@willyim/drizzle-audit 0.1.3

package/dist/test/d1-runtime.integration.test.js

@@ -0,0 +1,222 @@
+import assert from "node:assert/strict";
+import test from "node:test";
+import Database from "better-sqlite3";
+import { asc, eq, isNull } from "drizzle-orm";
+import { drizzle } from "drizzle-orm/better-sqlite3";
+import { sqliteTable, text, integer } from "drizzle-orm/sqlite-core";
+import { d1AuditLogTable } from "../src/d1/index.js";
+import { withAudit } from "../src/d1-runtime/index.js";
+const users = sqliteTable("users", {
+    id: text("id").primaryKey(),
+    name: text("name").notNull(),
+    email: text("email"),
+});
+const invoices = sqliteTable("invoices", {
+    invoice_id: text("invoice_id").primaryKey(),
+    amount: integer("amount").notNull(),
+    status: text("status").notNull().default("pending"),
+});
+const auditLogs = d1AuditLogTable();
+function setupDb() {
+    const sqlite = new Database(":memory:");
+    const db = drizzle({ client: sqlite, schema: { auditLogs, users, invoices } });
+    sqlite.exec(`
+    CREATE TABLE audit_logs (
+      id INTEGER PRIMARY KEY AUTOINCREMENT,
+      table_name TEXT NOT NULL,
+      operation TEXT NOT NULL,
+      row_id TEXT,
+      user_id TEXT,
+      old_data TEXT,
+      new_data TEXT,
+      created_at TEXT NOT NULL DEFAULT (datetime('now'))
+    );
+    CREATE TABLE users (
+      id TEXT PRIMARY KEY,
+      name TEXT NOT NULL,
+      email TEXT
+    );
+    CREATE TABLE invoices (
+      invoice_id TEXT PRIMARY KEY,
+      amount INTEGER NOT NULL,
+      status TEXT NOT NULL DEFAULT 'pending'
+    );
+  `);
+    return { db, sqlite };
+}
+test("withAudit insert logs audit row with new_data", () => {
+    const { db, sqlite } = setupDb();
+    try {
+        const audited = withAudit(db, auditLogs, { userId: "user_1" });
+        const row = audited.insert(users, { id: "u1", name: "Ada", email: "ada@example.com" });
+        assert.equal(row.id, "u1");
+        assert.equal(row.name, "Ada");
+        const logs = db.select().from(auditLogs).all();
+        assert.equal(logs.length, 1);
+        assert.equal(logs[0]?.table_name, "users");
+        assert.equal(logs[0]?.operation, "INSERT");
+        assert.equal(logs[0]?.row_id, "u1");
+        assert.equal(logs[0]?.user_id, "user_1");
+        assert.equal(logs[0]?.old_data, null);
+        assert.deepEqual(JSON.parse(logs[0]?.new_data), {
+            id: "u1",
+            name: "Ada",
+            email: "ada@example.com",
+        });
+    }
+    finally {
+        sqlite.close();
+    }
+});
+test("withAudit update captures old and new data", () => {
+    const { db, sqlite } = setupDb();
+    try {
+        // Seed a row
+        db.insert(users).values({ id: "u1", name: "Ada", email: "ada@example.com" }).run();
+        const audited = withAudit(db, auditLogs, { userId: "user_2" });
+        const rows = audited.update(users, eq(users.id, "u1"), { name: "Ada Lovelace" });
+        assert.equal(rows.length, 1);
+        assert.equal(rows[0]?.name, "Ada Lovelace");
+        const logs = db.select().from(auditLogs).all();
+        assert.equal(logs.length, 1);
+        assert.equal(logs[0]?.operation, "UPDATE");
+        assert.equal(logs[0]?.row_id, "u1");
+        assert.equal(logs[0]?.user_id, "user_2");
+        const oldData = JSON.parse(logs[0]?.old_data);
+        assert.equal(oldData.name, "Ada");
+        assert.equal(oldData.email, "ada@example.com");
+        const newData = JSON.parse(logs[0]?.new_data);
+        assert.equal(newData.name, "Ada Lovelace");
+        assert.equal(newData.email, "ada@example.com");
+    }
+    finally {
+        sqlite.close();
+    }
+});
+test("withAudit delete captures old data", () => {
+    const { db, sqlite } = setupDb();
+    try {
+        db.insert(users).values({ id: "u1", name: "Ada" }).run();
