From ef999f95ed87f7aa0ee44fe606e5536d243da70d Mon Sep 17 00:00:00 2001
From: Bobbie Soedirgo <bobbie@soedirgo.dev>
Date: Fri, 15 Nov 2024 16:00:52 +0800
Subject: [PATCH] tmp

---
 nix/ext/001-new-vault.patch | 132 +++++++++++++++++++++++-------------
 1 file changed, 86 insertions(+), 46 deletions(-)

diff --git a/nix/ext/001-new-vault.patch b/nix/ext/001-new-vault.patch
index 9878774fd..5fe9a9add 100644
--- a/nix/ext/001-new-vault.patch
+++ b/nix/ext/001-new-vault.patch
@@ -139,13 +139,13 @@ index 8c33ac1..e9f0e08 100644
 +OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 diff --git a/Makefile b/Makefile
-index 7f66766..af0ef00 100644
+index 7f66766..d78d401 100644
 --- a/Makefile
 +++ b/Makefile
 @@ -1,5 +1,25 @@
 +PG_CFLAGS = -std=c99 -Werror -Wno-declaration-after-statement
  EXTENSION = supabase_vault
-+EXTVERSION = 0.3.0
++EXTVERSION = 0.3.1
 +
  DATA = $(wildcard sql/*--*.sql)
 +
@@ -1116,6 +1116,13 @@ index ee40004..8973fe0 100644
  
  COMMENT ON TABLE vault.secrets IS 'Table with encrypted `secret` column for storing sensitive information on disk.';
  
