neonctl 2.22.0 → 2.23.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +242 -16
- package/analytics.js +5 -2
- package/commands/branches.js +9 -1
- package/commands/checkout.js +249 -0
- package/commands/connection_string.js +15 -2
- package/commands/data_api.js +286 -0
- package/commands/functions.js +277 -0
- package/commands/index.js +12 -0
- package/commands/link.js +667 -0
- package/commands/neon_auth.js +1013 -0
- package/commands/projects.js +9 -1
- package/commands/psql.js +62 -0
- package/commands/set_context.js +7 -2
- package/context.js +86 -14
- package/functions_api.js +44 -0
- package/index.js +3 -0
- package/package.json +60 -51
- package/psql/cli.js +51 -0
- package/psql/command/cmd_cond.js +437 -0
- package/psql/command/cmd_connect.js +815 -0
- package/psql/command/cmd_copy.js +1025 -0
- package/psql/command/cmd_describe.js +1810 -0
- package/psql/command/cmd_format.js +909 -0
- package/psql/command/cmd_io.js +2187 -0
- package/psql/command/cmd_lo.js +385 -0
- package/psql/command/cmd_meta.js +970 -0
- package/psql/command/cmd_misc.js +187 -0
- package/psql/command/cmd_pipeline.js +1141 -0
- package/psql/command/cmd_restrict.js +171 -0
- package/psql/command/cmd_show.js +751 -0
- package/psql/command/dispatch.js +343 -0
- package/psql/command/inputQueue.js +42 -0
- package/psql/command/shared.js +71 -0
- package/psql/complete/filenames.js +139 -0
- package/psql/complete/index.js +104 -0
- package/psql/complete/matcher.js +314 -0
- package/psql/complete/psqlVars.js +247 -0
- package/psql/complete/queries.js +491 -0
- package/psql/complete/rules.js +2387 -0
- package/psql/core/common.js +1250 -0
- package/psql/core/help.js +576 -0
- package/psql/core/mainloop.js +1353 -0
- package/psql/core/prompt.js +437 -0
- package/psql/core/settings.js +684 -0
- package/psql/core/sqlHelp.js +1066 -0
- package/psql/core/startup.js +840 -0
- package/psql/core/syncVars.js +116 -0
- package/psql/core/variables.js +287 -0
- package/psql/describe/formatters.js +1277 -0
- package/psql/describe/processNamePattern.js +270 -0
- package/psql/describe/queries.js +2373 -0
- package/psql/describe/versionGate.js +43 -0
- package/psql/index.js +2005 -0
- package/psql/io/history.js +299 -0
- package/psql/io/input.js +120 -0
- package/psql/io/lineEditor/buffer.js +323 -0
- package/psql/io/lineEditor/complete.js +227 -0
- package/psql/io/lineEditor/filename.js +159 -0
- package/psql/io/lineEditor/index.js +891 -0
- package/psql/io/lineEditor/keymap.js +738 -0
- package/psql/io/lineEditor/vt100.js +363 -0
- package/psql/io/pgpass.js +202 -0
- package/psql/io/pgservice.js +194 -0
- package/psql/io/psqlrc.js +422 -0
- package/psql/print/aligned.js +1756 -0
- package/psql/print/asciidoc.js +248 -0
- package/psql/print/crosstab.js +460 -0
- package/psql/print/csv.js +92 -0
- package/psql/print/html.js +258 -0
- package/psql/print/json.js +96 -0
- package/psql/print/latex.js +396 -0
- package/psql/print/pager.js +265 -0
- package/psql/print/troff.js +258 -0
- package/psql/print/unaligned.js +118 -0
- package/psql/print/units.js +135 -0
- package/psql/scanner/slash.js +513 -0
- package/psql/scanner/sql.js +910 -0
- package/psql/scanner/stringutils.js +390 -0
- package/psql/types/backslash.js +1 -0
- package/psql/types/connection.js +1 -0
- package/psql/types/index.js +7 -0
- package/psql/types/printer.js +1 -0
- package/psql/types/repl.js +1 -0
- package/psql/types/scanner.js +24 -0
- package/psql/types/settings.js +1 -0
- package/psql/types/variables.js +1 -0
- package/psql/wire/connection.js +2844 -0
- package/psql/wire/copy.js +108 -0
- package/psql/wire/notify.js +59 -0
- package/psql/wire/pipeline.js +519 -0
- package/psql/wire/protocol.js +466 -0
- package/psql/wire/sasl.js +296 -0
- package/psql/wire/tls.js +596 -0
- package/test_utils/fixtures.js +1 -0
- package/utils/enrichers.js +18 -1
- package/utils/esbuild.js +147 -0
- package/utils/middlewares.js +1 -1
- package/utils/psql.js +107 -11
- package/utils/zip.js +4 -0
- package/writer.js +1 -1
- package/commands/auth.test.js +0 -211
- package/commands/branches.test.js +0 -460
- package/commands/connection_string.test.js +0 -196
- package/commands/databases.test.js +0 -39
- package/commands/help.test.js +0 -9
- package/commands/init.test.js +0 -56
- package/commands/ip_allow.test.js +0 -59
- package/commands/operations.test.js +0 -7
- package/commands/orgs.test.js +0 -7
- package/commands/projects.test.js +0 -144
- package/commands/roles.test.js +0 -37
- package/commands/set_context.test.js +0 -159
- package/commands/vpc_endpoints.test.js +0 -69
- package/env.test.js +0 -55
- package/utils/formats.test.js +0 -32
- package/writer.test.js +0 -104
|
@@ -0,0 +1,2844 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* PgConnection — the wire-layer Connection implementation (WP-02 + WP-16).
|
|
3
|
+
*
|
|
4
|
+
* Implements `Connection` (frozen WP-00 interface in
|
|
5
|
+
* `src/psql/types/connection.ts`) on top of a single TCP / TLS socket. The
|
|
6
|
+
* class is essentially a state machine:
|
|
7
|
+
*
|
|
8
|
+
* auth → drive Authentication* messages
|
|
9
|
+
* await-ready → collect ParameterStatus + BackendKeyData
|
|
10
|
+
* idle → ready for a Query / extended-protocol cycle
|
|
11
|
+
* in-query → simple Query in flight, accumulating ResultSets
|
|
12
|
+
* in-copy-in → COPY FROM STDIN data transfer in progress (WP-16)
|
|
13
|
+
* in-copy-out → COPY TO STDOUT data transfer in progress (WP-16)
|
|
14
|
+
* closed → socket gone
|
|
15
|
+
*
|
|
16
|
+
* What this module owns:
|
|
17
|
+
* - Socket lifecycle (open, optional TLS, Terminate, close).
|
|
18
|
+
* - Auth: Cleartext, MD5, SASL/SCRAM (delegating to ./sasl.ts).
|
|
19
|
+
* - Tracking server `serverVersion` from ParameterStatus.
|
|
20
|
+
* - Simple-query path (`execSimple`) — collect RowDescription/DataRow/
|
|
21
|
+
* CommandComplete tuples into ResultSet[].
|
|
22
|
+
* - Async messages (Notice, Notification) routed through ./notify.ts.
|
|
23
|
+
* - ErrorResponse → rejected promise mapped to ConnectError shape.
|
|
24
|
+
* - Async cancel via a side connection (CancelRequest).
|
|
25
|
+
* - COPY streaming (WP-16): `startCopyIn` returns a `CopyInStream` that
|
|
26
|
+
* wires CopyData / CopyDone / CopyFail; `startCopyOut` returns an
|
|
27
|
+
* `AsyncIterable<Buffer>` that drains CopyData messages from the wire.
|
|
28
|
+
* The state machine threads through `in-copy-in` / `in-copy-out`.
|
|
29
|
+
*
|
|
30
|
+
* What is stubbed / deferred:
|
|
31
|
+
* - Extended-query protocol (Parse/Bind/Execute/Sync). The framing is in
|
|
32
|
+
* protocol.ts but the high-level path (parameterised `query()`, prepared
|
|
33
|
+
* statements, pipeline) is WP-21. We throw clearly when called.
|
|
34
|
+
*/
|
|
35
|
+
import * as dns from 'node:dns/promises';
|
|
36
|
+
import * as net from 'node:net';
|
|
37
|
+
import * as tls from 'node:tls';
|
|
38
|
+
import { createHash } from 'node:crypto';
|
|
39
|
+
import { Buffer } from 'node:buffer';
|
|
40
|
+
import { Bind, CancelRequest, Close, CopyData, CopyDone, CopyFail, Describe, Execute, fieldsToNotice, MessageParser, Parse, PasswordMessage, Query, SASLInitialResponse, SASLResponse, StartupMessage, Sync, Terminate, } from './protocol.js';
|
|
41
|
+
import { PipelineSession } from './pipeline.js';
|
|
42
|
+
import { createScramClient } from './sasl.js';
|
|
43
|
+
import { negotiateTls } from './tls.js';
|
|
44
|
+
import { NoticeMultiplexer } from './notify.js';
|
|
45
|
+
/**
|
|
46
|
+
* Map a Notice-flavoured fields map into a `ConnectError` that includes a
|
|
47
|
+
* recognizable `message` plus a `cause` slot for the raw record.
|
|
48
|
+
*/
|
|
49
|
+
function fieldsToConnectError(fields) {
|
|
50
|
+
return { ...fieldsToNotice(fields), cause: fields };
|
|
51
|
+
}
|
|
52
|
+
/**
|
|
53
|
+
* Synthetic ConnectError used as the rejection reason for queued
|
|
54
|
+
* pipeline ops that the server skipped after a preceding ErrorResponse.
|
|
55
|
+
* Mirrors libpq's `PGRES_PIPELINE_ABORTED` result — the message text
|
|
56
|
+
* matches the string libpq stamps onto skipped ops so the cmd layer
|
|
57
|
+
* can render it byte-identically with vanilla psql's `\getresults` /
|
|
58
|
+
* `\endpipeline` output.
|
|
59
|
+
*/
|
|
60
|
+
function pipelineAbortedError() {
|
|
61
|
+
return {
|
|
62
|
+
severity: 'ERROR',
|
|
63
|
+
code: '',
|
|
64
|
+
message: 'Pipeline aborted, command did not run',
|
|
65
|
+
pipelineAborted: true,
|
|
66
|
+
};
|
|
67
|
+
}
|
|
68
|
+
/** Parse "PostgreSQL 16.2 …" into a numeric `major * 10000 + minor * 100`. */
|
|
69
|
+
function parseServerVersion(value) {
|
|
70
|
+
// libpq's PQserverVersion returns NNNNNN (e.g. 160002 for 16.2). For
|
|
71
|
+
// pre-10 versions the layout was NNMMSS (e.g. 90608 for 9.6.8). Our
|
|
72
|
+
// consumers only need monotonic comparability and a major-version
|
|
73
|
+
// accessor; the libpq formula is the simplest match.
|
|
74
|
+
const m = /^([0-9]+)(?:\.([0-9]+))?(?:\.([0-9]+))?/.exec(value);
|
|
75
|
+
if (!m)
|
|
76
|
+
return 0;
|
|
77
|
+
const major = parseInt(m[1], 10);
|
|
78
|
+
const minor = m[2] !== undefined ? parseInt(m[2], 10) : 0;
|
|
79
|
+
if (major >= 10) {
|
|
80
|
+
return major * 10000 + minor;
|
|
81
|
+
}
|
|
82
|
+
const patch = m[3] !== undefined ? parseInt(m[3], 10) : 0;
|
|
83
|
+
return major * 10000 + minor * 100 + patch;
|
|
84
|
+
}
|
|
85
|
+
/**
|
|
86
|
+
* MD5 auth: `'md5' + md5( md5(password + user) || salt )`. Inner hash uses
|
|
87
|
+
* the username; outer is salted. PG uses lowercase hex everywhere.
|
|
88
|
+
*/
|
|
89
|
+
function md5AuthPayload(user, password, salt) {
|
|
90
|
+
const inner = createHash('md5')
|
|
91
|
+
.update(password + user, 'utf8')
|
|
92
|
+
.digest('hex');
|
|
93
|
+
const outer = createHash('md5')
|
|
94
|
+
.update(inner, 'utf8')
|
|
95
|
+
.update(salt)
|
|
96
|
+
.digest('hex');
|
|
97
|
+
return 'md5' + outer;
|
|
98
|
+
}
|
|
99
|
+
/**
|
|
100
|
+
* Fisher-Yates in-place shuffle of the candidate hosts list. Used by
|
|
101
|
+
* `load_balance_hosts=random`. Hook the random source so tests can inject a
|
|
102
|
+
* deterministic permutation.
|
|
103
|
+
*/
|
|
104
|
+
function shuffleInPlace(arr, rng = Math.random) {
|
|
105
|
+
for (let i = arr.length - 1; i > 0; i -= 1) {
|
|
106
|
+
const j = Math.floor(rng() * (i + 1));
|
|
107
|
+
const tmp = arr[i];
|
|
108
|
+
arr[i] = arr[j];
|
|
109
|
+
arr[j] = tmp;
|
|
110
|
+
}
|
|
111
|
+
}
|
|
112
|
+
/**
|
|
113
|
+
* After a successful handshake, decide whether this connection matches the
|
|
114
|
+
* caller's `target_session_attrs` constraint by running
|
|
115
|
+
* `SELECT pg_is_in_recovery()`. Returns `true` if the connection is
|
|
116
|
+
* acceptable, `false` if it should be torn down and the next host tried.
|
|
117
|
+
*
|
|
118
|
+
* - 'any' (or undefined) — always accepts.
|
|
119
|
+
* - 'read-write' / 'primary' — accepts when NOT in recovery.
|
|
120
|
+
* - 'read-only' / 'standby' — accepts when IN recovery.
|
|
121
|
+
*
|
|
122
|
+
* If the probe query itself fails we treat the connection as unacceptable
|
|
123
|
+
* (returns false) so the orchestrator falls through to the next candidate
|
|
124
|
+
* rather than handing the caller a half-broken connection.
|
|
125
|
+
*/
|
|
126
|
+
async function checkSessionAttrs(conn, tsa) {
|
|
127
|
+
if (tsa === undefined || tsa === 'any')
|
|
128
|
+
return true;
|
|
129
|
+
let inRecovery;
|
|
130
|
+
try {
|
|
131
|
+
const sets = await conn.execSimple('SELECT pg_is_in_recovery()');
|
|
132
|
+
if (sets.length === 0 || sets[0].rows.length === 0) {
|
|
133
|
+
return false;
|
|
134
|
+
}
|
|
135
|
+
const raw = sets[0].rows[0][0];
|
|
136
|
+
// pg_is_in_recovery returns boolean; text-format rows surface as
|
|
137
|
+
// 't' / 'f'. Be liberal: also handle 'true' / 'false'.
|
|
138
|
+
if (raw === true) {
|
|
139
|
+
inRecovery = true;
|
|
140
|
+
}
|
|
141
|
+
else if (raw === false) {
|
|
142
|
+
inRecovery = false;
|
|
143
|
+
}
|
|
144
|
+
else if (typeof raw === 'string') {
|
|
145
|
+
inRecovery = raw === 't' || raw.toLowerCase() === 'true';
|
|
146
|
+
}
|
|
147
|
+
else {
|
|
148
|
+
return false;
|
|
149
|
+
}
|
|
150
|
+
}
|
|
151
|
+
catch {
|
|
152
|
+
return false;
|
|
153
|
+
}
|
|
154
|
+
switch (tsa) {
|
|
155
|
+
case 'read-write':
|
|
156
|
+
case 'primary':
|
|
157
|
+
return !inRecovery;
|
|
158
|
+
case 'read-only':
|
|
159
|
+
case 'standby':
|
|
160
|
+
return inRecovery;
|
|
161
|
+
// 'prefer-standby' is unwrapped by the orchestrator into two passes
|
|
162
|
+
// ('standby' then 'any'), so we never see it here. Fall through to
|
|
163
|
+
// accept-any for safety.
|
|
164
|
+
default:
|
|
165
|
+
return true;
|
|
166
|
+
}
|
|
167
|
+
}
|
|
168
|
+
/**
|
|
169
|
+
* COPY-OUT backpressure thresholds (bytes). When buffered data exceeds the
|
|
170
|
+
* high-water mark we pause the socket; the consumer's `next()` resumes it once
|
|
171
|
+
* it drains below the low-water mark. Bounds RSS for a server that produces
|
|
172
|
+
* rows faster than the sink consumes them (review item #11).
|
|
173
|
+
*/
|
|
174
|
+
const COPY_OUT_HWM = 8 * 1024 * 1024;
|
|
175
|
+
const COPY_OUT_LWM = 1 * 1024 * 1024;
|
|
176
|
+
export class PgConnection {
|
|
177
|
+
/**
|
|
178
|
+
* Queue one COPY-FROM-STDIN data block. Call once per expected
|
|
179
|
+
* CopyInResponse, in the order they will arrive during the upcoming
|
|
180
|
+
* `execSimple`. The mainloop owns the parsing of `\.`-terminated stdin
|
|
181
|
+
* blocks; we just buffer the raw bytes and ship them when the server is
|
|
182
|
+
* ready.
|
|
183
|
+
*/
|
|
184
|
+
queueCopyInData(data) {
|
|
185
|
+
this.copyInMidBatchQueue.push(data);
|
|
186
|
+
}
|
|
187
|
+
/** Drop any queued COPY-FROM-STDIN data blocks. */
|
|
188
|
+
clearCopyInDataQueue() {
|
|
189
|
+
this.copyInMidBatchQueue.length = 0;
|
|
190
|
+
}
|
|
191
|
+
constructor(socket, opts, channelBindingData) {
|
|
192
|
+
this.parser = new MessageParser();
|
|
193
|
+
// -- Backend state
|
|
194
|
+
this.serverVersion = 0;
|
|
195
|
+
this.params = new Map();
|
|
196
|
+
this.processId = 0;
|
|
197
|
+
this.secretKey = 0;
|
|
198
|
+
this.txStatus = 'I';
|
|
199
|
+
// -- Connection state machine
|
|
200
|
+
this.state = 'auth';
|
|
201
|
+
this.pendingQuery = null;
|
|
202
|
+
this.extDriver = null;
|
|
203
|
+
/** True when `pipeline()` has handed out a PipelineSession (WP-21). */
|
|
204
|
+
this._extPipelineActive = false;
|
|
205
|
+
this.copyIn = null;
|
|
206
|
+
this.copyOut = null;
|
|
207
|
+
/**
|
|
208
|
+
* Resolver for `startCopyIn` / `startCopyOut`. Captured when the caller has
|
|
209
|
+
* already wired the `Query(COPY …)` and is now waiting for the server's
|
|
210
|
+
* CopyInResponse / CopyOutResponse to confirm that the protocol switched.
|
|
211
|
+
*/
|
|
212
|
+
this.copyStartResolve = null;
|
|
213
|
+
this.copyStartReject = null;
|
|
214
|
+
/**
|
|
215
|
+
* Last-COPY command tag (e.g. `"COPY 17"`), or `null` if no COPY has run
|
|
216
|
+
* since connection startup. Used by the `\copy` command runner to print the
|
|
217
|
+
* upstream-style "COPY N" footer.
|
|
218
|
+
*/
|
|
219
|
+
this.lastCopyTag = null;
|
|
220
|
+
/**
|
|
221
|
+
* Pre-buffered CopyData payloads keyed to the order of CopyInResponse
|
|
222
|
+
* messages we expect to see during the next `execSimple`. Used to drive
|
|
223
|
+
* `COPY ... FROM STDIN` segments that appear as part of a `\;`-chained
|
|
224
|
+
* simple-query batch — the mainloop pre-scans its input for `\.`-terminated
|
|
225
|
+
* COPY data blocks, hands the bytes in here, and the in-query dispatcher
|
|
226
|
+
* pops the head buffer when a CopyInResponse arrives. Each buffer becomes
|
|
227
|
+
* one CopyData frame followed by CopyDone (the upstream wire shape).
|
|
228
|
+
*
|
|
229
|
+
* If the queue is empty when CopyInResponse arrives, the wire layer falls
|
|
230
|
+
* back to CopyFail so the connection doesn't deadlock.
|
|
231
|
+
*/
|
|
232
|
+
this.copyInMidBatchQueue = [];
|
|
233
|
+
/**
|
|
234
|
+
* Sink for COPY-TO-STDOUT mid-batch data. When `COPY ... TO STDOUT` is one
|
|
235
|
+
* segment of a `\;`-chained simple-query batch, the server pushes CopyData
|
|
236
|
+
* messages to us mid-`execSimple`. With no `startCopyOut` driver active,
|
|
237
|
+
* upstream `handleCopyOut` would write the bytes verbatim to the caller's
|
|
238
|
+
* output stream. We expose a settable sink so the mainloop can wire stdout
|
|
239
|
+
* (or any other WritableStream); if unset, the bytes are dropped (matching
|
|
240
|
+
* libpq's behaviour when `PQexec` lacks a copy handler — the data still
|
|
241
|
+
* gets consumed off the wire so the protocol stays in sync, but is
|
|
242
|
+
* silently discarded).
