npm - rake-db - Versions diffs - 2.33.4 → 2.33.6 - Mend

rake-db 2.33.4 → 2.33.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/dist/index.d.ts CHANGED Viewed

@@ -5,10 +5,15 @@ declare namespace DbStructure {
     schemaName: string;
     tableName: string;
   }
+  interface TableRls {
+    enable: boolean;
+    force: boolean;
+  }
   interface Table {
     schemaName: string;
     name: string;
     comment?: string;
+    rls?: TableRls;
     columns: Column[];
   }
   interface View {
@@ -194,6 +199,7 @@ interface IntrospectedStructure {
   managedRolesSql?: string;
 }
 interface IntrospectDbStructureParams {
+  rls?: boolean;
   roles?: {
     whereSql?: string;
   };
@@ -201,7 +207,7 @@ interface IntrospectDbStructureParams {
 }
 declare function getDbVersion(db: Adapter): Promise<number>;
 declare function introspectDbSchema(db: Adapter, params?: IntrospectDbStructureParams): Promise<IntrospectedStructure>;
-type RakeDbAst = RakeDbAst.Table | RakeDbAst.ChangeTable | RakeDbAst.RenameType | RakeDbAst.Schema | RakeDbAst.RenameSchema | RakeDbAst.Extension | RakeDbAst.Enum | RakeDbAst.EnumValues | RakeDbAst.RenameEnumValues | RakeDbAst.ChangeEnumValues | RakeDbAst.Domain | RakeDbAst.Collation | RakeDbAst.Constraint | RakeDbAst.RenameTableItem | RakeDbAst.View | RakeDbAst.Role | RakeDbAst.RenameRole | RakeDbAst.ChangeRole | RakeDbAst.DefaultPrivilege;
+type RakeDbAst = RakeDbAst.Table | RakeDbAst.ChangeTable | RakeDbAst.RenameType | RakeDbAst.Schema | RakeDbAst.RenameSchema | RakeDbAst.Extension | RakeDbAst.Enum | RakeDbAst.EnumValues | RakeDbAst.RenameEnumValues | RakeDbAst.ChangeEnumValues | RakeDbAst.Domain | RakeDbAst.Collation | RakeDbAst.Constraint | RakeDbAst.RenameTableItem | RakeDbAst.View | RakeDbAst.Role | RakeDbAst.RenameRole | RakeDbAst.ChangeRole | RakeDbAst.DefaultPrivilege | RakeDbAst.TableRls;
 declare namespace RakeDbAst {
   export interface Table extends TableData {
     type: 'table';
@@ -427,6 +433,12 @@ declare namespace RakeDbAst {
     grant?: DefaultPrivilegeObjectConfig;
     revoke?: DefaultPrivilegeObjectConfig;
   }
+  export interface TableRls {
+    type: 'tableRls';
+    action: 'enable' | 'disable' | 'force' | 'noForce';
+    schema?: string;
+    table: string;
+  }
   export {};
 }
 interface TableMethods {
@@ -1441,6 +1453,10 @@ declare class Migration<CT = unknown> {
     to: Partial<DbStructure.Role>;
   }): Promise<void>;
   changeDefaultPrivileges(params: ChangeDefaultPrivilegesArg): Promise<void>;
+  enableRls(tableName: string): Promise<void>;
+  disableRls(tableName: string): Promise<void>;
+  forceRls(tableName: string): Promise<void>;
+  noForceRls(tableName: string): Promise<void>;
 }
 interface AddEnumValueOptions {
   ifNotExists?: boolean;

