@rebasepro/server-postgresql 0.4.0 → 0.5.0

package/src/data-transformer.ts

@@ -272,41 +272,19 @@ export function serializePropertyToServer(value: unknown, property: Property): u
             return value;
         }
 
-        case "binary":
-            if (typeof value === "string") {
-                if (value.startsWith("data:application/octet-stream;base64,")) {
-                    const base64Data = value.split(",")[1];
-                    if (base64Data) {
-                        return Buffer.from(base64Data, "base64");
-                    }
-                }
-            }
-            if (Buffer.isBuffer(value)) {
-                return value;
-            }
+        case "binary": {
+            const decoded = tryDecodeBase64DataUrl(value);
+            if (decoded) return decoded;
+            if (Buffer.isBuffer(value)) return value;
             return value;
+        }
 
         case "string":
-            if (typeof value === "string") {
-                if (value.startsWith("data:application/octet-stream;base64,")) {
-                    const base64Data = value.split(",")[1];
-                    if (base64Data) {
-                        return Buffer.from(base64Data, "base64");
-                    }
-                }
-            }
-            return value;
-
-        default:
-            if (typeof value === "string") {
-                if (value.startsWith("data:application/octet-stream;base64,")) {
-                    const base64Data = value.split(",")[1];
-                    if (base64Data) {
-                        return Buffer.from(base64Data, "base64");
-                    }
-                }
-            }
+        default: {
+            const decoded = tryDecodeBase64DataUrl(value);
+            if (decoded) return decoded;
             return value;
+        }
     }
 }
 
@@ -486,24 +464,53 @@ export async function parseDataFromServer<M extends Record<string, unknown>>(
 }
 
 /**
- * Parse a single property value from database format to frontend format
+ * Try to decode a `data:application/octet-stream;base64,...` data URL string
+ * into a Buffer. Returns null if the value is not a matching data URL.
  */
-export function parsePropertyFromServer(value: unknown, property: Property, collection: EntityCollection, propertyKey?: string): unknown {
-    if (value === null || value === undefined) {
-        return value;
+function tryDecodeBase64DataUrl(value: unknown): Buffer | null {
+    if (typeof value !== "string") return null;
+    if (!value.startsWith("data:application/octet-stream;base64,")) return null;
+    const base64Data = value.split(",")[1];
+    return base64Data ? Buffer.from(base64Data, "base64") : null;
+}
+
+/**
+ * Try to resolve an unknown value into a Buffer.
+ * Handles native Buffers and `{ type: "Buffer", data: number[] }` objects (from JSON deserialization).
+ * Returns null if the value is not a buffer.
+ */
+function tryResolveBuffer(value: unknown): Buffer | null {
+    if (Buffer.isBuffer(value)) return value;
+    if (typeof value === "object" && value !== null) {
+        const rawVal = value as Record<string, unknown>;
+        if (rawVal.type === "Buffer" && Array.isArray(rawVal.data)) {
+            return Buffer.from(rawVal.data as number[]);
+        }
     }
+    return null;
+}
+
+/**
+ * Convert a Buffer to a UTF-8 string if all bytes are printable ASCII,
+ * otherwise return a base64 data URL.
+ */
+function bufferToStringOrBase64(buf: Buffer): string {
+    for (let i = 0; i < buf.length; i++) {
+        const b = buf[i];
+        // Allow standard printable ASCII + common whitespace (\r, \n, \t)
+        if ((b < 32 || b > 126) && b !== 9 && b !== 10 && b !== 13) {
+            return `data:application/octet-stream;base64,${buf.toString("base64")}`;
+        }
+    }
+    return buf.toString("utf8");
+}
+
+export function parsePropertyFromServer(value: unknown, property: Property, collection: EntityCollection, propertyKey?: string): unknown {
+    if (value === null || value === undefined) return value;
 
     switch (property.type) {
         case "binary": {
-            let buf: Buffer | null = null;
-            if (Buffer.isBuffer(value)) {
-                buf = value;
-            } else if (typeof value === "object" && value !== null) {
-                const rawVal = value as Record<string, unknown>;
-                if (rawVal.type === "Buffer" && Array.isArray(rawVal.data)) {
-                    buf = Buffer.from(rawVal.data as number[]);
-                }
-            }
+            const buf = tryResolveBuffer(value);
             if (buf) {
                 return `data:application/octet-stream;base64,${buf.toString("base64")}`;
             }
@@ -514,32 +521,9 @@ export function parsePropertyFromServer(value: unknown, property: Property, coll
             if (typeof value === "string") return value;
             