|
|
243
|
+
*/
|
|
244
|
+
this.copyOutMidBatchSink = null;
|
|
245
|
+
/**
|
|
246
|
+
* Mid-batch COPY-OUT state. While `true`, CopyData/CopyDone messages
|
|
247
|
+
* arriving in `handleQueryMessage` are routed to the sink rather than
|
|
248
|
+
* triggering the "unexpected message" diagnostic. Flipped on by
|
|
249
|
+
* CopyOutResponse and off again when CopyDone arrives.
|
|
250
|
+
*/
|
|
251
|
+
this.copyOutMidBatchActive = false;
|
|
252
|
+
/**
|
|
253
|
+
* Set to `true` once we actually respond to a server password challenge
|
|
254
|
+
* (cleartext, MD5, or the SASL/SCRAM exchange). Mirrors libpq's
|
|
255
|
+
* `conn->password_needed`, which `\conninfo` reports as "Password Used".
|
|
256
|
+
* A trust/cert/peer login leaves this `false` — the password may have been
|
|
257
|
+
* supplied but was never sent.
|
|
258
|
+
*/
|
|
259
|
+
this.passwordUsed = false;
|
|
260
|
+
// -- Async messages
|
|
261
|
+
this.notify = new NoticeMultiplexer();
|
|
262
|
+
// -- Auth state (only used during state=auth)
|
|
263
|
+
this.scram = null;
|
|
264
|
+
/**
|
|
265
|
+
* True once the server has sent ANY authentication challenge (Cleartext,
|
|
266
|
+
* MD5, SASL, ...). Used by the AuthenticationOk handler to distinguish
|
|
267
|
+
* "server picked trust/cert auth" (no challenge, method=`none`) from
|
|
268
|
+
* "server just completed a SASL exchange" (challenge seen, method
|
|
269
|
+
* already validated when the challenge arrived).
|
|
270
|
+
*/
|
|
271
|
+
this.authChallengeSeen = false;
|
|
272
|
+
/**
|
|
273
|
+
* True once `AuthenticationSASLFinal` arrived AND `scram.finish()` verified
|
|
274
|
+
* the server signature (RFC 5802 §3 mutual auth). Used to reject an
|
|
275
|
+
* `AuthenticationOk` that skips SASLFinal — a rogue/MITM server that doesn't
|
|
276
|
+
* know the password could otherwise send SASLContinue then jump straight to
|
|
277
|
+
* AuthenticationOk and never have its signature checked (review item #8).
|
|
278
|
+
*/
|
|
279
|
+
this.saslFinalSeen = false;
|
|
280
|
+
// -- Error-after-close guard
|
|
281
|
+
this.socketError = null;
|
|
282
|
+
this.startupResolve = null;
|
|
283
|
+
this.startupReject = null;
|
|
284
|
+
this.socket = socket;
|
|
285
|
+
this.opts = opts;
|
|
286
|
+
this.channelBindingData = channelBindingData;
|
|
287
|
+
this._password = opts.password ?? null;
|
|
288
|
+
socket.on('data', (chunk) => {
|
|
289
|
+
this.onData(chunk);
|
|
290
|
+
});
|
|
291
|
+
socket.on('error', (err) => {
|
|
292
|
+
this.socketError = err;
|
|
293
|
+
this.failPending(err);
|
|
294
|
+
});
|
|
295
|
+
socket.on('close', () => {
|
|
296
|
+
if (this.state !== 'closed') {
|
|
297
|
+
this.state = 'closed';
|
|
298
|
+
this.failPending(this.socketError ?? new Error('Socket closed'));
|
|
299
|
+
}
|
|
300
|
+
});
|
|
301
|
+
}
|
|
302
|
+
/**
|
|
303
|
+
* Open a Postgres connection. Supports multi-host (`opts.hosts`) with
|
|
304
|
+
* sequential or random iteration, a `target_session_attrs` filter, and the
|
|
305
|
+
* libpq-style `prefer-standby` two-pass fallback.
|
|
306
|
+
*
|
|
307
|
+
* Iteration semantics:
|
|
308
|
+
* 1. Build the candidate list from `opts.hosts` (preferred) or
|
|
309
|
+
* `[{host: opts.host, port: opts.port}]`.
|
|
310
|
+
* 2. If `loadBalanceHosts === 'random'`, Fisher-Yates shuffle in place.
|
|
311
|
+
* 3. For each candidate (in order), attempt: openSocket → TLS → auth →
|
|
312
|
+
* startup. On failure, record the error and try the next.
|
|
313
|
+
* 4. On successful handshake, if `target_session_attrs` is restrictive,
|
|
314
|
+
* run `SELECT pg_is_in_recovery()`. If the role doesn't match, close
|
|
315
|
+
* this connection and try the next.
|
|
316
|
+
* 5. `prefer-standby` runs TWO passes: first accepting only standbys,
|
|
317
|
+
* second falling back to any host.
|
|
318
|
+
* 6. If no candidate succeeds, throw the LAST encountered error
|
|
319
|
+
* (preserves the most-recent failure mode for diagnostics).
|
|
320
|
+
*/
|
|
321
|
+
static async connect(opts) {
|
|
322
|
+
const seed = opts.hosts !== undefined && opts.hosts.length > 0
|
|
323
|
+
? [...opts.hosts]
|
|
324
|
+
: [{ host: opts.host, port: opts.port }];
|
|
325
|
+
// DNS fan-out: a single hostname can resolve to multiple A/AAAA records,
|
|
326
|
+
// and libpq treats each resulting IP as its own candidate so the
|
|
327
|
+
// iteration walks the FLAT (ip, port) list, not the (hostname, port)
|
|
328
|
+
// list. Each candidate carries BOTH the original hostname (for TLS
|
|
329
|
+
// SNI / SAN verification + `conn.host` reporting) AND the resolved
|
|
330
|
+
// address (used only by `net.connect`). Unix-domain socket paths
|
|
331
|
+
// and IP literals bypass the lookup — they become `{host, port}`
|
|
332
|
+
// with no address override.
|
|
333
|
+
//
|
|
334
|
+
// Active for every mode, not just `load_balance_hosts=random`: even
|
|
335
|
+
// `disable` benefits from the fall-through behaviour when the first
|
|
336
|
+
// A record is dead. Mirrors upstream `004_load_balance_dns.pl`.
|
|
337
|
+
//
|
|
338
|
+
// `hostaddr` short-circuits the lookup entirely: libpq connects to the
|
|
339
|
+
// fixed IP without consulting DNS while still using `host` for TLS SNI /
|
|
340
|
+
// certificate hostname verification. We map this onto the same
|
|
341
|
+
// `addressOverride` seam the DNS fan-out uses — the literal IP becomes
|
|
342
|
+
// the candidate's `address`, and `host` (the user-typed name) is
|
|
343
|
+
// preserved for SNI / `conn.host`. Only the single-host form carries a
|
|
344
|
+
// `hostaddr`; libpq does not support a hostaddr-per-host list here.
|
|
345
|
+
const candidates = opts.hostaddr !== undefined && opts.hostaddr !== ''
|
|
346
|
+
? seed.map((c) => ({
|
|
347
|
+
host: c.host,
|
|
348
|
+
address: opts.hostaddr,
|
|
349
|
+
port: c.port,
|
|
350
|
+
}))
|
|
351
|
+
: await expandHostsViaDns(seed);
|
|
352
|
+
if (opts.loadBalanceHosts === 'random') {
|
|
353
|
+
shuffleInPlace(candidates, PgConnection._loadBalanceRng ?? Math.random);
|
|
354
|
+
}
|
|
355
|
+
const tsa = opts.targetSessionAttrs ?? 'any';
|
|
356
|
+
// `prefer-standby` runs two passes: first 'standby', then 'any'. Every
|
|
357
|
+
// other mode runs a single pass with the literal target.
|
|
358
|
+
const passes = tsa === 'prefer-standby' ? ['standby', 'any'] : [tsa];
|
|
359
|
+
let lastErr = null;
|
|
360
|
+
for (const passTsa of passes) {
|
|
361
|
+
for (const candidate of candidates) {
|
|
362
|
+
const candidateOpts = {
|
|
363
|
+
...opts,
|
|
364
|
+
host: candidate.host,
|
|
365
|
+
port: candidate.port,
|
|
366
|
+
};
|
|
367
|
+
let conn;
|
|
368
|
+
try {
|
|
369
|
+
conn = await PgConnection.connectSingle(candidateOpts, candidate.address);
|
|
370
|
+
}
|
|
371
|
+
catch (err) {
|
|
372
|
+
lastErr = err;
|
|
373
|
+
continue;
|
|
374
|
+
}
|
|
375
|
+
// Apply target_session_attrs filter via pg_is_in_recovery().
|
|
376
|
+
const accepted = await checkSessionAttrs(conn, passTsa);
|
|
377
|
+
if (accepted) {
|
|
378
|
+
return conn;
|
|
379
|
+
}
|
|
380
|
+
// Mismatch: close this connection and move on.
|
|
381
|
+
try {
|
|
382
|
+
await conn.close();
|
|
383
|
+
}
|
|
384
|
+
catch {
|
|
385
|
+
// ignore
|
|
386
|
+
}
|
|
387
|
+
lastErr = new Error(`target_session_attrs=${String(passTsa)} did not match host ${candidate.host}:${String(candidate.port)}`);
|
|
388
|
+
}
|
|
389
|
+
}
|
|
390
|
+
if (lastErr !== null) {
|
|
391
|
+
// `throw lastErr` would trip the `only-throw-error` lint rule because
|
|
392
|
+
// `lastErr` is typed `unknown`. Normalise to an Error for the throw
|
|
393
|
+
// while preserving the original via `cause` so callers can introspect.
|
|
394
|
+
if (lastErr instanceof Error)
|
|
395
|
+
throw lastErr;
|
|
396
|
+
let message;
|
|
397
|
+
if (typeof lastErr === 'object' &&
|
|
398
|
+
lastErr !== null &&
|
|
399
|
+
'message' in lastErr &&
|
|
400
|
+
typeof lastErr.message === 'string') {
|
|
401
|
+
message = lastErr.message;
|
|
402
|
+
}
|
|
403
|
+
else if (typeof lastErr === 'string' ||
|
|
404
|
+
typeof lastErr === 'number' ||
|
|
405
|
+
typeof lastErr === 'boolean') {
|
|
406
|
+
message = String(lastErr);
|
|
407
|
+
}
|
|
408
|
+
else {
|
|
409
|
+
message = 'PgConnection.connect: unknown error';
|
|
410
|
+
}
|
|
411
|
+
const wrapped = new Error(message);
|
|
412
|
+
wrapped.cause = lastErr;
|
|
413
|
+
throw wrapped;
|
|
414
|
+
}
|
|
415
|
+
throw new Error('PgConnection.connect: no candidate hosts configured');
|
|
416
|
+
}
|
|
417
|
+
/**
|
|
418
|
+
* Per-host connect attempt: open the socket, negotiate TLS, run the auth
|
|
419
|
+
* dance, complete startup. Same shape as the pre-multihost `connect()`;
|
|
420
|
+
* the multi-host orchestrator above wraps this for each candidate.
|
|
421
|
+
*/
|
|
422
|
+
static async connectSingle(opts,
|
|
423
|
+
/**
|
|
424
|
+
* Optional resolved IP address. When set, `openSocket` uses it for the
|
|
425
|
+
* actual `net.connect({host: address})`. `opts.host` remains the
|
|
426
|
+
* user-typed hostname so TLS SNI / SAN verification and `conn.host`
|
|
427
|
+
* report the original identity. Set by the DNS fan-out in `connect()`.
|
|
428
|
+
*/
|
|
429
|
+
addressOverride) {
|
|
430
|
+
// TLS over Unix-domain sockets is meaningless (the kernel guarantees
|
|
431
|
+
// the channel) and libpq refuses `sslmode=require|verify-*` for socket
|
|
432
|
+
// connections. We mirror the early rejection so a misconfigured caller
|
|
433
|
+
// gets a clear diagnostic instead of a confused TLS handshake.
|
|
434
|
+
if (isUnixSocketHost(opts.host) &&
|
|
435
|
+
(opts.ssl === 'require' ||
|
|
436
|
+
opts.ssl === 'verify-ca' ||
|
|
437
|
+
opts.ssl === 'verify-full')) {
|
|
438
|
+
throw new Error(`sslmode=${opts.ssl} is not supported over Unix-domain sockets (host=${opts.host})`);
|
|
439
|
+
}
|
|
440
|
+
// libpq `requirepeer`: for Unix-domain sockets, libpq verifies the server
|
|
441
|
+
// process runs as the named OS user via peer credentials (getpeereid /
|
|
442
|
+
// SO_PEERCRED). Node exposes NO portable peer-credential API for Unix
|
|
443
|
+
// sockets, so we CANNOT enforce this. We honestly do NOT verify it — to
|
|
444
|
+
// avoid pretending a security check passed, we reject the connection with
|
|
445
|
+
// a clear diagnostic when `requirepeer` is set on a socket connection,
|
|
446
|
+
// rather than silently connecting as if the check had succeeded. (TCP
|
|
447
|
+
// connections ignore `requirepeer`, matching libpq.)
|
|
448
|
+
if (isUnixSocketHost(opts.host) &&
|
|
449
|
+
opts.requirepeer !== undefined &&
|
|
450
|
+
opts.requirepeer !== '') {
|
|
451
|
+
throw new Error(`requirepeer="${opts.requirepeer}" cannot be enforced: Node provides no ` +
|
|
452
|
+
`Unix-domain socket peer-credential API; refusing to connect rather ` +
|
|
453
|
+
`than skip the check`);
|
|
454
|
+
}
|
|
455
|
+
const rawSocket = await openSocket(opts, addressOverride);
|
|
456
|
+
let socket = rawSocket;
|
|
457
|
+
let channelBindingData = null;
|
|
458
|
+
try {
|
|
459
|
+
// verify-ca skips hostname check; verify-full = default Node behavior.
|
|
460
|
+
// require/prefer/allow accept any cert chain (libpq default).
|
|
461
|
+
// NOTE: do NOT set `checkServerIdentity: undefined` — newer Node
|
|
462
|
+
// versions reject that with "must be of type function". Omit the
|
|
463
|
+
// property when verify-full so the default validator runs.
|
|
464
|
+
// libpq `sslsni=0` suppresses the TLS SNI extension: omit `servername`
|
|
465
|
+
// entirely so no hostname is sent in the ClientHello. Default (unset /
|
|
466
|
+
// true) sends SNI = the connection host, as libpq does.
|
|
467
|
+
const servername = tlsServername(opts);
|
|
468
|
+
const tlsConnectionOptions = {
|
|
469
|
+
...(servername !== undefined ? { servername } : {}),
|
|
470
|
+
rejectUnauthorized: opts.ssl === 'verify-ca' || opts.ssl === 'verify-full',
|
|
471
|
+
// PG 17+ advertises ALPN for the 'postgresql' protocol; libpq sets
|
|
472
|
+
// this so a future-proof TLS proxy can route on ALPN instead of
|
|
473
|
+
// probing the wire. Always offer it — older servers ignore.
|
|
474
|
+
ALPNProtocols: ['postgresql'],
|
|
475
|
+
// Cipher preference is left to the runtime's TLS library. Our
|
|
476
|
+
// ClientHello offers the byte-identical TLS-1.3 ciphersuite list and
|
|
477
|
+
// order as libpq (AES-256-GCM, ChaCha20, AES-128-GCM), so the suite
|
|
478
|
+
// is the server's choice from an identical offer. Under Node
|
|
479
|
+
// (OpenSSL) that lands on AES-256-GCM, matching vanilla psql; under
|
|
480
|
+
// Bun (BoringSSL) it lands on AES-128-GCM. Both are TLS-1.3 AEAD
|
|
481
|
+
// suites with no practical security difference, and neither runtime
|
|
482
|
+
// exposes a client-side knob to steer TLS-1.3 selection (`ciphers`
|
|
483
|
+
// is TLS-1.2-only; `ciphersuites`/secureContext are ignored for the
|
|
484
|
+
// client offer), so this is left as-is.
|
|
485
|
+
};
|
|
486
|
+
if (opts.ssl !== 'verify-full') {
|
|
487
|
+
tlsConnectionOptions.checkServerIdentity = () => undefined;
|
|
488
|
+
}
|
|
489
|
+
else if (opts.sslsni === false) {
|
|
490
|
+
// verify-full still verifies the peer name against `host`, but with
|
|
491
|
+
// SNI suppressed Node has no `servername` to drive its default
|
|
492
|
+
// identity check — so verify explicitly against the connection host.
|
|
493
|
+
// (libpq decouples SNI (sslsni) from peer-name verification (sslmode);
|
|
494
|
+
// we mirror that here.)
|
|
495
|
+
tlsConnectionOptions.checkServerIdentity = (_host, cert) => tls.checkServerIdentity(opts.host, cert);
|
|
496
|
+
}
|
|
497
|
+
applyTlsProtocolVersionRange(tlsConnectionOptions, opts);
|
|
498
|
+
const tlsResult = await negotiateTls(rawSocket,
|
|
499
|
+
// libpq refuses TLS on a socket connection even for sslmode=allow /
|
|
500
|
+
// prefer — instead of negotiating it just stays plain. We short-
|
|
501
|
+
// circuit by passing 'disable' to negotiateTls; the caller's
|
|
502
|
+
// requested sslmode is preserved on opts for error reporting.
|
|
503
|
+
isUnixSocketHost(opts.host) ? 'disable' : opts.ssl, tlsConnectionOptions, {
|
|
504
|
+
sslcert: opts.sslcert,
|
|
505
|
+
sslkey: opts.sslkey,
|
|
506
|
+
sslcertmode: opts.sslcertmode,
|
|
507
|
+
sslpassword: opts.sslpassword,
|
|
508
|
+
sslrootcert: opts.sslrootcert,
|
|
509
|
+
sslcrl: opts.sslcrl,
|
|
510
|
+
sslcrldir: opts.sslcrldir,
|
|
511
|
+
sslkeylogfile: opts.sslkeylogfile,
|
|
512
|
+
},
|
|
513
|
+
// libpq `sslnegotiation=direct` (PG 17+): start TLS without the
|
|
514
|
+
// SSLRequest probe. Never reached for Unix-domain sockets (forced to
|
|
515
|
+
// sslmode 'disable' above) — direct SSL is a TCP-only concept. The
|
|
516
|
+
// ALPN protocol is already on `tlsConnectionOptions` for both paths.
|
|
517
|
+
isUnixSocketHost(opts.host)
|
|
518
|
+
? 'postgres'
|
|
519
|
+
: (opts.sslnegotiation ?? 'postgres'));
|
|
520
|
+
if (tlsResult.kind === 'tls') {
|
|
521
|
+
socket = tlsResult.socket;
|
|
522
|
+
channelBindingData = tlsResult.channelBindingData;
|
|
523
|
+
}
|
|
524
|
+
else {
|
|
525
|
+
socket = tlsResult.socket;
|
|
526
|
+
}
|
|
527
|
+
}
|
|
528
|
+
catch (err) {
|
|
529
|
+
try {
|
|
530
|
+
rawSocket.destroy();
|
|
531
|
+
}
|
|
532
|
+
catch {
|
|
533
|
+
// ignore
|
|
534
|
+
}
|
|
535
|
+
throw err;
|
|
536
|
+
}
|
|
537
|
+
const conn = new PgConnection(socket, opts, channelBindingData);
|
|
538
|
+
await conn.startup();
|
|
539
|
+
return conn;
|
|
540
|
+
}
|
|
541
|
+
// -------------------------------------------------------------------------
|
|
542
|
+
// Connection interface — public methods
|
|
543
|
+
// -------------------------------------------------------------------------
|
|
544
|
+
parameterStatus(name) {
|
|
545
|
+
return this.params.get(name);
|
|
546
|
+
}
|
|
547
|
+
/**
|
|
548
|
+
* Expose the connection target as `meta.database` / `meta.user` / `meta.host`
|
|
549
|
+
* / `meta.port` / `meta.pid` so the prompt renderer (which duck-types these
|
|
550
|
+
* via `MaybeWithMeta`) can render `%/`, `%n`, `%m`, `%>`, `%p` without
|
|
551
|
+
* additional plumbing. Postgres doesn't emit a `database` ParameterStatus,
|
|
552
|
+
* so these come from the connect opts / BackendKeyData.
|
|
553
|
+
*/
|
|
554
|
+
get database() {
|
|
555
|
+
return this.opts.database;
|
|
556
|
+
}
|
|
557
|
+
get user() {
|
|
558
|
+
return this.opts.user;
|
|
559
|
+
}
|
|
560
|
+
get host() {
|
|
561
|
+
return this.opts.host;
|
|
562
|
+
}
|
|
563
|
+
get port() {
|
|
564
|
+
return this.opts.port;
|
|
565
|
+
}
|
|
566
|
+
get pid() {
|
|
567
|
+
return this.processId;
|
|
568
|
+
}
|
|
569
|
+
/**
|
|
570
|
+
* The password supplied at connect time (or `null`). Mirrors libpq's
|
|
571
|
+
* retention of the password on the live `PGconn` so `\c <newdb>` can
|
|
572
|
+
* reconnect transparently. Read-only by design — the field is set once in
|
|
573
|
+
* the constructor and never mutated.
