pgserve 1.2.0 → 2.0.1

package/tests/control-db.test.js

@@ -0,0 +1,285 @@
+/**
+ * Tests for src/control-db.js — pgserve_meta schema + accessors.
+ *
+ * Boots an ephemeral pgserve router (memory mode), connects via node-pg
+ * to the default `postgres` database, and exercises every exported function.
+ */
+
+import { test, expect, beforeAll, afterAll } from 'bun:test';
+import fs from 'fs';
+import pg from 'pg';
+import { startMultiTenantServer } from '../src/index.js';
+import {
+  ensureMetaSchema,
+  recordDbCreated,
+  touchLastConnection,
+  markPersist,
+  forEachReapable,
+  deleteMetaRow,
+  addAllowedToken,
+  revokeAllowedToken,
+  verifyToken,
+  findRowByFingerprint,
+} from '../src/control-db.js';
+
+const { Client } = pg;
+
+const TEST_DATA_DIR = './test-data-control-db';
+const PORT = 15561;
+
+let router;
+let client;
+
+function cleanupDataDir() {
+  if (fs.existsSync(TEST_DATA_DIR)) {
+    fs.rmSync(TEST_DATA_DIR, { recursive: true, force: true });
+  }
+}
+
+beforeAll(async () => {
+  cleanupDataDir();
+  router = await startMultiTenantServer({
+    port: PORT,
+    baseDir: TEST_DATA_DIR,
+    logLevel: 'warn',
+  });
+
+  client = new Client({
+    host: '127.0.0.1',
+    port: PORT,
+    database: 'postgres',
+    user: 'postgres',
+    password: 'postgres',
+  });
+  await client.connect();
+  await client.query('DROP TABLE IF EXISTS pgserve_meta');
+});
+
+afterAll(async () => {
+  try { await client.end(); } catch { /* noop */ }
+  try { await router.stop(); } catch { /* noop */ }
+  cleanupDataDir();
+});
+
+test('ensureMetaSchema creates table on first call', async () => {
+  await ensureMetaSchema(client);
+  const r = await client.query(`
+    SELECT column_name FROM information_schema.columns
+    WHERE table_name = 'pgserve_meta'
+    ORDER BY ordinal_position
+  `);
+  const columns = r.rows.map(row => row.column_name);
+  expect(columns).toEqual([
+    'database_name',
+    'fingerprint',
+    'peer_uid',
+    'package_realpath',
+    'created_at',
+    'last_connection_at',
+    'liveness_pid',
+    'persist',
+    'allowed_tokens',
+  ]);
+});
+
+test('ensureMetaSchema is idempotent', async () => {
+  await ensureMetaSchema(client);
+  await ensureMetaSchema(client);
+  // No throw — schema unchanged.
+  const r = await client.query(`SELECT count(*)::int AS n FROM pgserve_meta`);
+  expect(r.rows[0].n).toBe(0);
+});
+
+test('recordDbCreated inserts a row + select round-trip', async () => {
+  await client.query('TRUNCATE pgserve_meta');
+  await recordDbCreated(client, {
+    databaseName: 'app_demo_abc123def456',
+    fingerprint: 'abc123def456',
+    peerUid: 1000,
+    packageRealpath: '/home/me/proj/package.json',
+    livenessPid: 4242,
+    persist: false,
+  });
+  const r = await client.query(`SELECT * FROM pgserve_meta WHERE database_name = $1`, [
+    'app_demo_abc123def456',
+  ]);
+  expect(r.rows.length).toBe(1);
+  const row = r.rows[0];
+  expect(row.fingerprint).toBe('abc123def456');
+  expect(row.peer_uid).toBe(1000);
+  expect(row.package_realpath).toBe('/home/me/proj/package.json');
+  expect(row.liveness_pid).toBe(4242);
+  expect(row.persist).toBe(false);
+  expect(row.created_at).toBeInstanceOf(Date);
+  expect(row.last_connection_at).toBeInstanceOf(Date);
+});
+
+test('recordDbCreated upserts on conflict (database_name PK)', async () => {
+  await client.query('TRUNCATE pgserve_meta');
+  await recordDbCreated(client, {
+    databaseName: 'app_demo_abc123def456',
+    fingerprint: 'abc123def456',
+    peerUid: 1000,
+    packageRealpath: '/home/me/proj/package.json',
+    livenessPid: 4242,
+  });
+  // Re-insert with new peerUid + livenessPid → must upsert.