             // Handle Buffer objects (e.g. from PostgreSQL bytea columns)
-            let isBuffer = false;
-            let buf: Buffer | null = null;
-            
-            if (Buffer.isBuffer(value)) {
-                isBuffer = true;
-                buf = value;
-            } else if (typeof value === "object" && value !== null) {
-                const rawVal = value as Record<string, unknown>;
-                if (rawVal.type === "Buffer" && Array.isArray(rawVal.data)) {
-                    isBuffer = true;
-                    buf = Buffer.from(rawVal.data as number[]);
-                }
-            }
-            
-            if (isBuffer && buf) {
-                // Heuristic: if all bytes are printable ASCII, return utf8, else base64
-                let isPrintable = true;
-                for (let i = 0; i < buf.length; i++) {
-                    const b = buf[i];
-                    // Allow standard printable ASCII + common whitespace (\r, \n, \t)
-                    if ((b < 32 || b > 126) && b !== 9 && b !== 10 && b !== 13) {
-                        isPrintable = false;
-                        break;
-                    }
-                }
-                return isPrintable ? buf.toString("utf8") : `data:application/octet-stream;base64,${buf.toString("base64")}`;
+            const buf = tryResolveBuffer(value);
+            if (buf) {
+                return bufferToStringOrBase64(buf);
             }
             
             if (typeof value === "object" && value !== null) {
@@ -665,32 +649,10 @@ export function parsePropertyFromServer(value: unknown, property: Property, coll
 
         default: {
             // Fallback for buffers in case they are mapped to something other than string
-            let isBuffer = false;
-            let buf: Buffer | null = null;
-            
-            if (Buffer.isBuffer(value)) {
-                isBuffer = true;
-                buf = value;
-            } else if (typeof value === "object" && value !== null) {
-                const rawVal = value as Record<string, unknown>;
-                if (rawVal.type === "Buffer" && Array.isArray(rawVal.data)) {
-                    isBuffer = true;
-                    buf = Buffer.from(rawVal.data as number[]);
-                }
-            }
-            
-            if (isBuffer && buf) {
-                let isPrintable = true;
-                for (let i = 0; i < buf.length; i++) {
-                    const b = buf[i];
-                    if ((b < 32 || b > 126) && b !== 9 && b !== 10 && b !== 13) {
-                        isPrintable = false;
-                        break;
-                    }
-                }
-                return isPrintable ? buf.toString("utf8") : `data:application/octet-stream;base64,${buf.toString("base64")}`;
+            const buf = tryResolveBuffer(value);
+            if (buf) {
+                return bufferToStringOrBase64(buf);
             }
-            
             return value;
         }
     }

package/src/databasePoolManager.ts

@@ -18,7 +18,7 @@ export class DatabasePoolManager {
         }
     }
 
-    public getDrizzle(databaseName: string): NodePgDatabase<any> {
+    public getDrizzle(databaseName: string): NodePgDatabase<Record<string, never>> {
         const existing = this.drizzleInstances.get(databaseName);
         if (existing) {
             return existing;
@@ -81,5 +81,6 @@ export class DatabasePoolManager {
         }
         await Promise.all(promises);
         this.pools.clear();
+        this.drizzleInstances.clear();
     }
 }

package/src/services/EntityPersistService.ts

@@ -17,6 +17,18 @@ import { EntityFetchService } from "./EntityFetchService";
 import { DrizzleClient } from "../interfaces";
 import { PostgresCollectionRegistry } from "../collections/PostgresCollectionRegistry";
 
+/** Shape of PostgreSQL errors with diagnostic metadata. */
+interface PostgresError extends Error {
+    code?: string;
+    detail?: string;
+    hint?: string;
+    constraint?: string;
+    column?: string;
+    table?: string;
+    dataType?: string;
+    cause?: unknown;
+}
+
 /**
  * Service for handling all entity write operations.
  * Handles saving, deleting, and updating entities.
@@ -391,14 +403,14 @@ export class EntityPersistService {
      */
     private extractCauseMessage(error: unknown): string | null {
         if (!error || typeof error !== "object") return null;
-        const err = error as Error & { cause?: unknown };
+        if (!(error instanceof Error)) return null;
 
