feat: make query preperation a JIT operation to improve startup time

fix: issue with early return in prepare statement function
fix: issues caught by fuzzer
2020-06-03 01:03:12 -04:00 · 2020-05-31 18:10:50 -04:00 · 2020-05-31 14:11:28 -07:00 · 2020-05-30 23:36:44 -07:00 · 2020-05-29 02:27:53 -04:00 · 2020-05-29 02:23:54 -04:00
36 changed files with 882 additions and 725 deletions
--- a/6
+++ b/6
@ -29,9 +29,9 @@ COPY --from=react-build /web/build/ ./internal/serv/web/build

 RUN go mod vendor
 RUN make build
-RUN echo "Compressing binary, will take a bit of time..." && \
-  upx --ultra-brute -qq super-graph && \
-  upx -t super-graph
+# RUN echo "Compressing binary, will take a bit of time..." && \
+#   upx --ultra-brute -qq super-graph && \
+#   upx -t super-graph



--- a/core/api.go
+++ b/core/api.go
@ -49,6 +49,7 @@ import (
 	"crypto/sha256"
 	"database/sql"
 	"encoding/json"
+	"hash/maphash"
 	_log "log"
 	"os"

@ -83,7 +84,8 @@ type SuperGraph struct {
 	schema      *psql.DBSchema
 	allowList   *allow.List
 	encKey      [32]byte
-	prepared    map[string]*preparedItem
+	hashSeed    maphash.Seed
+	queries     map[uint64]*query
 	roles       map[string]*Role
 	getRole     *sql.Stmt
 	rmap        map[uint64]*resolvFn
@ -107,10 +109,11 @@ func newSuperGraph(conf *Config, db *sql.DB, dbinfo *psql.DBInfo) (*SuperGraph,
 	}

 	sg := &SuperGraph{
-		conf:   conf,
-		db:     db,
-		dbinfo: dbinfo,
-		log:    _log.New(os.Stdout, "", 0),
+		conf:     conf,
+		db:       db,
+		dbinfo:   dbinfo,
+		log:      _log.New(os.Stdout, "", 0),
+		hashSeed: maphash.MakeSeed(),
 	}

 	if err := sg.initConfig(); err != nil {
--- a/core/bench.11
+++ b/core/bench.11
@ -0,0 +1,41 @@
+INF roles_query not defined: attribute based access control disabled
+all expectations were already fulfilled, call to Query 'SELECT jsonb_build_object('users', "__sj_0"."json", 'products', "__sj_1"."json") as "__root" FROM (SELECT coalesce(jsonb_agg("__sj_1"."json"), '[]') as "json" FROM (SELECT to_jsonb("__sr_1".*) AS "json"FROM (SELECT "products_1"."id" AS "id", "products_1"."name" AS "name", "__sj_2"."json" AS "customers", "__sj_3"."json" AS "user" FROM (SELECT "products"."id", "products"."name", "products"."user_id" FROM "products" LIMIT ('20') :: integer) AS "products_1" LEFT OUTER JOIN LATERAL (SELECT to_jsonb("__sr_3".*) AS "json"FROM (SELECT "users_3"."full_name" AS "full_name", "users_3"."phone" AS "phone", "users_3"."email" AS "email" FROM (SELECT "users"."full_name", "users"."phone", "users"."email" FROM "users" WHERE ((("users"."id") = ("products_1"."user_id"))) LIMIT ('1') :: integer) AS "users_3") AS "__sr_3") AS "__sj_3" ON ('true') LEFT OUTER JOIN LATERAL (SELECT coalesce(jsonb_agg("__sj_2"."json"), '[]') as "json" FROM (SELECT to_jsonb("__sr_2".*) AS "json"FROM (SELECT "customers_2"."id" AS "id", "customers_2"."email" AS "email" FROM (SELECT "customers"."id", "customers"."email" FROM "customers" LEFT OUTER JOIN "purchases" ON (("purchases"."product_id") = ("products_1"."id")) WHERE ((("customers"."id") = ("purchases"."customer_id"))) LIMIT ('20') :: integer) AS "customers_2") AS "__sr_2") AS "__sj_2") AS "__sj_2" ON ('true')) AS "__sr_1") AS "__sj_1") AS "__sj_1", (SELECT coalesce(jsonb_agg("__sj_0"."json"), '[]') as "json" FROM (SELECT to_jsonb("__sr_0".*) AS "json"FROM (SELECT "users_0"."id" AS "id", "users_0"."name" AS "name" FROM (SELECT "users"."id" FROM "users" GROUP BY "users"."id" LIMIT ('20') :: integer) AS "users_0") AS "__sr_0") AS "__sj_0") AS "__sj_0"' with args [] was not expected
+goos: darwin
+goarch: amd64
+pkg: github.com/dosco/super-graph/core
+BenchmarkGraphQL-16    	INF roles_query not defined: attribute based access control disabled
+all expectations were already fulfilled, call to Query 'SELECT jsonb_build_object('users', "__sj_0"."json", 'products', "__sj_1"."json") as "__root" FROM (SELECT coalesce(jsonb_agg("__sj_1"."json"), '[]') as "json" FROM (SELECT to_jsonb("__sr_1".*) AS "json"FROM (SELECT "products_1"."id" AS "id", "products_1"."name" AS "name", "__sj_2"."json" AS "customers", "__sj_3"."json" AS "user" FROM (SELECT "products"."id", "products"."name", "products"."user_id" FROM "products" LIMIT ('20') :: integer) AS "products_1" LEFT OUTER JOIN LATERAL (SELECT to_jsonb("__sr_3".*) AS "json"FROM (SELECT "users_3"."full_name" AS "full_name", "users_3"."phone" AS "phone", "users_3"."email" AS "email" FROM (SELECT "users"."full_name", "users"."phone", "users"."email" FROM "users" WHERE ((("users"."id") = ("products_1"."user_id"))) LIMIT ('1') :: integer) AS "users_3") AS "__sr_3") AS "__sj_3" ON ('true') LEFT OUTER JOIN LATERAL (SELECT coalesce(jsonb_agg("__sj_2"."json"), '[]') as "json" FROM (SELECT to_jsonb("__sr_2".*) AS "json"FROM (SELECT "customers_2"."id" AS "id", "customers_2"."email" AS "email" FROM (SELECT "customers"."id", "customers"."email" FROM "customers" LEFT OUTER JOIN "purchases" ON (("purchases"."product_id") = ("products_1"."id")) WHERE ((("customers"."id") = ("purchases"."customer_id"))) LIMIT ('20') :: integer) AS "customers_2") AS "__sr_2") AS "__sj_2") AS "__sj_2" ON ('true')) AS "__sr_1") AS "__sj_1") AS "__sj_1", (SELECT coalesce(jsonb_agg("__sj_0"."json"), '[]') as "json" FROM (SELECT to_jsonb("__sr_0".*) AS "json"FROM (SELECT "users_0"."id" AS "id", "users_0"."name" AS "name" FROM (SELECT "users"."id" FROM "users" GROUP BY "users"."id" LIMIT ('20') :: integer) AS "users_0") AS "__sr_0") AS "__sj_0") AS "__sj_0"' with args [] was not expected
+INF roles_query not defined: attribute based access control disabled
+all expectations were already fulfilled, call to Query 'SELECT jsonb_build_object('users', "__sj_0"."json", 'products', "__sj_1"."json") as "__root" FROM (SELECT coalesce(jsonb_agg("__sj_1"."json"), '[]') as "json" FROM (SELECT to_jsonb("__sr_1".*) AS "json"FROM (SELECT "products_1"."id" AS "id", "products_1"."name" AS "name", "__sj_2"."json" AS "customers", "__sj_3"."json" AS "user" FROM (SELECT "products"."id", "products"."name", "products"."user_id" FROM "products" LIMIT ('20') :: integer) AS "products_1" LEFT OUTER JOIN LATERAL (SELECT to_jsonb("__sr_3".*) AS "json"FROM (SELECT "users_3"."full_name" AS "full_name", "users_3"."phone" AS "phone", "users_3"."email" AS "email" FROM (SELECT "users"."full_name", "users"."phone", "users"."email" FROM "users" WHERE ((("users"."id") = ("products_1"."user_id"))) LIMIT ('1') :: integer) AS "users_3") AS "__sr_3") AS "__sj_3" ON ('true') LEFT OUTER JOIN LATERAL (SELECT coalesce(jsonb_agg("__sj_2"."json"), '[]') as "json" FROM (SELECT to_jsonb("__sr_2".*) AS "json"FROM (SELECT "customers_2"."id" AS "id", "customers_2"."email" AS "email" FROM (SELECT "customers"."id", "customers"."email" FROM "customers" LEFT OUTER JOIN "purchases" ON (("purchases"."product_id") = ("products_1"."id")) WHERE ((("customers"."id") = ("purchases"."customer_id"))) LIMIT ('20') :: integer) AS "customers_2") AS "__sr_2") AS "__sj_2") AS "__sj_2" ON ('true')) AS "__sr_1") AS "__sj_1") AS "__sj_1", (SELECT coalesce(jsonb_agg("__sj_0"."json"), '[]') as "json" FROM (SELECT to_jsonb("__sr_0".*) AS "json"FROM (SELECT "users_0"."id" AS "id", "users_0"."name" AS "name" FROM (SELECT "users"."id" FROM "users" GROUP BY "users"."id" LIMIT ('20') :: integer) AS "users_0") AS "__sr_0") AS "__sj_0") AS "__sj_0"' with args [] was not expected
+INF roles_query not defined: attribute based access control disabled
+all expectations were already fulfilled, call to Query 'SELECT jsonb_build_object('users', "__sj_0"."json", 'products', "__sj_1"."json") as "__root" FROM (SELECT coalesce(jsonb_agg("__sj_1"."json"), '[]') as "json" FROM (SELECT to_jsonb("__sr_1".*) AS "json"FROM (SELECT "products_1"."id" AS "id", "products_1"."name" AS "name", "__sj_2"."json" AS "customers", "__sj_3"."json" AS "user" FROM (SELECT "products"."id", "products"."name", "products"."user_id" FROM "products" LIMIT ('20') :: integer) AS "products_1" LEFT OUTER JOIN LATERAL (SELECT to_jsonb("__sr_3".*) AS "json"FROM (SELECT "users_3"."full_name" AS "full_name", "users_3"."phone" AS "phone", "users_3"."email" AS "email" FROM (SELECT "users"."full_name", "users"."phone", "users"."email" FROM "users" WHERE ((("users"."id") = ("products_1"."user_id"))) LIMIT ('1') :: integer) AS "users_3") AS "__sr_3") AS "__sj_3" ON ('true') LEFT OUTER JOIN LATERAL (SELECT coalesce(jsonb_agg("__sj_2"."json"), '[]') as "json" FROM (SELECT to_jsonb("__sr_2".*) AS "json"FROM (SELECT "customers_2"."id" AS "id", "customers_2"."email" AS "email" FROM (SELECT "customers"."id", "customers"."email" FROM "customers" LEFT OUTER JOIN "purchases" ON (("purchases"."product_id") = ("products_1"."id")) WHERE ((("customers"."id") = ("purchases"."customer_id"))) LIMIT ('20') :: integer) AS "customers_2") AS "__sr_2") AS "__sj_2") AS "__sj_2" ON ('true')) AS "__sr_1") AS "__sj_1") AS "__sj_1", (SELECT coalesce(jsonb_agg("__sj_0"."json"), '[]') as "json" FROM (SELECT to_jsonb("__sr_0".*) AS "json"FROM (SELECT "users_0"."id" AS "id", "users_0"."name" AS "name" FROM (SELECT "users"."id" FROM "users" GROUP BY "users"."id" LIMIT ('20') :: integer) AS "users_0") AS "__sr_0") AS "__sj_0") AS "__sj_0"' with args [] was not expected
+  105048	     10398 ns/op	   18342 B/op	      55 allocs/op
+PASS
+ok  	github.com/dosco/super-graph/core	1.328s
+PASS
+ok  	github.com/dosco/super-graph/core/internal/allow	0.088s
+?   	github.com/dosco/super-graph/core/internal/crypto	[no test files]
+?   	github.com/dosco/super-graph/core/internal/integration_tests	[no test files]
+PASS
+ok  	github.com/dosco/super-graph/core/internal/integration_tests/cockroachdb	0.121s
+PASS
+ok  	github.com/dosco/super-graph/core/internal/integration_tests/postgresql	0.118s
+goos: darwin
+goarch: amd64
+pkg: github.com/dosco/super-graph/core/internal/psql
+BenchmarkCompile-16            	   79845	     14428 ns/op	    4584 B/op	      39 allocs/op
+BenchmarkCompileParallel-16    	  326205	      3918 ns/op	    4633 B/op	      39 allocs/op
+PASS
+ok  	github.com/dosco/super-graph/core/internal/psql	2.696s
+goos: darwin
+goarch: amd64
+pkg: github.com/dosco/super-graph/core/internal/qcode
+BenchmarkQCompile-16        	  146953	      8049 ns/op	    3756 B/op	      28 allocs/op
+BenchmarkQCompileP-16       	  475936	      2447 ns/op	    3790 B/op	      28 allocs/op
+BenchmarkParse-16           	  140811	      8163 ns/op	    3902 B/op	      18 allocs/op
+BenchmarkParseP-16          	  571345	      2041 ns/op	    3903 B/op	      18 allocs/op
+BenchmarkSchemaParse-16     	  230715	      5012 ns/op	    3968 B/op	      57 allocs/op
+BenchmarkSchemaParseP-16    	  802426	      1565 ns/op	    3968 B/op	      57 allocs/op
+PASS
+ok  	github.com/dosco/super-graph/core/internal/qcode	8.427s
+?   	github.com/dosco/super-graph/core/internal/util	[no test files]
--- a/core/config.go
+++ b/core/config.go
@ -30,12 +30,10 @@ type Config struct {
 	// or other database functions
 	SetUserID bool `mapstructure:"set_user_id"`

-	// DefaultAllow reverses the blocked by default behaviour for queries in
-	// anonymous mode. (anon role)
-	// For example if the table `users` is not listed under the anon role then
-	// access to it would by default for unauthenticated queries this reverses
-	// this behavior (!!! Use with caution !!!!)
-	DefaultAllow bool `mapstructure:"default_allow"`
+	// DefaultBlock ensures that in anonymous mode (role 'anon') all tables
+	// are blocked from queries and mutations. To open access to tables in
+	// anonymous mode they have to be added to the 'anon' role config.
+	DefaultBlock bool `mapstructure:"default_block"`