|
|
574
|
+
*/
|
|
575
|
+
get password() {
|
|
576
|
+
return this._password;
|
|
577
|
+
}
|
|
578
|
+
/**
|
|
579
|
+
* If the connection was upgraded to TLS during negotiation, return the
|
|
580
|
+
* cipher info for the active session. Returns `null` for plain-text
|
|
581
|
+
* connections. Used by the startup banner to render an `SSL connection
|
|
582
|
+
* (protocol: …, cipher: …)` line that mirrors upstream psql, and by
|
|
583
|
+
* `\conninfo` (PG18 connection-information table) to fill the SSL rows.
|
|
584
|
+
*/
|
|
585
|
+
getTlsInfo() {
|
|
586
|
+
const s = this.socket;
|
|
587
|
+
if (typeof s.getCipher !== 'function')
|
|
588
|
+
return null;
|
|
589
|
+
try {
|
|
590
|
+
const cipher = s.getCipher();
|
|
591
|
+
const protocol = s.getProtocol?.() ?? cipher.version ?? 'unknown';
|
|
592
|
+
if (!cipher.name)
|
|
593
|
+
return null;
|
|
594
|
+
// TLS compression has been disabled by every modern stack since CRIME
|
|
595
|
+
// (2012); Node's TLS doesn't expose a compression accessor, so we
|
|
596
|
+
// always report "off". libpq does the same.
|
|
597
|
+
const compression = 'off';
|
|
598
|
+
// Node exposes the negotiated ALPN protocol on TLSSocket.alpnProtocol
|
|
599
|
+
// (string when negotiated, false when not). Postgres 17+ uses
|
|
600
|
+
// 'postgresql' here.
|
|
601
|
+
const alpnRaw = s
|
|
602
|
+
.alpnProtocol;
|
|
603
|
+
const alpn = typeof alpnRaw === 'string' && alpnRaw.length > 0 ? alpnRaw : null;
|
|
604
|
+
return {
|
|
605
|
+
protocol: String(protocol),
|
|
606
|
+
cipher: cipher.standardName ?? cipher.name,
|
|
607
|
+
standardName: cipher.standardName,
|
|
608
|
+
compression,
|
|
609
|
+
alpn,
|
|
610
|
+
library: 'OpenSSL',
|
|
611
|
+
keyBits: sslKeyBitsFromCipher(cipher.standardName ?? cipher.name),
|
|
612
|
+
};
|
|
613
|
+
}
|
|
614
|
+
catch {
|
|
615
|
+
return null;
|
|
616
|
+
}
|
|
617
|
+
}
|
|
618
|
+
/**
|
|
619
|
+
* Static connection facts for the PG18 `\conninfo` table, sourced from the
|
|
620
|
+
* connect opts and the live socket (no SQL is issued):
|
|
621
|
+
*
|
|
622
|
+
* - `host` / `port` / `options`: from the connect opts.
|
|
623
|
+
* - `hostaddr`: the resolved peer IP — `opts.hostaddr` if the caller
|
|
624
|
+
* fixed one, else the TCP socket's `remoteAddress` (undefined for a
|
|
625
|
+
* Unix-domain socket → `null`).
|
|
626
|
+
* - `backendPid`: the backend process id from BackendKeyData.
|
|
627
|
+
* - `passwordUsed`: whether a password was actually sent during auth.
|
|
628
|
+
* - `gssapiUsed`: always `false` — we have no GSSAPI support.
|
|
629
|
+
*/
|
|
630
|
+
getConnectionInfo() {
|
|
631
|
+
const remote = this.opts.hostaddr !== undefined && this.opts.hostaddr !== ''
|
|
632
|
+
? this.opts.hostaddr
|
|
633
|
+
: (this.socket.remoteAddress ?? null);
|
|
634
|
+
return {
|
|
635
|
+
host: this.opts.host,
|
|
636
|
+
hostaddr: remote,
|
|
637
|
+
port: this.opts.port,
|
|
638
|
+
options: this.opts.options ?? null,
|
|
639
|
+
backendPid: this.processId,
|
|
640
|
+
passwordUsed: this.passwordUsed,
|
|
641
|
+
gssapiUsed: false,
|
|
642
|
+
};
|
|
643
|
+
}
|
|
644
|
+
async query(sql, params) {
|
|
645
|
+
// `params === undefined` → caller has no intent to use extended protocol
|
|
646
|
+
// (e.g. a buffered SQL run without `\bind`). Use the simple-query path so
|
|
647
|
+
// chained `\;`-separated statements still work via `PQexec`-shaped
|
|
648
|
+
// semantics.
|
|
649
|
+
//
|
|
650
|
+
// `params` defined (even as `[]`) → caller staged a `\bind` (or a
|
|
651
|
+
// describe-formatter explicitly asking for the extended path). The
|
|
652
|
+
// extended protocol sends a single Parse message verbatim; the server
|
|
653
|
+
// rejects multi-statement SQL with SQLSTATE 42601 / "cannot insert
|
|
654
|
+
// multiple commands into a prepared statement", which is the upstream
|
|
655
|
+
// contract for `\bind`/`\parse`. Switching on length === 0 would silently
|
|
656
|
+
// fall back to simple-query and mask that diagnostic.
|
|
657
|
+
if (params === undefined) {
|
|
658
|
+
const sets = await this.execSimple(sql);
|
|
659
|
+
if (sets.length === 0) {
|
|
660
|
+
throw new Error('PgConnection.query: server returned no result sets');
|
|
661
|
+
}
|
|
662
|
+
return sets[sets.length - 1];
|
|
663
|
+
}
|
|
664
|
+
// Extended-protocol single-shot: Parse('', sql, []) → Bind('', '', [],
|
|
665
|
+
// text-encoded params, [text]) → Describe('P', '') → Execute('', 0) →
|
|
666
|
+
// Sync. Every param goes out in text format and the server coerces.
|
|
667
|
+
this.ensureIdle();
|
|
668
|
+
const encoded = encodeParams(params);
|
|
669
|
+
this.startExtendedBatch();
|
|
670
|
+
const parseP = this.enqueueParse();
|
|
671
|
+
const bindP = this.enqueueBind();
|
|
672
|
+
const descP = this.enqueueDescribePortalIntoNextExecute();
|
|
673
|
+
const execP = this.enqueueExecute();
|
|
674
|
+
const syncP = this.enqueueSync();
|
|
675
|
+
this.socket.write(Parse('', sql, []));
|
|
676
|
+
this.socket.write(Bind('', '', [], encoded, [0]));
|
|
677
|
+
this.socket.write(Describe('P', ''));
|
|
678
|
+
this.socket.write(Execute('', 0));
|
|
679
|
+
this.socket.write(Sync());
|
|
680
|
+
let firstErr = null;
|
|
681
|
+
const cap = (e) => {
|
|
682
|
+
if (firstErr === null)
|
|
683
|
+
firstErr = e;
|
|
684
|
+
};
|
|
685
|
+
parseP.catch(cap);
|
|
686
|
+
bindP.catch(cap);
|
|
687
|
+
descP.catch(cap);
|
|
688
|
+
let result = null;
|
|
689
|
+
execP.then((rs) => {
|
|
690
|
+
result = rs;
|
|
691
|
+
}, cap);
|
|
692
|
+
await syncP.catch(cap);
|
|
693
|
+
if (firstErr !== null)
|
|
694
|
+
throw asThrowable(firstErr);
|
|
695
|
+
if (result === null) {
|
|
696
|
+
throw new Error('PgConnection.query: server returned no result');
|
|
697
|
+
}
|
|
698
|
+
return result;
|
|
699
|
+
}
|
|
700
|
+
async execSimple(sql) {
|
|
701
|
+
this.ensureIdle();
|
|
702
|
+
return new Promise((resolve, reject) => {
|
|
703
|
+
this.pendingQuery = {
|
|
704
|
+
resolve,
|
|
705
|
+
reject,
|
|
706
|
+
current: null,
|
|
707
|
+
finished: [],
|
|
708
|
+
notices: [],
|
|
709
|
+
error: null,
|
|
710
|
+
};
|
|
711
|
+
this.state = 'in-query';
|
|
712
|
+
this.socket.write(Query(sql));
|
|
713
|
+
});
|
|
714
|
+
}
|
|
715
|
+
async prepare(name, sql, paramTypes) {
|
|
716
|
+
this.ensureIdle();
|
|
717
|
+
const oids = paramTypes ?? [];
|
|
718
|
+
this.startExtendedBatch();
|
|
719
|
+
const parseP = this.enqueueParse();
|
|
720
|
+
const descP = this.enqueueDescribeStatement();
|
|
721
|
+
const syncP = this.enqueueSync();
|
|
722
|
+
this.socket.write(Parse(name, sql, oids));
|
|
723
|
+
this.socket.write(Describe('S', name));
|
|
724
|
+
this.socket.write(Sync());
|
|
725
|
+
let firstErr = null;
|
|
726
|
+
const cap = (e) => {
|
|
727
|
+
if (firstErr === null)
|
|
728
|
+
firstErr = e;
|
|
729
|
+
};
|
|
730
|
+
parseP.catch(cap);
|
|
731
|
+
let descResult = null;
|
|
732
|
+
descP.then((r) => {
|
|
733
|
+
descResult = r;
|
|
734
|
+
}, cap);
|
|
735
|
+
await syncP.catch(cap);
|
|
736
|
+
if (firstErr !== null)
|
|
737
|
+
throw asThrowable(firstErr);
|
|
738
|
+
if (descResult === null) {
|
|
739
|
+
throw new Error('PgConnection.prepare: server returned no parameter description');
|
|
740
|
+
}
|
|
741
|
+
const { paramOids, fields } = descResult;
|
|
742
|
+
// eslint-disable-next-line @typescript-eslint/no-this-alias
|
|
743
|
+
const conn = this;
|
|
744
|
+
return {
|
|
745
|
+
name,
|
|
746
|
+
paramTypes: paramOids,
|
|
747
|
+
async bind(values, paramFormats) {
|
|
748
|
+
conn.ensureIdle();
|
|
749
|
+
const encoded = encodeParams(values);
|
|
750
|
+
conn.startExtendedBatch();
|
|
751
|
+
const bP = conn.enqueueBind();
|
|
752
|
+
const sP = conn.enqueueSync();
|
|
753
|
+
conn.socket.write(Bind('', name, paramFormats ?? [], encoded, [0]));
|
|
754
|
+
conn.socket.write(Sync());
|
|
755
|
+
let err = null;
|
|
756
|
+
bP.catch((e) => {
|
|
757
|
+
if (err === null)
|
|
758
|
+
err = e;
|
|
759
|
+
});
|
|
760
|
+
await sP.catch((e) => {
|
|
761
|
+
if (err === null)
|
|
762
|
+
err = e;
|
|
763
|
+
});
|
|
764
|
+
if (err !== null)
|
|
765
|
+
throw asThrowable(err);
|
|
766
|
+
},
|
|
767
|
+
describe() {
|
|
768
|
+
return Promise.resolve(fields);
|
|
769
|
+
},
|
|
770
|
+
async execute(maxRows) {
|
|
771
|
+
conn.ensureIdle();
|
|
772
|
+
conn.startExtendedBatch();
|
|
773
|
+
const eP = conn.enqueueExecuteWithFields(fields);
|
|
774
|
+
const sP = conn.enqueueSync();
|
|
775
|
+
conn.socket.write(Execute('', maxRows ?? 0));
|
|
776
|
+
conn.socket.write(Sync());
|
|
777
|
+
let err = null;
|
|
778
|
+
let rs = null;
|
|
779
|
+
eP.then((r) => {
|
|
780
|
+
rs = r;
|
|
781
|
+
}, (e) => {
|
|
782
|
+
if (err === null)
|
|
783
|
+
err = e;
|
|
784
|
+
});
|
|
785
|
+
await sP.catch((e) => {
|
|
786
|
+
if (err === null)
|
|
787
|
+
err = e;
|
|
788
|
+
});
|
|
789
|
+
if (err !== null)
|
|
790
|
+
throw asThrowable(err);
|
|
791
|
+
if (rs === null) {
|
|
792
|
+
throw new Error('PgConnection.prepare.execute: server returned no result');
|
|
793
|
+
}
|
|
794
|
+
return rs;
|
|
795
|
+
},
|
|
796
|
+
async bindAndExecute(values, maxRows, paramFormats) {
|
|
797
|
+
conn.ensureIdle();
|
|
798
|
+
const encoded = encodeParams(values);
|
|
799
|
+
conn.startExtendedBatch();
|
|
800
|
+
const bP = conn.enqueueBind();
|
|
801
|
+
const eP = conn.enqueueExecuteWithFields(fields);
|
|
802
|
+
const sP = conn.enqueueSync();
|
|
803
|
+
conn.socket.write(Bind('', name, paramFormats ?? [], encoded, [0]));
|
|
804
|
+
conn.socket.write(Execute('', maxRows ?? 0));
|
|
805
|
+
conn.socket.write(Sync());
|
|
806
|
+
let err = null;
|
|
807
|
+
let rs = null;
|
|
808
|
+
bP.catch((e) => {
|
|
809
|
+
if (err === null)
|
|
810
|
+
err = e;
|
|
811
|
+
});
|
|
812
|
+
eP.then((r) => {
|
|
813
|
+
rs = r;
|
|
814
|
+
}, (e) => {
|
|
815
|
+
if (err === null)
|
|
816
|
+
err = e;
|
|
817
|
+
});
|
|
818
|
+
await sP.catch((e) => {
|
|
819
|
+
if (err === null)
|
|
820
|
+
err = e;
|
|
821
|
+
});
|
|
822
|
+
if (err !== null)
|
|
823
|
+
throw asThrowable(err);
|
|
824
|
+
if (rs === null) {
|
|
825
|
+
throw new Error('PgConnection.prepare.bindAndExecute: server returned no result');
|
|
826
|
+
}
|
|
827
|
+
return rs;
|
|
828
|
+
},
|
|
829
|
+
async close() {
|
|
830
|
+
conn.ensureIdle();
|
|
831
|
+
conn.startExtendedBatch();
|
|
832
|
+
const cP = conn.enqueueClose();
|
|
833
|
+
const sP = conn.enqueueSync();
|
|
834
|
+
conn.socket.write(Close('S', name));
|
|
835
|
+
conn.socket.write(Sync());
|
|
836
|
+
let err = null;
|
|
837
|
+
cP.catch((e) => {
|
|
838
|
+
if (err === null)
|
|
839
|
+
err = e;
|
|
840
|
+
});
|
|
841
|
+
await sP.catch((e) => {
|
|
842
|
+
if (err === null)
|
|
843
|
+
err = e;
|
|
844
|
+
});
|
|
845
|
+
if (err !== null)
|
|
846
|
+
throw asThrowable(err);
|
|
847
|
+
},
|
|
848
|
+
};
|
|
849
|
+
}
|
|
850
|
+
/**
|
|
851
|
+
* Issue `Close('S', name) + Sync` directly, without a preceding Parse.
|
|
852
|
+
* The server responds with CloseComplete + ReadyForQuery (even when
|
|
853
|
+
* the named statement doesn't exist — PG treats unknown-name Close as
|
|
854
|
+
* a no-op). Used by `\close_prepared NAME` so we don't have to fake a
|
|
855
|
+
* Parse just to reach the Close step.
|
|
856
|
+
*/
|
|
857
|
+
async closePreparedStatement(name) {
|
|
858
|
+
this.ensureIdle();
|
|
859
|
+
this.startExtendedBatch();
|
|
860
|
+
const cP = this.enqueueClose();
|
|
861
|
+
const sP = this.enqueueSync();
|
|
862
|
+
this.socket.write(Close('S', name));
|
|
863
|
+
this.socket.write(Sync());
|
|
864
|
+
let err = null;
|
|
865
|
+
cP.catch((e) => {
|
|
866
|
+
if (err === null)
|
|
867
|
+
err = e;
|
|
868
|
+
});
|
|
869
|
+
await sP.catch((e) => {
|
|
870
|
+
if (err === null)
|
|
871
|
+
err = e;
|
|
872
|
+
});
|
|
873
|
+
if (err !== null)
|
|
874
|
+
throw asThrowable(err);
|
|
875
|
+
}
|
|
876
|
+
startCopyIn(sql) {
|
|
877
|
+
this.ensureIdle();
|
|
878
|
+
// COPY mid-pipeline is rejected by libpq with a fixed diagnostic; we
|
|
879
|
+
// mirror that synchronously so callers don't need a round-trip to learn
|
|
880
|
+
// their command is invalid. The wire-level dispatch also guards this
|
|
881
|
+
// (see handleCopyStartMessage) for any path that bypasses this check.
|
|
882
|
+
if (this._extPipelineActive) {
|
|
883
|
+
this.abortForCopyInPipeline();
|
|
884
|
+
return Promise.reject(Object.assign(new Error('COPY in a pipeline is not supported, aborting connection'), { severity: 'FATAL' }));
|
|
885
|
+
}
|
|
886
|
+
// The driver waits in `in-query` state until CopyInResponse arrives — at
|
|
887
|
+
// which point the protocol switches and we move to `in-copy-in`. The
|
|
888
|
+
// server can also reply with an ErrorResponse (e.g. "no such table"),
|
|
889
|
+
// which we surface as a rejected promise.
|
|
890
|
+
return new Promise((resolve, reject) => {
|
|
891
|
+
this.copyIn = {
|
|
892
|
+
resolveDone: null,
|
|
893
|
+
rejectDone: null,
|
|
894
|
+
error: null,
|
|
895
|
+
commandTag: null,
|
|
896
|
+
closed: false,
|
|
897
|
+
};
|
|
898
|
+
this.copyStartResolve = () => {
|
|
899
|
+
// The protocol-switch landed; hand the caller a usable stream.
|
|
900
|
+
resolve(this.makeCopyInStream());
|
|
901
|
+
};
|
|
902
|
+
this.copyStartReject = reject;
|
|
903
|
+
this.state = 'in-query';
|
|
904
|
+
this.socket.write(Query(sql));
|
|
905
|
+
});
|
|
906
|
+
}
|
|
907
|
+
startCopyOut(sql) {
|
|
908
|
+
this.ensureIdle();
|
|
909
|
+
if (this._extPipelineActive) {
|
|
910
|
+
this.abortForCopyInPipeline();
|
|
911
|
+
return Promise.reject(Object.assign(new Error('COPY in a pipeline is not supported, aborting connection'), { severity: 'FATAL' }));
|
|
912
|
+
}
|
|
913
|
+
return new Promise((resolve, reject) => {
|
|
914
|
+
this.copyOut = {
|
|
915
|
+
queue: [],
|
|
916
|
+
queuedBytes: 0,
|
|
917
|
+
waker: null,
|
|
918
|
+
done: false,
|
|
919
|
+
abandoned: false,
|
|
920
|
+
error: null,
|
|
921
|
+
commandTag: null,
|
|
922
|
+
};
|
|
923
|
+
this.copyStartResolve = () => {
|
|
924
|
+
resolve(this.makeCopyOutStream());
|
|
925
|
+
};
|
|
926
|
+
this.copyStartReject = reject;
|
|
927
|
+
this.state = 'in-query';
|
|
928
|
+
this.socket.write(Query(sql));
|
|
929
|
+
});
|
|
930
|
+
}
|
|
931
|
+
pipeline() {
|
|
932
|
+
this.ensureIdle();
|
|
933
|
+
return new PipelineSession(this);
|
|
934
|
+
}
|
|
935
|
+
/**
|
|
936
|
+
* Cancel whatever the connection is currently doing.
|
|
937
|
+
*
|
|
938
|
+
* The routing is state-aware so the mainloop SIGINT handler can call this
|
|
939
|
+
* blindly without knowing the protocol phase:
|
|
940
|
+
*
|
|
941
|
+
* - `in-copy-in`: we hold the writing end of the data stream, so the
|
|
942
|
+
* correct action is a client-initiated CopyFail on the *same* socket.
|
|
943
|
+
* Sending a side CancelRequest would race with our own pending writes;
|
|
944
|
+
* CopyFail is the spec-blessed abort path. The server replies with
|
|
945
|
+
* ErrorResponse + ReadyForQuery and we transition back to idle.
|
|
946
|
+
* - `in-copy-out`: the server is pushing data at us. CopyFail is not a
|
|
947
|
+
* valid client message here, so we fall back to the side CancelRequest
|
|
948
|
+
* path that normal queries use. PG will surface an ErrorResponse and
|
|
949
|
+
* tear the COPY down.
|
|
950
|
+
* - everything else: side CancelRequest, the historical behaviour.
|
|
951
|
+
*
|
|
952
|
+
* Best-effort. We don't reject if BackendKeyData hasn't arrived yet
|
|
953
|
+
* during the auth dance — there's nothing to cancel; we just return.
|
|
954
|
+
*/
|
|
955
|
+
async cancel() {
|
|
956
|
+
// In-copy-in: send CopyFail on the live socket so the server returns
|
|
957
|
+
// to ReadyForQuery cleanly. This is the same abort path the upstream
|
|
958
|
+
// SIGINT handler in `copy.c::handleCopyIn` triggers via longjmp.
|
|
959
|
+
if (this.state === 'in-copy-in' && this.copyIn && !this.copyIn.closed) {
|
|
960
|
+
this.copyIn.closed = true;
|
|
961
|
+
try {
|
|
962
|
+
this.socket.write(CopyFail('canceled by user'));
|
|
963
|
+
}
|
|
964
|
+
catch {
|
|
965
|
+
// Socket may have died — failPending() will surface that.
