refactor: use QuoteUtils for identifier quoting, remove backward-compat code

pyramation · pyramation · commit 9cf7eed0576b · 2026-04-19T08:14:38.000Z
- Replace raw string interpolation ("${schema}"."${table}") with
  QuoteUtils.quoteQualifiedIdentifier() from @pgsql/quotes in both
  presigned-url-plugin and bucket-provisioner-plugin
- Remove LEGACY_STORAGE_MODULE_QUERY constants from both plugins
- Remove schemaSupportsMultiScope module-level flags
- Remove all SAVEPOINT-based schema detection logic
- Simplify resolveStorageModule(), getStorageModuleConfig(),
  getStorageModuleConfigForOwner(), and resolveStorageModuleByFileId()
  to use direct queries without fallback
diff --git a/graphile/graphile-bucket-provisioner-plugin/package.json b/graphile/graphile-bucket-provisioner-plugin/package.json
@@ -41,7 +41,8 @@
   },
   "dependencies": {
     "@constructive-io/bucket-provisioner": "workspace:^",
-    "@pgpmjs/logger": "workspace:^"
+    "@pgpmjs/logger": "workspace:^",
+    "@pgsql/quotes": "^17.1.0"
   },
   "peerDependencies": {
     "grafast": "1.0.0",
diff --git a/graphile/graphile-bucket-provisioner-plugin/src/plugin.ts b/graphile/graphile-bucket-provisioner-plugin/src/plugin.ts
@@ -35,6 +35,7 @@ import { context as grafastContext, lambda, object } from 'grafast';
 import type { GraphileConfig } from 'graphile-config';
 import { extendSchema, gql } from 'graphile-utils';
 import { Logger } from '@pgpmjs/logger';
+import { QuoteUtils } from '@pgsql/quotes';
 import {
   BucketProvisioner,
 } from '@constructive-io/bucket-provisioner';
@@ -71,31 +72,8 @@ const APP_STORAGE_MODULE_QUERY = `
   LIMIT 1
 `;
 
-/**
- * Legacy query for databases without the multi-scope schema.
- * Returns NULL for scope-related fields so the row shape matches StorageModuleRow.
- */
-const LEGACY_STORAGE_MODULE_QUERY = `
-  SELECT
-    sm.id,
-    NULL::int AS membership_type,
-    NULL::uuid AS entity_table_id,
-    bs.schema_name AS buckets_schema,
-    bt.name AS buckets_table,
-    sm.endpoint,
-    sm.public_url_prefix,
-    sm.provider,
-    sm.allowed_origins
-  FROM metaschema_modules_public.storage_module sm
-  JOIN metaschema_public.table bt ON bt.id = sm.buckets_table_id
-  JOIN metaschema_public.schema bs ON bs.id = bt.schema_id
-  WHERE sm.database_id = $1
-  LIMIT 1
-`;
-
 /**
  * Resolve ALL storage modules for a database (for ownerId-based resolution).
- * Requires the multi-scope schema.
  */
 const ALL_STORAGE_MODULES_QUERY = `
   SELECT
@@ -118,12 +96,6 @@ const ALL_STORAGE_MODULES_QUERY = `
   WHERE sm.database_id = $1
 `;
 
