@rebasepro/server-postgresql 0.2.3 → 0.2.5

package/src/connection.ts

@@ -82,3 +82,80 @@ export function createPostgresDatabaseConnection(
 pool,
 connectionString };
 }
+
+/**
+ * Create a direct (non-pooled) connection for operations that require
+ * session-level features incompatible with PgBouncer transaction mode,
+ * such as LISTEN/NOTIFY, prepared statements, or advisory locks.
+ *
+ * Uses a smaller pool since this is only for specific use cases.
+ */
+export function createDirectDatabaseConnection(
+    connectionString: string,
+    schema?: Record<string, unknown>,
+    poolConfig?: PostgresPoolConfig
+) {
+    const opts = {
+        ...DEFAULT_POOL,
+        max: 5,
+        ...poolConfig
+    };
+
+    const pgPoolConfig: PoolConfig = {
+        connectionString,
+        max: opts.max,
+        idleTimeoutMillis: opts.idleTimeoutMillis,
+        connectionTimeoutMillis: opts.connectionTimeoutMillis,
+        query_timeout: opts.queryTimeout,
+        statement_timeout: opts.statementTimeout,
+        keepAlive: opts.keepAlive,
+        keepAliveInitialDelayMillis: 0
+    };
+
+    const pool = new Pool(pgPoolConfig);
+
+    pool.on("error", (err) => {
+        console.error("[pg-direct-pool] Unexpected pool error:", err.message);
+    });
+
+    const db = schema ? drizzle(pool, { schema }) : drizzle(pool);
+
+    return { db, pool, connectionString };
+}
+
+/**
+ * Create a read-only connection for routing read queries to replicas.
+ * Uses a moderate pool size since reads are distributed across replicas.
+ */
+export function createReadReplicaConnection(
+    connectionString: string,
+    schema?: Record<string, unknown>,
+    poolConfig?: PostgresPoolConfig
+) {
+    const opts = {
+        ...DEFAULT_POOL,
+        max: 10,
+        ...poolConfig
+    };
+
+    const pgPoolConfig: PoolConfig = {
+        connectionString,
+        max: opts.max,
+        idleTimeoutMillis: opts.idleTimeoutMillis,
+        connectionTimeoutMillis: opts.connectionTimeoutMillis,
+        query_timeout: opts.queryTimeout,
+        statement_timeout: opts.statementTimeout,
+        keepAlive: opts.keepAlive,
+        keepAliveInitialDelayMillis: 0
+    };
+
+    const pool = new Pool(pgPoolConfig);
+
+    pool.on("error", (err) => {
+        console.error("[pg-replica-pool] Unexpected pool error:", err.message);
+    });
+
+    const db = schema ? drizzle(pool, { schema }) : drizzle(pool);
+
+    return { db, pool, connectionString };
+}

package/src/data-transformer.ts

@@ -263,8 +263,8 @@ export function serializePropertyToServer(value: unknown, property: Property): u
             if (value instanceof Vector) {
                 return value.value;
             }
-            if (value && typeof value === "object" && "value" in value && Array.isArray((value as any).value)) {
-                return (value as any).value.map(Number);
+            if (value && typeof value === "object" && "value" in value && Array.isArray((value as { value: unknown }).value)) {
+                return (value as { value: unknown[] }).value.map(Number);
             }
             if (Array.isArray(value)) {
                 return value.map(Number);

package/src/schema/auth-schema.ts

@@ -1,15 +1,14 @@
-import { pgSchema, pgTable, varchar, uuid, timestamp, boolean, jsonb, primaryKey, unique } from "drizzle-orm/pg-core";
+import { pgSchema, pgTable, varchar, uuid, timestamp, boolean, jsonb, text, unique } from "drizzle-orm/pg-core";
 import { relations } from "drizzle-orm";
 
