supa-forge 0.1.1

package/examples/Only RLS/package.json

@@ -0,0 +1,25 @@
+{
+  "name": "example-only-rls",
+  "version": "1.0.0",
+  "private": true,
+  "scripts": {
+    "generate": "vite-node src/index.ts --generate",
+    "apply": "vite-node src/index.ts --apply",
+    "temp:generate": "vite-node src/index.ts --temp --generate",
+    "temp:apply": "vite-node src/index.ts --temp --apply",
+    "migration:create": "vite-node src/index.ts migration:create",
+    "docgen": "vite-node src/index.ts --docgen",
+    "test": "vitest run"
+  },
+  "dependencies": {
+    "supaforge": "file:../.."
+  },
+  "devDependencies": {
+    "@types/node": "^20.0.0",
+    "typeorm": "^0.3.17",
+    "typescript": "^5.0.0",
+    "vite": "^5.0.0",
+    "vite-node": "^1.0.0",
+    "vitest": "^0.34.0"
+  }
+}

package/examples/Only RLS/src/entities/Note.entity.ts

@@ -0,0 +1,40 @@
+import 'reflect-metadata';
+import { Entity, PrimaryGeneratedColumn, Column, ManyToOne, JoinColumn } from 'supaforge/typeorm';
+import { security, rls, runSql } from 'supaforge';
+import { UserView } from './User.entity';
+
+@Entity('personal_notes')
+@security()
+export class Note {
+  @PrimaryGeneratedColumn('uuid')
+  id!: string;
+
+  @Column({ type: 'text' })
+  title!: string;
+
+  @Column({ type: 'text' })
+  content!: string;
+
+  @Column({ type: 'uuid' })
+  owner_id!: string;
+
+  @ManyToOne(() => UserView)
+  @JoinColumn({ name: 'owner_id' })
+  owner?: UserView;
+
+  @rls('crud')
+  static ownerAccess() {
+    return {
+      role: 'authenticated',
+      expression: "auth.uid()::text = owner_id::text"
+    };
+  }
+
+  @runSql()
+  static grantToRoles() {
+    return `
+      GRANT SELECT, INSERT, UPDATE, DELETE ON TABLE personal_notes TO authenticated;
+      GRANT SELECT ON TABLE personal_notes TO anon;
+    `;
+  }
+}

package/examples/Only RLS/src/entities/User.entity.ts

@@ -0,0 +1,29 @@
+import 'reflect-metadata';
+import { ViewEntity, ViewColumn } from 'supaforge/typeorm';
+import { runSql } from 'supaforge';
+
+@ViewEntity({
+  name: 'auth_users_view',
+  schema: 'public',
+  expression: `
+    SELECT
+      id,
+      email
+    FROM auth.users
+  `
+})
+export class UserView {
+  @ViewColumn()
+  id!: string;
+
+  @ViewColumn()
+  email!: string;
+
+  @runSql()
+  static grantViewPermissions() {
+    return `
+      GRANT SELECT ON TABLE auth_users_view TO authenticated;
+      GRANT SELECT ON TABLE auth_users_view TO anon;
+    `;
+  }
+}

