Add protocol for migration service
This commit is contained in:
@@ -3,51 +3,122 @@ import DataLiteCore
|
||||
|
||||
/// A protocol for supplying encryption keys to `DatabaseService` instances.
|
||||
///
|
||||
/// `DatabaseServiceKeyProvider` allows database services to delegate the responsibility of
|
||||
/// retrieving, managing, and applying encryption keys. This enables separation of concerns
|
||||
/// and allows for advanced strategies such as per-user key derivation, secure hardware-backed
|
||||
/// storage, or biometric access control.
|
||||
/// `DatabaseServiceKeyProvider` encapsulates all responsibilities for managing encryption keys
|
||||
/// for one or more `DatabaseService` instances. It allows a database service to delegate key
|
||||
/// retrieval, secure storage, rotation, and access control, enabling advanced security strategies
|
||||
/// such as per-user key derivation, hardware-backed keys, biometric authentication, or ephemeral
|
||||
/// in-memory secrets.
|
||||
///
|
||||
/// When assigned to a `DatabaseService`, the provider is queried automatically whenever a
|
||||
/// connection is created or re-established (e.g., during service initialization or reconnect).
|
||||
/// The provider is queried automatically by the database service whenever a new connection
|
||||
/// is created or re-established (for example, during service initialization, after a reconnect,
|
||||
/// or when the service requests a key rotation).
|
||||
///
|
||||
/// You can also implement error handling or diagnostics via the optional
|
||||
/// ``databaseService(_:didReceive:)`` method.
|
||||
/// Error handling and diagnostics related specifically to encryption or key operations
|
||||
/// (such as when a key is unavailable, authentication is denied, or decryption fails)
|
||||
/// are reported to the provider via the optional ``databaseService(_:didReceive:)`` callback.
|
||||
/// The provider is **not** notified of generic database or connection errors unrelated to
|
||||
/// encryption.
|
||||
///
|
||||
/// - Tip: You may throw from ``databaseServiceKey(_:)`` to indicate that the key is temporarily
|
||||
/// unavailable or access is denied.
|
||||
/// - Important: This protocol is **exclusively** for cryptographic key management.
|
||||
/// It must not be used for generic database error handling or for concerns unrelated to
|
||||
/// encryption, authorization, or key lifecycle.
|
||||
///
|
||||
/// ## Key Availability
|
||||
///
|
||||
/// There are two distinct scenarios for returning a key:
|
||||
///
|
||||
/// - **No Encryption Needed:**
|
||||
/// Return `nil` if the target database does not require encryption (i.e., should be opened
|
||||
/// in plaintext mode). This is not an error; the database service will attempt to open the
|
||||
/// database without a key. If the database is in fact encrypted, this will result in a
|
||||
/// decryption error at the SQLite level (e.g., `SQLITE_NOTADB`), which is handled by the
|
||||
/// database service as a normal failure.
|
||||
///
|
||||
/// - **Key Temporarily Unavailable:**
|
||||
/// Also return `nil` if the key is *temporarily* unavailable for any reason (for example,
|
||||
/// the user has not yet authenticated, the device is locked, a remote key is still loading,
|
||||
/// or UI authorization has not been granted).
|
||||
/// Returning `nil` in this case means the database service will not attempt to open
|
||||
/// the database with a key. This will not trigger an error callback.
|
||||
/// When the key later becomes available (for example, after user authentication or
|
||||
/// successful network retrieval), **the provider is responsible for calling**
|
||||
/// ``DatabaseService/reconnect()`` on the service to re-attempt the operation with the key.
|
||||
///
|
||||
/// - **Error Situations:**
|
||||
/// Only throw an error if a *permanent* or *unexpected* failure occurs (for example,
|
||||
/// a hardware security error, a fatal storage problem, or a cryptographic failure
|
||||
/// that cannot be resolved by waiting or user action).
|
||||
/// Thrown errors will be reported to the provider via the error callback, and may be
|
||||
/// surfaced to the UI or logs.
|
||||
///
|
||||
/// - Tip: Never throw for temporary unavailability (such as "user has not unlocked" or
|
||||
/// "still waiting for user action")—just return `nil` in these cases.
|
||||
/// Use thrown errors only for non-recoverable or unexpected failures.
