npm - @quiqflow-org/quiqflow-multi-tenants-utils - Versions diffs - 1.0.1 → 1.0.3 - Mend

@quiqflow-org/quiqflow-multi-tenants-utils 1.0.1 → 1.0.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/dist/TenantConnectionManager.d.ts +14 -0
package/dist/TenantConnectionManager.d.ts.map +1 -1
package/dist/TenantConnectionManager.js +75 -9
package/package.json +1 -1

package/dist/TenantConnectionManager.d.ts CHANGED Viewed

@@ -11,6 +11,14 @@ export declare class TenantConnectionManager {
      * Get a connection for a schema. Options:
      * - forceNew: Close existing connection and create a fresh one (new DB pool)
      * - skipCache: Don't use cached connection, always create new (but still cache result)
+     *
+     * CRITICAL FIX: ORM caching is DISABLED to prevent cross-tenant model contamination.
+     * The issue: Sequelize models are bound to a specific Sequelize instance. When ORMs
+     * are cached, models from one tenant's ORM can get used by another tenant, causing
+     * queries to go through the wrong Sequelize instance.
+     *
+     * By always creating fresh ORMs, each request gets models bound to the correct Sequelize.
+     * Connection pool management is handled at the Sequelize level (each Sequelize has its own pool).
      */
     getConnection(schemaName: string, options?: {
         forceNew?: boolean;
@@ -35,6 +43,12 @@ export declare class TenantConnectionManager {
     /**
      * Efficiently ensure schema isolation for reused connections
      * Fixes Sequelize model schema caching issues in multi-tenant environment
+     *
+     * CRITICAL: We DO NOT set model._schema here because that causes Sequelize
+     * to generate fully qualified table names (schema.table) which bypasses
+     * PostgreSQL's search_path mechanism. Instead, we rely on search_path
+     * being set on the connection, and we REMOVE schema from models to force
+     * Sequelize to use unqualified names that resolve via search_path.
      */
     private ensureSchemaIsolation;
     /**

package/dist/TenantConnectionManager.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"TenantConnectionManager.d.ts","sourceRoot":"","sources":["../src/TenantConnectionManager.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,8BAA8B,EAAE,MAAM,SAAS,CAAC;AAIzD,qBAAa,uBAAuB;IAClC,OAAO,CAAC,MAAM,CAAC,SAAS,CAAwC;IAChE,OAAO,CAAC,WAAW,CAA+B;IAClD,OAAO,CAAC,OAAO,CAA4C;IAC3D,OAAO,CAAC,YAAY,CAAC,CAAiD;IAEtE,OAAO;IAKP,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,8BAA8B,GAAG,uBAAuB;IAK1E,MAAM,CAAC,WAAW,IAAI,uBAAuB;IAM7C~~;;;;OAIG~~;IACG,aAAa,CACjB,UAAU,EAAE,MAAM,EAClB,OAAO,CAAC,EAAE;QAAE,QAAQ,CAAC,EAAE,OAAO,CAAC;QAAC,SAAS,CAAC,EAAE,OAAO,CAAA;KAAE,GACpD,OAAO,CAAC,GAAG,CAAC;~~IA0Cf~~;;;OAGG;IACG,iBAAiB,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC;IAOzD;;;OAGG;IACG,qBAAqB,IAAI,OAAO,CAAC,IAAI,CAAC;IAe5C;;;;OAIG;YACW,kBAAkB;IAmChC~~;;;OAGG~~;YACW,qBAAqB;~~IAgBnC~~;;;OAGG;IACG,gBAAgB,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IA4B5D;;OAEG;IACH,aAAa,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO;IAI1C;;OAEG;IACH,gBAAgB,IAAI,MAAM,EAAE;IAI5B;;OAEG;IACH,YAAY,IAAI,MAAM;IAItB;;OAEG;IACG,QAAQ,IAAI,OAAO,CAAC,IAAI,CAAC;CAwBhC"}
1	+ {"version":3,"file":"TenantConnectionManager.d.ts","sourceRoot":"","sources":["../src/TenantConnectionManager.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,8BAA8B,EAAE,MAAM,SAAS,CAAC;AAIzD,qBAAa,uBAAuB;IAClC,OAAO,CAAC,MAAM,CAAC,SAAS,CAAwC;IAChE,OAAO,CAAC,WAAW,CAA+B;IAClD,OAAO,CAAC,OAAO,CAA4C;IAC3D,OAAO,CAAC,YAAY,CAAC,CAAiD;IAEtE,OAAO;IAKP,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,8BAA8B,GAAG,uBAAuB;IAK1E,MAAM,CAAC,WAAW,IAAI,uBAAuB;IAM7C;;;;;;;;;;;;OAYG;IACG,aAAa,CACjB,UAAU,EAAE,MAAM,EAClB,OAAO,CAAC,EAAE;QAAE,QAAQ,CAAC,EAAE,OAAO,CAAC;QAAC,SAAS,CAAC,EAAE,OAAO,CAAA;KAAE,GACpD,OAAO,CAAC,GAAG,CAAC;IA0Ef;;;OAGG;IACG,iBAAiB,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC;IAOzD;;;OAGG;IACG,qBAAqB,IAAI,OAAO,CAAC,IAAI,CAAC;IAe5C;;;;OAIG;YACW,kBAAkB;IAmChC;;;;;;;;;OASG;YACW,qBAAqB;IA4CnC;;;OAGG;IACG,gBAAgB,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IA4B5D;;OAEG;IACH,aAAa,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO;IAI1C;;OAEG;IACH,gBAAgB,IAAI,MAAM,EAAE;IAI5B;;OAEG;IACH,YAAY,IAAI,MAAM;IAItB;;OAEG;IACG,QAAQ,IAAI,OAAO,CAAC,IAAI,CAAC;CAwBhC"}