package/examples/Only RLS/src/index.ts

@@ -0,0 +1,51 @@
+import 'reflect-metadata';
+import * as path from 'path';
+import 'dotenv/config';
+import { runSupaforge, createMigrationTemplate, applyGeneratedMigrations, generateDocumentation, extractCliOptions, RunnerOptions } from 'supaforge';
+import { fileURLToPath } from 'url';
+
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = path.dirname(__filename);
+
+async function main() {
+  const flags = process.argv;
+  const cliOptions = extractCliOptions(flags);
+
+  const options: RunnerOptions = {
+    ...cliOptions,
+    dbConfig: {
+      host: process.env.DB_HOST || 'localhost',
+      port: Number(process.env.DB_PORT) || 5432,
+      user: process.env.DB_USER || 'postgres',
+      password: process.env.DB_PASSWORD || 'postgres',
+      database: flags.includes('--temp') ? 'temp_notes' : (process.env.DB_NAME || 'postgres'),
+    },
+    entityPath: path.join(__dirname, 'entities'),
+    outputDir: path.join(process.cwd(), 'migrations'),
+    syncSchema: cliOptions.syncSchema || flags.includes('--temp'),
+    cls: false,
+    rls: true,
+  };
+
+  try {
+    if (flags.includes('migration:create')) {
+      return await createMigrationTemplate(options);
+    }
+    if (flags.includes('--apply')) {
+      return await applyGeneratedMigrations(options);
+    }
+    if (flags.includes('--generate')) {
+      const sql = await runSupaforge(options);
+      console.log('Migration generated.');
+      return;
+    }
+    if (flags.includes('--docgen')) {
+      return await generateDocumentation(options);
+    }
+  } catch (error) {
+    console.error('\nError:', error);
+    process.exit(1);
+  }
+}
+
+main();