|
|
966
|
+
}
|
|
967
|
+
return;
|
|
968
|
+
}
|
|
969
|
+
if (this.processId === 0) {
|
|
970
|
+
// Nothing to cancel — startup hasn't reached BackendKeyData. Be
|
|
971
|
+
// forgiving: the mainloop SIGINT handler shouldn't crash on cancel
|
|
972
|
+
// during a half-open connection.
|
|
973
|
+
return;
|
|
974
|
+
}
|
|
975
|
+
// Per the PG protocol, CancelRequest is sent on a *fresh* connection,
|
|
976
|
+
// not the one running the query. We TLS-negotiate against the same
|
|
977
|
+
// sslmode but we don't auth — we just write the request and close.
|
|
978
|
+
// Honour `hostaddr` on the cancel connection too: dial the fixed IP while
|
|
979
|
+
// keeping the user-typed host for SNI / cert verification, mirroring the
|
|
980
|
+
// primary connect path's `addressOverride`.
|
|
981
|
+
const cancelSocket = await openSocket(this.opts, this.opts.hostaddr !== undefined && this.opts.hostaddr !== ''
|
|
982
|
+
? this.opts.hostaddr
|
|
983
|
+
: undefined);
|
|
984
|
+
let writeSocket = cancelSocket;
|
|
985
|
+
try {
|
|
986
|
+
// sslsni=0 suppresses SNI on the cancel connection too (mirrors the
|
|
987
|
+
// primary connect path).
|
|
988
|
+
const cancelServername = tlsServername(this.opts);
|
|
989
|
+
const cancelTlsOpts = {
|
|
990
|
+
...(cancelServername !== undefined
|
|
991
|
+
? { servername: cancelServername }
|
|
992
|
+
: {}),
|
|
993
|
+
rejectUnauthorized: this.opts.ssl === 'verify-ca' || this.opts.ssl === 'verify-full',
|
|
994
|
+
ALPNProtocols: ['postgresql'],
|
|
995
|
+
};
|
|
996
|
+
if (this.opts.ssl !== 'verify-full') {
|
|
997
|
+
cancelTlsOpts.checkServerIdentity = () => undefined;
|
|
998
|
+
}
|
|
999
|
+
else if (this.opts.sslsni === false) {
|
|
1000
|
+
const host = this.opts.host;
|
|
1001
|
+
cancelTlsOpts.checkServerIdentity = (_h, cert) => tls.checkServerIdentity(host, cert);
|
|
1002
|
+
}
|
|
1003
|
+
applyTlsProtocolVersionRange(cancelTlsOpts, this.opts);
|
|
1004
|
+
const t = await negotiateTls(cancelSocket,
|
|
1005
|
+
// Unix-domain socket: no TLS, regardless of caller's sslmode.
|
|
1006
|
+
isUnixSocketHost(this.opts.host) ? 'disable' : this.opts.ssl, cancelTlsOpts, {
|
|
1007
|
+
sslcert: this.opts.sslcert,
|
|
1008
|
+
sslkey: this.opts.sslkey,
|
|
1009
|
+
sslcertmode: this.opts.sslcertmode,
|
|
1010
|
+
sslpassword: this.opts.sslpassword,
|
|
1011
|
+
sslrootcert: this.opts.sslrootcert,
|
|
1012
|
+
sslcrl: this.opts.sslcrl,
|
|
1013
|
+
sslcrldir: this.opts.sslcrldir,
|
|
1014
|
+
sslkeylogfile: this.opts.sslkeylogfile,
|
|
1015
|
+
},
|
|
1016
|
+
// Mirror the primary connect path's negotiation mode so a server
|
|
1017
|
+
// configured for direct SSL also accepts the cancel connection.
|
|
1018
|
+
isUnixSocketHost(this.opts.host)
|
|
1019
|
+
? 'postgres'
|
|
1020
|
+
: (this.opts.sslnegotiation ?? 'postgres'));
|
|
1021
|
+
writeSocket = t.kind === 'tls' ? t.socket : t.socket;
|
|
1022
|
+
await new Promise((resolve, reject) => {
|
|
1023
|
+
writeSocket.write(CancelRequest(this.processId, this.secretKey), (err) => {
|
|
1024
|
+
if (err)
|
|
1025
|
+
reject(err);
|
|
1026
|
+
else
|
|
1027
|
+
resolve();
|
|
1028
|
+
});
|
|
1029
|
+
});
|
|
1030
|
+
}
|
|
1031
|
+
finally {
|
|
1032
|
+
try {
|
|
1033
|
+
writeSocket.end();
|
|
1034
|
+
}
|
|
1035
|
+
catch {
|
|
1036
|
+
// ignore
|
|
1037
|
+
}
|
|
1038
|
+
try {
|
|
1039
|
+
cancelSocket.destroy();
|
|
1040
|
+
}
|
|
1041
|
+
catch {
|
|
1042
|
+
// ignore
|
|
1043
|
+
}
|
|
1044
|
+
}
|
|
1045
|
+
}
|
|
1046
|
+
escapeIdentifier(value) {
|
|
1047
|
+
return '"' + value.replace(/"/g, '""') + '"';
|
|
1048
|
+
}
|
|
1049
|
+
escapeLiteral(value) {
|
|
1050
|
+
// Per PG docs: doubled single-quotes always; if the string contains a
|
|
1051
|
+
// backslash, use the E'...' escape-string syntax so backslashes don't
|
|
1052
|
+
// depend on `standard_conforming_strings`.
|
|
1053
|
+
const doubled = value.replace(/'/g, "''");
|
|
1054
|
+
if (value.includes('\\')) {
|
|
1055
|
+
return "E'" + doubled.replace(/\\/g, '\\\\') + "'";
|
|
1056
|
+
}
|
|
1057
|
+
return "'" + doubled + "'";
|
|
1058
|
+
}
|
|
1059
|
+
async setClientEncoding(name) {
|
|
1060
|
+
// libpq's PQsetClientEncoding sends `SET client_encoding TO '<value>'`
|
|
1061
|
+
// down the wire (see fe-connect.c). We do the same via the simple-query
|
|
1062
|
+
// path, quoting the value as a string literal so encoding names are
|
|
1063
|
+
// never mistaken for SQL tokens. On success the server emits a
|
|
1064
|
+
// `client_encoding` ParameterStatus which the message loop folds into
|
|
1065
|
+
// `this.params` (see the ParameterStatus cases), so
|
|
1066
|
+
// `parameterStatus('client_encoding')` is up to date afterwards.
|
|
1067
|
+
//
|
|
1068
|
+
// We keep no separate client-side decoder state: text-format values are
|
|
1069
|
+
// always decoded as UTF-8 in `decodeDataRow`, matching how the rest of
|
|
1070
|
+
// this client treats backend text. Tracking only the ParameterStatus is
|
|
1071
|
+
// therefore sufficient. A non-zero `SET` failure (e.g. a name the server
|
|
1072
|
+
// rejects) surfaces as a thrown ConnectError from `execSimple`.
|
|
1073
|
+
await this.execSimple(`SET client_encoding TO ${this.escapeLiteral(name)}`);
|
|
1074
|
+
}
|
|
1075
|
+
onNotice(handler) {
|
|
1076
|
+
return this.notify.onNotice(handler);
|
|
1077
|
+
}
|
|
1078
|
+
onNotification(handler) {
|
|
1079
|
+
return this.notify.onNotification(handler);
|
|
1080
|
+
}
|
|
1081
|
+
async close() {
|
|
1082
|
+
if (this.state === 'closed')
|
|
1083
|
+
return;
|
|
1084
|
+
try {
|
|
1085
|
+
this.socket.write(Terminate());
|
|
1086
|
+
}
|
|
1087
|
+
catch {
|
|
1088
|
+
// socket may already be dead; we still want to mark closed
|
|
1089
|
+
}
|
|
1090
|
+
this.state = 'closed';
|
|
1091
|
+
this.notify.clear();
|
|
1092
|
+
await new Promise((resolve) => {
|
|
1093
|
+
this.socket.once('close', () => {
|
|
1094
|
+
resolve();
|
|
1095
|
+
});
|
|
1096
|
+
try {
|
|
1097
|
+
this.socket.end();
|
|
1098
|
+
}
|
|
1099
|
+
catch {
|
|
1100
|
+
resolve();
|
|
1101
|
+
}
|
|
1102
|
+
});
|
|
1103
|
+
}
|
|
1104
|
+
isClosed() {
|
|
1105
|
+
return this.state === 'closed';
|
|
1106
|
+
}
|
|
1107
|
+
// -------------------------------------------------------------------------
|
|
1108
|
+
// Startup / auth state machine
|
|
1109
|
+
// -------------------------------------------------------------------------
|
|
1110
|
+
startup() {
|
|
1111
|
+
return new Promise((resolve, reject) => {
|
|
1112
|
+
const params = {
|
|
1113
|
+
user: this.opts.user,
|
|
1114
|
+
database: this.opts.database,
|
|
1115
|
+
// psql sends client_encoding=UTF8 by default; we follow.
|
|
1116
|
+
client_encoding: this.opts.clientEncoding ?? 'UTF8',
|
|
1117
|
+
};
|
|
1118
|
+
if (this.opts.applicationName !== undefined) {
|
|
1119
|
+
params.application_name = this.opts.applicationName;
|
|
1120
|
+
}
|
|
1121
|
+
if (this.opts.options !== undefined) {
|
|
1122
|
+
params.options = this.opts.options;
|
|
1123
|
+
}
|
|
1124
|
+
// Walsender (replication) mode: the server enters a restricted
|
|
1125
|
+
// command set (IDENTIFY_SYSTEM, START_REPLICATION, etc.) keyed off
|
|
1126
|
+
// this startup parameter. Values mirror libpq's normalisation:
|
|
1127
|
+
// 'true' for physical, 'database' for logical. We do not stream the
|
|
1128
|
+
// CopyBoth phase — the Query path still surfaces ErrorResponse and
|
|
1129
|
+
// any pre-streaming ResultSet, which is enough for the negative
|
|
1130
|
+
// conformance test (`psql -c 'START_REPLICATION 0/1'` must exit
|
|
1131
|
+
// non-zero with a syntax error from the server).
|
|
1132
|
+
if (this.opts.replication !== undefined) {
|
|
1133
|
+
params.replication = this.opts.replication;
|
|
1134
|
+
}
|
|
1135
|
+
this.startupResolve = resolve;
|
|
1136
|
+
this.startupReject = reject;
|
|
1137
|
+
this.socket.write(StartupMessage(params));
|
|
1138
|
+
});
|
|
1139
|
+
}
|
|
1140
|
+
/**
|
|
1141
|
+
* Enforce `require_auth` against an observed server-requested method.
|
|
1142
|
+
* Returns true when the connection should proceed; false (with
|
|
1143
|
+
* {@link failStartup} already called) when the policy was violated.
|
|
1144
|
+
*/
|
|
1145
|
+
checkRequireAuth(observed) {
|
|
1146
|
+
const policy = this.opts.requireAuth;
|
|
1147
|
+
if (policy === undefined)
|
|
1148
|
+
return true;
|
|
1149
|
+
const hit = policy.methods.has(observed);
|
|
1150
|
+
const allowed = policy.negated ? !hit : hit;
|
|
1151
|
+
if (!allowed) {
|
|
1152
|
+
this.failStartup(new Error(`auth method "${observed}" requirement failed`));
|
|
1153
|
+
return false;
|
|
1154
|
+
}
|
|
1155
|
+
return true;
|
|
1156
|
+
}
|
|
1157
|
+
handleAuthMessage(msg) {
|
|
1158
|
+
switch (msg.type) {
|
|
1159
|
+
case 'AuthenticationOk': {
|
|
1160
|
+
// libpq parity: channel_binding=require demands that some prior
|
|
1161
|
+
// auth step actually negotiated channel binding. A bare
|
|
1162
|
+
// AuthenticationOk after no challenge ("trust") or after a cert
|
|
1163
|
+
// exchange ("cert" HBA, clientcert=verify-full) means no SCRAM
|
|
1164
|
+
// happened and we must refuse.
|
|
1165
|
+
if (this.opts.channelBinding === 'require' &&
|
|
1166
|
+
(this.scram === null || this.scram.mechanism !== 'SCRAM-SHA-256-PLUS')) {
|
|
1167
|
+
this.failStartup(new Error('channel binding required, but server authenticated client without channel binding'));
|
|
1168
|
+
return;
|
|
1169
|
+
}
|
|
1170
|
+
// Mutual-auth integrity: if a SCRAM exchange was started it MUST have
|
|
1171
|
+
// completed via AuthenticationSASLFinal (where the server signature is
|
|
1172
|
+
// verified). A server that sends SASLContinue then jumps to
|
|
1173
|
+
// AuthenticationOk never proves it knows the password (review #8).
|
|
1174
|
+
if (this.scram !== null && !this.saslFinalSeen) {
|
|
1175
|
+
this.failStartup(new Error('server sent AuthenticationOk without completing SCRAM ' +
|
|
1176
|
+
'authentication (server signature not verified)'));
|
|
1177
|
+
return;
|
|
1178
|
+
}
|
|
1179
|
+
// require_auth=none allows trust auth; anything else is rejected
|
|
1180
|
+
// here. If a prior challenge was sent and validated, skip — that
|
|
1181
|
+
// method was already accepted by the check at its own branch.
|
|
1182
|
+
if (!this.authChallengeSeen && !this.checkRequireAuth('none')) {
|
|
1183
|
+
return;
|
|
1184
|
+
}
|
|
1185
|
+
this.state = 'await-ready';
|
|
1186
|
+
return;
|
|
1187
|
+
}
|
|
1188
|
+
case 'AuthenticationCleartextPassword': {
|
|
1189
|
+
this.authChallengeSeen = true;
|
|
1190
|
+
if (this.opts.channelBinding === 'require') {
|
|
1191
|
+
this.failStartup(new Error("channel binding required but not supported by server's authentication request"));
|
|
1192
|
+
return;
|
|
1193
|
+
}
|
|
1194
|
+
if (!this.checkRequireAuth('password'))
|
|
1195
|
+
return;
|
|
1196
|
+
if (this.opts.password === undefined) {
|
|
1197
|
+
this.failStartup(new Error('Server requested cleartext password but no password was provided'));
|
|
1198
|
+
return;
|
|
1199
|
+
}
|
|
1200
|
+
this.passwordUsed = true;
|
|
1201
|
+
this.socket.write(PasswordMessage(this.opts.password));
|
|
1202
|
+
return;
|
|
1203
|
+
}
|
|
1204
|
+
case 'AuthenticationMD5Password': {
|
|
1205
|
+
this.authChallengeSeen = true;
|
|
1206
|
+
if (this.opts.channelBinding === 'require') {
|
|
1207
|
+
this.failStartup(new Error("channel binding required but not supported by server's authentication request"));
|
|
1208
|
+
return;
|
|
1209
|
+
}
|
|
1210
|
+
if (!this.checkRequireAuth('md5'))
|
|
1211
|
+
return;
|
|
1212
|
+
if (this.opts.password === undefined) {
|
|
1213
|
+
this.failStartup(new Error('Server requested MD5 password but no password was provided'));
|
|
1214
|
+
return;
|
|
1215
|
+
}
|
|
1216
|
+
const payload = md5AuthPayload(this.opts.user, this.opts.password, msg.salt);
|
|
1217
|
+
this.passwordUsed = true;
|
|
1218
|
+
this.socket.write(PasswordMessage(payload));
|
|
1219
|
+
return;
|
|
1220
|
+
}
|
|
1221
|
+
case 'AuthenticationSASL': {
|
|
1222
|
+
this.authChallengeSeen = true;
|
|
1223
|
+
if (this.opts.password === undefined) {
|
|
1224
|
+
this.failStartup(new Error('Server requested SASL auth but no password was provided'));
|
|
1225
|
+
return;
|
|
1226
|
+
}
|
|
1227
|
+
if (!this.checkRequireAuth('scram-sha-256'))
|
|
1228
|
+
return;
|
|
1229
|
+
// channel_binding=require AND server didn't offer the PLUS
|
|
1230
|
+
// variant — refuse before the SASL handshake starts. The check
|
|
1231
|
+
// is split between here (no PLUS in the mechanism list) and
|
|
1232
|
+
// chooseMechanism's fallback (PLUS present but no binding data).
|
|
1233
|
+
if (this.opts.channelBinding === 'require' &&
|
|
1234
|
+
!msg.mechanisms.includes('SCRAM-SHA-256-PLUS')) {
|
|
1235
|
+
this.failStartup(new Error("channel binding required but not supported by server's authentication request"));
|
|
1236
|
+
return;
|
|
1237
|
+
}
|
|
1238
|
+
if (this.opts.channelBinding === 'require' &&
|
|
1239
|
+
this.channelBindingData === null) {
|
|
1240
|
+
this.failStartup(new Error("channel binding required but not supported by server's authentication request"));
|
|
1241
|
+
return;
|
|
1242
|
+
}
|
|
1243
|
+
try {
|
|
1244
|
+
this.scram = createScramClient({
|
|
1245
|
+
user: this.opts.user,
|
|
1246
|
+
password: this.opts.password,
|
|
1247
|
+
mechanisms: msg.mechanisms,
|
|
1248
|
+
channelBinding: this.channelBindingData !== null &&
|
|
1249
|
+
this.opts.channelBinding !== 'disable'
|
|
1250
|
+
? {
|
|
1251
|
+
type: 'tls-server-end-point',
|
|
1252
|
+
data: this.channelBindingData,
|
|
1253
|
+
}
|
|
1254
|
+
: undefined,
|
|
1255
|
+
});
|
|
1256
|
+
const { mechanism, clientFirstMessage } = this.scram.start();
|
|
1257
|
+
this.passwordUsed = true;
|
|
1258
|
+
this.socket.write(SASLInitialResponse(mechanism, clientFirstMessage));
|
|
1259
|
+
}
|
|
1260
|
+
catch (err) {
|
|
1261
|
+
this.failStartup(err);
|
|
1262
|
+
}
|
|
1263
|
+
return;
|
|
1264
|
+
}
|
|
1265
|
+
case 'AuthenticationSASLContinue': {
|
|
1266
|
+
if (!this.scram) {
|
|
1267
|
+
this.failStartup(new Error('Received AuthenticationSASLContinue without an active SCRAM client'));
|
|
1268
|
+
return;
|
|
1269
|
+
}
|
|
1270
|
+
try {
|
|
1271
|
+
const reply = this.scram.continue(msg.data);
|
|
1272
|
+
this.socket.write(SASLResponse(reply));
|
|
1273
|
+
}
|
|
1274
|
+
catch (err) {
|
|
1275
|
+
this.failStartup(err);
|
|
1276
|
+
}
|
|
1277
|
+
return;
|
|
1278
|
+
}
|
|
1279
|
+
case 'AuthenticationSASLFinal': {
|
|
1280
|
+
if (!this.scram) {
|
|
1281
|
+
this.failStartup(new Error('Received AuthenticationSASLFinal without an active SCRAM client'));
|
|
1282
|
+
return;
|
|
1283
|
+
}
|
|
1284
|
+
try {
|
|
1285
|
+
this.scram.finish(msg.data);
|
|
1286
|
+
this.saslFinalSeen = true;
|
|
1287
|
+
}
|
|
1288
|
+
catch (err) {
|
|
1289
|
+
this.failStartup(err);
|
|
1290
|
+
}
|
|
1291
|
+
return;
|
|
1292
|
+
}
|
|
1293
|
+
case 'ErrorResponse':
|
|
1294
|
+
this.failStartup(fieldsToConnectError(msg.fields));
|
|
1295
|
+
return;
|
|
1296
|
+
case 'NoticeResponse':
|
|
1297
|
+
this.notify.emit(fieldsToNotice(msg.fields));
|
|
1298
|
+
return;
|
|
1299
|
+
default:
|
|
1300
|
+
// ParameterStatus / BackendKeyData / ReadyForQuery may arrive in
|
|
1301
|
+
// `await-ready`; auth state shouldn't see them, but we tolerate by
|
|
1302
|
+
// forwarding to the post-auth handler if so.
