Skip to content

Commit 17dbfc3

Browse files
committed
fix: use public metaschema tables for auth settings discovery
Replace metaschema.schema_and_table() (private schema) with a JOIN through metaschema_modules_public.sessions_module and metaschema_public.schema (both public). Also reduces from 3 queries to 2 by combining the module lookup and schema resolution into a single query.
1 parent 28884c2 commit 17dbfc3

1 file changed

Lines changed: 15 additions & 28 deletions

File tree

  • graphql/server/src/middleware

graphql/server/src/middleware/api.ts

Lines changed: 15 additions & 28 deletions
Original file line numberDiff line numberDiff line change
@@ -87,21 +87,17 @@ const RLS_MODULE_SQL = `
8787
`;
8888

8989
/**
90-
* Discover auth settings table location via metaschema modules.
91-
* Step 1: Get auth_settings_table_id from sessions_module
92-
* Step 2: Resolve the actual schema + table name via metaschema.schema_and_table()
90+
* Discover auth settings table location via public metaschema tables.
91+
* Joins sessions_module with metaschema_public.schema to resolve
92+
* the schema name + table name without touching private schemas.
9393
*/
94-
const AUTH_SETTINGS_TABLE_ID_SQL = `
95-
SELECT auth_settings_table_id
96-
FROM metaschema_modules_public.sessions_module
94+
const AUTH_SETTINGS_DISCOVERY_SQL = `
95+
SELECT s.schema_name, sm.auth_settings_table AS table_name
96+
FROM metaschema_modules_public.sessions_module sm
97+
JOIN metaschema_public.schema s ON s.id = sm.schema_id
9798
LIMIT 1
9899
`;
99100

100-
const AUTH_SETTINGS_SCHEMA_AND_TABLE_SQL = `
101-
SELECT schema_name, table_name
102-
FROM metaschema.schema_and_table($1)
103-
`;
104-
105101
/**
106102
* Query auth settings from the discovered table.
107103
* Schema and table name are resolved dynamically from metaschema modules.
@@ -340,10 +336,9 @@ const queryRlsModule = async (pool: Pool, apiId: string): Promise<RlsModuleRow |
340336

341337
/**
342338
* Load server-relevant auth settings from the tenant DB.
343-
* Discovers the auth settings table dynamically by querying
344-
* metaschema_modules_public.sessions_module for the table ID,
345-
* then resolving the actual schema + table name via metaschema.schema_and_table().
346-
* Fails gracefully if modules or table don't exist yet (pre-migration).
339+
* Discovers the auth settings table dynamically by joining
340+
* metaschema_modules_public.sessions_module with metaschema_public.schema
341+
* (both public schemas). Fails gracefully if modules or table don't exist yet.
347342
*/
348343
const queryAuthSettings = async (
349344
opts: ApiOptions,
@@ -352,23 +347,15 @@ const queryAuthSettings = async (
352347
try {
353348
const tenantPool = getPgPool({ ...opts.pg, database: dbname });
354349

355-
// Step 1: Get auth_settings_table_id from sessions_module
356-
const modResult = await tenantPool.query<{ auth_settings_table_id: string }>(AUTH_SETTINGS_TABLE_ID_SQL);
357-
const tableId = modResult.rows[0]?.auth_settings_table_id;
358-
if (!tableId) {
359-
log.debug('[auth-settings] No sessions_module row found in tenant DB');
360-
return null;
361-
}
362-
363-
// Step 2: Resolve actual schema + table name
364-
const stResult = await tenantPool.query<{ schema_name: string; table_name: string }>(AUTH_SETTINGS_SCHEMA_AND_TABLE_SQL, [tableId]);
365-
const resolved = stResult.rows[0];
350+
// Discover the auth settings schema + table name from public metaschema tables
351+
const discovery = await tenantPool.query<{ schema_name: string; table_name: string }>(AUTH_SETTINGS_DISCOVERY_SQL);
352+
const resolved = discovery.rows[0];
366353
if (!resolved) {
367-
log.debug(`[auth-settings] Could not resolve schema_and_table for table_id=${tableId}`);
354+
log.debug('[auth-settings] No sessions_module row found in tenant DB');
368355
return null;
369356
}
370357

371-
// Step 3: Query the actual auth settings table
358+
// Query the discovered auth settings table
372359
const result = await tenantPool.query<AuthSettingsRow>(AUTH_SETTINGS_SQL(resolved.schema_name, resolved.table_name));
373360
return result.rows[0] ?? null;
374361
} catch (e: any) {

0 commit comments

Comments
 (0)