|
||||
///
|
||||
/// ## Error Callback
|
||||
///
|
||||
/// The method ``databaseService(_:didReceive:)`` will be called only for errors thrown by
|
||||
/// ``databaseServiceKey(_:)`` or by the key application process (such as if the key fails
|
||||
/// to decrypt the database).
|
||||
/// It will *not* be called for generic database or connection errors.
|
||||
///
|
||||
/// Implement this method if you wish to log, recover from, or respond to permanent key-related
|
||||
/// failures (such as prompting the user, resetting state, or displaying errors).
|
||||
public protocol DatabaseServiceKeyProvider: AnyObject {
|
||||
/// Returns the encryption key to be applied to the given database service.
|
||||
///
|
||||
/// This method is invoked by the `DatabaseService` during initialization or reconnection
|
||||
/// to retrieve the encryption key that should be applied to the new connection.
|
||||
///
|
||||
/// Implementations may return a static key, derive it from metadata, or load it from
|
||||
/// secure storage. If the key is unavailable (e.g., user not authenticated, system locked),
|
||||
/// this method may throw to indicate failure.
|
||||
/// This method is invoked by the `DatabaseService` during connection initialization,
|
||||
/// reconnection, or explicit key rotation. Implementations may return a static key,
|
||||
/// derive it from external data, fetch it from secure hardware, or perform required
|
||||
/// user authentication.
|
||||
///
|
||||
/// - Parameter service: The requesting database service.
|
||||
/// - Returns: A `Connection.Key` representing the encryption key.
|
||||
/// - Throws: Any error indicating that the key cannot be retrieved.
|
||||
func databaseServiceKey(_ service: DatabaseService) throws -> Connection.Key
|
||||
|
||||
/// Notifies the provider that the database service encountered an error while applying a key.
|
||||
/// - Returns: A `Connection.Key` representing the encryption key, or `nil` if encryption is
|
||||
/// not required for this database or the key is temporarily unavailable. Returning `nil`
|
||||
/// will cause the database service to attempt opening the database in plaintext mode.
|
||||
/// If the database is actually encrypted, access will fail with a decryption error.
|
||||
/// - Throws: Only throw for unrecoverable or unexpected errors (such as hardware failure,
|
||||
/// fatal storage issues, or irrecoverable cryptographic errors). Do **not** throw for
|
||||
/// temporary unavailability; instead, return `nil` and call ``DatabaseService/reconnect()``
|
||||
/// later when the key becomes available.
|
||||
///
|
||||
/// This method is called when the service fails to retrieve or apply the encryption key.
|
||||
/// You can use it to report diagnostics, attempt recovery, or update internal state.
|
||||
/// - Note: This method may be called multiple times during the lifecycle of a service,
|
||||
/// including after a failed decryption attempt or key rotation event.
|
||||
func databaseServiceKey(_ service: DatabaseService) throws -> Connection.Key?
|
||||
|
||||
/// Notifies the provider that the database service encountered an error
|
||||
/// related to key retrieval or application.
|
||||
///
|
||||
/// The default implementation is a no-op.
|
||||
/// This method is called **only** when the service fails to retrieve or apply an
|
||||
/// encryption key (e.g., if ``databaseServiceKey(_:)`` throws, or if the key fails
|
||||
/// to decrypt the database due to a password/key mismatch).
|
||||
///
|
||||
/// Use this callback to report diagnostics, trigger recovery logic, prompt the user
|
||||
/// for authentication, or update internal state.
|
||||
/// By default, this method does nothing; implement it only if you need to respond
|
||||
/// to key-related failures.
|
||||
///
|
||||
/// - Parameters:
|
||||
/// - service: The database service reporting the error.
|
||||
/// - error: The error encountered during key retrieval or application.
|
||||
func databaseService(_ service: DatabaseService, didReceive error: Error)
|
||||
|
||||
/// Informs the service whether it should attempt to reconnect automatically.
|
||||
///
|
||||
/// Return `true` if the service should retry connecting (for example, if the key may
|
||||
/// become available shortly). By default, returns `false`.
|
||||
///
|
||||
/// - Parameter service: The database service.
|
||||
/// - Returns: `true` to retry, `false` to abort.
|
||||
func databaseServiceShouldReconnect(_ service: DatabaseService) -> Bool
|
||||
}
|
||||
|
||||
public extension DatabaseServiceKeyProvider {
|
||||
/// Default no-op implementation of error handling callback.