+  await recordDbCreated(client, {
+    databaseName: 'app_demo_abc123def456',
+    fingerprint: 'abc123def456',
+    peerUid: 1001,
+    packageRealpath: '/home/me/proj/package.json',
+    livenessPid: 9999,
+    persist: true,
+  });
+  const r = await client.query(`SELECT peer_uid, liveness_pid, persist FROM pgserve_meta`);
+  expect(r.rows.length).toBe(1);
+  expect(r.rows[0].peer_uid).toBe(1001);
+  expect(r.rows[0].liveness_pid).toBe(9999);
+  expect(r.rows[0].persist).toBe(true);
+});
+
+test('touchLastConnection bumps last_connection_at and liveness_pid', async () => {
+  await client.query('TRUNCATE pgserve_meta');
+  await recordDbCreated(client, {
+    databaseName: 'app_x_111111111111',
+    fingerprint: '111111111111',
+    peerUid: 1000,
+    livenessPid: 100,
+  });
+  const before = await client.query(
+    `SELECT last_connection_at, liveness_pid FROM pgserve_meta WHERE database_name = $1`,
+    ['app_x_111111111111'],
+  );
+  // Sleep briefly so now() advances visibly.
+  await new Promise(r => setTimeout(r, 50));
+
+  await touchLastConnection(client, {
+    databaseName: 'app_x_111111111111',
+    livenessPid: 200,
+  });
+  const after = await client.query(
+    `SELECT last_connection_at, liveness_pid FROM pgserve_meta WHERE database_name = $1`,
+    ['app_x_111111111111'],
+  );
+  expect(after.rows[0].liveness_pid).toBe(200);
+  expect(after.rows[0].last_connection_at.getTime()).toBeGreaterThan(
+    before.rows[0].last_connection_at.getTime(),
+  );
+});
+
+test('markPersist toggles persist flag', async () => {
+  await client.query('TRUNCATE pgserve_meta');
+  await recordDbCreated(client, {
+    databaseName: 'app_p_222222222222',
+    fingerprint: '222222222222',
+    peerUid: 1000,
+  });
+  await markPersist(client, 'app_p_222222222222', true);
+  let r = await client.query(`SELECT persist FROM pgserve_meta WHERE database_name = $1`, [
+    'app_p_222222222222',
+  ]);
+  expect(r.rows[0].persist).toBe(true);
+
+  await markPersist(client, 'app_p_222222222222', false);
+  r = await client.query(`SELECT persist FROM pgserve_meta WHERE database_name = $1`, [
+    'app_p_222222222222',
+  ]);
+  expect(r.rows[0].persist).toBe(false);
+});
+
+test('forEachReapable yields only persist=false rows in last_connection_at order', async () => {
+  await client.query('TRUNCATE pgserve_meta');
+  // Older row first, newer row second; persistent row separately.