|
|
1303
|
+
this.handleAwaitReady(msg);
|
|
1304
|
+
return;
|
|
1305
|
+
}
|
|
1306
|
+
}
|
|
1307
|
+
handleAwaitReady(msg) {
|
|
1308
|
+
switch (msg.type) {
|
|
1309
|
+
case 'ParameterStatus':
|
|
1310
|
+
this.params.set(msg.name, msg.value);
|
|
1311
|
+
if (msg.name === 'server_version') {
|
|
1312
|
+
this.serverVersion = parseServerVersion(msg.value);
|
|
1313
|
+
}
|
|
1314
|
+
return;
|
|
1315
|
+
case 'BackendKeyData':
|
|
1316
|
+
this.processId = msg.processId;
|
|
1317
|
+
this.secretKey = msg.secretKey;
|
|
1318
|
+
return;
|
|
1319
|
+
case 'ReadyForQuery':
|
|
1320
|
+
this.txStatus = msg.status;
|
|
1321
|
+
this.state = 'idle';
|
|
1322
|
+
if (this.startupResolve) {
|
|
1323
|
+
const r = this.startupResolve;
|
|
1324
|
+
this.startupResolve = null;
|
|
1325
|
+
this.startupReject = null;
|
|
1326
|
+
r();
|
|
1327
|
+
}
|
|
1328
|
+
return;
|
|
1329
|
+
case 'ErrorResponse':
|
|
1330
|
+
this.failStartup(fieldsToConnectError(msg.fields));
|
|
1331
|
+
return;
|
|
1332
|
+
case 'NoticeResponse':
|
|
1333
|
+
this.notify.emit(fieldsToNotice(msg.fields));
|
|
1334
|
+
return;
|
|
1335
|
+
default:
|
|
1336
|
+
this.failStartup(new Error(`Unexpected message ${msg.type} during connection startup`));
|
|
1337
|
+
return;
|
|
1338
|
+
}
|
|
1339
|
+
}
|
|
1340
|
+
failStartup(err) {
|
|
1341
|
+
if (this.startupReject) {
|
|
1342
|
+
const r = this.startupReject;
|
|
1343
|
+
this.startupResolve = null;
|
|
1344
|
+
this.startupReject = null;
|
|
1345
|
+
r(err);
|
|
1346
|
+
}
|
|
1347
|
+
try {
|
|
1348
|
+
this.socket.destroy();
|
|
1349
|
+
}
|
|
1350
|
+
catch {
|
|
1351
|
+
// ignore
|
|
1352
|
+
}
|
|
1353
|
+
this.state = 'closed';
|
|
1354
|
+
}
|
|
1355
|
+
// -------------------------------------------------------------------------
|
|
1356
|
+
// COPY state machine (WP-16).
|
|
1357
|
+
//
|
|
1358
|
+
// The frontend transitions through:
|
|
1359
|
+
// idle → in-query (after writing Query("COPY …"))
|
|
1360
|
+
// in-query → in-copy-in on CopyInResponse
|
|
1361
|
+
// in-query → in-copy-out on CopyOutResponse
|
|
1362
|
+
// in-copy-in → idle on ReadyForQuery (after our CopyDone/CopyFail +
|
|
1363
|
+
// server CommandComplete)
|
|
1364
|
+
// in-copy-out → idle on ReadyForQuery (after server CopyDone +
|
|
1365
|
+
// CommandComplete)
|
|
1366
|
+
//
|
|
1367
|
+
// ErrorResponse may arrive at any point; we drain until ReadyForQuery and
|
|
1368
|
+
// then surface as a rejected promise.
|
|
1369
|
+
// -------------------------------------------------------------------------
|
|
1370
|
+
makeCopyInStream() {
|
|
1371
|
+
const driver = this.copyIn;
|
|
1372
|
+
if (!driver) {
|
|
1373
|
+
throw new Error('PgConnection: makeCopyInStream called without driver');
|
|
1374
|
+
}
|
|
1375
|
+
return {
|
|
1376
|
+
write: (chunk) => {
|
|
1377
|
+
if (this.state === 'closed') {
|
|
1378
|
+
return Promise.reject(new Error('Connection closed'));
|
|
1379
|
+
}
|
|
1380
|
+
if (driver.closed) {
|
|
1381
|
+
return Promise.reject(new Error('CopyInStream already closed'));
|
|
1382
|
+
}
|
|
1383
|
+
const data = typeof chunk === 'string' ? Buffer.from(chunk, 'utf8') : chunk;
|
|
1384
|
+
return new Promise((resolve, reject) => {
|
|
1385
|
+
this.socket.write(CopyData(data), (err) => {
|
|
1386
|
+
if (err)
|
|
1387
|
+
reject(err);
|
|
1388
|
+
else
|
|
1389
|
+
resolve();
|
|
1390
|
+
});
|
|
1391
|
+
});
|
|
1392
|
+
},
|
|
1393
|
+
end: () => {
|
|
1394
|
+
if (driver.closed) {
|
|
1395
|
+
return Promise.reject(new Error('CopyInStream already closed'));
|
|
1396
|
+
}
|
|
1397
|
+
driver.closed = true;
|
|
1398
|
+
return new Promise((resolve, reject) => {
|
|
1399
|
+
driver.resolveDone = resolve;
|
|
1400
|
+
driver.rejectDone = reject;
|
|
1401
|
+
this.socket.write(CopyDone());
|
|
1402
|
+
});
|
|
1403
|
+
},
|
|
1404
|
+
fail: (reason) => {
|
|
1405
|
+
if (driver.closed) {
|
|
1406
|
+
return Promise.reject(new Error('CopyInStream already closed'));
|
|
1407
|
+
}
|
|
1408
|
+
driver.closed = true;
|
|
1409
|
+
return new Promise((resolve, reject) => {
|
|
1410
|
+
// The server is expected to reject with an ErrorResponse echoing
|
|
1411
|
+
// our reason; we still resolve so callers can move on. We wire the
|
|
1412
|
+
// resolver after the socket flush so a fast-close error surfaces.
|
|
1413
|
+
driver.resolveDone = () => {
|
|
1414
|
+
resolve();
|
|
1415
|
+
};
|
|
1416
|
+
driver.rejectDone = reject;
|
|
1417
|
+
this.socket.write(CopyFail(reason));
|
|
1418
|
+
});
|
|
1419
|
+
},
|
|
1420
|
+
};
|
|
1421
|
+
}
|
|
1422
|
+
makeCopyOutStream() {
|
|
1423
|
+
const driver = this.copyOut;
|
|
1424
|
+
if (!driver) {
|
|
1425
|
+
throw new Error('PgConnection: makeCopyOutStream called without driver');
|
|
1426
|
+
}
|
|
1427
|
+
// Capture the state-getter as a closure so the iterator can observe
|
|
1428
|
+
// connection close without holding a `this` alias (no-this-alias rule).
|
|
1429
|
+
const isClosed = () => this.state === 'closed';
|
|
1430
|
+
// Resume reading once the buffered data drains — paired with the
|
|
1431
|
+
// pause() the CopyData handler applies at the high-water mark (#11).
|
|
1432
|
+
const resumeSocket = () => {
|
|
1433
|
+
this.socket.resume?.();
|
|
1434
|
+
};
|
|
1435
|
+
return {
|
|
1436
|
+
[Symbol.asyncIterator]() {
|
|
1437
|
+
return {
|
|
1438
|
+
async next() {
|
|
1439
|
+
for (;;) {
|
|
1440
|
+
if (driver.queue.length > 0) {
|
|
1441
|
+
const next = driver.queue.shift();
|
|
1442
|
+
if (next === undefined)
|
|
1443
|
+
continue;
|
|
1444
|
+
driver.queuedBytes -= next.length;
|
|
1445
|
+
if (driver.queuedBytes <= COPY_OUT_LWM)
|
|
1446
|
+
resumeSocket();
|
|
1447
|
+
return { value: next, done: false };
|
|
1448
|
+
}
|
|
1449
|
+
if (driver.error) {
|
|
1450
|
+
// ConnectError isn't strictly an Error instance; the rule
|
|
1451
|
+
// wants a real Error. Wrap once before throwing.
|
|
1452
|
+
const ce = driver.error;
|
|
1453
|
+
const wrapped = new Error(ce.message);
|
|
1454
|
+
wrapped.cause = ce;
|
|
1455
|
+
throw wrapped;
|
|
1456
|
+
}
|
|
1457
|
+
if (driver.done) {
|
|
1458
|
+
return { value: undefined, done: true };
|
|
1459
|
+
}
|
|
1460
|
+
if (isClosed()) {
|
|
1461
|
+
throw new Error('Connection closed mid-COPY-OUT');
|
|
1462
|
+
}
|
|
1463
|
+
await new Promise((resolve) => {
|
|
1464
|
+
driver.waker = resolve;
|
|
1465
|
+
});
|
|
1466
|
+
}
|
|
1467
|
+
},
|
|
1468
|
+
return() {
|
|
1469
|
+
// Consumer broke early. We must keep reading the wire until
|
|
1470
|
+
// ReadyForQuery to clear the protocol state, but we mark the
|
|
1471
|
+
// stream abandoned (so the handler DROPS further CopyData rather
|
|
1472
|
+
// than buffering it) and free what's queued — otherwise RSS grows
|
|
1473
|
+
// to the full result size (review item #11). Resume in case the
|
|
1474
|
+
// socket was paused at the high-water mark.
|
|
1475
|
+
driver.abandoned = true;
|
|
1476
|
+
driver.queue.length = 0;
|
|
1477
|
+
driver.queuedBytes = 0;
|
|
1478
|
+
resumeSocket();
|
|
1479
|
+
return Promise.resolve({ value: undefined, done: true });
|
|
1480
|
+
},
|
|
1481
|
+
};
|
|
1482
|
+
},
|
|
1483
|
+
};
|
|
1484
|
+
}
|
|
1485
|
+
/**
|
|
1486
|
+
* Handle messages arriving in `in-query` state when there is no
|
|
1487
|
+
* `pendingQuery` — i.e. the caller invoked `startCopyIn` / `startCopyOut`
|
|
1488
|
+
* and is waiting for the server to switch into copy mode.
|
|
1489
|
+
*/
|
|
1490
|
+
handleCopyStartMessage(msg) {
|
|
1491
|
+
switch (msg.type) {
|
|
1492
|
+
case 'CopyInResponse':
|
|
1493
|
+
// COPY-in-pipeline: libpq aborts the connection with this exact
|
|
1494
|
+
// diagnostic (matching upstream psql's behaviour). The `\copy`
|
|
1495
|
+
// command layer detects pipeline-active and fails fast before
|
|
1496
|
+
// reaching the wire, but if anything else slips through we abort
|
|
1497
|
+
// here as a defence-in-depth.
|
|
1498
|
+
if (this._extPipelineActive) {
|
|
1499
|
+
this.abortForCopyInPipeline();
|
|
1500
|
+
return;
|
|
1501
|
+
}
|
|
1502
|
+
if (this.copyIn) {
|
|
1503
|
+
this.state = 'in-copy-in';
|
|
1504
|
+
const r = this.copyStartResolve;
|
|
1505
|
+
this.copyStartResolve = null;
|
|
1506
|
+
this.copyStartReject = null;
|
|
1507
|
+
if (r)
|
|
1508
|
+
r();
|
|
1509
|
+
}
|
|
1510
|
+
return;
|
|
1511
|
+
case 'CopyOutResponse':
|
|
1512
|
+
if (this._extPipelineActive) {
|
|
1513
|
+
this.abortForCopyInPipeline();
|
|
1514
|
+
return;
|
|
1515
|
+
}
|
|
1516
|
+
if (this.copyOut) {
|
|
1517
|
+
this.state = 'in-copy-out';
|
|
1518
|
+
const r = this.copyStartResolve;
|
|
1519
|
+
this.copyStartResolve = null;
|
|
1520
|
+
this.copyStartReject = null;
|
|
1521
|
+
if (r)
|
|
1522
|
+
r();
|
|
1523
|
+
}
|
|
1524
|
+
return;
|
|
1525
|
+
case 'ErrorResponse': {
|
|
1526
|
+
const err = fieldsToConnectError(msg.fields);
|
|
1527
|
+
if (this.copyIn) {
|
|
1528
|
+
if (this.copyStartReject)
|
|
1529
|
+
this.copyStartReject(err);
|
|
1530
|
+
this.copyStartResolve = null;
|
|
1531
|
+
this.copyStartReject = null;
|
|
1532
|
+
this.copyIn = null;
|
|
1533
|
+
}
|
|
1534
|
+
if (this.copyOut) {
|
|
1535
|
+
if (this.copyStartReject)
|
|
1536
|
+
this.copyStartReject(err);
|
|
1537
|
+
this.copyStartResolve = null;
|
|
1538
|
+
this.copyStartReject = null;
|
|
1539
|
+
this.copyOut = null;
|
|
1540
|
+
}
|
|
1541
|
+
// Stay in `in-query` until ReadyForQuery, then return to idle below.
|
|
1542
|
+
return;
|
|
1543
|
+
}
|
|
1544
|
+
case 'ReadyForQuery':
|
|
1545
|
+
// ReadyForQuery without a prior CopyXxxResponse means the server
|
|
1546
|
+
// immediately rejected the COPY (we surfaced the ErrorResponse just
|
|
1547
|
+
// above) — return to idle so the next command can fire.
|
|
1548
|
+
this.txStatus = msg.status;
|
|
1549
|
+
this.state = 'idle';
|
|
1550
|
+
return;
|
|
1551
|
+
case 'NoticeResponse':
|
|
1552
|
+
this.notify.emit(fieldsToNotice(msg.fields));
|
|
1553
|
+
return;
|
|
1554
|
+
case 'ParameterStatus':
|
|
1555
|
+
this.params.set(msg.name, msg.value);
|
|
1556
|
+
return;
|
|
1557
|
+
default:
|
|
1558
|
+
if (this.copyStartReject) {
|
|
1559
|
+
this.copyStartReject(new Error(`Unexpected backend message before COPY response: ${msg.type}`));
|
|
1560
|
+
}
|
|
1561
|
+
this.copyStartResolve = null;
|
|
1562
|
+
this.copyStartReject = null;
|
|
1563
|
+
return;
|
|
1564
|
+
}
|
|
1565
|
+
}
|
|
1566
|
+
handleCopyInMessage(msg) {
|
|
1567
|
+
const driver = this.copyIn;
|
|
1568
|
+
if (!driver)
|
|
1569
|
+
return;
|
|
1570
|
+
switch (msg.type) {
|
|
1571
|
+
case 'CommandComplete':
|
|
1572
|
+
driver.commandTag = msg.tag;
|
|
1573
|
+
this.lastCopyTag = msg.tag;
|
|
1574
|
+
return;
|
|
1575
|
+
case 'ErrorResponse':
|
|
1576
|
+
driver.error = fieldsToConnectError(msg.fields);
|
|
1577
|
+
return;
|
|
1578
|
+
case 'NoticeResponse':
|
|
1579
|
+
this.notify.emit(fieldsToNotice(msg.fields));
|
|
1580
|
+
return;
|
|
1581
|
+
case 'ParameterStatus':
|
|
1582
|
+
this.params.set(msg.name, msg.value);
|
|
1583
|
+
return;
|
|
1584
|
+
case 'ReadyForQuery':
|
|
1585
|
+
this.txStatus = msg.status;
|
|
1586
|
+
this.state = 'idle';
|
|
1587
|
+
this.copyIn = null;
|
|
1588
|
+
if (driver.error) {
|
|
1589
|
+
if (driver.rejectDone)
|
|
1590
|
+
driver.rejectDone(driver.error);
|
|
1591
|
+
}
|
|
1592
|
+
else if (driver.resolveDone) {
|
|
1593
|
+
driver.resolveDone();
|
|
1594
|
+
}
|
|
1595
|
+
return;
|
|
1596
|
+
default:
|
|
1597
|
+
// Unknown messages mid-COPY-IN are protocol errors; record and let
|
|
1598
|
+
// the trailing ReadyForQuery flush the state.
|
|
1599
|
+
driver.error = {
|
|
1600
|
+
severity: 'ERROR',
|
|
1601
|
+
message: `Unexpected backend message during COPY IN: ${msg.type}`,
|
|
1602
|
+
};
|
|
1603
|
+
return;
|
|
1604
|
+
}
|
|
1605
|
+
}
|
|
1606
|
+
handleCopyOutMessage(msg) {
|
|
1607
|
+
const driver = this.copyOut;
|
|
1608
|
+
if (!driver)
|
|
1609
|
+
return;
|
|
1610
|
+
switch (msg.type) {
|
|
1611
|
+
case 'CopyData': {
|
|
1612
|
+
// Consumer broke early: drop instead of buffering (review item #11).
|
|
1613
|
+
if (driver.abandoned)
|
|
1614
|
+
return;
|
|
1615
|
+
driver.queue.push(msg.data);
|
|
1616
|
+
driver.queuedBytes += msg.data.length;
|
|
1617
|
+
// Apply backpressure when the sink falls behind: pause the socket so
|
|
1618
|
+
// the server stops flooding us. `next()` resumes at the low-water
|
|
1619
|
+
// mark. (No-op if the socket doesn't expose pause(), e.g. a mock.)
|
|
1620
|
+
if (driver.queuedBytes >= COPY_OUT_HWM) {
|
|
1621
|
+
this.socket.pause?.();
|
|
1622
|
+
}
|
|
1623
|
+
if (driver.waker) {
|
|
1624
|
+
const w = driver.waker;
|
|
1625
|
+
driver.waker = null;
|
|
1626
|
+
w();
|
|
1627
|
+
}
|
|
1628
|
+
return;
|
|
1629
|
+
}
|
|
1630
|
+
case 'CopyDone':
|
|
1631
|
+
// Server signals it's done sending — we now expect CommandComplete +
|
|
1632
|
+
// ReadyForQuery. Stay in in-copy-out until ReadyForQuery; the queue
|
|
1633
|
+
// may still drain via the consumer.
|
|
1634
|
+
return;
|
|
1635
|
+
case 'CommandComplete':
|
|
1636
|
+
driver.commandTag = msg.tag;
|
|
1637
|
+
this.lastCopyTag = msg.tag;
|
|
1638
|
+
return;
|
|
1639
|
+
case 'ErrorResponse':
|
|
1640
|
+
driver.error = fieldsToConnectError(msg.fields);
|
|
1641
|
+
return;
|
|
1642
|
+
case 'NoticeResponse':
|
|
1643
|
+
this.notify.emit(fieldsToNotice(msg.fields));
|
|
1644
|
+
return;
|
|
1645
|
+
case 'ParameterStatus':
|
|
1646
|
+
this.params.set(msg.name, msg.value);
|
|
1647
|
+
return;
|
|
1648
|
+
case 'ReadyForQuery':
|
|
1649
|
+
this.txStatus = msg.status;
|
|
1650
|
+
this.state = 'idle';
|
|
1651
|
+
driver.done = true;
|
|
1652
|
+
this.copyOut = null;
|
|
1653
|
+
if (driver.waker) {
|
|
1654
|
+
const w = driver.waker;
|
|
1655
|
+
driver.waker = null;
|
|
1656
|
+
w();
|
|
1657
|
+
}
|
|
1658
|
+
return;
|
|
1659
|
+
default:
|
|
1660
|
+
driver.error = {
|
|
1661
|
+
severity: 'ERROR',
|
|
1662
|
+
message: `Unexpected backend message during COPY OUT: ${msg.type}`,
|
|
1663
|
+
};
|
|
1664
|
+
if (driver.waker) {
|
|
1665
|
+
const w = driver.waker;
|
|
1666
|
+
driver.waker = null;
|
|
1667
|
+
w();
|
|
1668
|
+
}
|
|
1669
|
+
return;
|
|
1670
|
+
}
|
|
1671
|
+
}
|
|
1672
|
+
// -------------------------------------------------------------------------
|
|
1673
|
+
// Query state machine
|
|
1674
|
+
// -------------------------------------------------------------------------
|
|
1675
|
+
handleQueryMessage(msg) {
|
|
1676
|
+
const q = this.pendingQuery;
|
|
1677
|
+
if (!q) {
|
|
1678
|
+
// No active execSimple — we must be in the "starting a COPY" phase
|
|
1679
|
+
// where the caller wrote Query("COPY …") via startCopyIn/startCopyOut.
|
|
1680
|
+
this.handleCopyStartMessage(msg);
|
|
1681
|
+
return;
|
|
1682
|
+
}
|
|
1683
|
+
switch (msg.type) {
|
|
1684
|
+
case 'RowDescription':
|
|
1685
|
+
q.current = {
|
|
1686
|
+
command: '',
|
|
1687
|
+
rowCount: null,
|
|
1688
|
+
oid: null,
|
|
1689
|
+
fields: msg.fields,
|
|
1690
|
+
rows: [],
|
|
1691
|
+
notices: [],
|
|
1692
|
+
};
|
|
1693
|
+
return;
|
|
1694
|
+
case 'DataRow': {
|
|
1695
|
+
if (!q.current) {
|
|
1696
|
+
// Server sent rows without a prior description — extremely rare
|
|
1697
|
+
// (only for some legacy COPY error paths). Treat as empty desc.
