1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
//! # tenaxum
//!
//! Tenant-scoped helpers for Axum + sqlx + Postgres. Tenacious about
//! row-level isolation.
//!
//! Tenax exposes two patterns. Pick whichever fits your codebase.
//!
//! ## Pattern 1 — pool-scoped (recommended for production apps)
//!
//! Set `app.tenant_id` once when a connection is checked out of the pool,
//! reset it on release. Every query during the request is auto-isolated.
//! Zero per-call-site boilerplate.
//!
//! See [`pool`] module for the [`pool::with_tenant_hooks`] pool builder
//! and the [`pool::tenant_scope`] Axum middleware.
//!
//! ## Pattern 2 — explicit `begin_tenant`
//!
//! Open a transaction and `SET LOCAL app.tenant_id` inside it. Useful for
//! background jobs, one-off scripts, or admin paths where the pool hooks
//! aren't wired.
//!
//! See [`PgPoolExt::begin_tenant`] and [`set_tenant`].
//!
//! ## What tenaxum deliberately does not do
//!
//! - **JWT decoding.** Every app does this differently. Decode in your own
//! middleware, then `req.extensions_mut().insert(TenantId(uuid))`.
//! - **RLS policy generation.** The policy is one line of SQL; see the
//! `examples/rls` crate in this repo for the full pattern, including
//! the `FORCE ROW LEVEL SECURITY` + non-superuser-role + `WITH CHECK`
//! gotchas.
//! - **Scope/permission middleware.** Maybe later, once the design has
//! been battle-tested in a real codebase.
pub use TenantId;
pub use ;