|
||||
///
|
||||
/// This allows conforming types to ignore the error reporting mechanism
|
||||
/// if they do not need to respond to key failures.
|
||||
/// Default no-op implementation for key-related error reporting.
|
||||
func databaseService(_ service: DatabaseService, didReceive error: Error) {}
|
||||
|
||||
/// Default implementation disables automatic reconnect attempts.
|
||||
func databaseServiceShouldReconnect(_ service: DatabaseService) -> Bool {
|
||||
false
|
||||
}
|
||||
}
|
||||
|
||||
@@ -3,51 +3,84 @@ import DataLiteCore
|
||||
|
||||
/// A protocol that defines a common interface for working with a database connection.
|
||||
///
|
||||
/// Conforming types provide methods for executing closures with a live `Connection`, optionally
|
||||
/// wrapped in transactions. These closures are guaranteed to execute in a thread-safe and
|
||||
/// serialized manner. Implementations may also support reconnecting and managing encryption keys.
|
||||
/// `DatabaseServiceProtocol` abstracts the core operations required to safely interact with a
|
||||
/// SQLite-compatible database. Conforming types provide thread-safe execution of closures with a live
|
||||
/// `Connection`, optional transaction support, reconnection logic, and pluggable encryption key
|
||||
/// management via a ``DatabaseServiceKeyProvider``.
|
||||
///
|
||||
/// This protocol forms the foundation for safe, modular service layers on top of a database.
|
||||
///
|
||||
/// ## Topics
|
||||
///
|
||||
/// ### Key Management
|
||||
///
|
||||
/// - ``DatabaseServiceKeyProvider``
|
||||
/// - ``keyProvider``
|
||||
///
|
||||
/// ### Connection Management
|
||||
///
|
||||
/// - ``reconnect()``
|
||||
///
|
||||
/// ### Database Operations
|
||||
///
|
||||
/// - ``Perform``
|
||||
/// - ``perform(_:)``
|
||||
/// - ``perform(in:closure:)``
|
||||
public protocol DatabaseServiceProtocol: AnyObject {
|
||||
/// A closure that performs a database operation using an active connection.
|
||||
///
|
||||
/// The `Perform<T>` alias defines the signature for a database operation block
|
||||
/// that receives a live `Connection` and either returns a result or throws an error.
|
||||
/// It is commonly used to express atomic units of work in ``perform(_:)`` or
|
||||
/// ``perform(in:closure:)`` calls.
|
||||
/// The `Perform<T>` type alias defines a closure signature for a database operation that
|
||||
/// receives a live `Connection` and returns a value or throws an error. This enables
|
||||
/// callers to express discrete, atomic database operations for execution via
|
||||
/// ``perform(_:)`` or ``perform(in:closure:)``.
|
||||
///
|
||||
/// - Parameter T: The result type returned by the closure.
|
||||
/// - Returns: A value of type `T` produced by the closure.
|
||||
/// - Throws: Any error that occurs during execution of the database operation.
|
||||
/// - Parameter connection: The active database connection.
|
||||
/// - Returns: The result of the operation.
|
||||
/// - Throws: Any error thrown during execution of the operation.
|
||||
typealias Perform<T> = (Connection) throws -> T
|
||||
|
||||
/// The object responsible for providing encryption keys for the database connection.
|
||||
///
|
||||
/// When assigned, the key provider will be queried for a new key and applied to the current
|
||||
/// connection, if available.
|
||||
/// When assigned, the key provider will be queried for a key and applied to the current
|
||||
/// connection, if available. If key retrieval or application fails, the error is reported
|
||||
/// via `databaseService(_:didReceive:)` and not thrown from the setter.
|
||||
///
|
||||
/// - Important: Setting this property does not guarantee that the connection becomes available;
|
||||
/// error handling is asynchronous via callback.
|
||||
var keyProvider: DatabaseServiceKeyProvider? { get set }
|
||||
|
||||
/// Re-establishes the database connection using the stored provider.
|
||||
///
|
||||
/// If a `keyProvider` is set, the returned connection will attempt to apply a new key.
|
||||
/// If a `keyProvider` is set, the method attempts to retrieve and apply a key
|
||||
/// to the new connection. All errors encountered during connection creation or
|
||||
/// key application are thrown. If an error occurs that is related to encryption key
|
||||
/// retrieval or application, it is also reported to the `DatabaseServiceKeyProvider`
|
||||
/// via its `databaseService(_:didReceive:)` callback.
