@rebasepro/server-postgresql 0.3.0 → 0.5.0

package/src/services/EntityPersistService.ts

@@ -17,6 +17,18 @@ import { EntityFetchService } from "./EntityFetchService";
 import { DrizzleClient } from "../interfaces";
 import { PostgresCollectionRegistry } from "../collections/PostgresCollectionRegistry";
 
+/** Shape of PostgreSQL errors with diagnostic metadata. */
+interface PostgresError extends Error {
+    code?: string;
+    detail?: string;
+    hint?: string;
+    constraint?: string;
+    column?: string;
+    table?: string;
+    dataType?: string;
+    cause?: unknown;
+}
+
 /**
  * Service for handling all entity write operations.
  * Handles saving, deleting, and updating entities.
@@ -53,6 +65,15 @@ export class EntityPersistService {
             .where(eq(idField, parsedId));
     }
 
+    /**
+     * Delete all entities from a collection
+     */
+    async deleteAll(collectionPath: string, _databaseId?: string): Promise<void> {
+        const collection = getCollectionByPath(collectionPath, this.registry);
+        const table = getTableForCollection(collection, this.registry);
+        await this.db.delete(table);
+    }
+
     /**
      * Save an entity (create or update)
      */
@@ -382,14 +403,14 @@ export class EntityPersistService {
      */
     private extractCauseMessage(error: unknown): string | null {
         if (!error || typeof error !== "object") return null;
-        const err = error as Error & { cause?: unknown };
+        if (!(error instanceof Error)) return null;
 
-        if (err.cause && typeof err.cause === "object") {
-            const deeper = this.extractCauseMessage(err.cause);
+        if (error.cause && typeof error.cause === "object") {
+            const deeper = this.extractCauseMessage(error.cause);
             if (deeper) return deeper;
             // The cause itself has a message
-            if (err.cause instanceof Error && err.cause.message) {
-                return err.cause.message;
+            if (error.cause instanceof Error && error.cause.message) {
+                return error.cause.message;
             }
         }
         return null;
@@ -411,19 +432,24 @@ export class EntityPersistService {
      * Extract the underlying PostgreSQL error from a Drizzle wrapper.
      * Drizzle wraps PG errors in a `cause` property.
      */
-    private extractPgError(error: unknown): (Error & { code?: string; detail?: unknown; hint?: unknown; constraint?: unknown; column?: unknown; table?: unknown; dataType?: unknown }) | null {
+    private extractPgError(error: unknown): PostgresError | null {
         if (!error || typeof error !== "object") return null;
-
-        const err = error as Error & { code?: string; cause?: unknown; detail?: unknown };
+        if (!(error instanceof Error)) {
+            // Check non-Error objects for a cause chain (Drizzle sometimes wraps oddly)
+            if ("cause" in error && (error as Record<string, unknown>).cause && typeof (error as Record<string, unknown>).cause === "object") {
+                return this.extractPgError((error as Record<string, unknown>).cause);
+            }
+            return null;
+        }
 
         // Check if the error itself has a PG error code
-        if (err.code && /^[0-9A-Z]{5}$/.test(err.code)) {
-            return err as Error & { code: string; detail?: unknown; hint?: unknown; constraint?: unknown; column?: unknown; table?: unknown; dataType?: unknown };
+        if ("code" in error && typeof (error as PostgresError).code === "string" && /^[0-9A-Z]{5}$/.test((error as PostgresError).code!)) {
+            return error as PostgresError;
         }
 
         // Check the cause chain (Drizzle wraps PG errors)
-        if (err.cause && typeof err.cause === "object") {
-            return this.extractPgError(err.cause);
+        if (error.cause && typeof error.cause === "object") {
+            return this.extractPgError(error.cause);
         }
 
         return null;

package/src/services/entityService.ts

@@ -169,6 +169,13 @@ export class EntityService implements EntityRepository {
         return this.persistService.deleteEntity(collectionPath, entityId, databaseId);
     }
 
+    /**
+     * Delete all entities from a collection
+     */
+    async deleteAll(collectionPath: string, databaseId?: string): Promise<void> {
+        return this.persistService.deleteAll(collectionPath, databaseId);
+    }
+
 