 	// Vars is a map of hardcoded variables that can be leveraged in your
 	// queries (eg variable admin_id will be $admin_id in the query)
@ -57,6 +55,9 @@ type Config struct {
 	// Roles contains all the configuration for all the roles you want to support
 	// `user` and `anon` are two default roles. User role is for when a user ID is
 	// available and Anon when it's not.
+	//
+	// If you're using the RolesQuery config to enable atribute based acess control then
+	// you can add more custom roles.
 	Roles []Role

 	// Inflections is to add additionally singular to plural mappings
@ -108,12 +109,12 @@ type Role struct {
 // RoleTable struct contains role specific access control values for a database table
 type RoleTable struct {
 	Name     string
-	ReadOnly *bool `mapstructure:"read_only"`
+	ReadOnly bool `mapstructure:"read_only"`

-	Query  Query
-	Insert Insert
-	Update Update
-	Delete Delete
+	Query  *Query
+	Insert *Insert
+	Update *Update
+	Delete *Delete
 }

 // Query struct contains access control values for query operations
@ -122,7 +123,7 @@ type Query struct {
 	Filters          []string
 	Columns          []string
 	DisableFunctions bool `mapstructure:"disable_functions"`
-	Block            *bool
+	Block            bool
 }

 // Insert struct contains access control values for insert operations
@ -130,7 +131,7 @@ type Insert struct {
 	Filters []string
 	Columns []string
 	Presets map[string]string
-	Block   *bool
+	Block   bool
 }

 // Insert struct contains access control values for update operations
@ -138,14 +139,59 @@ type Update struct {
 	Filters []string
 	Columns []string
 	Presets map[string]string
-	Block   *bool
+	Block   bool
 }

 // Delete struct contains access control values for delete operations
 type Delete struct {
 	Filters []string
 	Columns []string
-	Block   *bool
+	Block   bool
+}
+
+// AddRoleTable function is a helper function to make it easy to add per-table
+// row-level config
+func (c *Config) AddRoleTable(role string, table string, conf interface{}) error {
+	var r *Role
+
+	for i := range c.Roles {
+		if strings.EqualFold(c.Roles[i].Name, role) {
+			r = &c.Roles[i]
+			break
+		}
+	}
+	if r == nil {
+		nr := Role{Name: role}
+		c.Roles = append(c.Roles, nr)
+		r = &nr
+	}
+
+	var t *RoleTable
+	for i := range r.Tables {
+		if strings.EqualFold(r.Tables[i].Name, table) {
+			t = &r.Tables[i]
+			break
+		}
+	}
+	if t == nil {
+		nt := RoleTable{Name: table}
+		r.Tables = append(r.Tables, nt)
+		t = &nt
+	}
+
+	switch v := conf.(type) {
+	case Query:
+		t.Query = &v
+	case Insert:
+		t.Insert = &v
+	case Update:
+		t.Update = &v
+	case Delete:
+		t.Delete = &v
+	default:
+		return fmt.Errorf("unsupported object type: %t", v)
+	}
+	return nil
 }

 // ReadInConfig function reads in the config file for the environment specified in the GO_ENV
--- a/core/core.go
+++ b/core/core.go
@ -5,6 +5,7 @@ import (
 	"database/sql"
 	"encoding/json"
 	"fmt"
+	"hash/maphash"
 	"time"

 	"github.com/dosco/super-graph/core/internal/psql"
@ -90,7 +91,8 @@ func (sg *SuperGraph) initCompilers() error {
 	}

 	sg.qc, err = qcode.NewCompiler(qcode.Config{
-		Blocklist: sg.conf.Blocklist,
+		DefaultBlock: sg.conf.DefaultBlock,
+		Blocklist:    sg.conf.Blocklist,
 	})
 	if err != nil {
 		return err
@ -164,32 +166,43 @@ func (c *scontext) resolvePreparedSQL() ([]byte, *stmt, error) {

 	} else {
 		role = c.role
-
 	}

 	c.res.role = role

-	ps, ok := c.sg.prepared[stmtHash(c.res.name, role)]
+	h := maphash.Hash{}
+	h.SetSeed(c.sg.hashSeed)
+
+	q, ok := c.sg.queries[queryID(&h, c.res.name, role)]
 	if !ok {
 		return nil, nil, errNotFound
 	}
-	c.res.sql = ps.st.sql
+
+	if q.sd == nil {
+		q.Do(func() { c.sg.prepare(q, role) })
+
+		if q.err != nil {
+			return nil, nil, err
+		}
+	}
+
+	c.res.sql = q.st.sql

 	var root []byte
 	var row *sql.Row

-	varsList, err := c.argList(ps.st.md)
+	varsList, err := c.argList(q.st.md)
 	if err != nil {
 		return nil, nil, err
 	}

 	if useTx {
-		row = tx.Stmt(ps.sd).QueryRow(varsList...)
+		row = tx.Stmt(q.sd).QueryRow(varsList...)
 	} else {
-		row = ps.sd.QueryRow(varsList...)
+		row = q.sd.QueryRow(varsList...)
 	}

-	if ps.roleArg {
+	if q.roleArg {
 		err = row.Scan(&role, &root)
 	} else {
 		err = row.Scan(&root)
@ -203,15 +216,15 @@ func (c *scontext) resolvePreparedSQL() ([]byte, *stmt, error) {

 	if useTx {
 		if err := tx.Commit(); err != nil {
-			return nil, nil, err
+			return nil, nil, q.err
 		}
 	}

-	if root, err = c.sg.encryptCursor(ps.st.qc, root); err != nil {
+	if root, err = c.sg.encryptCursor(q.st.qc, root); err != nil {
 		return nil, nil, err
 	}

-	return root, &ps.st, nil
+	return root, &q.st, nil
 }

 func (c *scontext) resolveSQL() ([]byte, *stmt, error) {
--- a/core/init.go
+++ b/core/init.go
@ -74,7 +74,7 @@ func (sg *SuperGraph) initConfig() error {
 	}

 	if c.RolesQuery == "" {
-		sg.log.Printf("WRN roles_query not defined: attribute based access control disabled")
+		sg.log.Printf("INF roles_query not defined: attribute based access control disabled")
 	}

 	_, userExists := sg.roles["user"]
@ -196,7 +196,7 @@ func addForeignKey(di *psql.DBInfo, c Column, t Table) error {
 func addRoles(c *Config, qc *qcode.Compiler) error {
 	for _, r := range c.Roles {
 		for _, t := range r.Tables {
-			if err := addRole(qc, r, t, c.DefaultAllow); err != nil {
+			if err := addRole(qc, r, t, c.DefaultBlock); err != nil {
 				return err
 			}
 		}
@ -205,67 +205,56 @@ func addRoles(c *Config, qc *qcode.Compiler) error {
 	return nil
 }

-func addRole(qc *qcode.Compiler, r Role, t RoleTable, defaultAllow bool) error {
-	ro := true // read-only
+func addRole(qc *qcode.Compiler, r Role, t RoleTable, defaultBlock bool) error {
+	ro := false // read-only

-	if defaultAllow {
-		ro = false
+	if defaultBlock && r.Name == "anon" {
+		ro = true
 	}

-	if r.Name != "anon" {
-		ro = false
+	if t.ReadOnly {
+		ro = true
 	}

-	if t.ReadOnly != nil {
-		ro = *t.ReadOnly
+	query := qcode.QueryConfig{Block: false}
+	insert := qcode.InsertConfig{Block: ro}
+	update := qcode.UpdateConfig{Block: ro}
+	del := qcode.DeleteConfig{Block: ro}
+
+	if t.Query != nil {
+		query = qcode.QueryConfig{
+			Limit:            t.Query.Limit,
+			Filters:          t.Query.Filters,
+			Columns:          t.Query.Columns,
+			DisableFunctions: t.Query.DisableFunctions,
+			Block:            t.Query.Block,
+		}
 	}

-	blocked := struct {
-		query  bool
-		insert bool
-		update bool
-		delete bool
-	}{false, ro, ro, ro}
-
-	if t.Query.Block != nil {
-		blocked.query = *t.Query.Block
-	}
-	if t.Insert.Block != nil {
-		blocked.insert = *t.Insert.Block
-	}
-	if t.Update.Block != nil {
-		blocked.update = *t.Update.Block
-	}
-	if t.Delete.Block != nil {
-		blocked.delete = *t.Delete.Block
+	if t.Insert != nil {
+		insert = qcode.InsertConfig{
+			Filters: t.Insert.Filters,
+			Columns: t.Insert.Columns,
+			Presets: t.Insert.Presets,
+			Block:   t.Insert.Block,
+		}
 	}

-	query := qcode.QueryConfig{
-		Limit:            t.Query.Limit,
-		Filters:          t.Query.Filters,
-		Columns:          t.Query.Columns,
-		DisableFunctions: t.Query.DisableFunctions,
-		Block:            blocked.query,
+	if t.Update != nil {
+		update = qcode.UpdateConfig{
+			Filters: t.Update.Filters,
+			Columns: t.Update.Columns,
+			Presets: t.Update.Presets,
+			Block:   t.Update.Block,
+		}
 	}

-	insert := qcode.InsertConfig{
-		Filters: t.Insert.Filters,
-		Columns: t.Insert.Columns,
-		Presets: t.Insert.Presets,
-		Block:   blocked.insert,
-	}
-
-	update := qcode.UpdateConfig{
-		Filters: t.Update.Filters,
-		Columns: t.Update.Columns,
-		Presets: t.Update.Presets,
-		Block:   blocked.update,
-	}
-
-	del := qcode.DeleteConfig{
-		Filters: t.Delete.Filters,
-		Columns: t.Delete.Columns,
-		Block:   blocked.delete,
+	if t.Delete != nil {
+		del = qcode.DeleteConfig{
+			Filters: t.Delete.Filters,
+			Columns: t.Delete.Columns,
+			Block:   t.Delete.Block,
+		}
 	}

 	return qc.AddRole(r.Name, t.Name, qcode.TRConfig{
--- a/core/internal/allow/allow.go
+++ b/core/internal/allow/allow.go
@ -6,6 +6,7 @@ import (
 	"errors"
 	"fmt"
 	"io/ioutil"
+	"log"
 	"os"
 	"sort"
 	"strings"
@ -35,6 +36,7 @@ type List struct {
 type Config struct {
 	CreateIfNotExists bool
 	Persist           bool
+	Log               *log.Logger
 }

 func New(filename string, conf Config) (*List, error) {
@ -80,6 +82,12 @@ func New(filename string, conf Config) (*List, error) {
 		} else {
 			al.filepath = filename
 		}
+
+		if file, err := os.OpenFile(al.filepath, os.O_RDONLY|os.O_CREATE, 0644); err != nil {
+			return nil, err
+		} else {
+			file.Close()
+		}
 	}

 	var err error
@ -89,8 +97,10 @@ func New(filename string, conf Config) (*List, error) {

 		go func() {
 			for v := range al.saveChan {
-				if err = al.save(v); err != nil {
-					break
+				err := al.save(v)
+
+				if err != nil && conf.Log != nil {
+					conf.Log.Println("WRN allow list save:", err)
 				}
 			}
 		}()
--- a/core/internal/integration_tests/integration_tests.go
+++ b/core/internal/integration_tests/integration_tests.go
@ -55,19 +55,6 @@ func TestSuperGraph(t *testing.T, db *sql.DB, before func(t *testing.T)) {
 	config.AllowListFile = "./allow.list"
 	config.RolesQuery = `SELECT * FROM users WHERE id = $user_id`

-	blockFalse := false
-
-	config.Roles = []core.Role{
-		core.Role{
-			Name: "anon",
-			Tables: []core.RoleTable{
-				core.RoleTable{Name: "users", ReadOnly: &blockFalse, Query: core.Query{Limit: 100}},
-				core.RoleTable{Name: "product", ReadOnly: &blockFalse, Query: core.Query{Limit: 100}},
-				core.RoleTable{Name: "line_item", ReadOnly: &blockFalse, Query: core.Query{Limit: 100}},
-			},
-		},
-	}
-
 	sg, err := core.NewSuperGraph(&config, db)
 	require.NoError(t, err)
 	ctx := context.Background()
--- a/core/internal/psql/fuzz.go
+++ b/core/internal/psql/fuzz.go
@ -11,7 +11,7 @@ import (
 var (
 	qcompileTest, _ = qcode.NewCompiler(qcode.Config{})

-	schema = GetTestSchema()
+	schema, _ = GetTestSchema()

 	vars = map[string]string{
 		"admin_account_id": "5",
@ -25,6 +25,37 @@ var (

 // FuzzerEntrypoint for Fuzzbuzz
 func Fuzz(data []byte) int {
+	err1 := query(data)
+	err2 := insert(data)
+	err3 := update(data)
+	err4 := delete(data)
+
+	if err1 != nil || err2 != nil || err3 != nil || err4 != nil {
+		return 0
+	}
+
+	return 1
+}
+
+func query(data []byte) error {
+	gql := data
+
+	qc, err1 := qcompileTest.Compile(gql, "user")
+
+	vars := map[string]json.RawMessage{
+		"data": json.RawMessage(data),
+	}
+
+	_, _, err2 := pcompileTest.CompileEx(qc, vars)
+
+	if err1 != nil {
+		return err1
+	} else {
+		return err2
+	}
+}
+
+func insert(data []byte) error {
 	gql := `mutation {
 		product(insert: $data) {
 			id
@ -47,9 +78,57 @@ func Fuzz(data []byte) int {
 	}

 	_, _, err = pcompileTest.CompileEx(qc, vars)
+	return err
+}
+
+func update(data []byte) error {
+	gql := `mutation {
+		product(insert: $data) {
+			id
+			name
+			user {
+				id
+				full_name
+				email
+			}
+		}
+	}`
+
+	qc, err := qcompileTest.Compile([]byte(gql), "user")
 	if err != nil {
-		return 0
+		panic("qcompile can't fail")
 	}

