WIP: add different implementation sketches

.gitignore

@@ -1,8 +1,9 @@
-.postgres-data
+.postgres-*
 .tool-versions
 .env
 .envrc
 .swc
 node_modules
+ca-cert*
 
-dist
+dist

README.md

@@ -0,0 +1,71 @@
+# Multi tenancy sketches
+
+This project is a synthetic test project for implementing multi tenancy.
+Its a functional graphql api backend, that is easiest to access from the apollo graphql explorer.
+The api and the explorer are available by default at `http://localhost:4000` by default,
+after the app and its dependencies have been started
+
+## Project setup
+
+This project is using [`pnpm`](https://pnpm.io/) as its package manager.
+To start the required databases or other dependencies, run `docker compose up -d`
+
+## About Postgres setup
+
+I had to change the `wal_level` on my local postgres instances
+it is done with running the SQL command below, and restating the database server:
+
+```sql
+ALTER SYSTEM SET wal_level = logical;
+```
+
+When registering a new region on a DigitalOcean postgres server, the default user doesn't have the required roles to set up a subscription.
+On DO we can use [aiven-extras](https://github.com/aiven/aiven-extras) to create subs without root access.
+The current branch is utilizing just that. But it needs a setup step executed on each database, that is registered as a region
+
+Run this in a `psql` shell
+
+```sql
+CREATE EXTENSION aiven_extras;
+```
+
+Note: Postgres subscriptions (which we use) in the same db server don't work that easily; easiest way to get things going is to set up multiple db servers locally.
+
+## Project description
+
+The app has these basic concepts:
+
+### User
+
+A user of the system (obviously). User authn is not implemented, authz is very simplified.
+
+### Resource
+
+This is an abstract object representing a project, that multiple users might work on.
+The notion of work on is currently implemented as the comment create action.
+A resource might belong to an organization or belong to the default (null) organization.
+
+### Comment
+
+A text note, that belongs to a given resource, created by a user.
+
+### Region
+
+A geo-located data storage region, currently implemented as a PostgresSQL database server.
+When providing a connection url to a region, make sure to not include a database name or any trailing `/`-s in the url.
+
+### Organization
+
+A collection of users and an owner of resource. Any user may create organizations.
+Organizations may be granted access to any given region. That action creates a new database in the region DB server. migrates it to the latest DB schema and sets up user and resource publish and subscribe mechanisms.
+
+## Steps to flex this POC
+
+Using the exposed graphql explorer, you can go ahead and
+
+- create a user
+- create an organisation
+- add the user to the organisation
+- create regions & associate them with an organisation
+- create a resource in the default organisation, or for a specific organisation & region
+- etc.

docker-compose.yml

@@ -1,40 +1,35 @@
 version: "3.9"
 
 services:
-  maindb:
+  postgres:
     image: postgres:16-alpine
     ports:
       - 5454:5432
+    volumes:
+      - ./.postgres-data:/var/lib/postgresql/data
     environment:
       - POSTGRES_PASSWORD=speckle
       - POSTGRES_USER=speckle
       - POSTGRES_DB=speckle_main
 
-  eu_db:
+  region-1:
     image: postgres:16-alpine
     ports:
-      - 5455:5433
+      - 5455:5432
+    volumes:
+      - ./.postgres-region-1:/var/lib/postgresql/data
     environment:
       - POSTGRES_PASSWORD=speckle
       - POSTGRES_USER=speckle
-      - POSTGRES_DB=speckle_eu
-      - PGPORT=5433
+      - POSTGRES_DB=speckle_main
 
-  us_db:
+  region-2:
     image: postgres:16-alpine
     ports:
-      - 5456:5434
+      - 5456:5432
+    volumes:
+      - ./.postgres-region-2:/var/lib/postgresql/data
     environment:
       - POSTGRES_PASSWORD=speckle
       - POSTGRES_USER=speckle
-      - POSTGRES_DB=speckle_us
-      - PGPORT=5434
-
-  start_dependencies:
-    image: tehkapa/docker-wait-for-dependencies
-    depends_on:
-      - maindb
-      - eu_db
-      - us_db
-    container_name: wait-for-dependencies
-    command: maindb:5432 eu_db:5433 us_db:5434
+      - POSTGRES_DB=speckle_main

knexfile.ts

@@ -1,11 +1,21 @@
-export const mainDBConfig = {
+import { Knex } from 'knex'
+import fs from 'fs'
+import path from 'path'
+
+console.log(`foobar ${process.env.POSTGRES_CA_CERT_PATH}`)
+
+const config: Knex.Config = {
   client: 'pg',
   connection: {
-    host: '127.0.0.1',
-    port: 5454,
-    user: 'speckle',
-    database: 'speckle_main',
-    password: 'speckle'
+    connectionString: process.env.POSTGRES_URL,
+    ssl: process.env.POSTGRES_CA_CERT_PATH
+      ? {
+          ca: fs.readFileSync(
+            path.resolve(__dirname, process.env.POSTGRES_CA_CERT_PATH)
+          ),
+          rejectUnauthorized: true
+        }
+      : undefined
   },
   migrations: {
     directory: 'src/migrations',
@@ -13,33 +23,4 @@ export const mainDBConfig = {
   }
 }
 
-
-export const euDBConfig = {
-  client: 'pg',
-  connection: {
-    host: '127.0.0.1',
-    port: 5455,
-    user: 'speckle',
-    database: 'speckle_eu',
-    password: 'speckle'
-  },
-  migrations: {
-    directory: 'src/migrations',
-    extension: 'ts'
-  }
-}
-
-export const usDBConfig = {
-  client: 'pg',
-  connection: {
-    host: '127.0.0.1',
-    port: 5456,
-    user: 'speckle',
-    database: 'speckle_us',
-    password: 'speckle'
-  },
-  migrations: {
-    directory: 'src/migrations',
-    extension: 'ts'
-  }
-}
+export default config

package.json

@@ -4,11 +4,11 @@
   "description": "",
   "main": "src/app.ts",
   "scripts": {
-    "test": "echo \"Error: no test specified\" && exit 1",
+    "test": "vitest",
     "lint": "ts-standard",
-    "tsx": "docker compose up start_dependencies && tsx watch --clear-screen=false --conditions=typescript ./src/app.ts",
+    "tsx": "tsx",
     "lint:fix": "ts-standard --fix",
-    "migration:make": "NODE_OPTIONS='--import tsx' knex migrate:make",
+    "migration:make": "NODE_OPTIONS='--loader ts-node/esm' knex migrate:make",
     "dev:old": "nodemon --ext ts,graphql --exec node --inspect -r @swc/register src/bin/www.ts",
     "build": "tsc",
     "start": "node dist/app.js",
@@ -18,7 +18,6 @@
   "author": "",
   "license": "ISC",
   "devDependencies": {
-    "@ducktors/tsconfig": "^1.0.0",
     "@types/node": "^20.11.13",
     "@typescript-eslint/eslint-plugin": "^6.20.0",
     "@typescript-eslint/parser": "^6.20.0",
@@ -27,10 +26,13 @@
     "ts-node": "^10.9.2",
     "ts-standard": "^12.0.2",
     "tsx": "^4.7.0",
-    "typescript": "^5.3.3"
+    "typescript": "^5.3.3",
+    "vitest": "^1.2.2"
   },
   "dependencies": {
     "@apollo/server": "^4.10.0",
+    "crypto-random-string": "^3.0.0",
+    "dataloader": "^2.2.2",
     "dotenv": "^16.4.1",
     "graphql": "^16.8.1",
     "graphql-scalars": "^1.22.4",

parse_cert.py

@@ -0,0 +1,8 @@
+from pathlib import Path
+import json
+
+cert = Path("./ca-cert").read_text()
+
+cert_json = json.dumps({"cert": cert})
+
+Path("./ca-cert.json").write_text(cert_json)

src/app.ts

@@ -3,9 +3,7 @@ import { resolvers } from './resolvers'
 import { startStandaloneServer } from '@apollo/server/standalone'
 import { readFileSync } from 'fs'
 import { typeDefs as scalarTypeDefs } from 'graphql-scalars'
-import { getDB } from './db'
-import { Regions } from './regions'
-import { initListeners } from './listeners'
+import { migrateAll } from './services/databaseManagement'
 
 const typeDefs = readFileSync('src/schema.graphql', { encoding: 'utf-8' })
 
@@ -21,27 +19,8 @@ const startServer = async (): Promise<void> => {
     listen: { port: 4000 }
   })
 
-  const mainDB = getDB()
-  const regionDBs = Regions.map(region => getDB(region))
+  await migrateAll()
 
