package payments import ( "go/parser" "go/token" "io/fs" "path/filepath" "runtime" "strings" "testing" ) // TestPaymentsSchemaImportBoundary enforces that only this package reaches the // payments jet code. The payments schema is isolated behind this domain; the // application connects to Postgres as a superuser that bypasses the schema // grants, so the runtime wall that keeps every other package out of payments.* // is this import boundary, not the DB privileges. If another package imported // the generated payments tables it could issue SQL against the schema directly, // breaking the single-writer guarantee and the domain's extractability. func TestPaymentsSchemaImportBoundary(t *testing.T) { const jetPkg = "scrabble/backend/internal/postgres/jet/payments" _, thisFile, _, ok := runtime.Caller(0) if !ok { t.Fatal("cannot resolve the test file path") } // thisFile = .../backend/internal/payments/boundary_test.go backendRoot := filepath.Clean(filepath.Join(filepath.Dir(thisFile), "..", "..")) allowedPrefix := filepath.Join(backendRoot, "internal", "payments") + string(filepath.Separator) fset := token.NewFileSet() walkErr := filepath.WalkDir(backendRoot, func(path string, d fs.DirEntry, err error) error { if err != nil { return err } if d.IsDir() || !strings.HasSuffix(path, ".go") { return nil } file, perr := parser.ParseFile(fset, path, nil, parser.ImportsOnly) if perr != nil { return perr } for _, imp := range file.Imports { p := strings.Trim(imp.Path.Value, `"`) if p != jetPkg && !strings.HasPrefix(p, jetPkg+"/") { continue } if !strings.HasPrefix(path, allowedPrefix) { t.Errorf("%s imports %s — only internal/payments may reach the payments jet code", path, p) } } return nil }) if walkErr != nil { t.Fatalf("walk backend tree: %v", walkErr) } }