+diff --git a/sql/supabase_vault--0.3.0--0.3.1.sql b/sql/supabase_vault--0.3.0--0.3.1.sql
+new file mode 100644
+index 0000000..ee25f24
+--- /dev/null
++++ b/sql/supabase_vault--0.3.0--0.3.1.sql
+@@ -0,0 +1 @@
++-- no SQL changes in 0.3.1
 diff --git a/sql/supabase_vault--0.3.0.sql b/sql/supabase_vault--0.3.0.sql
 new file mode 100644
 index 0000000..af6abe2
@@ -1434,7 +1441,7 @@ index 0000000..91eca9a
 +#endif
 diff --git a/src/pgsodium.c b/src/pgsodium.c
 new file mode 100644
-index 0000000..d337fff
+index 0000000..563c55f
 --- /dev/null
 +++ b/src/pgsodium.c
 @@ -0,0 +1,144 @@
@@ -1552,7 +1559,7 @@ index 0000000..d337fff
 +	{
 +		nonce = NULL;
 +	}
-+	ERRORIF (VARSIZE_ANY_EXHDR (ciphertext) <=
++	ERRORIF (VARSIZE_ANY_EXHDR (ciphertext) <
 +		crypto_aead_det_xchacha20_ABYTES, "%s: invalid message");
 +	result_len =
 +		VARSIZE_ANY_EXHDR (ciphertext) - crypto_aead_det_xchacha20_ABYTES;
@@ -1992,22 +1999,20 @@ index e6221c2..0000000
 -select * from finish();
 diff --git a/test/expected/test.out b/test/expected/test.out
 new file mode 100644
-index 0000000..28abe9b
+index 0000000..1d69ec5
 --- /dev/null
 +++ b/test/expected/test.out
-@@ -0,0 +1,102 @@
+@@ -0,0 +1,110 @@
 +select no_plan();
 + no_plan 
 +---------
 +(0 rows)
 +
 +do $$
-+select vault.create_secret (
-+	's3kr3t_k3y', 'a_name', 'this is the foo secret key');
++begin
++  perform vault.create_secret('s3kr3t_k3y', 'a_name', 'this is the foo secret key');
++end
 +$$;
-+ERROR:  syntax error at or near "select"
-+LINE 2: select vault.create_secret (
-+        ^
 +SELECT results_eq(
 +    $$
 +    SELECT decrypted_secret = 's3kr3t_k3y', description = 'this is the foo secret key'
@@ -2015,13 +2020,9 @@ index 0000000..28abe9b
 +    $$,
 +    $$VALUES (true, true)$$,
 +    'can select from masking view with custom key');
-+                           results_eq                            
-+-----------------------------------------------------------------
-+ not ok 1 - can select from masking view with custom key        +
-+ # Failed test 1: "can select from masking view with custom key"+
-+ #     Results differ beginning at row 1:                       +
-+ #         have: NULL                                           +
-+ #         want: (t,t)
++                     results_eq                      
++-----------------------------------------------------
++ ok 1 - can select from masking view with custom key
 +(1 row)
 +
 +SELECT lives_ok(
@@ -2040,11 +2041,10 @@ index 0000000..28abe9b
 +TRUNCATE vault.secrets;
 +set role bob;
 +do $$
-+select vault.create_secret ('foo', 'bar', 'baz');
++begin
++  perform vault.create_secret ('foo', 'bar', 'baz');
++end
 +$$;
-+ERROR:  syntax error at or near "select"
-+LINE 2: select vault.create_secret ('foo', 'bar', 'baz');
-+        ^
 +select results_eq(
 +	$test$
 +    SELECT (decrypted_secret COLLATE "default"), name, description FROM vault.decrypted_secrets
@@ -2052,13 +2052,9 @@ index 0000000..28abe9b
 +    $test$,
 +    $results$values ('foo', 'bar', 'baz')$results$,
 +     'bob can query a secret');
-+                results_eq                 
-+-------------------------------------------
-+ not ok 3 - bob can query a secret        +
-+ # Failed test 3: "bob can query a secret"+
-+ #     Results differ beginning at row 1: +
-+ #         have: NULL                     +
-+ #         want: (foo,bar,baz)
++          results_eq           
++-------------------------------
++ ok 3 - bob can query a secret
 +(1 row)
 +
 +select lives_ok(
@@ -2082,21 +2078,40 @@ index 0000000..28abe9b
 +    $test$,
 +    $results$values ('fooz', 'barz', 'bazz')$results$,
 +     'bob can query an updated secret');
-+                     results_eq                     
-+----------------------------------------------------
-+ not ok 5 - bob can query an updated secret        +
-+ # Failed test 5: "bob can query an updated secret"+
-+ #     Results differ beginning at row 1:          +
-+ #         have: NULL                              +
-+ #         want: (fooz,barz,bazz)
++               results_eq               
++----------------------------------------
++ ok 5 - bob can query an updated secret
 +(1 row)
 +
-+select * from finish();
-+                finish                
++truncate vault.secrets;
++reset role;
++do $$
++begin
++  perform vault.create_secret(
++    new_secret := '',
++    new_name := 'empty_secret'
++  );
++end
++$$;
++select results_eq(
++  $test$
++    select decrypted_secret collate "default"
++    from vault.decrypted_secrets
++    where name = 'empty_secret'
++  $test$,
++  $results$values ('')$results$,
++  'secret can be an empty string'
++);
++              results_eq              
 +--------------------------------------
-+ 1..5
-+ # Looks like you failed 3 tests of 5
-+(2 rows)
++ ok 6 - secret can be an empty string
++(1 row)
++
++select * from finish();
++ finish 
++--------
++ 1..6
++(1 row)
 +
 diff --git a/test/fixtures.sql b/test/fixtures.sql
 new file mode 100644
@@ -2121,15 +2136,16 @@ index 0000000..b323d22
 +GRANT pgsodium_keyiduser TO bob;
 diff --git a/test/sql/test.sql b/test/sql/test.sql
 new file mode 100644
-index 0000000..f6b6e92
+index 0000000..69dbccd
 --- /dev/null
 +++ b/test/sql/test.sql
-@@ -0,0 +1,59 @@
+@@ -0,0 +1,84 @@
 +select no_plan();
 +
 +do $$
-+select vault.create_secret (
-+	's3kr3t_k3y', 'a_name', 'this is the foo secret key');
++begin
++  perform vault.create_secret('s3kr3t_k3y', 'a_name', 'this is the foo secret key');
++end
 +$$;
 +
 +SELECT results_eq(
@@ -2154,7 +2170,9 @@ index 0000000..f6b6e92
 +set role bob;
 +
 +do $$
-+select vault.create_secret ('foo', 'bar', 'baz');
++begin
++  perform vault.create_secret ('foo', 'bar', 'baz');
++end
 +$$;
 +
 +select results_eq(
@@ -2183,4 +2201,26 @@ index 0000000..f6b6e92
 +    $results$values ('fooz', 'barz', 'bazz')$results$,
 +     'bob can query an updated secret');
 +
++truncate vault.secrets;
++reset role;
++
++do $$
++begin
++  perform vault.create_secret(
++    new_secret := '',
++    new_name := 'empty_secret'
++  );
++end
++$$;
++
++select results_eq(
++  $test$
++    select decrypted_secret collate "default"
++    from vault.decrypted_secrets
++    where name = 'empty_secret'
++  $test$,
++  $results$values ('')$results$,
++  'secret can be an empty string'
++);
++
 +select * from finish();