 /**
  * Factory function to dynamically create the auth tables bound to the specified schema names.
  */
-export function createAuthSchema(rolesSchemaName: string = "rebase", usersSchemaName: string = "rebase") {
-    const rolesSchema = rolesSchemaName === "public" ? null : pgSchema(rolesSchemaName);
+export function createAuthSchema(usersSchemaName: string = "rebase") {
     const usersSchema = usersSchemaName === "public" ? null : pgSchema(usersSchemaName);
 
-    const rolesTableCreator: any = rolesSchema ? rolesSchema.table.bind(rolesSchema) : pgTable;
-    const usersTableCreator: any = usersSchema ? usersSchema.table.bind(usersSchema) : pgTable;
+    const tableCreator = (usersSchema ? usersSchema.table.bind(usersSchema) : pgTable) as typeof pgTable;
+    const usersTableCreator = tableCreator;
 
     /**
      * Users table - stores both email/password and OAuth users
@@ -23,53 +22,19 @@ export function createAuthSchema(rolesSchemaName: string = "rebase", usersSchema
         emailVerified: boolean("email_verified").default(false).notNull(),
         emailVerificationToken: varchar("email_verification_token", { length: 255 }),
         emailVerificationSentAt: timestamp("email_verification_sent_at"),
-        metadata: jsonb("metadata").$type<Record<string, any>>().default({}).notNull(),
+        isAnonymous: boolean("is_anonymous").default(false).notNull(),
+        roles: text("roles").array().default([]).notNull(),
+        metadata: jsonb("metadata").$type<Record<string, unknown>>().default({}).notNull(),
         createdAt: timestamp("created_at").defaultNow().notNull(),
         updatedAt: timestamp("updated_at").defaultNow().notNull()
     });
 
-    /**
-     * Roles table - defines permission sets
-     */
-    const roles = rolesTableCreator("roles", {
-        id: varchar("id", { length: 50 }).primaryKey(), // 'admin', 'editor', 'viewer'
-        name: varchar("name", { length: 100 }).notNull(),
-        isAdmin: boolean("is_admin").default(false).notNull(),
-        defaultPermissions: jsonb("default_permissions").$type<{
-            read?: boolean;
-            create?: boolean;
-            edit?: boolean;
-            delete?: boolean;
-        }>(),
-        collectionPermissions: jsonb("collection_permissions").$type<
-            Record<string, {
-                read?: boolean;
-                create?: boolean;
-                edit?: boolean;
-                delete?: boolean;
-            }>
-        >(),
-        config: jsonb("config").$type<{
-            createCollections?: boolean;
-            editCollections?: "own" | "all" | boolean;
-            deleteCollections?: "own" | "all" | boolean;
-        }>()
-    });
 
-    /**
-     * User-Role junction table
-     */
-    const userRoles = rolesTableCreator("user_roles", {
-        userId: uuid("user_id").notNull().references(() => users.id, { onDelete: "cascade" }),
-        roleId: varchar("role_id", { length: 50 }).notNull().references(() => roles.id, { onDelete: "cascade" })
-    }, (table: any) => ({
-        pk: primaryKey({ columns: [table.userId, table.roleId] })
-    }));
 
     /**
      * Refresh tokens for long-lived sessions
      */
-    const refreshTokens = rolesTableCreator("refresh_tokens", {
+    const refreshTokens = tableCreator("refresh_tokens", {
         id: uuid("id").defaultRandom().primaryKey(),
         userId: uuid("user_id").notNull().references(() => users.id, { onDelete: "cascade" }),
         tokenHash: varchar("token_hash", { length: 255 }).notNull().unique(),
@@ -77,14 +42,14 @@ export function createAuthSchema(rolesSchemaName: string = "rebase", usersSchema
         userAgent: varchar("user_agent", { length: 500 }),
         ipAddress: varchar("ip_address", { length: 45 }),
         createdAt: timestamp("created_at").defaultNow().notNull()
-    }, (table: any) => ({
+    }, (table) => ({
         uniqueDeviceSession: unique("unique_device_session").on(table.userId, table.userAgent, table.ipAddress)
     }));
 
