SecNex/pgson
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 2 Wiki Activity

feat: Add delete, drop, insert, truncate, update

Browse Source
This commit is contained in:
Björn Benouarets
2025-11-06 00:54:41 +01:00
parent e884c77c31
commit cd757c80f5
17 changed files with 600 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@@ -1,2 +1,2 @@
example/ example/
example.json example*.json

39
README.md
View File

@@ -8,25 +8,30 @@ Generate a PostgreSQL schema from a defined JSON schema.
## Features ## Features
- Primary key - DDL generation
- Unique - DML generation
- Not null - Data validation
- Default - Hashing support for sensitive data
- References - SQL injection protection
- Comment
- Algorithm
## Data Types ## Supported Data Types
- string
- int
- float
- bool
- date
- time
- datetime
- uuid
- json
- hash
- VARCHAR ## Supported Hashing Algorithms
- INTEGER - argon2
- FLOAT - bcrypt
- BOOLEAN - md5
- DATE - sha256
- TIME - sha512
- TIMESTAMP
- UUID
- JSONB
## Example ## Example

9
build/create.go
View File

@@ -5,13 +5,18 @@ import (
"strings" "strings"
"git.secnex.io/secnex/pgson/schema" "git.secnex.io/secnex/pgson/schema"
"git.secnex.io/secnex/pgson/utils"
) )
func Create(s *schema.Table) (string, error) { func CreateSQL(s *schema.Table) (string, error) {
schemaParts := make([]string, len(s.Schema)) schemaParts := make([]string, len(s.Schema))
for i, field := range s.Schema { for i, field := range s.Schema {
schemaParts[i] = field.SQL() schemaParts[i] = field.SQL()
} }
query := fmt.Sprintf("CREATE TABLE %s (%s)", s.Name, strings.Join(schemaParts, ",\n"))
schemaParts = append(schemaParts, "\"created_at\" TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP")
schemaParts = append(schemaParts, "\"updated_at\" TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP")
schemaParts = append(schemaParts, "\"deleted_at\" TIMESTAMP NULL")
query := fmt.Sprintf("CREATE TABLE IF NOT EXISTS %s (%s)", utils.SQLQuoteIdent(s.Name), strings.Join(schemaParts, ", "))
return query, nil return query, nil
} }

16
build/delete.go Normal file
View File

@@ -0,0 +1,16 @@
package build
import (
"fmt"
"git.secnex.io/secnex/pgson/schema"
"git.secnex.io/secnex/pgson/utils"
)
func DeleteSQL(s *schema.Table, where string) (string, error) {
return fmt.Sprintf("UPDATE %s SET deleted_at = CURRENT_TIMESTAMP WHERE %s = %s", utils.SQLQuoteIdent(s.Name), utils.SQLQuoteIdent(s.PrimaryKey), utils.SQLQuoteValue(where)), nil
}
func HardDeleteSQL(s *schema.Table, where string) (string, error) {
return fmt.Sprintf("DELETE FROM %s WHERE %s = %s", utils.SQLQuoteIdent(s.Name), utils.SQLQuoteIdent(s.PrimaryKey), utils.SQLQuoteValue(where)), nil
}

12
build/drop.go Normal file
View File

@@ -0,0 +1,12 @@
package build
import (
"fmt"
"git.secnex.io/secnex/pgson/schema"
"git.secnex.io/secnex/pgson/utils"
)
func DropSQL(s *schema.Table) (string, error) {
return fmt.Sprintf("DROP TABLE IF EXISTS %s", utils.SQLQuoteIdent(s.Name)), nil
}