-	return 1
+	vars := map[string]json.RawMessage{
+		"data": json.RawMessage(data),
+	}
+
+	_, _, err = pcompileTest.CompileEx(qc, vars)
+	return err
+}
+
+func delete(data []byte) error {
+	gql := `mutation {
+		product(insert: $data) {
+			id
+			name
+			user {
+				id
+				full_name
+				email
+			}
+		}
+	}`
+
+	qc, err := qcompileTest.Compile([]byte(gql), "user")
+	if err != nil {
+		panic("qcompile can't fail")
+	}
+
+	vars := map[string]json.RawMessage{
+		"data": json.RawMessage(data),
+	}
+
+	_, _, err = pcompileTest.CompileEx(qc, vars)
+	return err
 }
--- a/core/internal/psql/fuzz_test.go
+++ b/core/internal/psql/fuzz_test.go
@ -0,0 +1,20 @@
+// +build gofuzz
+
+package psql
+
+import (
+	"testing"
+)
+
+var ret int
+
+func TestFuzzCrashers(t *testing.T) {
+	var crashers = []string{
+		"{\"connect\":{}}",
+		"q(q{q{q{q{q{q{q{q{",
+	}
+
+	for _, f := range crashers {
+		ret = Fuzz([]byte(f))
+	}
+}
--- a/core/internal/psql/mutate.go
+++ b/core/internal/psql/mutate.go
@ -542,6 +542,10 @@ func (c *compilerContext) renderConnectStmt(qc *qcode.QCode, w io.Writer,

 	rel := item.relPC

+	if rel == nil {
+		return errors.New("invalid connect value")
+	}
+
 	// Render only for parent-to-child relationship of one-to-one
 	// For this to work the child needs to found first so it's primary key
 	// can be set in the related column on the parent object.
--- a/core/internal/psql/query.go
+++ b/core/internal/psql/query.go
@ -7,6 +7,7 @@ import (
 	"errors"
 	"fmt"
 	"io"
+	"strconv"
 	"strings"

 	"github.com/dosco/super-graph/core/internal/qcode"
@ -79,6 +80,10 @@ func (co *Compiler) CompileEx(qc *qcode.QCode, vars Variables) (Metadata, []byte
 }

 func (co *Compiler) Compile(w io.Writer, qc *qcode.QCode, vars Variables) (Metadata, error) {
+	if qc == nil {
+		return Metadata{}, fmt.Errorf("qcode is nil")
+	}
+
 	switch qc.Type {
 	case qcode.QTQuery:
 		return co.compileQuery(w, qc, vars)
@ -1352,26 +1357,6 @@ func squoted(w io.Writer, identifier string) {
 	io.WriteString(w, `'`)
 }

-const charset = "0123456789"
-
 func int32String(w io.Writer, val int32) {
-	if val < 10 {
-		w.Write([]byte{charset[val]})
-		return
-	}
-
-	temp := int32(0)
-	val2 := val
-	for val2 > 0 {
-		temp *= 10
-		temp += val2 % 10
-		val2 = int32(float64(val2 / 10))
-	}
-
-	val3 := temp
-	for val3 > 0 {
-		d := val3 % 10
-		val3 /= 10
-		w.Write([]byte{charset[d]})
-	}
+	io.WriteString(w, strconv.FormatInt(int64(val), 10))
 }
--- a/core/internal/qcode/bench.10
+++ b/core/internal/qcode/bench.10
@ -0,0 +1,11 @@
+goos: darwin
+goarch: amd64
+pkg: github.com/dosco/super-graph/core/internal/qcode
+BenchmarkQCompile-16        	  120888	      9236 ns/op	    3755 B/op	      28 allocs/op
+BenchmarkQCompileP-16       	  502248	      2620 ns/op	    3795 B/op	      28 allocs/op
+BenchmarkParse-16           	  128370	      9294 ns/op	    3902 B/op	      18 allocs/op
+BenchmarkParseP-16          	  575752	      2340 ns/op	    3903 B/op	      18 allocs/op
+BenchmarkSchemaParse-16     	  212048	      5779 ns/op	    3968 B/op	      57 allocs/op
+BenchmarkSchemaParseP-16    	  630918	      1686 ns/op	    3968 B/op	      57 allocs/op
+PASS
+ok  	github.com/dosco/super-graph/core/internal/qcode	7.710s
--- a/core/internal/qcode/config.go
+++ b/core/internal/qcode/config.go
@ -6,7 +6,8 @@ import (
 )

 type Config struct {
-	Blocklist []string
+	DefaultBlock bool
+	Blocklist    []string
 }

 type QueryConfig struct {
--- a/core/internal/qcode/parse.go
+++ b/core/internal/qcode/parse.go
@ -201,6 +201,7 @@ func (p *Parser) peek(types ...itemType) bool {
 	// if p.items[n]._type == itemEOF {
 	// 	return false
 	// }
+
 	if n >= len(p.items) {
 		return false
 	}
@ -299,7 +300,7 @@ func (p *Parser) parseFields(fields []Field) ([]Field, error) {
 			return nil, fmt.Errorf("too many fields (max %d)", maxFields)
 		}

-		if p.peek(itemObjClose) {
+		if p.peek(itemEOF, itemObjClose) {
 			p.ignore()
 			st.Pop()

@ -385,7 +386,7 @@ func (p *Parser) parseOpParams(args []Arg) ([]Arg, error) {
 			return nil, fmt.Errorf("too many args (max %d)", maxArgs)
 		}

-		if p.peek(itemArgsClose) {
+		if p.peek(itemEOF, itemArgsClose) {
 			p.ignore()
 			break
 		}
@ -403,7 +404,7 @@ func (p *Parser) parseArgs(args []Arg) ([]Arg, error) {
 			return nil, fmt.Errorf("too many args (max %d)", maxArgs)
 		}

-		if p.peek(itemArgsClose) {
+		if p.peek(itemEOF, itemArgsClose) {
 			p.ignore()
 			break
 		}
@ -470,7 +471,7 @@ func (p *Parser) parseObj() (*Node, error) {
 	parent.Reset()

 	for {
-		if p.peek(itemObjClose) {
+		if p.peek(itemEOF, itemObjClose) {
 			p.ignore()
 			break
 		}
--- a/core/internal/qcode/qcode.go
+++ b/core/internal/qcode/qcode.go
@ -172,6 +172,8 @@ const (
 type Compiler struct {
 	tr map[string]map[string]*trval
 	bl map[string]struct{}
+
+	defBlock bool
 }

 var expPool = sync.Pool{
@ -179,7 +181,7 @@ var expPool = sync.Pool{
 }

 func NewCompiler(c Config) (*Compiler, error) {
-	co := &Compiler{}
+	co := &Compiler{defBlock: c.DefaultBlock}
 	co.tr = make(map[string]map[string]*trval)
 	co.bl = make(map[string]struct{}, len(c.Blocklist))

@ -358,7 +360,7 @@ func (com *Compiler) compileQuery(qc *QCode, op *Operation, role string) error {
 			}

 		} else if role == "anon" {
-			skipRender = true
+			skipRender = com.defBlock
 		}

 		selects = append(selects, Select{
--- a/core/prepare.go
+++ b/core/prepare.go
@ -2,126 +2,97 @@ package core

 import (
 	"bytes"
-	"context"
-	"crypto/sha256"
 	"database/sql"
-	"encoding/hex"
 	"fmt"
+	"hash/maphash"
 	"io"
 	"strings"
+	"sync"

 	"github.com/dosco/super-graph/core/internal/allow"
 	"github.com/dosco/super-graph/core/internal/qcode"
 )

-type preparedItem struct {
+type query struct {
+	sync.Once
 	sd      *sql.Stmt
+	ai      allow.Item
+	qt      qcode.QType
+	err     error
 	st      stmt
 	roleArg bool
 }

-func (sg *SuperGraph) initPrepared() error {
-	ct := context.Background()
+func (sg *SuperGraph) prepare(q *query, role string) {
+	var stmts []stmt
+	var err error

+	qb := []byte(q.ai.Query)
+
+	switch q.qt {
+	case qcode.QTQuery:
+		if sg.abacEnabled {
+			stmts, err = sg.buildMultiStmt(qb, q.ai.Vars)
+		} else {
+			stmts, err = sg.buildRoleStmt(qb, q.ai.Vars, role)
+		}
+
+	case qcode.QTMutation:
+		stmts, err = sg.buildRoleStmt(qb, q.ai.Vars, role)
+	}
+
+	if err != nil {
+		sg.log.Printf("WRN %s %s: %v", q.qt, q.ai.Name, err)
+	}
+
+	q.st = stmts[0]
+	q.roleArg = len(stmts) > 1
+
+	q.sd, err = sg.db.Prepare(q.st.sql)
+	if err != nil {
+		q.err = fmt.Errorf("prepare failed: %v: %s", err, q.st.sql)
+	}
+}
+
+func (sg *SuperGraph) initPrepared() error {
 	if sg.allowList.IsPersist() {
 		return nil
 	}
-	sg.prepared = make(map[string]*preparedItem)

-	tx, err := sg.db.BeginTx(ct, nil)
-	if err != nil {
-		return err
-	}
-	defer tx.Rollback() //nolint: errcheck
-
-	if err = sg.prepareRoleStmt(tx); err != nil {
-		return fmt.Errorf("prepareRoleStmt: %w", err)
+	if err := sg.prepareRoleStmt(); err != nil {
+		return fmt.Errorf("role query: %w", err)
 	}

-	if err := tx.Commit(); err != nil {
-		return err
-	}
-
-	success := 0
+	sg.queries = make(map[uint64]*query)

 	list, err := sg.allowList.Load()
 	if err != nil {
 		return err
 	}

+	h := maphash.Hash{}
+	h.SetSeed(sg.hashSeed)
+
 	for _, v := range list {
 		if len(v.Query) == 0 {
 			continue
 		}
+		q := &query{ai: v, qt: qcode.GetQType(v.Query)}

-		err := sg.prepareStmt(v)
-		if err != nil {
-			sg.log.Printf("WRN %s: %v", v.Name, err)
-		} else {
-			success++
-		}
-	}
+		switch q.qt {
+		case qcode.QTQuery:
+			sg.queries[queryID(&h, v.Name, "user")] = q
+			h.Reset()

-	sg.log.Printf("INF allow list: prepared %d / %d queries", success, len(list))
-
-	return nil
-}
-
-func (sg *SuperGraph) prepareStmt(item allow.Item) error {
-	query := item.Query
-	qb := []byte(query)
-	vars := item.Vars
-
-	qt := qcode.GetQType(query)
-	ct := context.Background()
-	switch qt {
-	case qcode.QTQuery:
-		var stmts1 []stmt
-		var err error
-
-		if sg.abacEnabled {
-			stmts1, err = sg.buildMultiStmt(qb, vars)
-		} else {
-			stmts1, err = sg.buildRoleStmt(qb, vars, "user")
-		}
-
-		if err != nil {
-			return err
-		}
-
-		//logger.Debug().Msgf("Prepared statement 'query %s' (user)", item.Name)
-
-		err = sg.prepare(ct, stmts1, stmtHash(item.Name, "user"))
-		if err != nil {
-			return err
-		}
-
-		if sg.anonExists {
-			// logger.Debug().Msgf("Prepared statement 'query %s' (anon)", item.Name)
-
-			stmts2, err := sg.buildRoleStmt(qb, vars, "anon")
-			if err != nil {
-				return err
+			if sg.anonExists {
+				sg.queries[queryID(&h, v.Name, "anon")] = q
+				h.Reset()
 			}

-			err = sg.prepare(ct, stmts2, stmtHash(item.Name, "anon"))
-			if err != nil {
-				return err
-			}
-		}
-
-	case qcode.QTMutation:
-		for _, role := range sg.conf.Roles {
-			// logger.Debug().Msgf("Prepared statement 'mutation %s' (%s)", item.Name, role.Name)
-
-			stmts, err := sg.buildRoleStmt(qb, vars, role.Name)
-			if err != nil {
-				return err
-			}
-
-			err = sg.prepare(ct, stmts, stmtHash(item.Name, role.Name))
-			if err != nil {
-				return err
+		case qcode.QTMutation:
+			for _, role := range sg.conf.Roles {
+				sg.queries[queryID(&h, v.Name, role.Name)] = q
+				h.Reset()
 			}
 		}
 	}
@ -129,22 +100,8 @@ func (sg *SuperGraph) prepareStmt(item allow.Item) error {
 	return nil
 }

-func (sg *SuperGraph) prepare(ct context.Context, st []stmt, key string) error {
-	sd, err := sg.db.PrepareContext(ct, st[0].sql)
-	if err != nil {
-		return fmt.Errorf("prepare failed: %v: %s", err, st[0].sql)
-	}
-
-	sg.prepared[key] = &preparedItem{
-		sd:      sd,
-		st:      st[0],
-		roleArg: len(st) > 1,
-	}
-	return nil
-}
-
 // nolint: errcheck
-func (sg *SuperGraph) prepareRoleStmt(tx *sql.Tx) error {
+func (sg *SuperGraph) prepareRoleStmt() error {
 	var err error

 	if !sg.abacEnabled {
@ -175,7 +132,7 @@ func (sg *SuperGraph) prepareRoleStmt(tx *sql.Tx) error {
 	io.WriteString(w, `) AS "_sg_auth_roles_query" LIMIT 1) `)
 	io.WriteString(w, `ELSE 'anon' END) FROM (VALUES (1)) AS "_sg_auth_filler" LIMIT 1; `)

-	sg.getRole, err = tx.Prepare(w.String())
+	sg.getRole, err = sg.db.Prepare(w.String())
 	if err != nil {
 		return err
 	}
@ -187,15 +144,14 @@ func (sg *SuperGraph) initAllowList() error {
 	var ac allow.Config
 	var err error

-	if len(sg.conf.AllowListFile) == 0 {
-		sg.conf.UseAllowList = false
-		sg.log.Printf("WRN allow list disabled no file specified")
+	if sg.conf.AllowListFile == "" {
+		sg.conf.AllowListFile = "allow.list"
 	}

 	// When list is not eabled it is still created and
 	// and new queries are saved to it.
 	if !sg.conf.UseAllowList {
-		ac = allow.Config{CreateIfNotExists: true, Persist: true}
+		ac = allow.Config{CreateIfNotExists: true, Persist: true, Log: sg.log}
 	}

 	sg.allowList, err = allow.New(sg.conf.AllowListFile, ac)
@ -207,9 +163,8 @@ func (sg *SuperGraph) initAllowList() error {
 }