     /**
      * Password reset tokens for forgot password flow
      */
-    const passwordResetTokens = rolesTableCreator("password_reset_tokens", {
+    const passwordResetTokens = tableCreator("password_reset_tokens", {
         id: uuid("id").defaultRandom().primaryKey(),
         userId: uuid("user_id").notNull().references(() => users.id, { onDelete: "cascade" }),
         tokenHash: varchar("token_hash", { length: 255 }).notNull().unique(),
@@ -96,7 +61,7 @@ export function createAuthSchema(rolesSchemaName: string = "rebase", usersSchema
     /**
      * App config - key/value store for custom settings
      */
-    const appConfig = rolesTableCreator("app_config", {
+    const appConfig = tableCreator("app_config", {
         key: varchar("key", { length: 100 }).primaryKey(),
         value: jsonb("value").notNull(),
         updatedAt: timestamp("updated_at").defaultNow().notNull()
@@ -105,7 +70,7 @@ export function createAuthSchema(rolesSchemaName: string = "rebase", usersSchema
     /**
      * User identities - maps external OAuth profiles back to local users
      */
-    const userIdentities = rolesTableCreator("user_identities", {
+    const userIdentities = tableCreator("user_identities", {
         id: uuid("id").defaultRandom().primaryKey(),
         userId: uuid("user_id").notNull().references(() => users.id, { onDelete: "cascade" }),
         provider: varchar("provider", { length: 50 }).notNull(), // e.g. 'google', 'linkedin'
@@ -113,77 +78,122 @@ export function createAuthSchema(rolesSchemaName: string = "rebase", usersSchema
         profileData: jsonb("profile_data"),
         createdAt: timestamp("created_at").defaultNow().notNull(),
         updatedAt: timestamp("updated_at").defaultNow().notNull()
-    }, (table: any) => ({
+    }, (table) => ({
         uniqueProviderId: unique("unique_provider_id").on(table.provider, table.providerId)
     }));
 
+    /**
+     * MFA factors table - stores enrolled MFA methods
+     */
+    const mfaFactors = tableCreator("mfa_factors", {
+        id: uuid("id").defaultRandom().primaryKey(),
+        userId: uuid("user_id").notNull().references(() => users.id, { onDelete: "cascade" }),
+        factorType: varchar("factor_type", { length: 20 }).notNull(), // 'totp'
+        secretEncrypted: varchar("secret_encrypted", { length: 500 }).notNull(),
+        friendlyName: varchar("friendly_name", { length: 255 }),
+        verified: boolean("verified").default(false).notNull(),
+        createdAt: timestamp("created_at").defaultNow().notNull(),
+        updatedAt: timestamp("updated_at").defaultNow().notNull()
+    });
+
+    /**
+     * MFA challenges table - tracks active MFA verification attempts
+     */
+    const mfaChallenges = tableCreator("mfa_challenges", {
+        id: uuid("id").defaultRandom().primaryKey(),
+        factorId: uuid("factor_id").notNull().references(() => mfaFactors.id, { onDelete: "cascade" }),
+        createdAt: timestamp("created_at").defaultNow().notNull(),
+        verifiedAt: timestamp("verified_at"),
+        ipAddress: varchar("ip_address", { length: 45 }),
+        expiresAt: timestamp("expires_at").notNull()
+    });
+
+    /**
+     * Recovery codes table - backup codes for MFA
+     */
+    const recoveryCodes = tableCreator("recovery_codes", {
+        id: uuid("id").defaultRandom().primaryKey(),
+        userId: uuid("user_id").notNull().references(() => users.id, { onDelete: "cascade" }),
+        codeHash: varchar("code_hash", { length: 255 }).notNull(),
+        usedAt: timestamp("used_at"),
+        createdAt: timestamp("created_at").defaultNow().notNull()
+    });
+
     return {
-        rolesSchema,
         usersSchema,
         users,
-        roles,
-        userRoles,
         refreshTokens,
         passwordResetTokens,
         appConfig,
-        userIdentities
+        userIdentities,
+        mfaFactors,
+        mfaChallenges,
+        recoveryCodes
     };
 }
 
