feat: support nested sql templates

Author: jedwards1211

README.md

@@ -11,19 +11,19 @@ names, attribute names, and puts other expressions into bind parameters
 Using the table and attribute names from your Sequelize `Model`s is much more
 refactor-proof in raw queries than embedding raw identifiers.
 
-## Installation
+# Installation
 
 ```sh
 npm install --save @jcoreio/sequelize-sql-tag
 ```
 
-## Compatibility
+# Compatibility
 
 Requires `sequelize@^4.0.0`.  Once v5 is released I'll check if it's still
 compatible.  Not making any effort to support versions < 4, but you're welcome
 to make a PR.
 
-## Examples
+# Examples
 
 ```js
 const Sequelize = require('sequelize')
@@ -41,7 +41,7 @@ const lock = true
 sequelize.query(...sql`SELECT ${User.attributes.name} FROM ${User}
 WHERE ${User.attributes.birthday} = ${new Date('2346-7-11')} AND
   ${User.attributes.active} = ${true}
-  ${Sequelize.literal(lock ? 'FOR UPDATE' : '')}`).then(console.log);
+  ${lock ? sql`FOR UPDATE` : sql``}then(console.log);
 // => [ [ { name: 'Jimbob' } ], Statement { sql: 'SELECT "name" FROM "Users" WHERE "birthday" = $1 AND "active" = $2 FOR UPDATE' } ]
 ```
 