+  await client.query(
+    `INSERT INTO pgserve_meta (database_name, fingerprint, peer_uid, last_connection_at, persist)
+     VALUES
+       ('app_a_aaaaaaaaaaaa', 'aaaaaaaaaaaa', 1000, now() - interval '2 hours', false),
+       ('app_b_bbbbbbbbbbbb', 'bbbbbbbbbbbb', 1000, now() - interval '1 hour',  false),
+       ('app_c_cccccccccccc', 'cccccccccccc', 1000, now(),                       true)`,
+  );
+
+  const seen = [];
+  for await (const row of forEachReapable(client, { now: new Date() })) {
+    seen.push(row.databaseName);
+  }
+  expect(seen).toEqual(['app_a_aaaaaaaaaaaa', 'app_b_bbbbbbbbbbbb']);
+});
+
+test('deleteMetaRow removes the row', async () => {
+  await client.query('TRUNCATE pgserve_meta');
+  await recordDbCreated(client, {
+    databaseName: 'app_del_333333333333',
+    fingerprint: '333333333333',
+    peerUid: 1000,
+  });
+  await deleteMetaRow(client, 'app_del_333333333333');
+  const r = await client.query(`SELECT count(*)::int AS n FROM pgserve_meta`);
+  expect(r.rows[0].n).toBe(0);
+});
+
+test('recordDbCreated rejects bad input', async () => {
+  await expect(recordDbCreated(client, { fingerprint: 'x', peerUid: 1 })).rejects.toThrow(
+    /databaseName required/,
+  );
+  await expect(recordDbCreated(client, { databaseName: 'd', peerUid: 1 })).rejects.toThrow(
+    /fingerprint required/,
+  );
+  await expect(
+    recordDbCreated(client, { databaseName: 'd', fingerprint: 'f', peerUid: 'nope' }),
+  ).rejects.toThrow(/peerUid must be number/);
+});
+
+test('addAllowedToken refuses unknown fingerprint', async () => {
+  await client.query('TRUNCATE pgserve_meta');
+  await expect(
+    addAllowedToken(client, { fingerprint: 'deadbeef0000', tokenId: 'tk1', tokenHash: 'h1' }),
+  ).rejects.toThrow(/no pgserve_meta row/);
+});
+
+test('addAllowedToken appends, verifyToken finds it, revokeAllowedToken removes it', async () => {
+  await client.query('TRUNCATE pgserve_meta');
+  await recordDbCreated(client, {
+    databaseName: 'app_demo_4444aabbccdd',
+    fingerprint: '4444aabbccdd',
+    peerUid: 1000,
+  });
+  await addAllowedToken(client, {
+    fingerprint: '4444aabbccdd',
+    tokenId: 'aaaa1111',
+    tokenHash: 'hash-1',
+  });
+  await addAllowedToken(client, {
+    fingerprint: '4444aabbccdd',
+    tokenId: 'bbbb2222',
+    tokenHash: 'hash-2',
+  });
+
+  const row = await findRowByFingerprint(client, '4444aabbccdd');
+  expect(row).not.toBeNull();
+  expect(row.allowedTokens.length).toBe(2);
+  expect(row.allowedTokens.map(t => t.id).sort()).toEqual(['aaaa1111', 'bbbb2222']);
+
+  const ok = await verifyToken(client, { fingerprint: '4444aabbccdd', tokenHash: 'hash-2' });
+  expect(ok).toEqual({ tokenId: 'bbbb2222', databaseName: 'app_demo_4444aabbccdd' });
+
+  const miss = await verifyToken(client, { fingerprint: '4444aabbccdd', tokenHash: 'no-such' });
+  expect(miss).toBeNull();
+
+  const affected = await revokeAllowedToken(client, 'aaaa1111');
+  expect(affected).toBe(1);
+
+  const after = await findRowByFingerprint(client, '4444aabbccdd');
+  expect(after.allowedTokens.map(t => t.id)).toEqual(['bbbb2222']);
+});
+
+test('revokeAllowedToken returns 0 for unknown id', async () => {
+  await client.query('TRUNCATE pgserve_meta');
+  await recordDbCreated(client, {
+    databaseName: 'app_x_5555aabbccdd',
+    fingerprint: '5555aabbccdd',
+    peerUid: 1000,
+  });
+  const affected = await revokeAllowedToken(client, 'nonexistent');
+  expect(affected).toBe(0);
+});

package/tests/daemon-fingerprint-integration.test.js

@@ -0,0 +1,111 @@
+/**
+ * Daemon × fingerprint integration test (Group 3, deliverable 2).
+ *
+ * Verifies that PgserveDaemon.handleSocketOpen calls handleControlAccept on
+ * every accept, producing a `connection_routed` audit entry whose fingerprint
+ * is the documented 12-hex blob.
+ *
+ * Boots a real daemon (with isolated controlSocketDir + auditLogFile), dials
+ * the control socket via Bun.connect, and tails the audit log.