-  const databases = [mainDB, ...regionDBs]
-
-  for (const db of databases) {
-    const plannedMigrations: Array<{ file: string }> = (
-      await db.migrate.list()
-    )[1]
-    if (plannedMigrations.length > 0) {
-      console.log(
-        `🕰️  planning migrations: ${plannedMigrations
-          .map((m) => m.file)
-          .join(',')}`
-      )
-    }
-
-    await db.migrate.latest()
-  }
-
-  await initListeners()
   console.log(`🚀 Server ready at: ${url}`)
 }
 

src/config.ts

@@ -2,8 +2,7 @@ import 'dotenv/config'
 import { parseEnv } from 'znv'
 import { z } from 'zod'
 
-export const { POSTGRES_URL } = parseEnv(process.env, {
-  POSTGRES_URL: z.string().min(1)
+export const { POSTGRES_URL, POSTGRES_CA_CERT_PATH } = parseEnv(process.env, {
+  POSTGRES_URL: z.string().min(1),
+  POSTGRES_CA_CERT_PATH: z.string().min(1).nullish()
 })
-
-console.log([POSTGRES_URL].join(', '))

src/db.ts

@@ -1,19 +1,4 @@
-import Knex, { Knex as KnexClient } from 'knex'
-import { mainDBConfig, euDBConfig, usDBConfig } from '../knexfile'
-import { Region } from './regions'
+import Knex from 'knex'
+import config from '../knexfile'
 
-const mainDB = Knex(mainDBConfig)
-const regionDBs = new Map<Region, KnexClient>([['eu', Knex(euDBConfig)], ['us', Knex(usDBConfig)]])
-
-export function getDB(region?: Region) {
-  if (!region) {
-    return mainDB
-  }
-
-  const db = regionDBs.get(region)
-
-  if (!db) {
-    throw new Error('Region not supported')
-  }
-  return db
-}
+export const knex = Knex(config)

src/listeners.ts

@@ -1,27 +0,0 @@
-import { Knex } from "knex";
-import { getDB } from "./db";
-import { Regions } from "./regions";
-import { upsertResourceView } from "./repositories";
-
-
-export async function initListeners() {
-  for (const region of Regions) {
-    const db = getDB(region)
-    const connection = await (db.client as Knex.Client).acquireRawConnection()
-    connection.query('LISTEN notifications')
-
-    connection.on('notification', async (data: { payload: string }) => {
-      console.log(JSON.parse(data.payload))
-      await upsertResourceView(region, JSON.parse(data.payload))
-    });
-
-    // connection.on('end', (err) => {
-    //   reconnectClient(knex);
-    // })
-    connection.on('error', (err) => {
-      console.log(err);
-    })
-  }
-}
-
-

src/migrations/20240205145527_organizations.ts

@@ -0,0 +1,14 @@
+import type { Knex } from 'knex'
+
+const tableName = 'organizations'
+
+export async function up (knex: Knex): Promise<void> {
+  return await knex.schema.createTable(tableName, (table) => {
+    table.text('id').primary()
+    table.text('name')
+  })
+}
+
+export async function down (knex: Knex): Promise<void> {
+  return await knex.schema.dropTable(tableName)
+}

src/migrations/20240205150932_regions.ts

@@ -0,0 +1,49 @@
+import type { Knex } from 'knex'
+
+const regionsTableName = 'regions'
+
+export async function up (knex: Knex): Promise<void> {
+  await knex.schema.createTable(regionsTableName, (table) => {
+    table.text('id').primary()
+    table.text('connectionString')
+  })
+  await knex.schema.createTable('organizations_regions', (table) => {
+    table
+      .text('organizationId')
+      .references('id')
+      .inTable('organizations')
+      .notNullable()
+      .onDelete('cascade')
+    table
+      .text('regionId')
+      .references('id')
+      .inTable('regions')
+      .notNullable()
+      .onDelete('cascade')
+  })
+  await knex.schema.createTable('resource_organization_region', (table) => {
+    table
+      .text('resourceId')
+      .references('id')
+      .inTable('resources')
+      .notNullable()
+      .onDelete('cascade')
+    table
+      .text('organizationId')
+      .references('id')
+      .inTable('organizations')
+      .notNullable()
+      .onDelete('cascade')
+    table
+      .text('regionId')
+      .references('id')
+      .inTable('regions')
+      .notNullable()
+      .onDelete('cascade')
+  })
+}
+
+export async function down (knex: Knex): Promise<void> {
+  await knex.schema.dropTable(regionsTableName)
+  await knex.schema.dropTable('organizations_regions')
+}

src/migrations/20240206210140_region_name.ts

@@ -0,0 +1,15 @@
+import type { Knex } from 'knex'
+
+const regionsTableName = 'regions'
+
+export async function up (knex: Knex): Promise<void> {
+  await knex.schema.alterTable(regionsTableName, (table) => {
+    table.text('name').notNullable().defaultTo('region')
+  })
+}
+
+export async function down (knex: Knex): Promise<void> {
+  await knex.schema.alterTable(regionsTableName, (table) => {
+    table.dropColumn('name')
+  })
+}

src/migrations/20240206213031_region_maintenance_db.ts

@@ -0,0 +1,15 @@
+import type { Knex } from 'knex'
+
+const regionsTableName = 'regions'
+
+export async function up (knex: Knex): Promise<void> {
+  await knex.schema.alterTable(regionsTableName, (table) => {
+    table.text('maintenanceDb').notNullable().defaultTo('region')
+  })
+}
+
+export async function down (knex: Knex): Promise<void> {
+  await knex.schema.alterTable(regionsTableName, (table) => {
+    table.dropColumn('maintenanceDb')
+  })
+}

src/migrations/20240207203256_organization_acl.ts

@@ -0,0 +1,22 @@
+import type { Knex } from 'knex'
+
+const tableName = 'organization_acl'
+
+export async function up (knex: Knex): Promise<void> {
+  return await knex.schema.createTable(tableName, (table) => {
+    table
+      .string('userId')
+      .references('id')
+      .inTable('users')
+      .onDelete('cascade')
+    table
+      .string('organizationId')
+      .references('id')
+      .inTable('organizations')
+      .onDelete('cascade')
+  })
+}
+
+export async function down (knex: Knex): Promise<void> {
+  return await knex.schema.dropTable(tableName)
+}

src/migrations/20240207212311_organization_resource_acl.ts

@@ -0,0 +1,22 @@
+import type { Knex } from 'knex'
+
+const tableName = 'organization_resource_acl'
+
+export async function up (knex: Knex): Promise<void> {
+  return await knex.schema.createTable(tableName, (table) => {
+    table
+      .string('resourceId')
+      .references('id')
+      .inTable('resources')
+      .onDelete('cascade')
+    table
+      .string('organizationId')
+      .references('id')
+      .inTable('organizations')
+      .onDelete('cascade')
+  })
+}
+
+export async function down (knex: Knex): Promise<void> {
+  return await knex.schema.dropTable(tableName)
+}

src/migrations/20240207214054_resource_region.ts

@@ -0,0 +1,28 @@
+import type { Knex } from 'knex'
+
+const tableName = 'resource_region_organization'
+
+export async function up (knex: Knex): Promise<void> {
+  return await knex.schema.createTable(tableName, (table) => {
+    table
+      .string('resourceId')
+      .references('id')
+      .inTable('resources')
+      .onDelete('cascade')
+      .primary()
+    table
+      .string('regionId')
+      .references('id')
+      .inTable('regions')
+      .onDelete('cascade')
+    table
+      .string('organizationId')
+      .references('id')
+      .inTable('organizations')
+      .onDelete('cascade')
+  })
+}
+
+export async function down (knex: Knex): Promise<void> {
+  return await knex.schema.dropTable(tableName)
+}

src/migrations/20240213175105_region_pruning.ts

@@ -0,0 +1,15 @@
+import type { Knex } from 'knex'
+
+const regionsTableName = 'regions'
+
+export async function up (knex: Knex): Promise<void> {
+  await knex.schema.alterTable(regionsTableName, (table) => {
+    table.dropColumn('maintenanceDb')
+  })
+}
+
+export async function down (knex: Knex): Promise<void> {
+  await knex.schema.alterTable(regionsTableName, (table) => {
+    table.text('maintenanceDb').notNullable().defaultTo('region')
+  })
+}