@@ -82,20 +82,56 @@ async function getUsersInOrganization(organizationId, where = {}) {
 }
 ```
 
-## API
+# API
 
-### `` sql`query` ``
+## `` sql`query` ``
 
 Creates arguments for `sequelize.query`.
 
-#### Returns (`[string, {bind: Array<string>}]`)
+### Expressions you can embed in the template
+
+#### Sequelize `Model` class
+Will be interpolated to the model's `tableName`.
+
+#### Model attribute (e.g. `User.attributes.id`)
+Will be interpolated to the column name for the attribute
+
+#### `` sql`nested` ``
+Good for conditionally including a SQL clause (see examples above)
+
+#### `Sequelize.literal(...)`
+Text will be included as-is
+
+#### All other values
+Will be added to bind parameters.
+
+### Returns (`[string, {bind: Array<string>}]`)
 
 The `sql, options` arguments to pass to `sequelize.query`.
 
-### `` sql.escape`query` ``
+## `` sql.escape`query` ``
 
 Creates a raw SQL string with all expressions in the template escaped.
 
-#### Returns (`string`)
+### Expressions you can embed in the template
+
+#### Sequelize `Model` class
+Will be interpolated to the model's `tableName`.
+
+#### Model attribute (e.g. `User.attributes.id`)
+Will be interpolated to the column name for the attribute
+
+#### `` sql`nested` ``
+Good for conditionally including a SQL clause (see examples above)
+
+#### `Sequelize.literal(...)`
+Text will be included as-is
+
+#### All other values
+Will be escaped with `QueryGenerator.escape(...)`.  If none of the expressions
+is a Sequelize `Model` class or attribute (or nested `` sql`query` `` containing
+such) then an error will be thrown.
+
+### Returns (`string`)
 
 The raw SQL.

package.json

@@ -79,7 +79,6 @@
     "babel-preset-flow": "^6.23.0",
     "babel-preset-stage-1": "^6.24.1",
     "babel-register": "^6.23.0",
-    "babel-runtime": "^6.23.0",
     "chai": "^4.1.2",
     "codecov": "^3.0.0",
     "copy": "^0.3.0",
@@ -101,5 +100,8 @@
   },
   "peerDependencies": {
     "sequelize": "^4.0.0"
+  },
+  "dependencies": {
+    "babel-runtime": "^6.23.0"
   }
 }

src/index.js

@@ -1,57 +1,95 @@
 // @flow
 
-import Sequelize, {Model} from 'sequelize'
+import Sequelize, {Model, type QueryGenerator} from 'sequelize'
 
 const Literal = Object.getPrototypeOf(Sequelize.literal('foo')).constructor
+const sqlOutput = Symbol('sqlOutput')
+const queryGeneratorSymbol = Symbol('queryGenerator')
 
 function sql(
   strings: $ReadOnlyArray<string>,
   ...expressions: $ReadOnlyArray<mixed>
 ): [string, {bind: Array<any>}] {
   const parts: Array<string> = []
   const bind: Array<any> = []
+  let queryGenerator
   for (let i = 0, length = expressions.length; i < length; i++) {
     parts.push(strings[i])
     const expression = expressions[i]
     if (expression instanceof Literal) {
       parts.push(expression.val)
+    } else if (expression instanceof Object && expression[sqlOutput]) {
+      const [query, options] = expression
+      parts.push(query.replace(/(\$+)(\d+)/g, (match: string, dollars: string, index: string) =>
+        dollars.length % 2 === 0
+          ? match
+          : `${dollars}${parseInt(index) + bind.length}`
+      ))
+      bind.push(...options.bind)
     } else if (expression && expression.prototype instanceof Model) {
       const {QueryGenerator, tableName} = (expression: any)
+      queryGenerator = QueryGenerator
       parts.push(QueryGenerator.quoteTable(tableName))
     } else if (expression && expression.type instanceof Sequelize.ABSTRACT) {
       const {field, Model: {QueryGenerator}} = (expression: any)
+      queryGenerator = QueryGenerator
       parts.push(QueryGenerator.quoteIdentifier(field))
     } else {
       bind.push(expression)
       parts.push(`$${bind.length}`)
     }
   }
   parts.push(strings[expressions.length])
-  return [parts.join('').trim().replace(/\s+/g, ' '), {bind}]
+  const result = [parts.join('').trim().replace(/\s+/g, ' '), {bind}];
+  (result: any)[sqlOutput] = true
+  if (queryGenerator) (result: any)[queryGeneratorSymbol] = queryGenerator
+  return result
+}
+
+function findQueryGenerator(expressions: $ReadOnlyArray<mixed>): QueryGenerator {
+  for (let i = 0, {length} = expressions; i < length; i++) {
+    const expression = expressions[i]
+    if (expression instanceof Object && expression[queryGeneratorSymbol]) {
+      return expression[queryGeneratorSymbol]
+    } else if (expression && expression.prototype instanceof Model) {
+      return (expression: any).QueryGenerator
+    } else if (expression && expression.type instanceof Sequelize.ABSTRACT) {