package/dist/index.js CHANGED Viewed

@@ -1226,6 +1226,22 @@ const buildQuery = (ast, objectType, privileges, grantable, action) => {
 	} else parts.push(`REVOKE ${privilegeList} ON ${objectTypeToSql[objectType]} FROM "${ast.grantee}"`);
 	return parts.join(" ");
 };
+const actionToSql = {
+	enable: "ENABLE ROW LEVEL SECURITY",
+	disable: "DISABLE ROW LEVEL SECURITY",
+	force: "FORCE ROW LEVEL SECURITY",
+	noForce: "NO FORCE ROW LEVEL SECURITY"
+};
+const setRls = async (migration, tableName, action) => {
+	const [schema, table] = getSchemaAndTableFromName(migration.adapter.getSchema(), tableName);
+	await migration.adapter.arrays(`ALTER TABLE ${quoteTable(schema, table)} ${actionToSql[action]}`);
+};
+const enableOrDisableRls = (migration, up, tableName) => {
+	return setRls(migration, tableName, up ? "enable" : "disable");
+};
+const forceOrNoForceRls = (migration, up, tableName) => {
+	return setRls(migration, tableName, up ? "force" : "noForce");
+};
 /**
 * Creates a new `db` instance that is an instance of `pqb` with mixed in migration methods from the `Migration` class.
 * It overrides `query` and `array` db adapter methods to intercept SQL for the logging.
@@ -2087,6 +2103,18 @@ var Migration = class {
 	changeDefaultPrivileges(params) {
 		return changeDefaultPrivileges(this, this.up, params);
 	}
+	enableRls(tableName) {
+		return enableOrDisableRls(this, this.up, tableName);
+	}
+	disableRls(tableName) {
+		return enableOrDisableRls(this, !this.up, tableName);
+	}
+	forceRls(tableName) {
+		return forceOrNoForceRls(this, this.up, tableName);
+	}
+	noForceRls(tableName) {
+		return forceOrNoForceRls(this, !this.up, tableName);
+	}
 };
 const wrapWithEnhancingError = async (text, values, promise) => {
 	try {
@@ -3431,6 +3459,11 @@ const astToGenerateItem = (config, ast, currentSchema) => {
 			if (ast.owner) deps.push(`role:${ast.owner}`);
 			deps.push(`role:${ast.grantee}`);
 			break;
+		case "tableRls": {
+			const { schema = currentSchema } = ast;
+			deps.push(schema, `${schema}.${ast.table}`);
+			break;
+		}
 		default: (0, pqb_internal.exhaustive)(ast);
 	}
 	return {
@@ -3896,6 +3929,13 @@ const astEncoders = {
 		code.push(props);
 		(0, pqb_internal.addCode)(code, "});");
 		return code;
+	},
+	tableRls(ast, _config, currentSchema) {
+		const table = quoteSchemaTable({
+			schema: ast.schema,
+			name: ast.table
+		}, currentSchema);
+		return `await db.${ast.action === "enable" ? "enableRls" : ast.action === "disable" ? "disableRls" : ast.action === "force" ? "forceRls" : "noForceRls"}(${table});`;
 	}
 };
 const roleParams = (name, ast, compare, to) => {
@@ -4028,10 +4068,18 @@ ORDER BY a.attnum`;
 const schemasSql = `SELECT coalesce(json_agg(nspname ORDER BY nspname), '[]')
 FROM pg_catalog.pg_namespace n
 WHERE ${filterSchema("nspname")}`;
-const tablesSql = `SELECT
+const tablesSql = (rls) => `SELECT
   nspname AS "schemaName",
   relname AS "name",
   obj_description(c.oid) AS comment,
+  ${rls ? `(SELECT json_build_object(
+        'enable', rc.relrowsecurity,
+        'force', rc.relforcerowsecurity
+      )
+      FROM pg_class rc
+      JOIN pg_namespace nr ON nr.oid = rc.relnamespace
+      WHERE rc.relname = c.relname
+        AND nr.nspname = n.nspname) AS "rls",` : ""}
   (SELECT coalesce(json_agg(t), '[]') FROM (${columnsSql({
 	schema: "n",
 	table: "c",
@@ -4351,7 +4399,7 @@ const defaultPrivilegesSql = `SELECT COALESCE(json_agg(t.*), '[]') FROM (
   JOIN LATERAL aclexplode(d.defaclacl) ae ON true
   GROUP BY "grantor", "grantee", "schema", "object"
 ) t`;
-const sql = (version, params) => `SELECT (${schemasSql}) AS "schemas", ${jsonAgg(tablesSql, "tables")}, ${jsonAgg(viewsSql, "views")}, ${jsonAgg(indexesSql, "indexes")}, ${jsonAgg(constraintsSql, "constraints")}, ${jsonAgg(triggersSql, "triggers")}, ${jsonAgg(extensionsSql, "extensions")}, ${jsonAgg(enumsSql, "enums")}, ${jsonAgg(domainsSql, "domains")}, ${jsonAgg(collationsSql(version), "collations")}${params?.roles ? `, (${roleSql(params.roles)}) AS "roles"` : ""}${params?.loadDefaultPrivileges ? `, (${defaultPrivilegesSql}) AS "defaultPrivileges"` : ""}`;
+const sql = (version, params) => `SELECT (${schemasSql}) AS "schemas", ${jsonAgg(tablesSql(params?.rls), "tables")}, ${jsonAgg(viewsSql, "views")}, ${jsonAgg(indexesSql, "indexes")}, ${jsonAgg(constraintsSql, "constraints")}, ${jsonAgg(triggersSql, "triggers")}, ${jsonAgg(extensionsSql, "extensions")}, ${jsonAgg(enumsSql, "enums")}, ${jsonAgg(domainsSql, "domains")}, ${jsonAgg(collationsSql(version), "collations")}${params?.roles ? `, (${roleSql(params.roles)}) AS "roles"` : ""}${params?.loadDefaultPrivileges ? `, (${defaultPrivilegesSql}) AS "defaultPrivileges"` : ""}`;
 async function getDbVersion(db) {
 	const { rows: [{ version: versionString }] } = await db.query("SELECT version()");
 	return +versionString.match(/\d+/)[0];
@@ -4498,6 +4546,18 @@ const structureToAst = async (ctx, adapter, config) => {
 	for (const table of data.tables) {
 		if (table.name === migrationsTable && table.schemaName === migrationsSchema) continue;
 		ast.push(tableToAst(ctx, data, table, "create", domains));
+		if (table.rls?.enable) ast.push({
+			type: "tableRls",
+			action: "enable",
+			schema: table.schemaName === ctx.currentSchema ? void 0 : table.schemaName,
+			table: table.name
+		});
+		if (table.rls?.force) ast.push({
+			type: "tableRls",
+			action: "force",
+			schema: table.schemaName === ctx.currentSchema ? void 0 : table.schemaName,
+			table: table.name
+		});
 	}
 	for (const it of data.extensions) ast.push({
 		type: "extension",