56
build/insert.go Normal file
View File

@@ -0,0 +1,56 @@
package build
import (
"fmt"
"strings"
"git.secnex.io/secnex/pgson/schema"
"git.secnex.io/secnex/pgson/utils"
)
func InsertManySQL(s *schema.Table, data []map[string]any) (string, error) {
// Keep unquoted column names for data access
columnNames := make([]string, 0, len(data[0]))
for column := range data[0] {
columnNames = append(columnNames, column)
}
// Create quoted column names for SQL
columns := make([]string, len(columnNames))
for i, col := range columnNames {
columns[i] = utils.SQLQuoteIdent(col)
}
// Create a map for quick field lookup
fieldMap := make(map[string]*schema.Field)
for i := range s.Schema {
fieldMap[s.Schema[i].Name] = &s.Schema[i]
}
values := make([]string, len(data))
for i, row := range data {
rowValues := make([]string, len(columnNames))
for j, colName := range columnNames {
value := row[colName]
if field, exists := fieldMap[colName]; exists && field.Type == "hash" && field.Algorithm != nil {
valueStr := fmt.Sprintf("%v", value)
hashed, err := utils.Hash(valueStr, *field.Algorithm)
if err != nil {
return "", err
}
value = hashed
}
rowValues[j] = utils.SQLQuoteValue(value)
}
values[i] = fmt.Sprintf("(%s)", strings.Join(rowValues, ", "))
}
query := fmt.Sprintf("INSERT INTO %s (%s) VALUES %s", utils.SQLQuoteIdent(s.Name), strings.Join(columns, ", "), strings.Join(values, ", "))
return query, nil
}
func InsertSQL(s *schema.Table, data map[string]any) (string, error) {
return InsertManySQL(s, []map[string]any{data})
}

19
build/truncate.go Normal file
View File

@@ -0,0 +1,19 @@
package build
import (
"fmt"
"git.secnex.io/secnex/pgson/schema"
"git.secnex.io/secnex/pgson/utils"
)
func TruncateSQL(s *schema.Table, cascade bool, restartIdentity bool) (string, error) {
query := fmt.Sprintf("TRUNCATE TABLE %s", utils.SQLQuoteIdent(s.Name))
if cascade {
query += " CASCADE"
}
if restartIdentity {
query += " RESTART IDENTITY"
}
return query, nil
}

33
build/update.go Normal file
View File

@@ -0,0 +1,33 @@
package build
import (
"fmt"
"strings"
"git.secnex.io/secnex/pgson/schema"
"git.secnex.io/secnex/pgson/utils"
)
func UpdateSQL(s *schema.Table, data map[string]any, where string) (string, error) {
// Create a map for quick field lookup
fieldMap := make(map[string]*schema.Field)
for i := range s.Schema {
fieldMap[s.Schema[i].Name] = &s.Schema[i]
}
setClause := make([]string, 0, len(data))
for field, value := range data {
// Check if field is of type "hash" and needs hashing
if schemaField, exists := fieldMap[field]; exists && schemaField.Type == "hash" && schemaField.Algorithm != nil {
valueStr := fmt.Sprintf("%v", value)
hashed, err := utils.Hash(valueStr, *schemaField.Algorithm)
if err != nil {
return "", err
}
value = hashed
}
setClause = append(setClause, fmt.Sprintf("%s = %s", utils.SQLQuoteIdent(field), utils.SQLQuoteValue(value)))
}
setClause = append(setClause, "updated_at = CURRENT_TIMESTAMP")
return fmt.Sprintf("UPDATE %s SET %s WHERE %s = %s", utils.SQLQuoteIdent(s.Name), strings.Join(setClause, ", "), utils.SQLQuoteIdent(s.PrimaryKey), utils.SQLQuoteValue(where)), nil
}

4
go.mod
View File

@@ -1,3 +1,7 @@
module git.secnex.io/secnex/pgson module git.secnex.io/secnex/pgson
go 1.25.3 go 1.25.3
require golang.org/x/crypto v0.43.0
require golang.org/x/sys v0.37.0 // indirect

4
go.sum Normal file
View File

@@ -0,0 +1,4 @@
golang.org/x/crypto v0.43.0 h1:dduJYIi3A3KOfdGOHX8AVZ/jGiyPa3IbBozJ5kNuE04=
golang.org/x/crypto v0.43.0/go.mod h1:BFbav4mRNlXJL4wNeejLpWxB7wMbc79PdRGhWKncxR0=
golang.org/x/sys v0.37.0 h1:fdNQudmxPjkdUTPnLn5mdQv7Zwvbvpaxqs831goi9kQ=
golang.org/x/sys v0.37.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=