 // nolint: errcheck
-func stmtHash(name string, role string) string {
-	h := sha256.New()
-	io.WriteString(h, strings.ToLower(name))
-	io.WriteString(h, role)
-	return hex.EncodeToString(h.Sum(nil))
+func queryID(h *maphash.Hash, name string, role string) uint64 {
+	h.WriteString(name)
+	h.WriteString(role)
+	return h.Sum64()
 }
--- a/docs/website/docs/seed.md
+++ b/docs/website/docs/seed.md
@ -0,0 +1,249 @@
+---
+id: seed
+title: Database Seeding
+sidebar_label: Seed Scripts
+---
+
+While developing it's often useful to be able to have fake data available in the database. Fake data can help with building the UI and save you time when trying to get the GraphQL query correct. Super Graph has the ability do this for you. All you have to do is write a seed script `config/seed.js` (In Javascript) and use the `db:seed` command line option. Below is an example of kind of things you can do in a seed script.
+
+## Creating fake users
+
+Since all mutations and queries are in standard GraphQL you can use all the features available in Super Graph GraphQL.
+
+```javascript
+var users = [];
+
+for (i = 0; i < 20; i++) {
+  var data = {
+    slug: util.make_slug(fake.first_name() + "-" + fake.last_name()),
+    first_name: fake.first_name(),
+    last_name: fake.last_name(),
+    picture_url: fake.avatar_url(),
+    email: fake.email(),
+    bio: fake.sentence(10),
+  };
+
+  var res = graphql(" \
+	mutation { \
+		user(insert: $data) { \
+			id \
+		} \
+	}", { data: data });
+
+  users.push(res.user);
+}
+```
+
+## Inserting the users fake blog posts
+
+Another example highlighting how the `connect` syntax of Super Graph GraphQL can be used to connect inserted posts
+to random users that were previously created. For futher details checkout the [seed script](/seed) documentation.
+
+```javascript
+var posts = [];
+
+for (i = 0; i < 1500; i++) {
+  var user.id = users[Math.floor(Math.random() * 10)];
+
+  var data = {
+    slug:       util.make_slug(fake.sentence(3) + i),
+    body:       fake.sentence(100),
+    published:   true,
+    thread: {
+      connect: { user: user.id }
+    }
+  }
+
+  var res = graphql(" \
+  mutation { \
+    post(insert: $data) { \
+      id \
+    } \
+  }",
+  { data: data },
+  { user_id: u.id })
+
+  posts.push(res.post.slug)
+}
+```
+
+## Insert a large number of rows efficiently
+
+This feature uses the `COPY` functionality available in Postgres this is the best way to
+insert a large number of rows into a table. The `import_csv` function reads in a CSV file using the first
+line of the file as column names.
+
+```javascript
+import_csv("post_tags", "./tags.csv");
+```
+
+## A list of fake data functions available to you.
+
+```
+person
+name
+name_prefix
+name_suffix
+first_name
+last_name
+gender
+ssn
+contact
+email
+phone
+phone_formatted
+username
+password
+
+// Address
+address
+city
+country
+country_abr
+state
+state_abr
+street
+street_name
+street_number
+street_prefix
+street_suffix
+zip
+latitude
+latitude_in_range
+longitude
+longitude_in_range
+
+// Beer
+beer_alcohol
+beer_hop
+beer_ibu
+beer_blg
+beer_malt
+beer_name
+beer_style
+beer_yeast
+
+// Cars
+car
+car_type
+car_maker
+car_model
+
+// Text
+word
+sentence
+paragraph
+question
+quote
+
+// Misc
+generate
+boolean
+uuid
+
+// Colors
+color
+hex_color
+rgb_color
+safe_color
+
+// Internet
+url
+image_url
+avatar_url
+domain_name
+domain_suffix
+ipv4_address
+ipv6_address
+http_method
+user_agent
+user_agent_firefox
+user_agent_chrome
+user_agent_opera
+user_agent_safari
+
+// Date / Time
+date
+date_range
+nano_second
+second
+minute
+hour
+month
+day
+weekday
+year
+timezone
+timezone_abv
+timezone_full
+timezone_offset
+
+// Payment
+price
+credit_card
+credit_card_cvv
+credit_card_number
+credit_card_type
+currency
+currency_long
+currency_short
+
+// Company
+bs
+buzzword
+company
+company_suffix
+job
+job_description
+job_level
+job_title
+
+// Hacker
+hacker_abbreviation
+hacker_adjective
+hacker_noun
+hacker_phrase
+hacker_verb
+
+//Hipster
+hipster_word
+hipster_paragraph
+hipster_sentence
+
+// File
+file_extension
+file_mine_type
+
+// Numbers
+number
+numerify
+int8
+int16
+int32
+int64
+uint8
+uint16
+uint32
+uint64
+float32
+float32_range
+float64
+float64_range
+shuffle_ints
+mac_address
+
+// String
+digit
+letter
+lexify
+rand_string
+numerify
+```
+
+## Some more utility functions
+
+```
+shuffle_strings(string_array)
+make_slug(text)
+make_slug_lang(text, lang)
+```
--- a/docs/website/docs/start.md
+++ b/docs/website/docs/start.md
@ -96,179 +96,6 @@ var post_count = import_csv("posts", "posts.csv");

 You can generate the following fake data for your seeding purposes. Below is the list of fake data functions supported by the built-in fake data library. For example `fake.image_url()` will generate a fake image url or `fake.shuffle_strings(['hello', 'world', 'cool'])` will generate a randomly shuffled version of that array of strings or `fake.rand_string(['hello', 'world', 'cool'])` will return a random string from the array provided.

-```
-// Person
-person
-name
-name_prefix
-name_suffix
-first_name
-last_name
-gender
-ssn
-contact
-email
-phone
-phone_formatted
-username
-password
-
-// Address
-address
-city
-country
-country_abr
-state
-state_abr
-status_code
-street
-street_name
-street_number
-street_prefix
-street_suffix
-zip
-latitude
-latitude_in_range
-longitude
-longitude_in_range
-
-// Beer
-beer_alcohol
-beer_hop
-beer_ibu
-beer_blg
-beer_malt
-beer_name
-beer_style
-beer_yeast
-
-// Cars
-car
-car_type
-car_maker
-car_model
-
-// Text
-word
-sentence
-paragraph
-question
-quote
-
-// Misc
-generate
-boolean
-uuid
-
-// Colors
-color
-hex_color
-rgb_color
-safe_color
-
-// Internet
-url
-image_url
-domain_name
-domain_suffix
-ipv4_address
-ipv6_address
-simple_status_code
-http_method
-user_agent
-user_agent_firefox
-user_agent_chrome
-user_agent_opera
-user_agent_safari
-
-// Date / Time
-date
-date_range
-nano_second
-second
-minute
-hour
-month
-day
-weekday
-year
-timezone
-timezone_abv
-timezone_full
-timezone_offset
-
-// Payment
-price
-credit_card
-credit_card_cvv
-credit_card_number
-credit_card_number_luhn
-credit_card_type
-currency
-currency_long
-currency_short
-
-// Company
-bs
-buzzword
-company
-company_suffix
-job
-job_description
-job_level
-job_title
-
-// Hacker
-hacker_abbreviation
-hacker_adjective
-hacker_ingverb
-hacker_noun
-hacker_phrase
-hacker_verb
-
-//Hipster
-hipster_word
-hipster_paragraph
-hipster_sentence
-
-// File
-file_extension
-file_mine_type
-
-// Numbers
-number
-numerify
-int8
-int16
-int32
-int64
-uint8
-uint16
-uint32
-uint64
-float32
-float32_range
-float64
-float64_range
-shuffle_ints
-mac_address
-
-//String
-digit
-letter
-lexify
-shuffle_strings
-numerify
-```
-
-Other utility functions
-
-```
-shuffle_strings(string_array)
-make_slug(text)
-make_slug_lang(text, lang)
-```
-
 ### Migrations

 Easy database migrations is the most important thing when building products backend by a relational database. We make it super easy to manage and migrate your database.
--- a/docs/website/sidebars.js
+++ b/docs/website/sidebars.js
@ -11,6 +11,7 @@ module.exports = {
      "security",
      "telemetry",
      "config",
+      "seed",
      "deploy",
      "internals",
    ],
--- a/docs/website/yarn.lock
+++ b/docs/website/yarn.lock
@ -1805,11 +1805,6 @@ asynckit@^0.4.0:
  resolved "https://registry.yarnpkg.com/asynckit/-/asynckit-0.4.0.tgz#c79ed97f7f34cb8f2ba1bc9790bcc366474b4b79"
  integrity sha1-x57Zf380y48robyXkLzDZkdLS3k=

-at-least-node@^1.0.0:
-  version "1.0.0"
-  resolved "https://registry.yarnpkg.com/at-least-node/-/at-least-node-1.0.0.tgz#602cd4b46e844ad4effc92a8011a3c46e0238dc2"
-  integrity sha512-+q/t7Ekv1EDY2l6Gda6LLiX14rU9TV20Wa3ofeQmwPFZbOMo9DXrLbOjFaaclkXKWidIaopwAObQDqwWtGUjqg==
-
 atob@^2.1.2:
  version "2.1.2"
  resolved "https://registry.yarnpkg.com/atob/-/atob-2.1.2.tgz#6d9517eb9e030d2436666651e86bd9f6f13533c9"
@ -2323,7 +2318,7 @@ ccount@^1.0.0, ccount@^1.0.3:
  resolved "https://registry.yarnpkg.com/ccount/-/ccount-1.0.5.tgz#ac82a944905a65ce204eb03023157edf29425c17"
  integrity sha512-MOli1W+nfbPLlKEhInaxhRdp7KVLFxLN5ykwzHgLsLI3H3gs5jjFAK4Eoj3OzzcxCtumDaI8onoVDeQyWaNTkw==

-chalk@2.4.2, chalk@^2.0.0, chalk@^2.0.1, chalk@^2.4.1, chalk@^2.4.2:
+chalk@2.4.2, chalk@^2.0.0, chalk@^2.4.1, chalk@^2.4.2:
  version "2.4.2"
  resolved "https://registry.yarnpkg.com/chalk/-/chalk-2.4.2.tgz#cd42541677a54333cf541a49108c1432b44c9424"
  integrity sha512-Mti+f9lpJNcwF4tWV8/OrTTtF1gZi+f8FqlyAdouralcFWFQWF2+NgCHShjkCb+IFBLq9buZwE1xckQU4peSuQ==
@ -2522,15 +2517,6 @@ cliui@^5.0.0:
    strip-ansi "^5.2.0"
    wrap-ansi "^5.1.0"

-cliui@^6.0.0:
-  version "6.0.0"
-  resolved "https://registry.yarnpkg.com/cliui/-/cliui-6.0.0.tgz#511d702c0c4e41ca156d7d0e96021f23e13225b1"
-  integrity sha512-t6wbgtoCXvAzst7QgXxJYqPt0usEfbgQdftEPbLL/cvv6HPE5VgvqCuAIDR0NgU52ds6rFwqrgakNLrHEjCbrQ==
-  dependencies:
-    string-width "^4.2.0"
-    strip-ansi "^6.0.0"
-    wrap-ansi "^6.2.0"
-
 coa@^2.0.2:
  version "2.0.2"
  resolved "https://registry.yarnpkg.com/coa/-/coa-2.0.2.tgz#43f6c21151b4ef2bf57187db0d73de229e3e7ec3"
@ -3216,11 +3202,6 @@ depd@~1.1.2:
  resolved "https://registry.yarnpkg.com/depd/-/depd-1.1.2.tgz#9bcd52e14c097763e749b274c4346ed2e560b5a9"
  integrity sha1-m81S4UwJd2PnSbJ0xDRu0uVgtak=

-dependency-graph@^0.9.0:
-  version "0.9.0"
-  resolved "https://registry.yarnpkg.com/dependency-graph/-/dependency-graph-0.9.0.tgz#11aed7e203bc8b00f48356d92db27b265c445318"
-  integrity sha512-9YLIBURXj4DJMFALxXw9K3Y3rwb5Fk0X5/8ipCzaN84+gKxoHK43tVKRNakCQbiEx07E8Uwhuq21BpUagFhZ8w==
-
 des.js@^1.0.0:
  version "1.0.1"
  resolved "https://registry.yarnpkg.com/des.js/-/des.js-1.0.1.tgz#5382142e1bdc53f85d86d53e5f4aa7deb91e0843"
@ -3830,7 +3811,7 @@ fast-glob@^2.0.2:
    merge2 "^1.2.3"
    micromatch "^3.1.10"

-fast-glob@^3.0.3, fast-glob@^3.1.1:
+fast-glob@^3.0.3:
  version "3.2.2"
  resolved "https://registry.yarnpkg.com/fast-glob/-/fast-glob-3.2.2.tgz#ade1a9d91148965d4bf7c51f72e1ca662d32e63d"
  integrity sha512-UDV82o4uQyljznxwMxyVRJgZZt3O5wENYojjzbaGEGZgeOxkLFf+V4cnUD+krzb2F72E18RhamkMZ7AdeggF7A==
@ -3970,7 +3951,7 @@ find-cache-dir@^3.0.0, find-cache-dir@^3.3.1:
    make-dir "^3.0.2"
    pkg-dir "^4.1.0"

-find-up@4.1.0, find-up@^4.0.0, find-up@^4.1.0:
+find-up@4.1.0, find-up@^4.0.0:
  version "4.1.0"
  resolved "https://registry.yarnpkg.com/find-up/-/find-up-4.1.0.tgz#97afe7d6cdc0bc5928584b7c8d7b16e8a9aa5d19"
  integrity sha512-PpOwAdQ/YlXQ2vj8a3h8IipDuYRi3wceVQQGYWxNINccq40Anw7BlsEXCMbt1Zt+OLA6Fq9suIpIWD0OsnISlw==
@ -4084,16 +4065,6 @@ fs-extra@^8.0.0, fs-extra@^8.1.0:
    jsonfile "^4.0.0"
    universalify "^0.1.0"

