feat: Add dynamic retrieval for client password

[sehrope]

PR to add support for dynamic password retrieval. There was already something quite similar to this to support reading passwords from a PGPASS file. This PR expands that section a bit to support invoking an arbitrary function.

Rather than supporting a callback parameter, this PR allows for either a synchronous function that returns a string or one that returns a Promise that resolves to a string. As there's Promise support on every supported runtime I figure it's a better choice for anything new being added.

Here's some examples of how to use it:

// Existing hard coded password:
const pool = new pg.Pool({
    password: 'test',
});

// Sync return a static string
const pool = new pg.Pool({
    password: () => {
        return 'test';
    }
});

// Async API
const pool = new pg.Pool({
    password: async () => {
        await new Promise(resolve => setTimeout(resolve, 1000));
        const value = await someAsyncFunc();
        return value;
    }
});

This PR does not have any new tests yet, I just tested it with some local examples. If the concept itself seems workable then should be easy to add a few that use a function and check for its side effects. Let me know.

[sehrope]

I force pushed an update to this that changes:

• Explicitly sets the password field to null if the password function does not return a usable value
• Changes the error for a non-string return value to be a TypeError

Also added some tests for retrieving a sync, async, and errant passwords via functions. For the tests I added a new helper suite.testAsync(...) to simplify writing them using promises.

[brianc]

This is fantastic. 20 line code change, 150 lines of tests. 😍

[brianc]

ohhh nice use on supporting BYOP - not sure how popular BYOP is now that promises have shipped natively in node for years, but still nice for backwards compatibility 👌

[brianc]

wow - impressive error handling

[sehrope]

Apparently not as impressive as @charmander ;-)

[brianc]

i apologize the tests here aren't written w/ a modern node testing framework. There's this cost-benefit thing I keep running into where it's like "Should I re-write all these tests into jest/mocha/etc? They already work and I know they work...but maybe rewriting will introduce some breakage." The original tests in the repo were written before mocha or jest existed so it's kinda like...well....if it ain't broke...otoh I feel like it's probably more confusing to contribute to. I also at the time, coming from ruby, thought i'd be 'clever' and attach a bunch of stuff to the global namespace like assert and other things. That was a mistake. :(

[sehrope]

No worries. I've thought about cleaning up some of them more than once and it's always the same conclusion. Maybe having a separate harness for things going forward as it's definitely easier to write async tests with an async harness. Doesn't even have to be be full on mocha/jest/whatever ... just having something to call out to with async actions should be enough.

I like how you can easily run any one of the tests in this project via "node path/to/test.js".

[charmander]

Some formatting consistency options.

[charmander]

Suggested change

	const Client = pg.Client;
	const Client = pg.Client

[charmander]

(This one still exists)

[brianc]

yeah i need to turn on linting on the test folder

[sehrope]

Would also help if we turned back on the semi rule. This PR passed "make lint" as the semi rule got removed when the eslint config was last cleaned up (by me...).

[sehrope]

I pushed some updates to address the comments (thanks @charmander!). As part of this I also cleaned up the error handling in client.js to use the same style of Promise.resove() chaining as it removes the need for separate sync error handling.

I left the error handling for that piece on L131 of client.js as a separate .catch(...) to handle anything being thrown by the supplied cb rather than a single .then(onSuccess, onError). Anything that errors out would then bubble up as an error event on the client.

FYI, taking a peek at the callers of that checkPgPass(...) function, I think I may have found a potential future issue with the SCRAM auth, I'm going to open a separate issue to track it.

[charmander]

(This one still exists)

[sehrope]

No clue why it failed on node v12 in the PR build but passed for me (https://travis-ci.org/sehrope/node-postgres/builds/561008527). There's no specific error in the travis logs either. I think there was some transient error building Postgres.

I'm going to push a dummy commit to see if it happens again.

[charmander]

Nice :)

[alekstr]

Btw, checked and tested this change in Prod with RDS Postgres 11.4, works fine! When you plan merge this into master?

[brianc]

Right now! & I'll document it and release a new minor version. 😄

[brianc]

Published [email protected] - thanks!

[benkeil]

You missed the types...

[sehrope]

@benkeil Yes the typings are maintained externally in DefinitelyTyped (i.e. @types/pg) so it can't be updated in tandem. I submitted a PR for that so hopefully that'll get synced soon: DefinitelyTyped/DefinitelyTyped#49257

[benkeil]

Naive question: why not migrate the project to typescript?

[sehrope]

I think it will eventually and some of the internal components have already been migrated to Typescript (e.g. see the packet parser).

[brianc]

Naive question: why not migrate the project to typescript?

yeah i'm very slowly working on that

[vitaly-t]

This PR and the change are confusing. I thought at first this would actually allow dynamic passwords support, but all it does - makes only one call in the beginning. After that, if the password changes, the callback is never called again. So it is not very useful then.

I had to use a connection object, and then do pool.options.password = 'new-password', or if connection string used, then set new one for pool.options.connectionString, in order to start using a new password.