feat: Add delete, drop, insert, truncate, update

2025-11-06 00:54:41 +01:00
parent e884c77c31
commit cd757c80f5
17 changed files with 600 additions and 31 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,2 @@
 example/
-example.json
+example*.json
--- a/README.md
+++ b/README.md
@@ -8,25 +8,30 @@ Generate a PostgreSQL schema from a defined JSON schema.

 ## Features

- Primary key
- Unique
- Not null
- Default
- References
- Comment
- Algorithm
+- DDL generation
+- DML generation
+- Data validation
+- Hashing support for sensitive data
+- SQL injection protection

-## Data Types
+## Supported Data Types
+- string
+- int
+- float
+- bool
+- date
+- time
+- datetime
+- uuid
+- json
+- hash

- VARCHAR
- INTEGER
- FLOAT
- BOOLEAN
- DATE
- TIME
- TIMESTAMP
- UUID
- JSONB
+## Supported Hashing Algorithms
+- argon2
+- bcrypt
+- md5
+- sha256
+- sha512

 ## Example

--- a/build/create.go
+++ b/build/create.go
@@ -5,13 +5,18 @@ import (
 	"strings"

 	"git.secnex.io/secnex/pgson/schema"
+	"git.secnex.io/secnex/pgson/utils"
 )

-func Create(s *schema.Table) (string, error) {
+func CreateSQL(s *schema.Table) (string, error) {
 	schemaParts := make([]string, len(s.Schema))
 	for i, field := range s.Schema {
 		schemaParts[i] = field.SQL()
 	}
-	query := fmt.Sprintf("CREATE TABLE %s (%s)", s.Name, strings.Join(schemaParts, ",\n"))
+
+	schemaParts = append(schemaParts, "\"created_at\" TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP")
+	schemaParts = append(schemaParts, "\"updated_at\" TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP")
+	schemaParts = append(schemaParts, "\"deleted_at\" TIMESTAMP NULL")
+	query := fmt.Sprintf("CREATE TABLE IF NOT EXISTS %s (%s)", utils.SQLQuoteIdent(s.Name), strings.Join(schemaParts, ", "))
 	return query, nil
 }
--- a/build/delete.go
+++ b/build/delete.go
@@ -0,0 +1,16 @@
+package build
+
+import (
+	"fmt"
+
+	"git.secnex.io/secnex/pgson/schema"
+	"git.secnex.io/secnex/pgson/utils"
+)
+
+func DeleteSQL(s *schema.Table, where string) (string, error) {
+	return fmt.Sprintf("UPDATE %s SET deleted_at = CURRENT_TIMESTAMP WHERE %s = %s", utils.SQLQuoteIdent(s.Name), utils.SQLQuoteIdent(s.PrimaryKey), utils.SQLQuoteValue(where)), nil
+}
+
+func HardDeleteSQL(s *schema.Table, where string) (string, error) {
+	return fmt.Sprintf("DELETE FROM %s WHERE %s = %s", utils.SQLQuoteIdent(s.Name), utils.SQLQuoteIdent(s.PrimaryKey), utils.SQLQuoteValue(where)), nil
+}
--- a/build/drop.go
+++ b/build/drop.go
@@ -0,0 +1,12 @@
+package build
+
+import (
+	"fmt"
+
+	"git.secnex.io/secnex/pgson/schema"
+	"git.secnex.io/secnex/pgson/utils"
+)
+
+func DropSQL(s *schema.Table) (string, error) {
+	return fmt.Sprintf("DROP TABLE IF EXISTS %s", utils.SQLQuoteIdent(s.Name)), nil
+}
--- a/build/insert.go
+++ b/build/insert.go
@@ -0,0 +1,56 @@
+package build
+
+import (
+	"fmt"
+	"strings"
+
+	"git.secnex.io/secnex/pgson/schema"
+	"git.secnex.io/secnex/pgson/utils"
+)
+
+func InsertManySQL(s *schema.Table, data []map[string]any) (string, error) {
+	// Keep unquoted column names for data access
+	columnNames := make([]string, 0, len(data[0]))
+	for column := range data[0] {
+		columnNames = append(columnNames, column)
+	}
+
+	// Create quoted column names for SQL
+	columns := make([]string, len(columnNames))
+	for i, col := range columnNames {
+		columns[i] = utils.SQLQuoteIdent(col)