+        const audited = withAudit(db, auditLogs, { userId: "user_3" });
+        const deleted = audited.delete(users, eq(users.id, "u1"));
+        assert.equal(deleted.length, 1);
+        assert.equal(deleted[0]?.id, "u1");
+        // Verify row is gone
+        const remaining = db.select().from(users).all();
+        assert.equal(remaining.length, 0);
+        // Verify audit log
+        const logs = db.select().from(auditLogs).all();
+        assert.equal(logs.length, 1);
+        assert.equal(logs[0]?.operation, "DELETE");
+        assert.equal(logs[0]?.row_id, "u1");
+        assert.equal(logs[0]?.user_id, "user_3");
+        assert.deepEqual(JSON.parse(logs[0]?.old_data), {
+            id: "u1",
+            name: "Ada",
+            email: null,
+        });
+        assert.equal(logs[0]?.new_data, null);
+    }
+    finally {
+        sqlite.close();
+    }
+});
+test("withAudit works with custom primary key column", () => {
+    const { db, sqlite } = setupDb();
+    try {
+        const audited = withAudit(db, auditLogs, { userId: "user_1" });
+        audited.insert(invoices, { invoice_id: "inv_1", amount: 100 });
+        audited.update(invoices, eq(invoices.invoice_id, "inv_1"), { amount: 200 });
+        audited.delete(invoices, eq(invoices.invoice_id, "inv_1"));
+        const logs = db.select().from(auditLogs).orderBy(asc(auditLogs.id)).all();
+        assert.equal(logs.length, 3);
+        assert.equal(logs[0]?.table_name, "invoices");
+        assert.equal(logs[0]?.row_id, "inv_1");
+        assert.equal(logs[1]?.operation, "UPDATE");
+        assert.equal(logs[1]?.row_id, "inv_1");
+        assert.equal(JSON.parse(logs[1]?.old_data).amount, 100);
+        assert.equal(JSON.parse(logs[1]?.new_data).amount, 200);
+        assert.equal(logs[2]?.operation, "DELETE");
+        assert.equal(logs[2]?.row_id, "inv_1");
+    }
+    finally {
+        sqlite.close();
+    }
+});
+test("withAudit handles multi-row update", () => {
+    const { db, sqlite } = setupDb();
+    try {
+        db.insert(users).values([
+            { id: "u1", name: "Ada" },
+            { id: "u2", name: "Bob" },
+            { id: "u3", name: "Carol" },
+        ]).run();
+        const audited = withAudit(db, auditLogs, { userId: "admin" });
+        // Update all users (no where = all rows, but let's use a broader condition)
+        const rows = audited.update(users, isNull(users.email), { email: "bulk@example.com" });
+        assert.equal(rows.length, 3);
+        const logs = db.select().from(auditLogs).orderBy(asc(auditLogs.id)).all();
+        assert.equal(logs.length, 3);
+        for (const log of logs) {
+            assert.equal(log.operation, "UPDATE");
+            assert.equal(log.user_id, "admin");
+            const newData = JSON.parse(log.new_data);
+            assert.equal(newData.email, "bulk@example.com");
+        }
+    }
+    finally {
+        sqlite.close();
+    }
+});
+test("withAudit with workspace_id", () => {
+    const sqlite = new Database(":memory:");
+    const auditLogsWithWs = d1AuditLogTable({ workspaceIdColumn: "workspace_id" });
+    const db = drizzle({ client: sqlite, schema: { auditLogs: auditLogsWithWs, users } });
+    try {
+        sqlite.exec(`
+      CREATE TABLE audit_logs (
+        id INTEGER PRIMARY KEY AUTOINCREMENT,
+        table_name TEXT NOT NULL,
+        operation TEXT NOT NULL,
+        row_id TEXT,
+        user_id TEXT,
+        workspace_id TEXT,
+        old_data TEXT,
+        new_data TEXT,
+        created_at TEXT NOT NULL DEFAULT (datetime('now'))
+      );
+      CREATE TABLE users (
+        id TEXT PRIMARY KEY,
+        name TEXT NOT NULL,
+        email TEXT
+      );
+    `);
+        const audited = withAudit(db, auditLogsWithWs, {
+            userId: "user_1",
+            workspaceId: "ws_1",
+        });
