BetterFrame/server/src/shared/tenant.ts

/**
 * Multi-tenant schema-per-tenant model.
 *
 * PostgreSQL database layout:
 *   public schema:
 *     tenants       — registry of all tenants
 *     global_admins — platform-level admins who can provision tenants
 *
 *   tenant_<uuid> schema (one per tenant):
 *     full BetterFrame table set (users, cameras, kiosks, layouts, etc.)
 *
 * Request flow:
 *   1. Session / API key / kiosk key → resolve tenant_id
 *   2. SET search_path = tenant_<id>, public
 *   3. All queries run against tenant's schema
 *   4. Connection returned to pool with search_path reset
 *
 * Default tenant uses the public schema directly (slug = "default").
 */

export const DEFAULT_TENANT_ID = "default";

export interface Tenant {
  id: string; // UUID
  name: string;
  slug: string; // URL-safe, unique
  schema_name: string; // "tenant_<uuid>" — Postgres schema
  is_active: boolean;
  max_kiosks: number | null; // null = unlimited
  max_cameras: number | null;
  max_users: number | null;
  created_at: string;
}

/**
 * Derive the Postgres schema name from a tenant ID.
 * Sanitized to prevent SQL injection — only alphanumeric + underscore.
 */
export function tenantSchemaName(tenantId: string): string {
  const safe = tenantId.replace(/[^a-zA-Z0-9_-]/g, "").slice(0, 63);
  return `tenant_${safe}`;
}

/**
 * SQL to set the search path for a tenant's schema.
 * Always includes `public` so shared tables (like a future
 * tenant registry) are accessible.
 */
export function setTenantSearchPath(tenantId: string): string {
  const schema = tenantSchemaName(tenantId);
  return `SET search_path = "${schema}", public`;
}
feat(multi-tenant): schema-per-tenant model + PostgreSQL migration DDL Prep for multi-tenant PostgreSQL: shared/tenant.ts: tenant model, schema name derivation, search_path SQL helper. Schema-per-tenant: each tenant gets tenant_<uuid> schema, public schema holds tenant registry + global admins. migrations-pg.ts: two migration sets: - PUBLIC_MIGRATIONS: tenants + global_admins + schema_migrations tables - TENANT_MIGRATIONS: full BetterFrame table set in PG-native types (SERIAL, TIMESTAMPTZ, JSONB, native BOOLEAN). Mirrors SQLite schema 1:1 but with PG conventions. DbAdapter + SqliteAdapter + PgAdapter already existed. Next steps: 1. Repository async conversion (155 sync calls → await adapter.*) 2. Tenant provisioning endpoint (create schema + run migrations) 3. Request middleware: session → tenant_id → SET search_path 4. Global admin UI for tenant management 2026-05-22 23:15:49 +00:00			`/**`
			`* Multi-tenant schema-per-tenant model.`
			`*`
			`* PostgreSQL database layout:`
			`* public schema:`
			`* tenants — registry of all tenants`
			`* global_admins — platform-level admins who can provision tenants`
			`*`
			`* tenant_<uuid> schema (one per tenant):`
			`* full BetterFrame table set (users, cameras, kiosks, layouts, etc.)`
			`*`
			`* Request flow:`
			`* 1. Session / API key / kiosk key → resolve tenant_id`
			`* 2. SET search_path = tenant_<id>, public`
			`* 3. All queries run against tenant's schema`
			`* 4. Connection returned to pool with search_path reset`
			`*`
refactor: decommission SQLite + add UUIDv7 PK migration for existing PG - Delete sqlite-adapter.ts and migrations.ts (SQLite path removed) - Remove driver/sqlitePath from all config schemas + sec-config template - init.ts now PG-only, no SQLite branch - db-adapter.ts dialect narrowed to "postgres" only - Add in-place UUIDv7 migration: detects INTEGER PKs in existing PG databases, drops FK constraints, ALTER COLUMN TYPE to TEXT for all 15 entity tables + their FK columns, re-adds FK constraints. Idempotent (skips if already TEXT). Existing integer IDs become string "1", "2" etc — new inserts use proper UUIDv7 from repository.ts. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-05-26 11:22:29 +00:00			`* Default tenant uses the public schema directly (slug = "default").`
feat(multi-tenant): schema-per-tenant model + PostgreSQL migration DDL Prep for multi-tenant PostgreSQL: shared/tenant.ts: tenant model, schema name derivation, search_path SQL helper. Schema-per-tenant: each tenant gets tenant_<uuid> schema, public schema holds tenant registry + global admins. migrations-pg.ts: two migration sets: - PUBLIC_MIGRATIONS: tenants + global_admins + schema_migrations tables - TENANT_MIGRATIONS: full BetterFrame table set in PG-native types (SERIAL, TIMESTAMPTZ, JSONB, native BOOLEAN). Mirrors SQLite schema 1:1 but with PG conventions. DbAdapter + SqliteAdapter + PgAdapter already existed. Next steps: 1. Repository async conversion (155 sync calls → await adapter.*) 2. Tenant provisioning endpoint (create schema + run migrations) 3. Request middleware: session → tenant_id → SET search_path 4. Global admin UI for tenant management 2026-05-22 23:15:49 +00:00			`*/`

			`export const DEFAULT_TENANT_ID = "default";`

			`export interface Tenant {`
			`id: string; // UUID`
			`name: string;`
			`slug: string; // URL-safe, unique`
			`schema_name: string; // "tenant_<uuid>" — Postgres schema`
			`is_active: boolean;`
			`max_kiosks: number \| null; // null = unlimited`
			`max_cameras: number \| null;`
			`max_users: number \| null;`
			`created_at: string;`
			`}`

			`/**`
			`* Derive the Postgres schema name from a tenant ID.`
			`* Sanitized to prevent SQL injection — only alphanumeric + underscore.`
			`*/`
			`export function tenantSchemaName(tenantId: string): string {`
			`const safe = tenantId.replace(/[^a-zA-Z0-9_-]/g, "").slice(0, 63);`
			return `tenant_${safe}`;
			`}`

			`/**`
			`* SQL to set the search path for a tenant's schema.`
			* Always includes `public` so shared tables (like a future
			`* tenant registry) are accessible.`
			`*/`
			`export function setTenantSearchPath(tenantId: string): string {`
			`const schema = tenantSchemaName(tenantId);`
			return `SET search_path = "${schema}", public`;
			`}`