src/migrations/20240213214212_split_resource_region_org.ts

@@ -0,0 +1,56 @@
+import type { Knex } from 'knex'
+
+const tableName = 'resource_region_organization'
+
+export async function up (knex: Knex): Promise<void> {
+  await knex.schema.dropTable(tableName)
+  await knex.schema.createTable('resource_region', (table) => {
+    table
+      .string('resourceId')
+      .references('id')
+      .inTable('resources')
+      .onDelete('cascade')
+      .primary()
+    table
+      .string('regionId')
+      .references('id')
+      .inTable('regions')
+      .onDelete('cascade')
+  })
+  await knex.schema.createTable('resource_organization', (table) => {
+    table
+      .string('resourceId')
+      .references('id')
+      .inTable('resources')
+      .onDelete('cascade')
+      .primary()
+    table
+      .string('organizationId')
+      .references('id')
+      .inTable('organizations')
+      .onDelete('cascade')
+  })
+}
+
+export async function down (knex: Knex): Promise<void> {
+  await knex.schema.dropTable('resource_organization')
+  await knex.schema.dropTable('resource_region')
+  await knex.schema.createTable(tableName, (table) => {
+    table
+      .string('resourceId')
+      .references('id')
+      .inTable('resources')
+      .onDelete('cascade')
+      .primary()
+    table
+      .string('regionId')
+      .references('id')
+      .inTable('regions')
+      .onDelete('cascade')
+    table
+      .string('organizationId')
+      .references('id')
+      .inTable('organizations')
+      .onDelete('cascade')
+  })
+}

src/migrations/20240214151340_region_ssl_cert.ts

@@ -0,0 +1,13 @@
+import type { Knex } from 'knex'
+
+export async function up (knex: Knex): Promise<void> {
+  await knex.schema.alterTable('regions', (table) => {
+    table.text('sslCaCert').nullable()
+  })
+}
+
+export async function down (knex: Knex): Promise<void> {
+  await knex.schema.alterTable('regions', (table) => {
+    table.dropColumn('sslCaCert')
+  })
+}

src/migrations/20240220152312_region_name_unique.ts

@@ -0,0 +1,13 @@
+import type { Knex } from 'knex'
+
+export async function up (knex: Knex): Promise<void> {
+  await knex.schema.alterTable('regions', (table) => {
+    table.unique('name')
+  })
+}
+
+export async function down (knex: Knex): Promise<void> {
+  await knex.schema.alterTable('regions', (table) => {
+    table.dropUnique(['name'])
+  })
+}

src/migrations/20240507155726_create-resource-views-table.ts

@@ -1,16 +0,0 @@
-import type { Knex } from 'knex'
-
-const tableName = 'resource_views'
-
-export async function up(knex: Knex): Promise<void> {
-  return await knex.schema.createTable(tableName, (table) => {
-    table.string('resourceId').primary()
-    table.string('region')
-    table.string('resourceName')
-    table.datetime('resourceCreatedAt')
-  })
-}
-
-export async function down(knex: Knex): Promise<void> {
-  return await knex.schema.dropTable(tableName)
-}

src/regions.ts

@@ -1,2 +0,0 @@
-export type Region = 'eu' | 'us'
-export const Regions: Region[] = ['eu', 'us']

src/repositories.ts

@@ -1,92 +1,247 @@
-import { getDB } from "./db";
-import { Region } from "./regions";
-import { UserRecord, Resource, ResourceAcl, Comment, ResourceView } from "./types";
+import { Knex } from 'knex'
+import {
+  UserRecord,
+  Resource,
+  ResourceAcl,
+  Comment,
+  Region,
+  OrganizationsRegions,
+  Organization,
+  OrganizationAcl,
+  OrganizationResourceAcl,
+  ResourceRegion
+} from './types'
 
-const Users = () => getDB()<UserRecord>("users");
-const Resources = (region: Region) => getDB(region)<Resource>("resources");
-const ResourceViews = () => getDB()<ResourceView>("resource_views");
-const ResourceAclRepo = () => getDB()<ResourceAcl>("resource_acl");
-const Comments = () => getDB()<Comment>("comments");
+export class RegionRepo {
+  db: Knex
 
-export const queryUser = async (userId: string): Promise<UserRecord | null> => {
-  return (await Users().where("id", "=", userId).first()) ?? null;
-};
-
-export const queryResource = async (
-  resourceId: string,
-): Promise<Resource | null> => {
-  const resourceLocation = await ResourceViews().where('resourceId', '=', resourceId).first()
-  if (!resourceLocation?.region) {
-    return null
+  constructor (db: Knex) {
+    this.db = db
   }
-  return await Resources(resourceLocation.region).where("id", "=", resourceId).first() || null;
-};
 
-export const queryResourceAcl = async ({
-  resourceId,
-  userId,
-}: {
-  resourceId: string;
-  userId: string;
-}): Promise<ResourceAcl | null> => {
-  return (
-    (await ResourceAclRepo()
-      .where("userId", "=", userId)
-      .andWhere("resourceId", "=", resourceId)
-      .first()) ?? null
-  );
-};
-
-export const countResources = async (userId: string): Promise<number> => {
-  const [rawCount] = await ResourceAclRepo().count().where({ userId });
-  return parseInt(rawCount.count as string);
-};
-
-export const queryResources = async ({
-  userId,
-  limit,
-  cursor,
-}: {
-  userId: string;
-  limit: number;
-  cursor: string | null;
-}) => {
-  const query = ResourceViews()
-    .join("resource_acl", "resource_views.resourceId", "resource_acl.resourceId")
-    .where({ userId });
-  if (cursor) {
-    query.andWhere("resourceCreatedAt", "<", cursor);
+  async saveResource (resource: Resource): Promise<void> {
+    await this.db<Resource>('resources').insert(resource)
   }
-  return query.limit(limit);
-};
 
-export const countComments = async (resourceId: string): Promise<number> => {
-  const [rawCount] = await Comments().count().where({ resourceId });
-  return parseInt(rawCount.count as string);
-};
-
-export const queryComments = async ({
-  resourceId,
-  limit,
-  cursor,
-}: {
-  resourceId: string;
-  limit: number;
-  cursor: string | null;
-}): Promise<Comment[]> => {
-  const query = Comments().where({ resourceId });
-  if (cursor) {
-    query.andWhere("createdAt", "<", cursor);
+  async findResource (resourceId: string): Promise<Resource | null> {
+    return (
+      (await this.db<Resource>('resources')
+        .where({ id: resourceId })
+        .first()) ?? null
+    )
   }
-  return query.limit(limit);
-};
 