+      return (expression: any).Model.QueryGenerator
+    }
+  }
+  throw new Error(`at least one of the expressions must be a sequelize Model or attribute`)
 }
 
 sql.escape = function escapeSql(
   strings: $ReadOnlyArray<string>,
   ...expressions: $ReadOnlyArray<mixed>
 ): string {
   const parts: Array<string> = []
-  let queryGenerator
-  for (let i = 0, length = expressions.length; i < length; i++) {
+  let queryGenerator: ?QueryGenerator
+  function getQueryGenerator(): QueryGenerator {
+    return queryGenerator || (queryGenerator = findQueryGenerator(expressions))
+  }
+
+  for (let i = 0, {length} = expressions; i < length; i++) {
     parts.push(strings[i])
     const expression = expressions[i]
     if (expression instanceof Literal) {
       parts.push(expression.val)
+    } else if (expression instanceof Object && expression[sqlOutput]) {
+      const [query, options] = expression
+      parts.push(query.replace(/(\$+)(\d+)/g, (match: string, dollars: string, index: string) =>
+        dollars.length % 2 === 0
+          ? match
+          : getQueryGenerator().escape(options.bind[parseInt(index) - 1])
+      ))
     } else if (expression && expression.prototype instanceof Model) {
-      const {QueryGenerator, tableName} = (expression: any)
-      queryGenerator = QueryGenerator
-      parts.push(QueryGenerator.quoteTable(tableName))
+      const {tableName} = (expression: any)
+      parts.push(getQueryGenerator().quoteTable(tableName))
     } else if (expression && expression.type instanceof Sequelize.ABSTRACT) {
-      const {field, Model: {QueryGenerator}} = (expression: any)
-      queryGenerator = QueryGenerator
-      parts.push(QueryGenerator.quoteIdentifier(field))
+      const {field} = (expression: any)
+      parts.push(getQueryGenerator().quoteIdentifier(field))
     } else {
-      if (!queryGenerator) throw new Error(`at least one of the expressions must be a sequelize Model or attribute`)
-      parts.push(queryGenerator.escape(expression))
+      parts.push(getQueryGenerator().escape(expression))
     }
   }
   parts.push(strings[expressions.length])

test/index.js

@@ -18,8 +18,14 @@ describe(`sql`, function () {
     expect(sql`
 SELECT ${User.attributes.name} ${Sequelize.literal('FROM')} ${User}
 WHERE ${User.attributes.birthday} = ${new Date('2346-7-11')} AND
+  ${sql`${User.attributes.name} LIKE ${'a%'} AND`}${sql``}
   ${User.attributes.id} = ${1}
-    `).to.deep.equal([`SELECT "name" FROM "Users" WHERE "birthday" = $1 AND "id" = $2`, {bind: [new Date('2346-7-11'), 1]}])
+    `).to.deep.equal([`SELECT "name" FROM "Users" WHERE "birthday" = $1 AND "name" LIKE $2 AND "id" = $3`, {
+      bind: [new Date('2346-7-11'), 'a%', 1]
+    }])
+  })
+  it(`handles escaped $ in nested templates properly`, function () {
+    expect(sql`SELECT ${sql`'$$1'`}`).to.deep.equal([`SELECT '$$1'`, {bind: []}])
   })
 })
 
@@ -35,10 +41,34 @@ describe(`sql.escape`, function () {
     expect(sql.escape`
 SELECT ${User.attributes.id} ${Sequelize.literal('FROM')} ${User}
 WHERE ${User.attributes.name} LIKE ${'and%'} AND
+  ${sql`${User.attributes.name} LIKE ${'a%'} AND`}${sql``}
   ${User.attributes.id} = ${1}
-    `).to.deep.equal(`SELECT "id" FROM "Users" WHERE "name" LIKE 'and%' AND "id" = 1`)
+    `).to.deep.equal(`SELECT "id" FROM "Users" WHERE "name" LIKE 'and%' AND "name" LIKE 'a%' AND "id" = 1`)
   })
   it(`throws if it can't get a QueryGenerator`, function () {
     expect(() => sql.escape`SELECT ${1} + ${2};`).to.throw(Error, 'at least one of the expressions must be a sequelize Model or attribute')
   })
+  it(`can get QueryGenerator from Sequelize Model class`, function () {
+    const sequelize = new Sequelize('test', 'test', 'test', {dialect: 'postgres'})
+
+    const User = sequelize.define('User', {
+      name: {type: Sequelize.STRING},
+      birthday: {type: Sequelize.DATE},
+    })
+
+    expect(sql.escape`SELECT ${'foo'} FROM ${User}`).to.deep.equal(`SELECT 'foo' FROM "Users"`)
+  })
+  it(`handles escaped $ in nested templates properly`, function () {
+    expect(sql.escape`SELECT ${sql`'$$1'`}`).to.deep.equal(`SELECT '$$1'`)
+  })
+  it(`can get QueryGenerator from nested sql template`, async function (): Promise<void> {
+    const sequelize = new Sequelize('test', 'test', 'test', {dialect: 'postgres'})
+
+    const User = sequelize.define('User', {
+      name: {type: Sequelize.STRING},
+      birthday: {type: Sequelize.DATE},
+    })
+
+    expect(sql.escape`SELECT ${'foo'} FROM ${sql`${User}`}`).to.deep.equal(`SELECT 'foo' FROM "Users"`)
+  })
 })