fixed the buildkey collision minor possibility

Author: Zetazzz

graphile/graphile-multi-tenancy-cache/README.md

@@ -100,7 +100,7 @@ process.on('SIGTERM', async () => {
 | Concept | Meaning |
 |--------|---------|
 | `svc_key` | Request routing key. Used to look up which cached handler the current request should hit. |
-| `buildKey` | Handler identity. Computed from the inputs that materially affect Graphile instance construction. |
+| `buildKey` | Handler identity. A canonical string computed from the inputs that materially affect Graphile instance construction. |
 | `databaseId` | Metadata/flush key. Used to evict all handlers associated with a database. |
 
 ### What goes into the buildKey
@@ -119,6 +119,8 @@ It does **not** include:
 - request host/domain
 - auth tokens or transient headers
 
+The value is stored as a canonical plain-text key rather than a truncated hash, so different build inputs cannot collide onto the same handler key.
+
 Schema order is preserved. `['a', 'b']` and `['b', 'a']` intentionally produce different buildKeys.
 
 ## How the handler cache works

graphile/graphile-multi-tenancy-cache/src/__tests__/buildkey.test.ts

@@ -10,8 +10,6 @@
  *  - shutdown clears all state
  */
 
-import { createHash } from 'node:crypto';
-
 // We test computeBuildKey directly and use mocks for the orchestrator functions
 // that depend on PostGraphile.
 
@@ -51,10 +49,17 @@ describe('computeBuildKey', () => {
     expect(k1).toBe(k2);
   });
 
-  it('should produce a 16-char hex string', () => {
+  it('should produce a canonical JSON string', () => {
     const pool = makeMockPool();
     const key = computeBuildKey(pool, ['public'], 'anon', 'authenticated');
-    expect(key).toMatch(/^[0-9a-f]{16}$/);
+    expect(key).toBe(
+      JSON.stringify({
+        conn: 'localhost:5432/testdb@postgres',
+        schemas: ['public'],
+        anonRole: 'anon',
+        roleName: 'authenticated',
+      }),
+    );
   });
 
   it('should differ when schemas differ', () => {
@@ -651,7 +656,14 @@ describe('connectionString-based pool identity', () => {
     // Some consumers might create pools with explicit fields instead of connectionString
     const pool = { options: { host: 'myhost', port: 5432, database: 'mydb', user: 'myuser' } } as unknown as import('pg').Pool;
     const key = computeBuildKey(pool, ['public'], 'anon', 'auth');
-    expect(key).toMatch(/^[0-9a-f]{16}$/);
+    expect(key).toBe(
+      JSON.stringify({
+        conn: 'myhost:5432/mydb@myuser',
+        schemas: ['public'],
+        anonRole: 'anon',
+        roleName: 'auth',
+      }),
+    );
   });
 });
 

graphile/graphile-multi-tenancy-cache/src/multi-tenancy-cache.ts

@@ -1,8 +1,9 @@
 /**
  * Multi-tenancy cache orchestrator.
  *
- * Caches one independent PostGraphile handler per **buildKey** (derived from
- * the inputs that materially affect Graphile handler construction).
+ * Caches one independent PostGraphile handler per **buildKey** (a canonical
+ * string derived from the inputs that materially affect Graphile handler
+ * construction).
  *
  * Multiple svc_key values with identical build inputs share the same handler.
  * svc_key remains the request routing key and flush targeting key.
@@ -15,7 +16,6 @@
  *   databaseIdToBuildKeys: databaseId → Set<buildKey>
  */
 
-import { createHash } from 'node:crypto';
 import { createServer } from 'node:http';
 import { Logger } from '@pgpmjs/logger';
 import express from 'express';
@@ -54,6 +54,13 @@ export interface MultiTenancyCacheStats {
   inflightCreations: number;
 }
 
+interface BuildKeyParts {
+  conn: string;
+  schemas: string[];
+  anonRole: string;
+  roleName: string;
+}
+
 // --- Internal state ---
 
 /** buildKey → TenantInstance (the real handler cache) */
@@ -163,20 +170,24 @@ function getPoolIdentity(pool: Pool): string {
  *   - svc_key (routing-only)
  *   - databaseId (metadata-only)
  *   - token data, host/domain, transient headers
+ *
+ * The buildKey is intentionally stored as a canonical plain-text string
+ * rather than a truncated hash so there is no collision risk between
+ * different tenant build inputs.
  */
 export function computeBuildKey(
   pool: Pool,
   schemas: string[],
   anonRole: string,
   roleName: string,
 ): string {
-  const input = JSON.stringify({
+  const input: BuildKeyParts = {
     conn: getPoolIdentity(pool),
     schemas,
     anonRole,
     roleName,
-  });
-  return createHash('sha256').update(input).digest('hex').slice(0, 16);
+  };
+  return JSON.stringify(input);
 }
 
 // --- Index management ---