cf-modkit-db 0.7.2

ModKit database library
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77

//! Hidden database runner capability.
//!
//! This module intentionally does **not** expose any raw `SeaORM` connection/transaction types
//! to downstream crates. It exists solely to allow secure query wrappers to execute queries
//! against either a normal connection (`DbConn`) or an in-flight transaction (`DbTx`).
//!
//! # Security Model
//!
//! The `DBRunner` trait is **sealed** - it cannot be implemented outside this crate.
//! This ensures that only `DbConn` and `DbTx` can be used as database runners,
//! preventing user code from creating custom runners that could bypass transaction isolation.

use super::db::{DbConn, DbTx};
use super::secure_conn::{SecureConn, SecureTx};

mod sealed {
    pub trait Sealed {}
}

/// Internal-only bridge to `SeaORM`'s executor trait.
///
/// Downstream crates must never see or name `ConnectionTrait`, `DatabaseConnection`, or
/// `DatabaseTransaction`. This bridge is crate-only.
pub enum SeaOrmRunner<'a> {
    Conn(&'a sea_orm::DatabaseConnection),
    Tx(&'a sea_orm::DatabaseTransaction),
}

/// Internal-only bridge to `SeaORM`'s executor types.
pub trait DBRunnerInternal: sealed::Sealed + Send + Sync {
    fn as_seaorm(&self) -> SeaOrmRunner<'_>;
}

/// Hidden capability marker used by repositories and services.
///
/// This trait intentionally has **no methods** and cannot be implemented outside `modkit-db`.
///
/// Note: while `DBRunner` extends an internal trait, downstream crates cannot name that
/// internal trait, and therefore cannot obtain any raw SeaORM executor from a `DBRunner`.
#[doc(hidden)]
pub trait DBRunner: DBRunnerInternal {}

// --- New secure types (DbConn, DbTx) ---

impl sealed::Sealed for DbConn<'_> {}
impl DBRunnerInternal for DbConn<'_> {
    fn as_seaorm(&self) -> SeaOrmRunner<'_> {
        SeaOrmRunner::Conn(self.conn)
    }
}
impl DBRunner for DbConn<'_> {}

impl sealed::Sealed for DbTx<'_> {}
impl DBRunnerInternal for DbTx<'_> {
    fn as_seaorm(&self) -> SeaOrmRunner<'_> {
        SeaOrmRunner::Tx(self.tx)
    }
}
impl DBRunner for DbTx<'_> {}

// --- Legacy types (SecureConn, SecureTx) - kept for migration period ---

impl sealed::Sealed for SecureConn {}
impl DBRunnerInternal for SecureConn {
    fn as_seaorm(&self) -> SeaOrmRunner<'_> {
        SeaOrmRunner::Conn(&self.conn)
    }
}
impl DBRunner for SecureConn {}

impl sealed::Sealed for SecureTx<'_> {}
impl DBRunnerInternal for SecureTx<'_> {
    fn as_seaorm(&self) -> SeaOrmRunner<'_> {
        SeaOrmRunner::Tx(self.tx)
    }
}
impl DBRunner for SecureTx<'_> {}