+ */
+
+import { describe, test, expect } from 'bun:test';
+import fs from 'fs';
+import os from 'os';
+import path from 'path';
+
+import {
+  PgserveDaemon,
+  resolveControlSocketPath,
+  resolvePidLockPath,
+} from '../src/daemon.js';
+import { createLogger } from '../src/logger.js';
+import { AUDIT_EVENTS, configureAudit } from '../src/audit.js';
+
+function silentLogger() {
+  return createLogger({ level: 'warn' });
+}
+
+function makeIsolated(tag) {
+  return fs.mkdtempSync(path.join('/tmp', `pgs-fp-${tag}-`));
+}
+
+function readAuditLines(logFile) {
+  if (!fs.existsSync(logFile)) return [];
+  return fs.readFileSync(logFile, 'utf8')
+    .split('\n')
+    .filter(Boolean)
+    .map((l) => JSON.parse(l));
+}
+
+describe('Group 3 — daemon emits connection_routed on accept', () => {
+  test('handleSocketOpen derives fingerprint and audits connection_routed', async () => {
+    const dir = makeIsolated('routed');
+    const auditLogFile = path.join(dir, 'audit.log');
+
+    const daemon = new PgserveDaemon({
+      controlSocketDir: dir,
+      controlSocketPath: resolveControlSocketPath(dir),
+      pidLockPath: resolvePidLockPath(dir),
+      pgPort: 16100,
+      auditLogFile,
+      auditTarget: 'file',
+      logger: silentLogger(),
+      _fingerprintAcceptOpts: () => ({
+        cwdOverride: dir,
+        cmdlineOverride: [process.execPath, import.meta.url],
+      }),
+    });
+    await daemon.start();
+
+    try {
+      // Dial the control socket. We don't need to push a real PG startup
+      // message — the accept hook fires the moment the connection opens,
+      // before any handshake bytes are needed.
+      const acceptedFingerprint = await new Promise((resolve, reject) => {
+        const timer = setTimeout(() => reject(new Error('timeout waiting for accept')), 2000);
+        daemon.once('accept', ({ fingerprint }) => {
+          clearTimeout(timer);
+          resolve(fingerprint);
+        });
+        Bun.connect({
+          unix: daemon.controlSocketPath,
+          socket: {
+            open(s) { s.end(); },
+            data() {},
+            close() {},
+            error(_s, err) { clearTimeout(timer); reject(err); },
+          },
+        }).catch((err) => { clearTimeout(timer); reject(err); });
+      });
+
+      expect(acceptedFingerprint).toBeDefined();
+      expect(acceptedFingerprint.fingerprint).toMatch(/^[0-9a-f]{12}$/);
+
+      // Allow the audit appendFileSync to flush. Poll briefly.
+      const deadline = Date.now() + 1000;
+      let entries = [];
+      while (Date.now() < deadline) {
+        entries = readAuditLines(auditLogFile);
+        if (entries.length > 0) break;
+        await new Promise((r) => setTimeout(r, 25));
+      }
+      expect(entries.length).toBeGreaterThan(0);
+      const routed = entries.find((e) => e.event === AUDIT_EVENTS.CONNECTION_ROUTED);
+      expect(routed).toBeDefined();
+      expect(routed.fingerprint).toMatch(/^[0-9a-f]{12}$/);
+      expect(routed.fingerprint).toBe(acceptedFingerprint.fingerprint);
+      expect(routed.peer_uid).toBe(process.getuid());
+      expect(typeof routed.peer_pid).toBe('number');
+      expect(['package', 'script']).toContain(routed.mode);
+    } finally {
+      await daemon.stop();
+      // Reset audit module's mutable defaults so other tests aren't affected.
+      configureAudit({
+        logFile: path.join(os.homedir(), '.pgserve', 'audit.log'),
+        target: process.env.PGSERVE_AUDIT_TARGET || 'file',
+      });
+      fs.rmSync(dir, { recursive: true, force: true });
+    }
+  });
+});

package/tests/daemon-pr24-regression.test.js

@@ -0,0 +1,198 @@
+/**
+ * PR #24 regression tests for the v2 daemon.
