Use explicit selects and remove sensitive fields from responses

- Replace .selectAll()/.returningAll() with explicit select attributes
- Add reusable helpers: timestampsSelect, resourceSelect
- Use enumToText<T>() for enum compatibility with Postgate HTTP
- Remove sensitive fields from response types:
  - connectionString from DatabaseConfigRow
  - accessKeyId/secretAccessKey from StorageConfigRow
- Remove script from workers list (too large, fetched separately)
- Add select constants for consistency across all db services

Impact: Better performance, improved security, Postgate compatibility

Author: max-lt

package.json

@@ -1,6 +1,6 @@
 {
   "name": "openworkers-api",
-  "version": "1.5.2",
+  "version": "1.5.3",
   "license": "MIT",
   "module": "src/index.ts",
   "type": "module",

src/services/db/auth-tokens.ts

@@ -12,6 +12,8 @@ interface AuthToken {
   createdAt: Date;
 }
 
+const authTokenSelect = ['id', 'userId', 'token', 'type', 'expiresAt', 'createdAt'] as const;
+
 function generateToken(): string {
   const bytes = new Uint8Array(32);
   crypto.getRandomValues(bytes);
@@ -40,7 +42,7 @@ export async function createAuthToken(userId: string, type: TokenType, expiresIn
 export async function findAuthToken(token: string, type: TokenType): Promise<AuthToken | null> {
   const authToken = await kysely
     .selectFrom('authTokens')
-    .selectAll()
+    .select(authTokenSelect)
     .where('token', '=', token)
     .where('type', '=', enumCast(type, 'auth_token_type'))
     .where('expiresAt', '>', now())

src/services/db/crons.ts

@@ -4,19 +4,21 @@ import { sql } from 'kysely';
 import type { ICron } from '../../types';
 import { findWorkerById } from './workers';
 
+const cronSelect = [
+  'crons.id',
+  'crons.value',
+  'crons.workerId',
+  'crons.nextRun',
+  'crons.lastRun',
+  'crons.createdAt',
+  'crons.updatedAt'
+] as const;
+
 export async function findCronById(userId: string, cronId: string): Promise<ICron | null> {
   const cron = await kysely
     .selectFrom('crons')
     .innerJoin('workers', 'crons.workerId', 'workers.id')
-    .select([
-      'crons.id',
-      'crons.value',
-      'crons.workerId',
-      'crons.nextRun',
-      'crons.lastRun',
-      'crons.createdAt',
-      'crons.updatedAt'
-    ])
+    .select(cronSelect)
     .where('crons.id', '=', uuid(cronId))
     .where('workers.userId', '=', uuid(userId))
     .executeTakeFirst();
@@ -38,7 +40,7 @@ export async function createCron(userId: string, workerId: string, value: string
       workerId: uuid(workerId),
       nextRun: timestamptz(nextRun)
     })
-    .returningAll()
+    .returning(cronSelect)
     .executeTakeFirstOrThrow();
 }
 

src/services/db/databases.ts

@@ -1,5 +1,5 @@
 import { kysely } from './kysely-client';
-import { uuid, now, enumCast } from './kysely-helpers';
+import { uuid, now, enumCast, enumToText } from './kysely-helpers';
 import type { DatabaseProvider } from '../../types';
 
 interface DatabaseConfigRow {
@@ -8,18 +8,30 @@ interface DatabaseConfigRow {
   desc: string | null;
   userId: string;
   provider: DatabaseProvider;
-  connectionString: string | null;
   schemaName: string | null;
   maxRows: number;
   timeoutSeconds: number;
   createdAt: Date;
   updatedAt: Date;
 }
 
+const selectAttributes = [
+  'id',
+  'name',
+  'desc',
+  'userId',
+  enumToText<DatabaseProvider>('provider').as('provider'),
+  'schemaName',
+  'maxRows',
+  'timeoutSeconds',
+  'createdAt',
+  'updatedAt'
+] as const;
+
 export async function findAllDatabases(userId: string): Promise<DatabaseConfigRow[]> {
   return kysely
     .selectFrom('databaseConfigs')
-    .selectAll()
+    .select(selectAttributes)
     .where('userId', '=', uuid(userId))
     .orderBy('createdAt', 'desc')
     .execute();
@@ -28,7 +40,7 @@ export async function findAllDatabases(userId: string): Promise<DatabaseConfigRo
 export async function findDatabaseById(userId: string, id: string): Promise<DatabaseConfigRow | null> {
   const row = await kysely
     .selectFrom('databaseConfigs')
-    .selectAll()
+    .select(selectAttributes)
     .where('id', '=', uuid(id))
     .where('userId', '=', uuid(userId))
     .executeTakeFirst();
@@ -39,7 +51,7 @@ export async function findDatabaseById(userId: string, id: string): Promise<Data
 export async function findDatabaseByName(userId: string, name: string): Promise<DatabaseConfigRow | null> {
   const row = await kysely
     .selectFrom('databaseConfigs')
-    .selectAll()
+    .select(selectAttributes)
     .where('name', '=', name)
     .where('userId', '=', uuid(userId))
     .executeTakeFirst();
@@ -67,7 +79,7 @@ export async function createPlatformDatabase(userId: string, input: CreatePlatfo
       maxRows: input.maxRows,
       timeoutSeconds: input.timeoutSeconds
     })
-    .returningAll()
+    .returning(selectAttributes)
     .executeTakeFirstOrThrow();
 }
 
