* Added support for SCRAM-SHA-256-PLUS i.e. channel binding
* Requested tweaks to channel binding
* Additional tweaks to channel binding
* Fixed lint complaints
* Update packages/pg/lib/crypto/sasl.js
Co-authored-by: Charmander <~@charmander.me>
* Update packages/pg/lib/crypto/sasl.js
Co-authored-by: Charmander <~@charmander.me>
* Update packages/pg/lib/client.js
Co-authored-by: Charmander <~@charmander.me>
* Tweaks to channel binding
* Now using homegrown certificate signature algorithm identification
* Update ssl.mdx with channel binding changes
* Allow for config object being undefined when assigning enableChannelBinding
* Fixed a test failing on an updated error message
* Removed - from hash names like SHA-256 for legacy crypto (Node 14 and below)
* Removed packageManager key from package.json
* Added some SASL/channel binding unit tests
* Added a unit test for continueSession to check expected SASL session data
* Modify tests: don't require channel binding (which cannot then work) if not using SSL
---------
Co-authored-by: Charmander <~@charmander.me>
It looks like this was removed in d615ebee177ed57c7a7df861b1db675c9e0ebb0f while it still had references to it.
Reviewed-by: Charmander <~@charmander.me>
* test: Actually test split messages in split message parsing test
* cleanup: Fix spelling in tests
* test: Wait on asynchronous tests
* cleanup: Remove unused parameter from test method `BufferList#getByteLength`
If someone did want this functionality, it would be better to use addition separate from the method anyway.
* cleanup: Remove unused test function `BufferList.concat`
* Handle bad message ordering - make it catchable. Fixes 3174
* Close client in test
* Mess w/ github action settings
* update ci config
* Remove redundant tests
* Update code to use handle error event
* Add tests for commandComplete message being out of order
* Lint fix
* Fix native tests
* Fix lint again...airport computer not my friend
* Not a native issue
* Remove assert from globals
* Remove Client from globals
* Remove global test function
* Remove MemoryStream from globals
* Require assert in SASL integration tests
* Attempt to use a postgres with ssl?
* Use latest image
* Remove connection tests - they test internals that are better covered by testint the client
When enabling this rule, it's recommended to also *disable* the standard `no-unused-vars` rule. Although `no-unused-vars` is not currently enabled, it seems helpful to explicitly disable it here.
See: https://typescript-eslint.io/rules/no-unused-vars/
Co-authored-by: alxndrsn <alxndrsn>
This feature can be used as follows:
```
client.query({ text: 'SELECT 1', queryMode: 'extended' })
```
This will force the query to be sent with parse/bind/execute even when it has no parameters and disallows multiple statements being executed. This can be useful in scenarios where you want to enforce more security & help prevent sql injection attacks...particularly by library authors.
---------
Co-authored-by: alxndrsn <alxndrsn>
Co-authored-by: Brian Carlson <brian.m.carlson@gmail.com>
I didn't do much to "modernize" the pg-native codebase other than running it through the standard eslint --fix that is applied to the rest of the code. There's some easy opportunities there to update it to es6 and so on...it still uses some pretty antiquated coding styles in places. This PR re-introduces the native tests on node v20, and updates test matrix to drop unsupported versions of node & add in node v22.
Previously, if you attempted to pass an array of `Uint8Array` objects to
a prepared statement, it would render each literal numeric value of that
array.
Since `Uint8Array` (and `TypedArray` types) represent views over raw
bytes, ensure these are serialized to Postgres as a byte representation.
* Fail gracefully when connecting to other SGDB vendor
* Make test more flexible. Adjust error wording to match native better.
---------
Co-authored-by: Brian Carlson <brian.m.carlson@gmail.com>
* Add failing test for result rows with the same column names
* Fix handling of duplicate column names in results to ensure last value is populated
Fixes handling of result rows that have the same column name duplicated in the results to ensure
that the last value is the one returned to the user. This was the old behavior but unintentionally
broken when the pre-built object optimization was added.
* fix stack traces of query() to include the async context (#1762)
* rename tests so they are actually run
* conditionally only run async stack trace tests on node 16+
* add stack trace to pg-native
---------
Co-authored-by: Charmander <~@charmander.me>
* Document client.escapeIdentifier and client.escapeLiteral
Per #1978 it seems that these client APIs are undocumented. Added documentation for these functions along with some examples and relevant links.