+ *
+ * The daemon (src/daemon.js) shares a PostgresManager lifecycle with the
+ * v1 router (src/router.js). PR #24's fixes for issue #24 (stale socketDir
+ * leaks across stop/start cycles) must remain in force after the v2 cut.
+ *
+ * Coverage:
+ *   1. PostgresManager.stop() nulls socketDir/databaseDir.
+ *   2. start() + stop() + start() yields a fresh socketDir (no leak).
+ *   3. Double start() is a no-op (re-entry guard).
+ *   4. Daemon mode does NOT introduce a new socketDir leak path under
+ *      abnormal exit (kill -9): orphaned socket file + pid lock are cleaned
+ *      up by the next `PgserveDaemon.start()` boot via stale-pid detection.
+ */
+
+import { describe, test, expect } from 'bun:test';
+import fs from 'fs';
+import path from 'path';
+
+import { PostgresManager } from '../src/postgres.js';
+import { createLogger } from '../src/logger.js';
+import {
+  PgserveDaemon,
+  acquirePidLock,
+  resolveControlSocketPath,
+  resolvePidLockPath,
+  isProcessAlive,
+} from '../src/daemon.js';
+
+function silentLogger() {
+  return createLogger({ level: 'warn' });
+}
+
+// Each test uses a unique controlSocketDir under tmp so concurrent runs
+// (and the existing host's real /run/user/<uid>/pgserve) cannot collide.
+function makeDaemonDirs(tag) {
+  return fs.mkdtempSync(path.join('/tmp', `pgs-${tag}-`));
+}
+
+describe('PR #24 regression — PostgresManager lifecycle', () => {
+  test('stop() nulls socketDir/databaseDir', async () => {
+    const pg = new PostgresManager({ port: 16001, logger: silentLogger() });
+    await pg.start();
+    expect(pg.socketDir).not.toBeNull();
+    expect(fs.existsSync(pg.socketDir)).toBe(true);
+    const stale = pg.socketDir;
+
+    await pg.stop();
+
+    expect(pg.socketDir).toBeNull();
+    expect(pg.databaseDir).toBeNull();
+    expect(pg.getSocketPath()).toBeNull();
+    expect(fs.existsSync(stale)).toBe(false);
+  });
+
+  test('start()+stop()+start() yields fresh socketDir, no leak', async () => {
+    const pg = new PostgresManager({ port: 16002, logger: silentLogger() });
+
+    await pg.start();
+    const dirA = pg.socketDir;
+    expect(dirA).not.toBeNull();
+
+    await pg.stop();
+    expect(pg.socketDir).toBeNull();
+
+    await pg.start();
+    const dirB = pg.socketDir;
+    expect(dirB).not.toBeNull();
+    expect(dirB).not.toBe(dirA);
+    expect(fs.existsSync(dirB)).toBe(true);
+    // Old dir must be gone; PR #24 guarantees no leak across cycles.
+    expect(fs.existsSync(dirA)).toBe(false);
+
+    await pg.stop();
+  });
+
+  test('double start() is a no-op (re-entry guard preserved)', async () => {
+    const pg = new PostgresManager({ port: 16003, logger: silentLogger() });
+    await pg.start();
+    const before = pg.socketDir;
+
+    const result = await pg.start();
+    expect(result).toBe(pg);
+    expect(pg.socketDir).toBe(before);
+
+    await pg.stop();
+  });
+});
+
+describe('PR #24 regression — daemon does not leak under abnormal exit', () => {
+  test('stale pid lock + orphaned socket are cleaned up by next daemon boot', async () => {
+    const dir = makeDaemonDirs('stale');
+    const socketPath = resolveControlSocketPath(dir);
+    const pidLockPath = resolvePidLockPath(dir);
+
+    // Simulate kill -9: write a pid file pointing at a guaranteed-dead pid
+    // and create a fake stale socket file beside it. PID 1 is always alive
+    // on Unix, so we manufacture a dead one by reading max_pid + 1 (Linux)
+    // or just using a high value not currently in use.
