How to have both RLS via JWT and interactive transactions?
I'm working on a codebase where the db connection is using @neon/serverless and Pool, which makes interactive transactions with rollbacks possible. Recently we've started looking into having RLS as well. Following the guide for Neon Authorize, it seems we need to use @neon/http as a driver and pass the JWT token as an
authToken while initializing the database. But then we'll get No transactions support in neon-http driver.
So I am just a little confused on whether we can have both RLS and interactive transactions. One thing I've tried is just passing the JWT token as a local session variable inside each transactions, which allowed the RLS policies to work while keeping our existing interactive transaction. But I am wondering if there's a better way to do it than that
TIA5 Replies
rising-crimson•2mo ago
Hey @Myan, are you using an ORM or @neon/serverless directly?
absent-sapphireOP•2mo ago
I am using Drizzle
rising-crimson•2mo ago
Good question.
Pool doesn't seem to have an authToken property like the neon driver (HTTP) (code).
Could you create an issue for that here? GitHub: https://github.com/neondatabase/serverless
This may be a limitation of the websocket transport. It's not trivial to pass secrets via ws. I assume via HTTP we just pass it as a header, so not sure if possible.GitHub
GitHub - neondatabase/serverless: Connect to Neon PostgreSQL from s...
Connect to Neon PostgreSQL from serverless/worker/edge functions - neondatabase/serverless
rising-crimson•2mo ago
Doesn't look like node-postgres Pool supports this either: https://github.com/brianc/node-postgres/tree/master
GitHub
GitHub - brianc/node-postgres: PostgreSQL client for node.js.
PostgreSQL client for node.js. Contribute to brianc/node-postgres development by creating an account on GitHub.
absent-sapphireOP•2mo ago
Thank you! And yes I'll make an issue on GitHub soon