feat: adds support for prepared statements in sql.unsafe (#176)

Fixes #122

Author: stalniy

lib/index.js

@@ -67,7 +67,7 @@ function Postgres(a, b) {
     , listener
 
   function postgres(xs) {
-    return query({}, getConnection(), xs, Array.from(arguments).slice(1))
+    return query({ prepare: options.prepare }, getConnection(), xs, Array.from(arguments).slice(1))
   }
 
   Object.assign(postgres, {
@@ -167,7 +167,7 @@ function Postgres(a, b) {
 
   function query(query, connection, xs, args) {
     query.origin = options.debug ? new Error().stack : cachedError(xs)
-    query.dynamic = query.dynamic || options.no_prepare
+    query.prepare = 'prepare' in query ? query.prepare : options.prepare
     if (!query.raw && (!Array.isArray(xs) || !Array.isArray(xs.raw)))
       return nested(xs, args)
 
@@ -241,7 +241,7 @@ function Postgres(a, b) {
   function fetchArrayTypes(connection) {
     return arrayTypesPromise || (arrayTypesPromise =
       new Promise((resolve, reject) => {
-        send(connection, { resolve, reject, raw: true, dynamic: true }, `
+        send(connection, { resolve, reject, raw: true, prepare: false }, `
           select b.oid, b.typarray
           from pg_catalog.pg_type a
           left join pg_catalog.pg_type b on b.oid = a.typelem
@@ -284,8 +284,9 @@ function Postgres(a, b) {
       return sql`select pg_notify(${ channel }, ${ '' + payload })`
     }
 
-    function unsafe(xs, args) {
-      return query({ raw: true, simple: !args, dynamic: true }, connection || getConnection(), xs, args || [])
+    function unsafe(xs, args, queryOptions) {
+      const prepare = queryOptions && queryOptions.prepare || false;
+      return query({ raw: true, simple: !args, prepare }, connection || getConnection(), xs, args || [])
     }
 
     function file(path, args, options = {}) {
@@ -414,7 +415,7 @@ function Postgres(a, b) {
     args.forEach(x => parseValue(x, xargs, types))
 
     return {
-      sig: !query.dynamic && types + str,
+      sig: query.prepare && types + str,
       str,
       args: xargs
     }
@@ -433,7 +434,7 @@ function Postgres(a, b) {
     }
 
     return {
-      sig: !query.dynamic && !xargs.dynamic && types + str,
+      sig: query.prepare && !xargs.dynamic && types + str,
       str: str.trim(),
       args: xargs
     }
@@ -559,7 +560,7 @@ function parseOptions(a, b) {
     ssl             : o.ssl || url.query.sslmode || url.query.ssl || false,
     idle_timeout    : o.idle_timeout || url.query.idle_timeout || env.PGIDLE_TIMEOUT || warn(o.timeout),
     connect_timeout : o.connect_timeout || url.query.connect_timeout || env.PGCONNECT_TIMEOUT || 30,
-    no_prepare      : o.no_prepare,
+    prepare         : 'prepare' in o ? o.prepare : 'no_prepare' in o ? !o.no_prepare : true,
     onnotice        : o.onnotice,
     onparameter     : o.onparameter,
     transform       : Object.assign({}, o.transform),

tests/index.js

@@ -1204,12 +1204,36 @@ t('Automatically creates prepared statements', async() => {
   return [result[0].statement, 'select * from pg_prepared_statements']
 })
 
-t('no_prepare: true disables prepared transactions', async() => {
+t('no_prepare: true disables prepared transactions (deprecated)', async() => {
   const sql = postgres({ ...options, no_prepare: true })
   const result = await sql`select * from pg_prepared_statements`
   return [0, result.count]
 })
 
+t('prepare: false disables prepared transactions', async() => {
+  const sql = postgres({ ...options, prepare: false })
+  const result = await sql`select * from pg_prepared_statements`
+  return [0, result.count]
+})
+
+t('prepare: true enables prepared transactions', async() => {
+  const sql = postgres({ ...options, prepare: true })
+  const result = await sql`select * from pg_prepared_statements`
+  return [result[0].statement, 'select * from pg_prepared_statements']
+})
+
+t('prepares unsafe query when "prepare" option is true', async() => {
+  const sql = postgres({ ...options, prepare: true })
+  const result = await sql.unsafe('select * from pg_prepared_statements where name <> $1', ["bla"], { prepare: true })
+  return [result[0].statement, 'select * from pg_prepared_statements where name <> $1']
+})
+
+t('does not prepare unsafe query by default', async() => {
+  const sql = postgres({ ...options, prepare: true });
+  const result = await sql.unsafe('select * from pg_prepared_statements where name <> $1', ["bla"])
+  return [0, result.count]
+})
+
 t('Catches connection config errors', async() => {
   const sql = postgres({ ...options, user: { toString: () => { throw new Error('wat') } }, database: 'prut' })
 

types/index.d.ts

@@ -34,8 +34,16 @@ interface BaseOptions<T extends JSToPostgresTypeMap> {
   connect_timeout: number;
   /** Array of custom types; see more below */
   types: PostgresTypeList<T>;
-  /** Disable prepared mode */
+  /**
+   * Disable prepared mode
+   * @deprecated use "prepare" option instead
+   */
   no_prepare: boolean;
+  /**
+   * Enables prepare mode.
+   * @default true
+   */
+  prepare: boolean;
   /** Defaults to console.log */
   onnotice: (notice: postgres.Notice) => void;
   /** (key; value) when server param change */
@@ -372,7 +380,7 @@ declare namespace postgres {
       ? (...args: Parameters<TTypes[name]>) => postgres.Parameter<ReturnType<TTypes[name]>>
       : (...args: any) => postgres.Parameter<any>;
     };
-    unsafe<T extends any[] = Row[]>(query: string, parameters?: SerializableParameter[]): PendingQuery<AsRowList<T>>;
+    unsafe<T extends any[] = Row[]>(query: string, parameters?: SerializableParameter[], queryOptions?: UnsafeQueryOptions): PendingQuery<AsRowList<T>>;
   }
 
   interface TransactionSql<TTypes extends JSToPostgresTypeMap> extends Sql<TTypes> {
@@ -382,4 +390,12 @@ declare namespace postgres {
 
 }
 
+interface UnsafeQueryOptions {
+  /**
+   * When executes query as prepared statement.
+   * @default false
+   */
+  prepare?: boolean;
+}
+
 export = postgres;