     /**
      * Execute raw SQL

package/src/types.ts

@@ -0,0 +1,4 @@
+import type { PgTable, AnyPgColumn } from "drizzle-orm/pg-core";
+
+/** Drizzle PgTable with column access by name. Runtime Drizzle tables satisfy this shape. */
+export type RebasePgTable = PgTable & Record<string, AnyPgColumn>;

package/src/utils/drizzle-conditions.ts

@@ -1,6 +1,6 @@
 import { and, eq, or, sql, SQL, ilike, inArray } from "drizzle-orm";
 import { AnyPgColumn, PgTable, PgVarchar, PgText, PgChar } from "drizzle-orm/pg-core";
-import { FilterValues, WhereFilterOp, Relation, JoinStep } from "@rebasepro/types";
+import { FilterValues, WhereFilterOp, Relation, JoinStep, LogicalCondition, FilterCondition } from "@rebasepro/types";
 import { getColumnName, resolveCollectionRelations } from "@rebasepro/common";
 import { PostgresCollectionRegistry } from "../collections/PostgresCollectionRegistry";
 import { ConditionBuilderStatic } from "../interfaces";
@@ -37,7 +37,6 @@ export class DrizzleConditionBuilder {
         for (const [field, filterParam] of Object.entries(filter)) {
             if (!filterParam) continue;
 
-            const [op, value] = filterParam as [WhereFilterOp, any];
             let fieldColumn = table[field as keyof typeof table] as AnyPgColumn;
 
             if (!fieldColumn) {
@@ -53,15 +52,51 @@ export class DrizzleConditionBuilder {
                 continue;
             }
 
-            const condition = this.buildSingleFilterCondition(fieldColumn, op, value);
-            if (condition) {
-                conditions.push(condition);
+            const paramsList = Array.isArray(filterParam) && filterParam.length > 0 && Array.isArray(filterParam[0])
+                ? (filterParam as [WhereFilterOp, any][])
+                : [filterParam as [WhereFilterOp, any]];
+
+            for (const [op, value] of paramsList) {
+                const condition = this.buildSingleFilterCondition(fieldColumn, op, value);
+                if (condition) {
+                    conditions.push(condition);
+                }
             }
         }
 
         return conditions;
     }
 
+    /**
+     * Build logical conditions recursively from LogicalCondition or FilterCondition
+     */
+    static buildLogicalConditions(
+        cond: LogicalCondition | FilterCondition,
+        table: PgTable<any>,
+        collectionPath: string
+    ): SQL | null {
+        if ("type" in cond) {
+            const subSQLs = cond.conditions
+                .map(c => this.buildLogicalConditions(c, table, collectionPath))
+                .filter((sql): sql is SQL => sql !== null);
+            if (subSQLs.length === 0) return null;
+            return (cond.type === "or" ? or(...subSQLs) : and(...subSQLs)) ?? null;
+        } else {
+            let fieldColumn = table[cond.column as keyof typeof table] as AnyPgColumn;
+            if (!fieldColumn) {
+                const relationKey = `${cond.column}_id`;
+                if (relationKey in table) {
+                    fieldColumn = table[relationKey as keyof typeof table] as AnyPgColumn;
+                }
+            }
+            if (!fieldColumn) {
+                console.warn(`Filtering by field '${cond.column}', but it does not exist in table for collection '${collectionPath}'`);
+                return null;
+            }
+            return this.buildSingleFilterCondition(fieldColumn, cond.operator as WhereFilterOp, cond.value);
+        }
+    }
+
     /**
      * Build a single filter condition for a specific operator and value
      */

package/src/websocket.ts

@@ -1,13 +1,18 @@
 import { RealtimeService } from "./services/realtimeService";
 import { PostgresBackendDriver } from "./PostgresBackendDriver";
-import { DataDriver, DeleteEntityProps, FetchCollectionProps, FetchEntityProps, SaveEntityProps, TableMetadata, BranchInfo, isSQLAdmin, isSchemaAdmin, AuthAdapter } from "@rebasepro/types";
+import type { DataDriver, DeleteEntityProps, FetchCollectionProps, FetchEntityProps, SaveEntityProps, TableMetadata, BranchInfo, AuthAdapter } from "@rebasepro/types";
+import { isSQLAdmin, isSchemaAdmin } from "@rebasepro/types";
+import type { User } from "@rebasepro/types";
 import { WebSocketServer, WebSocket } from "ws";
 import { Server } from "http";
 import { inspect } from "util";
-// @ts-ignore
 import { extractUserFromToken, AccessTokenPayload } from "@rebasepro/server-core";
-// @ts-ignore
-import { AuthConfig } from "@rebasepro/server-core";
+
+/** Minimal subset of RebaseAuthConfig used by the WebSocket layer. */
+interface WsAuthConfig {
+    requireAuth?: boolean;
+    jwtSecret?: string;
+}
 
