supabase / wrappers / 26991105463
81%

DEFAULT BRANCH: main
Ran
Jobs 1
Files 66
Run time 1min
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
coverage: 80.916% (-0.07%) from 80.987%
26991105463

push

github

web-flow 
feat(wasm): per-request credentials from session variables (#604)

* feat(openapi_fdw): session variable auth override for per-request credentials

Adds `auth_token_setting` and `auth_token_prefix` server options to the
OpenAPI FDW, allowing a Postgres session configuration variable to supply
the authentication credential at query time rather than at server creation.

The credential is resolved via `current_setting(name, true)` each time a
request is made, so a security-definer wrapper function can inject a
per-user or per-transaction token via `set_config(..., true)` before
querying the foreign table. An empty or absent setting is a no-op,
preserving any static credential configured at server level.

Implementation:
- Add `query-setting` to the utils WIT interface (v1 + v2)
- Implement `query_setting()` in supabase-wrappers via SPI
- Wire host binding in wasm_fdw/host/utils.rs (v1 + v2)
- Add `auth_token_setting` / `auth_token_prefix` fields to ServerConfig
- Extract `apply_session_token()` as a pure testable helper
- Apply override in `make_request` before each HTTP call
- Add 15 unit tests covering all override edge cases

* test(openapi_fdw): integration test for session-token injection

Adds a pgrx integration test exercising the auth_token_setting path
end-to-end: with a session GUC unset the FDW injects no Authorization
header, and after set_config(...) the resolved token is sent prefixed.

This is the only runtime coverage of the query-setting host function ->
SPI -> guest round-trip; the existing unit tests only cover the pure
apply_session_token helper in isolation.

- wasm_fdw/tests.rs: new #[pg_test] openapi_session_token_injection
  (negative + positive cases) against the local mock on :8096
- dockerfiles/wasm/server.py: add /whoami route that reflects the
  received Authorization header so the test can assert on it

* fix(openapi_fdw): address review feedback

- apply_session_token: match the authorization header case-insensitively
  so ... (continued)

0 of 9 new or added lines in 1 file covered. (0.0%)

1 existing line in 1 file now uncovered.

9468 of 11701 relevant lines covered (80.92%)

70.17 hits per line

Uncovered Changes

Lines Coverage File
9
81.74
 -2.12% supabase-wrappers/src/utils.rs

Coverage Regressions

Lines Coverage File
1
83.98
 -0.13% wrappers/src/fdw/clickhouse_fdw/clickhouse_fdw.rs
Jobs
ID Job ID Ran Files Coverage
1 26991105463.1 66
80.92
 GitHub Action Run
Source Files on build 26991105463