|
| 1 | +import { describe, expect, it } from 'vitest' |
| 2 | +import { encryptedTable, types } from '@/eql/v3' |
| 3 | +import type { IntrospectionResult } from '@/supabase/introspect' |
| 4 | +import { verifyDeclaredSchemas } from '@/supabase/verify' |
| 5 | + |
| 6 | +const introspection: IntrospectionResult = [ |
| 7 | + { |
| 8 | + tableName: 'users', |
| 9 | + columns: [ |
| 10 | + { columnName: 'id', domainName: null }, |
| 11 | + { columnName: 'email', domainName: 'text_search' }, |
| 12 | + { columnName: 'amount', domainName: 'integer_ord' }, |
| 13 | + ], |
| 14 | + }, |
| 15 | +] |
| 16 | + |
| 17 | +describe('verifyDeclaredSchemas', () => { |
| 18 | + it('passes when every declared column matches its introspected domain', () => { |
| 19 | + const users = encryptedTable('users', { |
| 20 | + email: types.TextSearch('email'), |
| 21 | + amount: types.IntegerOrd('amount'), |
| 22 | + }) |
| 23 | + expect(() => verifyDeclaredSchemas({ users }, introspection)).not.toThrow() |
| 24 | + }) |
| 25 | + |
| 26 | + it('passes when only a subset of encrypted columns is declared', () => { |
| 27 | + const users = encryptedTable('users', { email: types.TextSearch('email') }) |
| 28 | + expect(() => verifyDeclaredSchemas({ users }, introspection)).not.toThrow() |
| 29 | + }) |
| 30 | + |
| 31 | + it('throws naming the table when a declared table is absent', () => { |
| 32 | + const orders = encryptedTable('orders', { |
| 33 | + total: types.IntegerOrd('total'), |
| 34 | + }) |
| 35 | + expect(() => verifyDeclaredSchemas({ orders }, introspection)).toThrow( |
| 36 | + /table "orders"/, |
| 37 | + ) |
| 38 | + }) |
| 39 | + |
| 40 | + it('throws naming the column when a declared column is absent', () => { |
| 41 | + const users = encryptedTable('users', { missing: types.TextEq('missing') }) |
| 42 | + expect(() => verifyDeclaredSchemas({ users }, introspection)).toThrow( |
| 43 | + /users\.missing/, |
| 44 | + ) |
| 45 | + }) |
| 46 | + |
| 47 | + it('throws naming both domains when the domain differs', () => { |
| 48 | + // email is actually text_search; declaring text_eq must fail at startup. |
| 49 | + const users = encryptedTable('users', { email: types.TextEq('email') }) |
| 50 | + expect(() => verifyDeclaredSchemas({ users }, introspection)).toThrow( |
| 51 | + /text_eq.*text_search|text_search.*text_eq/, |
| 52 | + ) |
| 53 | + }) |
| 54 | +}) |
0 commit comments