-export async function upsertResourceView(region: Region, resource: Resource) {
-  return ResourceViews().insert({
-    resourceId: resource.id,
-    resourceName: resource.name,
-    resourceCreatedAt: resource.createdAt,
-    region: region,
-  }).onConflict('resourceId')
-    .merge()
+  async saveComment (comment: Comment): Promise<void> {
+    await this.db<Comment>('comments').insert(comment)
+  }
+
+  async countComments (resourceId: string): Promise<number> {
+    const [rawCount] = await this.db<Comment>('comments')
+      .count()
+      .where({ resourceId })
+    return parseInt(rawCount.count as string)
+  }
+
+  async queryComments ({
+    resourceId,
+    limit,
+    cursor
+  }: {
+    resourceId: string
+    limit: number
+    cursor: string | null
+  }): Promise<Comment[]> {
+    const query = this.db<Comment>('comments').where({ resourceId })
+    if (cursor) {
+      query.andWhere('createdAt', '<', cursor)
+    }
+    return await query.limit(limit)
+  }
+}
+
+export class MainRepo extends RegionRepo {
+  async findUser (userId: string): Promise<UserRecord | null> {
+    return (
+      (await this.db<UserRecord>('users').where('id', '=', userId).first()) ??
+      null
+    )
+  }
+
+  async queryUsers (): Promise<UserRecord[]> {
+    return await this.db<UserRecord>('users').select()
+  }
+
+  async saveUser (user: UserRecord): Promise<void> {
+    await this.db<UserRecord>('users').insert(user)
+  }
+
+  async getUsersResourceAcl ({
+    resourceId,
+    userId
+  }: ResourceAcl): Promise<ResourceAcl | null> {
+    return (
+      (await this.db<ResourceAcl>('resource_acl')
+        .where({ userId, resourceId })
+        .first()) ?? null
+    )
+  }
+
+  async saveResourceAcl (resourceAcl: ResourceAcl): Promise<void> {
+    await this.db<ResourceAcl>('resource_acl').insert(resourceAcl)
+  }
+
+  async countUsersResources (userId: string): Promise<number> {
+    const [rawCount] = await this.db<ResourceAcl>('resource_acl')
+      .count()
+      .where({ userId })
+    return parseInt(rawCount.count as string)
+  }
+
+  async findUsersResource ({
+    resourceId,
+    userId
+  }: ResourceAcl): Promise<ResourceAcl | null> {
+    return (
+      (await this.db<ResourceAcl>('resource_acl')
+        .where({ userId, resourceId })
+        .first()) ?? null
+    )
+  }
+
+  async queryResources ({
+    userId,
+    limit,
+    cursor
+  }: {
+    userId: string
+    limit: number
+    cursor: string | null
+  }): Promise<Resource[]> {
+    let query = this.db<Resource & ResourceAcl>('resources')
+      .join('resource_acl', 'resources.id', 'resource_acl.resourceId')
+      .where({ userId })
+    if (cursor) {
+      query = query.andWhere('createdAt', '<', cursor)
+    }
+    const items = await query.orderBy('createdAt', 'desc').limit(limit)
+    return items
+  }
+
+  async countResourceComments (resourceId: string): Promise<number> {
+    const [rawCount] = await this.db<Comment>('comments')
+      .count()
+      .where({ resourceId })
+    return parseInt(rawCount.count as string)
+  }
+
+  async queryComments ({
+    resourceId,
+    limit,
+    cursor
+  }: {
+    resourceId: string
+    limit: number
+    cursor: string | null
+  }): Promise<Comment[]> {
+    let query = this.db<Comment>('comments').where({ resourceId })
+    if (cursor) {
+      query = query.andWhere('createdAt', '<', cursor)
+    }
+    return await query.orderBy('createdAt', 'desc').limit(limit)
+  }
+
+  async queryRegions (
+    params:
+    | {
+      connectionString?: string | undefined
+    }
+    | undefined = undefined
+  ): Promise<Region[]> {
+    const query = this.db<Region>('regions')
+    if ((params != null) && params.connectionString) query.where(params)
+    return await query.select()
+  }
+
+  async findRegion (id: string): Promise<Region | null> {
+    return (await this.db<Region>('regions').where({ id }).first()) ?? null
+  }
+
+  async queryOrganizationsRegions (): Promise<OrganizationsRegions[]> {
+    return await this.db<OrganizationsRegions>('organizations_regions').select()
+  }
+
+  async findOrganizationRegion ({
+    regionId,
+    organizationId
+  }: OrganizationsRegions): Promise<OrganizationsRegions | null> {
+    return (
+      (await this.db<OrganizationsRegions>('organizations_regions')
+        .where({ regionId, organizationId })
+        .first()) ?? null
+    )
+  }
+
+  async saveRegion (region: Region): Promise<void> {
+    await this.db<Region>('regions').insert(region)
+  }
+
+  async saveOrganization (organization: Organization) {
+    await this.db<Organization>('organizations').insert(organization)
+  }
+
+  async findOrganization (id: string): Promise<Organization | null> {
+    return (
+      (await this.db<Organization>('organizations').where({ id }).first()) ??
+      null
+    )
+  }
+
+  async queryOrganizations (): Promise<Organization[]> {
+    return await this.db<Organization>('organizations').select()
+  }
+
+  async saveOrganizationRegion (or: OrganizationsRegions): Promise<void> {
+    return await this.db<OrganizationsRegions>('organizations_regions').insert(
+      or
+    )
+  }
+
+  async saveOrganizationAcl (orgAcl: OrganizationAcl): Promise<void> {
+    await this.db<OrganizationsRegions>('organization_acl').insert(orgAcl)
+  }
+
+  async findOrganizationAcl ({
+    userId,
+    organizationId
+  }: OrganizationAcl): Promise<OrganizationAcl | null> {
+    return (
+      (await this.db<OrganizationAcl>('organization_acl')
+        .where({ userId, organizationId })
+        .first()) ?? null
+    )
+  }
+
+  async saveOrganizationResourceAcl (
+    item: OrganizationResourceAcl
+  ): Promise<void> {
+    await this.db<OrganizationResourceAcl>('organization_resource_acl').insert(
+      item
+    )
+  }
+
+  async findResourceRegion ({
+    resourceId
+  }: {
+    resourceId: string
+  }): Promise<ResourceRegion | null> {
+    return (
+      (await this.db<ResourceRegion>('resource_region')
+        .where({ resourceId })
+        .first()) ?? null
+    )
+  }
+
+  async saveResourceRegion (item: ResourceRegion): Promise<void> {
+    await this.db<ResourceRegion>('resource_region').insert(item)
+  }
 }

src/resolvers.ts

@@ -1,62 +1,177 @@
-import { queryResourceAcl } from "./repositories";
-import { getUser, getResource, getComments, getResources } from "./services";
-import { GraphQLError } from "graphql";
+import { RegionRepo, MainRepo } from './repositories'
+import { getComments } from './services/comments'
+import { createResource, getResources } from './services/resources'
+import { GraphQLError } from 'graphql'
 import {
   Resource,
   UserRecord,
   CommentCollection,
   PaginationArgs,
-} from "./types";
+  ResourceCreateArgs,
+  OrganizationsRegions,
+  OrganizationAcl,
+  CommentCreateArgs,
+  UserCreateArgs
+} from './types'
+import {
+  createOrganization,
+  registerRegion,
+  getMainRepo,
+  getRegionRepo,
+  getResourceRepo
+} from './services/databaseManagement'
+import { authorizeUserOrgRegion } from './services/authz'
+import cryptoRandomString from 'crypto-random-string'
 
 // Resolvers define how to fetch the types defined in your schema.
 // This resolver retrieves books from the "books" array above.
 export const resolvers = {
   Query: {
-    async user(_: unknown, args: { id: string }) {
-      return await getUser(args.id);
+    async users () {
+      return await getMainRepo().queryUsers()
     },
-    async resource(
+    async user (_: unknown, args: { id: string }) {
+      return await getMainRepo().findUser(args.id)
+    },
+    async resource (
       _: unknown,
-      args: { id: string; userId: string },
+      args: { id: string, userId: string }
     ): Promise<Resource> {
-      const maybeAcl = await queryResourceAcl({
+      const mainRepo = getMainRepo()
+      const maybeAcl = await mainRepo.getUsersResourceAcl({
         userId: args.userId,
-        resourceId: args.id,
-      });
+        resourceId: args.id
+      })
       if (maybeAcl == null) {
         throw new GraphQLError(
           "The user doesn't have access to the given resource",
           {
             extensions: {
-              code: "FORBIDDEN",
-            },
-          },
-        );
+              code: 'FORBIDDEN'
+            }
+          }
+        )
       }
-      const maybeResource = await getResource(args.id);
+      const resourceRepo = await getResourceRepo(args.id)
+      const maybeResource = await resourceRepo.findResource(args.id)
       if (maybeResource == null) {
-        throw new GraphQLError("Resource not found", {
-          extensions: { code: "RESOURCE_NOT_FOUND" },
-        });
+        throw new GraphQLError('Resource not found', {
+          extensions: { code: 'RESOURCE_NOT_FOUND' }
+        })
       }
-      return maybeResource;
+      return maybeResource
     },
+    async organizations () {
+      return await getMainRepo().queryOrganizations()
+    },
+    async regions () {
+      return await getMainRepo().queryRegions()
+    }
   },
   User: {
-    async resources(parent: UserRecord, args: PaginationArgs) {
-      return await getResources({ userId: parent.id, ...args });
-    },
+    async resources (parent: UserRecord, args: PaginationArgs) {
+      const mainRepo = getMainRepo()
+      return await getResources(
+        mainRepo.countUsersResources.bind(mainRepo),
+        mainRepo.queryResources.bind(mainRepo)
+      )({ userId: parent.id, ...args })
+    }
   },
-  ResourceDetail: {
-    async comments(
+  Resource: {
+    async comments (
       parent: Resource,
-      { limit, cursor }: PaginationArgs,
+      { limit, cursor }: PaginationArgs
     ): Promise<CommentCollection> {
-      return await getComments({
+      const resourceRepo = await getResourceRepo(parent.id)
+      return await getComments(
+        resourceRepo.countComments.bind(resourceRepo),
+        resourceRepo.queryComments.bind(resourceRepo)
+      )({
         resourceId: parent.id,
         limit,
-        cursor,
-      });
-    },
+        cursor
+      })
+    }
   },
-};
+  Mutation: {
+    async createUser (
+      _: unknown,
+      { input: { name } }: { input: UserCreateArgs }
+    ) {
+      const id = cryptoRandomString({ length: 10 })
+      await getMainRepo().saveUser({ id, name })
+      return id
+    },
+    async registerRegion (
+      _: unknown,
+      args: {
+        name: string
+        connectionString: string
+        sslCaCert: string | null
+      }
+    ) {
+      return await registerRegion(args)
+    },
+    async createOrganization (_: unknown, args: { name: string }) {
+      return await createOrganization(args.name)
+    },
+    async addRegionToOrganization (_: unknown, args: OrganizationsRegions) {
+      await getMainRepo().saveOrganizationRegion(args)
+    },
+    async addUserToOrganization (
+      _: unknown,
+      { input: args }: { input: OrganizationAcl }
+    ) {
+      await getMainRepo().saveOrganizationAcl(args)
+    },
+    async createResource (
+      _: unknown,
+      { input: args }: { input: ResourceCreateArgs }
+    ) {
+      const mainRepo = getMainRepo()
+      await authorizeUserOrgRegion(
+        mainRepo.findOrganizationAcl.bind(mainRepo),
+        mainRepo.findOrganizationRegion.bind(mainRepo)
+      )(args)
+
+      const repo = args.regionId
+        ? await getRegionRepo({ regionId: args.regionId })
+        : mainRepo
+
+      const resourceId = await createResource(
+        repo.saveResource.bind(repo),
+        mainRepo.saveResourceAcl.bind(mainRepo)
+      )(args)
+
+      if (args.organizationId) {
+        await mainRepo.saveOrganizationResourceAcl({
+          organizationId: args.organizationId,
+          resourceId
+        })
+        if (args.regionId) {
+          await mainRepo.saveResourceRegion({
+            resourceId,
+            // i know its not null here, the authz function ensures it
+            regionId: args.regionId
+          })
+        }
+      }
+      return resourceId
+    },
+    async addComment (
+      _: unknown,
+      { input: args }: { input: CommentCreateArgs }
+    ) {
+      const mainRepo = getMainRepo()
+      const resourceAcl = await mainRepo.getUsersResourceAcl(args)
+      if (resourceAcl == null) { throw new Error("The user doesn't have access to the given resource") }
+      // 2. get resource db client
+      const resourceRepo = await getResourceRepo(args.resourceId)
+      // 3. save comment to db
+      const id = cryptoRandomString({ length: 10 })
+      const createdAt = new Date()
+      await resourceRepo.saveComment({ id, createdAt, ...args })
+      return id
+    }
+  }
+}