-/**
- * Module-level flag to track whether the database schema supports multi-scope storage.
- * null = not yet detected, true = new schema (has membership_type), false = legacy schema.
- */
-let schemaSupportsMultiScope: boolean | null = null;
-
 interface StorageModuleRow {
   id: string;
   membership_type: number | null;
@@ -149,65 +121,20 @@ async function resolveStorageModule(
   ownerId?: string,
 ): Promise<StorageModuleRow | null> {
   if (!ownerId) {
-    // App-level resolution with backward compatibility
-    if (schemaSupportsMultiScope === false) {
-      const result = await pgClient.query(LEGACY_STORAGE_MODULE_QUERY, [databaseId]);
-      return (result.rows[0] as StorageModuleRow) ?? null;
-    }
-    try {
-      // Use SAVEPOINT so a failed probe doesn't abort the surrounding transaction
-      await pgClient.query('SAVEPOINT storage_module_probe');
-      const result = await pgClient.query(APP_STORAGE_MODULE_QUERY, [databaseId]);
-      await pgClient.query('RELEASE SAVEPOINT storage_module_probe');
-      schemaSupportsMultiScope = true;
-      return (result.rows[0] as StorageModuleRow) ?? null;
-    } catch (err: any) {
-      if (err.code === '42703' || err.message?.includes('does not exist')) {
-        log.debug('Multi-scope schema not detected, falling back to legacy query');
-        schemaSupportsMultiScope = false;
-        await pgClient.query('ROLLBACK TO SAVEPOINT storage_module_probe');
-        await pgClient.query('RELEASE SAVEPOINT storage_module_probe');
-        const result = await pgClient.query(LEGACY_STORAGE_MODULE_QUERY, [databaseId]);
-        return (result.rows[0] as StorageModuleRow) ?? null;
-      }
-      try { await pgClient.query('ROLLBACK TO SAVEPOINT storage_module_probe'); } catch { /* ignore */ }
-      try { await pgClient.query('RELEASE SAVEPOINT storage_module_probe'); } catch { /* ignore */ }
-      throw err;
-    }
-  }
-
-  // Entity-scoped resolution requires the multi-scope schema
-  if (schemaSupportsMultiScope === false) {
-    log.debug('Legacy schema detected — entity-scoped storage not available');
-    return null;
-  }
-
-  // Load all modules and probe entity tables
-  let modules: StorageModuleRow[];
-  try {
-    await pgClient.query('SAVEPOINT storage_module_probe');
-    const result = await pgClient.query(ALL_STORAGE_MODULES_QUERY, [databaseId]);
-    await pgClient.query('RELEASE SAVEPOINT storage_module_probe');
-    schemaSupportsMultiScope = true;
-    modules = result.rows as StorageModuleRow[];
-  } catch (err: any) {
-    if (err.code === '42703' || err.message?.includes('does not exist')) {
-      log.debug('Multi-scope schema not detected during owner resolution');
-      schemaSupportsMultiScope = false;
-      await pgClient.query('ROLLBACK TO SAVEPOINT storage_module_probe');
-      await pgClient.query('RELEASE SAVEPOINT storage_module_probe');
-      return null;
-    }
-    try { await pgClient.query('ROLLBACK TO SAVEPOINT storage_module_probe'); } catch { /* ignore */ }
-    try { await pgClient.query('RELEASE SAVEPOINT storage_module_probe'); } catch { /* ignore */ }
-    throw err;
+    // App-level resolution
+    const result = await pgClient.query(APP_STORAGE_MODULE_QUERY, [databaseId]);
+    return (result.rows[0] as StorageModuleRow) ?? null;
   }
 
+  // Entity-scoped: load all modules and probe entity tables
+  const result = await pgClient.query(ALL_STORAGE_MODULES_QUERY, [databaseId]);
+  const modules = result.rows as StorageModuleRow[];
   const entityModules = modules.filter((m) => m.entity_schema && m.entity_table);
 
   for (const mod of entityModules) {
+    const entityTable = QuoteUtils.quoteQualifiedIdentifier(mod.entity_schema!, mod.entity_table!);
     const probe = await pgClient.query(
-      `SELECT 1 FROM "${mod.entity_schema}"."${mod.entity_table}" WHERE id = $1 LIMIT 1`,
+      `SELECT 1 FROM ${entityTable} WHERE id = $1 LIMIT 1`,
       [ownerId],
     );
     if (probe.rows.length > 0) {
@@ -500,14 +427,15 @@ export function createBucketProvisionerPlugin(
 
               // Look up the bucket row (RLS enforced via pgSettings)
               const hasOwner = ownerId && storageModule.membership_type !== null;
+              const bucketsTable = QuoteUtils.quoteQualifiedIdentifier(storageModule.buckets_schema, storageModule.buckets_table);
               const bucketResult = await pgClient.query(
                 hasOwner
                   ? `SELECT id, key, type, is_public, allowed_origins
-                     FROM "${storageModule.buckets_schema}"."${storageModule.buckets_table}"
+                     FROM ${bucketsTable}
                      WHERE key = $1 AND owner_id = $2
                      LIMIT 1`
                   : `SELECT id, key, type, is_public, allowed_origins
-                     FROM "${storageModule.buckets_schema}"."${storageModule.buckets_table}"
+                     FROM ${bucketsTable}
                      WHERE key = $1
                      LIMIT 1`,
                 hasOwner ? [bucketKey, ownerId] : [bucketKey],
@@ -697,9 +625,10 @@ export function createBucketProvisionerPlugin(
                     }
 
