FEAT: use sepearate db users for migrations and tenant operations

sru-thy · sru-thy · commit 93da280586a8 · 2024-12-13T11:21:07.000+05:30
diff --git a/env.sample b/env.sample
@@ -1,7 +1,11 @@
+# Superuser for migrations
+POSTGRES_ADMIN_USER=postgres
+POSTGRES_ADMIN_PASSWORD=postgres
+# Minimal user with restricted access
+POSTGRES_TENANT_USER=tenant
+POSTGRES_TENANT_PASSWORD=tenant
 POSTGRES_HOST=localhost
 POSTGRES_PORT=5432
-POSTGRES_USER=postgres
-POSTGRES_PASSWORD=postgres
 POSTGRES_DB=authentication-service
 POSTGRES_TENANT_MAX_CONNECTION_LIMIT=10
 REDIS_HOST=localhost
diff --git a/src/config/migration.config.ts b/src/config/migration.config.ts
@@ -10,8 +10,8 @@ const dataSource = new DataSource({
   host: process.env.POSTGRES_HOST,
   port: parseInt(process.env.POSTGRES_PORT as string),
   database: process.env.POSTGRES_DB,
-  username: process.env.POSTGRES_USER,
-  password: process.env.POSTGRES_PASSWORD,
+  username: process.env.POSTGRES_ADMIN_USER,
+  password: process.env.POSTGRES_ADMIN_PASSWORD,
   synchronize: false,
   logging: false,
   namingStrategy: new SnakeNamingStrategy(),
diff --git a/src/util/database.connection.ts b/src/util/database.connection.ts
@@ -31,8 +31,8 @@ export async function getConnectionForTenant(
     type: 'postgres',
     host: process.env.POSTGRES_HOST,
     port: Number(process.env.POSTGRES_PORT),
-    username: process.env.POSTGRES_USER,
-    password: process.env.POSTGRES_PASSWORD,
+    username: process.env.POSTGRES_TENANT_USER,
+    password: process.env.POSTGRES_TENANT_PASSWORD,
     database: process.env.POSTGRES_DB,
     entities: [
       __dirname + '/../**/*.entity.ts',
@@ -68,3 +68,30 @@ const switchToTenant = async (
     );
   }
 };
+
+export async function getConnectionAsOwner(): Promise<DataSource> {
+  if (!getConnectionManager().has('Owner'))
+    return await new DataSource({
+      name: 'Owner',
+      type: 'postgres',
+      host: process.env.POSTGRES_HOST,
+      port: Number(process.env.POSTGRES_PORT),
+      username: process.env.POSTGRES_ADMIN_USER,
+      password: process.env.POSTGRES_ADMIN_PASSWORD,
+      database: process.env.POSTGRES_DB,
+      entities: [__dirname + '/../**/*.entity.js'],
+      synchronize: false,
+      logging: ['error'],
+      namingStrategy: new SnakeNamingStrategy(),
+      migrationsTableName: 'migrations',
+      migrations: [__dirname + '/../migrations/*.js'],
+      ...(process.env.POSTGRES_ADMIN_MAX_CONNECTION_LIMIT
+        ? { extra: { max: process.env.POSTGRES_ADMIN_MAX_CONNECTION_LIMIT } }
+        : {}),
+    }).initialize();
+  const con = getConnectionManager().get('Owner');
+  const existingConnection = await Promise.resolve(
+    con.isConnected ? con : con.connect(),
+  );
+  return existingConnection;
+}