+	}
+
+	// Create a map for quick field lookup
+	fieldMap := make(map[string]*schema.Field)
+	for i := range s.Schema {
+		fieldMap[s.Schema[i].Name] = &s.Schema[i]
+	}
+
+	values := make([]string, len(data))
+	for i, row := range data {
+		rowValues := make([]string, len(columnNames))
+		for j, colName := range columnNames {
+			value := row[colName]
+
+			if field, exists := fieldMap[colName]; exists && field.Type == "hash" && field.Algorithm != nil {
+				valueStr := fmt.Sprintf("%v", value)
+				hashed, err := utils.Hash(valueStr, *field.Algorithm)
+				if err != nil {
+					return "", err
+				}
+				value = hashed
+			}
+
+			rowValues[j] = utils.SQLQuoteValue(value)
+		}
+		values[i] = fmt.Sprintf("(%s)", strings.Join(rowValues, ", "))
+	}
+
+	query := fmt.Sprintf("INSERT INTO %s (%s) VALUES %s", utils.SQLQuoteIdent(s.Name), strings.Join(columns, ", "), strings.Join(values, ", "))
+	return query, nil
+}
+
+func InsertSQL(s *schema.Table, data map[string]any) (string, error) {
+	return InsertManySQL(s, []map[string]any{data})
+}
--- a/build/truncate.go
+++ b/build/truncate.go
@@ -0,0 +1,19 @@
+package build
+
+import (
+	"fmt"
+
+	"git.secnex.io/secnex/pgson/schema"
+	"git.secnex.io/secnex/pgson/utils"
+)
+
+func TruncateSQL(s *schema.Table, cascade bool, restartIdentity bool) (string, error) {
+	query := fmt.Sprintf("TRUNCATE TABLE %s", utils.SQLQuoteIdent(s.Name))
+	if cascade {
+		query += " CASCADE"
+	}
+	if restartIdentity {
+		query += " RESTART IDENTITY"
+	}
+	return query, nil
+}
--- a/build/update.go
+++ b/build/update.go
@@ -0,0 +1,33 @@
+package build
+
+import (
+	"fmt"
+	"strings"
+
+	"git.secnex.io/secnex/pgson/schema"
+	"git.secnex.io/secnex/pgson/utils"
+)
+
+func UpdateSQL(s *schema.Table, data map[string]any, where string) (string, error) {
+	// Create a map for quick field lookup
+	fieldMap := make(map[string]*schema.Field)
+	for i := range s.Schema {
+		fieldMap[s.Schema[i].Name] = &s.Schema[i]
+	}
+
+	setClause := make([]string, 0, len(data))
+	for field, value := range data {
+		// Check if field is of type "hash" and needs hashing
+		if schemaField, exists := fieldMap[field]; exists && schemaField.Type == "hash" && schemaField.Algorithm != nil {
+			valueStr := fmt.Sprintf("%v", value)
+			hashed, err := utils.Hash(valueStr, *schemaField.Algorithm)
+			if err != nil {
+				return "", err
+			}
+			value = hashed
+		}
+		setClause = append(setClause, fmt.Sprintf("%s = %s", utils.SQLQuoteIdent(field), utils.SQLQuoteValue(value)))
+	}
+	setClause = append(setClause, "updated_at = CURRENT_TIMESTAMP")
+	return fmt.Sprintf("UPDATE %s SET %s WHERE %s = %s", utils.SQLQuoteIdent(s.Name), strings.Join(setClause, ", "), utils.SQLQuoteIdent(s.PrimaryKey), utils.SQLQuoteValue(where)), nil
+}
--- a/go.mod
+++ b/go.mod
@@ -1,3 +1,7 @@
 module git.secnex.io/secnex/pgson

 go 1.25.3
+
+require golang.org/x/crypto v0.43.0
+
+require golang.org/x/sys v0.37.0 // indirect
--- a/go.sum
+++ b/go.sum
@@ -0,0 +1,4 @@
+golang.org/x/crypto v0.43.0 h1:dduJYIi3A3KOfdGOHX8AVZ/jGiyPa3IbBozJ5kNuE04=
+golang.org/x/crypto v0.43.0/go.mod h1:BFbav4mRNlXJL4wNeejLpWxB7wMbc79PdRGhWKncxR0=
+golang.org/x/sys v0.37.0 h1:fdNQudmxPjkdUTPnLn5mdQv7Zwvbvpaxqs831goi9kQ=
+golang.org/x/sys v0.37.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
--- a/pgson.go
+++ b/pgson.go
@@ -4,6 +4,7 @@ import (
 	"os"