 // Instantiate default schema and tables using the default "rebase" schema
-const defaultAuthSchema = createAuthSchema("rebase", "rebase");
+const defaultAuthSchema = createAuthSchema("rebase");
 
-export const rebaseSchema = defaultAuthSchema.rolesSchema;
 export const usersSchema = defaultAuthSchema.usersSchema;
 
 export const users = defaultAuthSchema.users;
-export const roles = defaultAuthSchema.roles;
-export const userRoles = defaultAuthSchema.userRoles;
 export const refreshTokens = defaultAuthSchema.refreshTokens;
 export const passwordResetTokens = defaultAuthSchema.passwordResetTokens;
 export const appConfig = defaultAuthSchema.appConfig;
 export const userIdentities = defaultAuthSchema.userIdentities;
+export const mfaFactors = defaultAuthSchema.mfaFactors;
+export const mfaChallenges = defaultAuthSchema.mfaChallenges;
+export const recoveryCodes = defaultAuthSchema.recoveryCodes;
 
 // Relations
 export const usersRelations = relations(users, ({ many }) => ({
-    userRoles: many(userRoles),
     refreshTokens: many(refreshTokens),
     passwordResetTokens: many(passwordResetTokens),
-    userIdentities: many(userIdentities)
+    userIdentities: many(userIdentities),
+    mfaFactors: many(mfaFactors),
+    recoveryCodes: many(recoveryCodes)
 }));
 
-export const rolesRelations = relations(roles, ({ many }) => ({
-    userRoles: many(userRoles)
+export const refreshTokensRelations = relations(refreshTokens, ({ one }) => ({
+    user: one(users, {
+        fields: [refreshTokens.userId],
+        references: [users.id]
+    })
 }));
 
-export const userRolesRelations = relations(userRoles, ({ one }) => ({
+export const passwordResetTokensRelations = relations(passwordResetTokens, ({ one }) => ({
     user: one(users, {
-        fields: [userRoles.userId],
+        fields: [passwordResetTokens.userId],
         references: [users.id]
-    }),
-    role: one(roles, {
-        fields: [userRoles.roleId],
-        references: [roles.id]
     })
 }));
 
-export const refreshTokensRelations = relations(refreshTokens, ({ one }) => ({
+export const userIdentitiesRelations = relations(userIdentities, ({ one }) => ({
     user: one(users, {
-        fields: [refreshTokens.userId],
+        fields: [userIdentities.userId],
         references: [users.id]
     })
 }));
 
-export const passwordResetTokensRelations = relations(passwordResetTokens, ({ one }) => ({
+export const mfaFactorsRelations = relations(mfaFactors, ({ one, many }) => ({
     user: one(users, {
-        fields: [passwordResetTokens.userId],
+        fields: [mfaFactors.userId],
         references: [users.id]
+    }),
+    challenges: many(mfaChallenges)
+}));
+
+export const mfaChallengesRelations = relations(mfaChallenges, ({ one }) => ({
+    factor: one(mfaFactors, {
+        fields: [mfaChallenges.factorId],
+        references: [mfaFactors.id]
     })
 }));
 
-export const userIdentitiesRelations = relations(userIdentities, ({ one }) => ({
+export const recoveryCodesRelations = relations(recoveryCodes, ({ one }) => ({
     user: one(users, {
-        fields: [userIdentities.userId],
+        fields: [recoveryCodes.userId],
         references: [users.id]
     })
 }));
@@ -191,11 +201,11 @@ export const userIdentitiesRelations = relations(userIdentities, ({ one }) => ({
 // Type exports
 export type User = typeof users.$inferSelect;
 export type NewUser = typeof users.$inferInsert;
-export type Role = typeof roles.$inferSelect;
-export type NewRole = typeof roles.$inferInsert;
-export type UserRole = typeof userRoles.$inferSelect;
 export type RefreshToken = typeof refreshTokens.$inferSelect;
 export type PasswordResetToken = typeof passwordResetTokens.$inferSelect;
 export type AppConfig = typeof appConfig.$inferSelect;
 export type UserIdentity = typeof userIdentities.$inferSelect;
 export type NewUserIdentity = typeof userIdentities.$inferInsert;
+export type MfaFactorRow = typeof mfaFactors.$inferSelect;
+export type MfaChallengeRow = typeof mfaChallenges.$inferSelect;
+export type RecoveryCodeRow = typeof recoveryCodes.$inferSelect;

