Add transaction support, update readme

timokoessler · timokoessler · commit 192dfb531f5c · 2025-02-11T16:43:14.000+01:00
diff --git a/README.md b/README.md
@@ -62,6 +62,8 @@ Zen for Node.js 16+ is compatible with:
 * ✅ [`postgres`](https://www.npmjs.com/package/postgres) 3.x
 * ✅ [`@clickhouse/client`](https://www.npmjs.com/package/@clickhouse/client) 1.x
 * ✅ [`@prisma/client`](https://www.npmjs.com/package/@prisma/client) 5.x
+* ✅ [`@libsql/client`](https://www.npmjs.com/package/@libsql/client) ^0.10.x
+* ✅ [`libsql`](https://www.npmjs.com/package/libsql) ^0.4.x
 
 ### Cloud providers
 
diff --git a/library/sinks/LibSQLClient.test.ts b/library/sinks/LibSQLClient.test.ts
@@ -31,10 +31,12 @@ const safeContext: Context = {
   route: "/posts/:id",
 };
 
+const testOpts = { skip: !global.Request ? "fetch is not available" : false };
+
 const agent = createTestAgent();
 agent.start([new LibSQLClient()]);
 
-t.test("it works with @libsql/client: in-memory", async (t) => {
+t.test("it works with @libsql/client: in-memory", testOpts, async (t) => {
   const { createClient } =
     require("@libsql/client") as typeof import("@libsql/client");
 
@@ -166,6 +168,36 @@ t.test("it works with @libsql/client: in-memory", async (t) => {
           "Cannot read properties of null (reading 'map')"
         );
       }
+
+      const transaction = await client.transaction("write");
+
+      const error9 = await t.rejects(() =>
+        transaction.execute("SELECT 1;-- should be blocked")
+      );
+      t.ok(error9 instanceof Error);
+      if (error9 instanceof Error) {
+        t.same(
+          error9.message,
+          "Zen has blocked an SQL injection: @libsql/client.transaction.execute(...) originating from body.myTitle"
+        );
+      }
+
+      const error10 = await t.rejects(() =>
+        transaction.batch(["SELECT 1;-- should be blocked"])
+      );
+      t.ok(error10 instanceof Error);
+      if (error10 instanceof Error) {
+        t.same(
+          error10.message,
+          "Zen has blocked an SQL injection: @libsql/client.transaction.batch(...) originating from body.myTitle"
+        );
+      }
+
+      await transaction.commit();
+    });
+
+    await runWithContext(safeContext, async () => {
+      await client.execute("SELECT 1;-- This is a comment");
     });
   } catch (error: any) {
     t.fail(error);
@@ -174,7 +206,7 @@ t.test("it works with @libsql/client: in-memory", async (t) => {
   }
 });
 
-t.test("it works with @libsql/client: http", async (t) => {
+t.test("it works with @libsql/client: http", testOpts, async (t) => {
   const { createClient } =
     require("@libsql/client") as typeof import("@libsql/client");
 
@@ -270,6 +302,32 @@ t.test("it works with @libsql/client: http", async (t) => {
           "Zen has blocked an SQL injection: @libsql/client.batch(...) originating from body.myTitle"
         );
       }
+
+      const transaction = await client.transaction("write");
+
+      const error9 = await t.rejects(() =>
+        transaction.execute("SELECT 1;-- should be blocked")
+      );
+      t.ok(error9 instanceof Error);
+      if (error9 instanceof Error) {
+        t.same(
+          error9.message,
+          "Zen has blocked an SQL injection: @libsql/client.transaction.execute(...) originating from body.myTitle"
+        );
+      }
+
+      const error10 = await t.rejects(() =>
+        transaction.batch(["SELECT 1;-- should be blocked"])
+      );
+      t.ok(error10 instanceof Error);
+      if (error10 instanceof Error) {
+        t.same(
+          error10.message,
+          "Zen has blocked an SQL injection: @libsql/client.transaction.batch(...) originating from body.myTitle"
+        );
+      }
+
+      await transaction.commit();
     });
   } catch (error: any) {
     t.fail(error);
diff --git a/library/sinks/LibSQLClient.ts b/library/sinks/LibSQLClient.ts
@@ -70,12 +70,11 @@ export class LibSQLClient implements Wrapper {
 
   wrap(hooks: Hooks) {
     const sqlFunctions = ["execute", "executeMultiple", "batch", "migrate"];
-
-    // Todo transactions
+    const transactionSqlFunctions = ["execute", "executeMultiple", "batch"];
 
     hooks
       .addPackage("@libsql/client")
-      .withVersion("^0.14.0")
+      .withVersion("^0.10.0")
       .onRequire((exports, pkgInfo) => {
         // Modify the return value of createClient function -> the client object
         wrapExport(exports, "createClient", pkgInfo, {
@@ -88,6 +87,28 @@ export class LibSQLClient implements Wrapper {
                 },
               });
             }
+
+            // Wrap transaction functions
+            wrapExport(returnValue, "transaction", pkgInfo, {
+              modifyReturnValue: async (args, returnValue, agent) => {
+                // Await the promise
+                const transaction = await returnValue;
+
+                // Wrap all functions in the transaction object
+                for (const transactionFunc of transactionSqlFunctions) {
+                  wrapExport(transaction, transactionFunc, pkgInfo, {
+                    inspectArgs: (args) => {
+                      return this.inspectQuery(
+                        `@libsql/client.transaction.${transactionFunc}`,
+                        args
+                      );
+                    },
+                  });
+                }
+
+                return transaction;
+              },
+            });
             return returnValue;
           },
         });