|
|
1698
|
+
q.current = {
|
|
1699
|
+
command: '',
|
|
1700
|
+
rowCount: null,
|
|
1701
|
+
oid: null,
|
|
1702
|
+
fields: [],
|
|
1703
|
+
rows: [],
|
|
1704
|
+
notices: [],
|
|
1705
|
+
};
|
|
1706
|
+
}
|
|
1707
|
+
q.current.rows.push(decodeDataRow(msg.values, q.current.fields));
|
|
1708
|
+
return;
|
|
1709
|
+
}
|
|
1710
|
+
case 'CommandComplete': {
|
|
1711
|
+
const { command, rowCount, oid } = parseCommandTag(msg.tag);
|
|
1712
|
+
const set = q.current ?? {
|
|
1713
|
+
command,
|
|
1714
|
+
rowCount: rowCount,
|
|
1715
|
+
oid,
|
|
1716
|
+
fields: [],
|
|
1717
|
+
rows: [],
|
|
1718
|
+
notices: [],
|
|
1719
|
+
};
|
|
1720
|
+
set.command = command;
|
|
1721
|
+
set.rowCount = rowCount;
|
|
1722
|
+
set.oid = oid;
|
|
1723
|
+
set.notices = q.notices.splice(0);
|
|
1724
|
+
q.finished.push(set);
|
|
1725
|
+
q.current = null;
|
|
1726
|
+
return;
|
|
1727
|
+
}
|
|
1728
|
+
case 'EmptyQueryResponse': {
|
|
1729
|
+
const set = {
|
|
1730
|
+
command: '',
|
|
1731
|
+
rowCount: null,
|
|
1732
|
+
oid: null,
|
|
1733
|
+
fields: [],
|
|
1734
|
+
rows: [],
|
|
1735
|
+
notices: q.notices.splice(0),
|
|
1736
|
+
};
|
|
1737
|
+
q.finished.push(set);
|
|
1738
|
+
q.current = null;
|
|
1739
|
+
return;
|
|
1740
|
+
}
|
|
1741
|
+
case 'ParameterStatus':
|
|
1742
|
+
this.params.set(msg.name, msg.value);
|
|
1743
|
+
if (msg.name === 'server_version') {
|
|
1744
|
+
this.serverVersion = parseServerVersion(msg.value);
|
|
1745
|
+
}
|
|
1746
|
+
return;
|
|
1747
|
+
case 'NoticeResponse': {
|
|
1748
|
+
const notice = fieldsToNotice(msg.fields);
|
|
1749
|
+
q.notices.push(notice);
|
|
1750
|
+
this.notify.emit(notice);
|
|
1751
|
+
return;
|
|
1752
|
+
}
|
|
1753
|
+
case 'NotificationResponse':
|
|
1754
|
+
this.notify.emitNotification(msg.channel, msg.payload, msg.processId);
|
|
1755
|
+
return;
|
|
1756
|
+
case 'ErrorResponse': {
|
|
1757
|
+
q.error = fieldsToConnectError(msg.fields);
|
|
1758
|
+
// Don't reject yet — ReadyForQuery will arrive shortly and we want
|
|
1759
|
+
// to drain queued NoticeResponse messages first.
|
|
1760
|
+
return;
|
|
1761
|
+
}
|
|
1762
|
+
case 'ReadyForQuery': {
|
|
1763
|
+
this.txStatus = msg.status;
|
|
1764
|
+
this.state = 'idle';
|
|
1765
|
+
this.pendingQuery = null;
|
|
1766
|
+
if (q.error) {
|
|
1767
|
+
// Mirror libpq's behaviour: the result list contains every
|
|
1768
|
+
// PGresult the server produced before the ErrorResponse — for
|
|
1769
|
+
// a `\;`-chained simple-query batch, that's all the statements
|
|
1770
|
+
// before the failing one. We surface them by attaching the
|
|
1771
|
+
// accumulated `finished[]` to the thrown Error so callers
|
|
1772
|
+
// (`executeAndPrint`) can render the pre-error rows in order
|
|
1773
|
+
// before printing the error itself.
|
|
1774
|
+
const err = asThrowable(q.error);
|
|
1775
|
+
err.partialResults =
|
|
1776
|
+
q.finished;
|
|
1777
|
+
q.reject(err);
|
|
1778
|
+
}
|
|
1779
|
+
else {
|
|
1780
|
+
q.resolve(q.finished);
|
|
1781
|
+
}
|
|
1782
|
+
return;
|
|
1783
|
+
}
|
|
1784
|
+
case 'CopyInResponse': {
|
|
1785
|
+
// PG 17 added pipeline + COPY support but libpq still rejects the
|
|
1786
|
+
// combination ("COPY in a pipeline is not supported, aborting
|
|
1787
|
+
// connection"). Upstream psql surfaces that diagnostic and tears down
|
|
1788
|
+
// the connection. We mirror the behaviour: if the user fires a COPY
|
|
1789
|
+
// statement via execSimple while a pipeline is active, abort.
|
|
1790
|
+
if (this._extPipelineActive) {
|
|
1791
|
+
this.abortForCopyInPipeline();
|
|
1792
|
+
return;
|
|
1793
|
+
}
|
|
1794
|
+
// CopyInResponse during execSimple (no active CopyIn driver) — the
|
|
1795
|
+
// common path is `COPY ... FROM STDIN` as one segment of a `\;`-chained
|
|
1796
|
+
// simple-query batch. Upstream psql pumps stdin lines until `\.`; the
|
|
1797
|
+
// mainloop pre-scans its input and buffers the bytes into
|
|
1798
|
+
// `copyInMidBatchQueue` before calling execSimple. We pop the head
|
|
1799
|
+
// buffer and ship it as CopyData + CopyDone. If no buffer is queued
|
|
1800
|
+
// (caller forgot to seed, or scan was inaccurate), CopyFail so the
|
|
1801
|
+
// server returns to ReadyForQuery rather than blocking.
|
|
1802
|
+
const data = this.copyInMidBatchQueue.shift();
|
|
1803
|
+
if (data !== undefined) {
|
|
1804
|
+
try {
|
|
1805
|
+
// Empty payload still needs a CopyDone — the server transitions
|
|
1806
|
+
// back to CopyIn-done state on CopyDone regardless of byte
|
|
1807
|
+
// count. Wrapping a zero-length CopyData is harmless.
|
|
1808
|
+
if (data.length > 0) {
|
|
1809
|
+
this.socket.write(CopyData(data));
|
|
1810
|
+
}
|
|
1811
|
+
this.socket.write(CopyDone());
|
|
1812
|
+
}
|
|
1813
|
+
catch {
|
|
1814
|
+
// Write failures are surfaced via socket 'error' / 'close'
|
|
1815
|
+
// handlers which will fail the pending query.
|
|
1816
|
+
}
|
|
1817
|
+
return;
|
|
1818
|
+
}
|
|
1819
|
+
q.error = {
|
|
1820
|
+
severity: 'ERROR',
|
|
1821
|
+
message: 'COPY FROM STDIN not supported via execSimple — use \\copy or startCopyIn',
|
|
1822
|
+
};
|
|
1823
|
+
try {
|
|
1824
|
+
this.socket.write(CopyFail('COPY FROM STDIN not driven by client'));
|
|
1825
|
+
}
|
|
1826
|
+
catch {
|
|
1827
|
+
// Write failures are surfaced via socket 'error' / 'close' handlers
|
|
1828
|
+
// which will fail the pending query — nothing to do here.
|
|
1829
|
+
}
|
|
1830
|
+
return;
|
|
1831
|
+
}
|
|
1832
|
+
case 'CopyOutResponse': {
|
|
1833
|
+
if (this._extPipelineActive) {
|
|
1834
|
+
this.abortForCopyInPipeline();
|
|
1835
|
+
return;
|
|
1836
|
+
}
|
|
1837
|
+
// CopyOutResponse during execSimple (no active CopyOut driver) — the
|
|
1838
|
+
// common path is `COPY ... TO STDOUT` as one segment of a `\;`-chained
|
|
1839
|
+
// simple-query batch. We accumulate the CopyData payloads onto the
|
|
1840
|
+
// current ResultSet's `copyOutBytes` so the renderer emits them at
|
|
1841
|
+
// the result's position in the chain — instead of streaming them
|
|
1842
|
+
// straight to a sink at receive time, which would hoist the COPY
|
|
1843
|
+
// bytes above any tuples-producing results that haven't been
|
|
1844
|
+
// rendered yet (see hunk 5722-5730 in regress/psql).
|
|
1845
|
+
this.copyOutMidBatchActive = true;
|
|
1846
|
+
q.current = q.current ?? {
|
|
1847
|
+
command: '',
|
|
1848
|
+
rowCount: null,
|
|
1849
|
+
oid: null,
|
|
1850
|
+
fields: [],
|
|
1851
|
+
rows: [],
|
|
1852
|
+
notices: [],
|
|
1853
|
+
};
|
|
1854
|
+
q.current.copyOutBytes = q.current.copyOutBytes ?? [];
|
|
1855
|
+
return;
|
|
1856
|
+
}
|
|
1857
|
+
case 'CopyData': {
|
|
1858
|
+
// CopyData arrives during execSimple only when we're in the mid-batch
|
|
1859
|
+
// COPY-OUT phase (CopyOutResponse flipped the flag above). Stash the
|
|
1860
|
+
// payload on the current result's `copyOutBytes` so the caller can
|
|
1861
|
+
// render in order. Anything else is a protocol error.
|
|
1862
|
+
if (this.copyOutMidBatchActive) {
|
|
1863
|
+
const cur = q.current;
|
|
1864
|
+
if (cur) {
|
|
1865
|
+
cur.copyOutBytes = cur.copyOutBytes ?? [];
|
|
1866
|
+
cur.copyOutBytes.push(msg.data);
|
|
1867
|
+
}
|
|
1868
|
+
return;
|
|
1869
|
+
}
|
|
1870
|
+
q.error = {
|
|
1871
|
+
severity: 'ERROR',
|
|
1872
|
+
message: 'Unexpected backend message during query: CopyData',
|
|
1873
|
+
};
|
|
1874
|
+
return;
|
|
1875
|
+
}
|
|
1876
|
+
case 'CopyDone': {
|
|
1877
|
+
// Server signals end of COPY-OUT data — next message will be
|
|
1878
|
+
// CommandComplete for the COPY statement, then the batch resumes.
|
|
1879
|
+
if (this.copyOutMidBatchActive) {
|
|
1880
|
+
this.copyOutMidBatchActive = false;
|
|
1881
|
+
return;
|
|
1882
|
+
}
|
|
1883
|
+
q.error = {
|
|
1884
|
+
severity: 'ERROR',
|
|
1885
|
+
message: 'Unexpected backend message during query: CopyDone',
|
|
1886
|
+
};
|
|
1887
|
+
return;
|
|
1888
|
+
}
|
|
1889
|
+
case 'CopyBothResponse': {
|
|
1890
|
+
// Walsender (`replication=database` / `replication=true`) commands
|
|
1891
|
+
// such as `START_REPLICATION` transition the connection into a
|
|
1892
|
+
// CopyBoth streaming phase (WAL records flowing from server +
|
|
1893
|
+
// keepalive replies flowing from client). This client does not
|
|
1894
|
+
// implement WAL streaming — upstream libpq's `PQexec` similarly
|
|
1895
|
+
// refuses to handle PGRES_COPY_BOTH and surfaces a diagnostic. We
|
|
1896
|
+
// mirror that: reject the pending query with a "syntax error" style
|
|
1897
|
+
// message (matching the conformance assertion) and tear the socket
|
|
1898
|
+
// down so the next query / process exit is clean.
|
|
1899
|
+
const cbErr = {
|
|
1900
|
+
severity: 'ERROR',
|
|
1901
|
+
code: '0A000',
|
|
1902
|
+
message: 'syntax error: unexpected CopyBothResponse from server (replication streaming is not supported by this client)',
|
|
1903
|
+
};
|
|
1904
|
+
q.error = cbErr;
|
|
1905
|
+
q.reject(asThrowable(cbErr));
|
|
1906
|
+
this.pendingQuery = null;
|
|
1907
|
+
this.socketError = new Error(cbErr.message);
|
|
1908
|
+
try {
|
|
1909
|
+
this.socket.destroy();
|
|
1910
|
+
}
|
|
1911
|
+
catch {
|
|
1912
|
+
// ignore
|
|
1913
|
+
}
|
|
1914
|
+
this.state = 'closed';
|
|
1915
|
+
return;
|
|
1916
|
+
}
|
|
1917
|
+
default:
|
|
1918
|
+
// Unknown messages during a query are protocol errors but not fatal
|
|
1919
|
+
// for the connection — record them.
|
|
1920
|
+
q.error = {
|
|
1921
|
+
severity: 'ERROR',
|
|
1922
|
+
message: `Unexpected backend message during query: ${msg.type}`,
|
|
1923
|
+
};
|
|
1924
|
+
return;
|
|
1925
|
+
}
|
|
1926
|
+
}
|
|
1927
|
+
// -------------------------------------------------------------------------
|
|
1928
|
+
// Socket → parser → state dispatch
|
|
1929
|
+
// -------------------------------------------------------------------------
|
|
1930
|
+
onData(chunk) {
|
|
1931
|
+
let messages;
|
|
1932
|
+
try {
|
|
1933
|
+
messages = this.parser.feed(chunk);
|
|
1934
|
+
}
|
|
1935
|
+
catch (err) {
|
|
1936
|
+
this.socketError = err instanceof Error ? err : new Error(String(err));
|
|
1937
|
+
this.failPending(this.socketError);
|
|
1938
|
+
try {
|
|
1939
|
+
this.socket.destroy();
|
|
1940
|
+
}
|
|
1941
|
+
catch {
|
|
1942
|
+
// ignore
|
|
1943
|
+
}
|
|
1944
|
+
this.state = 'closed';
|
|
1945
|
+
return;
|
|
1946
|
+
}
|
|
1947
|
+
for (const msg of messages) {
|
|
1948
|
+
this.dispatch(msg);
|
|
1949
|
+
if (this.state === 'closed')
|
|
1950
|
+
break;
|
|
1951
|
+
}
|
|
1952
|
+
}
|
|
1953
|
+
dispatch(msg) {
|
|
1954
|
+
// Async backend messages always allowed. NotificationResponse can arrive
|
|
1955
|
+
// in *any* state since LISTEN payloads come in whenever a NOTIFY fires.
|
|
1956
|
+
if (msg.type === 'NotificationResponse') {
|
|
1957
|
+
this.notify.emitNotification(msg.channel, msg.payload, msg.processId);
|
|
1958
|
+
return;
|
|
1959
|
+
}
|
|
1960
|
+
switch (this.state) {
|
|
1961
|
+
case 'auth':
|
|
1962
|
+
this.handleAuthMessage(msg);
|
|
1963
|
+
return;
|
|
1964
|
+
case 'await-ready':
|
|
1965
|
+
this.handleAwaitReady(msg);
|
|
1966
|
+
return;
|
|
1967
|
+
case 'idle':
|
|
1968
|
+
// ParameterStatus changes can arrive asynchronously (SET).
|
|
1969
|
+
if (msg.type === 'ParameterStatus') {
|
|
1970
|
+
this.params.set(msg.name, msg.value);
|
|
1971
|
+
if (msg.name === 'server_version') {
|
|
1972
|
+
this.serverVersion = parseServerVersion(msg.value);
|
|
1973
|
+
}
|
|
1974
|
+
return;
|
|
1975
|
+
}
|
|
1976
|
+
if (msg.type === 'NoticeResponse') {
|
|
1977
|
+
this.notify.emit(fieldsToNotice(msg.fields));
|
|
1978
|
+
return;
|
|
1979
|
+
}
|
|
1980
|
+
// (NotificationResponse is handled by the early-out above.)
|
|
1981
|
+
// Anything else in idle is unexpected.
|
|
1982
|
+
this.socketError = new Error(`Unexpected ${msg.type} in idle state`);
|
|
1983
|
+
try {
|
|
1984
|
+
this.socket.destroy();
|
|
1985
|
+
}
|
|
1986
|
+
catch {
|
|
1987
|
+
// ignore
|
|
1988
|
+
}
|
|
1989
|
+
this.state = 'closed';
|
|
1990
|
+
return;
|
|
1991
|
+
case 'in-query':
|
|
1992
|
+
this.handleQueryMessage(msg);
|
|
1993
|
+
return;
|
|
1994
|
+
case 'in-extended':
|
|
1995
|
+
this.handleExtendedMessage(msg);
|
|
1996
|
+
return;
|
|
1997
|
+
case 'in-copy-in':
|
|
1998
|
+
this.handleCopyInMessage(msg);
|
|
1999
|
+
return;
|
|
2000
|
+
case 'in-copy-out':
|
|
2001
|
+
this.handleCopyOutMessage(msg);
|
|
2002
|
+
return;
|
|
2003
|
+
case 'closed':
|
|
2004
|
+
return;
|
|
2005
|
+
}
|
|
2006
|
+
}
|
|
2007
|
+
failPending(err) {
|
|
2008
|
+
if (this.pendingQuery) {
|
|
2009
|
+
const q = this.pendingQuery;
|
|
2010
|
+
this.pendingQuery = null;
|
|
2011
|
+
// If the server delivered an ErrorResponse just before the socket
|
|
2012
|
+
// closed (e.g. a FATAL "terminating connection due to administrator
|
|
2013
|
+
// command" when the backend is killed mid-query), prefer that
|
|
2014
|
+
// structured error over the generic "Socket closed" fallback so the
|
|
2015
|
+
// diagnostic carries the server's wording. Mirrors libpq's behaviour
|
|
2016
|
+
// where `PQexec` surfaces the FATAL message and `PQerrorMessage`
|
|
2017
|
+
// returns the server-supplied text.
|
|
2018
|
+
//
|
|
2019
|
+
// `q.error` is initialised to `null` by `execSimple`; only a non-null
|
|
2020
|
+
// value indicates a server-side ErrorResponse was actually captured.
|
|
2021
|
+
q.reject(q.error != null ? asThrowable(q.error) : err);
|
|
2022
|
+
}
|
|
2023
|
+
if (this.extDriver) {
|
|
2024
|
+
const d = this.extDriver;
|
|
2025
|
+
this.extDriver = null;
|
|
2026
|
+
for (const op of d.queue)
|
|
2027
|
+
op.reject(err);
|
|
2028
|
+
}
|
|
2029
|
+
if (this.startupReject) {
|
|
2030
|
+
const r = this.startupReject;
|
|
2031
|
+
this.startupResolve = null;
|
|
2032
|
+
this.startupReject = null;
|
|
2033
|
+
r(err);
|
|
2034
|
+
}
|
|
2035
|
+
if (this.copyStartReject) {
|
|
2036
|
+
const r = this.copyStartReject;
|
|
2037
|
+
this.copyStartResolve = null;
|
|
2038
|
+
this.copyStartReject = null;
|
|
2039
|
+
r(err);
|
|
2040
|
+
}
|
|
2041
|
+
if (this.copyIn) {
|
|
2042
|
+
const d = this.copyIn;
|
|
2043
|
+
this.copyIn = null;
|
|
2044
|
+
if (d.rejectDone)
|
|
2045
|
+
d.rejectDone(err);
|
|
2046
|
+
}
|
|
2047
|
+
if (this.copyOut) {
|
|
2048
|
+
const d = this.copyOut;
|
|
2049
|
+
this.copyOut = null;
|
|
2050
|
+
d.error =
|
|
2051
|
+
err instanceof Error
|
|
2052
|
+
? { severity: 'ERROR', message: err.message }
|
|
2053
|
+
: { severity: 'ERROR', message: String(err) };
|
|
2054
|
+
if (d.waker) {
|
|
2055
|
+
const w = d.waker;
|
|
2056
|
+
d.waker = null;
|
|
2057
|
+
w();
|
|
2058
|
+
}
|
|
2059
|
+
}
|
|
2060
|
+
}
|
|
2061
|
+
ensureIdle() {
|
|
2062
|
+
if (this.state === 'closed') {
|
|
2063
|
+
throw new Error('PgConnection: connection is closed');
|
|
2064
|
+
}
|
|
2065
|
+
if (this.state !== 'idle' && this.state !== 'in-extended') {
|
|
2066
|
+
throw new Error(`PgConnection: cannot start query in state ${this.state}`);
|
|
2067
|
+
}
|
|
2068
|
+
}
|
|
2069
|
+
// -------------------------------------------------------------------------
|
|
2070
|
+
// Extended-protocol driver (WP-21).
|
|
2071
|
+
//
|
|
2072
|
+
// Each public enqueueX method appends one op to `extDriver.queue` and
|
|
2073
|
+
// returns a Promise that resolves when the op's terminator backend message
|
|
2074
|
+
// arrives. The caller is responsible for writing the matching wire frame
|
|
2075
|
+
// (Parse/Bind/Describe/Execute/Close/Sync) to the socket.
|
|
2076
|
+
// -------------------------------------------------------------------------
|
|
2077
|
+
startExtendedBatch() {
|
|
2078
|
+
if (this.state === 'idle') {
|
|
2079
|
+
this.state = 'in-extended';
|
|
2080
|
+
this.extDriver = { queue: [], error: null };
|
|
2081
|
+
}
|
|
2082
|
+
else if (this.state !== 'in-extended') {
|
|
2083
|
+
throw new Error(`PgConnection: cannot start extended batch in state ${this.state}`);
|
|
2084
|
+
}
|
|
2085
|
+
else if (!this.extDriver) {
|
|
2086
|
+
this.extDriver = { queue: [], error: null };
|
|
2087
|
+
}
|
|
2088
|
+
}
|
|
2089
|
+
writeRaw(buf) {
|
|
2090
|
+
this.socket.write(buf);
|
|
2091
|
+
}
|
|
2092
|
+
enqueueParse() {
|
|
2093
|
+
return this.enqueueOp({
|
|
2094
|
+
kind: 'parse',
|
|
2095
|
+
resolve: () => undefined,
|
|
2096
|
+
reject: () => undefined,
|
|
2097
|
+
});
|
|
2098
|
+
}
|
|
2099
|
+
enqueueBind() {
|
|
2100
|
+
return this.enqueueOp({
|
|
2101
|
+
kind: 'bind',
|
|
2102
|
+
resolve: () => undefined,
|
|
2103
|
+
reject: () => undefined,
|
|
2104
|
+
});
|
|
2105
|
+
}
|
|
2106
|
+
enqueueDescribeStatement() {
|
|
2107
|
+
return this.enqueueOp({
|
|
2108
|
+
kind: 'describeS',
|
|
2109
|
+
resolve: () => undefined,
|
|
2110
|
+
reject: () => undefined,
|
|
2111
|
+
paramOids: null,
|
|
2112
|
+
});
|
|
2113
|
+
}
|
|
2114
|
+
enqueueDescribePortal() {
|
|
2115
|
+
return this.enqueueOp({
|
|
2116
|
+
kind: 'describeP',
|
|
2117
|
+
resolve: () => undefined,
|
|
2118
|
+
reject: () => undefined,
|
|
2119
|
+
});
|
|
2120
|
+
}
|
|
2121
|
+
/**
|
|
2122
|
+
* Variant of {@link enqueueDescribePortal} that pipes the resolved fields
|
|
2123
|
+
* onto the very next `execute` op already (or yet to be) on the queue.
