dbproxy

package
v0.0.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 13, 2026 License: MIT Imports: 9 Imported by: 0

Documentation

Overview

Package dbproxy proxies database queries on the gateway side, enforcing allowlists and row limits before any SQL hits the customer DB.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func NewPgProxy 

func NewPgProxy(ctx context.Context, url string, maxConns int) (*pgxpool.Pool, error)

NewPgProxy opens a pool against url. Caller closes the pool on shutdown.

Types

type Allowlist 

type Allowlist struct {
	Tables         []string // FQNs: "schema.table"
	BlockedColumns []string // FQNs: "table.column"
	ReadOnly       bool
}

Allowlist filters SQL by table FQN and blocked column references.

func (*Allowlist) Check 

func (a *Allowlist) Check(sql string) error

Check returns nil if the SQL is admissible, or an error describing the violation.

Rules:

  • Only SELECT (and CTEs whose top-level is SELECT) are allowed when ReadOnly.
  • Every table reference must be in Tables (matched as schema.table or table).
  • No column reference may match a BlockedColumns entry.

type PgProxy 

type PgProxy struct {
	Pool         *pgxpool.Pool
	MaxRows      int
	QueryTimeout time.Duration
	Allowlist    *Allowlist
}

PgProxy executes read-only SQL against a customer Postgres DB with limits.

func (*PgProxy) Execute 

func (p *PgProxy) Execute(ctx context.Context, sql string) (*QueryResult, error)

Execute runs a single SELECT and returns columns + rows. Rejects writes and queries whose tables/columns fall outside the allowlist.

type QueryResult 

type QueryResult struct {
	Columns         []string `json:"columns"`
	Rows            [][]any  `json:"rows"`
	RowCount        int      `json:"row_count"`
	ExecutionTimeMs int      `json:"execution_time_ms"`
}

QueryResult is the wire shape the gateway returns.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.