                     // Read the full bucket row (post-update) to get type + origins
+                    const bucketsTable = QuoteUtils.quoteQualifiedIdentifier(storageModule.buckets_schema, storageModule.buckets_table);
                     const bucketResult = await pgClient.query(
                       `SELECT id, key, type, is_public, allowed_origins
-                       FROM "${storageModule.buckets_schema}"."${storageModule.buckets_table}"
+                       FROM ${bucketsTable}
                        WHERE key = $1
                        LIMIT 1`,
                       [patchKey],
diff --git a/graphile/graphile-presigned-url-plugin/package.json b/graphile/graphile-presigned-url-plugin/package.json
@@ -43,6 +43,7 @@
     "@aws-sdk/client-s3": "^3.1009.0",
     "@aws-sdk/s3-request-presigner": "^3.1009.0",
     "@pgpmjs/logger": "workspace:^",
+    "@pgsql/quotes": "^17.1.0",
     "lru-cache": "^11.2.7"
   },
   "peerDependencies": {
diff --git a/graphile/graphile-presigned-url-plugin/src/storage-module-cache.ts b/graphile/graphile-presigned-url-plugin/src/storage-module-cache.ts
@@ -1,5 +1,6 @@
 import { Logger } from '@pgpmjs/logger';
 import { LRUCache } from 'lru-cache';
+import { QuoteUtils } from '@pgsql/quotes';
 import type { StorageModuleConfig, BucketConfig } from './types';
 
 const log = new Logger('graphile-presigned-url:cache');
@@ -72,54 +73,6 @@ const APP_STORAGE_MODULE_QUERY = `
   LIMIT 1
 `;
 
-/**
- * Legacy SQL query for databases without the multi-scope schema.
- *
- * Falls back to the original LIMIT 1 pattern when membership_type column
- * doesn't exist (pre-PR#876 schema). Returns NULL for scope-related fields
- * so the row shape matches StorageModuleRow.
- */
-const LEGACY_STORAGE_MODULE_QUERY = `
-  SELECT
-    sm.id,
-    NULL::int AS membership_type,
-    NULL::uuid AS entity_table_id,
-    bs.schema_name AS buckets_schema,
-    bt.name AS buckets_table,
-    fs.schema_name AS files_schema,
-    ft.name AS files_table,
-    urs.schema_name AS upload_requests_schema,
-    urt.name AS upload_requests_table,
-    sm.endpoint,
-    sm.public_url_prefix,
-    sm.provider,
-    sm.allowed_origins,
-    sm.upload_url_expiry_seconds,
-    sm.download_url_expiry_seconds,
-    sm.default_max_file_size,
-    sm.max_filename_length,
-    sm.cache_ttl_seconds,
-    NULL AS entity_schema,
-    NULL AS entity_table
-  FROM metaschema_modules_public.storage_module sm
-  JOIN metaschema_public.table bt ON bt.id = sm.buckets_table_id
-  JOIN metaschema_public.schema bs ON bs.id = bt.schema_id
-  JOIN metaschema_public.table ft ON ft.id = sm.files_table_id
-  JOIN metaschema_public.schema fs ON fs.id = ft.schema_id
-  JOIN metaschema_public.table urt ON urt.id = sm.upload_requests_table_id
-  JOIN metaschema_public.schema urs ON urs.id = urt.schema_id
-  WHERE sm.database_id = $1
-  LIMIT 1
-`;
-
-/**
- * Module-level flag to track whether the database schema supports multi-scope storage.
- *
- * null = not yet detected, true = new schema (has membership_type), false = legacy schema.
- * Once detected, avoids repeated failed queries on legacy schemas.
- */
-let schemaSupportsMultiScope: boolean | null = null;
-
 /**
  * SQL query to resolve ALL storage modules for a database (app-level + entity-scoped).
  *
@@ -190,17 +143,17 @@ function buildConfig(row: StorageModuleRow): StorageModuleConfig {
   const cacheTtlSeconds = row.cache_ttl_seconds ?? DEFAULT_CACHE_TTL_SECONDS;
   return {
     id: row.id,
-    bucketsQualifiedName: `"${row.buckets_schema}"."${row.buckets_table}"`,
-    filesQualifiedName: `"${row.files_schema}"."${row.files_table}"`,
-    uploadRequestsQualifiedName: `"${row.upload_requests_schema}"."${row.upload_requests_table}"`,
+    bucketsQualifiedName: QuoteUtils.quoteQualifiedIdentifier(row.buckets_schema, row.buckets_table),
+    filesQualifiedName: QuoteUtils.quoteQualifiedIdentifier(row.files_schema, row.files_table),
+    uploadRequestsQualifiedName: QuoteUtils.quoteQualifiedIdentifier(row.upload_requests_schema, row.upload_requests_table),
     schemaName: row.buckets_schema,
     bucketsTableName: row.buckets_table,
     filesTableName: row.files_table,
     uploadRequestsTableName: row.upload_requests_table,
     membershipType: row.membership_type,
     entityTableId: row.entity_table_id,
     entityQualifiedName: row.entity_schema && row.entity_table
-      ? `"${row.entity_schema}"."${row.entity_table}"`
+      ? QuoteUtils.quoteQualifiedIdentifier(row.entity_schema, row.entity_table)
       : null,
     endpoint: row.endpoint,
     publicUrlPrefix: row.public_url_prefix,
@@ -236,34 +189,7 @@ export async function getStorageModuleConfig(
 