@@ -91,7 +103,7 @@ export async function createPostgresDatabase(userId: string, input: CreatePostgr
       maxRows: input.maxRows,
       timeoutSeconds: input.timeoutSeconds
     })
-    .returningAll()
+    .returning(selectAttributes)
     .executeTakeFirstOrThrow();
 }
 
@@ -136,7 +148,7 @@ export async function updateDatabase(
     .set(updates)
     .where('id', '=', uuid(id))
     .where('userId', '=', uuid(userId))
-    .returningAll()
+    .returning(selectAttributes)
     .executeTakeFirst();
 
   return row ?? null;

src/services/db/domains.ts

@@ -1,19 +1,21 @@
 import { kysely } from './kysely-client';
-import { uuid } from './kysely-helpers';
+import { timestampsSelect, uuid } from './kysely-helpers';
 import type { IDomain } from '../../types';
 import { findWorkerById } from './workers';
 
+const domainSelect = ['workerId', 'userId', 'name', ...timestampsSelect] as const;
+
 export async function findAllDomains(userId: string): Promise<IDomain[]> {
   return kysely
     .selectFrom('domains')
-    .selectAll()
+    .select(domainSelect)
     .where('userId', '=', uuid(userId))
     .orderBy('createdAt', 'desc')
     .execute();
 }
 
 export async function findDomainByName(name: string): Promise<IDomain | null> {
-  const domain = await kysely.selectFrom('domains').selectAll().where('name', '=', name).executeTakeFirst();
+  const domain = await kysely.selectFrom('domains').select(domainSelect).where('name', '=', name).executeTakeFirst();
 
   return domain ?? null;
 }
@@ -32,7 +34,7 @@ export async function createDomain(userId: string, workerId: string, name: strin
       workerId: uuid(workerId),
       userId: uuid(userId)
     })
-    .returningAll()
+    .returning(domainSelect)
     .executeTakeFirstOrThrow();
 }
 
@@ -71,7 +73,7 @@ export async function updateWorkerDomains(userId: string, workerId: string, newD
   // Get current domains for this worker
   const currentDomains = await kysely
     .selectFrom('domains')
-    .selectAll()
+    .select(domainSelect)
     .where('workerId', '=', uuid(workerId))
     .where('userId', '=', uuid(userId))
     .execute();

src/services/db/environments.ts

@@ -1,5 +1,5 @@
 import { kysely } from './kysely-client';
-import { uuid, enumCast } from './kysely-helpers';
+import { uuid, enumCast, resourceSelect } from './kysely-helpers';
 import { sql } from 'kysely';
 import type { IEnvironment, IEnvironmentValue } from '../../types';
 
@@ -14,12 +14,9 @@ interface EnvironmentRow {
   workers: IEnvironment['workers'];
 }
 
-interface EnvironmentValueRow {
-  id: string;
-  key: string;
-  value: string;
-  type: string;
-}
+const environmentSelect = [...resourceSelect] as const;
+
+const environmentValueSelect = ['id', 'key', 'value', 'type'] as const;
 
 // Environments
 export async function findAllEnvironments(userId: string): Promise<IEnvironment[]> {
@@ -142,7 +139,7 @@ export async function createEnvironment(userId: string, name: string, desc?: str
       desc: desc ?? null,
       userId: uuid(userId)
     })
-    .returning(['id', 'name', 'desc', 'userId', 'createdAt', 'updatedAt'])
+    .returning(environmentSelect)
     .executeTakeFirstOrThrow();
 
   // Return with empty values and workers arrays
@@ -175,7 +172,7 @@ export async function updateEnvironment(
     .set(updateData)
     .where('id', '=', uuid(envId))
     .where('userId', '=', uuid(userId))
-    .returning(['id', 'name', 'desc', 'userId', 'createdAt', 'updatedAt'])
+    .returning(environmentSelect)
     .executeTakeFirst();
 
   if (!env) return null;
@@ -216,7 +213,7 @@ export async function createEnvironmentValue(
       environmentId: uuid(envId),
       userId: uuid(userId)
     })
-    .returningAll()
+    .returning(environmentValueSelect)
     .executeTakeFirstOrThrow();
 }
 