package/examples/Only RLS/src/notes.test.ts

@@ -0,0 +1,123 @@
+import 'reflect-metadata';
+import { describe, it, expect, beforeAll, afterAll } from 'vitest';
+import 'dotenv/config';
+import { DataSource, QueryRunner } from 'supaforge/typeorm';
+import { runSupaforge, applyGeneratedMigrations, runAsRole } from 'supaforge';
+import { Note } from './entities/Note.entity';
+import { UserView } from './entities/User.entity';
+import * as path from 'path';
+import * as fs from 'fs';
+import { fileURLToPath } from 'url';
+import process from 'process';
+
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = path.dirname(__filename);
+
+describe('Personal Notes (OnlyRls) Tests', () => {
+  let dataSource: DataSource;
+  let queryRunner: QueryRunner;
+
+  const DB_CONFIG = {
+    host: process.env.DB_HOST || 'localhost',
+    port: Number(process.env.DB_PORT) || 5432,
+    user: process.env.DB_USER || 'postgres',
+    password: process.env.DB_PASSWORD || 'postgres',
+    database: process.env.DB_NAME || 'postgres',
+  };
+
+  const ALICE_ID = '11111111-1111-1111-1111-111111111111';
+  const BOB_ID = '22222222-2222-2222-2222-222222222222';
+
+  beforeAll(async () => {
+    const migrationDir = path.join(process.cwd(), 'migrations');
+    if (fs.existsSync(migrationDir)) {
+      fs.rmSync(migrationDir, { recursive: true, force: true });
+    }
+
+    const options = {
+      dbConfig: DB_CONFIG,
+      entityPath: path.join(__dirname, 'entities'),
+      outputDir: migrationDir,
+      syncSchema: true,
+      migrationName: 'NotesInit',
+      rls: true,
+      cls: false
+    };
+
+    await runSupaforge(options);
+    await applyGeneratedMigrations(options);
+
+    dataSource = new DataSource({
+      type: 'postgres',
+      ...DB_CONFIG,
+      username: DB_CONFIG.user,
+      entities: [Note, UserView],
+    });
+
+    await dataSource.initialize();
+    queryRunner = dataSource.createQueryRunner();
+    await queryRunner.connect();
+
+    await queryRunner.query('DROP TRIGGER IF EXISTS on_auth_user_sync_user_roles ON auth.users');
+    await queryRunner.query('DROP FUNCTION IF EXISTS public.handle_auth_user_sync() CASCADE');
+    await queryRunner.query('DELETE FROM auth.users CASCADE');
+    await queryRunner.query('DELETE FROM personal_notes');
+    await queryRunner.query("INSERT INTO auth.users (id, email) VALUES ($1, 'alice@example.com'), ($2, 'bob@example.com')", [ALICE_ID, BOB_ID]);
+
+    await queryRunner.query("INSERT INTO personal_notes (id, title, content, owner_id) VALUES (gen_random_uuid(), 'Alice Note', 'Top Secret!', $1)", [ALICE_ID]);
+    await queryRunner.query("INSERT INTO personal_notes (id, title, content, owner_id) VALUES (gen_random_uuid(), 'Bob Note', 'Bobs secret.', $1)", [BOB_ID]);
+  }, 45000);
+
+  afterAll(async () => {
+    if (queryRunner) await queryRunner.release();
+    if (dataSource) await dataSource.destroy();
+  });
+
+  it('Alice should ONLY see her own notes with user details (JOIN)', async () => {
+    const notes = await runAsRole(queryRunner, 'authenticated', ALICE_ID,
+      'SELECT n.title, u.email FROM personal_notes n INNER JOIN auth_users_view u ON n.owner_id = u.id'
+    );
+    expect(notes).toHaveLength(1);
+    expect(notes[0].title).toBe('Alice Note');
+    expect(notes[0].email).toBe('alice@example.com');
+  });
+
+  it('Bob should ONLY see his own notes with user details (JOIN)', async () => {
+    const notes = await runAsRole(queryRunner, 'authenticated', BOB_ID,
+      'SELECT n.title, u.email FROM personal_notes n INNER JOIN auth_users_view u ON n.owner_id = u.id'
+    );
+    expect(notes).toHaveLength(1);
+    expect(notes[0].title).toBe('Bob Note');
+    expect(notes[0].email).toBe('bob@example.com');
+  });
+
+  it('Alice should be able to create a new note', async () => {
+    const newId = '33333333-3333-3333-3333-333333333333';
+    await runAsRole(queryRunner, 'authenticated', ALICE_ID,
+      "INSERT INTO personal_notes (id, title, content, owner_id) VALUES ($1, $2, $3, $4)",
+      [newId, 'Alice Private Note', 'Something new', ALICE_ID]
+    );
+
+    const check = await runAsRole(queryRunner, 'authenticated', ALICE_ID, 'SELECT * FROM personal_notes WHERE id = $1', [newId]);
+    expect(check).toHaveLength(1);
+  });
+
+  it('Alice should NOT be able to delete Bob\'s note', async () => {
+    const bobNote = (await queryRunner.query("SELECT id FROM personal_notes WHERE owner_id = $1", [BOB_ID]))[0];
+    await runAsRole(queryRunner, 'authenticated', ALICE_ID, "DELETE FROM personal_notes WHERE id = $1", [bobNote.id]);
+
+    const check = await queryRunner.query("SELECT * FROM personal_notes WHERE id = $1", [bobNote.id]);
+    expect(check).toHaveLength(1);
+  });
+
+  it('Alice should be able to update her own note', async () => {
+    const aliceNote = (await runAsRole(queryRunner, 'authenticated', ALICE_ID, "SELECT id FROM personal_notes WHERE title = 'Alice Note'"))[0];
+    await runAsRole(queryRunner, 'authenticated', ALICE_ID,
+      "UPDATE personal_notes SET content = $1 WHERE id = $2",
+      ['Alice updated content', aliceNote.id]
+    );
+
+    const check = await runAsRole(queryRunner, 'authenticated', ALICE_ID, "SELECT content FROM personal_notes WHERE id = $1", [aliceNote.id]);
+    expect(check[0].content).toBe('Alice updated content');
+  });
+});

package/examples/Only RLS/tsconfig.json

@@ -0,0 +1,17 @@
+{
+  "compilerOptions": {
+    "target": "ESNext",
+    "module": "ESNext",
+    "moduleResolution": "bundler",
+    "strict": true,
+    "esModuleInterop": true,
+    "experimentalDecorators": true,
+    "emitDecoratorMetadata": true,
+    "skipLibCheck": true,
+    "forceConsistentCasingInFileNames": true,
+    "noImplicitAny": true,
+    "outDir": "./dist",
+    "types": ["node"]
+  },
+  "include": ["src/**/*"]
+}

package/examples/Only RLS/vite.config.ts

@@ -0,0 +1,8 @@
+import { defineConfig } from 'vitest/config';
+
+export default defineConfig({
+  test: {
+    globals: true,
+    environment: 'node',
+  },
+});