src/schema.graphql

@@ -15,12 +15,6 @@ type Resource {
   id: String!
   name: String!
   createdAt: DateTime!
-}
-
-type ResourceDetail {
-  id: String!
-  name: String!
-  createdAt: DateTime!
   comments(limit: Int! = 10, cursor: String = null): CommentCollection!
 }
 
@@ -36,8 +30,58 @@ type User {
   resources(limit: Int! = 10, cursor: String = null): ResourceCollection!
 }
 
+type Organization {
+  id: String!
+  name: String!
+}
+
+type Region {
+  id: String!
+  name: String!
+}
+
 type Query {
   user(id: String!): User
+  users: [User!]
 
-  resource(id: String!): ResourceDetail
+  resource(id: String!, userId: String!): Resource
+
+  organizations: [Organization!]
+  regions: [Region!]
+}
+
+input ResourceCreateInput {
+  userId: String!
+  name: String!
+  organizationId: String = null
+  regionId: String = null
+}
+
+input OrganizationAcl {
+  userId: String!
+  organizationId: String!
+}
+
+input CommentInput {
+  userId: String!
+  content: String!
+  resourceId: String!
+}
+
+input UserCreateArgs {
+  name: String!
+}
+
+type Mutation {
+  createUser(input: UserCreateArgs!): String!
+  registerRegion(
+    name: String!
+    connectionString: String!
+    sslCaCert: String
+  ): String!
+  createOrganization(name: String!): String!
+  addRegionToOrganization(organizationId: String!, regionId: String!): Boolean
+  addUserToOrganization(input: OrganizationAcl!): Boolean
+  createResource(input: ResourceCreateInput!): String!
+  addComment(input: CommentInput!): String!
 }

src/services.ts

@@ -1,61 +0,0 @@
-import {
-  queryUser,
-  queryResource,
-  countComments,
-  queryComments,
-  countResources,
-  queryResources,
-} from "./repositories";
-import {
-  UserRecord,
-  Resource,
-  CommentCollection,
-  PaginationArgs,
-  ResourceCollection,
-} from "./types";
-
-export const getUser = async (id: string): Promise<UserRecord | null> => {
-  return queryUser(id);
-};
-
-export const getResource = async (id: string): Promise<Resource | null> => {
-  return queryResource(id);
-};
-
-interface GetResourcesArgs extends PaginationArgs {
-  userId: string;
-}
-export const getResources = async (
-  params: GetResourcesArgs,
-): Promise<ResourceCollection> => {
-  const totalCount = await countResources(params.userId);
-  const items = await queryResources(params);
-  let cursor = null;
-  if (items.length > 0) {
-    cursor = items.slice(-1)[0].createdAt.toISOString();
-  }
-  return {
-    totalCount,
-    items,
-    cursor,
-  };
-};
-
-export const getComments = async (params: {
-  resourceId: string;
-  limit: number;
-  cursor: string | null;
-}): Promise<CommentCollection> => {
-  // yes, i should be doing base64 de and encoding with the cursor...
-  const totalCount = await countComments(params.resourceId);
-  const items = await queryComments(params);
-  let cursor = null;
-  if (items.length > 0) {
-    cursor = items.slice(-1)[0].createdAt.toISOString();
-  }
-  return {
-    totalCount,
-    items,
-    cursor,
-  };
-};

src/services/authz.ts

@@ -0,0 +1,23 @@
+import {
+  OrganizationAcl,
+  OrganizationsRegions,
+  UserOrgRegionArgs
+} from '../types'
+
+export const authorizeUserOrgRegion =
+  (
+    orgAclGetter: (params: OrganizationAcl) => Promise<OrganizationAcl | null>,
+    orgRegionGetter: (
+      params: OrganizationsRegions,
+    ) => Promise<OrganizationsRegions | null>
+  ) =>
+    async ({ userId, regionId, organizationId }: UserOrgRegionArgs) => {
+      if (!organizationId && regionId) { throw new Error("public org doesn't support regions") }
+      if (organizationId) {
+        if (!regionId) throw new Error('organizations can only write to regions')
+        const orgAcl = await orgAclGetter({ organizationId, userId })
+        if (orgAcl == null) { throw new Error("user doesn't have access to this organization") }
+        const orgRegion = await orgRegionGetter({ organizationId, regionId })
+        if (orgRegion == null) { throw new Error('organization doesnt have access to this region') }
+      }
+    }

src/services/comments.ts

@@ -0,0 +1,25 @@
+import { CommentCollection, PaginationArgs, Comment } from '../types'
+
+interface GetCommentsArgs extends PaginationArgs {
+  resourceId: string
+}
+
+export const getComments =
+  (
+    countComments: (resourceId: string) => Promise<number>,
+    queryComments: (params: GetCommentsArgs) => Promise<Comment[]>
+  ) =>
+    async (params: GetCommentsArgs): Promise<CommentCollection> => {
+    // yes, i should be doing base64 de and encoding with the cursor...
+      const totalCount = await countComments(params.resourceId)
+      const items = await queryComments(params)
+      let cursor = null
+      if (items.length > 0) {
+        cursor = items.slice(-1)[0].createdAt.toISOString()
+      }
+      return {
+        totalCount,
+        items,
+        cursor
+      }
+    }

