mirror of
https://github.com/archtechx/tenancy.git
synced 2026-06-20 22:54:05 +00:00
0d177c7e9b
For a niche opt-in feature, checking if the tenants table is in the current schema is good enough for determining if the current DB is central -- the solution where we added getCurrentDatabaseName to each manager was overly complicated for this (though a bit more correct, not worth the added complexity).
164 lines
6.5 KiB
PHP
164 lines
6.5 KiB
PHP
<?php
|
|
|
|
use Illuminate\Support\Facades\Event;
|
|
use Stancl\JobPipeline\JobPipeline;
|
|
use Stancl\Tenancy\Bootstrappers\DatabaseTenancyBootstrapper;
|
|
use Stancl\Tenancy\Events\TenancyEnded;
|
|
use Stancl\Tenancy\Events\TenancyInitialized;
|
|
use Stancl\Tenancy\Jobs\CreateDatabase;
|
|
use Stancl\Tenancy\Events\TenantCreated;
|
|
use Stancl\Tenancy\Listeners\BootstrapTenancy;
|
|
use Stancl\Tenancy\Listeners\RevertToCentralContext;
|
|
use Stancl\Tenancy\Tests\Etc\Tenant;
|
|
use Illuminate\Support\Str;
|
|
use Illuminate\Support\Facades\DB;
|
|
use Illuminate\Database\QueryException;
|
|
use Stancl\Tenancy\Database\TenantDatabaseManagers\MySQLDatabaseManager;
|
|
use Stancl\Tenancy\Database\TenantDatabaseManagers\SQLiteDatabaseManager;
|
|
use Stancl\Tenancy\Database\TenantDatabaseManagers\PostgreSQLDatabaseManager;
|
|
use Stancl\Tenancy\Database\TenantDatabaseManagers\PostgreSQLSchemaManager;
|
|
|
|
use function Stancl\Tenancy\Tests\pest;
|
|
|
|
$cleanup = function () {
|
|
DatabaseTenancyBootstrapper::$harden = false;
|
|
};
|
|
|
|
beforeEach(function () use ($cleanup) {
|
|
Event::listen(TenancyInitialized::class, BootstrapTenancy::class);
|
|
Event::listen(TenancyEnded::class, RevertToCentralContext::class);
|
|
|
|
$cleanup();
|
|
});
|
|
|
|
afterEach($cleanup);
|
|
|
|
test('harden prevents tenants from using the central database', function (bool $harden, string $connection, string $manager) {
|
|
config([
|
|
'tenancy.bootstrappers' => [DatabaseTenancyBootstrapper::class],
|
|
"tenancy.database.managers.{$connection}" => $manager,
|
|
]);
|
|
|
|
// Point the central connection at the tested connection's config and migrate it
|
|
// (so that the central database/schema contains the tenants table).
|
|
$centralConnection = config('tenancy.database.central_connection');
|
|
$centralConfig = config("database.connections.{$connection}");
|
|
|
|
if ($connection === 'sqlite') {
|
|
$centralConfig['database'] = database_path($sqliteCentralDb = 'central.sqlite');
|
|
}
|
|
|
|
DB::purge($centralConnection);
|
|
config(["database.connections.{$centralConnection}" => $centralConfig]);
|
|
|
|
pest()->artisan('migrate:fresh', [
|
|
'--force' => true,
|
|
'--path' => __DIR__ . '/../../assets/migrations',
|
|
'--realpath' => true,
|
|
]);
|
|
|
|
DatabaseTenancyBootstrapper::$harden = $harden;
|
|
|
|
Event::listen(TenantCreated::class, JobPipeline::make([CreateDatabase::class])->send(function (TenantCreated $event) {
|
|
return $event->tenant;
|
|
})->toListener());
|
|
|
|
// Create the tenant with its own database, then repoint it at the central database/schema
|
|
// (which contains the tenants table that the hardening check looks for).
