU,IAAI,KAAK,CAAC,SAAS,EAAE;YACxC,KAAK;SACN,CAAC,CACH,CAAC,MAAM,EAAE;KACX,CAAC;AACJ,CAAC;AAED,SAAS,4BAA4B,CACnC,UAAsC,EACtC,KAAe;IAEf,OAAO,KAAK,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,sBAAsB,CAAC,GAAG,EAAE,UAAU,CAAC,CAAC,CAAC;AACtE,CAAC;AAED,SAAS,kCAAkC,CACzC,WAAyC,EACzC,UAAsC;IAEtC,OAAO,WAAW,CAAC,IAAI,CACrB,CAAC,SAAS,EAAE,EAAE,CACZ,sBAAsB,CAAC,SAAS,CAAC;QAC/B,sBAAsB,CAAC,UAAU,CAAC;QACpC,8BAA8B,CAAC,SAAS,EAAE,UAAU,CAAC,CACxD,CAAC;AACJ,CAAC;AAED,SAAS,8BAA8B,CACrC,IAAgC,EAChC,KAAiC;IAEjC,OAAO,CACL,mBAAmB,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,mBAAmB,CAAC,KAAK,CAAC,IAAI,CAAC;QAClE,sBAAsB,CAAC,IAAI,CAAC,OAAO,CAAC;YAClC,sBAAsB,CAAC,KAAK,CAAC,OAAO,CAAC;QACvC,yBAAyB,CAAC,IAAI,CAAC,KAAK,CAAC;YACnC,yBAAyB,CAAC,KAAK,CAAC,KAAK,CAAC;QACxC,yBAAyB,CAAC,IAAI,CAAC,SAAS,CAAC;YACvC,yBAAyB,CAAC,KAAK,CAAC,SAAS,CAAC;QAC5C,oBAAoB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC;YACzC,oBAAoB,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAC/C,CAAC;AACJ,CAAC;AAED,SAAS,mBAAmB,CAAC,IAA4B;IACvD,OAAO,IAAI,IAAI,6BAAU,CAAC,UAAU,CAAC;AACvC,CAAC;AAED,SAAS,sBAAsB,CAAC,OAAkC;IAChE,OAAO,OAAO,IAAI,mCAAa,CAAC,GAAG,CAAC;AACtC,CAAC;AAED,SAAS,yBAAyB,CAAC,UAA8B;IAC/D,OAAO,UAAU,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;AAClC,CAAC;AAED,SAAS,oBAAoB,CAAC,KAA2B;IACvD,OAAO;QACL,GAAG,IAAI,GAAG,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,WAAW,EAAE,KAAK,QAAQ,CAAC,CAAC;KAC5E,CAAC,IAAI,EAAE,CAAC;AACX,CAAC;AAED,SAAS,qBAAqB,CAAC,WAAyC;IACtE,OAAO,CAAC,GAAG,WAAW,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAC3C,sBAAsB,CAAC,IAAI,CAAC,CAAC,aAAa,CAAC,sBAAsB,CAAC,KAAK,CAAC,CAAC,CAC1E,CAAC;AACJ,CAAC;AAED,SAAS,sBAAsB,CAAC,UAAsC;IACpE,OAAO;QACL,UAAU,CAAC,UAAU;QACrB,UAAU,CAAC,SAAS;QACpB,UAAU,CAAC,UAAU;KACtB,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AACd,CAAC;AAED,SAAS,mCAAmC,CAC1C,GAAc;IAEd,OAAO;QACL,UAAU,EAAE,GAAG,GAAG,CAAC,WAAW,IAAI,GAAG,CAAC,UAAU,EAAE;QAClD,UAAU,EAAE,GAAG,CAAC,WAAW;QAC3B,SAAS,EAAE,GAAG,CAAC,UAAU;QACzB,UAAU,EAAE,GAAG,CAAC,WAAW;QAC3B,IAAI,EACF,GAAG,CAAC,UAAU,KAAK,KAAK,CAAC,CAAC,CAAC,6BAAU,CAAC,WAAW,CAAC,CAAC,CAAC,6BAAU,CAAC,UAAU