 	"git.secnex.io/secnex/pgson/schema"
+	"git.secnex.io/secnex/pgson/utils"
 )

 func NewSchemaFromFile(path string) (*schema.Table, error) {
@@ -17,3 +18,7 @@ func NewSchemaFromFile(path string) (*schema.Table, error) {
 func NewSchema(json []byte) (*schema.Table, error) {
 	return schema.NewTable(json)
 }
+
+func ReadJsonFileToMap(path string) ([]map[string]any, error) {
+	return utils.ReadJsonFileToMap(path)
+}
--- a/query.go
+++ b/query.go
@@ -5,9 +5,37 @@ import (
 	"git.secnex.io/secnex/pgson/schema"
 )

-func CreateSQL(s *schema.Table) (string, error) {
+func Create(s *schema.Table) (string, error) {
 	if err := s.Validate(); err != nil {
 		return "", err
 	}
-	return build.Create(s)
+	return build.CreateSQL(s)
+}
+
+func Drop(s *schema.Table) (string, error) {
+	return build.DropSQL(s)
+}
+
+func InsertMany(s *schema.Table, data []map[string]any) (string, error) {
+	return build.InsertManySQL(s, data)
+}
+
+func Insert(s *schema.Table, data map[string]any) (string, error) {
+	return build.InsertSQL(s, data)
+}
+
+func Update(s *schema.Table, data map[string]any, where string) (string, error) {
+	return build.UpdateSQL(s, data, where)
+}
+
+func Delete(s *schema.Table, where string) (string, error) {
+	return build.DeleteSQL(s, where)
+}
+
+func HardDelete(s *schema.Table, where string) (string, error) {
+	return build.HardDeleteSQL(s, where)
+}
+
+func Truncate(s *schema.Table, cascade bool, restartIdentity bool) (string, error) {
+	return build.TruncateSQL(s, cascade, restartIdentity)
 }
--- a/schema/check.go
+++ b/schema/check.go
@@ -1,9 +1,51 @@
 package schema

+import (
+	"fmt"
+	"slices"
+)
+
 var (
 	requiredAttributes = [2]string{"name", "type"}
+	onlySupportedTypes = []string{"string", "int", "float", "bool", "date", "time", "datetime", "uuid", "json", "hash"}
 )

-func (t *Table) Validate() error {
+func ValidateField(field *Field) error {
+	if err := ValidateHashAlgorithm(field); err != nil {
+		return err
+	}
+	return ValidateFieldType(field)
+}
+
+func ValidateFieldType(field *Field) error {
+	if !slices.Contains(onlySupportedTypes, field.Type) {
+		return fmt.Errorf("unsupported type: %s", field.Type)
+	}
+	return nil
+}
+
+func ValidateHashAlgorithm(field *Field) error {
+	if field.Type != "hash" {
+		return nil
+	}
+	if field.Algorithm == nil {
+		return fmt.Errorf("algorithm is required for hash field")
+	}
+	var hashAlgorithms = []string{"argon2", "bcrypt", "md5", "sha256", "sha512"}
+	for _, algorithm := range hashAlgorithms {
+		if *field.Algorithm == algorithm {
+			return nil
+		}
+	}
+	return fmt.Errorf("unsupported hash algorithm: %s", *field.Algorithm)
+}
+
+func (t *Table) Validate() error {
+	for _, field := range t.Schema {
+		err := ValidateField(&field)
+		if err != nil {
+			return err
+		}
+	}
 	return nil
 }
--- a/schema/table.go
+++ b/schema/table.go
@@ -3,11 +3,14 @@ package schema
 import (
 	"encoding/json"
 	"fmt"
+
+	"git.secnex.io/secnex/pgson/utils"
 )

 type Table struct {
-	Name   string  `json:"table"`
-	Schema []Field `json:"schema"`
+	Name       string  `json:"table"`
+	PrimaryKey string  `json:"primary_key"`
+	Schema     []Field `json:"schema"`
 }

 type Field struct {
@@ -25,8 +28,8 @@ type Field struct {
 type Reference struct {
 	Table    string `json:"table"`
 	Column   string `json:"column"`
-	OnDelete string `json:"onDelete"`
-	OnUpdate string `json:"onUpdate"`
+	OnDelete string `json:"on_delete"`
+	OnUpdate string `json:"on_update"`
 }