package/dist/TenantConnectionManager.js CHANGED Viewed

@@ -22,15 +22,26 @@ class TenantConnectionManager {
      * Get a connection for a schema. Options:
      * - forceNew: Close existing connection and create a fresh one (new DB pool)
      * - skipCache: Don't use cached connection, always create new (but still cache result)
+     *
+     * CRITICAL FIX: ORM caching is DISABLED to prevent cross-tenant model contamination.
+     * The issue: Sequelize models are bound to a specific Sequelize instance. When ORMs
+     * are cached, models from one tenant's ORM can get used by another tenant, causing
+     * queries to go through the wrong Sequelize instance.
+     *
+     * By always creating fresh ORMs, each request gets models bound to the correct Sequelize.
+     * Connection pool management is handled at the Sequelize level (each Sequelize has its own pool).
      */
     async getConnection(schemaName, options) {
-        const { forceNew = false, skipCache = false } = options || {};
+        const { forceNew = false } = options || {};
+        // CRITICAL FIX: Always create fresh ORM to prevent model cross-contamination
+        // Previously, cached ORMs shared models that could be bound to wrong Sequelize instance
+        const skipCache = true; // Force skip cache for ALL requests
         // If forceNew, close existing connection first to get fresh DB pool
         if (forceNew && this.connections.has(schemaName)) {
             console.log(`${LOG_PREFIX} Force closing existing connection for "${schemaName}" to create fresh DB pool`);
             await this.removeConnection(schemaName);
         }
-        // Check if we have a cached connection
+        // Check if we have a cached connection (only used for cleanup, not retrieval)
         if (!skipCache && !forceNew && this.connections.has(schemaName)) {
             const cachedOrm = this.connections.get(schemaName);
             // Validate the cached connection - check if schema still exists
@@ -47,10 +58,35 @@ class TenantConnectionManager {
             }
         }
         // Create a new connection with fresh DB pool
-        console.log(`${LOG_PREFIX} Creating new connection for "${schemaName}" (fresh DB pool)`);
+        console.log(`${LOG_PREFIX} Creating FRESH ORM for "${schemaName}" (no caching - prevents model contamination)`);
         const orm = await this.factory({ schemaName });
         if (this.authenticate)
             await this.authenticate(orm);
+        // CRITICAL: Store schema on Sequelize instance and connection pool immediately after creation
+        // This ensures that afterConnect hooks can access the correct schema
+        const sequelize = orm.sequelize;
+        sequelize._currentTenantSchema = schemaName;
+        // Store schema on connection pool so new connections use correct schema
+        const connectionManager = sequelize.connectionManager;
+        const pool = connectionManager === null || connectionManager === void 0 ? void 0 : connectionManager.pool;
+        if (pool) {
+            pool._tenantSchema = schemaName;
+        }
+        // Ensure schema isolation for the newly created connection
+        await this.ensureSchemaIsolation(orm, schemaName);
+        // Still track connections for cleanup purposes (but not for retrieval)
+        // Close any existing ORM for this schema to prevent connection pool buildup
+        if (this.connections.has(schemaName)) {
+            const oldOrm = this.connections.get(schemaName);
+            try {
+                if (oldOrm && oldOrm.sequelize && typeof oldOrm.sequelize.close === 'function') {
