Update database management

Author: max-lt

package.json

@@ -1,6 +1,6 @@
 {
   "name": "openworkers-api",
-  "version": "1.0.4",
+  "version": "1.0.5",
   "license": "MIT",
   "module": "src/index.ts",
   "type": "module",

scripts/generate-types.ts

@@ -36,12 +36,7 @@ import {
   WorkerLanguageSchema
 } from '../src/types/schemas/worker.schema';
 
-import {
-  DatabaseSchema,
-  DatabaseCreateInputSchema,
-  DatabaseRulesSchema,
-  SqlOperationSchema
-} from '../src/types/schemas/database.schema';
+import { DatabaseSchema, DatabaseCreateInputSchema } from '../src/types/schemas/database.schema';
 
 // Schema definitions to generate
 const schemas = [
@@ -83,9 +78,7 @@ const schemas = [
 
   // Database
   { schema: DatabaseSchema, name: 'Database' },
-  { schema: DatabaseCreateInputSchema, name: 'DatabaseCreateInput' },
-  { schema: DatabaseRulesSchema, name: 'DatabaseRules' },
-  { schema: SqlOperationSchema, name: 'SqlOperation' }
+  { schema: DatabaseCreateInputSchema, name: 'DatabaseCreateInput' }
 ];
 
 async function generateTypes() {

src/config/index.ts

@@ -35,11 +35,10 @@ const ConfigSchema = z.object({
   // Postgate (SQL proxy)
   postgate: z.object({
     url: z.string().url().default('http://localhost:6080'),
-    // Admin database (tenant management functions) - mode schema on public
-    adminDatabaseId: uuidLike.default('00000000-0000-0000-0000-000000000000'),
-    // OpenWorkers database (API data) - mode dedicated
-    openworkersDatabaseId: uuidLike,
-    jwtSecret: z.string().min(32, 'POSTGATE_JWT_SECRET must be at least 32 characters')
+    // Admin token (pg_xxx format) - for managing databases and creating tokens
+    adminToken: z.string().regex(/^pg_[a-f0-9]{64}$/, 'POSTGATE_ADMIN_TOKEN must be a valid pg_xxx token'),
+    // OpenWorkers token (pg_xxx format) - for openworkers API database access
+    openworkersToken: z.string().regex(/^pg_[a-f0-9]{64}$/, 'POSTGATE_OPENWORKERS_TOKEN must be a valid pg_xxx token')
   })
 });
 
@@ -68,9 +67,8 @@ function loadConfig(): Config {
     },
     postgate: {
       url: process.env.POSTGATE_URL,
-      adminDatabaseId: process.env.POSTGATE_ADMIN_DATABASE_ID,
-      openworkersDatabaseId: process.env.POSTGATE_OPENWORKERS_DATABASE_ID,
-      jwtSecret: process.env.POSTGATE_JWT_SECRET
+      adminToken: process.env.POSTGATE_ADMIN_TOKEN,
+      openworkersToken: process.env.POSTGATE_OPENWORKERS_TOKEN
     }
   };
 
@@ -102,8 +100,6 @@ function loadConfig(): Config {
   }
 }
 
-console.log('Loading configuration...', process.env.POSTGATE_OPENWORKERS_DATABASE_ID);
-
 // Export singleton config instance
 export const config = loadConfig();
 

src/routes/databases.ts

@@ -79,4 +79,27 @@ databases.delete('/:id', async (c) => {
   }
 });
 
+// POST /databases/:id/token - Regenerate token for database
+databases.post('/:id/token', async (c) => {
+  const userId = c.get('userId');
+  const id = c.req.param('id');
+
+  try {
+    const result = await databasesService.regenerateToken(userId, id);
+
+    if (!result) {
+      return c.json({ error: 'Database not found' }, 404);
+    }
+
+    return c.json({
+      token: result.token,
+      tokenId: result.tokenId,
+      message: 'Store this token securely. It will not be shown again.'
+    });
+  } catch (error) {
+    console.error('Failed to regenerate token:', error);
+    return c.json({ error: 'Failed to regenerate token' }, 500);
+  }
+});
+
 export default databases;

src/services/databases.ts

@@ -1,4 +1,5 @@
 import { createAdminSqlClient } from './db/client';
+import { postgateAdminClient, TENANT_PERMISSIONS } from './postgate';
 import * as db from './db/databases';
 import type { IDatabase, IDatabaseCreateInput } from '../types';
 
