@powersync/service-module-postgres 0.14.3 → 0.15.0

package/dist/auth/SupabaseKeyCollector.d.ts

@@ -1,17 +0,0 @@
-import { auth, KeyResult } from '@powersync/service-core';
-import * as types from '../types/types.js';
-/**
- * Fetches key from the Supabase database.
- *
- * Unfortunately, despite the JWTs containing a kid, we have no way to lookup that kid
- * before receiving a valid token.
- *
- * @deprecated Supabase is removing support for "app.settings.jwt_secret". This is likely to not function anymore, except in some self-hosted setups.
- */
-export declare class SupabaseKeyCollector implements auth.KeyCollector {
-    private pool;
-    private keyOptions;
-    constructor(connectionConfig: types.ResolvedConnectionConfig);
-    shutdown(): Promise<void>;
-    getKeys(): Promise<KeyResult>;
-}

package/dist/auth/SupabaseKeyCollector.js

@@ -1,69 +0,0 @@
-import * as lib_postgres from '@powersync/lib-service-postgres';
-import { auth } from '@powersync/service-core';
-import * as pgwire from '@powersync/service-jpgwire';
-import { AuthorizationError, ErrorCode } from '@powersync/lib-services-framework';
-/**
- * Fetches key from the Supabase database.
- *
- * Unfortunately, despite the JWTs containing a kid, we have no way to lookup that kid
- * before receiving a valid token.
- *
- * @deprecated Supabase is removing support for "app.settings.jwt_secret". This is likely to not function anymore, except in some self-hosted setups.
- */
-export class SupabaseKeyCollector {
-    pool;
-    keyOptions = {
-        requiresAudience: ['authenticated'],
-        maxLifetimeSeconds: 86400 * 7 + 1200 // 1 week + 20 minutes margin
-    };
-    constructor(connectionConfig) {
-        this.pool = pgwire.connectPgWirePool(connectionConfig, {
-            // To avoid overloading the source database with open connections,
-            // limit to a single connection, and close the connection shortly
-            // after using it.
-            idleTimeout: 5_000,
-            maxSize: 1
-        });
-    }
-    shutdown() {
-        return this.pool.end();
-    }
-    async getKeys() {
-        let row;
-        try {
-            const rows = pgwire.pgwireRows(await lib_postgres.retriedQuery(this.pool, `SELECT current_setting('app.settings.jwt_secret') as jwt_secret`));
-            row = rows[0];
-        }
-        catch (e) {
-            if (e.message?.includes('unrecognized configuration parameter')) {
-                throw new AuthorizationError(ErrorCode.PSYNC_S2201, 'No JWT secret found in Supabase database. Manually configure the secret.');
-            }
-            else {
-                throw e;
-            }
-        }
-        const secret = row?.jwt_secret;
-        if (secret == null) {
-            return {
-                keys: [],
-                errors: [
-                    new AuthorizationError(ErrorCode.PSYNC_S2201, 'No JWT secret found in Supabase database. Manually configure the secret.')
-                ]
-            };
-        }
-        else {
-            const key = {
-                kty: 'oct',
-                alg: 'HS256',
-                // While the secret is valid base64, the base64-encoded form is the secret value.
-                k: Buffer.from(secret, 'utf8').toString('base64url')
-            };
-            const imported = await auth.KeySpec.importKey(key, this.keyOptions);
-            return {
-                keys: [imported],
-                errors: []
-            };
-        }
-    }
-}
-//# sourceMappingURL=SupabaseKeyCollector.js.map