-fs-extra@^9.0.0:
-  version "9.0.0"
-  resolved "https://registry.yarnpkg.com/fs-extra/-/fs-extra-9.0.0.tgz#b6afc31036e247b2466dc99c29ae797d5d4580a3"
-  integrity sha512-pmEYSk3vYsG/bF651KPUXZ+hvjpgWYw/Gc7W9NFUe3ZVLczKKWIij3IKpOrQcdw4TILtibFslZ0UmR8Vvzig4g==
-  dependencies:
-    at-least-node "^1.0.0"
-    graceful-fs "^4.2.0"
-    jsonfile "^6.0.1"
-    universalify "^1.0.0"
-
 fs-minipass@^2.0.0:
  version "2.1.0"
  resolved "https://registry.yarnpkg.com/fs-minipass/-/fs-minipass-2.1.0.tgz#7f5036fdbf12c63c169190cbe4199c852271f9fb"
@ -4149,11 +4120,6 @@ get-own-enumerable-property-symbols@^3.0.0:
  resolved "https://registry.yarnpkg.com/get-own-enumerable-property-symbols/-/get-own-enumerable-property-symbols-3.0.2.tgz#b5fde77f22cbe35f390b4e089922c50bce6ef664"
  integrity sha512-I0UBV/XOz1XkIJHEUDMZAbzCThU/H8DxmSfmdGcKPnVhu2VfFqr34jr9777IyaTYvxjedWhqVIilEDsCdP5G6g==

-get-stdin@^7.0.0:
-  version "7.0.0"
-  resolved "https://registry.yarnpkg.com/get-stdin/-/get-stdin-7.0.0.tgz#8d5de98f15171a125c5e516643c7a6d0ea8a96f6"
-  integrity sha512-zRKcywvrXlXsA0v0i9Io4KDRaAw7+a1ZpjRwl9Wox8PFlVCCHra7E9c4kqXCoCM9nR5tBkaTTZRBoCm60bFqTQ==
-
 get-stream@^4.0.0:
  version "4.1.0"
  resolved "https://registry.yarnpkg.com/get-stream/-/get-stream-4.1.0.tgz#c1b255575f3dc21d59bfc79cd3d2b46b1c3a54b5"
@ -4275,18 +4241,6 @@ globby@^10.0.1:
    merge2 "^1.2.3"
    slash "^3.0.0"

-globby@^11.0.0:
-  version "11.0.0"
-  resolved "https://registry.yarnpkg.com/globby/-/globby-11.0.0.tgz#56fd0e9f0d4f8fb0c456f1ab0dee96e1380bc154"
-  integrity sha512-iuehFnR3xu5wBBtm4xi0dMe92Ob87ufyu/dHwpDYfbcpYpIbrO5OnS8M1vWvrBhSGEJ3/Ecj7gnX76P8YxpPEg==
-  dependencies:
-    array-union "^2.1.0"
-    dir-glob "^3.0.1"
-    fast-glob "^3.1.1"
-    ignore "^5.1.4"
-    merge2 "^1.3.0"
-    slash "^3.0.0"
-
 globby@^6.1.0:
  version "6.1.0"
  resolved "https://registry.yarnpkg.com/globby/-/globby-6.1.0.tgz#f5a6d70e8395e21c858fb0489d64df02424d506c"
@ -4743,7 +4697,7 @@ ignore@^3.3.5:
  resolved "https://registry.yarnpkg.com/ignore/-/ignore-3.3.10.tgz#0a97fb876986e8081c631160f8f9f389157f0043"
  integrity sha512-Pgs951kaMm5GXP7MOvxERINe3gsaVjUWFm+UZPSq9xYriQAksyhg0csnS0KXSNRD5NmNdapXEpjxG49+AKh/ug==

-ignore@^5.1.1, ignore@^5.1.4:
+ignore@^5.1.1:
  version "5.1.4"
  resolved "https://registry.yarnpkg.com/ignore/-/ignore-5.1.4.tgz#84b7b3dbe64552b6ef0eca99f6743dbec6d97adf"
  integrity sha512-MzbUSahkTW1u7JpKKjY7LCARd1fU5W2rLdxlM4kdkayuCwZImjkpluF9CM1aLewYJguPDqewLam18Y6AU69A8A==
@ -5382,15 +5336,6 @@ jsonfile@^4.0.0:
  optionalDependencies:
    graceful-fs "^4.1.6"

-jsonfile@^6.0.1:
-  version "6.0.1"
-  resolved "https://registry.yarnpkg.com/jsonfile/-/jsonfile-6.0.1.tgz#98966cba214378c8c84b82e085907b40bf614179"
-  integrity sha512-jR2b5v7d2vIOust+w3wtFKZIfpC2pnRmFAhAC/BuweZFQR8qZzxH1OyrQ10HmdVYiXWkYUqPVsz91cG7EL2FBg==
-  dependencies:
-    universalify "^1.0.0"
-  optionalDependencies:
-    graceful-fs "^4.1.6"
-
 jsprim@^1.2.2:
  version "1.4.1"
  resolved "https://registry.yarnpkg.com/jsprim/-/jsprim-1.4.1.tgz#313e66bc1e5cc06e438bc1b7499c2e5c56acb6a2"
@ -5656,13 +5601,6 @@ lodash@^4.17.11, lodash@^4.17.13, lodash@^4.17.14, lodash@^4.17.15, lodash@^4.17
  resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.15.tgz#b447f6670a0455bbfeedd11392eff330ea097548"
  integrity sha512-8xOcRHvCjnocdS5cpwXQXVzmmh5e5+saE2QGoeQmbKmRS6J3VQppPOIt0MnmE+4xlZoumy0GPG0D0MVIQbNA1A==

-log-symbols@^2.2.0:
-  version "2.2.0"
-  resolved "https://registry.yarnpkg.com/log-symbols/-/log-symbols-2.2.0.tgz#5740e1c5d6f0dfda4ad9323b5332107ef6b4c40a"
-  integrity sha512-VeIAFslyIerEJLXHziedo2basKbMKtTw3vfn5IzG0XTjhAVEJyNHnL2p7vc+wBDSdQuUpNw3M2u6xb9QsAY5Eg==
-  dependencies:
-    chalk "^2.0.1"
-
 loglevel@^1.6.8:
  version "1.6.8"
  resolved "https://registry.yarnpkg.com/loglevel/-/loglevel-1.6.8.tgz#8a25fb75d092230ecd4457270d80b54e28011171"
@ -6645,7 +6583,7 @@ picomatch@^2.0.4, picomatch@^2.0.5, picomatch@^2.2.1:
  resolved "https://registry.yarnpkg.com/picomatch/-/picomatch-2.2.2.tgz#21f333e9b6b8eaff02468f5146ea406d345f4dad"
  integrity sha512-q0M/9eZHzmr0AulXyPwNfZjtwZ/RBZlbN3K3CErVrk50T2ASYI7Bye0EvekFY3IP1Nt2DHu0re+V2ZHIpMkuWg==

-pify@^2.0.0, pify@^2.3.0:
+pify@^2.0.0:
  version "2.3.0"
  resolved "https://registry.yarnpkg.com/pify/-/pify-2.3.0.tgz#ed141a6ac043a849ea588498e7dca8b15330e90c"
  integrity sha1-7RQaasBDqEnqWISY59yosVMw6Qw=
@ -6731,24 +6669,6 @@ postcss-calc@^7.0.1:
    postcss-selector-parser "^6.0.2"
    postcss-value-parser "^4.0.2"

-postcss-cli@^7.1.1:
-  version "7.1.1"
-  resolved "https://registry.yarnpkg.com/postcss-cli/-/postcss-cli-7.1.1.tgz#260f9546be260b2149bf32e28d785a0d79c9aab8"
-  integrity sha512-bYQy5ydAQJKCMSpvaMg0ThPBeGYqhQXumjbFOmWnL4u65CYXQ16RfS6afGQpit0dGv/fNzxbdDtx8dkqOhhIbg==
-  dependencies:
-    chalk "^4.0.0"
-    chokidar "^3.3.0"
-    dependency-graph "^0.9.0"
-    fs-extra "^9.0.0"
-    get-stdin "^7.0.0"
-    globby "^11.0.0"
-    postcss "^7.0.0"
-    postcss-load-config "^2.0.0"
-    postcss-reporter "^6.0.0"
-    pretty-hrtime "^1.0.3"
-    read-cache "^1.0.0"
-    yargs "^15.0.2"
-
 postcss-color-functional-notation@^2.0.1:
  version "2.0.1"
  resolved "https://registry.yarnpkg.com/postcss-color-functional-notation/-/postcss-color-functional-notation-2.0.1.tgz#5efd37a88fbabeb00a2966d1e53d98ced93f74e0"
@ -7288,16 +7208,6 @@ postcss-replace-overflow-wrap@^3.0.0:
  dependencies:
    postcss "^7.0.2"

-postcss-reporter@^6.0.0:
-  version "6.0.1"
-  resolved "https://registry.yarnpkg.com/postcss-reporter/-/postcss-reporter-6.0.1.tgz#7c055120060a97c8837b4e48215661aafb74245f"
-  integrity sha512-LpmQjfRWyabc+fRygxZjpRxfhRf9u/fdlKf4VHG4TSPbV2XNsuISzYW1KL+1aQzx53CAppa1bKG4APIB/DOXXw==
-  dependencies:
-    chalk "^2.4.1"
-    lodash "^4.17.11"
-    log-symbols "^2.2.0"
-    postcss "^7.0.7"
-
 postcss-selector-matches@^4.0.0:
  version "4.0.0"
  resolved "https://registry.yarnpkg.com/postcss-selector-matches/-/postcss-selector-matches-4.0.0.tgz#71c8248f917ba2cc93037c9637ee09c64436fcff"
@ -7397,7 +7307,7 @@ postcss@^6.0.9:
    source-map "^0.6.1"
    supports-color "^5.4.0"

-postcss@^7.0.0, postcss@^7.0.1, postcss@^7.0.11, postcss@^7.0.14, postcss@^7.0.16, postcss@^7.0.17, postcss@^7.0.18, postcss@^7.0.2, postcss@^7.0.21, postcss@^7.0.27, postcss@^7.0.30, postcss@^7.0.5, postcss@^7.0.6, postcss@^7.0.7:
+postcss@^7.0.0, postcss@^7.0.1, postcss@^7.0.11, postcss@^7.0.14, postcss@^7.0.16, postcss@^7.0.17, postcss@^7.0.18, postcss@^7.0.2, postcss@^7.0.21, postcss@^7.0.27, postcss@^7.0.30, postcss@^7.0.5, postcss@^7.0.6:
  version "7.0.30"
  resolved "https://registry.yarnpkg.com/postcss/-/postcss-7.0.30.tgz#cc9378beffe46a02cbc4506a0477d05fcea9a8e2"
  integrity sha512-nu/0m+NtIzoubO+xdAlwZl/u5S5vi/y6BCsoL8D+8IxsD3XvBS8X4YEADNIVXKVuQvduiucnRv+vPIqj56EGMQ==
@ -7692,6 +7602,11 @@ react-helmet@^6.0.0-beta:
    react-fast-compare "^2.0.4"
    react-side-effect "^2.1.0"

+react-hook-sticky@^0.2.0:
+  version "0.2.0"
+  resolved "https://registry.yarnpkg.com/react-hook-sticky/-/react-hook-sticky-0.2.0.tgz#0dcc40a2afb1856e53764af9b231f1146e3de576"
+  integrity sha512-J92F5H6PJQlMBgZ2tv58GeVlTZtEhpZ9bYLdoV2+5fVSJScszuY+TDZY3enQEAPIgJsLteFglGGuf8/TB9L72Q==
+
 react-is@^16.6.0, react-is@^16.7.0, react-is@^16.8.1:
  version "16.13.1"
  resolved "https://registry.yarnpkg.com/react-is/-/react-is-16.13.1.tgz#789729a4dc36de2999dc156dd6c1d9c18cea56a4"
@ -7785,13 +7700,6 @@ react@^16.8.4:
    object-assign "^4.1.1"
    prop-types "^15.6.2"

-read-cache@^1.0.0:
-  version "1.0.0"
-  resolved "https://registry.yarnpkg.com/read-cache/-/read-cache-1.0.0.tgz#e664ef31161166c9751cdbe8dbcf86b5fb58f774"
-  integrity sha1-5mTvMRYRZsl1HNvo28+GtftY93Q=
-  dependencies:
-    pify "^2.3.0"
-
 "readable-stream@1 || 2", readable-stream@^2.0.0, readable-stream@^2.0.1, readable-stream@^2.0.2, readable-stream@^2.1.5, readable-stream@^2.2.2, readable-stream@^2.3.3, readable-stream@^2.3.6, readable-stream@~2.3.6:
  version "2.3.7"
  resolved "https://registry.yarnpkg.com/readable-stream/-/readable-stream-2.3.7.tgz#1eca1cf711aef814c04f62252a36a62f6cb23b57"
@ -8709,7 +8617,7 @@ string-width@^3.0.0, string-width@^3.1.0:
    is-fullwidth-code-point "^2.0.0"
    strip-ansi "^5.1.0"

-string-width@^4.1.0, string-width@^4.2.0:
+string-width@^4.1.0:
  version "4.2.0"
  resolved "https://registry.yarnpkg.com/string-width/-/string-width-4.2.0.tgz#952182c46cc7b2c313d1596e623992bd163b72b5"
  integrity sha512-zUz5JD+tgqtuDjMhwIg5uFVV3dtqZ9yQJlZVfq4I01/K5Paj5UHj7VyrQOJvzawSVlKpObApbfD0Ed6yJc+1eg==
@ -9305,11 +9213,6 @@ universalify@^0.1.0:
  resolved "https://registry.yarnpkg.com/universalify/-/universalify-0.1.2.tgz#b646f69be3942dabcecc9d6639c80dc105efaa66"
  integrity sha512-rBJeI5CXAlmy1pV+617WB9J63U6XcazHHF2f2dbJix4XzpUF0RS3Zbj0FGIOCAva5P/d/GBOYaACQ1w+0azUkg==

-universalify@^1.0.0:
-  version "1.0.0"
-  resolved "https://registry.yarnpkg.com/universalify/-/universalify-1.0.0.tgz#b61a1da173e8435b2fe3c67d29b9adf8594bd16d"
-  integrity sha512-rb6X1W158d7pRQBg5gkR8uPaSfiids68LTJQYOtEUhoJUWBdaQHsuT/EUduxXYxcrt4r5PJ4fuHW1MHT6p0qug==
-
 unpipe@1.0.0, unpipe@~1.0.0:
  version "1.0.0"
  resolved "https://registry.yarnpkg.com/unpipe/-/unpipe-1.0.0.tgz#b2bf4ee8514aae6165b4817829d21b2ef49904ec"
@ -9723,7 +9626,7 @@ wrap-ansi@^5.1.0:
    string-width "^3.0.0"
    strip-ansi "^5.0.0"

