npm - rake-db - Versions diffs - 2.30.7 → 2.30.8 - Mend

rake-db 2.30.7 → 2.30.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/dist/index.js CHANGED Viewed

@@ -790,7 +790,7 @@ const createTable = async (migration, up, tableName, first, second, third) => {
     shape = tableData = pqb.emptyObject;
   }
   const schema = migration.adapter.getSchema();
-  const ast = makeAst$3(
+  const ast = makeAst$4(
     schema,
     up,
     tableName,
@@ -820,7 +820,7 @@ const createTable = async (migration, up, tableName, first, second, third) => {
     }
   };
 };
-const makeAst$3 = (schema, up, tableName, shape, tableData, options, noPrimaryKey) => {
+const makeAst$4 = (schema, up, tableName, shape, tableData, options, noPrimaryKey) => {
   const shapePKeys = [];
   for (const key in shape) {
     const column = shape[key];
@@ -1170,7 +1170,7 @@ const changeTable = async (migration, up, tableName, options, fn) => {
   addOrDropChanges.length = 0;
   const changeData = fn?.(tableChanger) || {};
   const schema = migration.adapter.getSchema();
-  const ast = makeAst$2(
+  const ast = makeAst$3(
     schema,
     up,
     tableName,
@@ -1184,7 +1184,7 @@ const changeTable = async (migration, up, tableName, options, fn) => {
     query.then?.(result);
   }
 };
-const makeAst$2 = (schema, up, name, changeData, changeTableData2, options) => {
+const makeAst$3 = (schema, up, name, changeData, changeTableData2, options) => {
   const { comment } = options;
   const shape = {};
   const consumedChanges = {};
@@ -1636,11 +1636,11 @@ const renameColumnSql = (from, to) => {
 const createView = async (migration, up, name, options, sql) => {
   const schema = migration.adapter.getSchema();
-  const ast = makeAst$1(schema, up, name, options, sql);
+  const ast = makeAst$2(schema, up, name, options, sql);
   const query = astToQuery$1(ast);
   await migration.adapter.arrays(interpolateSqlValues(query));
 };
-const makeAst$1 = (schema, up, fullName, options, sql) => {
+const makeAst$2 = (schema, up, fullName, options, sql) => {
   if (typeof sql === "string") {
     sql = pqb.raw({ raw: sql });
   }
@@ -1705,11 +1705,11 @@ const serializers = {
   validUntil: (value) => `VALID UNTIL '${value === void 0 ? "infinity" : value}'`
 };
 const createOrDropRole = async (migration, up, name, params) => {
-  const ast = makeAst(up, name, params);
+  const ast = makeAst$1(up, name, params);
   const sql = astToQuery(ast);
   await migration.adapter.arrays(sql);
 };
-const makeAst = (up, name, params) => {
+const makeAst$1 = (up, name, params) => {
   return {
     type: "role",
     action: up ? "create" : "drop",
@@ -1830,24 +1830,154 @@ const renameAstToQuery = (ast) => {
   return `ALTER ROLE "${ast.from}" RENAME TO "${ast.to}"`;
 };
+const SCHEMA_OBJECT_TYPES = [
+  "tables",
+  "sequences",
+  "functions",
+  "types"
+];
+const GLOBAL_ONLY_OBJECT_TYPES = ["schemas", "largeObjects"];
+const ALL_OBJECT_TYPES = [
+  ...SCHEMA_OBJECT_TYPES,
+  ...GLOBAL_ONLY_OBJECT_TYPES
+];
+const objectTypeToSql = {
+  tables: "TABLES",
+  sequences: "SEQUENCES",
+  functions: "FUNCTIONS",
+  types: "TYPES",
+  schemas: "SCHEMAS",
+  largeObjects: "LARGE OBJECTS"
+};
+const processObjectPrivileges = (value) => {
+  if (!value) return void 0;
+  const { privileges, grantablePrivileges } = value;
+  const grantableSet = new Set(grantablePrivileges ?? []);
+  const filteredPrivileges = privileges?.filter((p) => !grantableSet.has(p));
+  const result = {};
+  if (filteredPrivileges?.length) {
+    result.privileges = [...filteredPrivileges];
+  }
+  if (grantablePrivileges?.length) {
+    result.grantablePrivileges = [...grantablePrivileges];
+  }
+  return Object.keys(result).length ? result : void 0;
+};
+const filterAndTransformConfig = (config, schema) => {
+  if (!config) return void 0;
+  const objectTypes = schema ? SCHEMA_OBJECT_TYPES : ALL_OBJECT_TYPES;
+  const result = {};
+  if (config.allGrantable) {
+    for (const key of objectTypes) {
+      result[key] = { grantablePrivileges: ["ALL"] };
+    }
+  } else if (config.all) {