 /**
  * Normalized user identity for WebSocket sessions.
@@ -27,7 +32,7 @@ interface ClientSession {
     messageWindowStart: number;
 }
 
-const clientSessions = new Map<string, ClientSession>();
+
 
 /** Maximum messages per client per window */
 const WS_RATE_LIMIT = 2000;
@@ -52,14 +57,14 @@ const ADMIN_ONLY_TYPES = new Set([
  */
 function extractErrorMessage(error: unknown): string {
     if (!error) return "Unknown error";
-    if (typeof error === "object") {
-        const err = error as Record<string, unknown> & { cause?: unknown; message?: string };
-        if (err.cause) {
-            return extractErrorMessage(err.cause);
-        }
-        if (typeof err.message === "string") {
-            return err.message;
+    if (error instanceof Error) {
+        if ("cause" in error && error.cause) {
+            return extractErrorMessage(error.cause);
         }
+        return error.message;
+    }
+    if (typeof error === "object" && "message" in error && typeof (error as { message: unknown }).message === "string") {
+        return (error as { message: string }).message;
     }
     return String(error);
 }
@@ -72,21 +77,20 @@ function isAdminSession(session: ClientSession | undefined): boolean {
     // Fast path: new adapter-aware sessions set isAdmin directly
     if (session.user.isAdmin) return true;
     if (!session.user.roles) return false;
-    return session.user.roles.some((r: unknown) => {
-        if (typeof r === "string") return r === "admin";
-        if (r && typeof r === "object" && "isAdmin" in r) return (r as { isAdmin: boolean }).isAdmin;
-        if (r && typeof r === "object" && "id" in r) return (r as { id: string }).id === "admin";
-        return false;
-    });
+    return session.user.roles.some((r) => r === "admin");
 }
 
 export function createPostgresWebSocket(
     server: Server,
     realtimeService: RealtimeService,
     driver: PostgresBackendDriver,
-    authConfig?: AuthConfig,
+    authConfig?: WsAuthConfig,
     authAdapter?: AuthAdapter
 ) {
+    // Session map scoped to this factory invocation — prevents stale sessions
+    // leaking across hot reloads or multiple factory calls.
+    const clientSessions = new Map<string, ClientSession>();
+
     const isProduction = process.env.NODE_ENV === "production";
     /** Debug logger that is suppressed in production to prevent PII/data leaks */
     const wsDebug = (...args: unknown[]) => { if (!isProduction) console.debug(...args); };
@@ -249,18 +253,29 @@ code } }
                 // Helper to get correctly scoped delegate for the current request
                 const getScopedDelegate = async (): Promise<DataDriver> => {
                     const session = clientSessions.get(clientId);
-                    if ("withAuth" in driver && typeof (driver as unknown as Record<string, unknown>).withAuth === "function") {
+                    // Check if the driver supports RLS-scoped delegates
+                    if (typeof driver.withAuth === "function") {
                         try {
-                            const userForAuth = session?.user
+                            const userForAuth: User = session?.user
                                 ? {
                                     uid: session.user.userId,
+                                    displayName: null,
+                                    email: null,
+                                    photoURL: null,
+                                    providerId: "websocket",
+                                    isAnonymous: false,
                                     roles: session.user.roles ?? []
                                 }
                                 : {
                                     uid: "anon",
+                                    displayName: null,
+                                    email: null,
+                                    photoURL: null,
+                                    providerId: "websocket",
+                                    isAnonymous: true,
                                     roles: ["anon"]
                                 };
-                            return await (driver as unknown as { withAuth: (user: Record<string, unknown>) => Promise<DataDriver> }).withAuth(userForAuth);
+                            return await driver.withAuth(userForAuth);
                         } catch (e) {
                             console.error("Failed to create RLS scoped delegate for WS request", e);
                             throw new Error("Internal authentication error");
@@ -547,15 +562,13 @@ colors: true }));
                     }
                         break;
 