+                    await oldOrm.sequelize.close();
+                }
+            }
+            catch (err) {
+                console.warn(`${LOG_PREFIX} Error closing old ORM for "${schemaName}":`, err);
+            }
+        }
         this.connections.set(schemaName, orm);
         return orm;
     }
@@ -105,15 +141,45 @@ class TenantConnectionManager {
     /**
      * Efficiently ensure schema isolation for reused connections
      * Fixes Sequelize model schema caching issues in multi-tenant environment
+     *
+     * CRITICAL: We DO NOT set model._schema here because that causes Sequelize
+     * to generate fully qualified table names (schema.table) which bypasses
+     * PostgreSQL's search_path mechanism. Instead, we rely on search_path
+     * being set on the connection, and we REMOVE schema from models to force
+     * Sequelize to use unqualified names that resolve via search_path.
      */
     async ensureSchemaIsolation(orm, expectedSchema) {
-        // Set search_path for this connection (lightweight operation)
-        await orm.sequelize.query(`SET search_path TO "${expectedSchema}", public`);
-        // Force all models to use the correct schema
-        // Sequelize caches schema names in model definitions, so we need to update them
+        // CRITICAL: Store schema on Sequelize instance and connection pool
+        // This allows hooks (afterConnect, beforeQuery) to access the correct schema
+        const sequelize = orm.sequelize;
+        sequelize._currentTenantSchema = expectedSchema;
+        // Store schema on connection pool so new connections use correct schema
+        const connectionManager = sequelize.connectionManager;
+        const pool = connectionManager === null || connectionManager === void 0 ? void 0 : connectionManager.pool;
+        if (pool) {
+            pool._tenantSchema = expectedSchema;
+        }
+        // Set search_path for this connection (PRIMARY mechanism for schema isolation)
+        await sequelize.query(`SET search_path TO "${expectedSchema}", public`);
+        // CRITICAL: REMOVE schema from models to force Sequelize to use search_path
+        // When model._schema is set, Sequelize ALWAYS generates fully qualified names
+        // (schema.table) which bypasses search_path. By removing it, Sequelize generates
+        // unqualified names that resolve via search_path.
         Object.values(orm.sequelize.models).forEach((model) => {
-            if (model._schema !== expectedSchema) {
-                model._schema = expectedSchema;
+            // Remove schema from model to force Sequelize to rely on search_path
+            if (model._schema) {
+                delete model._schema;
+            }
+            // Also remove from model.options
+            if (model.options) {
+                model.options.schema = null;
+            }
+            // Clear any cached fully qualified table names
+            if (model.tableName && typeof model.tableName === 'string' && model.tableName.includes('.')) {
+                const parts = model.tableName.split('.');
+                if (parts.length === 2) {
+                    model.tableName = parts[1];
+                }
             }
         });
     }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@quiqflow-org/quiqflow-multi-tenants-utils",
-  "version": "1.0.1",
+  "version": "1.0.3",
   "description": "Shared multi-tenant helpers (schema resolution, connection management, middleware) for Quiqflow services.",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",