 // Mapping of field types to SQL types
@@ -57,11 +60,13 @@ func (t *Table) JSON() ([]byte, error) {
 }

 func (f *Field) SQL() string {
+	quotedName := utils.SQLQuoteIdent(f.Name)
 	sqlType := fieldTypeToSQLType[f.Type]
 	if sqlType == "" {
 		return ""
 	}
-	sql := fmt.Sprintf("%s %s", f.Name, sqlType)
+
+	sql := fmt.Sprintf("%s %s", quotedName, sqlType)
 	if f.Nullable != nil && !*f.Nullable {
 		sql += " NOT NULL"
 	}
@@ -75,10 +80,10 @@ func (f *Field) SQL() string {
 		sql += " UNIQUE"
 	}
 	if f.Default != nil && f.Primary == nil {
-		sql += fmt.Sprintf(" DEFAULT %s", *f.Default)
+		sql += fmt.Sprintf(" DEFAULT %s", utils.SQLQuoteValue(*f.Default))
 	}
 	if f.References != nil {
-		sql += fmt.Sprintf(" REFERENCES %s(%s)", f.References.Table, f.References.Column)
+		sql += fmt.Sprintf(" REFERENCES %s(%s)", utils.SQLQuoteIdent(f.References.Table), utils.SQLQuoteIdent(f.References.Column))
 		if f.References.OnDelete != "" {
 			sql += fmt.Sprintf(" ON DELETE %s", f.References.OnDelete)
 		}
@@ -93,5 +98,5 @@ func (f *Field) SQLReferences() string {
 	if f.References == nil {
 		return ""
 	}
-	return fmt.Sprintf(" REFERENCES %s(%s)", f.References.Table, f.References.Column)
+	return fmt.Sprintf(" REFERENCES %s(%s)", utils.SQLQuoteIdent(f.References.Table), utils.SQLQuoteIdent(f.References.Column))
 }
--- a/utils/hash.go
+++ b/utils/hash.go
@@ -0,0 +1,281 @@
+package utils
+
+import (
+	"crypto/md5"
+	"crypto/rand"
+	"crypto/sha256"
+	"crypto/sha512"
+	"crypto/subtle"
+	"encoding/base64"
+	"fmt"
+	"strings"
+
+	"golang.org/x/crypto/argon2"
+	"golang.org/x/crypto/bcrypt"
+)
+
+const (
+	argon2Time    = 3
+	argon2Memory  = 64 * 1024
+	argon2Threads = 4
+	argon2KeyLen  = 32
+	saltLength    = 16
+)
+
+func Hash(password string, algorithm string) (string, error) {
+	switch algorithm {
+	case "argon2":
+		return Argon2Hash(password)
+	case "bcrypt":
+		return BcryptHash(password)
+	case "md5":
+		return MD5Hash(password)
+	case "sha256":
+		return SHA256Hash(password)
+	case "sha512":
+		return SHA512Hash(password)
+	default:
+		return "", fmt.Errorf("unsupported hash algorithm: %s", algorithm)
+	}
+}
+
+func Verify(password, encodedHash string, algorithm string) (bool, error) {
+	switch algorithm {
+	case "argon2":
+		return Argon2Verify(password, encodedHash)
+	case "bcrypt":
+		return BcryptVerify(password, encodedHash)
+	case "md5":
+		return MD5Verify(password, encodedHash)
+	case "sha256":
+		return SHA256Verify(password, encodedHash)
+	case "sha512":
+		return SHA512Verify(password, encodedHash)
+	default:
+		return false, fmt.Errorf("unsupported hash algorithm: %s", algorithm)
+	}
+}
+func Argon2Hash(password string) (string, error) {
+	salt := make([]byte, saltLength)
+	if _, err := rand.Read(salt); err != nil {
+		return "", err
+	}
+
+	hash := argon2.IDKey([]byte(password), salt, argon2Time, argon2Memory, argon2Threads, argon2KeyLen)
+
+	b64Salt := base64.RawStdEncoding.EncodeToString(salt)
+	b64Hash := base64.RawStdEncoding.EncodeToString(hash)
+
+	encodedHash := fmt.Sprintf("$argon2id$v=%d$m=%d,t=%d,p=%d$%s$%s",
+		argon2.Version, argon2Memory, argon2Time, argon2Threads, b64Salt, b64Hash)
+
+	return encodedHash, nil
+}
+
+// Verify compares a password with an Argon2id hash