-wrap-ansi@^6.0.0, wrap-ansi@^6.2.0:
+wrap-ansi@^6.0.0:
  version "6.2.0"
  resolved "https://registry.yarnpkg.com/wrap-ansi/-/wrap-ansi-6.2.0.tgz#e9393ba07102e6c91a3b221478f0257cd2856e53"
  integrity sha512-r6lPcBGxZXlIcymEu7InxDMhdW0KDxpLgoFLcguasxCaJ/SOIZwINatK9KY/tf+ZrlywOKU0UDj3ATXUBfxJXA==
@ -9784,14 +9687,6 @@ yargs-parser@^13.1.2:
    camelcase "^5.0.0"
    decamelize "^1.2.0"

-yargs-parser@^18.1.1:
-  version "18.1.3"
-  resolved "https://registry.yarnpkg.com/yargs-parser/-/yargs-parser-18.1.3.tgz#be68c4975c6b2abf469236b0c870362fab09a7b0"
-  integrity sha512-o50j0JeToy/4K6OZcaQmW6lyXXKhq7csREXcDwk2omFPJEwUNOVtJKvmDr9EI1fAJZUyZcRF7kxGBWmRXudrCQ==
-  dependencies:
-    camelcase "^5.0.0"
-    decamelize "^1.2.0"
-
 yargs@^13.3.2:
  version "13.3.2"
  resolved "https://registry.yarnpkg.com/yargs/-/yargs-13.3.2.tgz#ad7ffefec1aa59565ac915f82dccb38a9c31a2dd"
@ -9808,23 +9703,6 @@ yargs@^13.3.2:
    y18n "^4.0.0"
    yargs-parser "^13.1.2"

-yargs@^15.0.2:
-  version "15.3.1"
-  resolved "https://registry.yarnpkg.com/yargs/-/yargs-15.3.1.tgz#9505b472763963e54afe60148ad27a330818e98b"
-  integrity sha512-92O1HWEjw27sBfgmXiixJWT5hRBp2eobqXicLtPBIDBhYB+1HpwZlXmbW2luivBJHBzki+7VyCLRtAkScbTBQA==
-  dependencies:
-    cliui "^6.0.0"
-    decamelize "^1.2.0"
-    find-up "^4.1.0"
-    get-caller-file "^2.0.1"
-    require-directory "^2.1.1"
-    require-main-filename "^2.0.0"
-    set-blocking "^2.0.0"
-    string-width "^4.2.0"
-    which-module "^2.0.0"
-    y18n "^4.0.0"
-    yargs-parser "^18.1.1"
-
 zepto@^1.2.0:
  version "1.2.0"
  resolved "https://registry.yarnpkg.com/zepto/-/zepto-1.2.0.tgz#e127bd9e66fd846be5eab48c1394882f7c0e4f98"
--- a/go.mod
+++ b/go.mod
@ -18,6 +18,7 @@ require (
 	github.com/dgrijalva/jwt-go v3.2.0+incompatible
 	github.com/dlclark/regexp2 v1.2.0 // indirect
 	github.com/dop251/goja v0.0.0-20200424152103-d0b8fda54cd0
+	github.com/dvyukov/go-fuzz v0.0.0-20200318091601-be3528f3a813 // indirect
 	github.com/fsnotify/fsnotify v1.4.9
 	github.com/garyburd/redigo v1.6.0
 	github.com/go-sourcemap/sourcemap v2.1.3+incompatible // indirect
@ -29,6 +30,7 @@ require (
 	github.com/openzipkin/zipkin-go v0.2.2
 	github.com/pelletier/go-toml v1.7.0 // indirect
 	github.com/pkg/errors v0.9.1
+	github.com/prometheus/common v0.4.0
 	github.com/rs/cors v1.7.0
 	github.com/spf13/afero v1.2.2 // indirect
 	github.com/spf13/cast v1.3.1 // indirect
--- a/go.sum
+++ b/go.sum
@ -35,7 +35,9 @@ github.com/adjust/gorails v0.0.0-20171013043634-2786ed0c03d3 h1:+qz9Ga6l6lKw6fgv
 github.com/adjust/gorails v0.0.0-20171013043634-2786ed0c03d3/go.mod h1:FlkD11RtgMTYjVuBnb7cxoHmQGqvPpCsr2atC88nl/M=
 github.com/akavel/rsrc v0.8.0 h1:zjWn7ukO9Kc5Q62DOJCcxGpXC18RawVtYAGdz2aLlfw=
 github.com/akavel/rsrc v0.8.0/go.mod h1:uLoCtb9J+EyAqh+26kdrTgmzRBFPGOolLWKpdxkKq+c=
+github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc h1:cAKDfWh5VpdgMhJosfJnn5/FoN2SRZ4p7fJNX58YPaU=
 github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
+github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf h1:qet1QNfXsQxTZqLG4oE62mJzwPIB8+Tee4RNCL9ulrY=
 github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
 github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8=
 github.com/aws/aws-sdk-go v1.15.27 h1:i75BxN4Es/8rTVQbEKAP1WCiIhhz635xTNeDdZJRAXQ=
@ -85,6 +87,8 @@ github.com/dlclark/regexp2 v1.2.0 h1:8sAhBGEM0dRWogWqWyQeIJnxjWO6oIjl8FKqREDsGfk
 github.com/dlclark/regexp2 v1.2.0/go.mod h1:2pZnwuY/m+8K6iRw6wQdMtk+rH5tNGR1i55kozfMjCc=
 github.com/dop251/goja v0.0.0-20200424152103-d0b8fda54cd0 h1:EfFAcaAwGai/wlDCWwIObHBm3T2C2CCPX/SaS0fpOJ4=
 github.com/dop251/goja v0.0.0-20200424152103-d0b8fda54cd0/go.mod h1:Mw6PkjjMXWbTj+nnj4s3QPXq1jaT0s5pC0iFD4+BOAA=
+github.com/dvyukov/go-fuzz v0.0.0-20200318091601-be3528f3a813 h1:NgO45/5mBLRVfiXerEFzH6ikcZ7DNRPS639xFg3ENzU=
+github.com/dvyukov/go-fuzz v0.0.0-20200318091601-be3528f3a813/go.mod h1:11Gm+ccJnvAhCNLlf5+cS9KjtbaD5I5zaZpFMsTHWTw=
 github.com/eapache/go-resiliency v1.1.0/go.mod h1:kFI+JgMyC7bLPUVY133qvEBtVayf5mFgVsvEsIPBvNs=
 github.com/eapache/go-xerial-snappy v0.0.0-20180814174437-776d5712da21/go.mod h1:+020luEh2TKB4/GOp8oxxtq0Daoen/Cii55CzbTV6DU=
 github.com/eapache/queue v1.1.0/go.mod h1:6eCeP0CKFpHLu8blIFXhExK/dRa7WDZfr6jVFPTqq+I=
@ -220,6 +224,7 @@ github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7V
 github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
+github.com/konsorten/go-windows-terminal-sequences v1.0.2 h1:DB17ag19krx9CFsz4o3enTrPXyIXCl+2iCXH/aMAp9s=
 github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
 github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI=
@ -319,6 +324,7 @@ github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeV
 github.com/shurcooL/vfsgen v0.0.0-20181202132449-6a9ea43bcacd/go.mod h1:TrYk7fJVaAttu97ZZKrO9UbRa8izdowaMIZcxYMbVaw=
 github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
 github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q=
+github.com/sirupsen/logrus v1.4.2 h1:SPIRibHv4MatM3XXNO2BJeFLZwZ2LvZgfQ5+UNI2im4=
 github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
 github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d h1:zE9ykElWQ6/NYmHa3jpm/yHnI4xSofP+UP6SpjHcSeM=
 github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
@ -543,6 +549,7 @@ google.golang.org/grpc v1.21.0/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ij
 google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
 google.golang.org/grpc v1.23.1 h1:q4XQuHFC6I28BKZpo6IYyb3mNO+l7lSOxRuYTCiDfXk=
 google.golang.org/grpc v1.23.1/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
+gopkg.in/alecthomas/kingpin.v2 v2.2.6 h1:jMFz6MfLP0/4fUyZle81rXUoxOBFi19VUFKVDOQfozc=
 gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
--- a/internal/serv/cmd.go
+++ b/internal/serv/cmd.go
@ -156,7 +156,7 @@ func cmdVersion(cmd *cobra.Command, args []string) {

 func BuildDetails() string {
 	if len(version) == 0 {
-		return fmt.Sprintf(`
+		return `
 Super Graph (unknown version)
 For documentation, visit https://supergraph.dev

@ -166,7 +166,7 @@ To build with version information please use the Makefile

 Licensed under the Apache Public License 2.0
 Copyright 2020, Vikram Rangnekar
-`)
+`
 	}

 	return fmt.Sprintf(`
--- a/internal/serv/cmd_seed.go
+++ b/internal/serv/cmd_seed.go
@ -17,6 +17,8 @@ import (
 	"github.com/dop251/goja"
 	"github.com/dosco/super-graph/core"
 	"github.com/gosimple/slug"
+	"github.com/jackc/pgx/v4"
+	"github.com/jackc/pgx/v4/stdlib"
 	"github.com/spf13/cobra"
 )

@ -27,6 +29,7 @@ func cmdDBSeed(cmd *cobra.Command, args []string) {
 		log.Fatalf("ERR failed to read config: %s", err)
 	}
 	conf.Production = false
+	conf.DefaultBlock = false

 	db, err = initDB(conf, true, false)
 	if err != nil {
@ -51,7 +54,7 @@ func cmdDBSeed(cmd *cobra.Command, args []string) {

 	vm := goja.New()
 	vm.Set("graphql", graphQLFn)
-	//vm.Set("import_csv", importCSV)
+	vm.Set("import_csv", importCSV)

 	console := vm.NewObject()
 	console.Set("log", logFunc) //nolint: errcheck
@ -181,34 +184,42 @@ func (c *csvSource) Err() error {
 	return nil
 }

-// func importCSV(table, filename string) int64 {
-// 	if filename[0] != '/' {
-// 		filename = path.Join(conf.ConfigPathUsed(), filename)
-// 	}
+func importCSV(table, filename string) int64 {
+	if filename[0] != '/' {
+		filename = path.Join(confPath, filename)
+	}

-// 	s, err := NewCSVSource(filename)
-// 	if err != nil {
-// 		log.Fatalf("ERR %s", err)
-// 	}
+	s, err := NewCSVSource(filename)
+	if err != nil {
+		log.Fatalf("ERR %v", err)
+	}

-// 	var cols []string
-// 	colval, _ := s.Values()
+	var cols []string
+	colval, _ := s.Values()

-// 	for _, c := range colval {
-// 		cols = append(cols, c.(string))
-// 	}
+	for _, c := range colval {
+		cols = append(cols, c.(string))
+	}

-// 	n, err := db.Exec(fmt.Sprintf("COPY %s FROM STDIN WITH "),
-// 		cols,
-// 		s)
+	conn, err := stdlib.AcquireConn(db)
+	if err != nil {
+		log.Fatalf("ERR %v", err)
+	}
+	//nolint: errcheck
+	defer stdlib.ReleaseConn(db, conn)

-// 	if err != nil {
-// 		err = fmt.Errorf("%w (line no %d)", err, s.i)
-// 		log.Fatalf("ERR %s", err)
-// 	}
+	n, err := conn.CopyFrom(
+		context.Background(),
+		pgx.Identifier{table},
+		cols,
+		s)

-// 	return n
-// }
+	if err != nil {
+		log.Fatalf("ERR %v", fmt.Errorf("%w (line no %d)", err, s.i))
+	}
+
+	return n
+}

 //nolint: errcheck
 func logFunc(args ...interface{}) {
@ -377,11 +388,6 @@ func setFakeFuncs(f *goja.Object) {
 	f.Set("hipster_paragraph", gofakeit.HipsterParagraph)
 	f.Set("hipster_sentence", gofakeit.HipsterSentence)

-	//Languages
-	//f.Set("language", gofakeit.Language)
-	//f.Set("language_abbreviation", gofakeit.LanguageAbbreviation)
-	//f.Set("language_abbreviation", gofakeit.LanguageAbbreviation)
-
 	// File
 	f.Set("file_extension", gofakeit.FileExtension)
 	f.Set("file_mine_type", gofakeit.FileMimeType)
@ -410,8 +416,6 @@ func setFakeFuncs(f *goja.Object) {
 	f.Set("lexify", gofakeit.Lexify)
 	f.Set("rand_string", getRandValue)
 	f.Set("numerify", gofakeit.Numerify)
-
-	//f.Set("programming_language", gofakeit.ProgrammingLanguage)
 }

 //nolint: errcheck
--- a/internal/serv/config.go
+++ b/internal/serv/config.go
@ -69,6 +69,8 @@ func newViper(configPath, configFile string) *viper.Viper {
 	vi.SetDefault("auth_fail_block", "always")
 	vi.SetDefault("seed_file", "seed.js")

+	vi.SetDefault("default_block", true)
+
 	vi.SetDefault("database.type", "postgres")
 	vi.SetDefault("database.host", "localhost")
 	vi.SetDefault("database.port", 5432)
--- a/internal/serv/init.go
+++ b/internal/serv/init.go
@ -15,7 +15,6 @@ import (
 	"contrib.go.opencensus.io/integrations/ocsql"
 	"github.com/jackc/pgx/v4"
 	"github.com/jackc/pgx/v4/stdlib"
-	//_ "github.com/jackc/pgx/v4/stdlib"
 )

 const (
--- a/internal/serv/internal/migrate/migrate.go
+++ b/internal/serv/internal/migrate/migrate.go
@ -6,9 +6,11 @@ import (
 	"database/sql"
 	"fmt"
 	"io/ioutil"
+	"log"
 	"os"
 	"path/filepath"
 	"regexp"
+	"sort"
 	"strconv"
 	"strings"
 	"text/template"
@ -105,39 +107,40 @@ func (defaultMigratorFS) Glob(pattern string) ([]string, error) {
 func FindMigrationsEx(path string, fs MigratorFS) ([]string, error) {
 	path = strings.TrimRight(path, string(filepath.Separator))