-                    // Route subscription messages to RealtimeService
+                    // Route subscription messages, broadcast channels, and presence to RealtimeService
                     case "subscribe_collection":
                     case "subscribe_entity":
                     case "unsubscribe":
-                    // Broadcast channels
                     case "join_channel":
                     case "leave_channel":
                     case "broadcast":
-                    // Presence
                     case "presence_track":
                     case "presence_untrack":
                     case "presence_state": {

package/test/auth-services.test.ts

@@ -1,5 +1,5 @@
 import { NodePgDatabase } from "drizzle-orm/node-postgres";
-import { UserService, RoleService, RefreshTokenService, PasswordResetTokenService, Role } from "../src/auth/services";
+import { UserService, RefreshTokenService, PasswordResetTokenService, Role } from "../src/auth/services";
 import { users, refreshTokens, passwordResetTokens } from "../src/schema/auth-schema";
 import { UserData } from "@rebasepro/server-core";
 
@@ -344,18 +344,7 @@ describe("Auth Services", () => {
         describe("getUserRoles", () => {
             it("should return roles for user", async () => {
                 mockExecute.mockResolvedValueOnce({
-                    rows: [
-                        { id: "admin",
-                            name: "Admin",
-                            is_admin: true,
-                            default_permissions: null,
-                            collection_permissions: null },
-                        { id: "editor",
-                            name: "Editor",
-                            is_admin: false,
-                            default_permissions: { edit: true },
-                            collection_permissions: null }
-                    ]
+                    rows: [{ roles: ["admin", "editor"] }]
                 });
 
                 const roles = await userService.getUserRoles("user-123");
@@ -363,7 +352,7 @@ describe("Auth Services", () => {
                 expect(roles).toHaveLength(2);
                 expect(roles[0]).toEqual({
                     id: "admin",
-                    name: "Admin",
+                    name: "admin",
                     isAdmin: true,
                     defaultPermissions: null,
                     collectionPermissions: null
@@ -374,13 +363,7 @@ describe("Auth Services", () => {
         describe("getUserRoleIds", () => {
             it("should return role IDs for user", async () => {
                 mockExecute.mockResolvedValueOnce({
-                    rows: [
-                        { id: "admin",
-                            name: "Admin",
-                            is_admin: true,
-                            default_permissions: null,
-                            collection_permissions: null }
-                    ]
+                    rows: [{ roles: ["admin"] }]
                 });
 
                 const roleIds = await userService.getUserRoleIds("user-123");
@@ -393,10 +376,7 @@ describe("Auth Services", () => {
             it("should delete existing and insert new roles", async () => {
                 await userService.setUserRoles("user-123", ["admin", "editor"]);
 
-                // First call deletes existing roles
                 expect(mockExecute).toHaveBeenCalled();
-                // Subsequent calls insert new roles
-                expect(mockExecute.mock.calls.length).toBeGreaterThanOrEqual(1);
             });
         });
 
@@ -408,7 +388,7 @@ describe("Auth Services", () => {
             });
 
             it("should use editor as default role", async () => {
-                await userService.assignDefaultRole("user-123");
+                await userService.assignDefaultRole("user-123", "editor");
 
                 expect(mockExecute).toHaveBeenCalled();
             });
@@ -419,11 +399,7 @@ describe("Auth Services", () => {
                 const mockUser = { id: "user-123", email: "test@example.com" };
                 mockSelectWhere.mockResolvedValueOnce([mockUser]);
                 mockExecute.mockResolvedValueOnce({
-                    rows: [{ id: "admin",
-                        name: "Admin",
-                        is_admin: true,
-                        default_permissions: null,
-                        collection_permissions: null }]
+                    rows: [{ roles: ["admin"] }]
                 });
 
                 const result = await userService.getUserWithRoles("user-123");
@@ -431,7 +407,7 @@ describe("Auth Services", () => {
                 expect(result).toEqual({
                     user: mockUserData({}),
                     roles: [{ id: "admin",
-                        name: "Admin",
+                        name: "admin",
                         isAdmin: true,
                         defaultPermissions: null,
                         collectionPermissions: null }]
@@ -472,125 +448,6 @@ describe("Auth Services", () => {
         });
     });
 