+func Argon2Verify(password, encodedHash string) (bool, error) {
+	parts := strings.Split(encodedHash, "$")
+	if len(parts) != 6 {
+		return false, fmt.Errorf("invalid hash format")
+	}
+
+	if parts[1] != "argon2id" {
+		return false, fmt.Errorf("unsupported hash algorithm")
+	}
+
+	var version int
+	_, err := fmt.Sscanf(parts[2], "v=%d", &version)
+	if err != nil {
+		return false, err
+	}
+	if version != argon2.Version {
+		return false, fmt.Errorf("incompatible version")
+	}
+
+	var memory, time uint32
+	var threads uint8
+	_, err = fmt.Sscanf(parts[3], "m=%d,t=%d,p=%d", &memory, &time, &threads)
+	if err != nil {
+		return false, err
+	}
+
+	salt, err := base64.RawStdEncoding.DecodeString(parts[4])
+	if err != nil {
+		return false, err
+	}
+
+	hash, err := base64.RawStdEncoding.DecodeString(parts[5])
+	if err != nil {
+		return false, err
+	}
+
+	otherHash := argon2.IDKey([]byte(password), salt, time, memory, threads, uint32(len(hash)))
+
+	if subtle.ConstantTimeCompare(hash, otherHash) == 1 {
+		return true, nil
+	}
+
+	return false, nil
+}
+
+// BcryptHash generates a bcrypt hash of the password
+func BcryptHash(password string) (string, error) {
+	hash, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
+	if err != nil {
+		return "", err
+	}
+	return string(hash), nil
+}
+
+// BcryptVerify compares a password with a bcrypt hash
+func BcryptVerify(password, encodedHash string) (bool, error) {
+	err := bcrypt.CompareHashAndPassword([]byte(encodedHash), []byte(password))
+	if err != nil {
+		return false, nil
+	}
+	return true, nil
+}
+
+// MD5Hash generates an MD5 hash with salt
+func MD5Hash(password string) (string, error) {
+	salt := make([]byte, saltLength)
+	if _, err := rand.Read(salt); err != nil {
+		return "", err
+	}
+
+	hasher := md5.New()
+	hasher.Write(salt)
+	hasher.Write([]byte(password))
+	hash := hasher.Sum(nil)
+
+	b64Salt := base64.RawStdEncoding.EncodeToString(salt)
+	b64Hash := base64.RawStdEncoding.EncodeToString(hash)
+
+	encodedHash := fmt.Sprintf("$md5$%s$%s", b64Salt, b64Hash)
+	return encodedHash, nil
+}
+
+// MD5Verify compares a password with an MD5 hash
+func MD5Verify(password, encodedHash string) (bool, error) {
+	parts := strings.Split(encodedHash, "$")
+	if len(parts) != 4 || parts[1] != "md5" {
+		return false, fmt.Errorf("invalid hash format")
+	}
+
+	salt, err := base64.RawStdEncoding.DecodeString(parts[2])
+	if err != nil {
+		return false, err
+	}
+
+	hash, err := base64.RawStdEncoding.DecodeString(parts[3])
+	if err != nil {
+		return false, err
+	}
+
+	hasher := md5.New()
+	hasher.Write(salt)
+	hasher.Write([]byte(password))
+	otherHash := hasher.Sum(nil)
+
+	if subtle.ConstantTimeCompare(hash, otherHash) == 1 {
+		return true, nil
+	}
+
+	return false, nil
+}
+
+// SHA256Hash generates a SHA256 hash with salt
+func SHA256Hash(password string) (string, error) {
+	salt := make([]byte, saltLength)
+	if _, err := rand.Read(salt); err != nil {
+		return "", err
+	}
+
+	hasher := sha256.New()
+	hasher.Write(salt)
+	hasher.Write([]byte(password))
+	hash := hasher.Sum(nil)
+
+	b64Salt := base64.RawStdEncoding.EncodeToString(salt)
+	b64Hash := base64.RawStdEncoding.EncodeToString(hash)
+
+	encodedHash := fmt.Sprintf("$sha256$%s$%s", b64Salt, b64Hash)
+	return encodedHash, nil
