@strav/cli 0.4.10 → 0.4.11
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@strav/cli",
|
|
3
|
-
"version": "0.4.
|
|
3
|
+
"version": "0.4.11",
|
|
4
4
|
"type": "module",
|
|
5
5
|
"description": "CLI framework and code generators for the Strav framework",
|
|
6
6
|
"license": "MIT",
|
|
@@ -33,11 +33,11 @@
|
|
|
33
33
|
"strav": "./src/cli/strav.ts"
|
|
34
34
|
},
|
|
35
35
|
"peerDependencies": {
|
|
36
|
-
"@strav/kernel": "0.4.
|
|
37
|
-
"@strav/http": "0.4.
|
|
38
|
-
"@strav/database": "0.4.
|
|
39
|
-
"@strav/queue": "0.4.
|
|
40
|
-
"@strav/signal": "0.4.
|
|
36
|
+
"@strav/kernel": "0.4.11",
|
|
37
|
+
"@strav/http": "0.4.11",
|
|
38
|
+
"@strav/database": "0.4.11",
|
|
39
|
+
"@strav/queue": "0.4.11",
|
|
40
|
+
"@strav/signal": "0.4.11"
|
|
41
41
|
},
|
|
42
42
|
"dependencies": {
|
|
43
43
|
"chalk": "^5.6.2",
|
|
@@ -44,8 +44,18 @@ export function register(program: Command): void {
|
|
|
44
44
|
`CREATE ROLE "${bypassUser}" LOGIN PASSWORD '${bypassPassword}' BYPASSRLS;`,
|
|
45
45
|
`GRANT ALL ON DATABASE "${dbName}" TO "${appUser}", "${bypassUser}";`,
|
|
46
46
|
`GRANT ALL ON SCHEMA public TO "${appUser}", "${bypassUser}";`,
|
|
47
|
+
// Default privileges for objects the *current connection* will create.
|
|
47
48
|
`ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL ON TABLES TO "${appUser}", "${bypassUser}";`,
|
|
48
49
|
`ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL ON SEQUENCES TO "${appUser}", "${bypassUser}";`,
|
|
50
|
+
// ALTER DEFAULT PRIVILEGES is per-role-of-the-creator. Migrations
|
|
51
|
+
// run as the bypass role, so without these the app role never
|
|
52
|
+
// sees grants on tables/sequences the bypass role creates and
|
|
53
|
+
// any non-bypass query (seeders, request-time inserts) fails
|
|
54
|
+
// with `permission denied for table …`. Setting them here means
|
|
55
|
+
// the demo flow `db:setup-roles → fresh → seed` works without
|
|
56
|
+
// any extra GRANT plumbing.
|
|
57
|
+
`ALTER DEFAULT PRIVILEGES FOR ROLE "${bypassUser}" IN SCHEMA public GRANT ALL ON TABLES TO "${appUser}";`,
|
|
58
|
+
`ALTER DEFAULT PRIVILEGES FOR ROLE "${bypassUser}" IN SCHEMA public GRANT ALL ON SEQUENCES TO "${appUser}";`,
|
|
49
59
|
]
|
|
50
60
|
|
|
51
61
|
if (!opts.apply) {
|