@@ -7,35 +8,23 @@ const adminSql = createAdminSqlClient();
 
 interface PostgateDatabaseRow {
   id: string;
-  name: string;
-  schema_name: string | null;
 }
 
 export class DatabasesService {
   /**
    * Create a new tenant database
    * 1. Create entry in postgate_databases (via admin sql)
    * 2. Create entry in openworkers databases table
+   * Token is created later via POST /databases/:id/token
    */
   async create(userId: string, input: IDatabaseCreateInput): Promise<IDatabase> {
-    const { name, allowed_operations, max_rows, timeout_seconds } = input;
+    const { name, desc, max_rows } = input;
 
-    // Generate schema name
-    const schemaName = `tenant_${userId.substring(0, 8)}_${name}`;
-
-    // Build rules JSON
-    const rules = {
-      allowed_operations: allowed_operations || ['SELECT', 'INSERT', 'UPDATE', 'DELETE'],
-      max_rows: max_rows || 1000,
-      timeout_seconds: timeout_seconds || 30
-    };
-
-    // Create in postgate
+    // Create tenant database using PL/pgSQL function (creates schema + entry)
+    // Pass random name to postgate - user's display name stays in openworkers only
     const postgateResult = await adminSql<PostgateDatabaseRow>(
-      `INSERT INTO postgate_databases (name, backend_type, schema_name, rules)
-      VALUES ($1, 'schema', $2, $3::jsonb)
-      RETURNING id, name, schema_name`,
-      [name, schemaName, JSON.stringify(rules)]
+      `SELECT id FROM create_tenant_database($1, $2::integer)`,
+      [crypto.randomUUID(), max_rows || 1000]
     );
 
     if (postgateResult.length === 0) {
@@ -44,14 +33,13 @@ export class DatabasesService {
 
     const postgateDb = postgateResult[0]!;
 
-    // Create in openworkers
-    const owDb = await db.createDatabase(userId, name, postgateDb.id, postgateDb.schema_name);
+    // Create in openworkers (no token yet)
+    const owDb = await db.createDatabase(userId, name, postgateDb.id, desc);
 
     return {
       id: owDb.id,
       name: owDb.name,
-      desc: null,
-      schemaName: owDb.schemaName ?? undefined,
+      desc: owDb.desc,
       createdAt: owDb.createdAt,
       updatedAt: owDb.updatedAt
     };
@@ -66,8 +54,7 @@ export class DatabasesService {
     return rows.map((row) => ({
       id: row.id,
       name: row.name,
-      desc: null,
-      schemaName: row.schemaName ?? undefined,
+      desc: row.desc,
       createdAt: row.createdAt,
       updatedAt: row.updatedAt
     }));
@@ -86,8 +73,7 @@ export class DatabasesService {
     return {
       id: row.id,
       name: row.name,
-      desc: null,
-      schemaName: row.schemaName ?? undefined,
+      desc: row.desc,
       createdAt: row.createdAt,
       updatedAt: row.updatedAt
     };
@@ -106,17 +92,49 @@ export class DatabasesService {
       return false;
     }
 
-    // Delete from postgate
-    await adminSql(
-      `DELETE FROM postgate_databases WHERE id = $1::uuid`,
-      [owDb.postgateId]
-    );
+    // Delete from postgate using PL/pgSQL function (drops schema + deletes entry)
+    await adminSql(`SELECT delete_tenant_database($1::uuid)`, [owDb.postgateId]);
 
     // Delete from openworkers
     const deleted = await db.deleteDatabase(userId, id);
 
     return deleted > 0;
   }
+
+  /**
+   * Regenerate token for a database
+   * 1. Delete existing token (if any)
+   * 2. Create new token via postgate API
+   * 3. Update token_id in openworkers
+   * Returns the new token (shown only once)
+   */
+  async regenerateToken(userId: string, id: string): Promise<{ token: string; tokenId: string } | null> {
+    // Get openworkers entry
+    const owDb = await db.findDatabaseById(userId, id);
+    if (!owDb) {
+      return null;
+    }
+
+    // Delete existing token if there is one
+    if (owDb.tokenId) {
+      try {
+        await postgateAdminClient.deleteToken(owDb.tokenId);
+      } catch {
+        // Token might already be deleted, continue
+      }
+    }
+
+    // Create new token with tenant permissions (DML + DDL)
+    const tokenResponse = await postgateAdminClient.createToken(owDb.postgateId, 'default', TENANT_PERMISSIONS);
+
+    // Update token_id in openworkers
+    await db.updateTokenId(userId, id, tokenResponse.id);
+
+    return {
+      token: tokenResponse.token,
+      tokenId: tokenResponse.id
+    };
+  }
 }
 
 export const databasesService = new DatabasesService();