|
|
$tenant = Tenant::create(['tenancy_db_connection' => $connection]);
|
|
|
|
$central = DB::connection($centralConnection);
|
|
$centralName = match (true) {
|
|
$manager === PostgreSQLSchemaManager::class => $central->selectOne('SELECT current_schema() AS schema')->schema, // Central schema name
|
|
$connection === 'sqlite' => $sqliteCentralDb, // Central SQLite DB name
|
|
default => $central->getDatabaseName(), // Central DB name
|
|
};
|
|
|
|
$tenant->update(['tenancy_db_name' => $centralName]);
|
|
|
|
if ($harden) {
|
|
// Harden blocks initialization for tenants that use the central database
|
|
expect(fn () => tenancy()->initialize($tenant))->toThrow(RuntimeException::class);
|
|
|
|
// Connection should be reverted back to central
|
|
expect(DB::connection()->getName())->toBe($centralConnection);
|
|
} else {
|
|
expect(fn () => tenancy()->initialize($tenant))->not()->toThrow(Throwable::class);
|
|
|
|
// Connection not reverted to central
|
|
expect(DB::connection()->getName())->toBe('tenant');
|
|
}
|
|
})->with([
|
|
'hardening enabled' => true,
|
|
'hardening disabled' => false,
|
|
])->with('db_managers');
|
|
|
|
test('harden prevents tenants from using a database of another tenant', function (bool $harden, string $connection, string $manager) {
|
|
config([
|
|
'tenancy.bootstrappers' => [DatabaseTenancyBootstrapper::class],
|
|
"tenancy.database.managers.{$connection}" => $manager,
|
|
]);
|
|
|
|
DatabaseTenancyBootstrapper::$harden = $harden;
|
|
|
|
Event::listen(TenantCreated::class, JobPipeline::make([CreateDatabase::class])->send(function (TenantCreated $event) {
|
|
return $event->tenant;
|
|
})->toListener());
|
|
|
|
$tenant = Tenant::create(['tenancy_db_connection' => $connection]);
|
|
|
|
$dbName = Str::random(8) . ($connection === 'sqlite' ? '.sqlite' : '');
|
|
|
|
Tenant::create(['tenancy_db_name' => $dbName, 'tenancy_db_connection' => $connection]);
|
|
|
|
$tenant->update(['tenancy_db_name' => $dbName]);
|
|
|
|
if ($harden) {
|
|
// Harden blocks initialization for tenants that use a database of another tenant
|
|
expect(fn () => tenancy()->initialize($tenant))->toThrow(RuntimeException::class);
|
|
|
|
// Connection should be reverted back to central
|
|
expect(DB::connection()->getName())->toBe('central');
|
|
} else {
|
|
expect(fn() => tenancy()->initialize($tenant))->not()->toThrow(Throwable::class);
|
|
|
|
// Connection not reverted to central
|
|
expect(DB::connection()->getName())->toBe('tenant');
|
|
}
|
|
})->with([
|
|
'hardening enabled' => true,
|
|
'hardening disabled' => false,
|
|
])->with('db_managers');
|
|
|
|
test('database tenancy bootstrapper throws an exception if DATABASE_URL is set', function (string|null $databaseUrl) {
|
|
config(['database.connections.central.url' => $databaseUrl]);
|
|
|
|
config(['tenancy.bootstrappers' => [DatabaseTenancyBootstrapper::class]]);
|
|
|
|
Event::listen(TenantCreated::class, JobPipeline::make([CreateDatabase::class])->send(function (TenantCreated $event) {
|
|
return $event->tenant;
|
|
})->toListener());
|
|
|
|
if ($databaseUrl) {
|
|
expect(fn() => Tenant::create())->toThrow(QueryException::class);
|
|
} else {
|
|
expect(function() {
|
|
$tenant1 = Tenant::create();
|
|
|
|
pest()->artisan('tenants:migrate');
|
|
|
|
tenancy()->initialize($tenant1);
|
|
})->not()->toThrow(Throwable::class);
|
|
}
|
|
})->with(['abc.us-east-1.rds.amazonaws.com', null]);
|
|
|
|
// Database managers to test with hardening.
|
|
// Permission controlled managers omitted as they inherit the non-perm controlled managers (= they share the same code paths),
|
|
// each important code path is covered by testing the non-permission controlled manager, so adding permission controlled managers
|
|
// would add unnecessary complexity to the tests.
|
|
dataset('db_managers', [
|
|
'mysql' => ['mysql', MySQLDatabaseManager::class],
|
|
'pgsql (database)' => ['pgsql', PostgreSQLDatabaseManager::class],
|
|
'pgsql (schema)' => ['pgsql', PostgreSQLSchemaManager::class],
|
|
'sqlite' => ['sqlite', SQLiteDatabaseManager::class],
|
|
]);
|