;QAC3E,OAAO,EAAE,4BAA4B,CAAC,GAAG,CAAC,OAAO,CAAC;QAClD,KAAK,EAAE,GAAG,CAAC,IAAI,IAAI,SAAS;QAC5B,SAAS,EAAE,GAAG,CAAC,UAAU,IAAI,SAAS;QACtC,KAAK,EAAE,uBAAuB,CAAC,GAAG,CAAC,KAAK,CAAC;KAC1C,CAAC;AACJ,CAAC;AAED,SAAS,uBAAuB,CAAC,KAAyB;IACxD,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO,oBAAoB,CAAC,KAAK,CAAC,CAAC;IACrC,CAAC;IAED,OAAO,oBAAoB,CACzB,KAAK;SACF,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC;SACrB,KAAK,CAAC,GAAG,CAAC;SACV,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;SAC1B,MAAM,CAAC,OAAO,CAAC,CACnB,CAAC;AACJ,CAAC;AAED,SAAS,4BAA4B,CAAC,OAAkC;IACtE,IAAI,OAAO,KAAK,GAAG,EAAE,CAAC;QACpB,OAAO,mCAAa,CAAC,MAAM,CAAC;IAC9B,CAAC;IAED,IAAI,OAAO,KAAK,GAAG,EAAE,CAAC;QACpB,OAAO,mCAAa,CAAC,MAAM,CAAC;IAC9B,CAAC;IAED,IAAI,OAAO,KAAK,GAAG,EAAE,CAAC;QACpB,OAAO,mCAAa,CAAC,MAAM,CAAC;IAC9B,CAAC;IAED,IAAI,OAAO,KAAK,GAAG,EAAE,CAAC;QACpB,OAAO,mCAAa,CAAC,MAAM,CAAC;IAC9B,CAAC;IAED,OAAO,mCAAa,CAAC,GAAG,CAAC;AAC3B,CAAC;AAED,SAAS,sBAAsB,CAC7B,GAAW,EACX,UAAsC;IAEtC,OAAO,IAAI,MAAM,CACf,kDAAkD,2BAA2B,CAC3E,UAAU,CACX,aAAa,EACd,GAAG,CACJ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AACd,CAAC;AAED,SAAS,2BAA2B,CAAC,UAAsC;IACzE,MAAM,KAAK,GAAG,IAAI,YAAY,CAAC,UAAU,CAAC,SAAS,CAAC,GAAG,CAAC;IAExD,IAAI,UAAU,CAAC,UAAU,KAAK,QAAQ,EAAE,CAAC;QACvC,OAAO,mBAAmB,KAAK,EAAE,CAAC;IACpC,CAAC;IAED,OAAO,IAAI,YAAY,CAAC,UAAU,CAAC,UAAU,CAAC,OAAO,KAAK,EAAE,CAAC;AAC/D,CAAC;AAED,SAAS,mBAAmB,CAAC,UAA8B;IACzD,OAAO,CAAC,UAAU,IAAI,UAAU,KAAK,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,UAAU,CAAC;AACnE,CAAC;AAED,SAAS,YAAY,CAAC,cAAkC;IACtD,MAAM,SAAS,GAAG,cAAc,CAAC,SAAS,IAAI,cAAc,CAAC,UAAU,CAAC;IAExE,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,MAAM,IAAI,KAAK,CACb,iBAAiB,aAAa,CAAC,cAAc,CAAC,6BAA6B,CAC5E,CAAC;IACJ,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,SAAS,aAAa,CAAC,cAAkC;IACvD,OAAO,CACL,cAAc,CAAC,KAAK,EAAE,IAAI;QAC1B,cAAc,CAAC,SAAS;QACxB,cAAc,CAAC,IAAI;QACnB,eAAe,CAChB,CAAC;AACJ,CAAC;AAED,SAAS,YAAY,CAAC,KAAa;IACjC,OAAO,KAAK,CAAC,OAAO,CAAC,qBAAqB,EAAE,MAAM,CAAC,CAAC;AACtD,CAAC"}

package/dist/row-level-security-migration-generator.spec.d.ts

@@ -0,0 +1 @@
+export {};