+    for (const key of objectTypes) {
+      result[key] = { privileges: ["ALL"] };
+    }
+  }
+  for (const key of ALL_OBJECT_TYPES) {
+    const value = config[key];
+    if (!value) continue;
+    const processed = processObjectPrivileges(value);
+    if (processed) {
+      result[key] = processed;
+    }
+  }
+  return Object.keys(result).length ? result : void 0;
+};
+const changeDefaultPrivileges = async (migration, up, arg) => {
+  const ast = makeAst(up, arg);
+  const sql = astToSql(ast);
+  if (sql.length) {
+    await migration.adapter.arrays(sql.join(";\n"));
+  }
+};
+const makeAst = (up, arg) => {
+  if (!up) {
+    const { grant, revoke } = arg;
+    arg = {
+      ...arg,
+      grant: revoke,
+      revoke: grant
+    };
+  }
+  return {
+    type: "defaultPrivilege",
+    owner: arg.owner,
+    grantee: arg.grantee,
+    schema: arg.schema,
+    grant: filterAndTransformConfig(arg.grant, arg.schema),
+    revoke: filterAndTransformConfig(arg.revoke, arg.schema)
+  };
+};
+const astToSql = (ast) => {
+  const queries = [];
+  if (ast.grant) {
+    queries.push(...objectConfigToSql(ast, ast.grant, "GRANT"));
+  }
+  if (ast.revoke) {
+    queries.push(...objectConfigToSql(ast, ast.revoke, "REVOKE"));
+  }
+  return queries;
+};
+const objectConfigToSql = (ast, config, action) => {
+  const queries = [];
+  for (const [key, value] of Object.entries(config)) {
+    const objectType = key;
+    if (!value) continue;
+    const { privileges, grantablePrivileges } = value;
+    if (privileges?.length) {
+      queries.push(buildQuery(ast, objectType, privileges, false, action));
+    }
+    if (grantablePrivileges?.length) {
+      queries.push(
+        buildQuery(ast, objectType, grantablePrivileges, true, action)
+      );
+    }
+  }
+  return queries;
+};
+const buildQuery = (ast, objectType, privileges, grantable, action) => {
+  const parts = ["ALTER DEFAULT PRIVILEGES"];
+  if (ast.owner) {
+    parts.push(`FOR ROLE "${ast.owner}"`);
+  }
+  if (ast.schema) {
+    parts.push(`IN SCHEMA "${ast.schema}"`);
+  }
+  const privilegeList = privileges.map((p) => p === "ALL" ? "ALL PRIVILEGES" : p).join(", ");
+  if (action === "GRANT") {
+    parts.push(
+      `GRANT ${privilegeList} ON ${objectTypeToSql[objectType]} TO "${ast.grantee}"`
+    );
+    if (grantable) {
+      parts.push("WITH GRANT OPTION");
+    }
+  } else {
+    parts.push(
+      `REVOKE ${privilegeList} ON ${objectTypeToSql[objectType]} FROM "${ast.grantee}"`
+    );
+  }
+  return parts.join(" ");
+};
 const createMigrationInterface = (tx, up, config) => {
   const adapter = Object.create(tx);
   const { query, arrays } = adapter;
   const log = pqb.logParamToLogObject(config.logger || console, config.log);
   adapter.query = (text, values) => {
-    return wrapWithLog(
-      log,
+    return wrapWithEnhancingError(
       text,
       values,
-      () => query.call(adapter, text, values)
+      wrapWithLog(log, text, values, () => query.call(adapter, text, values))
     );
   };
   adapter.arrays = (text, values) => {
-    return wrapWithLog(
-      log,
+    return wrapWithEnhancingError(
       text,
       values,
-      () => arrays.call(adapter, text, values)
+      wrapWithLog(log, text, values, () => arrays.call(adapter, text, values))
     );
   };
   Object.assign(adapter, { silentQuery: query, silentArrays: arrays });
@@ -2731,7 +2861,23 @@ class Migration {
       params.to
     );
   }
+  changeDefaultPrivileges(params) {
+    return changeDefaultPrivileges(this, this.up, params);
+  }
 }
+const wrapWithEnhancingError = async (text, values, promise) => {
+  try {
+    return await promise;
+  } catch (err) {
+    if (err && typeof err === "object" && "message" in err && typeof err.message === "string" && err.constructor.name === "PostgresError") {
+      err.message += `
+SQL: ${text}${values ? `
+Variables: ${JSON.stringify(values)}` : ""}`;
+      throw new err.constructor(err);
+    }
+    throw err;
+  }
+};
 const wrapWithLog = async (log, text, values, fn) => {