src/services/databaseManagement.ts

@@ -0,0 +1,212 @@
+import { POSTGRES_URL } from '../config'
+import { RegionRepo, MainRepo } from '../repositories'
+import knex, { Knex } from 'knex'
+import cryptoRandomString from 'crypto-random-string'
+
+const migrateToLatest = async (db: Knex): Promise<void> => {
+  const plannedMigrations: Array<{ file: string }> = (
+    await db.migrate.list()
+  )[1]
+  if (plannedMigrations.length > 0) {
+    console.log(
+      `🕰️  planning migrations: ${plannedMigrations
+        .map((m) => m.file)
+        .join(',')}`
+    )
+  } else {
+    console.log('no migrations are planned')
+  }
+  // TODO: make sure if a migration fails, all migrations are rolled back
+  await db.migrate.latest()
+}
+
+export const migrateAll = async (): Promise<void> => {
+  await migrateToLatest(mainRepo.db)
+  const repos = await getAllRepositories()
+
+  await Promise.all([
+    ...repos.map(async (repo) => await migrateToLatest(repo.db))
+  ])
+}
+
+const createDatabaseConfig = (
+  connectionString: string,
+  sslCaCert: string | null
+): Knex.Config => {
+  const config: Knex.Config = {
+    client: 'pg',
+    connection: {
+      connectionString,
+      ssl: sslCaCert
+        ? {
+            ca: sslCaCert,
+            rejectUnauthorized: true
+          }
+        : undefined
+    },
+    migrations: {
+      directory: 'src/migrations',
+      extension: 'ts'
+    }
+  }
+  return config
+}
+
+const mainRepo = new MainRepo(knex(createDatabaseConfig(POSTGRES_URL, null)))
+
+const _repoStore: Map<string, RegionRepo> = new Map()
+export const getRegionRepo = async ({
+  regionId
+}: {
+  regionId: string | undefined
+}): Promise<RegionRepo> => {
+  if (!regionId) return mainRepo
+  const maybeRepo = _repoStore.get(regionId)
+  if (maybeRepo != null) return maybeRepo
+  const maybeRegion = await mainRepo.findRegion(regionId)
+  if (maybeRegion == null) throw Error(`region ${regionId} not found`)
+  const repo = new RegionRepo(
+    knex(
+      createDatabaseConfig(maybeRegion.connectionString, maybeRegion.sslCaCert)
+    )
+  )
+  _repoStore.set(regionId, repo)
+  return repo
+}
+
+export const getMainRepo = (): MainRepo => mainRepo
+
+export const registerRegion = async ({
+  name,
+  connectionString,
+  sslCaCert
+}: {
+  name: string
+  connectionString: string
+  sslCaCert: string | null
+}): Promise<string> => {
+  const regions = await mainRepo.queryRegions({ connectionString })
+  if (regions.length > 0) throw new Error('This region is already registered')
+  const id = cryptoRandomString({ length: 10 })
+  const repo = new RegionRepo(
+    knex(createDatabaseConfig(connectionString, sslCaCert))
+  )
+  await migrateToLatest(repo.db)
+  _repoStore.set(id, repo)
+
+  const sslmode = sslCaCert ? 'require' : 'disable'
+  await setUpUserReplication({
+    from: mainRepo.db,
+    to: repo.db,
+    regionName: name,
+    sslmode
+  })
+  await setUpResourceReplication({
+    from: repo.db,
+    to: mainRepo.db,
+    regionName: name,
+    sslmode
+  })
+
+  await mainRepo.saveRegion({
+    id,
+    name,
+    connectionString,
+    sslCaCert
+  })
+  return id
+}
+
+export const createOrganization = async (name: string): Promise<string> => {
+  const id = cryptoRandomString({ length: 10 })
+  await mainRepo.saveOrganization({ id, name })
+  return id
+}
+
+interface ReplicationArgs {
+  from: Knex
+  to: Knex
+  sslmode: string
+  regionName: string
+}
+
+const setUpUserReplication = async ({
+  from,
+  to,
+  sslmode,
+  regionName
+}: ReplicationArgs): Promise<void> => {
+  // TODO: ensure its created...
+  try {
+    await from.raw('CREATE PUBLICATION userspub FOR TABLE users;')
+  } catch (err) {
+    if (!(err instanceof Error)) throw err
+    if (!err.message.includes('already exists')) throw err
+  }
+
+  const fromUrl = new URL(from.client.config.connection.connectionString)
+  const fromDbName = fromUrl.pathname.replace('/', '')
+  const subName = `userssub_${regionName}`
+  const rawSqeel = `SELECT * FROM aiven_extras.pg_create_subscription(
+    '${subName}',
+    'dbname=${fromDbName} host=${fromUrl.hostname} port=${fromUrl.port} sslmode=${sslmode} user=${fromUrl.username} password=${fromUrl.password}',
+    'userspub', 
+    '${subName}',
+    TRUE,
+    TRUE
+  );`
+  try {
+    await to.raw(rawSqeel)
+  } catch (err) {
+    if (!(err instanceof Error)) throw err
+    if (!err.message.includes('already exists')) throw err
+  }
+}
+
+const setUpResourceReplication = async ({
+  from,
+  to,
+  regionName,
+  sslmode
+}: ReplicationArgs): Promise<void> => {
+  // TODO: ensure its created...
+  try {
+    await from.raw('CREATE PUBLICATION resourcepub FOR TABLE resources;')
+  } catch (err) {
+    if (!(err instanceof Error)) throw err
+    if (!err.message.includes('already exists')) throw err
+  }
+
+  const fromUrl = new URL(from.client.config.connection.connectionString)
+  const fromDbName = fromUrl.pathname.replace('/', '')
+  const subName = `resourcesub_${regionName}`
+  const rawSqeel = `SELECT * FROM aiven_extras.pg_create_subscription(
+    '${subName}',
+    'dbname=${fromDbName} host=${fromUrl.hostname} port=${fromUrl.port} sslmode=${sslmode} user=${fromUrl.username} password=${fromUrl.password}',
+    'resourcepub', 
+    '${subName}',
+    TRUE,
+    TRUE
+  );`
+  try {
+    await to.raw(rawSqeel)
+  } catch (err) {
+    if (!(err instanceof Error)) throw err
+    if (!err.message.includes('already exists')) throw err
+  }
+}
+
+export const getAllRepositories = async (): Promise<RegionRepo[]> => {
+  const regions = await mainRepo.queryRegions({})
+  const regionRepos = await Promise.all(
+    regions.map(async (region) => await getRegionRepo({ regionId: region.id }))
+  )
+  return [mainRepo, ...regionRepos]
+}
+
+export const getResourceRepo = async (
+  resourceId: string
+): Promise<RegionRepo> => {
+  const resourceRegion = await mainRepo.findResourceRegion({ resourceId })
+  return (resourceRegion != null) ? await getRegionRepo(resourceRegion) : getMainRepo()
+}

src/services/resources.ts

@@ -0,0 +1,47 @@
+import cryptoRandomString from 'crypto-random-string'
+import {
+  Resource,
+  PaginationArgs,
+  ResourceCollection,
+  ResourceCreateArgs,
+  ResourceAcl
+} from '../types'
+
+interface GetResourcesArgs extends PaginationArgs {
+  userId: string
+}
+export const getResources =
+  (
+    countResources: (userId: string) => Promise<number>,
+    queryResources: (params: GetResourcesArgs) => Promise<Resource[]>
+  ) =>
+    async (params: GetResourcesArgs): Promise<ResourceCollection> => {
+      const totalCount = await countResources(params.userId)
+      const items = await queryResources(params)
+      let cursor = null
+      if (items.length > 0) {
+        cursor = items.slice(-1)[0].createdAt.toISOString()
+      }
+      return {
+        totalCount,
+        items,
+        cursor
+      }
+    }
+
+export const createResource =
+  (
+    resourceSaver: (resource: Resource) => Promise<void>,
+    resourceAclSaver: (resourceAcl: ResourceAcl) => Promise<void>
+  ) =>
+    async ({ userId, name }: ResourceCreateArgs): Promise<string> => {
+    // 1. if no org, create project in main region, validate that, regionId is null
+    // 2. if org, validate if user has access to the org
+    // 3. if org and region, validate if org has access to region
+    // 4. create resource
+      const id = cryptoRandomString({ length: 10 })
+      const resource = { id, name, createdAt: new Date() }
+      await resourceSaver(resource)
+      await resourceAclSaver({ resourceId: id, userId })
+      return id
+    }

src/sketch/dir1/take1.ts

@@ -0,0 +1,33 @@
+import { knex } from "../../db";
+import { Knex } from "knex";
+
+type Thing = {
+  id: string;
+  name: string;
+};
+
+// talk to the DB
+const repo =
+  (db: Knex<Thing>) =>
+  async (id: string): Promise<Thing | null> => {
+    return (await db.where({ id }).first()) ?? null;
+  };
+
+// business / domain logic
+const service =
+  (thingGetter: (id: string) => Promise<Thing | null>) =>
+  async (id: string): Promise<Thing | null> => {
+    return thingGetter(id);
+  };
+
+const getThingClient = (id: string | undefined): Knex => {
+  if (!id) return knex;
+  return knex;
+};
+
+// graphql entry
+export const resolver = async (args: { id: string }): Promise<Thing> => {
+  const thing = await service(repo(getThingClient(args.id)))(args.id);
+  if (!thing) throw new Error("not found");
+  return thing;
+};