+    const deadPid = pickDeadPid();
+    expect(isProcessAlive(deadPid)).toBe(false);
+
+    fs.writeFileSync(pidLockPath, String(deadPid), { mode: 0o600 });
+    fs.writeFileSync(socketPath, ''); // stand-in for an orphaned socket file
+    expect(fs.existsSync(pidLockPath)).toBe(true);
+    expect(fs.existsSync(socketPath)).toBe(true);
+
+    const lock = acquirePidLock({
+      pidLockPath,
+      socketPath,
+      logger: silentLogger(),
+    });
+    expect(lock.acquired).toBe(true);
+
+    // The lock file now belongs to *us* (this test's process pid), and the
+    // orphaned socket placeholder must have been removed during stale-pid
+    // cleanup so the daemon can bind a fresh socket on the same path.
+    expect(fs.existsSync(pidLockPath)).toBe(true);
+    expect(fs.readFileSync(pidLockPath, 'utf8').trim()).toBe(String(process.pid));
+    expect(fs.existsSync(socketPath)).toBe(false);
+
+    // Cleanup the test's lock so we don't leak between tests.
+    fs.unlinkSync(pidLockPath);
+    fs.rmSync(dir, { recursive: true, force: true });
+  });
+
+  test('PgserveDaemon.start refuses second invocation while first is alive', async () => {
+    const dir = makeDaemonDirs('singleton');
+    const d1 = new PgserveDaemon({
+      controlSocketDir: dir,
+      controlSocketPath: resolveControlSocketPath(dir),
+      pidLockPath: resolvePidLockPath(dir),
+      pgPort: 16010,
+      logger: silentLogger(),
+    });
+    await d1.start();
+
+    const d2 = new PgserveDaemon({
+      controlSocketDir: dir,
+      controlSocketPath: resolveControlSocketPath(dir),
+      pidLockPath: resolvePidLockPath(dir),
+      pgPort: 16011,
+      logger: silentLogger(),
+    });
+
+    let captured;
+    try {
+      await d2.start();
+    } catch (err) {
+      captured = err;
+    }
+    expect(captured).toBeDefined();
+    expect(captured.code).toBe('EALREADYRUNNING');
+    expect(captured.pid).toBe(process.pid);
+
+    await d1.stop();
+    expect(fs.existsSync(d1.controlSocketPath)).toBe(false);
+    expect(fs.existsSync(d1.pidLockPath)).toBe(false);
+    fs.rmSync(dir, { recursive: true, force: true });
+  });
+
+  test('PgserveDaemon.stop unlinks both socket and pid lock', async () => {
+    const dir = makeDaemonDirs('cleanup');
+    const d = new PgserveDaemon({
+      controlSocketDir: dir,
+      controlSocketPath: resolveControlSocketPath(dir),
+      pidLockPath: resolvePidLockPath(dir),
+      pgPort: 16020,
+      logger: silentLogger(),
+    });
+    await d.start();
+    expect(fs.existsSync(d.controlSocketPath)).toBe(true);
+    expect(fs.existsSync(d.pidLockPath)).toBe(true);
+
+    await d.stop();
+    expect(fs.existsSync(d.controlSocketPath)).toBe(false);
+    expect(fs.existsSync(d.pidLockPath)).toBe(false);
+
+    // PR #24 invariant carries through: PostgresManager nulled its paths.
+    expect(d.pgManager.socketDir).toBeNull();
+
+    fs.rmSync(dir, { recursive: true, force: true });
+  });
+});
+
+/**
+ * Pick a pid that is reasonably guaranteed not to be alive. We try a high
+ * pid first (most kernels recycle low pids), then walk down until we find
+ * one that is dead. As a final fallback we use 999999.
+ */
+function pickDeadPid() {
+  const candidates = [987654, 765432, 543210, 321098, 109876];
+  for (const pid of candidates) {
+    if (!isProcessAlive(pid)) return pid;
+  }
+  return 999999;
+}