   if (!log) {
     return fn();
@@ -4101,9 +4247,24 @@ const astToGenerateItem = (config, ast, currentSchema) => {
       deps.push(tableSchema, `${tableSchema}.${tableName}`);
       break;
     }
-    case "role":
-    case "changeRole":
+    case "role": {
+      deps.push(`role:${ast.name}`);
+      break;
+    }
+    case "changeRole": {
+      deps.push(`role:${ast.name}`);
+      break;
+    }
     case "renameRole": {
+      drop.push(ast.from);
+      add.push(ast.to);
+      deps.push(`role:${ast.from}`, `role:${ast.to}`);
+      break;
+    }
+    case "defaultPrivilege": {
+      if (ast.schema) deps.push(ast.schema);
+      if (ast.owner) deps.push(`role:${ast.owner}`);
+      deps.push(`role:${ast.grantee}`);
       break;
     }
     default:
@@ -4711,6 +4872,69 @@ const astEncoders = {
       [...from.length ? ["from: {", from, "},"] : [], "to: {", to, "},"],
       "});"
     ];
+  },
+  defaultPrivilege(ast) {
+    const code = [`await db.changeDefaultPrivileges({`];
+    const props = [];
+    if (ast.owner) {
+      props.push(`owner: ${pqb.singleQuote(ast.owner)},`);
+    }
+    props.push(`grantee: ${pqb.singleQuote(ast.grantee)},`);
+    if (ast.schema) {
+      props.push(`schema: ${pqb.singleQuote(ast.schema)},`);
+    }
+    const objectConfigToCode = (config) => {
+      const result = [];
+      for (const key of [
+        "tables",
+        "sequences",
+        "functions",
+        "types",
+        "schemas",
+        "largeObjects"
+      ]) {
+        const value = config?.[key];
+        if (!value) continue;
+        const { privileges, grantablePrivileges } = value;
+        const hasPrivileges = privileges?.length;
+        const hasGrantable = grantablePrivileges?.length;
+        if (!hasPrivileges && !hasGrantable) continue;
+        result.push(`${key}: {`);
+        const lines = [];
+        if (hasPrivileges) {
+          lines.push(
+            `privileges: [${privileges.map(pqb.singleQuote).join(", ")}],`
+          );
+        }
+        if (hasGrantable) {
+          lines.push(
+            `grantablePrivileges: [${grantablePrivileges.map(pqb.singleQuote).join(", ")}],`
+          );
+        }
+        result.push(lines);
+        result.push(`},`);
+      }
+      return result;
+    };
+    if (ast.grant) {
+      const grantCode = objectConfigToCode(ast.grant);
+      if (grantCode.length) {
+        props.push("grant: {");
+        props.push(grantCode);
+        props.push("},");
+      }
+    }
+    if (ast.revoke) {
+      const revokeCode = objectConfigToCode(ast.revoke);
+      if (revokeCode.length) {
+        props.push("revoke: {");
+        props.push(revokeCode);
+        props.push("},");
+      }
+    }
+    code.push(props);
+    pqb.addCode(code, "});");
+    return code;
   }
 };
 const roleParams = (name, ast, compare, to) => {
@@ -5165,6 +5389,25 @@ const roleSql = (params) => `SELECT COALESCE(json_agg(json_build_object(
   'bypassRls', rolbypassrls,
   'config', rolconfig
 )), '[]') FROM pg_roles WHERE ${params.whereSql ?? `rolname != 'postgres' AND rolname !~ '^pg_'`}`;
+const defaultPrivilegesSql = `SELECT COALESCE(json_agg(t.*), '[]') FROM (
+  SELECT
+    (ae.grantor)::regrole "grantor",
+    (ae.grantee)::regrole "grantee",
+    (SELECT nspname FROM pg_namespace n WHERE n.oid = d.defaclnamespace) "schema",
+    CASE d.defaclobjtype
+      WHEN 'r' THEN 'relation'
+      WHEN 'S' THEN 'sequence'
+      WHEN 'f' THEN 'function'
+      WHEN 'T' THEN 'type'
+      WHEN 'n' THEN 'schema'
+      WHEN 'L' THEN 'large_object'
+      END "object",
+    array_agg(ae.privilege_type) "privileges",
+    array_agg(ae.is_grantable) "isGrantables"
+  FROM pg_default_acl d
+  JOIN LATERAL aclexplode(d.defaclacl) ae ON true
+  GROUP BY "grantor", "grantee", "schema", "object"
+) t`;
 const sql = (version, params) => `SELECT (${schemasSql}) AS "schemas", ${jsonAgg(
   tablesSql,
   "tables"
@@ -5180,19 +5423,22 @@ const sql = (version, params) => `SELECT (${schemasSql}) AS "schemas", ${jsonAgg