+        audited.insert(users, { id: "u1", name: "Ada" });
+        const logs = db.select().from(auditLogsWithWs).all();
+        assert.equal(logs.length, 1);
+        assert.equal(logs[0]?.user_id, "user_1");
+        assert.equal(logs[0].workspace_id, "ws_1");
+    }
+    finally {
+        sqlite.close();
+    }
+});
+test("withAudit.db gives access to raw db for non-audited ops", () => {
+    const { db, sqlite } = setupDb();
+    try {
+        const audited = withAudit(db, auditLogs, { userId: "user_1" });
+        // Direct insert — no audit
+        audited.db.insert(users).values({ id: "u1", name: "Ada" }).run();
+        const logs = db.select().from(auditLogs).all();
+        assert.equal(logs.length, 0);
+        const rows = db.select().from(users).all();
+        assert.equal(rows.length, 1);
+    }
+    finally {
+        sqlite.close();
+    }
+});

package/dist/test/d1.integration.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=d1.integration.test.d.ts.map

package/dist/test/d1.integration.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"d1.integration.test.d.ts","sourceRoot":"","sources":["../../test/d1.integration.test.ts"],"names":[],"mappings":""}

package/dist/test/d1.integration.test.js

@@ -0,0 +1,223 @@
+import assert from "node:assert/strict";
+import test from "node:test";
+import Database from "better-sqlite3";
+import { asc, eq, sql } from "drizzle-orm";
+import { drizzle } from "drizzle-orm/better-sqlite3";
+import { sqliteTable, text, integer } from "drizzle-orm/sqlite-core";
+import { createAttachD1AuditTriggersSql, createAttachD1AuditTriggersSqlWithColumns, createD1AuditInstallSql, d1AuditLogTable, d1AuditContextTable, withD1AuditedTransaction, } from "../src/d1/index.js";
+const users = sqliteTable("users", {
+    id: text("id").primaryKey(),
+    name: text("name").notNull(),
+});
+const invoices = sqliteTable("invoices", {
+    invoice_id: text("invoice_id").primaryKey(),
+    amount: integer("amount").notNull(),
+});
+const auditLogs = d1AuditLogTable();
+const auditContext = d1AuditContextTable();
+function setupDb() {
+    const sqlite = new Database(":memory:");
+    const db = drizzle({ client: sqlite, schema: { auditLogs, auditContext, users, invoices } });
+    sqlite.exec(createD1AuditInstallSql());
+    sqlite.exec(`
+    CREATE TABLE users (
+      id TEXT PRIMARY KEY,
+      name TEXT NOT NULL
+    );
+    CREATE TABLE invoices (
+      invoice_id TEXT PRIMARY KEY,
+      amount INTEGER NOT NULL
+    );
+  `);
+    sqlite.exec(createAttachD1AuditTriggersSql([
+        { table: "users" },
+        { table: "invoices", rowIdColumn: "invoice_id" },
+    ]));
+    return { db, sqlite };
+}
+test("d1 auditing works end to end (without row data)", () => {
+    const { db, sqlite } = setupDb();
+    try {
+        // Insert without audit context: user_id = NULL
+        db.insert(users).values({ id: "user_0", name: "No Context" }).run();
+        const noContextLogs = db.select().from(auditLogs).orderBy(asc(auditLogs.id)).all();
+        assert.equal(noContextLogs.length, 1);
+        assert.equal(noContextLogs[0]?.user_id, null);
+        assert.equal(noContextLogs[0]?.table_name, "users");
+        assert.equal(noContextLogs[0]?.operation, "INSERT");
+        assert.equal(noContextLogs[0]?.row_id, "user_0");
+        // With audit context
+        withD1AuditedTransaction(db, "user_123", (tx) => {
+            tx.insert(users).values({ id: "user_1", name: "Ada" }).run();
+            tx.update(users).set({ name: "Ada Lovelace" }).where(eq(users.id, "user_1")).run();
+            tx.insert(invoices).values({ invoice_id: "inv_1", amount: 42 }).run();
+            tx.delete(users).where(eq(users.id, "user_1")).run();
+        });
+        const logs = db.select().from(auditLogs).orderBy(asc(auditLogs.id)).all();
+        assert.equal(logs.length, 5);