-        if (err.cause && typeof err.cause === "object") {
-            const deeper = this.extractCauseMessage(err.cause);
+        if (error.cause && typeof error.cause === "object") {
+            const deeper = this.extractCauseMessage(error.cause);
             if (deeper) return deeper;
             // The cause itself has a message
-            if (err.cause instanceof Error && err.cause.message) {
-                return err.cause.message;
+            if (error.cause instanceof Error && error.cause.message) {
+                return error.cause.message;
             }
         }
         return null;
@@ -420,19 +432,24 @@ export class EntityPersistService {
      * Extract the underlying PostgreSQL error from a Drizzle wrapper.
      * Drizzle wraps PG errors in a `cause` property.
      */
-    private extractPgError(error: unknown): (Error & { code?: string; detail?: unknown; hint?: unknown; constraint?: unknown; column?: unknown; table?: unknown; dataType?: unknown }) | null {
+    private extractPgError(error: unknown): PostgresError | null {
         if (!error || typeof error !== "object") return null;
-
-        const err = error as Error & { code?: string; cause?: unknown; detail?: unknown };
+        if (!(error instanceof Error)) {
+            // Check non-Error objects for a cause chain (Drizzle sometimes wraps oddly)
+            if ("cause" in error && (error as Record<string, unknown>).cause && typeof (error as Record<string, unknown>).cause === "object") {
+                return this.extractPgError((error as Record<string, unknown>).cause);
+            }
+            return null;
+        }
 
         // Check if the error itself has a PG error code
-        if (err.code && /^[0-9A-Z]{5}$/.test(err.code)) {
-            return err as Error & { code: string; detail?: unknown; hint?: unknown; constraint?: unknown; column?: unknown; table?: unknown; dataType?: unknown };
+        if ("code" in error && typeof (error as PostgresError).code === "string" && /^[0-9A-Z]{5}$/.test((error as PostgresError).code!)) {
+            return error as PostgresError;
         }
 
         // Check the cause chain (Drizzle wraps PG errors)
-        if (err.cause && typeof err.cause === "object") {
-            return this.extractPgError(err.cause);
+        if (error.cause && typeof error.cause === "object") {
+            return this.extractPgError(error.cause);
         }
 
         return null;

package/src/types.ts

@@ -0,0 +1,4 @@
+import type { PgTable, AnyPgColumn } from "drizzle-orm/pg-core";
+
+/** Drizzle PgTable with column access by name. Runtime Drizzle tables satisfy this shape. */
+export type RebasePgTable = PgTable & Record<string, AnyPgColumn>;

package/src/websocket.ts

@@ -1,13 +1,18 @@
 import { RealtimeService } from "./services/realtimeService";
 import { PostgresBackendDriver } from "./PostgresBackendDriver";
-import { DataDriver, DeleteEntityProps, FetchCollectionProps, FetchEntityProps, SaveEntityProps, TableMetadata, BranchInfo, isSQLAdmin, isSchemaAdmin, AuthAdapter } from "@rebasepro/types";
+import type { DataDriver, DeleteEntityProps, FetchCollectionProps, FetchEntityProps, SaveEntityProps, TableMetadata, BranchInfo, AuthAdapter } from "@rebasepro/types";
+import { isSQLAdmin, isSchemaAdmin } from "@rebasepro/types";
+import type { User } from "@rebasepro/types";
 import { WebSocketServer, WebSocket } from "ws";
 import { Server } from "http";
 import { inspect } from "util";
-// @ts-ignore
 import { extractUserFromToken, AccessTokenPayload } from "@rebasepro/server-core";
-// @ts-ignore
-import { AuthConfig } from "@rebasepro/server-core";
+
+/** Minimal subset of RebaseAuthConfig used by the WebSocket layer. */
+interface WsAuthConfig {
+    requireAuth?: boolean;
+    jwtSecret?: string;
+}
 