 )}, ${jsonAgg(domainsSql, "domains")}, ${jsonAgg(
   collationsSql(version),
   "collations"
-)}${params?.roles ? `, (${roleSql(params.roles)}) AS "roles"` : ""}`;
-async function introspectDbSchema(db, params) {
+)}${params?.roles ? `, (${roleSql(params.roles)}) AS "roles"` : ""}${params?.loadDefaultPrivileges ? `, (${defaultPrivilegesSql}) AS "defaultPrivileges"` : ""}`;
+async function getDbVersion(db) {
   const {
     rows: [{ version: versionString }]
   } = await db.query("SELECT version()");
-  const version = +versionString.match(/\d+/)[0];
+  return +versionString.match(/\d+/)[0];
+}
+async function introspectDbSchema(db, params) {
+  const version = await getDbVersion(db);
   const data = await db.query(sql(version, params));
-  const result = data.rows[0];
-  for (const domain of result.domains) {
+  const raw = data.rows[0];
+  for (const domain of raw.domains) {
     domain.checks = domain.checks?.filter((check) => check);
     nullsToUndefined(domain);
   }
-  for (const table of result.tables) {
+  for (const table of raw.tables) {
     for (const column of table.columns) {
       nullsToUndefined(column);
       if (column.identity) nullsToUndefined(column.identity);
@@ -5203,7 +5449,7 @@ async function introspectDbSchema(db, params) {
   }
   const indexes = [];
   const excludes = [];
-  for (const index of result.indexes) {
+  for (const index of raw.indexes) {
     nullsToUndefined(index);
     for (const column of index.columns) {
       if (!("expression" in column)) continue;
@@ -5263,10 +5509,10 @@ async function introspectDbSchema(db, params) {
     }
     (index.exclude ? excludes : indexes).push(index);
   }
-  result.indexes = indexes;
-  result.excludes = excludes;
-  if (result.roles) {
-    for (const role of result.roles) {
+  raw.indexes = indexes;
+  raw.excludes = excludes;
+  if (raw.roles) {
+    for (const role of raw.roles) {
       nullsToUndefined(role);
       if (role.validUntil) {
         role.validUntil = role.validUntil === "infinity" ? void 0 : new Date(role.validUntil);
@@ -5287,7 +5533,41 @@ async function introspectDbSchema(db, params) {
       }
     }
   }
-  return result;
+  return {
+    version,
+    ...raw,
+    defaultPrivileges: raw.defaultPrivileges && [
+      ...raw.defaultPrivileges.reduce((acc, privilege) => {
+        nullsToUndefined(privilege);
+        const key = `${privilege.grantor}.${privilege.grantee}.${privilege.schema}`;
+        const existing = acc.get(key);
+        const objectType = privilege.object === "relation" ? "TABLES" : privilege.object === "sequence" ? "SEQUENCES" : privilege.object === "function" ? "FUNCTIONS" : privilege.object === "type" ? "TYPES" : privilege.object === "schema" ? "SCHEMAS" : privilege.object === "large_object" ? "LARGE_OBJECTS" : null;
+        if (!objectType) {
+          throw new Error(
+            `Unknown default privilege object type: ${privilege.object}`
+          );
+        }
+        const objectConfig = {
+          object: objectType,
+          privilegeConfigs: privilege.privileges.map((priv, i) => ({
+            privilege: priv,
+            isGrantable: privilege.isGrantables[i]
+          }))
+        };
+        if (existing) {
+          existing.objectConfigs.push(objectConfig);
+        } else {
+          acc.set(key, {
+            owner: privilege.grantor,
+            grantee: privilege.grantee,
+            schema: privilege.schema,
+            objectConfigs: [objectConfig]
+          });
+        }
+        return acc;
+      }, /* @__PURE__ */ new Map()).values()
+    ]
+  };
 }
 const nullsToUndefined = (obj) => {
   for (const key in obj) {
@@ -6392,6 +6672,7 @@ exports.encodeColumnDefault = encodeColumnDefault;
 exports.getConstraintName = getConstraintName;
 exports.getDbStructureTableData = getDbStructureTableData;
 exports.getDbTableColumnsChecks = getDbTableColumnsChecks;
+exports.getDbVersion = getDbVersion;
 exports.getExcludeName = getExcludeName;
 exports.getIndexName = getIndexName;
 exports.getMigrationsSchemaAndTable = getMigrationsSchemaAndTable;