+        // INSERT user
+        assert.equal(logs[1]?.table_name, "users");
+        assert.equal(logs[1]?.operation, "INSERT");
+        assert.equal(logs[1]?.row_id, "user_1");
+        assert.equal(logs[1]?.user_id, "user_123");
+        // UPDATE user
+        assert.equal(logs[2]?.table_name, "users");
+        assert.equal(logs[2]?.operation, "UPDATE");
+        assert.equal(logs[2]?.row_id, "user_1");
+        assert.equal(logs[2]?.user_id, "user_123");
+        // INSERT invoice (custom rowIdColumn)
+        assert.equal(logs[3]?.table_name, "invoices");
+        assert.equal(logs[3]?.operation, "INSERT");
+        assert.equal(logs[3]?.row_id, "inv_1");
+        // DELETE user
+        assert.equal(logs[4]?.table_name, "users");
+        assert.equal(logs[4]?.operation, "DELETE");
+        assert.equal(logs[4]?.row_id, "user_1");
+        assert.equal(logs[4]?.user_id, "user_123");
+        // Context table should be clean after transaction
+        const contextRows = db.select().from(auditContext).all();
+        assert.equal(contextRows.length, 0);
+    }
+    finally {
+        sqlite.close();
+    }
+});
+test("d1 column-aware triggers capture full row data", () => {
+    const sqlite = new Database(":memory:");
+    const db = drizzle({ client: sqlite, schema: { auditLogs, auditContext, users } });
+    try {
+        sqlite.exec(createD1AuditInstallSql());
+        sqlite.exec(`
+      CREATE TABLE users (
+        id TEXT PRIMARY KEY,
+        name TEXT NOT NULL
+      );
+    `);
+        sqlite.exec(createAttachD1AuditTriggersSqlWithColumns([
+            { table: "users", columns: ["id", "name"] },
+        ]));
+        withD1AuditedTransaction(db, "user_1", (tx) => {
+            tx.insert(users).values({ id: "u1", name: "Ada" }).run();
+            tx.update(users).set({ name: "Ada Lovelace" }).where(eq(users.id, "u1")).run();
+            tx.delete(users).where(eq(users.id, "u1")).run();
+        });
+        const logs = db.select().from(auditLogs).orderBy(asc(auditLogs.id)).all();
+        assert.equal(logs.length, 3);
+        // INSERT: new_data captured
+        assert.equal(logs[0]?.operation, "INSERT");
+        assert.deepEqual(JSON.parse(logs[0]?.new_data), { id: "u1", name: "Ada" });
+        assert.equal(logs[0]?.old_data, null);
+        // UPDATE: old_data and new_data captured
+        assert.equal(logs[1]?.operation, "UPDATE");
+        assert.deepEqual(JSON.parse(logs[1]?.old_data), { id: "u1", name: "Ada" });
+        assert.deepEqual(JSON.parse(logs[1]?.new_data), { id: "u1", name: "Ada Lovelace" });
+        // DELETE: old_data captured
+        assert.equal(logs[2]?.operation, "DELETE");
+        assert.deepEqual(JSON.parse(logs[2]?.old_data), { id: "u1", name: "Ada Lovelace" });
+        assert.equal(logs[2]?.new_data, null);
+    }
+    finally {
+        sqlite.close();
+    }
+});
+test("d1 workspace_id column and context are stored when enabled", () => {
+    const sqlite = new Database(":memory:");
+    const auditLogsWithWorkspace = d1AuditLogTable({ workspaceIdColumn: "workspace_id" });
+    const db = drizzle({ client: sqlite, schema: { auditLogs: auditLogsWithWorkspace, auditContext, users } });
+    try {
+        sqlite.exec(createD1AuditInstallSql({ workspaceIdColumn: "workspace_id" }));
+        sqlite.exec(`
+      CREATE TABLE users (
+        id TEXT PRIMARY KEY,
+        name TEXT NOT NULL
+      );
+    `);
+        sqlite.exec(createAttachD1AuditTriggersSql([{ table: "users" }], { workspaceIdColumn: "workspace_id" }));
+        withD1AuditedTransaction(db, "user_1", (tx) => {
+            tx.insert(users).values({ id: "u1", name: "Alice" }).run();
+        }, { workspaceId: "ws_1" });
+        const logs = db.select().from(auditLogsWithWorkspace).all();
+        assert.equal(logs.length, 1);
