pgsql-test 2.0.4 → 2.0.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +35 -0
- package/package.json +2 -2
package/README.md
CHANGED
|
@@ -150,6 +150,25 @@ test('user count starts at 2', async () => {
|
|
|
150
150
|
|
|
151
151
|
### 🔐 Role-Based Context
|
|
152
152
|
|
|
153
|
+
|
|
154
|
+
The `pgsql-test` framework provides powerful tools to simulate authentication contexts during tests, which is particularly useful when testing Row-Level Security (RLS) policies.
|
|
155
|
+
|
|
156
|
+
#### Setting Test Context
|
|
157
|
+
|
|
158
|
+
Use `setContext()` to simulate different user roles and JWT claims:
|
|
159
|
+
|
|
160
|
+
```ts
|
|
161
|
+
db.setContext({
|
|
162
|
+
role: 'authenticated',
|
|
163
|
+
'jwt.claims.user_id': '123',
|
|
164
|
+
'jwt.claims.org_id': 'acme'
|
|
165
|
+
});
|
|
166
|
+
```
|
|
167
|
+
|
|
168
|
+
This applies the settings using `SET LOCAL` statements, ensuring they persist only for the current transaction and maintain proper isolation between tests.
|
|
169
|
+
|
|
170
|
+
#### Testing Role-Based Access
|
|
171
|
+
|
|
153
172
|
```ts
|
|
154
173
|
describe('authenticated role', () => {
|
|
155
174
|
beforeEach(async () => {
|
|
@@ -166,6 +185,22 @@ describe('authenticated role', () => {
|
|
|
166
185
|
});
|
|
167
186
|
```
|
|
168
187
|
|
|
188
|
+
#### Database Connection Options
|
|
189
|
+
|
|
190
|
+
For non-superuser testing, use the connection options described in the [options](#getconnections-options) section. The `db.connection` property allows you to customize the non-privileged user account for your tests.
|
|
191
|
+
|
|
192
|
+
Use `setContext()` to simulate Role-Based Access Control (RBAC) during tests. This is useful when testing Row-Level Security (RLS) policies. Your actual server should manage role/user claims via secure tokens (e.g., setting `current_setting('jwt.claims.user_id')`), but this interface helps emulate those behaviors in test environments.
|
|
193
|
+
|
|
194
|
+
#### Common Testing Scenarios
|
|
195
|
+
|
|
196
|
+
This approach enables testing various access patterns:
|
|
197
|
+
- Authenticated vs. anonymous user access
|
|
198
|
+
- Per-user data filtering
|
|
199
|
+
- Admin privilege bypass behavior
|
|
200
|
+
- Custom claim-based restrictions (organization membership, admin status)
|
|
201
|
+
|
|
202
|
+
> **Note:** While this interface helps simulate RBAC for testing, your production server should manage user/role claims via secure authentication tokens, typically by setting values like `current_setting('jwt.claims.user_id')` through proper authentication middleware.
|
|
203
|
+
|
|
169
204
|
### 🔌 SQL File Seeding
|
|
170
205
|
|
|
171
206
|
Use `.sql` files to set up your database state before tests:
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "pgsql-test",
|
|
3
|
-
"version": "2.0.
|
|
3
|
+
"version": "2.0.5",
|
|
4
4
|
"author": "Dan Lynch <pyramation@gmail.com>",
|
|
5
5
|
"description": "PostgreSQL Testing in TypeScript",
|
|
6
6
|
"main": "index.js",
|
|
@@ -42,5 +42,5 @@
|
|
|
42
42
|
"pg": "^8.16.0",
|
|
43
43
|
"pg-copy-streams": "^6.0.6"
|
|
44
44
|
},
|
|
45
|
-
"gitHead": "
|
|
45
|
+
"gitHead": "5697261a8f6e252d38b02b806272a19c5cd7a578"
|
|
46
46
|
}
|