package/src/schema/doctor.ts

@@ -84,10 +84,28 @@ export function getExpectedColumnType(prop: Property): string | null {
             if (dp.columnType === "time") return "time without time zone";
             return "timestamp with time zone";
         }
-        case "map":
         case "array": {
-            const ap = prop as ArrayProperty | MapProperty;
-            if (ap.columnType === "json") return "json";
+            const ap = prop as ArrayProperty;
+            let colType = ap.columnType;
+            if (!colType && ap.of && !Array.isArray(ap.of)) {
+                const ofProp = ap.of as Property;
+                if (ofProp.type === "string") {
+                    colType = "text[]";
+                } else if (ofProp.type === "number") {
+                    colType = ofProp.validation?.integer ? "integer[]" : "numeric[]";
+                } else if (ofProp.type === "boolean") {
+                    colType = "boolean[]";
+                }
+            }
+
+            if (colType === "json") return "json";
+            if (colType === "jsonb") return "jsonb";
+            if (colType && colType.endsWith("[]")) return "ARRAY";
+            return "jsonb";
+        }
+        case "map": {
+            const mp = prop as MapProperty;
+            if (mp.columnType === "json") return "json";
             return "jsonb";
         }
         case "relation":
@@ -485,6 +503,29 @@ export async function checkCollectionsVsDatabase(
                     if (prop.type === "vector" && dbCol.udt_name !== "vector") {
                         isMismatch = true;
                     }
+                    if (prop.type === "array") {
+                        const ap = prop as ArrayProperty;
+                        let expectedColType = ap.columnType;
+                        if (!expectedColType && ap.of && !Array.isArray(ap.of)) {
+                            const ofProp = ap.of as Property;
+                            if (ofProp.type === "string") expectedColType = "text[]";
+                            else if (ofProp.type === "number") expectedColType = ofProp.validation?.integer ? "integer[]" : "numeric[]";
+                            else if (ofProp.type === "boolean") expectedColType = "boolean[]";
+                        }
+                        if (expectedColType && expectedColType.endsWith("[]")) {
+                            if (actualType !== "ARRAY") {
+                                isMismatch = true;
+                            } else {
+                                const expectedUdt = expectedColType === "text[]" ? "_text" :
+                                                    expectedColType === "integer[]" ? "_int4" :
+                                                    expectedColType === "boolean[]" ? "_bool" :
+                                                    expectedColType === "numeric[]" ? "_numeric" : "";
+                                if (expectedUdt && dbCol.udt_name !== expectedUdt) {
+                                    isMismatch = true;
+                                }
+                            }
+                        }
+                    }
                     if (isMismatch) {
                         issues.push({
                             severity: "warning",