|
|
2124
|
+
*/
|
|
2125
|
+
enqueueDescribePortalIntoNextExecute() {
|
|
2126
|
+
const driver = this.extDriver;
|
|
2127
|
+
if (!driver) {
|
|
2128
|
+
return Promise.reject(new Error('enqueueDescribePortalIntoNextExecute: not in extended state'));
|
|
2129
|
+
}
|
|
2130
|
+
return new Promise((resolve, reject) => {
|
|
2131
|
+
driver.queue.push({
|
|
2132
|
+
kind: 'describeP',
|
|
2133
|
+
resolve: (v) => {
|
|
2134
|
+
const fields = v;
|
|
2135
|
+
for (const op of driver.queue) {
|
|
2136
|
+
if (op.kind === 'execute' && op.fields === null) {
|
|
2137
|
+
op.fields = fields;
|
|
2138
|
+
break;
|
|
2139
|
+
}
|
|
2140
|
+
}
|
|
2141
|
+
resolve();
|
|
2142
|
+
},
|
|
2143
|
+
reject,
|
|
2144
|
+
});
|
|
2145
|
+
});
|
|
2146
|
+
}
|
|
2147
|
+
enqueueExecute() {
|
|
2148
|
+
return this.enqueueOp({
|
|
2149
|
+
kind: 'execute',
|
|
2150
|
+
resolve: () => undefined,
|
|
2151
|
+
reject: () => undefined,
|
|
2152
|
+
current: null,
|
|
2153
|
+
notices: [],
|
|
2154
|
+
fields: null,
|
|
2155
|
+
});
|
|
2156
|
+
}
|
|
2157
|
+
enqueueExecuteWithFields(fields) {
|
|
2158
|
+
return this.enqueueOp({
|
|
2159
|
+
kind: 'execute',
|
|
2160
|
+
resolve: () => undefined,
|
|
2161
|
+
reject: () => undefined,
|
|
2162
|
+
current: null,
|
|
2163
|
+
notices: [],
|
|
2164
|
+
fields,
|
|
2165
|
+
});
|
|
2166
|
+
}
|
|
2167
|
+
enqueueClose() {
|
|
2168
|
+
return this.enqueueOp({
|
|
2169
|
+
kind: 'close',
|
|
2170
|
+
resolve: () => undefined,
|
|
2171
|
+
reject: () => undefined,
|
|
2172
|
+
});
|
|
2173
|
+
}
|
|
2174
|
+
enqueueSync() {
|
|
2175
|
+
return this.enqueueOp({
|
|
2176
|
+
kind: 'sync',
|
|
2177
|
+
resolve: () => undefined,
|
|
2178
|
+
reject: () => undefined,
|
|
2179
|
+
});
|
|
2180
|
+
}
|
|
2181
|
+
enqueueOp(opSkeleton) {
|
|
2182
|
+
if (!this.extDriver) {
|
|
2183
|
+
return Promise.reject(new Error('enqueueOp: not in extended state'));
|
|
2184
|
+
}
|
|
2185
|
+
const driver = this.extDriver;
|
|
2186
|
+
return new Promise((resolve, reject) => {
|
|
2187
|
+
const op = opSkeleton;
|
|
2188
|
+
op.resolve = resolve;
|
|
2189
|
+
op.reject = reject;
|
|
2190
|
+
driver.queue.push(op);
|
|
2191
|
+
});
|
|
2192
|
+
}
|
|
2193
|
+
handleExtendedMessage(msg) {
|
|
2194
|
+
const driver = this.extDriver;
|
|
2195
|
+
if (!driver)
|
|
2196
|
+
return;
|
|
2197
|
+
if (msg.type === 'ParameterStatus') {
|
|
2198
|
+
this.params.set(msg.name, msg.value);
|
|
2199
|
+
if (msg.name === 'server_version') {
|
|
2200
|
+
this.serverVersion = parseServerVersion(msg.value);
|
|
2201
|
+
}
|
|
2202
|
+
return;
|
|
2203
|
+
}
|
|
2204
|
+
if (msg.type === 'NoticeResponse') {
|
|
2205
|
+
const notice = fieldsToNotice(msg.fields);
|
|
2206
|
+
this.notify.emit(notice);
|
|
2207
|
+
const head = driver.queue[0];
|
|
2208
|
+
if (head && head.kind === 'execute')
|
|
2209
|
+
head.notices.push(notice);
|
|
2210
|
+
return;
|
|
2211
|
+
}
|
|
2212
|
+
if (msg.type === 'NotificationResponse') {
|
|
2213
|
+
this.notify.emitNotification(msg.channel, msg.payload, msg.processId);
|
|
2214
|
+
return;
|
|
2215
|
+
}
|
|
2216
|
+
if (msg.type === 'ErrorResponse') {
|
|
2217
|
+
driver.error = fieldsToConnectError(msg.fields);
|
|
2218
|
+
// Reject ALL queued non-sync ops eagerly. Upstream server semantics:
|
|
2219
|
+
// once a P/B/D/E op errors, the server skips every subsequent message
|
|
2220
|
+
// until the next Sync. If the client (e.g. `\flushrequest` + `\getresults`
|
|
2221
|
+
// after an aborted bind) doesn't issue Sync next, no further wire
|
|
2222
|
+
// messages will arrive — so we must cascade-reject the rest of the
|
|
2223
|
+
// queue NOW or those promises hang forever.
|
|
2224
|
+
//
|
|
2225
|
+
// Mirror libpq's `PGRES_PIPELINE_ABORTED` marker for follow-on ops:
|
|
2226
|
+
// the FIRST failing op carries the real `ErrorResponse` payload,
|
|
2227
|
+
// every subsequent op gets a synthetic "Pipeline aborted, command
|
|
2228
|
+
// did not run" error so `\getresults` / `\endpipeline` can
|
|
2229
|
+
// distinguish the originating ERROR from the cascaded skips. See
|
|
2230
|
+
// upstream `pqPipelineProcessQueue` in `fe-exec.c`.
|
|
2231
|
+
let first = true;
|
|
2232
|
+
while (driver.queue.length > 0) {
|
|
2233
|
+
const head = driver.queue[0];
|
|
2234
|
+
if (head.kind === 'sync')
|
|
2235
|
+
break;
|
|
2236
|
+
driver.queue.shift();
|
|
2237
|
+
if (first) {
|
|
2238
|
+
head.reject(driver.error);
|
|
2239
|
+
first = false;
|
|
2240
|
+
}
|
|
2241
|
+
else {
|
|
2242
|
+
head.reject(pipelineAbortedError());
|
|
2243
|
+
}
|
|
2244
|
+
}
|
|
2245
|
+
return;
|
|
2246
|
+
}
|
|
2247
|
+
// COPY-in-pipeline: when an `Execute` in pipeline mode hits a
|
|
2248
|
+
// `COPY ... FROM STDIN` / `COPY ... TO STDOUT`, the server replies
|
|
2249
|
+
// with `CopyInResponse` / `CopyOutResponse` instead of the usual
|
|
2250
|
+
// result-stream messages. Upstream libpq refuses the combination
|
|
2251
|
+
// with "COPY in a pipeline is not supported, aborting connection"
|
|
2252
|
+
// and tears the connection down. Mirror that so `\startpipeline +
|
|
2253
|
+
// COPY ...` surfaces the expected fatal error rather than hanging
|
|
2254
|
+
// on a response the extended driver doesn't know how to consume.
|
|
2255
|
+
if (msg.type === 'CopyInResponse' || msg.type === 'CopyOutResponse') {
|
|
2256
|
+
this.abortForCopyInPipeline();
|
|
2257
|
+
return;
|
|
2258
|
+
}
|
|
2259
|
+
// Drain any ops added to the queue AFTER the initial cascade-reject
|
|
2260
|
+
// (e.g. a `\sendpipeline` issued by the user once `\getresults`
|
|
2261
|
+
// returned the first ErrorResponse) — those ops were never visible
|
|
2262
|
+
// to the original cascade loop, but the server skipped them too
|
|
2263
|
+
// because it stays in PIPELINE_ABORTED until the next Sync. Mark
|
|
2264
|
+
// them as cascaded (`pipelineAborted`) rather than the real error:
|
|
2265
|
+
// libpq surfaces the real error only on the OP that actually
|
|
2266
|
+
// failed, and stamps every subsequent skipped op with the
|
|
2267
|
+
// PGRES_PIPELINE_ABORTED marker. The cmd layer's `\getresults` /
|
|
2268
|
+
// `\endpipeline` paths render the marker as
|
|
2269
|
+
// `Pipeline aborted, command did not run` (no `ERROR:` prefix).
|
|
2270
|
+
while (driver.error !== null) {
|
|
2271
|
+
const head = driver.queue[0];
|
|
2272
|
+
if (!head || head.kind === 'sync')
|
|
2273
|
+
break;
|
|
2274
|
+
driver.queue.shift();
|
|
2275
|
+
head.reject(pipelineAbortedError());
|
|
2276
|
+
}
|
|
2277
|
+
const head = driver.queue[0];
|
|
2278
|
+
if (!head) {
|
|
2279
|
+
this.protocolFail(new Error(`Unexpected backend message ${msg.type} in in-extended`));
|
|
2280
|
+
return;
|
|
2281
|
+
}
|
|
2282
|
+
switch (msg.type) {
|
|
2283
|
+
case 'ParseComplete':
|
|
2284
|
+
if (head.kind !== 'parse') {
|
|
2285
|
+
this.protocolFail(new Error('ParseComplete arrived but head op is ' + head.kind));
|
|
2286
|
+
return;
|
|
2287
|
+
}
|
|
2288
|
+
driver.queue.shift();
|
|
2289
|
+
head.resolve(undefined);
|
|
2290
|
+
return;
|
|
2291
|
+
case 'BindComplete':
|
|
2292
|
+
if (head.kind !== 'bind') {
|
|
2293
|
+
this.protocolFail(new Error('BindComplete arrived but head op is ' + head.kind));
|
|
2294
|
+
return;
|
|
2295
|
+
}
|
|
2296
|
+
driver.queue.shift();
|
|
2297
|
+
head.resolve(undefined);
|
|
2298
|
+
return;
|
|
2299
|
+
case 'CloseComplete':
|
|
2300
|
+
if (head.kind !== 'close') {
|
|
2301
|
+
this.protocolFail(new Error('CloseComplete arrived but head op is ' + head.kind));
|
|
2302
|
+
return;
|
|
2303
|
+
}
|
|
2304
|
+
driver.queue.shift();
|
|
2305
|
+
head.resolve(undefined);
|
|
2306
|
+
return;
|
|
2307
|
+
case 'ParameterDescription':
|
|
2308
|
+
if (head.kind !== 'describeS') {
|
|
2309
|
+
this.protocolFail(new Error('ParameterDescription arrived but head op is ' + head.kind));
|
|
2310
|
+
return;
|
|
2311
|
+
}
|
|
2312
|
+
head.paramOids = msg.oids;
|
|
2313
|
+
return;
|
|
2314
|
+
case 'RowDescription':
|
|
2315
|
+
if (head.kind === 'describeS') {
|
|
2316
|
+
driver.queue.shift();
|
|
2317
|
+
head.resolve({
|
|
2318
|
+
paramOids: head.paramOids ?? [],
|
|
2319
|
+
fields: msg.fields,
|
|
2320
|
+
});
|
|
2321
|
+
return;
|
|
2322
|
+
}
|
|
2323
|
+
if (head.kind === 'describeP') {
|
|
2324
|
+
driver.queue.shift();
|
|
2325
|
+
head.resolve(msg.fields);
|
|
2326
|
+
return;
|
|
2327
|
+
}
|
|
2328
|
+
if (head.kind === 'execute') {
|
|
2329
|
+
head.current = {
|
|
2330
|
+
command: '',
|
|
2331
|
+
rowCount: null,
|
|
2332
|
+
oid: null,
|
|
2333
|
+
fields: msg.fields,
|
|
2334
|
+
rows: [],
|
|
2335
|
+
notices: [],
|
|
2336
|
+
};
|
|
2337
|
+
head.fields = msg.fields;
|
|
2338
|
+
return;
|
|
2339
|
+
}
|
|
2340
|
+
this.protocolFail(new Error('Unexpected RowDescription at head op ' + head.kind));
|
|
2341
|
+
return;
|
|
2342
|
+
case 'NoData':
|
|
2343
|
+
if (head.kind === 'describeS') {
|
|
2344
|
+
driver.queue.shift();
|
|
2345
|
+
head.resolve({ paramOids: head.paramOids ?? [], fields: [] });
|
|
2346
|
+
return;
|
|
2347
|
+
}
|
|
2348
|
+
if (head.kind === 'describeP') {
|
|
2349
|
+
driver.queue.shift();
|
|
2350
|
+
head.resolve([]);
|
|
2351
|
+
return;
|
|
2352
|
+
}
|
|
2353
|
+
this.protocolFail(new Error('Unexpected NoData at head op ' + head.kind));
|
|
2354
|
+
return;
|
|
2355
|
+
case 'DataRow': {
|
|
2356
|
+
if (head.kind !== 'execute') {
|
|
2357
|
+
this.protocolFail(new Error('DataRow at head op ' + head.kind));
|
|
2358
|
+
return;
|
|
2359
|
+
}
|
|
2360
|
+
const fields = head.fields ?? head.current?.fields ?? [];
|
|
2361
|
+
if (!head.current) {
|
|
2362
|
+
head.current = {
|
|
2363
|
+
command: '',
|
|
2364
|
+
rowCount: null,
|
|
2365
|
+
oid: null,
|
|
2366
|
+
fields,
|
|
2367
|
+
rows: [],
|
|
2368
|
+
notices: [],
|
|
2369
|
+
};
|
|
2370
|
+
}
|
|
2371
|
+
head.current.rows.push(decodeDataRow(msg.values, fields));
|
|
2372
|
+
return;
|
|
2373
|
+
}
|
|
2374
|
+
case 'CommandComplete': {
|
|
2375
|
+
if (head.kind !== 'execute') {
|
|
2376
|
+
this.protocolFail(new Error('CommandComplete at head op ' + head.kind));
|
|
2377
|
+
return;
|
|
2378
|
+
}
|
|
2379
|
+
const { command, rowCount, oid } = parseCommandTag(msg.tag);
|
|
2380
|
+
const set = head.current ?? {
|
|
2381
|
+
command,
|
|
2382
|
+
rowCount,
|
|
2383
|
+
oid,
|
|
2384
|
+
fields: head.fields ?? [],
|
|
2385
|
+
rows: [],
|
|
2386
|
+
notices: [],
|
|
2387
|
+
};
|
|
2388
|
+
set.command = command;
|
|
2389
|
+
set.rowCount = rowCount;
|
|
2390
|
+
set.oid = oid;
|
|
2391
|
+
set.notices = head.notices.splice(0);
|
|
2392
|
+
driver.queue.shift();
|
|
2393
|
+
head.resolve(set);
|
|
2394
|
+
return;
|
|
2395
|
+
}
|
|
2396
|
+
case 'EmptyQueryResponse': {
|
|
2397
|
+
if (head.kind !== 'execute') {
|
|
2398
|
+
this.protocolFail(new Error('EmptyQueryResponse at head op ' + head.kind));
|
|
2399
|
+
return;
|
|
2400
|
+
}
|
|
2401
|
+
const set = {
|
|
2402
|
+
command: '',
|
|
2403
|
+
rowCount: null,
|
|
2404
|
+
oid: null,
|
|
2405
|
+
fields: [],
|
|
2406
|
+
rows: [],
|
|
2407
|
+
notices: head.notices.splice(0),
|
|
2408
|
+
};
|
|
2409
|
+
driver.queue.shift();
|
|
2410
|
+
head.resolve(set);
|
|
2411
|
+
return;
|
|
2412
|
+
}
|
|
2413
|
+
case 'PortalSuspended': {
|
|
2414
|
+
if (head.kind !== 'execute') {
|
|
2415
|
+
this.protocolFail(new Error('PortalSuspended at head op ' + head.kind));
|
|
2416
|
+
return;
|
|
2417
|
+
}
|
|
2418
|
+
const set = head.current ?? {
|
|
2419
|
+
command: '',
|
|
2420
|
+
rowCount: null,
|
|
2421
|
+
oid: null,
|
|
2422
|
+
fields: head.fields ?? [],
|
|
2423
|
+
rows: [],
|
|
2424
|
+
notices: head.notices.splice(0),
|
|
2425
|
+
};
|
|
2426
|
+
set.notices = head.notices.splice(0);
|
|
2427
|
+
driver.queue.shift();
|
|
2428
|
+
head.resolve(set);
|
|
2429
|
+
return;
|
|
2430
|
+
}
|
|
2431
|
+
case 'ReadyForQuery': {
|
|
2432
|
+
this.txStatus = msg.status;
|
|
2433
|
+
if (head.kind !== 'sync') {
|
|
2434
|
+
this.protocolFail(new Error('ReadyForQuery but head op is ' + head.kind));
|
|
2435
|
+
return;
|
|
2436
|
+
}
|
|
2437
|
+
driver.queue.shift();
|
|
2438
|
+
const stickyErr = driver.error;
|
|
2439
|
+
driver.error = null;
|
|
2440
|
+
if (stickyErr) {
|
|
2441
|
+
head.reject(stickyErr);
|
|
2442
|
+
}
|
|
2443
|
+
else {
|
|
2444
|
+
head.resolve(undefined);
|
|
2445
|
+
}
|
|
2446
|
+
if (driver.queue.length === 0 && !this._extPipelineActive) {
|
|
2447
|
+
this.state = 'idle';
|
|
2448
|
+
this.extDriver = null;
|
|
2449
|
+
}
|
|
2450
|
+
return;
|
|
2451
|
+
}
|
|
2452
|
+
default:
|
|
2453
|
+
this.protocolFail(new Error(`Unexpected ${msg.type} in in-extended state`));
|
|
2454
|
+
return;
|
|
2455
|
+
}
|
|
2456
|
+
}
|
|
2457
|
+
protocolFail(err) {
|
|
2458
|
+
this.socketError = err;
|
|
2459
|
+
this.failPending(err);
|
|
2460
|
+
try {
|
|
2461
|
+
this.socket.destroy();
|
|
2462
|
+
}
|
|
2463
|
+
catch {
|
|
2464
|
+
// ignore
|
|
2465
|
+
}
|
|
2466
|
+
this.state = 'closed';
|
|
2467
|
+
}
|
|
2468
|
+
/**
|
|
2469
|
+
* Abort the connection because the server replied with CopyInResponse /
|
|
2470
|
+
* CopyOutResponse while a pipeline (`_extPipelineActive`) was active.
|
|
2471
|
+
* Upstream libpq emits the exact diagnostic
|
|
2472
|
+
* `"COPY in a pipeline is not supported, aborting connection"` and tears
|
|
2473
|
+
* the socket down — we mirror that. Pending operations are rejected; the
|
|
2474
|
+
* connection is left in `closed` so subsequent commands fail cleanly
|
|
2475
|
+
* (matching the "aborting connection" promise).
|
|
2476
|
+
*/
|
|
2477
|
+
abortForCopyInPipeline() {
|
|
2478
|
+
const err = {
|
|
2479
|
+
severity: 'FATAL',
|
|
2480
|
+
message: 'COPY in a pipeline is not supported, aborting connection',
|
|
2481
|
+
};
|
|
2482
|
+
this.socketError = new Error(err.message);
|
|
2483
|
+
this.failPending(err);
|
|
2484
|
+
try {
|
|
2485
|
+
this.socket.destroy();
|
|
2486
|
+
}
|
|
2487
|
+
catch {
|
|
2488
|
+
// ignore
|
|
2489
|
+
}
|
|
2490
|
+
this.state = 'closed';
|
|
2491
|
+
}
|
|
2492
|
+
}
|
|
2493
|
+
// -------------------------------------------------------------------------
|
|
2494
|
+
// Public factory
|
|
2495
|
+
// -------------------------------------------------------------------------
|
|
2496
|
+
/**
|
|
2497
|
+
* Pluggable random source for `load_balance_hosts=random`. Public so tests
|
|
2498
|
+
* can inject a deterministic permutation; production code leaves it `null`
|
|
2499
|
+
* and falls back to `Math.random`. NOT part of the connection's external
|
|
2500
|
+
* contract — internal-only escape hatch.
