@vertz/db 0.2.1 → 0.2.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/d1/index.js
CHANGED
package/dist/index.js
CHANGED
|
@@ -43,10 +43,10 @@ import {
|
|
|
43
43
|
import {
|
|
44
44
|
createD1Adapter,
|
|
45
45
|
createD1Driver
|
|
46
|
-
} from "./shared/chunk-
|
|
46
|
+
} from "./shared/chunk-pnk6yzjv.js";
|
|
47
47
|
import {
|
|
48
48
|
generateId
|
|
49
|
-
} from "./shared/chunk-
|
|
49
|
+
} from "./shared/chunk-sfmyxz6r.js";
|
|
50
50
|
// src/adapters/database-bridge-adapter.ts
|
|
51
51
|
function createDatabaseBridgeAdapter(db, tableName) {
|
|
52
52
|
const delegate = db[tableName];
|
|
@@ -645,6 +645,12 @@ function nextMigrationNumber(existingFiles) {
|
|
|
645
645
|
}
|
|
646
646
|
// src/migration/introspect.ts
|
|
647
647
|
var SQLITE_EXCLUDED_TABLES = new Set(["sqlite_sequence", "_vertz_migrations"]);
|
|
648
|
+
function validateIdentifier(name) {
|
|
649
|
+
if (!/^[a-zA-Z_][a-zA-Z0-9_]*$/.test(name)) {
|
|
650
|
+
throw new Error(`Invalid SQL identifier: "${name}"`);
|
|
651
|
+
}
|
|
652
|
+
return name;
|
|
653
|
+
}
|
|
648
654
|
function mapSqliteType(rawType) {
|
|
649
655
|
const upper = rawType.toUpperCase();
|
|
650
656
|
if (upper === "TEXT")
|
|
@@ -669,7 +675,7 @@ async function introspectSqlite(queryFn) {
|
|
|
669
675
|
if (SQLITE_EXCLUDED_TABLES.has(tableName))
|
|
670
676
|
continue;
|
|
671
677
|
const columns = {};
|
|
672
|
-
const { rows: colRows } = await queryFn(`PRAGMA table_info("${tableName}")`, []);
|
|
678
|
+
const { rows: colRows } = await queryFn(`PRAGMA table_info("${validateIdentifier(tableName)}")`, []);
|
|
673
679
|
for (const col of colRows) {
|
|
674
680
|
const colName = col.name;
|
|
675
681
|
const colSnap = {
|
|
@@ -684,12 +690,12 @@ async function introspectSqlite(queryFn) {
|
|
|
684
690
|
columns[colName] = colSnap;
|
|
685
691
|
}
|
|
686
692
|
const indexes = [];
|
|
687
|
-
const { rows: indexRows } = await queryFn(`PRAGMA index_list("${tableName}")`, []);
|
|
693
|
+
const { rows: indexRows } = await queryFn(`PRAGMA index_list("${validateIdentifier(tableName)}")`, []);
|
|
688
694
|
for (const idx of indexRows) {
|
|
689
695
|
const idxName = idx.name;
|
|
690
696
|
const isUnique = idx.unique === 1;
|
|
691
697
|
const origin = idx.origin;
|
|
692
|
-
const { rows: idxInfoRows } = await queryFn(`PRAGMA index_info("${idxName}")`, []);
|
|
698
|
+
const { rows: idxInfoRows } = await queryFn(`PRAGMA index_info("${validateIdentifier(idxName)}")`, []);
|
|
693
699
|
const idxColumns = idxInfoRows.map((r) => r.name);
|
|
694
700
|
if (isUnique && idxColumns.length === 1 && origin === "u") {
|
|
695
701
|
const colName = idxColumns[0];
|
|
@@ -706,7 +712,7 @@ async function introspectSqlite(queryFn) {
|
|
|
706
712
|
}
|
|
707
713
|
}
|
|
708
714
|
const foreignKeys = [];
|
|
709
|
-
const { rows: fkRows } = await queryFn(`PRAGMA foreign_key_list("${tableName}")`, []);
|
|
715
|
+