src/sketch/dir2/take2.ts

@@ -0,0 +1,33 @@
+import { Knex } from "knex";
+import { knex } from "../../db";
+type Thing = {
+  id: string;
+  name: string;
+};
+
+type ServedThing = {
+  foo: number;
+} & Thing;
+
+// talk to the DB
+const repo =
+  ({ db }: { db: Knex<Thing> }) =>
+  async (id: string): Promise<Thing | null> => {
+    return (await db().where({ id }).first()) ?? null;
+  };
+
+// business / domain logic
+const service =
+  ({ thingGetter }: { thingGetter: (id: string) => Promise<Thing | null> }) =>
+  async (id: string): Promise<ServedThing | null> => {
+    const thing = await thingGetter(id);
+    const foo = 123;
+    return thing ? { ...thing, foo } : null;
+  };
+
+// graphql entry
+export const resolver = async (id: string): Promise<ServedThing> => {
+  const thing = await service({ thingGetter: repo({ db: knex }) })(id);
+  if (!thing) throw new Error("not found");
+  return thing;
+};

src/sketch/dir3/domain.ts

@@ -0,0 +1,8 @@
+export type Thing = {
+  id: string;
+};
+
+export type ThingRepo = {
+  findThing: (id: string) => Promise<Thing | null>;
+  queryThing: () => Promise<Thing[]>;
+};

src/sketch/dir3/repo.ts

@@ -0,0 +1,12 @@
+import { Knex } from "knex";
+import { Thing } from "./domain";
+
+const findThing =
+  ({ db }: { db: Knex }) =>
+  async (id: string): Promise<Thing | null> => {
+    return null;
+  };
+
+export const thingRepo = ({ db }: { db: Knex }) => ({
+  findThing: findThing({ db }),
+});

src/sketch/dir3/resolver.ts

@@ -0,0 +1,11 @@
+import { ServedThing, service } from "./services/service";
+import { thingRepo } from "./repo";
+import { knex } from "../../db";
+
+export const resolver = async (id: string): Promise<ServedThing> => {
+  const thing = await service({
+    thingRepo: thingRepo({ db: knex }),
+  })(id);
+  if (!thing) throw new Error("not found");
+  return thing;
+};

src/sketch/dir3/services/service.ts

@@ -0,0 +1,19 @@
+import { Thing, type ThingRepo } from "../domain";
+
+export type ServedThing = {
+  foo: number;
+} & Thing;
+
+export const service =
+  ({ thingRepo }: { thingRepo: Pick<ThingRepo, "findThing"> }) =>
+  async (id: string): Promise<ServedThing | null> => {
+    const thing = await thingRepo.findThing(id);
+    const foo = 123;
+    return thing ? { ...thing, foo } : null;
+  };
+
+export const service2 = ({
+  thingRepo,
+}: {
+  thingRepo: Pick<ThingRepo, "queryThing">;
+}) => {};

src/sketch/existing/existing.ts

@@ -0,0 +1,24 @@
+import { knex } from "../../db";
+type Thing = {
+  id: string;
+  name: string;
+};
+
+const Things = () => knex<Thing>("things");
+
+// talk to the DB
+const repo = async (id: string): Promise<Thing | null> => {
+  return (await Things().where({ id }).first()) ?? null;
+};
+
+// business / domain logic
+const service = async (id: string): Promise<Thing | null> => {
+  return repo(id);
+};
+
+// graphql entry
+export const resolver = async (id: string): Promise<Thing> => {
+  const thing = await service(id);
+  if (!thing) throw new Error("not found");
+  return thing;
+};

src/types.ts

@@ -1,55 +1,99 @@
-import { Region } from "./regions";
+export interface CommentCreateArgs {
+  userId: string
+  content: string
+  resourceId: string
+}
 
-export interface Comment {
-  id: string;
-  userId: string;
-  content: string;
-  createdAt: Date;
-  resourceId: string;
+export interface Comment extends CommentCreateArgs {
+  id: string
+  createdAt: Date
 }
 
 export interface PaginationArgs {
-  limit: number;
-  cursor: string | null;
+  limit: number
+  cursor: string | null
 }
 
 interface Collection<T> {
-  totalCount: number;
-  cursor: string | null;
-  items: T[];
+  totalCount: number
+  cursor: string | null
+  items: T[]
 }
 
-export interface CommentCollection extends Collection<Comment> { }
+export interface CommentCollection extends Collection<Comment> {}
+
+export interface UserOrgRegionArgs {
+  userId: string
+  organizationId: string | null
+  regionId: string | null
+}
+
+export interface ResourceCreateArgs extends UserOrgRegionArgs {
+  name: string
+}
 
 export interface Resource {
-  id: string;
-  name: string;
-  createdAt: Date;
+  id: string
+  name: string
+  createdAt: Date
 }
 
-export interface ResourceCollection extends Collection<Resource> { }
+export interface ResourceCollection extends Collection<Resource> {}
 
-export interface UserRecord {
-  id: string;
-  name: string;
+export interface UserCreateArgs {
+  name: string
+}
+
+export interface UserRecord extends UserCreateArgs {
+  id: string
 }
 
 export interface User extends UserRecord {
   resources: {
-    cursor: string | null;
-    totalCount: number;
-    items: Resource[];
-  };
+    cursor: string | null
+    totalCount: number
+    items: Resource[]
+  }
 }
 
 export interface ResourceAcl {
-  userId: string;
-  resourceId: string;
+  userId: string
+  resourceId: string
 }
 
-export interface ResourceView {
-  region: Region;
-  resourceId: string;
-  resourceName: string;
-  resourceCreatedAt: Date;
+export interface Region {
+  id: string
+  name: string
+  connectionString: string
+  sslCaCert: string | null
+}
+
+export interface Organization {
+  id: string
+  name: string
+}
+
+export interface OrganizationAcl {
+  userId: string
+  organizationId: string
+}
+
+export interface OrganizationsRegions {
+  organizationId: string
+  regionId: string
+}
+
+export interface OrganizationResourceAcl {
+  organizationId: string
+  resourceId: string
+}
+
+export interface ResourceRegion {
+  resourceId: string
+  regionId: string
+}
+
+export interface ResourceOrganization {
+  resourceId: string
+  organizationId: string
 }

tests/integration/regions.spec.ts

@@ -0,0 +1,29 @@
+import { expect, beforeAll, describe, it } from 'vitest'
+import {
+  getOrganizationRegionsFrom,
+  getRegionsFrom
+} from '../../src/repositories'
+import {
+  getMainDbClient,
+  migrateAll
+} from '../../src/services/databaseManagement'
+import { Knex } from 'knex'
+
+describe('regions', () => {
+  let dbClient: Knex
+
+  beforeAll(async () => {
+    dbClient = await getMainDbClient()
+  })
+  it('gets all regions', async () => {
+    const regions = await getRegionsFrom(dbClient)()
+    expect(regions.length).toBeGreaterThan(0)
+  })
+  it('gets organizations regions', async () => {
+    const orgRegions = await getOrganizationRegionsFrom(dbClient)()
+    expect(orgRegions.length).toBeGreaterThan(0)
+  })
+  it('migrates all', async () => {
+    await migrateAll()
+  })
+})

