Wrapping connections, e.g. for Row Level Security?

[benjie]

Hey, great project! One of the recent awesome features Postgres has added in 9.5 is Row Level Security (RLS); I really want to use that in combination with the simple update/insert/etc features in massive (as well as the file query features). However, for this to be really useful you really need to be able to insert some per-query authentication into the database after massive has booted up (we don't want to do all those table and file scans again!); e.g. we want to wrap every "pg.connect" with something like:

begin;
set local role users;
set local claims.user_id to 7;

-- Do the intended query here

commit;

I was hoping to come up with a proof of concept to demostrate RLS working with massive; but alas due to how Entities work (keeping a reference via this.db = args.db) I couldn't do it the way I was planning. Nonetheless I've shared my work in progress to help you see what I'm getting at here:

https://github.com/benjie/massive-js/commit/336977b6dd9282369f49103904989999636f9f59

I've tried to implement it in a generic way such that the wrapping function isn't tied specifically to RLS, but could be used for other features too - anything that needs to change on a per-user/per-request/per-query basis but doesn't want to incur massive's startup cost. Intention is to do something like:

const superuserDb = massive.connectSync(URL);

const app = express();

app.use((req, res, next) => {
  req.db = superuserDb.withConnectionWrapper(connectionWrapperForUserId(req.session.user_id));
  next();
});

app.use((req, res, next) => {
  req.db.posts.find(7, ...);
});

What are your thoughts on implementing something like this?