package/src/schema/generate-drizzle-schema-logic.ts

@@ -70,6 +70,8 @@ const getDrizzleColumn = (propName: string, prop: Property, collection: EntityCo
                 columnDefinition = `${enumName}("${colName}")`;
             } else if ("isId" in stringProp && stringProp.isId === "uuid") {
                 columnDefinition = `uuid("${colName}")`;
+            } else if (stringProp.columnType === "uuid") {
+                columnDefinition = `uuid("${colName}")`;
             } else if (stringProp.columnType === "text") {
                 columnDefinition = `text("${colName}")`;
             } else if (stringProp.columnType === "char") {
@@ -145,11 +147,39 @@ const getDrizzleColumn = (propName: string, prop: Property, collection: EntityCo
             }
             break;
         }
-        case "map":
+        case "map": {
+            const mapProp = prop as MapProperty;
+            if (mapProp.columnType === "json") {
+                columnDefinition = `json("${colName}")`;
+            } else {
+                columnDefinition = `jsonb("${colName}")`;
+            }
+            break;
+        }
         case "array": {
-            const arrayOrMapProp = prop as ArrayProperty | MapProperty;
-            if (arrayOrMapProp.columnType === "json") {
+            const arrayProp = prop as ArrayProperty;
+            let colType = arrayProp.columnType;
+            if (!colType && arrayProp.of && !Array.isArray(arrayProp.of)) {
+                const ofProp = arrayProp.of as Property;
+                if (ofProp.type === "string") {
+                    colType = "text[]";
+                } else if (ofProp.type === "number") {
+                    colType = ofProp.validation?.integer ? "integer[]" : "numeric[]";
+                } else if (ofProp.type === "boolean") {
+                    colType = "boolean[]";
+                }
+            }
+
+            if (colType === "json") {
                 columnDefinition = `json("${colName}")`;
+            } else if (colType === "text[]") {
+                columnDefinition = `text("${colName}").array()`;
+            } else if (colType === "integer[]") {
+                columnDefinition = `integer("${colName}").array()`;
+            } else if (colType === "boolean[]") {
+                columnDefinition = `boolean("${colName}").array()`;
+            } else if (colType === "numeric[]") {
+                columnDefinition = `numeric("${colName}").array()`;
             } else {
                 columnDefinition = `jsonb("${colName}")`;
             }

package/src/schema/generate-drizzle-schema.ts

@@ -5,7 +5,7 @@ import { pathToFileURL } from "url";
 import chokidar from "chokidar";
 import { generateSchema } from "./generate-drizzle-schema-logic";
 import { EntityCollection } from "@rebasepro/types";
-import { defaultUsersCollection } from "./default-collections";
+import { defaultUsersCollection } from "@rebasepro/common";
 
 // --- Helper Functions ---
 
@@ -90,11 +90,11 @@ const runGeneration = async (collectionsFilePath?: string, outputPath?: string)
             collections = [];
         }
 
-        // Inject default collections if not overridden by the developer
-        const hasUsersCollection = collections.some(c => c.slug === "users");
-        if (!hasUsersCollection) {
-            collections.push(defaultUsersCollection);
-        }
+        // Always inject defaults first; developer collections override via generic dedup
+        // Map keyed by slug — last-write-wins, so developer collections overwrite defaults
+        collections = Array.from(
+            new Map([defaultUsersCollection, ...collections].map(c => [c.slug, c])).values()
+        );
 
         // Sort collections by slug alphabetically to ensure deterministic schema generation
         collections.sort((a, b) => a.slug.localeCompare(b.slug));

package/src/schema/introspect-db-logic.ts

@@ -589,9 +589,16 @@ export function generateCollectionFile(
         // Array/Map heuristics (Fallback if not inferred)
         if (finalPropType === "array" && !inferenceExtra.includes("of: {")) {
             let innerType = "string";
+            let colType = "";
             if (col.udt_name.startsWith("_")) {
                 const baseType = col.udt_name.substring(1);
                 innerType = mapPgType(baseType);
+                if (innerType === "string") colType = "text[]";
+                else if (innerType === "number") colType = col.udt_name === "_numeric" ? "numeric[]" : "integer[]";
+                else if (innerType === "boolean") colType = "boolean[]";
+            }
+            if (colType) {
+                extra += `\n            columnType: "${colType}",`;
             }
             extra += `\n            of: { name: "${humanize(col.column_name)} Item", type: "${innerType}" },`;
         } else if (finalPropType === "map" && !inferenceExtra.includes("keyValue: true") && !inferenceExtra.includes("properties: {")) {