fix: remove edge case chance of SET ROLE leaking

LucianBuzzo · LucianBuzzo · commit 41758a1c4b43 · 2025-11-13T11:06:10.000Z
This changes removes the edge case chance that `SET ROLE` is never reset either by a rollback or `SET ROLE none`, by switching to `SET LOCAL ROLE` which will last only until the end of the current transaction. Whilst the scenario where the role leaks outside of the transaction without being reset correctly is extremely unlikely, and I am unable to create test scenario that replicates it, I think it is wise to future proof the code and make further guarantees that the leak cannot occur. See: - https://www.postgresql.org/docs/14/sql-set-role.html - https://www.postgresql.org/docs/14/sql-set.html
diff --git a/.github/workflows/npm-pack-check.yml b/.github/workflows/npm-pack-check.yml
@@ -22,7 +22,7 @@ jobs:
 
       # Install dependencies so that prepublish scripts work as expected
       - name: Install deps
-        run: npm i
+        run: npm ci
 
       - name: Build package
         run: npm run build
diff --git a/.github/workflows/unit-test.yml b/.github/workflows/unit-test.yml
@@ -10,6 +10,6 @@ jobs:
       - uses: actions/setup-node@v1
         with:
           node-version: 20
-      - run: npm i
+      - run: npm ci
       - run: npm test
       - run: npm run test:types
diff --git a/Dockerfile.sut b/Dockerfile.sut
@@ -1,12 +1,12 @@
 # This container is used to run e2e tests against the built API container
-FROM node:latest
+FROM node:22
 
 COPY package.json /app/package.json
 COPY package-lock.json /app/package-lock.json
 
 WORKDIR /app
 
-RUN npm i
+RUN npm ci
 
 COPY . .
 
diff --git a/package.json b/package.json
@@ -48,4 +48,4 @@
 		"@prisma/client": "^5.11.0",
 		"prisma": "^5.11.0"
 	}
-}
+}
diff --git a/src/index.ts b/src/index.ts
@@ -272,8 +272,8 @@ export const createClient = (
 			prisma
 				.$transaction(
 					async (tx) => {
-						// Switch to the user role, We can't use a prepared statement here, due to limitations in PG not allowing prepared statements to be used in SET ROLE
-						await tx.$queryRawUnsafe(`SET ROLE ${batch.pgRole}`);
+						// Switch to the user role, We can't use a prepared statement here, due to limitations in PG not allowing prepared statements to be used in SET LOCAL ROLE
+						await tx.$queryRawUnsafe(`SET LOCAL ROLE ${batch.pgRole}`);
 						// Now set all the context variables using `set_config` so that they can be used in RLS
 						for (const [key, value] of toPairs(batch.context)) {
 							await tx.$queryRaw`SELECT set_config(${key}, ${value.toString()}, true);`;
@@ -299,8 +299,6 @@ export const createClient = (
 								}),
 							),
 						);
-						// Switch role back to admin user
-						await tx.$queryRawUnsafe("SET ROLE none");
 
 						return results;
 					},
diff --git a/test/integration/middleware.spec.ts b/test/integration/middleware.spec.ts
@@ -38,7 +38,7 @@ describe("middlewares", () => {
 		});
 
 		expect(post.id).toBeDefined();
-		expect(middlewareSpy).toHaveBeenCalledTimes(3);
+		expect(middlewareSpy).toHaveBeenCalledTimes(2);
 		expect(middlewareSpy.mock.calls[0][0].model).toBe("Post");
 		expect(middlewareSpy.mock.calls[1][0].model).toBeUndefined();
 		expect(middlewareSpy.mock.calls[1][0].action).toBe("queryRaw");

Original file line number	Diff line number	Diff line change
`@@ -48,4 +48,4 @@`
`48`	`48`	`"@prisma/client": "^5.11.0",`
`49`	`49`	`"prisma": "^5.11.0"`
`50`	`50`	`}`
`51`		`-}`
	`51`	`+}`