 /**
  * Normalized user identity for WebSocket sessions.
@@ -27,7 +32,7 @@ interface ClientSession {
     messageWindowStart: number;
 }
 
-const clientSessions = new Map<string, ClientSession>();
+
 
 /** Maximum messages per client per window */
 const WS_RATE_LIMIT = 2000;
@@ -52,14 +57,14 @@ const ADMIN_ONLY_TYPES = new Set([
  */
 function extractErrorMessage(error: unknown): string {
     if (!error) return "Unknown error";
-    if (typeof error === "object") {
-        const err = error as Record<string, unknown> & { cause?: unknown; message?: string };
-        if (err.cause) {
-            return extractErrorMessage(err.cause);
-        }
-        if (typeof err.message === "string") {
-            return err.message;
+    if (error instanceof Error) {
+        if ("cause" in error && error.cause) {
+            return extractErrorMessage(error.cause);
         }
+        return error.message;
+    }
+    if (typeof error === "object" && "message" in error && typeof (error as { message: unknown }).message === "string") {
+        return (error as { message: string }).message;
     }
     return String(error);
 }
@@ -72,21 +77,20 @@ function isAdminSession(session: ClientSession | undefined): boolean {
     // Fast path: new adapter-aware sessions set isAdmin directly
     if (session.user.isAdmin) return true;
     if (!session.user.roles) return false;
-    return session.user.roles.some((r: unknown) => {
-        if (typeof r === "string") return r === "admin";
-        if (r && typeof r === "object" && "isAdmin" in r) return (r as { isAdmin: boolean }).isAdmin;
-        if (r && typeof r === "object" && "id" in r) return (r as { id: string }).id === "admin";
-        return false;
-    });
+    return session.user.roles.some((r) => r === "admin");
 }
 
 export function createPostgresWebSocket(
     server: Server,
     realtimeService: RealtimeService,
     driver: PostgresBackendDriver,
-    authConfig?: AuthConfig,
+    authConfig?: WsAuthConfig,
     authAdapter?: AuthAdapter
 ) {
+    // Session map scoped to this factory invocation — prevents stale sessions
+    // leaking across hot reloads or multiple factory calls.
+    const clientSessions = new Map<string, ClientSession>();
+
     const isProduction = process.env.NODE_ENV === "production";
     /** Debug logger that is suppressed in production to prevent PII/data leaks */
     const wsDebug = (...args: unknown[]) => { if (!isProduction) console.debug(...args); };
@@ -249,18 +253,29 @@ code } }
                 // Helper to get correctly scoped delegate for the current request
                 const getScopedDelegate = async (): Promise<DataDriver> => {
                     const session = clientSessions.get(clientId);
-                    if ("withAuth" in driver && typeof (driver as unknown as Record<string, unknown>).withAuth === "function") {
+                    // Check if the driver supports RLS-scoped delegates
+                    if (typeof driver.withAuth === "function") {
                         try {
-                            const userForAuth = session?.user
+                            const userForAuth: User = session?.user
                                 ? {
                                     uid: session.user.userId,
+                                    displayName: null,
+                                    email: null,
+                                    photoURL: null,
+                                    providerId: "websocket",
+                                    isAnonymous: false,
                                     roles: session.user.roles ?? []
                                 }
                                 : {
                                     uid: "anon",
+                                    displayName: null,
+                                    email: null,
+                                    photoURL: null,
+                                    providerId: "websocket",
+                                    isAnonymous: true,
                                     roles: ["anon"]
                                 };
-                            return await (driver as unknown as { withAuth: (user: Record<string, unknown>) => Promise<DataDriver> }).withAuth(userForAuth);
+                            return await driver.withAuth(userForAuth);
                         } catch (e) {
                             console.error("Failed to create RLS scoped delegate for WS request", e);
                             throw new Error("Internal authentication error");

package/drizzle.test.config.ts

@@ -1,10 +0,0 @@
-import { defineConfig } from "drizzle-kit";
-
-export default defineConfig({
-    schema: "./test-schema-no-policies.ts",
-    out: "./drizzle-test-out",
-    dialect: "postgresql",
-    dbCredentials: {
-        url: process.env.DATABASE_URL || "postgres://postgres:postgres@localhost:5432/postgres"
-    }
-});