   log.debug(`Cache miss for app-level storage in database ${databaseId}, querying metaschema...`);
 
-  let result: { rows: unknown[] };
-
-  if (schemaSupportsMultiScope === false) {
-    // Known legacy schema — skip the new query
-    result = await pgClient.query({ text: LEGACY_STORAGE_MODULE_QUERY, values: [databaseId] });
-  } else {
-    try {
-      // Use SAVEPOINT so a failed probe doesn't abort the surrounding transaction
-      await pgClient.query({ text: 'SAVEPOINT storage_module_probe' });
-      result = await pgClient.query({ text: APP_STORAGE_MODULE_QUERY, values: [databaseId] });
-      await pgClient.query({ text: 'RELEASE SAVEPOINT storage_module_probe' });
-      schemaSupportsMultiScope = true;
-    } catch (err: any) {
-      // PostgreSQL error 42703 = "column does not exist"
-      if (err.code === '42703' || err.message?.includes('does not exist')) {
-        log.debug('Multi-scope schema not detected, falling back to legacy query');
-        schemaSupportsMultiScope = false;
-        await pgClient.query({ text: 'ROLLBACK TO SAVEPOINT storage_module_probe' });
-        await pgClient.query({ text: 'RELEASE SAVEPOINT storage_module_probe' });
-        result = await pgClient.query({ text: LEGACY_STORAGE_MODULE_QUERY, values: [databaseId] });
-      } else {
-        // Release savepoint even on unexpected errors
-        try { await pgClient.query({ text: 'ROLLBACK TO SAVEPOINT storage_module_probe' }); } catch { /* ignore */ }
-        try { await pgClient.query({ text: 'RELEASE SAVEPOINT storage_module_probe' }); } catch { /* ignore */ }
-        throw err;
-      }
-    }
-  }
+  const result = await pgClient.query({ text: APP_STORAGE_MODULE_QUERY, values: [databaseId] });
 
   if (result.rows.length === 0) {
     log.warn(`No app-level storage module found for database ${databaseId}`);
@@ -297,12 +223,6 @@ export async function getStorageModuleConfigForOwner(
   databaseId: string,
   ownerId: string,
 ): Promise<StorageModuleConfig | null> {
-  // Entity-scoped resolution requires the multi-scope schema
-  if (schemaSupportsMultiScope === false) {
-    log.debug('Legacy schema detected — entity-scoped storage not available');
-    return null;
-  }
-
   // Check if we already have a cached mapping for this ownerId
   const ownerCacheKey = `storage:${databaseId}:owner:${ownerId}`;
   const cachedOwner = storageModuleCache.get(ownerCacheKey);
@@ -324,24 +244,7 @@ export async function getStorageModuleConfigForOwner(
 