package/dist/auth/SupabaseKeyCollector.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"SupabaseKeyCollector.js","sourceRoot":"","sources":["../../src/auth/SupabaseKeyCollector.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,YAAY,MAAM,iCAAiC,CAAC;AAChE,OAAO,EAAE,IAAI,EAAa,MAAM,yBAAyB,CAAC;AAC1D,OAAO,KAAK,MAAM,MAAM,4BAA4B,CAAC;AAIrD,OAAO,EAAE,kBAAkB,EAAE,SAAS,EAAE,MAAM,mCAAmC,CAAC;AAElF;;;;;;;GAOG;AACH,MAAM,OAAO,oBAAoB;IACvB,IAAI,CAAkB;IAEtB,UAAU,GAAoB;QACpC,gBAAgB,EAAE,CAAC,eAAe,CAAC;QACnC,kBAAkB,EAAE,KAAK,GAAG,CAAC,GAAG,IAAI,CAAC,6BAA6B;KACnE,CAAC;IAEF,YAAY,gBAAgD;QAC1D,IAAI,CAAC,IAAI,GAAG,MAAM,CAAC,iBAAiB,CAAC,gBAAgB,EAAE;YACrD,kEAAkE;YAClE,iEAAiE;YACjE,kBAAkB;YAClB,WAAW,EAAE,KAAK;YAClB,OAAO,EAAE,CAAC;SACX,CAAC,CAAC;IACL,CAAC;IAED,QAAQ;QACN,OAAO,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC;IACzB,CAAC;IAED,KAAK,CAAC,OAAO;QACX,IAAI,GAA2B,CAAC;QAChC,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,CAAC,UAAU,CAC5B,MAAM,YAAY,CAAC,YAAY,CAAC,IAAI,CAAC,IAAI,EAAE,iEAAiE,CAAC,CAC9G,CAAC;YACF,GAAG,GAAG,IAAI,CAAC,CAAC,CAAQ,CAAC;QACvB,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,IAAI,CAAC,CAAC,OAAO,EAAE,QAAQ,CAAC,sCAAsC,CAAC,EAAE,CAAC;gBAChE,MAAM,IAAI,kBAAkB,CAC1B,SAAS,CAAC,WAAW,EACrB,0EAA0E,CAC3E,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,MAAM,CAAC,CAAC;YACV,CAAC;QACH,CAAC;QACD,MAAM,MAAM,GAAG,GAAG,EAAE,UAAgC,CAAC;QACrD,IAAI,MAAM,IAAI,IAAI,EAAE,CAAC;YACnB,OAAO;gBACL,IAAI,EAAE,EAAE;gBACR,MAAM,EAAE;oBACN,IAAI,kBAAkB,CACpB,SAAS,CAAC,WAAW,EACrB,0EAA0E,CAC3E;iBACF;aACF,CAAC;QACJ,CAAC;aAAM,CAAC;YACN,MAAM,GAAG,GAAa;gBACpB,GAAG,EAAE,KAAK;gBACV,GAAG,EAAE,OAAO;gBACZ,iFAAiF;gBACjF,CAAC,EAAE,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC;aACrD,CAAC;YACF,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,GAAG,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC;YACpE,OAAO;gBACL,IAAI,EAAE,CAAC,QAAQ,CAAC;gBAChB,MAAM,EAAE,EAAE;aACX,CAAC;QACJ,CAAC;IACH,CAAC;CACF"}

package/src/auth/SupabaseKeyCollector.ts

@@ -1,81 +0,0 @@
-import * as lib_postgres from '@powersync/lib-service-postgres';
-import { auth, KeyResult } from '@powersync/service-core';
-import * as pgwire from '@powersync/service-jpgwire';
-import * as jose from 'jose';
-
-import * as types from '../types/types.js';
-import { AuthorizationError, ErrorCode } from '@powersync/lib-services-framework';
-
-/**
- * Fetches key from the Supabase database.
- *
- * Unfortunately, despite the JWTs containing a kid, we have no way to lookup that kid
- * before receiving a valid token.
- *
- * @deprecated Supabase is removing support for "app.settings.jwt_secret". This is likely to not function anymore, except in some self-hosted setups.
- */
-export class SupabaseKeyCollector implements auth.KeyCollector {
-  private pool: pgwire.PgClient;
-
-  private keyOptions: auth.KeyOptions = {
-    requiresAudience: ['authenticated'],
-    maxLifetimeSeconds: 86400 * 7 + 1200 // 1 week + 20 minutes margin
-  };
-
-  constructor(connectionConfig: types.ResolvedConnectionConfig) {
-    this.pool = pgwire.connectPgWirePool(connectionConfig, {
-      // To avoid overloading the source database with open connections,
-      // limit to a single connection, and close the connection shortly
-      // after using it.
-      idleTimeout: 5_000,
-      maxSize: 1
-    });
-  }
-
-  shutdown() {
-    return this.pool.end();
-  }
-
-  async getKeys(): Promise<KeyResult> {
-    let row: { jwt_secret: string };
-    try {
-      const rows = pgwire.pgwireRows(
-        await lib_postgres.retriedQuery(this.pool, `SELECT current_setting('app.settings.jwt_secret') as jwt_secret`)
-      );
-      row = rows[0] as any;
-    } catch (e) {
-      if (e.message?.includes('unrecognized configuration parameter')) {
-        throw new AuthorizationError(
-          ErrorCode.PSYNC_S2201,
-          'No JWT secret found in Supabase database. Manually configure the secret.'
-        );
-      } else {
-        throw e;
-      }
-    }
-    const secret = row?.jwt_secret as string | undefined;
-    if (secret == null) {
-      return {
-        keys: [],
-        errors: [
-          new AuthorizationError(
-            ErrorCode.PSYNC_S2201,
-            'No JWT secret found in Supabase database. Manually configure the secret.'
-          )
-        ]
-      };
-    } else {
-      const key: jose.JWK = {
-        kty: 'oct',
-        alg: 'HS256',
-        // While the secret is valid base64, the base64-encoded form is the secret value.
-        k: Buffer.from(secret, 'utf8').toString('base64url')
-      };
-      const imported = await auth.KeySpec.importKey(key, this.keyOptions);
-      return {
-        keys: [imported],
-        errors: []
-      };
-    }
-  }
-}