+        assert.equal(logs[0]?.user_id, "user_1");
+        assert.equal(logs[0].workspace_id, "ws_1");
+        // Without workspace
+        withD1AuditedTransaction(db, "user_2", (tx) => {
+            tx.insert(users).values({ id: "u2", name: "Bob" }).run();
+        });
+        const logs2 = db
+            .select()
+            .from(auditLogsWithWorkspace)
+            .orderBy(asc(auditLogsWithWorkspace.id))
+            .all();
+        assert.equal(logs2.length, 2);
+        assert.equal(logs2[1]?.user_id, "user_2");
+        assert.equal(logs2[1].workspace_id, null);
+    }
+    finally {
+        sqlite.close();
+    }
+});
+test("d1 writes without audit context produce rows with user_id = NULL", () => {
+    const { db, sqlite } = setupDb();
+    try {
+        db.insert(users).values({ id: "u1", name: "Alice" }).run();
+        db.update(users).set({ name: "Alice Updated" }).where(eq(users.id, "u1")).run();
+        db.delete(users).where(eq(users.id, "u1")).run();
+        const logs = db.select().from(auditLogs).orderBy(asc(auditLogs.id)).all();
+        assert.equal(logs.length, 3);
+        assert.equal(logs[0]?.operation, "INSERT");
+        assert.equal(logs[0]?.user_id, null);
+        assert.equal(logs[0]?.row_id, "u1");
+        assert.equal(logs[1]?.operation, "UPDATE");
+        assert.equal(logs[1]?.user_id, null);
+        assert.equal(logs[2]?.operation, "DELETE");
+        assert.equal(logs[2]?.user_id, null);
+    }
+    finally {
+        sqlite.close();
+    }
+});
+test("d1 trigger SQL handles table names with special characters", () => {
+    const sqlite = new Database(":memory:");
+    const db = drizzle({ client: sqlite, schema: { auditLogs, auditContext } });
+    try {
+        sqlite.exec(createD1AuditInstallSql());
+        // Table name with a single quote — the quoteLiteral fix prevents SQL breakage
+        const tableName = "user's_data";
+        sqlite.exec(`CREATE TABLE "${tableName}" (id TEXT PRIMARY KEY, val TEXT);`);
+        sqlite.exec(createAttachD1AuditTriggersSql([{ table: tableName }]));
+        // Seed context and insert
+        withD1AuditedTransaction(db, "tester", (tx) => {
+            tx.run(sql `INSERT INTO "${sql.raw(tableName)}" (id, val) VALUES ('r1', 'hello')`);
+        });
+        const logs = db.select().from(auditLogs).all();
+        assert.equal(logs.length, 1);
+        assert.equal(logs[0]?.table_name, tableName);
+        assert.equal(logs[0]?.row_id, "r1");
+        assert.equal(logs[0]?.user_id, "tester");
+    }
+    finally {
+        sqlite.close();
+    }
+});
+test("d1 column-aware triggers handle column names with special characters", () => {
+    const sqlite = new Database(":memory:");
+    const db = drizzle({ client: sqlite, schema: { auditLogs, auditContext } });
+    try {
+        sqlite.exec(createD1AuditInstallSql());
+        sqlite.exec(`CREATE TABLE items (id TEXT PRIMARY KEY, "user's name" TEXT);`);
+        sqlite.exec(createAttachD1AuditTriggersSqlWithColumns([
+            { table: "items", columns: ["id", "user's name"] },
+        ]));
+        withD1AuditedTransaction(db, "tester", (tx) => {
+            tx.run(sql `INSERT INTO items (id, "user's name") VALUES ('i1', 'Ada')`);
+        });
+        const logs = db.select().from(auditLogs).all();
+        assert.equal(logs.length, 1);
+        const newData = JSON.parse(logs[0]?.new_data);
+        assert.equal(newData["user's name"], "Ada");
+    }
+    finally {
+        sqlite.close();
+    }
+});

package/dist/test/postgres.integration.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=postgres.integration.test.d.ts.map

package/dist/test/postgres.integration.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"postgres.integration.test.d.ts","sourceRoot":"","sources":["../../test/postgres.integration.test.ts"],"names":[],"mappings":""}