tsconfig.json

@@ -1,6 +1,109 @@
 {
-  "extends": "@ducktors/tsconfig",
-  "include": [
-    "**/*.ts"
-  ]
+  "compilerOptions": {
+    /* Visit https://aka.ms/tsconfig to read more about this file */
+
+    /* Projects */
+    // "incremental": true,                              /* Save .tsbuildinfo files to allow for incremental compilation of projects. */
+    // "composite": true,                                /* Enable constraints that allow a TypeScript project to be used with project references. */
+    // "tsBuildInfoFile": "./.tsbuildinfo",              /* Specify the path to .tsbuildinfo incremental compilation file. */
+    // "disableSourceOfProjectReferenceRedirect": true,  /* Disable preferring source files instead of declaration files when referencing composite projects. */
+    // "disableSolutionSearching": true,                 /* Opt a project out of multi-project reference checking when editing. */
+    // "disableReferencedProjectLoad": true,             /* Reduce the number of projects loaded automatically by TypeScript. */
+
+    /* Language and Environment */
+    "target": "es2016" /* Set the JavaScript language version for emitted JavaScript and include compatible library declarations. */,
+    // "lib": [],                                        /* Specify a set of bundled library declaration files that describe the target runtime environment. */
+    // "jsx": "preserve",                                /* Specify what JSX code is generated. */
+    // "experimentalDecorators": true,                   /* Enable experimental support for legacy experimental decorators. */
+    // "emitDecoratorMetadata": true,                    /* Emit design-type metadata for decorated declarations in source files. */
+    // "jsxFactory": "",                                 /* Specify the JSX factory function used when targeting React JSX emit, e.g. 'React.createElement' or 'h'. */
+    // "jsxFragmentFactory": "",                         /* Specify the JSX Fragment reference used for fragments when targeting React JSX emit e.g. 'React.Fragment' or 'Fragment'. */
+    // "jsxImportSource": "",                            /* Specify module specifier used to import the JSX factory functions when using 'jsx: react-jsx*'. */
+    // "reactNamespace": "",                             /* Specify the object invoked for 'createElement'. This only applies when targeting 'react' JSX emit. */
+    // "noLib": true,                                    /* Disable including any library files, including the default lib.d.ts. */
+    // "useDefineForClassFields": true,                  /* Emit ECMAScript-standard-compliant class fields. */
+    // "moduleDetection": "auto",                        /* Control what method is used to detect module-format JS files. */
+
+    /* Modules */
+    "module": "commonjs" /* Specify what module code is generated. */,
+    // "rootDir": "./",                                  /* Specify the root folder within your source files. */
+    // "moduleResolution": "node10",                     /* Specify how TypeScript looks up a file from a given module specifier. */
+    // "baseUrl": "./",                                  /* Specify the base directory to resolve non-relative module names. */
+    // "paths": {},                                      /* Specify a set of entries that re-map imports to additional lookup locations. */
+    // "rootDirs": [],                                   /* Allow multiple folders to be treated as one when resolving modules. */
+    // "typeRoots": [],                                  /* Specify multiple folders that act like './node_modules/@types'. */
+    // "types": [],                                      /* Specify type package names to be included without being referenced in a source file. */
+    // "allowUmdGlobalAccess": true,                     /* Allow accessing UMD globals from modules. */
+    // "moduleSuffixes": [],                             /* List of file name suffixes to search when resolving a module. */
+    // "allowImportingTsExtensions": true,               /* Allow imports to include TypeScript file extensions. Requires '--moduleResolution bundler' and either '--noEmit' or '--emitDeclarationOnly' to be set. */
+    // "resolvePackageJsonExports": true,                /* Use the package.json 'exports' field when resolving package imports. */
+    // "resolvePackageJsonImports": true,                /* Use the package.json 'imports' field when resolving imports. */
+    // "customConditions": [],                           /* Conditions to set in addition to the resolver-specific defaults when resolving imports. */
+    // "resolveJsonModule": true,                        /* Enable importing .json files. */
+    // "allowArbitraryExtensions": true,                 /* Enable importing files with any extension, provided a declaration file is present. */
+    // "noResolve": true,                                /* Disallow 'import's, 'require's or '<reference>'s from expanding the number of files TypeScript should add to a project. */
+
+    /* JavaScript Support */
+    // "allowJs": true,                                  /* Allow JavaScript files to be a part of your program. Use the 'checkJS' option to get errors from these files. */
+    // "checkJs": true,                                  /* Enable error reporting in type-checked JavaScript files. */
+    // "maxNodeModuleJsDepth": 1,                        /* Specify the maximum folder depth used for checking JavaScript files from 'node_modules'. Only applicable with 'allowJs'. */
+
+    /* Emit */
+    // "declaration": true,                              /* Generate .d.ts files from TypeScript and JavaScript files in your project. */
+    // "declarationMap": true,                           /* Create sourcemaps for d.ts files. */
+    // "emitDeclarationOnly": true,                      /* Only output d.ts files and not JavaScript files. */
+    // "sourceMap": true,                                /* Create source map files for emitted JavaScript files. */
+    // "inlineSourceMap": true,                          /* Include sourcemap files inside the emitted JavaScript. */
+    // "outFile": "./",                                  /* Specify a file that bundles all outputs into one JavaScript file. If 'declaration' is true, also designates a file that bundles all .d.ts output. */
+    // "outDir": "./",                                   /* Specify an output folder for all emitted files. */
+    // "removeComments": true,                           /* Disable emitting comments. */
+    // "noEmit": true,                                   /* Disable emitting files from a compilation. */
+    // "importHelpers": true,                            /* Allow importing helper functions from tslib once per project, instead of including them per-file. */
+    // "importsNotUsedAsValues": "remove",               /* Specify emit/checking behavior for imports that are only used for types. */
+    // "downlevelIteration": true,                       /* Emit more compliant, but verbose and less performant JavaScript for iteration. */
+    // "sourceRoot": "",                                 /* Specify the root path for debuggers to find the reference source code. */
+    // "mapRoot": "",                                    /* Specify the location where debugger should locate map files instead of generated locations. */
+    // "inlineSources": true,                            /* Include source code in the sourcemaps inside the emitted JavaScript. */
+    // "emitBOM": true,                                  /* Emit a UTF-8 Byte Order Mark (BOM) in the beginning of output files. */
+    // "newLine": "crlf",                                /* Set the newline character for emitting files. */
+    // "stripInternal": true,                            /* Disable emitting declarations that have '@internal' in their JSDoc comments. */
+    // "noEmitHelpers": true,                            /* Disable generating custom helper functions like '__extends' in compiled output. */
+    // "noEmitOnError": true,                            /* Disable emitting files if any type checking errors are reported. */
+    // "preserveConstEnums": true,                       /* Disable erasing 'const enum' declarations in generated code. */
+    // "declarationDir": "./",                           /* Specify the output directory for generated declaration files. */
+    // "preserveValueImports": true,                     /* Preserve unused imported values in the JavaScript output that would otherwise be removed. */
+
+    /* Interop Constraints */
+    // "isolatedModules": true,                          /* Ensure that each file can be safely transpiled without relying on other imports. */
+    // "verbatimModuleSyntax": true,                     /* Do not transform or elide any imports or exports not marked as type-only, ensuring they are written in the output file's format based on the 'module' setting. */
+    // "allowSyntheticDefaultImports": true,             /* Allow 'import x from y' when a module doesn't have a default export. */
+    "esModuleInterop": true /* Emit additional JavaScript to ease support for importing CommonJS modules. This enables 'allowSyntheticDefaultImports' for type compatibility. */,
+    // "preserveSymlinks": true,                         /* Disable resolving symlinks to their realpath. This correlates to the same flag in node. */
+    "forceConsistentCasingInFileNames": true /* Ensure that casing is correct in imports. */,
+
+    /* Type Checking */
+    "strict": true /* Enable all strict type-checking options. */,
+    // "noImplicitAny": true,                            /* Enable error reporting for expressions and declarations with an implied 'any' type. */
+    // "strictNullChecks": true,                         /* When type checking, take into account 'null' and 'undefined'. */
+    // "strictFunctionTypes": true,                      /* When assigning functions, check to ensure parameters and the return values are subtype-compatible. */
+    // "strictBindCallApply": true,                      /* Check that the arguments for 'bind', 'call', and 'apply' methods match the original function. */
+    // "strictPropertyInitialization": true,             /* Check for class properties that are declared but not set in the constructor. */
+    // "noImplicitThis": true,                           /* Enable error reporting when 'this' is given the type 'any'. */
+    // "useUnknownInCatchVariables": true,               /* Default catch clause variables as 'unknown' instead of 'any'. */
+    // "alwaysStrict": true,                             /* Ensure 'use strict' is always emitted. */
+    // "noUnusedLocals": true,                           /* Enable error reporting when local variables aren't read. */
+    // "noUnusedParameters": true,                       /* Raise an error when a function parameter isn't read. */
+    // "exactOptionalPropertyTypes": true,               /* Interpret optional property types as written, rather than adding 'undefined'. */
+    // "noImplicitReturns": true,                        /* Enable error reporting for codepaths that do not explicitly return in a function. */
+    // "noFallthroughCasesInSwitch": true,               /* Enable error reporting for fallthrough cases in switch statements. */
+    // "noUncheckedIndexedAccess": true,                 /* Add 'undefined' to a type when accessed using an index. */
+    // "noImplicitOverride": true,                       /* Ensure overriding members in derived classes are marked with an override modifier. */
+    // "noPropertyAccessFromIndexSignature": true,       /* Enforces using indexed accessors for keys declared using an indexed type. */
+    // "allowUnusedLabels": true,                        /* Disable error reporting for unused labels. */
+    // "allowUnreachableCode": true,                     /* Disable error reporting for unreachable code. */
+
+    /* Completeness */
+    // "skipDefaultLibCheck": true,                      /* Skip type checking .d.ts files that are included with TypeScript. */
+    "skipLibCheck": true /* Skip type checking all .d.ts files. */,
+  },
 }

vitest.config.ts

@@ -0,0 +1,7 @@
+import { defineConfig } from 'vitest/config'
+
+export default defineConfig({
+  test: {
+    dir: 'tests'
+  }
+})