tests

Author: pyramation

.github/workflows/ci.yml

@@ -86,28 +86,10 @@ jobs:
       fail-fast: false
       matrix:
         package:
-          - utils/verify
-          - utils/utils
-          - utils/inflection
-          - utils/faker
-          - utils/base32
-          - security/totp
-          - security/jwt-claims
-          - security/encrypted-secrets-table
-          - security/encrypted-secrets
-          - security/defaults
-          - security/default-roles
-          - metrics/measurements
-          - metrics/achievements
-          - meta/db_meta_test
-          - meta/db_meta_modules
-          - meta/db_meta
-          - jobs/jobs
-          - jobs/database-jobs
-          - data-types/uuid
-          - data-types/types
-          - data-types/stamps
-          - data-types/geotypes
+          - verify
+          - base32
+          - totp
+          - rls-demo
 
     env:
       PGHOST: pg_db
@@ -176,75 +158,3 @@ jobs:
       - name: Test ${{ matrix.package }}
         run: cd ./packages/${{ matrix.package }} && pnpm test
 
-  integration-test:
-    needs: setup
-    runs-on: ubuntu-latest
-    container: pyramation/node-sqitch:20.12.0
-
-    env:
-      PGHOST: pg_db
-      PGPORT: 5432
-      PGUSER: postgres
-      PGPASSWORD: password
-
-    services:
-      pg_db:
-        image: pyramation/pgvector:13.3-alpine
-        env:
-          POSTGRES_USER: postgres
-          POSTGRES_PASSWORD: password
-        options: >-
-          --health-cmd pg_isready
-          --health-interval 10s
-          --health-timeout 5s
-          --health-retries 5
-        ports:
-          - 5432:5432
-
-      minio_cdn:
-        image: minio/minio:edge-cicd
-        env:
-          MINIO_ROOT_USER: minioadmin
-          MINIO_ROOT_PASSWORD: minioadmin
-        ports:
-          - 9000:9000
-          - 9001:9001
-        options: >-
-          --health-cmd "curl -f http://localhost:9000/minio/health/live || exit 1"
-          --health-interval 10s
-          --health-timeout 5s
-          --health-retries 5
-
-    steps:
-      - name: Configure Git (for tests)
-        run: |
-          git config --global user.name "CI Test User"
-          git config --global user.email "[email protected]"
-
-      - name: Checkout
-        uses: actions/checkout@v4
-
-      - name: Enable corepack and pnpm
-        run: |
-          corepack enable
-          corepack prepare pnpm@9 --activate
-          pnpm -v
-          node -v
-
-      - name: Install
-        run: pnpm install
-
-      - name: Install LaunchQL CLI globally
-        run: npm install -g @launchql/[email protected]
-
-      - name: Build
-        run: pnpm -r build
-
-      - name: Seed app_user
-        run: |
-          lql admin-users bootstrap --yes
-          lql admin-users add --test --yes
-
-      - name: Run Integration Tests
-        run: ./scripts/test-all-packages.sh
-