-	fileInfos, err := fs.ReadDir(path)
+	files, err := ioutil.ReadDir(path)
 	if err != nil {
-		return nil, err
+		log.Fatal(err)
 	}

-	paths := make([]string, 0, len(fileInfos))
-	for _, fi := range fileInfos {
+	fm := make(map[int]string, len(files))
+	keys := make([]int, 0, len(files))
+
+	for _, fi := range files {
 		if fi.IsDir() {
 			continue
 		}

 		matches := migrationPattern.FindStringSubmatch(fi.Name())
+
 		if len(matches) != 2 {
 			continue
 		}

-		n, err := strconv.ParseInt(matches[1], 10, 32)
+		n, err := strconv.Atoi(matches[1])
 		if err != nil {
 			// The regexp already validated that the prefix is all digits so this *should* never fail
 			return nil, err
 		}

-		mcount := len(paths)
+		fm[n] = filepath.Join(path, fi.Name())
+		keys = append(keys, n)
+	}

-		if n < int64(mcount) {
-			return nil, fmt.Errorf("Duplicate migration %d", n)
-		}
+	sort.Ints(keys)

-		if int64(mcount) < n {
-			return nil, fmt.Errorf("Missing migration %d", mcount)
-		}
-
-		paths = append(paths, filepath.Join(path, fi.Name()))
+	paths := make([]string, 0, len(keys))
+	for _, k := range keys {
+		paths = append(paths, fm[k])
 	}

 	return paths, nil
--- a/internal/serv/rice-box.go
+++ b/internal/serv/rice-box.go
--- a/internal/serv/web/src/serviceWorker.js
+++ b/internal/serv/web/src/serviceWorker.js
@ -11,9 +11,9 @@
 // opt-in, read http://bit.ly/CRA-PWA

 const isLocalhost = Boolean(
-  window.location.hostname === 'localhost' ||
+  window.location.hostname === "localhost" ||
    // [::1] is the IPv6 localhost address.
-    window.location.hostname === '[::1]' ||
+    window.location.hostname === "[::1]" ||
    // 127.0.0.1/8 is considered localhost for IPv4.
    window.location.hostname.match(
      /^127(?:\.(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)){3}$/
@ -21,7 +21,7 @@ const isLocalhost = Boolean(
 );

 export function register(config) {
-  if (process.env.NODE_ENV === 'production' && 'serviceWorker' in navigator) {
+  if (process.env.NODE_ENV === "production" && "serviceWorker" in navigator) {
    // The URL constructor is available in all browsers that support SW.
    const publicUrl = new URL(process.env.PUBLIC_URL, window.location.href);
    if (publicUrl.origin !== window.location.origin) {
@ -31,7 +31,7 @@ export function register(config) {
      return;
    }

-    window.addEventListener('load', () => {
+    window.addEventListener("load", () => {
      const swUrl = `${process.env.PUBLIC_URL}/service-worker.js`;

      if (isLocalhost) {
@ -42,8 +42,8 @@ export function register(config) {
        // service worker/PWA documentation.
        navigator.serviceWorker.ready.then(() => {
          console.log(
-            'This web app is being served cache-first by a service ' +
-              'worker. To learn more, visit http://bit.ly/CRA-PWA'
+            "This web app is being served cache-first by a service " +
+              "worker. To learn more, visit http://bit.ly/CRA-PWA"
          );
        });
      } else {
@ -57,21 +57,21 @@ export function register(config) {
 function registerValidSW(swUrl, config) {
  navigator.serviceWorker
    .register(swUrl)
-    .then(registration => {
+    .then((registration) => {
      registration.onupdatefound = () => {
        const installingWorker = registration.installing;
        if (installingWorker == null) {
          return;
        }
        installingWorker.onstatechange = () => {
-          if (installingWorker.state === 'installed') {
+          if (installingWorker.state === "installed") {
            if (navigator.serviceWorker.controller) {
              // At this point, the updated precached content has been fetched,
              // but the previous service worker will still serve the older
              // content until all client tabs are closed.
              console.log(
-                'New content is available and will be used when all ' +
-                  'tabs for this page are closed. See http://bit.ly/CRA-PWA.'
+                "New content is available and will be used when all " +
+                  "tabs for this page are closed. See http://bit.ly/CRA-PWA."
              );

              // Execute callback
@ -82,7 +82,7 @@ function registerValidSW(swUrl, config) {
              // At this point, everything has been precached.
              // It's the perfect time to display a
              // "Content is cached for offline use." message.
-              console.log('Content is cached for offline use.');
+              console.log("Content is cached for offline use.");

              // Execute callback
              if (config && config.onSuccess) {
@ -93,23 +93,23 @@ function registerValidSW(swUrl, config) {
        };
      };
    })
-    .catch(error => {
-      console.error('Error during service worker registration:', error);
+    .catch((error) => {
+      console.error("Error during service worker registration:", error);
    });
 }

 function checkValidServiceWorker(swUrl, config) {
  // Check if the service worker can be found. If it can't reload the page.
  fetch(swUrl)
-    .then(response => {
+    .then((response) => {
      // Ensure service worker exists, and that we really are getting a JS file.
-      const contentType = response.headers.get('content-type');
+      const contentType = response.headers.get("content-type");
      if (
        response.status === 404 ||
-        (contentType != null && contentType.indexOf('javascript') === -1)
+        (contentType != null && contentType.indexOf("javascript") === -1)
      ) {
        // No service worker found. Probably a different app. Reload the page.
-        navigator.serviceWorker.ready.then(registration => {
+        navigator.serviceWorker.ready.then((registration) => {
          registration.unregister().then(() => {
            window.location.reload();
          });
@ -121,14 +121,14 @@ function checkValidServiceWorker(swUrl, config) {
    })
    .catch(() => {
      console.log(
-        'No internet connection found. App is running in offline mode.'
+        "No internet connection found. App is running in offline mode."
      );
    });
 }

 export function unregister() {
-  if ('serviceWorker' in navigator) {
-    navigator.serviceWorker.ready.then(registration => {
+  if ("serviceWorker" in navigator) {
+    navigator.serviceWorker.ready.then((registration) => {
      registration.unregister();
    });
  }
--- a/jsn/clear.go
+++ b/jsn/clear.go
@ -3,6 +3,7 @@ package jsn
 import (
 	"bytes"
 	"encoding/json"
+	"errors"
 	"io"
 )

@ -68,7 +69,12 @@ func Clear(w *bytes.Buffer, v []byte) error {
 				}

 				io := int(dec.InputOffset())
-				w.Write(v[io-len(v1)-2 : io])
+				s := io - len(v1) - 2
+				if io <= s || s <= 0 {
+					return errors.New("invalid json")
+				}
+
+				w.Write(v[s:io])
 				w.WriteString(`:`)
 				isValue = true

--- a/jsn/fuzz.go
+++ b/jsn/fuzz.go
@ -2,10 +2,55 @@

 package jsn

+import (
+	"bytes"
+	"errors"
+)
+
 func Fuzz(data []byte) int {
-	if err := unifiedTest(data); err != nil {
-		return 0
+	c := 0
+
+	if err := Validate(string(data)); err == nil {
+		c = 1
 	}

-	return 1
+	if err := fuzzTest(data); err == nil {
+		c = 1
+	}
+
+	return c
+}
+
+func fuzzTest(data []byte) error {
+	err1 := Validate(string(data))
+
+	var b1 bytes.Buffer
+	err2 := Filter(&b1, data, []string{"id", "full_name", "embed"})
+
+	path1 := [][]byte{[]byte("data"), []byte("users")}
+	Strip(data, path1)
+
+	from := []Field{
+		{[]byte("__twitter_id"), []byte(`[{ "name": "hello" }, { "name": "world"}]`)},
+		{[]byte("__twitter_id"), []byte(`"ABC123"`)},
+	}
+
+	to := []Field{
+		{[]byte("__twitter_id"), []byte(`"1234567890"`)},
+		{[]byte("some_list"), []byte(`[{"id":1,"embed":{"id":8}},{"id":2},{"id":3},{"id":4},{"id":5},{"id":6},{"id":7},{"id":8},{"id":9},{"id":10},{"id":11},{"id":12},{"id":13}]`)},
+	}
+
+	var b2 bytes.Buffer
+	err3 := Replace(&b2, data, from, to)
+
+	Keys(data)
+
+	var b3 bytes.Buffer
+	err4 := Clear(&b3, data)
+
+	if err1 != nil || err2 != nil || err3 != nil || err4 != nil {
+		return errors.New("there was an error")
+	}
+
+	return nil
 }
--- a/jsn/fuzz_test.go
+++ b/jsn/fuzz_test.go
@ -1,9 +1,15 @@
-package jsn
+// +build gofuzz
+
+package jsn_test

 import (
 	"testing"
+
+	"github.com/dosco/super-graph/jsn"
 )

+var ret int
+
 func TestFuzzCrashers(t *testing.T) {
 	var crashers = []string{
 		"00\"0000\"0{",
@ -52,9 +58,16 @@ func TestFuzzCrashers(t *testing.T) {
 		"0000\"0\"{",
 		"000\"000\"{",
 		"\"00000000\"{",
+		`0000"00"00000000"000000000"00"000000000000000"00000"00000": "00"0"__twitter_id": [{ "name": "hello" }, { "name": "world"}]`,
+		`0000"000000000000000000000000000000000000"00000000"000000000"00"000000000000000"00000"00000": "00000000000000"00000"__twitter_id": [{ "name": "hello" }, { "name": "world"}]`,
+		`00"__twitter_id":[{ "name": "hello" }, { "name": "world"}]`,
+		"\"\xb0\xef\xbd\xe3\xbd\xef\x99\xe3\xbd\xef\xbd\xef\xbd\xef\xbd\xe5\x99\xe3\xbd" +
+			"\xef\x99\xe3\"",
+		"\"\xef\xe3\xef\xe3\xe3\xe3\xef\xe3\xe3\xef\xe3\xef\xe3\xe3\xe3\xef\xe3\xef\xe3" +
+			"\xe3\xef\xef\xef\xe5\xe3\xef\xe3\xc6\xef\xef\xef\xe5\xe3\xef\xe3\xc6\xef\xef\"",
 	}

 	for _, f := range crashers {
-		_ = unifiedTest([]byte(f))
+		ret = jsn.Fuzz([]byte(f))
 	}
 }
--- a/jsn/json_test.go
+++ b/jsn/json_test.go
@ -1,4 +1,4 @@
-package jsn
+package jsn_test

 import (
 	"bytes"
@ -6,6 +6,8 @@ import (
 	"io/ioutil"
 	"strings"
 	"testing"
+
+	"github.com/dosco/super-graph/jsn"
 )

 var (
@ -171,13 +173,13 @@ var (
 )

 func TestGet(t *testing.T) {
-	values := Get([]byte(input1), [][]byte{
+	values := jsn.Get([]byte(input1), [][]byte{
 		[]byte("test_1a"),
 		[]byte("__twitter_id"),
 		[]byte("work_email"),
 	})

-	expected := []Field{
+	expected := []jsn.Field{
 		{[]byte("test_1a"), []byte(`{ "__twitter_id": "ABCD" }`)},
 		{[]byte("__twitter_id"), []byte(`"ABCD"`)},
 		{[]byte("__twitter_id"), []byte(`"2048666903444506956"`)},
@ -214,11 +216,11 @@ func TestGet(t *testing.T) {
 }

 func TestGet1(t *testing.T) {
-	values := Get([]byte(input5), [][]byte{
+	values := jsn.Get([]byte(input5), [][]byte{
 		[]byte("thread_slug"),
 	})

-	expected := []Field{
+	expected := []jsn.Field{
 		{[]byte("thread_slug"), []byte(`"in-september-2018-slovak-police-stated-that-kuciak-7929"`)},
 	}

@ -238,11 +240,11 @@ func TestGet1(t *testing.T) {
 }

 func TestGet2(t *testing.T) {
-	values := Get([]byte(input6), [][]byte{
+	values := jsn.Get([]byte(input6), [][]byte{
 		[]byte("users_cursor"), []byte("threads_cursor"),
 	})

-	expected := []Field{
+	expected := []jsn.Field{
 		{[]byte("threads_cursor"), []byte(`null`)},
 		{[]byte("threads_cursor"), []byte(`25`)},
 		{[]byte("users_cursor"), []byte(`3`)},
@ -264,7 +266,7 @@ func TestGet2(t *testing.T) {
 }

 func TestGet3(t *testing.T) {
-	values := Get(input7, [][]byte{[]byte("data")})
+	values := jsn.Get(input7, [][]byte{[]byte("data")})
 	v := values[0].Value

 	if !bytes.Equal(v[len(v)-11:], []byte(`Rangnekar"}`)) {
@ -277,7 +279,7 @@ func TestGet4(t *testing.T) {

 	exp = strings.ReplaceAll(exp, "@", "`")