5
pgson.go
View File

@@ -4,6 +4,7 @@ import (
"os" "os"
"git.secnex.io/secnex/pgson/schema" "git.secnex.io/secnex/pgson/schema"
"git.secnex.io/secnex/pgson/utils"
) )
func NewSchemaFromFile(path string) (*schema.Table, error) { func NewSchemaFromFile(path string) (*schema.Table, error) {
@@ -17,3 +18,7 @@ func NewSchemaFromFile(path string) (*schema.Table, error) {
func NewSchema(json []byte) (*schema.Table, error) { func NewSchema(json []byte) (*schema.Table, error) {
return schema.NewTable(json) return schema.NewTable(json)
} }
func ReadJsonFileToMap(path string) ([]map[string]any, error) {
return utils.ReadJsonFileToMap(path)
}

32
query.go
View File

@@ -5,9 +5,37 @@ import (
"git.secnex.io/secnex/pgson/schema" "git.secnex.io/secnex/pgson/schema"
) )
func CreateSQL(s *schema.Table) (string, error) { func Create(s *schema.Table) (string, error) {
if err := s.Validate(); err != nil { if err := s.Validate(); err != nil {
return "", err return "", err
} }
return build.Create(s) return build.CreateSQL(s)
}
func Drop(s *schema.Table) (string, error) {
return build.DropSQL(s)
}
func InsertMany(s *schema.Table, data []map[string]any) (string, error) {
return build.InsertManySQL(s, data)
}
func Insert(s *schema.Table, data map[string]any) (string, error) {
return build.InsertSQL(s, data)
}
func Update(s *schema.Table, data map[string]any, where string) (string, error) {
return build.UpdateSQL(s, data, where)
}
func Delete(s *schema.Table, where string) (string, error) {
return build.DeleteSQL(s, where)
}
func HardDelete(s *schema.Table, where string) (string, error) {
return build.HardDeleteSQL(s, where)
}
func Truncate(s *schema.Table, cascade bool, restartIdentity bool) (string, error) {
return build.TruncateSQL(s, cascade, restartIdentity)
} }

44
schema/check.go
View File

@@ -1,9 +1,51 @@
package schema package schema
import (
"fmt"
"slices"
)
var ( var (
requiredAttributes = [2]string{"name", "type"} requiredAttributes = [2]string{"name", "type"}
onlySupportedTypes = []string{"string", "int", "float", "bool", "date", "time", "datetime", "uuid", "json", "hash"}
) )
func (t *Table) Validate() error { func ValidateField(field *Field) error {
if err := ValidateHashAlgorithm(field); err != nil {
return err
}
return ValidateFieldType(field)
}
func ValidateFieldType(field *Field) error {
if !slices.Contains(onlySupportedTypes, field.Type) {
return fmt.Errorf("unsupported type: %s", field.Type)
}
return nil
}
func ValidateHashAlgorithm(field *Field) error {
if field.Type != "hash" {
return nil
}
if field.Algorithm == nil {
return fmt.Errorf("algorithm is required for hash field")
}
var hashAlgorithms = []string{"argon2", "bcrypt", "md5", "sha256", "sha512"}
for _, algorithm := range hashAlgorithms {
if *field.Algorithm == algorithm {
return nil
}
}
return fmt.Errorf("unsupported hash algorithm: %s", *field.Algorithm)
}
func (t *Table) Validate() error {
for _, field := range t.Schema {
err := ValidateField(&field)
if err != nil {
return err
}
}
return nil return nil
} }

