fix: resolve pgpass password app-side with original host

[datlechin]

Summary

Fixes #356

• Resolve .pgpass passwords app-side using PgpassReader instead of delegating to libpq's native pgpass handling, which may resolve hostnames to IPs before matching
• Preserve the original host in additionalFields before SSH tunnel rewrites it to 127.0.0.1, so pgpass lookup uses the real server hostname

Test plan

• Direct connection with hostname in .pgpass — should match and connect
• SSH tunnel connection with hostname in .pgpass — should match using original host, not 127.0.0.1
• Wildcard .pgpass entries (*) — should still match
• No matching .pgpass entry — should fail with auth error
• Pgpass disabled (toggle off) — password from Keychain, no regression

Summary by CodeRabbit

• New Features
  • Added pgpass file support for password resolution using connection parameters.
  • Improved credential lookup to honor the original host and port (defaults host to "localhost" when empty).
  • Ensures resolved credentials are applied when found and gracefully falls back to an empty password otherwise.
  • Preserves connection metadata when pgpass-based resolution is enabled.

[coderabbitai]

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 05382de5-a941-4f59-acfe-f45be6dc46d1

📥 Commits

Reviewing files that changed from the base of the PR and between fc73dff and 7861baf.

📒 Files selected for processing (2)

• TablePro/Core/Database/DatabaseDriver.swift
• TablePro/Core/Database/DatabaseManager.swift

---

📝 Walkthrough

Walkthrough

ResolvePassword now uses pgpassOriginalHost (falling back to host and "localhost") and pgpassOriginalPort (falling back to connection.port) to call PgpassReader.resolve, returning the found password or an empty string. DatabaseManager injects pgpassOriginalHost/pgpassOriginalPort into additionalFields when usePgpass is true.

Changes

Cohort / File(s)	Summary
Pgpass Host & Port Resolution TablePro/Core/Database/DatabaseDriver.swift	Updated resolvePassword(for:) to derive a host from pgpassOriginalHost → host → "localhost", and a port from pgpassOriginalPort → connection.port, then call PgpassReader.resolve(host, port, database, username) and return the resolved password (or empty string).
Pgpass Metadata Propagation TablePro/Core/Database/DatabaseManager.swift	Create effectiveFields from connection.additionalFields and inject pgpassOriginalHost (and pgpassOriginalPort) when usePgpass is enabled; return a DatabaseConnection with effectiveFields as additionalFields.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

🐇 I hopped through hosts both near and far,

I kept the original name, not the IP's scar.
Ports and fields I tuck in tight,
So pgpass finds the key tonight.
Cheers to smooth resolves — nibble the byte!

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 50.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: implementing app-side pgpass password resolution using the original host to fix hostname matching issues.
Linked Issues check	✅ Passed	The changes directly address issue #356 by preserving the original host in additionalFields and using PgpassReader to resolve credentials app-side instead of relying on libpq's native handling.
Out of Scope Changes check	✅ Passed	All code changes are directly scoped to fixing pgpass host matching: password resolution logic in DatabaseDriver.swift and host preservation in DatabaseManager.swift, with no unrelated modifications.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/pgpass-host-matching

📝 Coding Plan

• Generate coding plan for human review comments

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}