|
|
2501
|
+
*/
|
|
2502
|
+
PgConnection._loadBalanceRng = null;
|
|
2503
|
+
/**
|
|
2504
|
+
* Pluggable DNS resolver for the multi-IP host fan-out (libpq's
|
|
2505
|
+
* `getaddrinfo`-then-iterate behaviour, exercised by upstream's
|
|
2506
|
+
* `004_load_balance_dns.pl`). Tests inject a fake to drive a hostname
|
|
2507
|
+
* through a fixed IP set without touching the real resolver; production
|
|
2508
|
+
* code leaves it `null` and falls back to `dns.lookup(host, {all: true})`.
|
|
2509
|
+
* Returning an empty array signals "treat as unresolvable" and the
|
|
2510
|
+
* candidate is dropped from the iteration set (matching libpq's "no
|
|
2511
|
+
* results from getaddrinfo" path).
|
|
2512
|
+
*/
|
|
2513
|
+
PgConnection._dnsLookupAll = null;
|
|
2514
|
+
// ---------------------------------------------------------------------------
|
|
2515
|
+
// Socket open helper. Supports TCP (default) and Unix-domain sockets when
|
|
2516
|
+
// `opts.host` starts with `/` — matching libpq's `pqUnixSocketPath()` which
|
|
2517
|
+
// reads the directory from PGHOST and builds `<dir>/.s.PGSQL.<port>` as the
|
|
2518
|
+
// actual filesystem socket path.
|
|
2519
|
+
// ---------------------------------------------------------------------------
|
|
2520
|
+
/**
|
|
2521
|
+
* `true` if the host value should be interpreted as a Unix-domain socket
|
|
2522
|
+
* directory. libpq's rule: any value starting with `/` is a path.
|
|
2523
|
+
*/
|
|
2524
|
+
export function isUnixSocketHost(host) {
|
|
2525
|
+
return host.startsWith('/');
|
|
2526
|
+
}
|
|
2527
|
+
/**
|
|
2528
|
+
* Build the actual filesystem path Postgres listens on under a socket
|
|
2529
|
+
* directory: `<dir>/.s.PGSQL.<port>`. Mirrors the libpq layout so any
|
|
2530
|
+
* server started with `unix_socket_directories=<dir>` is reachable.
|
|
2531
|
+
*/
|
|
2532
|
+
export function unixSocketPath(dir, port) {
|
|
2533
|
+
return `${dir}/.s.PGSQL.${String(port)}`;
|
|
2534
|
+
}
|
|
2535
|
+
/**
|
|
2536
|
+
* Expand the configured (host, port) list by resolving each hostname to
|
|
2537
|
+
* its full set of A/AAAA records. Mirrors libpq's `getaddrinfo`-then-
|
|
2538
|
+
* iterate-all behaviour exercised by upstream's
|
|
2539
|
+
* `src/interfaces/libpq/t/004_load_balance_dns.pl`. Without this step a
|
|
2540
|
+
* single hostname that resolves to N IPs would only ever produce one
|
|
2541
|
+
* candidate (Node's `net.connect({host})` picks one address from the
|
|
2542
|
+
* lookup result), so `load_balance_hosts=random` couldn't shuffle across
|
|
2543
|
+
* the DNS-returned set.
|
|
2544
|
+
*
|
|
2545
|
+
* - Unix-domain socket paths (`/var/run/postgres`) are passed through
|
|
2546
|
+
* unchanged — they don't participate in DNS at all.
|
|
2547
|
+
* - IPv4/IPv6 literals are passed through unchanged — DNS resolution
|
|
2548
|
+
* would just round-trip them.
|
|
2549
|
+
* - Hostnames are resolved via `dns.lookup(host, {all: true})`. The
|
|
2550
|
+
* test seam `PgConnection._dnsLookupAll` overrides the resolver so
|
|
2551
|
+
* unit tests can drive a hostname through a fixed IP set without
|
|
2552
|
+
* touching the real DNS.
|
|
2553
|
+
* - A hostname that fails to resolve (or returns zero records) is
|
|
2554
|
+
* dropped from the iteration set. The connect loop's `lastErr`
|
|
2555
|
+
* surfaces the original error if every host fails.
|
|
2556
|
+
*/
|
|
2557
|
+
async function expandHostsViaDns(seed) {
|
|
2558
|
+
const out = [];
|
|
2559
|
+
for (const c of seed) {
|
|
2560
|
+
if (isUnixSocketHost(c.host) || net.isIP(c.host) !== 0) {
|
|
2561
|
+
// Unix-domain socket paths and IP literals don't go through DNS.
|
|
2562
|
+
// Leave `address` undefined so `openSocket` uses `host` directly.
|
|
2563
|
+
out.push({ host: c.host, port: c.port });
|
|
2564
|
+
continue;
|
|
2565
|
+
}
|
|
2566
|
+
let addrs;
|
|
2567
|
+
try {
|
|
2568
|
+
addrs = PgConnection._dnsLookupAll
|
|
2569
|
+
? await PgConnection._dnsLookupAll(c.host)
|
|
2570
|
+
: await dns.lookup(c.host, { all: true, family: 0 });
|
|
2571
|
+
}
|
|
2572
|
+
catch {
|
|
2573
|
+
// dns.lookup rejects with ENOTFOUND / EAI_AGAIN / EAI_NONAME on
|
|
2574
|
+
// resolution failure. Skip this host; the outer connect loop will
|
|
2575
|
+
// surface the failure via `lastErr` if every candidate is dropped.
|
|
2576
|
+
continue;
|
|
2577
|
+
}
|
|
2578
|
+
for (const a of addrs) {
|
|
2579
|
+
// Keep the ORIGINAL hostname on `host` so TLS SNI / verify-full
|
|
2580
|
+
// and `conn.host` see the user-typed name. The IP goes on
|
|
2581
|
+
// `address`, used only by `openSocket` for the actual TCP connect.
|
|
2582
|
+
out.push({ host: c.host, address: a.address, port: c.port });
|
|
2583
|
+
}
|
|
2584
|
+
}
|
|
2585
|
+
return out;
|
|
2586
|
+
}
|
|
2587
|
+
/**
|
|
2588
|
+
* Map a libpq protocol-version string (`TLSv1` / `TLSv1.1` / `TLSv1.2` /
|
|
2589
|
+
* `TLSv1.3`) to Node's `SecureVersion` literal. Returns `undefined` for
|
|
2590
|
+
* unset / empty input. Unknown values shouldn't reach here (the parsing
|
|
2591
|
+
* layer in `index.ts` validates them), but we return `undefined` rather than
|
|
2592
|
+
* casting so a stray value can't smuggle a bogus literal into Node's TLS
|
|
2593
|
+
* options.
|
|
2594
|
+
*/
|
|
2595
|
+
function toSecureVersion(value) {
|
|
2596
|
+
switch (value) {
|
|
2597
|
+
case 'TLSv1':
|
|
2598
|
+
case 'TLSv1.1':
|
|
2599
|
+
case 'TLSv1.2':
|
|
2600
|
+
case 'TLSv1.3':
|
|
2601
|
+
return value;
|
|
2602
|
+
default:
|
|
2603
|
+
return undefined;
|
|
2604
|
+
}
|
|
2605
|
+
}
|
|
2606
|
+
/**
|
|
2607
|
+
* Map libpq's `ssl_min_protocol_version` / `ssl_max_protocol_version` onto
|
|
2608
|
+
* Node's `tls.connect` `minVersion` / `maxVersion`. Unset values leave Node's
|
|
2609
|
+
* compiled-in defaults in place.
|
|
2610
|
+
*/
|
|
2611
|
+
function applyTlsProtocolVersionRange(tlsOpts, opts) {
|
|
2612
|
+
const min = toSecureVersion(opts.sslMinProtocolVersion);
|
|
2613
|
+
if (min !== undefined)
|
|
2614
|
+
tlsOpts.minVersion = min;
|
|
2615
|
+
const max = toSecureVersion(opts.sslMaxProtocolVersion);
|
|
2616
|
+
if (max !== undefined)
|
|
2617
|
+
tlsOpts.maxVersion = max;
|
|
2618
|
+
}
|
|
2619
|
+
/**
|
|
2620
|
+
* libpq `sslsni`: the TLS SNI servername to send, or `undefined` to suppress
|
|
2621
|
+
* the SNI extension entirely. `sslsni=0` (`opts.sslsni === false`) suppresses
|
|
2622
|
+
* it; unset / `sslsni=1` sends `opts.host` (libpq's default). Returned value
|
|
2623
|
+
* is spread into the `tls.connect` options as `servername`.
|
|
2624
|
+
*
|
|
2625
|
+
* Exported for unit tests.
|
|
2626
|
+
*/
|
|
2627
|
+
export function tlsServername(opts) {
|
|
2628
|
+
return opts.sslsni === false ? undefined : opts.host;
|
|
2629
|
+
}
|
|
2630
|
+
/**
|
|
2631
|
+
* Translate libpq's `keepalives` / `keepalives_idle` into the arguments for
|
|
2632
|
+
* Node's `socket.setKeepAlive(enable, initialDelay)`:
|
|
2633
|
+
* - `enable`: `false` only when `keepalives === false` (libpq `keepalives=0`);
|
|
2634
|
+
* unset / `true` keeps keepalives on (libpq default).
|
|
2635
|
+
* - `initialDelayMs`: `keepalives_idle` seconds → milliseconds, or
|
|
2636
|
+
* `undefined` to leave the OS default.
|
|
2637
|
+
*
|
|
2638
|
+
* libpq's `keepalives_interval` and `keepalives_count` have NO Node net API
|
|
2639
|
+
* equivalent (`setKeepAlive` exposes only enable + initial delay), so they are
|
|
2640
|
+
* intentionally not represented here.
|
|
2641
|
+
*
|
|
2642
|
+
* Exported for unit tests.
|
|
2643
|
+
*/
|
|
2644
|
+
export function keepAliveArgs(opts) {
|
|
2645
|
+
return {
|
|
2646
|
+
enable: opts.keepalives !== false,
|
|
2647
|
+
initialDelayMs: opts.keepalivesIdle !== undefined
|
|
2648
|
+
? opts.keepalivesIdle * 1000
|
|
2649
|
+
: undefined,
|
|
2650
|
+
};
|
|
2651
|
+
}
|
|
2652
|
+
/**
|
|
2653
|
+
* Derive the symmetric key length (in bits) from a negotiated TLS cipher
|
|
2654
|
+
* name, for the PG18 `\conninfo` "SSL Key Bits" row. Node's TLS API doesn't
|
|
2655
|
+
* expose the key length directly, so we parse it out of the cipher name the
|
|
2656
|
+
* way upstream's `SSL_CIPHER_get_bits` effectively reports it:
|
|
2657
|
+
*
|
|
2658
|
+
* - `AES_256` / `CHACHA20` → 256
|
|
2659
|
+
* - `AES_128` → 128
|
|
2660
|
+
* - otherwise, the first run of digits in the standard name (`…128…` etc.)
|
|
2661
|
+
* - `null` when no length can be determined.
|
|
2662
|
+
*
|
|
2663
|
+
* Both the OpenSSL standard name (`TLS_AES_256_GCM_SHA384`,
|
|
2664
|
+
* `ECDHE-RSA-AES128-GCM-SHA256`) and Node's IANA-style name are handled by
|
|
2665
|
+
* uppercasing and matching the keyword forms first. Exported for unit tests.
|
|
2666
|
+
*/
|
|
2667
|
+
export function sslKeyBitsFromCipher(name) {
|
|
2668
|
+
const upper = name.toUpperCase();
|
|
2669
|
+
if (upper.includes('CHACHA20'))
|
|
2670
|
+
return 256;
|
|
2671
|
+
if (upper.includes('AES_256') || upper.includes('AES256'))
|
|
2672
|
+
return 256;
|
|
2673
|
+
if (upper.includes('AES_128') || upper.includes('AES128'))
|
|
2674
|
+
return 128;
|
|
2675
|
+
if (upper.includes('AES_192') || upper.includes('AES192'))
|
|
2676
|
+
return 192;
|
|
2677
|
+
const digits = /(\d{2,4})/.exec(upper);
|
|
2678
|
+
if (digits) {
|
|
2679
|
+
const n = parseInt(digits[1], 10);
|
|
2680
|
+
if (Number.isFinite(n) && n > 0)
|
|
2681
|
+
return n;
|
|
2682
|
+
}
|
|
2683
|
+
return null;
|
|
2684
|
+
}
|
|
2685
|
+
function openSocket(opts,
|
|
2686
|
+
/**
|
|
2687
|
+
* Pre-resolved IP. When set, used for `net.connect({host})` instead
|
|
2688
|
+
* of `opts.host` — lets DNS fan-out direct the TCP connect to a
|
|
2689
|
+
* specific A record while keeping the user-typed hostname elsewhere
|
|
2690
|
+
* (TLS SNI / `conn.host`). Ignored for Unix-domain socket paths,
|
|
2691
|
+
* which take their address from `opts.host` directly.
|
|
2692
|
+
*/
|
|
2693
|
+
addressOverride) {
|
|
2694
|
+
return new Promise((resolve, reject) => {
|
|
2695
|
+
const isUnix = isUnixSocketHost(opts.host);
|
|
2696
|
+
const socket = isUnix
|
|
2697
|
+
? net.connect({ path: unixSocketPath(opts.host, opts.port) })
|
|
2698
|
+
: net.connect({
|
|
2699
|
+
host: addressOverride ?? opts.host,
|
|
2700
|
+
port: opts.port,
|
|
2701
|
+
});
|
|
2702
|
+
// libpq TCP keepalives (no-op for Unix-domain sockets, matching libpq,
|
|
2703
|
+
// which only applies SO_KEEPALIVE on TCP).
|
|
2704
|
+
if (!isUnix) {
|
|
2705
|
+
const { enable, initialDelayMs } = keepAliveArgs(opts);
|
|
2706
|
+
if (initialDelayMs !== undefined) {
|
|
2707
|
+
socket.setKeepAlive(enable, initialDelayMs);
|
|
2708
|
+
}
|
|
2709
|
+
else {
|
|
2710
|
+
socket.setKeepAlive(enable);
|
|
2711
|
+
}
|
|
2712
|
+
}
|
|
2713
|
+
const timeout = opts.connectTimeoutMs;
|
|
2714
|
+
let timer = null;
|
|
2715
|
+
if (timeout !== undefined && timeout > 0) {
|
|
2716
|
+
timer = setTimeout(() => {
|
|
2717
|
+
socket.destroy(new Error(`Connect timed out after ${String(timeout)} ms`));
|
|
2718
|
+
}, timeout);
|
|
2719
|
+
}
|
|
2720
|
+
const cleanup = () => {
|
|
2721
|
+
if (timer)
|
|
2722
|
+
clearTimeout(timer);
|
|
2723
|
+
socket.removeListener('error', onError);
|
|
2724
|
+
socket.removeListener('connect', onConnect);
|
|
2725
|
+
};
|
|
2726
|
+
const onError = (err) => {
|
|
2727
|
+
cleanup();
|
|
2728
|
+
reject(err);
|
|
2729
|
+
};
|
|
2730
|
+
const onConnect = () => {
|
|
2731
|
+
cleanup();
|
|
2732
|
+
resolve(socket);
|
|
2733
|
+
};
|
|
2734
|
+
socket.once('error', onError);
|
|
2735
|
+
socket.once('connect', onConnect);
|
|
2736
|
+
});
|
|
2737
|
+
}
|
|
2738
|
+
// ---------------------------------------------------------------------------
|
|
2739
|
+
// Result decoding helpers
|
|
2740
|
+
// ---------------------------------------------------------------------------
|
|
2741
|
+
/**
|
|
2742
|
+
* Decode a wire-protocol DataRow into JS values. We follow the simple psql
|
|
2743
|
+
* policy: text format → utf-8 string, binary format → Buffer. Type-aware
|
|
2744
|
+
* decoding (timestamps, arrays, etc.) is the caller's responsibility — that
|
|
2745
|
+
* matches `psql` which prints raw server text.
|
|
2746
|
+
*/
|
|
2747
|
+
function decodeDataRow(values, fields) {
|
|
2748
|
+
const out = new Array(values.length);
|
|
2749
|
+
for (let i = 0; i < values.length; i++) {
|
|
2750
|
+
const v = values[i];
|
|
2751
|
+
if (v === null) {
|
|
2752
|
+
out[i] = null;
|
|
2753
|
+
continue;
|
|
2754
|
+
}
|
|
2755
|
+
const fmt = fields[i]?.format ?? 0;
|
|
2756
|
+
out[i] = fmt === 1 ? v : v.toString('utf8');
|
|
2757
|
+
}
|
|
2758
|
+
return out;
|
|
2759
|
+
}
|
|
2760
|
+
/**
|
|
2761
|
+
* Parse the CommandComplete tag — examples:
|
|
2762
|
+
* "SELECT 17"
|
|
2763
|
+
* "INSERT 0 1" (oid is 0 in modern PG; second number is rowCount)
|
|
2764
|
+
* "UPDATE 3"
|
|
2765
|
+
* "CREATE TABLE" (no rowCount)
|
|
2766
|
+
*
|
|
2767
|
+
* Anything that doesn't match → command = the whole tag, rowCount = null.
|
|
2768
|
+
*/
|
|
2769
|
+
function parseCommandTag(tag) {
|
|
2770
|
+
const trimmed = tag.trim();
|
|
2771
|
+
// INSERT is the only tag with the legacy oid + rowCount layout.
|
|
2772
|
+
const insertMatch = /^INSERT (\d+) (\d+)$/.exec(trimmed);
|
|
2773
|
+
if (insertMatch) {
|
|
2774
|
+
return {
|
|
2775
|
+
command: 'INSERT',
|
|
2776
|
+
oid: parseInt(insertMatch[1], 10),
|
|
2777
|
+
rowCount: parseInt(insertMatch[2], 10),
|
|
2778
|
+
};
|
|
2779
|
+
}
|
|
2780
|
+
const m = /^([A-Z][A-Z ]*?)(?: (\d+))?$/.exec(trimmed);
|
|
2781
|
+
if (!m)
|
|
2782
|
+
return { command: trimmed, rowCount: null, oid: null };
|
|
2783
|
+
return {
|
|
2784
|
+
command: m[1],
|
|
2785
|
+
rowCount: m[2] !== undefined ? parseInt(m[2], 10) : null,
|
|
2786
|
+
oid: null,
|
|
2787
|
+
};
|
|
2788
|
+
}
|
|
2789
|
+
/**
|
|
2790
|
+
* Encode JS values into the (Buffer | string | null)[] format that
|
|
2791
|
+
* {@link Bind} accepts. Text-format only — server coerces. Matches psql's
|
|
2792
|
+
* default `\bind` behaviour.
|
|
2793
|
+
*/
|
|
2794
|
+
export function encodeParams(values) {
|
|
2795
|
+
return values.map((v) => {
|
|
2796
|
+
if (v === null || v === undefined)
|
|
2797
|
+
return null;
|
|
2798
|
+
if (Buffer.isBuffer(v))
|
|
2799
|
+
return v;
|
|
2800
|
+
if (typeof v === 'string')
|
|
2801
|
+
return v;
|
|
2802
|
+
if (typeof v === 'boolean')
|
|
2803
|
+
return v ? 't' : 'f';
|
|
2804
|
+
if (typeof v === 'number' || typeof v === 'bigint')
|
|
2805
|
+
return v.toString();
|
|
2806
|
+
try {
|
|
2807
|
+
return JSON.stringify(v);
|
|
2808
|
+
}
|
|
2809
|
+
catch {
|
|
2810
|
+
return '';
|
|
2811
|
+
}
|
|
2812
|
+
});
|
|
2813
|
+
}
|
|
2814
|
+
/**
|
|
2815
|
+
* Coerce arbitrary rejection values to a thrown `Error`.
|
|
2816
|
+
*
|
|
2817
|
+
* For our `ConnectError` shape (`{ severity, code, message, … }`), the
|
|
2818
|
+
* resulting Error preserves every enumerable field of the source object as
|
|
2819
|
+
* own properties — so callers can still read `.code`, `.severity`, `.hint`,
|
|
2820
|
+
* `.position`, etc. directly off the thrown value while also getting a proper
|
|
2821
|
+
* `Error` instance (so `instanceof Error` works and `.message` / `.stack` are
|
|
2822
|
+
* populated for generic loggers).
|
|
2823
|
+
*/
|
|
2824
|
+
function asThrowable(v) {
|
|
2825
|
+
if (v instanceof Error)
|
|
2826
|
+
return v;
|
|
2827
|
+
if (typeof v === 'object' &&
|
|
2828
|
+
v !== null &&
|
|
2829
|
+
'message' in v &&
|
|
2830
|
+
typeof v.message === 'string') {
|
|
2831
|
+
const source = v;
|
|
2832
|
+
const err = new Error(source.message);
|
|
2833
|
+
// Copy every own enumerable field (severity, code, detail, hint, …) onto
|
|
2834
|
+
// the Error so structural consumers keep working.
|
|
2835
|
+
for (const key of Object.keys(source)) {
|
|
2836
|
+
if (key === 'message')
|
|
2837
|
+
continue;
|
|
2838
|
+
err[key] = source[key];
|
|
2839
|
+
}
|
|
2840
|
+
err.cause = v;
|
|
2841
|
+
return err;
|
|
2842
|
+
}
|
|
2843
|
+
return new Error(String(v));
|
|
2844
|
+
}
|