21
schema/table.go
View File

@@ -3,11 +3,14 @@ package schema
import ( import (
"encoding/json" "encoding/json"
"fmt" "fmt"
"git.secnex.io/secnex/pgson/utils"
) )
type Table struct { type Table struct {
Name string `json:"table"` Name string `json:"table"`
Schema []Field `json:"schema"` PrimaryKey string `json:"primary_key"`
Schema []Field `json:"schema"`
} }
type Field struct { type Field struct {
@@ -25,8 +28,8 @@ type Field struct {
type Reference struct { type Reference struct {
Table string `json:"table"` Table string `json:"table"`
Column string `json:"column"` Column string `json:"column"`
OnDelete string `json:"onDelete"` OnDelete string `json:"on_delete"`
OnUpdate string `json:"onUpdate"` OnUpdate string `json:"on_update"`
} }
// Mapping of field types to SQL types // Mapping of field types to SQL types
@@ -57,11 +60,13 @@ func (t *Table) JSON() ([]byte, error) {
} }
func (f *Field) SQL() string { func (f *Field) SQL() string {
quotedName := utils.SQLQuoteIdent(f.Name)
sqlType := fieldTypeToSQLType[f.Type] sqlType := fieldTypeToSQLType[f.Type]
if sqlType == "" { if sqlType == "" {
return "" return ""
} }
sql := fmt.Sprintf("%s %s", f.Name, sqlType)
sql := fmt.Sprintf("%s %s", quotedName, sqlType)
if f.Nullable != nil && !*f.Nullable { if f.Nullable != nil && !*f.Nullable {
sql += " NOT NULL" sql += " NOT NULL"
} }
@@ -75,10 +80,10 @@ func (f *Field) SQL() string {
sql += " UNIQUE" sql += " UNIQUE"
} }
if f.Default != nil && f.Primary == nil { if f.Default != nil && f.Primary == nil {
sql += fmt.Sprintf(" DEFAULT %s", *f.Default) sql += fmt.Sprintf(" DEFAULT %s", utils.SQLQuoteValue(*f.Default))
} }
if f.References != nil { if f.References != nil {
sql += fmt.Sprintf(" REFERENCES %s(%s)", f.References.Table, f.References.Column) sql += fmt.Sprintf(" REFERENCES %s(%s)", utils.SQLQuoteIdent(f.References.Table), utils.SQLQuoteIdent(f.References.Column))
if f.References.OnDelete != "" { if f.References.OnDelete != "" {
sql += fmt.Sprintf(" ON DELETE %s", f.References.OnDelete) sql += fmt.Sprintf(" ON DELETE %s", f.References.OnDelete)
} }
@@ -93,5 +98,5 @@ func (f *Field) SQLReferences() string {
if f.References == nil { if f.References == nil {
return "" return ""
} }
return fmt.Sprintf(" REFERENCES %s(%s)", f.References.Table, f.References.Column) return fmt.Sprintf(" REFERENCES %s(%s)", utils.SQLQuoteIdent(f.References.Table), utils.SQLQuoteIdent(f.References.Column))
} }

