Integrity Failures in Adonisjs with Cockroachdb
Integrity Failures in Adonisjs with Cockroachdb — how this specific combination creates or exposes the vulnerability
Integrity failures occur when an application fails to enforce data validity and consistency across operations, leading to corrupted or untrustworthy data. The combination of Adonisjs and Cockroachdb can expose integrity risks when application-level constraints do not align with database transactions or when untrusted input bypasses model validation. Adonisjs relies on explicit schema definitions and model contracts, but if transactions are not properly coordinated with Cockroachdb’s strongly consistent, distributed SQL guarantees, partial writes or constraint violations can occur.
One common pattern is performing multiple related queries without an atomic transaction. For example, updating a user’s account balance and creating a transaction log entry as separate steps can lead to inconsistency if one step fails. Cockroachdb supports ACID transactions across distributed nodes, but Adonisjs code must explicitly use the transaction API to benefit from this. Without it, each query commits independently, which can leave the system in an invalid state if a network hiccup or validation error occurs mid-flow.
Input validation gaps also contribute to integrity failures. If numeric IDs or monetary values are accepted from request parameters without strict typing and range checks, invalid values may be persisted in Cockroachdb columns with NOT NULL or UNIQUE constraints, causing constraint violations or silent truncation depending on the driver behavior. Adonisjs provides robust validation schemas, but developers may inadvertently skip validation for “trusted” internal endpoints or forget to apply the same rules across related models.
Schema mismatches between Adonisjs migrations and Cockroachdb column definitions can introduce integrity issues. For instance, defining a column as INTEGER in an Adonisjs migration when Cockroachdb expects a BIGINT to accommodate larger IDs may lead to overflow errors under high load or when integrating with other services. Similarly, omitting database-level constraints such as foreign keys or CHECK constraints in Cockroachdb while relying solely on application logic in Adonisjs increases risk, especially if other clients access the same database.
Concurrency bugs can also compromise integrity. Adonisjs services may handle concurrent requests that read and write the same Cockroachdb rows without proper isolation levels or optimistic locking. Without version columns or explicit SELECT FOR UPDATE patterns, two requests may read the same balance, compute new values, and overwrite each other, resulting in lost updates. Leveraging Cockroachdb’s serializable isolation level helps, but the application must be designed to handle retry logic on serialization failures.
Cockroachdb-Specific Remediation in Adonisjs — concrete code fixes
To mitigate integrity failures, ensure all multi-statement operations that must succeed or fail together are wrapped in explicit Cockroachdb transactions in Adonisjs. Use the built-in transaction helper to coordinate database actions and maintain atomicity. Below is a concrete example of updating an account balance and writing a log entry within a single transaction.
import { TransactionClient } from '@ioc:Adonisjs/Lucid/Database'
export async function transferBalance(
userId: number,
amount: number,
reference: string
): Promise {
await Database.transaction(async (trx: TransactionClient) => {
// Lock the row for update to prevent concurrent modifications
const account = await Account.query(trx)
.where('user_id', userId)
.lockForUpdate()
.preload('user')
.firstOrFail()
if (account.balance < amount) {
throw new Error('Insufficient funds')
}
account.balance -= amount
await account.save(trx)
await trx.from('transaction_logs').insert({
user_id: userId,
amount: -amount,
reference,
created_at: new Date(),
updated_at: new Date(),
})
})
}
This example uses a transaction client passed to query and insert calls, ensuring all operations commit only if every step succeeds. The lockForUpdate call helps prevent lost updates under high concurrency by acquiring row-level locks in Cockroachdb’s serializable isolation level. Always handle retries on serialization errors, as Cockroachdb may abort transactions to preserve consistency.
Define robust validation in Adonisjs using schema rules that mirror Cockroachdb constraints. For monetary values, enforce numeric precision and scale explicitly to avoid rounding issues or truncation.
import { schema } from '@ioc:Adonisjs/Core/Validator'
const transferSchema = schema.create({
userId: schema.number([
schema.unsigned(),
schema.exists({ table: 'users', column: 'id' }),
]),
amount: schema.number([
schema.min(0.01),
schema.max(9999999.99),
]),
reference: schema.string.optional([
schema.maxLength(255),
]),
})
export const rules = transferSchema
Apply database-level constraints in Cockroachdb migrations to complement application checks. Use foreign keys, NOT NULL, and CHECK constraints to enforce integrity even when accessed by other services.
-- Example Cockroachdb migration snippet
ALTER TABLE transaction_logs
ADD CONSTRAINT fk_user
FOREIGN KEY (user_id)
REFERENCES users (id)
ALTER TABLE accounts
ADD CONSTRAINT chk_balance_positive
CHECK (balance >= 0)
Enable retry logic in your Adonisjs service layer to handle Cockroachdb serialization errors gracefully. Catch transaction abort errors and reattempt a bounded number of times to maintain integrity under concurrent load.
import { TransactionClient } from '@ioc:Adonisjs/Lucid/Database'
import { HttpContextContract } from '@ioc:Adonisjs/Core/HttpContext'
export async function executeWithRetry(
fn: (trx: TransactionClient) => Promise,
maxAttempts = 3
): Promise {
let attempt = 0
while (attempt < maxAttempts) {
try {
await Database.transaction(fn)
return
} catch (error) {
const isSerializationError = error?.code === '40001'
if (isSerializationError && attempt < maxAttempts - 1) {
attempt++
continue
}
throw error
}
}
}