@tstdl/base 0.93.179 → 0.93.180

package/orm/server/module.d.ts

@@ -25,6 +25,5 @@ export type OrmModuleOptions = {
  * @param options - Configuration options including connection details, repository settings, and the encryption secret.
  */
 export declare function configureOrm({ injector, ...options }?: OrmModuleOptions & {
-    encryptionSecret?: Uint8Array;
     injector?: Injector;
 }): void;

package/orm/server/module.js

@@ -1,7 +1,6 @@
 import { Injector } from '../../injector/injector.js';
 import { isDefined } from '../../utils/type-guards.js';
 import { EntityRepositoryConfig } from './repository-config.js';
-import { ENCRYPTION_SECRET } from './tokens.js';
 /**
  * Configuration class for the database connection.
  */
@@ -20,7 +19,4 @@ export function configureOrm({ injector, ...options } = {}) {
     if (isDefined(options.repositoryConfig)) {
         targetInjector.register(EntityRepositoryConfig, { useValue: options.repositoryConfig });
     }
-    if (isDefined(options.encryptionSecret)) {
-        targetInjector.register(ENCRYPTION_SECRET, { useValue: options.encryptionSecret });
-    }
 }

package/orm/server/repository.d.ts

@@ -1,6 +1,7 @@
 /** biome-ignore-all lint/nursery/noExcessiveClassesPerFile: <explanation> */
 import { SQL, type SQLWrapper } from 'drizzle-orm';
 import type { AnyPgTable, PgColumn, PgInsertValue, PgSelectBuilder, PgUpdateSetSource, SelectedFields } from 'drizzle-orm/pg-core';
+import { type DerivedKey } from '../../cryptography/index.js';
 import { afterResolve, resolveArgumentType, type Resolvable } from '../../injector/interfaces.js';
 import type { DeepPartial, Function, OneOrMany, Record, SimplifyObject, Type, TypedOmit } from '../../types/index.js';
 import { Entity, type BaseEntity, type EntityMetadataAttributes, type EntityType } from '../entity.js';
@@ -16,7 +17,7 @@ type EntityRepositoryContext = {
     table: PgTableFromType;
     columnDefinitions: ColumnDefinition[];
     columnDefinitionsMap: Map<string, ColumnDefinition>;
-    encryptionSecret: Uint8Array<ArrayBuffer> | undefined;
+    encryptionKey: DerivedKey | undefined;
     transformContext: TransformContext | Promise<TransformContext> | undefined;
 };
 export type InferSelect<T extends BaseEntity = BaseEntity> = PgTableFromType<EntityType<T>>['$inferSelect'];

package/orm/server/repository.js

@@ -8,7 +8,7 @@ var __decorate = (this && this.__decorate) || function (decorators, target, key,
 import { and, asc, count, desc, eq, getTableName, inArray, isNotNull as isSqlNotNull, isNull as isSqlNull, isSQLWrapper, lte, or, SQL, sql } from 'drizzle-orm';
 import { match, P } from 'ts-pattern';
 import { CancellationSignal } from '../../cancellation/token.js';
-import { importSymmetricKey } from '../../cryptography/index.js';
+import { injectDerivedCryptoKey } from '../../cryptography/index.js';
 import { NotFoundError } from '../../errors/not-found.error.js';
 import { Singleton } from '../../injector/decorators.js';
 import { inject, injectArgument } from '../../injector/inject.js';
@@ -30,7 +30,6 @@ import { getInheritanceMetadata, isChildEntity } from '../utils.js';
 import { getColumnDefinitions, getColumnDefinitionsMap, getDrizzleTableFromType, getPrimaryKeyColumnDefinitions, getPrimaryKeyColumns, getTableColumnDefinitions, isTableOwning } from './drizzle/schema-converter.js';
 import { convertQuery, getTsQuery, getTsVector, resolveTargetColumn } from './query-converter.js';
 import { EntityRepositoryConfig } from './repository-config.js';
-import { ENCRYPTION_SECRET } from './tokens.js';
 import { injectTransactional, injectTransactionalAsync, isInTransactionalContext, Transactional, tryGetTransactionalContextData } from './transactional.js';
 const searchScoreColumn = '__tsl_score';
 const searchDistanceColumn = '__tsl_distance';
@@ -40,7 +39,7 @@ export const repositoryType = Symbol('repositoryType');
 const entityTypeToken = Symbol('EntityType');
 let EntityRepository = class EntityRepository extends Transactional {
     #context = (isInTransactionalContext() ? tryGetTransactionalContextData(this) : undefined) ?? {};
-    #encryptionSecret = isInTransactionalContext() ? this.#context.encryptionSecret : inject(ENCRYPTION_SECRET, undefined, { optional: true });
+    #encryptionKey = isInTransactionalContext() ? this.#context.encryptionKey : injectDerivedCryptoKey('orm:repository-encryption', { name: 'AES-GCM', length: 256 }, ['encrypt', 'decrypt']);
     #cancellationSignal = isInTransactionalContext() ? undefined : inject(CancellationSignal);
     #transformContext = this.#context.transformContext;
     type = assertDefinedPass(this.#context.type ?? this.constructor[entityTypeToken] ?? injectArgument(this, { optional: true }), 'Missing entity type.');
@@ -137,7 +136,7 @@ let EntityRepository = class EntityRepository extends Transactional {
             table: this.#table,
             columnDefinitions: this.#columnDefinitions,
             columnDefinitionsMap: this.#columnDefinitionsMap,
-            encryptionSecret: this.#encryptionSecret,
+            encryptionKey: this.#encryptionKey,
             transformContext: this.#transformContext,
         };
         return context;
@@ -1745,11 +1744,11 @@ let EntityRepository = class EntityRepository extends Transactional {
     }
     async getTransformContext() {
         if (isUndefined(this.#transformContext)) {
-            if (isUndefined(this.#encryptionSecret)) {
+            if (isUndefined(this.#encryptionKey)) {
                 this.#transformContext = {};
                 return this.#transformContext;
             }
-            this.#transformContext = importSymmetricKey('raw', { name: 'AES-GCM', length: 256 }, this.#encryptionSecret, false).then((encryptionKey) => ({ encryptionKey }));
+            this.#transformContext = this.#encryptionKey.getKey().then((encryptionKey) => ({ encryptionKey }));
             this.#transformContext = await this.#transformContext;
         }
         return this.#transformContext; // eslint-disable-line @typescript-eslint/return-await