   if (allConfigs.length === 0) {
     log.debug(`Loading all storage modules for database ${databaseId} to resolve ownerId ${ownerId}`);
-    let result: { rows: unknown[] };
-    try {
-      await pgClient.query({ text: 'SAVEPOINT storage_module_probe' });
-      result = await pgClient.query({ text: ALL_STORAGE_MODULES_QUERY, values: [databaseId] });
-      await pgClient.query({ text: 'RELEASE SAVEPOINT storage_module_probe' });
-      schemaSupportsMultiScope = true;
-    } catch (err: any) {
-      if (err.code === '42703' || err.message?.includes('does not exist')) {
-        log.debug('Multi-scope schema not detected during owner resolution');
-        schemaSupportsMultiScope = false;
-        await pgClient.query({ text: 'ROLLBACK TO SAVEPOINT storage_module_probe' });
-        await pgClient.query({ text: 'RELEASE SAVEPOINT storage_module_probe' });
-        return null;
-      }
-      try { await pgClient.query({ text: 'ROLLBACK TO SAVEPOINT storage_module_probe' }); } catch { /* ignore */ }
-      try { await pgClient.query({ text: 'RELEASE SAVEPOINT storage_module_probe' }); } catch { /* ignore */ }
-      throw err;
-    }
+    const result = await pgClient.query({ text: ALL_STORAGE_MODULES_QUERY, values: [databaseId] });
     allConfigs = (result.rows as StorageModuleRow[]).map(buildConfig);
 
     // Cache each individual config by its membership type
@@ -395,34 +298,9 @@ export async function resolveStorageModuleByFileId(
   // Load all storage modules for this database
   log.debug(`Resolving file ${fileId} across all storage modules for database ${databaseId}`);
 
-  let allConfigs: StorageModuleConfig[];
-
-  if (schemaSupportsMultiScope === false) {
-    // Legacy schema — only one storage module, use the legacy query
-    const result = await pgClient.query({ text: LEGACY_STORAGE_MODULE_QUERY, values: [databaseId] });
-    allConfigs = (result.rows as StorageModuleRow[]).map(buildConfig);
-  } else {
-    try {
-      await pgClient.query({ text: 'SAVEPOINT storage_module_probe' });
-      const result = await pgClient.query({ text: ALL_STORAGE_MODULES_QUERY, values: [databaseId] });
-      await pgClient.query({ text: 'RELEASE SAVEPOINT storage_module_probe' });
-      schemaSupportsMultiScope = true;
-      allConfigs = (result.rows as StorageModuleRow[]).map(buildConfig);
-    } catch (err: any) {
-      if (err.code === '42703' || err.message?.includes('does not exist')) {
-        log.debug('Multi-scope schema not detected during file resolution, falling back');
-        schemaSupportsMultiScope = false;
-        await pgClient.query({ text: 'ROLLBACK TO SAVEPOINT storage_module_probe' });
-        await pgClient.query({ text: 'RELEASE SAVEPOINT storage_module_probe' });
-        const result = await pgClient.query({ text: LEGACY_STORAGE_MODULE_QUERY, values: [databaseId] });
-        allConfigs = (result.rows as StorageModuleRow[]).map(buildConfig);
-      } else {
-        try { await pgClient.query({ text: 'ROLLBACK TO SAVEPOINT storage_module_probe' }); } catch { /* ignore */ }
-        try { await pgClient.query({ text: 'RELEASE SAVEPOINT storage_module_probe' }); } catch { /* ignore */ }
-        throw err;
-      }
-    }
-  }
+  const allConfigs = (await pgClient.query({ text: ALL_STORAGE_MODULES_QUERY, values: [databaseId] })).rows.map(
+    (row: unknown) => buildConfig(row as StorageModuleRow),
+  );
 
   // Probe each module's files table for the fileId
   for (const config of allConfigs) {
@@ -470,13 +348,6 @@ const bucketCache = new LRUCache<string, BucketConfig>({
  * On cache miss, queries the bucket table (RLS-enforced via pgSettings on
  * the pgClient). On cache hit, returns the cached metadata directly.
  *
- * @param pgClient - A pg client from the Graphile context
- * @param storageConfig - The resolved StorageModuleConfig for this database
- * @param databaseId - The metaschema database UUID (used as cache key prefix)
- * @param bucketKey - The bucket key (e.g., "public", "private")
- * @returns BucketConfig or null if the bucket doesn't exist / isn't accessible
- */
-/**
  * @param pgClient - A pg client from the Graphile context
  * @param storageConfig - The resolved StorageModuleConfig for this database/scope
  * @param databaseId - The metaschema database UUID (used as cache key prefix)
@@ -585,7 +456,6 @@ export function clearStorageModuleCache(): void {
   storageModuleCache.clear();
   bucketCache.clear();
   provisionedBuckets.clear();
-  schemaSupportsMultiScope = null;
 }
 
 /**
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