|
||||
///
|
||||
/// - Throws: Any error that occurs during connection creation or key application.
|
||||
func reconnect() throws
|
||||
|
||||
/// Executes the given closure with a live connection.
|
||||
/// Executes the given closure with a live connection in a thread-safe manner.
|
||||
///
|
||||
/// - Parameter closure: The operation to execute.
|
||||
/// All invocations are serialized to prevent concurrent database access.
|
||||
///
|
||||
/// - Parameter closure: The database operation to perform.
|
||||
/// - Returns: The result produced by the closure.
|
||||
/// - Throws: Any error thrown during execution.
|
||||
/// - Throws: Any error thrown by the closure.
|
||||
func perform<T>(_ closure: Perform<T>) rethrows -> T
|
||||
|
||||
/// Executes the given closure within a transaction.
|
||||
///
|
||||
/// If no transaction is active, a new one is started and committed or rolled back as needed.
|
||||
/// If no transaction is active, a new transaction of the specified type is started. The closure
|
||||
/// is executed atomically: if it succeeds, the transaction is committed; if it throws, the
|
||||
/// transaction is rolled back. If a transaction is already active, the closure is executed
|
||||
/// without starting a new one.
|
||||
///
|
||||
/// - Parameters:
|
||||
/// - transaction: The transaction type to begin.
|
||||
/// - closure: The operation to execute within the transaction.
|
||||
/// - transaction: The type of transaction to begin (e.g., `deferred`, `immediate`, `exclusive`).
|
||||
/// - closure: The database operation to perform within the transaction.
|
||||
/// - Returns: The result produced by the closure.
|
||||
/// - Throws: Any error thrown by the closure or transaction.
|
||||
/// - Throws: Any error thrown by the closure or transaction control statements.
|
||||
func perform<T>(
|
||||
in transaction: TransactionType,
|
||||
closure: Perform<T>
|
||||
|
||||
43
Sources/DataRaft/Protocols/MigrationServiceProtocol.swift
Normal file
43
Sources/DataRaft/Protocols/MigrationServiceProtocol.swift
Normal file
@@ -0,0 +1,43 @@
|
||||
import Foundation
|
||||
|
||||
/// Protocol for managing and running database schema migrations.
|
||||
public protocol MigrationServiceProtocol: AnyObject {
|
||||
/// Type representing the schema version for migrations.
|
||||
associatedtype Version: VersionRepresentable
|
||||
|
||||
/// Provider of encryption keys for the database service.
|
||||
var keyProvider: DatabaseServiceKeyProvider? { get set }
|
||||
|
||||
/// Adds a migration to be executed by the service.
|
||||
///
|
||||
/// - Parameter migration: The migration to register.
|
||||
/// - Throws: ``MigrationError/duplicateMigration(_:)`` if a migration with
|
||||
/// the same version or script URL is already registered.
|
||||
func add(_ migration: Migration<Version>) throws(MigrationError<Version>)
|
||||
|
||||
/// Runs all pending migrations in ascending version order.
|
||||
///
|
||||
/// - Throws: ``MigrationError/emptyMigrationScript(_:)`` if a migration
|
||||
/// script is empty.
|
||||
/// - Throws: ``MigrationError/migrationFailed(_:_:)`` if a script execution
|
||||
/// or version update fails.
|
||||
func migrate() throws(MigrationError<Version>)
|
||||
}
|
||||
|
||||
@available(iOS 13.0, *)
|
||||
@available(macOS 10.15, *)
|
||||
public extension MigrationServiceProtocol where Self: Sendable {
|
||||
/// Asynchronously runs all pending migrations in ascending order.
|
||||
///
|
||||
/// Performs the same logic as ``migrate()``, but runs asynchronously.
|
||||
///
|
||||
/// - Throws: ``MigrationError/emptyMigrationScript(_:)`` if a migration
|
||||
/// script is empty.
|
||||
/// - Throws: ``MigrationError/migrationFailed(_:_:)`` if a script execution
|
||||
/// or version update fails.
|
||||
func migrate() async throws {
|
||||
try await Task(priority: .utility) {
|
||||
try self.migrate()
|
||||
}.value
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user