package/orm/tests/repository-extra-coverage.test.js

@@ -17,7 +17,6 @@ import { toArrayAsync } from '../../utils/async-iterable-helpers/to-array.js';
 import { ChildEntity, Column, Inheritance, Table } from '../decorators.js';
 import { BaseEntity, Entity } from '../entity.js';
 import { getRepository } from '../server/repository.js';
-import { ENCRYPTION_SECRET } from '../server/tokens.js';
 describe('ORM Repository Extra Coverage', () => {
     let injector;
     let database;
@@ -80,7 +79,6 @@ describe('ORM Repository Extra Coverage', () => {
     ], PlainItem);
     beforeAll(async () => {
         ({ injector, database } = await setupIntegrationTest({ orm: { schema } }));
-        injector.register(ENCRYPTION_SECRET, { useValue: new Uint8Array(32).fill(1) });
         baseItemRepo = injector.resolve(getRepository(BaseItem));
         premiumItemRepo = injector.resolve(getRepository(PremiumItem));
         simpleItemRepo = injector.resolve(getRepository(SimpleItem));

package/orm/tests/repository-regression.test.js

@@ -17,7 +17,6 @@ import { Column, EmbeddedProperty, EncryptedProperty, Reference, Table } from '.
 import { Entity } from '../entity.js';
 import { JsonProperty, NumericDateProperty } from '../schemas/index.js';
 import { getRepository } from '../server/index.js';
-import { ENCRYPTION_SECRET } from '../server/tokens.js';
 describe('ORM Repository Regression (Integration)', () => {
     let injector;
     let db;
@@ -101,11 +100,9 @@ describe('ORM Repository Regression (Integration)', () => {
         Table('posts', { schema })
     ], Post);
     beforeAll(async () => {
-        const encryptionSecret = new Uint8Array(32).fill(1);
         ({ injector, database: db } = await setupIntegrationTest({
             orm: { schema },
         }));
-        injector.register(ENCRYPTION_SECRET, { useValue: encryptionSecret });
         standardRepository = injector.resolve(getRepository(StandardEntity));
         postRepository = injector.resolve(getRepository(Post));
         await db.execute(sql `CREATE SCHEMA IF NOT EXISTS ${sql.identifier(schema)}`);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@tstdl/base",
-  "version": "0.93.179",
+  "version": "0.93.180",
   "author": "Patrick Hein",
   "publishConfig": {
     "access": "public"

package/testing/integration-setup.js

@@ -130,13 +130,13 @@ export async function setupIsolatedIntegrationTest(options = {}) {
         ...options.dbConfig,
     };
     const schema = options.orm?.schema ?? 'test';
+    configureSecrets({ key: 'tstdl-unit-tests' });
     // 4. Configure ORM
     // We disable autoMigrate here because APPLICATION_INITIALIZER is not used in integration tests
     // We manually run migrations via bootstrapOrm below
     configureOrm({
         repositoryConfig: { schema },
         connection: dbConfig,
-        encryptionSecret: options.orm?.encryptionSecret ?? new Uint8Array(32),
         injector,
     });
     // 5. Database Resolution

package/orm/server/tokens.d.ts

@@ -1 +0,0 @@
-export declare const ENCRYPTION_SECRET: import("../../injector/token.js").InjectionToken<Uint8Array<ArrayBuffer>, never>;

package/orm/server/tokens.js

@@ -1,2 +0,0 @@
-import { injectionToken } from '../../injector/token.js';
-export const ENCRYPTION_SECRET = injectionToken('EncryptionSecret');