@@ -242,7 +239,7 @@ export async function updateEnvironmentValue(
   if (Object.keys(updateData).length === 0) {
     const full = await kysely
       .selectFrom('environmentValues')
-      .selectAll()
+      .select(environmentValueSelect)
       .where('id', '=', uuid(valId))
       .executeTakeFirst();
     return full ?? null;
@@ -253,7 +250,7 @@ export async function updateEnvironmentValue(
     .set(updateData)
     .where('id', '=', uuid(valId))
     .where('userId', '=', uuid(userId))
-    .returningAll()
+    .returning(environmentValueSelect)
     .executeTakeFirst();
 
   return val ?? null;

src/services/db/kv.ts

@@ -10,10 +10,12 @@ export interface KvNamespaceRow {
   updatedAt: Date;
 }
 
+const kvNamespaceSelect = ['id', 'name', 'desc', 'createdAt', 'updatedAt'] as const;
+
 export async function findAllKvNamespaces(userId: string): Promise<KvNamespaceRow[]> {
   return kysely
     .selectFrom('kvConfigs')
-    .select(['id', 'name', 'desc', 'createdAt', 'updatedAt'])
+    .select(kvNamespaceSelect)
     .where('userId', '=', uuid(userId))
     .orderBy('createdAt', 'desc')
     .execute();
@@ -22,7 +24,7 @@ export async function findAllKvNamespaces(userId: string): Promise<KvNamespaceRo
 export async function findKvNamespaceById(userId: string, id: string): Promise<KvNamespaceRow | null> {
   const result = await kysely
     .selectFrom('kvConfigs')
-    .select(['id', 'name', 'desc', 'createdAt', 'updatedAt'])
+    .select(kvNamespaceSelect)
     .where('userId', '=', uuid(userId))
     .where('id', '=', uuid(id))
     .executeTakeFirst();
@@ -33,7 +35,7 @@ export async function findKvNamespaceById(userId: string, id: string): Promise<K
 export async function findKvNamespaceByName(userId: string, name: string): Promise<KvNamespaceRow | null> {
   const result = await kysely
     .selectFrom('kvConfigs')
-    .select(['id', 'name', 'desc', 'createdAt', 'updatedAt'])
+    .select(kvNamespaceSelect)
     .where('userId', '=', uuid(userId))
     .where('name', '=', name)
     .executeTakeFirst();
@@ -49,7 +51,7 @@ export async function createKvNamespace(userId: string, name: string, desc?: str
       name,
       desc: desc ?? null
     })
-    .returning(['id', 'name', 'desc', 'createdAt', 'updatedAt'])
+    .returning(kvNamespaceSelect)
     .executeTakeFirstOrThrow();
 }
 
@@ -75,7 +77,7 @@ export async function updateKvNamespace(
     .set(updates)
     .where('userId', '=', uuid(userId))
     .where('id', '=', uuid(id))
-    .returning(['id', 'name', 'desc', 'createdAt', 'updatedAt'])
+    .returning(kvNamespaceSelect)
     .executeTakeFirst();
 
   return result ?? null;
@@ -112,6 +114,8 @@ export interface KvDataRow {
   updatedAt: Date;
 }
 
+const kvDataSelect = ['key', 'value', 'expiresAt', 'createdAt', 'updatedAt'] as const;
+
 export interface KvDataListResult {
   items: KvDataRow[];
   cursor: string | null;
@@ -126,7 +130,7 @@ export async function listKvData(
 
   let query = kysely
     .selectFrom('kvData')
-    .selectAll()
+    .select(kvDataSelect)
     .where('namespaceId', '=', uuid(namespaceId))
     .where((eb) => eb.or([eb('expiresAt', 'is', null), eb('expiresAt', '>', now())]));
 
@@ -173,7 +177,7 @@ export async function putKvData(
         updatedAt: now()
       })
     )
-    .returningAll()
+    .returning(kvDataSelect)
     .executeTakeFirstOrThrow();
 }
 

src/services/db/kysely-helpers.ts

@@ -1,6 +1,9 @@
 import { sql } from 'kysely';
 import type { RawBuilder } from 'kysely';
 
+export const timestampsSelect = ['createdAt', 'updatedAt'] as const;
+export const resourceSelect = ['id', 'name', 'desc', 'userId', ...timestampsSelect] as const;
+
 /**
  * Cast value to UUID type for Postgate
  * @example