README.md

@@ -12,5 +12,7 @@ export PGPORT=54322
 export PGHOST=localhost
 export PGUSER=postgres
 export PGPASSWORD=postgres
+
+pnpm test
 ```
 

packages/rls-demo/LICENSE

@@ -0,0 +1,22 @@
+The MIT License (MIT)
+
+Copyright (c) 2025 Dan Lynch <[email protected]>
+Copyright (c) 2025 Interweb, Inc.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

packages/rls-demo/Makefile

@@ -0,0 +1,6 @@
+EXTENSION = launchql-rls-demo
+DATA = sql/launchql-rls-demo--0.0.1.sql
+
+PG_CONFIG = pg_config
+PGXS := $(shell $(PG_CONFIG) --pgxs)
+include $(PGXS)

packages/rls-demo/README.md

@@ -0,0 +1,41 @@
+# @lql-pg/rls-demo
+
+RLS (Row Level Security) demo extension for PostgreSQL.
+
+Provides a demonstration of Row Level Security implementation with users and products tables, including:
+- `rls_test` schema with proper RLS policies
+- `users` table with RLS policies for user data access
+- `products` table with RLS policies for product ownership
+- Foreign key relationships and proper indexing
+- Automatic `updated_at` timestamp triggers
+
+## Sample Data
+
+This package includes sample data to demonstrate RLS functionality:
+
+### Users
+- Alice Johnson ([email protected])
+- Bob Smith ([email protected]) 
+- Charlie Brown ([email protected])
+- Diana Prince ([email protected])
+
+### Products
+- Alice owns: Laptop Pro ($1299.99), Wireless Mouse ($49.99)
+- Bob owns: Mechanical Keyboard ($149.99), Monitor 4K ($399.99)
+- Charlie owns: Webcam HD ($89.99), Headphones ($199.99)
+- Diana owns: Standing Desk ($599.99), Desk Lamp ($79.99)
+
+## Data Insertion
+
+### Using SQL File
+```bash
+psql -d your_database -f seed-data.sql
+```
+
+### Using Node.js Script
+```bash
+node insert-data.js
+```
+
+### Using pgsql-test
+The test suite includes comprehensive data insertion and RLS testing examples.

packages/rls-demo/__tests__/rls.demo.test.ts

@@ -0,0 +1,99 @@
+import { getConnections, PgTestClient } from 'pgsql-test';
+
+let pg: PgTestClient;
+let db: PgTestClient;
+let teardown: () => Promise<void>;
+
+beforeAll(async () => {
+  ({ pg, db, teardown } = await getConnections());
+});
+
+afterAll(async () => {
+  await teardown();
+});
+
+beforeEach(async () => {
+  await db.beforeEach();
+});
+
+afterEach(async () => {
+  await db.afterEach();
+});
+
+describe('RLS Demo - Data Insertion', () => {
+  it('should insert users and products', async () => {
+    // Insert users
+    const user1 = await pg.one(
+      `INSERT INTO rls_test.users (email, name) 
+       VALUES ($1, $2) 
+       RETURNING id, email, name`,
+      ['[email protected]', 'Alice Johnson']
+    );
+    
+    const user2 = await pg.one(
+      `INSERT INTO rls_test.users (email, name) 
+       VALUES ($1, $2) 
+       RETURNING id, email, name`,
+      ['[email protected]', 'Bob Smith']
+    );
+
+    // Insert products
+    const product1 = await pg.one(
+      `INSERT INTO rls_test.products (name, description, price, owner_id) 
+       VALUES ($1, $2, $3, $4) 
+       RETURNING id, name, price, owner_id`,
+      ['Laptop Pro', 'High-performance laptop', 1299.99, user1.id]
+    );
+    
+    const product2 = await pg.one(
+      `INSERT INTO rls_test.products (name, description, price, owner_id) 
+       VALUES ($1, $2, $3, $4) 
+       RETURNING id, name, price, owner_id`,
+      ['Wireless Mouse', 'Ergonomic mouse', 49.99, user1.id]
+    );
+
+    expect(user1.email).toBe('[email protected]');
+    expect(product1.name).toBe('Laptop Pro');
+    expect(product1.owner_id).toBe(user1.id);
+  });
+
+  it('should query user products with joins', async () => {
+    const result = await pg.many(
+      `SELECT u.name, p.name as product_name, p.price
+       FROM rls_test.users u
+       JOIN rls_test.products p ON u.id = p.owner_id
+       ORDER BY u.name, p.name`
+    );
+    
+    expect(result.length).toBeGreaterThan(0);
+    expect(result[0]).toHaveProperty('name');
+    expect(result[0]).toHaveProperty('product_name');
+  });
+
+  it('should test RLS context switching', async () => {
+    // Get a user ID for context
+    const user = await pg.one(`SELECT id FROM rls_test.users LIMIT 1`);
+    
+    // Set context to simulate authenticated user with JWT claims
+    db.setContext({
+      role: 'authenticated',
+      'jwt.claims.user_id': user.id
+    });
+
+    // Test auth.uid() function
+    const uid = await db.one(`SELECT auth.uid() as uid`);
+    expect(uid.uid).toBe(user.id);
+
+    // Test auth.role() function
+    const role = await db.one(`SELECT auth.role() as role`);
+    expect(role.role).toBe('authenticated');
+
+    // Query should work with RLS policies
+    const userData = await db.one(
+      `SELECT id, email FROM rls_test.users WHERE id = $1`,
+      [user.id]
+    );
+    
+    expect(userData.id).toBe(user.id);
+  });
+});