281
utils/hash.go Normal file
View File

@@ -0,0 +1,281 @@
package utils
import (
"crypto/md5"
"crypto/rand"
"crypto/sha256"
"crypto/sha512"
"crypto/subtle"
"encoding/base64"
"fmt"
"strings"
"golang.org/x/crypto/argon2"
"golang.org/x/crypto/bcrypt"
)
const (
argon2Time = 3
argon2Memory = 64 * 1024
argon2Threads = 4
argon2KeyLen = 32
saltLength = 16
)
func Hash(password string, algorithm string) (string, error) {
switch algorithm {
case "argon2":
return Argon2Hash(password)
case "bcrypt":
return BcryptHash(password)
case "md5":
return MD5Hash(password)
case "sha256":
return SHA256Hash(password)
case "sha512":
return SHA512Hash(password)
default:
return "", fmt.Errorf("unsupported hash algorithm: %s", algorithm)
}
}
func Verify(password, encodedHash string, algorithm string) (bool, error) {
switch algorithm {
case "argon2":
return Argon2Verify(password, encodedHash)
case "bcrypt":
return BcryptVerify(password, encodedHash)
case "md5":
return MD5Verify(password, encodedHash)
case "sha256":
return SHA256Verify(password, encodedHash)
case "sha512":
return SHA512Verify(password, encodedHash)
default:
return false, fmt.Errorf("unsupported hash algorithm: %s", algorithm)
}
}
func Argon2Hash(password string) (string, error) {
salt := make([]byte, saltLength)
if _, err := rand.Read(salt); err != nil {
return "", err
}
hash := argon2.IDKey([]byte(password), salt, argon2Time, argon2Memory, argon2Threads, argon2KeyLen)
b64Salt := base64.RawStdEncoding.EncodeToString(salt)
b64Hash := base64.RawStdEncoding.EncodeToString(hash)
encodedHash := fmt.Sprintf("$argon2id$v=%d$m=%d,t=%d,p=%d$%s$%s",
argon2.Version, argon2Memory, argon2Time, argon2Threads, b64Salt, b64Hash)
return encodedHash, nil
}
// Verify compares a password with an Argon2id hash
func Argon2Verify(password, encodedHash string) (bool, error) {
parts := strings.Split(encodedHash, "$")
if len(parts) != 6 {
return false, fmt.Errorf("invalid hash format")
}
if parts[1] != "argon2id" {
return false, fmt.Errorf("unsupported hash algorithm")
}
var version int
_, err := fmt.Sscanf(parts[2], "v=%d", &version)
if err != nil {
return false, err
}
if version != argon2.Version {
return false, fmt.Errorf("incompatible version")
}
var memory, time uint32
var threads uint8
_, err = fmt.Sscanf(parts[3], "m=%d,t=%d,p=%d", &memory, &time, &threads)
if err != nil {
return false, err
}
salt, err := base64.RawStdEncoding.DecodeString(parts[4])
if err != nil {
return false, err
}
hash, err := base64.RawStdEncoding.DecodeString(parts[5])
if err != nil {
return false, err
}
otherHash := argon2.IDKey([]byte(password), salt, time, memory, threads, uint32(len(hash)))
if subtle.ConstantTimeCompare(hash, otherHash) == 1 {
return true, nil
}
return false, nil
}
// BcryptHash generates a bcrypt hash of the password
func BcryptHash(password string) (string, error) {
hash, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
if err != nil {
return "", err
}
return string(hash), nil
}
// BcryptVerify compares a password with a bcrypt hash
func BcryptVerify(password, encodedHash string) (bool, error) {
err := bcrypt.CompareHashAndPassword([]byte(encodedHash), []byte(password))
if err != nil {
return false, nil
}
return true, nil
}
// MD5Hash generates an MD5 hash with salt
func MD5Hash(password string) (string, error) {
salt := make([]byte, saltLength)
if _, err := rand.Read(salt); err != nil {
return "", err
}
hasher := md5.New()
hasher.Write(salt)
hasher.Write([]byte(password))
hash := hasher.Sum(nil)
b64Salt := base64.RawStdEncoding.EncodeToString(salt)
b64Hash := base64.RawStdEncoding.EncodeToString(hash)
encodedHash := fmt.Sprintf("$md5$%s$%s", b64Salt, b64Hash)
return encodedHash, nil
}
// MD5Verify compares a password with an MD5 hash
func MD5Verify(password, encodedHash string) (bool, error) {
parts := strings.Split(encodedHash, "$")
if len(parts) != 4 || parts[1] != "md5" {
return false, fmt.Errorf("invalid hash format")
}
salt, err := base64.RawStdEncoding.DecodeString(parts[2])
if err != nil {
return false, err
}
hash, err := base64.RawStdEncoding.DecodeString(parts[3])
if err != nil {
return false, err
}
hasher := md5.New()
hasher.Write(salt)
hasher.Write([]byte(password))
otherHash := hasher.Sum(nil)
if subtle.ConstantTimeCompare(hash, otherHash) == 1 {
return true, nil
}
return false, nil
}
// SHA256Hash generates a SHA256 hash with salt
func SHA256Hash(password string) (string, error) {
salt := make([]byte, saltLength)
if _, err := rand.Read(salt); err != nil {
return "", err
}
hasher := sha256.New()
hasher.Write(salt)
hasher.Write([]byte(password))
hash := hasher.Sum(nil)
b64Salt := base64.RawStdEncoding.EncodeToString(salt)
b64Hash := base64.RawStdEncoding.EncodeToString(hash)
encodedHash := fmt.Sprintf("$sha256$%s$%s", b64Salt, b64Hash)
return encodedHash, nil
}
// SHA256Verify compares a password with a SHA256 hash
func SHA256Verify(password, encodedHash string) (bool, error) {
parts := strings.Split(encodedHash, "$")
if len(parts) != 4 || parts[1] != "sha256" {
return false, fmt.Errorf("invalid hash format")
}
salt, err := base64.RawStdEncoding.DecodeString(parts[2])
if err != nil {
return false, err
}
hash, err := base64.RawStdEncoding.DecodeString(parts[3])
if err != nil {
return false, err
}
hasher := sha256.New()
hasher.Write(salt)
hasher.Write([]byte(password))
otherHash := hasher.Sum(nil)
if subtle.ConstantTimeCompare(hash, otherHash) == 1 {
return true, nil
}
return false, nil
}
// SHA512Hash generates a SHA512 hash with salt
func SHA512Hash(password string) (string, error) {
salt := make([]byte, saltLength)
if _, err := rand.Read(salt); err != nil {
return "", err
}
hasher := sha512.New()
hasher.Write(salt)
hasher.Write([]byte(password))
hash := hasher.Sum(nil)
b64Salt := base64.RawStdEncoding.EncodeToString(salt)
b64Hash := base64.RawStdEncoding.EncodeToString(hash)
encodedHash := fmt.Sprintf("$sha512$%s$%s", b64Salt, b64Hash)
return encodedHash, nil
}
// SHA512Verify compares a password with a SHA512 hash
func SHA512Verify(password, encodedHash string) (bool, error) {
parts := strings.Split(encodedHash, "$")
if len(parts) != 4 || parts[1] != "sha512" {
return false, fmt.Errorf("invalid hash format")
}
salt, err := base64.RawStdEncoding.DecodeString(parts[2])
if err != nil {
return false, err
}
hash, err := base64.RawStdEncoding.DecodeString(parts[3])
if err != nil {
return false, err
}
hasher := sha512.New()
hasher.Write(salt)
hasher.Write([]byte(password))
otherHash := hasher.Sum(nil)
if subtle.ConstantTimeCompare(hash, otherHash) == 1 {
return true, nil
}
return false, nil
}