src/services/db/databases.ts

@@ -3,9 +3,10 @@ import { sql } from './client';
 interface DatabaseRow {
   id: string;
   name: string;
+  desc: string | null;
   userId: string;
   postgateId: string;
-  schemaName: string | null;
+  tokenId: string | null;
   createdAt: Date;
   updatedAt: Date;
 }
@@ -15,9 +16,10 @@ export async function findAllDatabases(userId: string): Promise<DatabaseRow[]> {
     `SELECT
       id,
       name,
+      "desc",
       user_id as "userId",
       postgate_id as "postgateId",
-      schema_name as "schemaName",
+      token_id as "tokenId",
       created_at as "createdAt",
       updated_at as "updatedAt"
     FROM databases
@@ -32,9 +34,10 @@ export async function findDatabaseById(userId: string, id: string): Promise<Data
     `SELECT
       id,
       name,
+      "desc",
       user_id as "userId",
       postgate_id as "postgateId",
-      schema_name as "schemaName",
+      token_id as "tokenId",
       created_at as "createdAt",
       updated_at as "updatedAt"
     FROM databases
@@ -48,20 +51,21 @@ export async function createDatabase(
   userId: string,
   name: string,
   postgateId: string,
-  schemaName: string | null
+  desc?: string | null
 ): Promise<DatabaseRow> {
   const rows = await sql<DatabaseRow>(
-    `INSERT INTO databases (name, user_id, postgate_id, schema_name)
-    VALUES ($1, $2::uuid, $3::uuid, $4)
+    `INSERT INTO databases (name, "desc", user_id, postgate_id)
+    VALUES ($1, $2, $3::uuid, $4::uuid)
     RETURNING
       id,
       name,
+      "desc",
       user_id as "userId",
       postgate_id as "postgateId",
-      schema_name as "schemaName",
+      token_id as "tokenId",
       created_at as "createdAt",
       updated_at as "updatedAt"`,
-    [name, userId, postgateId, schemaName]
+    [name, desc ?? null, userId, postgateId]
   );
   return rows[0]!;
 }
@@ -75,3 +79,14 @@ export async function deleteDatabase(userId: string, id: string): Promise<number
   );
   return result.length;
 }
+
+export async function updateTokenId(userId: string, id: string, tokenId: string): Promise<boolean> {
+  const result = await sql<{ id: string }>(
+    `UPDATE databases
+    SET token_id = $3::uuid, updated_at = NOW()
+    WHERE id = $1::uuid AND user_id = $2::uuid
+    RETURNING id`,
+    [id, userId, tokenId]
+  );
+  return result.length > 0;
+}

src/services/db/sql-client.ts

@@ -49,10 +49,10 @@ function isNamedParams(params: unknown[] | NamedParams): params is NamedParams {
 }
 
 /**
- * Create a Postgate-backed SQL client
+ * Create a Postgate-backed SQL client from a token
  */
-function createPostgateClient(baseUrl: string, jwtSecret: string, databaseId: string): PostgateSqlClient {
-  const client = new PostgateClient(baseUrl, jwtSecret);
+function createPostgateClientFromToken(baseUrl: string, token: string): PostgateSqlClient {
+  const client = new PostgateClient(baseUrl, token);
 
   return async function sql<T = Record<string, unknown>>(
     query: string,
@@ -71,7 +71,7 @@ function createPostgateClient(baseUrl: string, jwtSecret: string, databaseId: st
       }
     }
 
-    const result = await client.query<T>(databaseId, finalQuery, finalParams);
+    const result = await client.query<T>(finalQuery, finalParams);
 
     // Return array-like result with count property
     const rows = result.rows as SqlResult<T>;
@@ -82,18 +82,19 @@ function createPostgateClient(baseUrl: string, jwtSecret: string, databaseId: st
 
 /**
  * Create a SQL client for a specific database via postgate
- * @param databaseId - The database UUID to connect to
+ * @param token - The pg_xxx token for authentication
  */
-export function createSqlClient(databaseId: string): PostgateSqlClient {
-  return createPostgateClient(postgateConfig.url, postgateConfig.jwtSecret, databaseId);
+export function createSqlClient(token: string): PostgateSqlClient {
+  return createPostgateClientFromToken(postgateConfig.url, token);
 }
 
 /**
  * Create a SQL client for the admin database (tenant management)
+ * Uses the admin token from config
  */
 export function createAdminSqlClient(): PostgateSqlClient {
-  return createPostgateClient(postgateConfig.url, postgateConfig.jwtSecret, postgateConfig.adminDatabaseId);
+  return createPostgateClientFromToken(postgateConfig.url, postgateConfig.adminToken);
 }
 
-// Default export: openworkers database client (dedicated mode)
-export const sql = createPostgateClient(postgateConfig.url, postgateConfig.jwtSecret, postgateConfig.openworkersDatabaseId);
+// Default export: openworkers database client (uses openworkers token)
+export const sql = createPostgateClientFromToken(postgateConfig.url, postgateConfig.openworkersToken);