* Fix typos in new docs
* Migrate escapeIdentifier and escapeLiteral from Client to PG
These are standalone utility functions, they do not need a client instance to function.
Changes made:
- Refactored escapeIdentifer and escapeLiteral from client class to functions in utils
- Update PG to export escapeIdentifier and escapeLiteral
- Migrated tests for Client.escapeIdentifier and Client.escapeLiteral to tests for utils
- Updated documentation, added a "utilities" page where these helpers are discussed
**note** this is a breaking change. Users who used these functions (previously undocumented) on instances of Client, or via Client.prototype.
* Export escapeIdentifier and escapeLiteral from PG
These are standalone utility functions, they should not depend on a client instance.
Changes made:
- Refactored escapeIdentifer and escapeLiteral from client class to functions in utils
- Re-exported functions on client for backwards compatibility
- Update PG to export escapeIdentifier and escapeLiteral
- Updated tests to validate the newly exported functions from both entry points
- Updated documentation, added a "utilities" page where these helpers are discussed
* Ensure escape functions work via Client.prototype
Updated changes such that escapeIdentifier and escapeLiteral are usable via the client prototype
Updated tests to check for both entry points in client
* fix: double client.end() hang
fixes https://github.com/brianc/node-postgres/issues/2716
`client.end()` will resolve early if the connection is already dead,
rather than waiting for an "end" event that will never arrive.
* fix: client.end() resolves when socket is fully closed
* Enable SASL tests in GitHub actions CI
* Add SASL test to ensure that client password is a string
* Fix SASL error handling to emit and bubble up errors
* Add informative error when SASL password is empty string
This changeset enables declaring the `stream` config value as a factory
method. Providing a much more flexible control of the socket connection.
Defining a custom `stream` config value allows the postgres driver to
support a larger variety of environments/setups such as proxy servers
and secure socket connections that are used by cloud providers such as
GCP.
Currently, usage of the `stream` config value is only viable for single
connections given that it's only possible to define a single socket
stream instance per new Client/Pool instance. By adding support to a
factory function, it becomes possible to enable usage of custom socket
streams for connection pools.
For reference, see the `mysql2` driver for MySQL (linked below) for
prior art example of this pattern.
Refs: ba15fe2570/lib/connection.js (L63-L65)
Refs: https://cloud.google.com/sql/docs/postgres/connect-overview
Signed-off-by: Ruy Adorno <ruyadorno@google.com>
Signed-off-by: Ruy Adorno <ruyadorno@google.com>
This is the initial port to github actions. Still pending are the SSL and client SSL cert tests which are currently being skipped. But perfect is the enemy of the good here, and having no CI because travis-ci keeps not working is unacceptable.
* pg: Re-export DatabaseError from 'pg-protocol'
Before, users would have to import DatabaseError from 'pg-protocol'. If
there are multiple versions of 'pg-protocol', you might end up using the
wrong one.
Closes#2378
* Update error-handling-tests.js
* Update query-error-handling-tests.js
Co-authored-by: Brian C <brian.m.carlson@gmail.com>
* Make tests pass in github codespaces
There were a few tests which didn't specify a host or port which wasn't working well inside the codespaces docker environment. Added host & port where required. Also noticed one test wasn't actually _testing_, it was just `console.log`-ing its output, so I added proper assertions there. Finally set `PGTESTNOSSL: true` in the codespaces environment until I can get the postgres docker container configured w/ SSL...which I will do l8r.
* lint
* Add sha256 SASL helper
* Rename internal createHMAC(...) to hmacSha256(...)
* Add parseAttributePairs(...) helper for SASL
* Tighten arg checks in SASL xorBuffers(...)
* Add SASL nonce check for printable chars
* Add SASL server salt and server signature base64 validation
* Add check for non-empty SASL server nonce
* Rename SASL helper to parseServerFirstMessage(...)
* Add parameter validation to SASL continueSession(...)
* Split out SASL final message parsing into parseServerFinalMessage(...)
* Fix SCRAM tests
Removes custom assert.throws(...) so that the real one from the assert package is used and
fixes the SCRAM tests to reflect the updated error messages and actual checking of errors.
Previously the custom assert.throws(...) was ignoring the error signature validation.