23
utils/json.go Normal file
View File

@@ -0,0 +1,23 @@
package utils
import (
"encoding/json"
"os"
)
func JsonToMap(j []byte) ([]map[string]any, error) {
var data []map[string]any
err := json.Unmarshal(j, &data)
if err != nil {
return nil, err
}
return data, nil
}
func ReadJsonFileToMap(path string) ([]map[string]any, error) {
data, err := os.ReadFile(path)
if err != nil {
return nil, err
}
return JsonToMap(data)
}

31
utils/sql.go Normal file
View File

@@ -0,0 +1,31 @@
package utils
import (
"fmt"
"strings"
)
func SQLQuoteIdent(id string) string {
return `"` + strings.ReplaceAll(id, `"`, `""`) + `"`
}
func SQLQuoteValue(value any) string {
switch v := value.(type) {
case string:
// Escape single quotes by doubling them (PostgreSQL standard)
escaped := strings.ReplaceAll(v, "'", "''")
return fmt.Sprintf("'%s'", escaped)
case int, int8, int16, int32, int64, uint, uint8, uint16, uint32, uint64:
return fmt.Sprintf("%v", value)
case float32, float64:
return fmt.Sprintf("%v", value)
case bool:
return fmt.Sprintf("%v", value)
case nil:
return "NULL"
}
// For unknown types, convert to string and escape
str := fmt.Sprintf("%v", value)
escaped := strings.ReplaceAll(str, "'", "''")
return fmt.Sprintf("'%s'", escaped)
}