const { rows: fkRows } = await queryFn(`PRAGMA foreign_key_list("${validateIdentifier(tableName)}")`, []);
|
|
710
716
|
for (const fk of fkRows) {
|
|
711
717
|
foreignKeys.push({
|
|
712
718
|
column: fk.from,
|
|
@@ -72,7 +72,7 @@ function generateCreateTableSql(schema) {
|
|
|
72
72
|
if (meta.defaultValue === "now") {
|
|
73
73
|
colDef += " DEFAULT (datetime('now'))";
|
|
74
74
|
} else if (typeof meta.defaultValue === "string") {
|
|
75
|
-
colDef += ` DEFAULT '${meta.defaultValue}'`;
|
|
75
|
+
colDef += ` DEFAULT '${meta.defaultValue.replace(/'/g, "''")}'`;
|
|
76
76
|
} else if (typeof meta.defaultValue === "number") {
|
|
77
77
|
colDef += ` DEFAULT ${meta.defaultValue}`;
|
|
78
78
|
} else if (typeof meta.defaultValue === "boolean") {
|
|
@@ -80,6 +80,10 @@ function generateCreateTableSql(schema) {
|
|
|
80
80
|
}
|
|
81
81
|
}
|
|
82
82
|
if (meta.check) {
|
|
83
|
+
const DANGEROUS_PATTERN = /;|--|\b(DROP|DELETE|INSERT|UPDATE|ALTER|CREATE|EXEC)\b/i;
|
|
84
|
+
if (DANGEROUS_PATTERN.test(meta.check)) {
|
|
85
|
+
throw new Error(`Unsafe CHECK constraint expression: "${meta.check}"`);
|
|
86
|
+
}
|
|
83
87
|
colDef += ` CHECK (${meta.check})`;
|
|
84
88
|
}
|
|
85
89
|
columns.push(colDef);
|
package/dist/sqlite/index.js
CHANGED
|
@@ -2,7 +2,7 @@ import {
|
|
|
2
2
|
BaseSqlAdapter,
|
|
3
3
|
generateCreateTableSql,
|
|
4
4
|
generateIndexSql
|
|
5
|
-
} from "../shared/chunk-
|
|
5
|
+
} from "../shared/chunk-sfmyxz6r.js";
|
|
6
6
|
import {
|
|
7
7
|
__commonJS,
|
|
8
8
|
__require
|
|
@@ -73,7 +73,7 @@ var require_file_uri_to_path = __commonJS((exports, module) => {
|
|
|
73
73
|
|
|
74
74
|
// ../../node_modules/.bun/bindings@1.5.0/node_modules/bindings/bindings.js
|
|
75
75
|
var require_bindings = __commonJS((exports, module) => {
|
|
76
|
-
var __filename = "/
|
|
76
|
+
var __filename = "/home/runner/work/vertz/vertz/node_modules/.bun/bindings@1.5.0/node_modules/bindings/bindings.js";
|
|
77
77
|
var fs = __require("fs");
|
|
78
78
|
var path = __require("path");
|
|
79
79
|
var fileURLToPath = require_file_uri_to_path();
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@vertz/db",
|
|
3
|
-
"version": "0.2.
|
|
3
|
+
"version": "0.2.3",
|
|
4
4
|
"type": "module",
|
|
5
5
|
"license": "MIT",
|
|
6
6
|
"description": "Database layer for Vertz — typed queries, migrations, codegen",
|
|
@@ -73,7 +73,7 @@
|
|
|
73
73
|
"@types/node": "^25.3.1",
|
|
74
74
|
"@vitest/coverage-v8": "^4.0.18",
|
|
75
75
|
"better-sqlite3": "^12.6.2",
|
|
76
|
-
"bunup": "
|
|
76
|
+
"bunup": "^0.16.31",
|
|
77
77
|
"postgres": "^3.4.8",
|
|
78
78
|
"typescript": "^5.7.0",
|
|
79
79
|
"vitest": "^4.0.18"
|
|
@@ -83,7 +83,7 @@
|
|
|
83
83
|
},
|
|
84
84
|
"dependencies": {
|
|
85
85
|
"@vertz/errors": "0.2.1",
|
|
86
|
-
"@vertz/schema": "0.2.
|
|
86
|
+
"@vertz/schema": "0.2.2",
|
|
87
87
|
"@paralleldrive/cuid2": "^3.3.0",
|
|
88
88
|
"nanoid": "^5.1.5",
|
|
89
89
|
"uuid": "^13.0.0"
|