re: Built an unconventional database thing VIEW POST

TOP OF THREAD FULL DISCUSSION
re: Haha I think we really are laying the foundation for a blog post indeed. I'm not sure what about yet, perhaps a few different kinds really at this ...

Nahhh, I appreciate the "we". Sounds like a community effort already :)

I try to keep it shorter this time... ^

So the big picture overview as of right now is:

Squid:

  • has two functionalities
    • mark sql queries as such via the sql template tag
    • turn the query string with the interpolated expressions into a query object (at runtime)
  • that query object varies between database drivers, so as of right now it requires either
    • having a tiny adapter for each db in squid (maybe three lines of code each, but yeah, not 100% elegant)
    • wrapping the db driver's query function into a three-line adapter function
  • it's the runtime side of the whole thing

Postguard

  • is only a static build step, no runtime
  • might make it more generic in the future, supporting other databases as well
  • or create sibling tools for other databases, sharing the babel/typescript parts of the code

Checking every query invocation means that squid HAS to be tied to a specific framework or set of frameworks

No, squid could basically be completely db-agnostic, since all it does is super generic. All the validation happens on build time by postguard.

The reason why it's SQL-injection proofed is that squid doesn't merge the expressions into the SQL query string yet, but produces a string with parameters รก la $1 and an array of the expression values, so the database driver can figure out how to escape them in a water-proof way.

I hope that shines some light on things, because it seems there was some confusion about the big picture concepts (-> will need to improve the readme files, i guess).

But sure, there is still room for various improvements and I love to hear your thoughts :)

code of conduct - report abuse