+}
+
+// SHA256Verify compares a password with a SHA256 hash
+func SHA256Verify(password, encodedHash string) (bool, error) {
+	parts := strings.Split(encodedHash, "$")
+	if len(parts) != 4 || parts[1] != "sha256" {
+		return false, fmt.Errorf("invalid hash format")
+	}
+
+	salt, err := base64.RawStdEncoding.DecodeString(parts[2])
+	if err != nil {
+		return false, err
+	}
+
+	hash, err := base64.RawStdEncoding.DecodeString(parts[3])
+	if err != nil {
+		return false, err
+	}
+
+	hasher := sha256.New()
+	hasher.Write(salt)
+	hasher.Write([]byte(password))
+	otherHash := hasher.Sum(nil)
+
+	if subtle.ConstantTimeCompare(hash, otherHash) == 1 {
+		return true, nil
+	}
+
+	return false, nil
+}
+
+// SHA512Hash generates a SHA512 hash with salt
+func SHA512Hash(password string) (string, error) {
+	salt := make([]byte, saltLength)
+	if _, err := rand.Read(salt); err != nil {
+		return "", err
+	}
+
+	hasher := sha512.New()
+	hasher.Write(salt)
+	hasher.Write([]byte(password))
+	hash := hasher.Sum(nil)
+
+	b64Salt := base64.RawStdEncoding.EncodeToString(salt)
+	b64Hash := base64.RawStdEncoding.EncodeToString(hash)
+
+	encodedHash := fmt.Sprintf("$sha512$%s$%s", b64Salt, b64Hash)
+	return encodedHash, nil
+}
+
+// SHA512Verify compares a password with a SHA512 hash
+func SHA512Verify(password, encodedHash string) (bool, error) {
+	parts := strings.Split(encodedHash, "$")
+	if len(parts) != 4 || parts[1] != "sha512" {
+		return false, fmt.Errorf("invalid hash format")
+	}
+
+	salt, err := base64.RawStdEncoding.DecodeString(parts[2])
+	if err != nil {
+		return false, err
+	}
+
+	hash, err := base64.RawStdEncoding.DecodeString(parts[3])
+	if err != nil {
+		return false, err
+	}
+
+	hasher := sha512.New()
+	hasher.Write(salt)
+	hasher.Write([]byte(password))
+	otherHash := hasher.Sum(nil)
+
+	if subtle.ConstantTimeCompare(hash, otherHash) == 1 {
+		return true, nil
+	}
+
+	return false, nil
+}
--- a/utils/json.go
+++ b/utils/json.go
@@ -0,0 +1,23 @@
+package utils
+
+import (
+	"encoding/json"
+	"os"
+)
+
+func JsonToMap(j []byte) ([]map[string]any, error) {
+	var data []map[string]any
+	err := json.Unmarshal(j, &data)
+	if err != nil {
+		return nil, err
+	}
+	return data, nil
+}
+
+func ReadJsonFileToMap(path string) ([]map[string]any, error) {
+	data, err := os.ReadFile(path)
+	if err != nil {
+		return nil, err
+	}
+	return JsonToMap(data)
+}
--- a/utils/sql.go
+++ b/utils/sql.go
@@ -0,0 +1,31 @@
+package utils
+
+import (
+	"fmt"
+	"strings"
+)
+
+func SQLQuoteIdent(id string) string {
+	return `"` + strings.ReplaceAll(id, `"`, `""`) + `"`
+}
+
+func SQLQuoteValue(value any) string {
+	switch v := value.(type) {
+	case string:
+		// Escape single quotes by doubling them (PostgreSQL standard)
+		escaped := strings.ReplaceAll(v, "'", "''")
+		return fmt.Sprintf("'%s'", escaped)
+	case int, int8, int16, int32, int64, uint, uint8, uint16, uint32, uint64:
+		return fmt.Sprintf("%v", value)
+	case float32, float64:
+		return fmt.Sprintf("%v", value)
+	case bool:
+		return fmt.Sprintf("%v", value)
+	case nil:
+		return "NULL"
+	}
+	// For unknown types, convert to string and escape
+	str := fmt.Sprintf("%v", value)
+	escaped := strings.ReplaceAll(str, "'", "''")
+	return fmt.Sprintf("'%s'", escaped)
+}