-    describe("RoleService", () => {
-        let roleService: RoleService;
-
-        beforeEach(() => {
-            roleService = new RoleService(db);
-        });
-
-        describe("getRoleById", () => {
-            it("should return role when found", async () => {
-                mockExecute.mockResolvedValueOnce({
-                    rows: [{ id: "admin",
-name: "Admin",
-is_admin: true,
-default_permissions: null,
-collection_permissions: null }]
-                });
-
-                const result = await roleService.getRoleById("admin");
-
-                expect(result).toEqual({
-                    id: "admin",
-                    name: "Admin",
-                    isAdmin: true,
-                    defaultPermissions: null,
-                    collectionPermissions: null
-                });
-            });
-
-            it("should return null when role not found", async () => {
-                mockExecute.mockResolvedValueOnce({ rows: [] });
-
-                const result = await roleService.getRoleById("nonexistent");
-
-                expect(result).toBeNull();
-            });
-        });
-
-        describe("listRoles", () => {
-            it("should return all roles", async () => {
-                mockExecute.mockResolvedValueOnce({
-                    rows: [
-                        { id: "admin",
-name: "Admin",
-is_admin: true,
-default_permissions: null,
-collection_permissions: null },
-                        { id: "editor",
-name: "Editor",
-is_admin: false,
-default_permissions: null,
-collection_permissions: null }
-                    ]
-                });
-
-                const roles = await roleService.listRoles();
-
-                expect(roles).toHaveLength(2);
-            });
-        });
-
-        describe("createRole", () => {
-            it("should create a role", async () => {
-                mockExecute.mockResolvedValueOnce({
-                    rows: [{ id: "custom",
-name: "Custom Role",
-is_admin: false,
-default_permissions: null,
-collection_permissions: null }]
-                });
-
-                const role = await roleService.createRole({
-                    id: "custom",
-                    name: "Custom Role",
-                    defaultPermissions: null
-                });
-
-                expect(role.id).toBe("custom");
-                expect(role.name).toBe("Custom Role");
-            });
-        });
-
-        describe("updateRole", () => {
-            it("should update a role", async () => {
-                mockExecute
-                    .mockResolvedValueOnce({ rows: [{ id: "admin",
-name: "Admin",
-is_admin: true,
-default_permissions: null,
-collection_permissions: null }] })
-                    .mockResolvedValueOnce({ rows: [] })
-                    .mockResolvedValueOnce({ rows: [{ id: "admin",
-name: "Super Admin",
-is_admin: true,
-default_permissions: null,
-collection_permissions: null }] });
-
-                const result = await roleService.updateRole("admin", { name: "Super Admin" });
-
-                expect(result?.name).toBe("Super Admin");
-            });
-
-            it("should return null when role not found", async () => {
-                mockExecute.mockResolvedValueOnce({ rows: [] });
-
-                const result = await roleService.updateRole("nonexistent", { name: "Test" });
-
-                expect(result).toBeNull();
-            });
-        });
-
-        describe("deleteRole", () => {
-            it("should delete a role", async () => {
-                await roleService.deleteRole("custom");
-
-                expect(mockExecute).toHaveBeenCalled();
-            });
-        });
-    });
-
     describe("RefreshTokenService", () => {
         let refreshTokenService: RefreshTokenService;
 

package/test/doctor.test.ts

@@ -135,8 +135,12 @@ columnType: "time" } as DateProperty)).toBe("time without time zone");
         it("should map json types correctly", () => {
             expect(getExpectedColumnType({ type: "map" })).toBe("jsonb");
             expect(getExpectedColumnType({ type: "array" })).toBe("jsonb");
-            expect(getExpectedColumnType({ type: "array",
-columnType: "json" } as ArrayProperty)).toBe("json");
+            expect(getExpectedColumnType({ type: "array", columnType: "json" } as ArrayProperty)).toBe("json");
+            
+            // Native array element type mappings
+            expect(getExpectedColumnType({ type: "array", of: { type: "string" } } as ArrayProperty)).toBe("ARRAY");
+            expect(getExpectedColumnType({ type: "array", of: { type: "number", validation: { integer: true } } } as ArrayProperty)).toBe("ARRAY");
+            expect(getExpectedColumnType({ type: "array", of: { type: "boolean" } } as ArrayProperty)).toBe("ARRAY");
         });
 
         it("should map enum string to USER-DEFINED", () => {