-	values := Get(input8, [][]byte{[]byte("body")})
+	values := jsn.Get(input8, [][]byte{[]byte("body")})

 	if string(values[0].Key) != "body" {
 		t.Fatal("unexpected key")
@ -291,29 +293,29 @@ func TestGet4(t *testing.T) {

 func TestValue(t *testing.T) {
 	v1 := []byte("12345")
-	if !bytes.Equal(Value(v1), v1) {
+	if !bytes.Equal(jsn.Value(v1), v1) {
 		t.Fatal("Number value invalid")
 	}

 	v2 := []byte(`"12345"`)
-	if !bytes.Equal(Value(v2), []byte(`12345`)) {
+	if !bytes.Equal(jsn.Value(v2), []byte(`12345`)) {
 		t.Fatal("String value invalid")
 	}

 	v3 := []byte(`{ "hello": "world" }`)
-	if Value(v3) != nil {
-		t.Fatal("Object value is not nil", Value(v3))
+	if jsn.Value(v3) != nil {
+		t.Fatal("Object value is not nil", jsn.Value(v3))
 	}

 	v4 := []byte(`[ "hello", "world" ]`)
-	if Value(v4) != nil {
+	if jsn.Value(v4) != nil {
 		t.Fatal("List value is not nil")
 	}
 }

 func TestFilter1(t *testing.T) {
 	var b bytes.Buffer
-	err := Filter(&b, []byte(input2), []string{"id", "full_name", "embed"})
+	err := jsn.Filter(&b, []byte(input2), []string{"id", "full_name", "embed"})
 	if err != nil {
 		t.Error(err)
 	}
@ -329,7 +331,7 @@ func TestFilter2(t *testing.T) {
 	value := `[{"id":1,"customer_id":"cus_2TbMGf3cl0","object":"charge","amount":100,"amount_refunded":0,"date":"01/01/2019","application":null,"billing_details":{"address":"1 Infinity Drive","zipcode":"94024"}},   {"id":2,"customer_id":"cus_2TbMGf3cl0","object":"charge","amount":150,"amount_refunded":0,"date":"02/18/2019","billing_details":{"address":"1 Infinity Drive","zipcode":"94024"}},{"id":3,"customer_id":"cus_2TbMGf3cl0","object":"charge","amount":150,"amount_refunded":50,"date":"03/21/2019","billing_details":{"address":"1 Infinity Drive","zipcode":"94024"}}]`

 	var b bytes.Buffer
-	err := Filter(&b, []byte(value), []string{"id"})
+	err := jsn.Filter(&b, []byte(value), []string{"id"})
 	if err != nil {
 		t.Error(err)
 	}
@ -343,7 +345,7 @@ func TestFilter2(t *testing.T) {

 func TestStrip(t *testing.T) {
 	path1 := [][]byte{[]byte("data"), []byte("users")}
-	value1 := Strip([]byte(input3), path1)
+	value1 := jsn.Strip([]byte(input3), path1)

 	expected := []byte(`[{"id":1,"embed":{"id":8}},{"id":2},{"id":3},{"id":4},{"id":5},{"id":6},{"id":7},{"id":8},{"id":9},{"id":10},{"id":11},{"id":12},{"id":13}]`)

@ -353,7 +355,7 @@ func TestStrip(t *testing.T) {
 	}

 	path2 := [][]byte{[]byte("boo"), []byte("hoo")}
-	value2 := Strip([]byte(input3), path2)
+	value2 := jsn.Strip([]byte(input3), path2)

 	if !bytes.Equal(value2, []byte(input3)) {
 		t.Log(value2)
@ -364,7 +366,7 @@ func TestStrip(t *testing.T) {
 func TestValidateTrue(t *testing.T) {
 	json := []byte(`  [{"id":1,"embed":{"id":8}},{"id":2},{"id":3},{"id":4},{"id":5},{"id":6},{"id":7},{"id":8},{"id":9},{"id":10},{"id":11},{"id":12},{"id":13}]`)

-	err := Validate(string(json))
+	err := jsn.Validate(string(json))
 	if err != nil {
 		t.Error(err)
 	}
@ -373,7 +375,7 @@ func TestValidateTrue(t *testing.T) {
 func TestValidateFalse(t *testing.T) {
 	json := []byte(`   [{ "hello": 123"<html>}]`)

-	err := Validate(string(json))
+	err := jsn.Validate(string(json))
 	if err == nil {
 		t.Error("JSON validation failed to detect invalid json")
 	}
@ -382,12 +384,12 @@ func TestValidateFalse(t *testing.T) {
 func TestReplace(t *testing.T) {
 	var buf bytes.Buffer

-	from := []Field{
+	from := []jsn.Field{
 		{[]byte("__twitter_id"), []byte(`[{ "name": "hello" }, { "name": "world"}]`)},
 		{[]byte("__twitter_id"), []byte(`"ABC123"`)},
 	}

-	to := []Field{
+	to := []jsn.Field{
 		{[]byte("__twitter_id"), []byte(`"1234567890"`)},
 		{[]byte("some_list"), []byte(`[{"id":1,"embed":{"id":8}},{"id":2},{"id":3},{"id":4},{"id":5},{"id":6},{"id":7},{"id":8},{"id":9},{"id":10},{"id":11},{"id":12},{"id":13}]`)},
 	}
@ -412,7 +414,7 @@ func TestReplace(t *testing.T) {
 		"__twitter_id":"1234567890"
 	}] }`

-	err := Replace(&buf, []byte(input4), from, to)
+	err := jsn.Replace(&buf, []byte(input4), from, to)
 	if err != nil {
 		t.Fatal(err)
 	}
@ -428,7 +430,7 @@ func TestReplaceEmpty(t *testing.T) {

 	json := `{ "users" : [{"id":1,"full_name":"Sidney St[1]roman","email":"user0@demo.com","__users_twitter_id":"2048666903444506956"}, {"id":2,"full_name":"Jerry Dickinson","email":"user1@demo.com","__users_twitter_id":"2048666903444506956"}, {"id":3,"full_name":"Kenna Cassin","email":"user2@demo.com","__users_twitter_id":"2048666903444506956"}, {"id":4,"full_name":"Mr. Pat Parisian","email":"rodney@kautzer.biz","__users_twitter_id":"2048666903444506956"}, {"id":5,"full_name":"Bette Ebert","email":"janeenrath@goyette.com","__users_twitter_id":"2048666903444506956"}, {"id":6,"full_name":"Everett Kiehn","email":"michael@bartoletti.com","__users_twitter_id":"2048666903444506956"}, {"id":7,"full_name":"Katrina Cronin","email":"loretaklocko@framivolkman.org","__users_twitter_id":"2048666903444506956"}, {"id":8,"full_name":"Caroll Orn Sr.","email":"joannarau@hegmann.io","__users_twitter_id":"2048666903444506956"}, {"id":9,"full_name":"Gwendolyn Ziemann","email":"renaytoy@rutherford.co","__users_twitter_id":"2048666903444506956"}, {"id":10,"full_name":"Mrs. Rosann Fritsch","email":"holliemosciski@thiel.org","__users_twitter_id":"2048666903444506956"}, {"id":11,"full_name":"Arden Koss","email":"cristobalankunding@howewelch.org","__users_twitter_id":"2048666903444506956"}, {"id":12,"full_name":"Brenton Bauch PhD","email":"renee@miller.co","__users_twitter_id":"2048666903444506956"}, {"id":13,"full_name":"Daine Gleichner","email":"andrea@nienow.co","__users_twitter_id":"2048666903444506956"}] }`

-	err := Replace(&buf, []byte(json), []Field{}, []Field{})
+	err := jsn.Replace(&buf, []byte(json), []jsn.Field{}, []jsn.Field{})
 	if err != nil {
 		t.Fatal(err)
 	}
@ -442,7 +444,7 @@ func TestReplaceEmpty(t *testing.T) {
 func TestKeys1(t *testing.T) {
 	json := `[{"id":1,"posts": [{"title":"PT1-1","description":"PD1-1"}, {"title":"PT1-2","description":"PD1-2"}], "full_name":"FN1","email":"E1","books": [{"name":"BN1-1","description":"BD1-1"},{"name":"BN1-2","description":"BD1-2"},{"name":"BN1-2","description":"BD1-2"}]},{"id":1,"posts": [{"title":"PT1-1","description":"PD1-1"}, {"title":"PT1-2","description":"PD1-2"}], "full_name":"FN1","email":"E1","books": [{"name":"BN1-1","description":"BD1-1"},{"name":"BN1-2","description":"BD1-2"},{"name":"BN1-2","description":"BD1-2"}]},{"id":1,"posts": [{"title":"PT1-1","description":"PD1-1"}, {"title":"PT1-2","description":"PD1-2"}], "full_name":"FN1","email":"E1","books": [{"name":"BN1-1","description":"BD1-1"},{"name":"BN1-2","description":"BD1-2"},{"name":"BN1-2","description":"BD1-2"}]}]`

-	fields := Keys([]byte(json))
+	fields := jsn.Keys([]byte(json))

 	exp := []string{
 		"id", "posts", "title", "description", "full_name", "email", "books", "name", "description",
@ -462,7 +464,7 @@ func TestKeys1(t *testing.T) {
 func TestKeys2(t *testing.T) {
 	json := `{"id":1,"posts": [{"title":"PT1-1","description":"PD1-1"}, {"title":"PT1-2","description":"PD1-2"}], "full_name":"FN1","email":"E1","books": [{"name":"BN1-1","description":"BD1-1"},{"name":"BN1-2","description":"BD1-2"},{"name":"BN1-2","description":"BD1-2"}]}`

-	fields := Keys([]byte(json))
+	fields := jsn.Keys([]byte(json))

 	exp := []string{
 		"id", "posts", "title", "description", "full_name", "email", "books", "name", "description",
@ -491,7 +493,7 @@ func TestKeys3(t *testing.T) {
 		"user": 123
 	}`

-	fields := Keys([]byte(json))
+	fields := jsn.Keys([]byte(json))

 	exp := []string{
 		"insert", "created_at", "test_1a", "type1", "type2", "name", "updated_at", "description",
@ -526,7 +528,7 @@ func TestClear(t *testing.T) {

 	expected := `{"insert":{"created_at":"","test_1a":{"type1":"","type2":[{"a":0.0}]},"name":"","updated_at":"","description":""},"user":0.0,"tags":[]}`

-	err := Clear(&buf, []byte(json))
+	err := jsn.Clear(&buf, []byte(json))
 	if err != nil {
 		t.Fatal(err)
 	}
@ -541,7 +543,7 @@ func BenchmarkGet(b *testing.B) {
 	b.ReportAllocs()

 	for n := 0; n < b.N; n++ {
-		Get([]byte(input1), [][]byte{[]byte("__twitter_id")})
+		jsn.Get([]byte(input1), [][]byte{[]byte("__twitter_id")})
 	}
 }

@ -553,7 +555,7 @@ func BenchmarkFilter(b *testing.B) {
 	b.ReportAllocs()

 	for n := 0; n < b.N; n++ {
-		err := Filter(&buf, []byte(input2), keys)
+		err := jsn.Filter(&buf, []byte(input2), keys)
 		if err != nil {
 			b.Fatal(err)
 		}
@ -566,19 +568,19 @@ func BenchmarkStrip(b *testing.B) {
 	b.ReportAllocs()

 	for n := 0; n < b.N; n++ {
-		Strip([]byte(input3), path)
+		jsn.Strip([]byte(input3), path)
 	}
 }

 func BenchmarkReplace(b *testing.B) {
 	var buf bytes.Buffer

-	from := []Field{
+	from := []jsn.Field{
 		{[]byte("__twitter_id"), []byte(`[{ "name": "hello" }, { "name": "world"}]`)},
 		{[]byte("__twitter_id"), []byte(`"ABC123"`)},
 	}

-	to := []Field{
+	to := []jsn.Field{
 		{[]byte("__twitter_id"), []byte(`"1234567890"`)},
 		{[]byte("some_list"), []byte(`[{"id":1,"embed":{"id":8}},{"id":2},{"id":3},{"id":4},{"id":5},{"id":6},{"id":7},{"id":8},{"id":9},{"id":10},{"id":11},{"id":12},{"id":13}]`)},
 	}
@ -587,7 +589,7 @@ func BenchmarkReplace(b *testing.B) {
 	b.ReportAllocs()

 	for n := 0; n < b.N; n++ {
-		err := Replace(&buf, []byte(input4), from, to)
+		err := jsn.Replace(&buf, []byte(input4), from, to)
 		if err != nil {
 			b.Fatal(err)
 		}
--- a/jsn/replace.go
+++ b/jsn/replace.go
@ -133,9 +133,18 @@ func Replace(w *bytes.Buffer, b []byte, from, to []Field) error {
 		if e != 0 {
 			e++

+			if e <= s {
+				return errors.New("invalid json")
+			}
+
 			if _, err := h.Write(b[s:e]); err != nil {
 				return err
 			}
+
+			if (we + 1) <= ws {
+				return errors.New("invalid json")
+			}
+
 			n, ok := tmap[h.Sum64()]
 			h.Reset()

--- a/jsn/test.go
+++ b/jsn/test.go
@ -1,37 +0,0 @@
-package jsn
-
-import (
-	"bytes"
-	"errors"
-)
-
-func unifiedTest(data []byte) error {
-	err1 := Validate(string(data))
-
-	var b1 bytes.Buffer
-	err2 := Filter(&b1, data, []string{"id", "full_name", "embed"})
-
-	path1 := [][]byte{[]byte("data"), []byte("users")}
-	Strip(data, path1)
-
-	from := []Field{
-		{[]byte("__twitter_id"), []byte(`[{ "name": "hello" }, { "name": "world"}]`)},
-		{[]byte("__twitter_id"), []byte(`"ABC123"`)},
-	}
-
-	to := []Field{
-		{[]byte("__twitter_id"), []byte(`"1234567890"`)},
-		{[]byte("some_list"), []byte(`[{"id":1,"embed":{"id":8}},{"id":2},{"id":3},{"id":4},{"id":5},{"id":6},{"id":7},{"id":8},{"id":9},{"id":10},{"id":11},{"id":12},{"id":13}]`)},
-	}
-
-	var b2 bytes.Buffer
-	err3 := Replace(&b2, data, from, to)
-
-	Keys(data)
-
-	if err1 != nil || err2 != nil || err3 != nil {
-		return errors.New("there was an error")
-	}
-
-	return nil
-}
Author	SHA1	Message	Date
Vikram Rangnekar	1a15e433ba	feat: make query preperation a JIT operation to improve startup time	2020-06-03 01:03:12 -04:00
Vikram Rangnekar	816121fbcf	fix: issue with early return in prepare statement function	2020-05-31 18:10:50 -04:00
Vikram	e82e97a9d7	fix: issues caught by fuzzer	2020-05-31 14:11:28 -07:00
Vikram	6102f1d66e	fix: infinite loop on missing allow.list issue	2020-05-30 23:36:44 -07:00
Vikram Rangnekar	701b2f3bfd	fix: remove left-over debug prints	2020-05-29 02:27:53 -04:00
Vikram Rangnekar	bac89d8301	fix: i will not prematurely optimization	2020-05-29 02:23:54 -04:00
Vikram Rangnekar	b3dfb2bc7b	fix: improve fuzzing coverage for jsn package	2020-05-29 00:08:37 -04:00
Vikram Rangnekar	1fb7f0e6c8	BREAKING CHANGE: super-graph/core now defaults to allow all in anon role	2020-05-28 00:07:01 -04:00