Add PostgreSQL support for mint and wallet

Cargo.toml

@@ -56,6 +56,7 @@ cdk-mint-rpc = { path = "./crates/cdk-mint-rpc", version = "=0.11.0" }
 cdk-redb = { path = "./crates/cdk-redb", default-features = true, version = "=0.11.0" }
 cdk-sql-common = { path = "./crates/cdk-sql-common", default-features = true, version = "=0.11.0" }
 cdk-sqlite = { path = "./crates/cdk-sqlite", default-features = true, version = "=0.11.0" }
+cdk-postgres = { path = "./crates/cdk-postgres", default-features = true, version = "=0.11.0" }
 cdk-signatory = { path = "./crates/cdk-signatory", version = "=0.11.0", default-features = false }
 cdk-mintd = { path = "./crates/cdk-mintd", version = "=0.11.0", default-features = false }
 clap = { version = "4.5.31", features = ["derive"] }

crates/cdk-integration-tests/src/bin/start_fake_auth_mint.rs

@@ -45,6 +45,7 @@ struct Args {
 /// Start a fake mint with authentication using the library
 async fn start_fake_auth_mint(
     temp_dir: &Path,
+    database: &str,
     port: u16,
     openid_discovery: String,
     shutdown: Arc<Notify>,
@@ -62,6 +63,7 @@ async fn start_fake_auth_mint(
 
     let mut settings = shared::create_fake_wallet_settings(
         port,
+        database,
         Some(Mnemonic::generate(12)?.to_string()),
         None,
         Some(fake_wallet_config),
@@ -123,6 +125,7 @@ async fn main() -> Result<()> {
 
     let handle = start_fake_auth_mint(
         &temp_dir,
+        &args.database_type,
         args.port,
         args.openid_discovery.clone(),
         shutdown_clone,

crates/cdk-integration-tests/src/bin/start_fake_mint.rs

@@ -46,6 +46,7 @@ struct Args {
 async fn start_fake_mint(
     temp_dir: &Path,
     port: u16,
+    database: &str,
     shutdown: Arc<Notify>,
     external_signatory: bool,
 ) -> Result<tokio::task::JoinHandle<()>> {
@@ -77,8 +78,13 @@ async fn start_fake_mint(
     });
 
     // Create settings struct for fake mint using shared function
-    let settings =
-        shared::create_fake_wallet_settings(port, mnemonic, signatory_config, fake_wallet_config);
+    let settings = shared::create_fake_wallet_settings(
+        port,
+        database,
+        mnemonic,
+        signatory_config,
+        fake_wallet_config,
+    );
 
     println!("Starting fake mintd on port {port}");
 
@@ -129,6 +135,7 @@ async fn main() -> Result<()> {
     let handle = start_fake_mint(
         &temp_dir,
         args.port,
+        &args.database_type,
         shutdown_clone,
         args.external_signatory,
     )

crates/cdk-integration-tests/src/shared.rs

@@ -11,6 +11,7 @@ use std::time::Duration;
 
 use anyhow::Result;
 use cdk_axum::cache;
+use cdk_mintd::config::{Database, DatabaseEngine};
 use tokio::signal;
 use tokio::sync::Notify;
 
@@ -150,6 +151,7 @@ pub fn display_mint_info(port: u16, temp_dir: &Path, database_type: &str) {
 /// Create settings for a fake wallet mint
 pub fn create_fake_wallet_settings(
     port: u16,
+    database: &str,
     mnemonic: Option<String>,
     signatory_config: Option<(String, String)>, // (url, certs_dir)
     fake_wallet_config: Option<cdk_mintd::config::FakeWallet>,
@@ -182,7 +184,9 @@ pub fn create_fake_wallet_settings(
         lnd: None,
         fake_wallet: fake_wallet_config,
         grpc_processor: None,
-        database: cdk_mintd::config::Database::default(),
+        database: Database {
+            engine: DatabaseEngine::from_str(database).expect("valid database"),
+        },
         mint_management_rpc: None,
         auth: None,
     }

crates/cdk-mintd/Cargo.toml

@@ -35,6 +35,7 @@ cdk = { workspace = true, features = [
 cdk-sqlite = { workspace = true, features = [
     "mint",
 ] }
+cdk-postgres = { workspace = true, features = ["mint"]}
 cdk-cln = { workspace = true, optional = true }
 cdk-lnbits = { workspace = true, optional = true }
 cdk-lnd = { workspace = true, optional = true }

crates/cdk-mintd/src/config.rs

@@ -190,6 +190,7 @@ pub struct GrpcProcessor {
 pub enum DatabaseEngine {
     #[default]
     Sqlite,
+    Postgres,
 }
 
 impl std::str::FromStr for DatabaseEngine {
@@ -198,6 +199,7 @@ impl std::str::FromStr for DatabaseEngine {
     fn from_str(s: &str) -> Result<Self, Self::Err> {
         match s.to_lowercase().as_str() {
             "sqlite" => Ok(DatabaseEngine::Sqlite),
+            "postgres" => Ok(DatabaseEngine::Postgres),
             _ => Err(format!("Unknown database engine: {s}")),
         }
     }

crates/cdk-mintd/src/lib.rs

@@ -3,7 +3,7 @@
 // std
 #[cfg(feature = "auth")]
 use std::collections::HashMap;
-use std::env;
+use std::env::{self, var};
 use std::net::SocketAddr;
 use std::path::{Path, PathBuf};
 use std::str::FromStr;
@@ -39,6 +39,7 @@ use cdk::nuts::{AuthRequired, Method, ProtectedEndpoint, RoutePath};
 use cdk::nuts::{ContactInfo, MintVersion, PaymentMethod};
 use cdk::types::QuoteTTL;
 use cdk_axum::cache::HttpCache;
+use cdk_postgres::{MintPgAuthDatabase, MintPgDatabase};
 #[cfg(feature = "auth")]
 use cdk_sqlite::mint::MintSqliteAuthDatabase;
 use cdk_sqlite::MintSqliteDatabase;
@@ -156,6 +157,16 @@ async fn setup_database(
             let keystore: Arc<dyn MintKeysDatabase<Err = cdk_database::Error> + Send + Sync> = db;
             Ok((localstore, keystore))
         }
+        DatabaseEngine::Postgres => {
+            let conn_url = var("PG_DB_URL").map_err(|_| anyhow!("Missing `PG_DB_URL`"))?;
+
+            let pg_db = Arc::new(MintPgDatabase::new(conn_url.as_str()).await?);
+            let localstore: Arc<dyn MintDatabase<cdk_database::Error> + Send + Sync> =
+                pg_db.clone();
+            let keystore: Arc<dyn MintKeysDatabase<Err = cdk_database::Error> + Send + Sync> =
+                pg_db;
+            Ok((localstore, keystore))
+        }
     }
 }
 
@@ -454,6 +465,10 @@ async fn setup_authentication(
 
                 Arc::new(sqlite_db)
             }
+            DatabaseEngine::Postgres => {
+                let conn_url = var("PG_DB_URL").map_err(|_| anyhow!("Missing `PG_DB_URL`"))?;
+                Arc::new(MintPgAuthDatabase::new(conn_url.as_str()).await?)
+            }
         };
 
         let mut protected_endpoints = HashMap::new();

crates/cdk-postgres/Cargo.toml

@@ -0,0 +1,35 @@
+[package]
+name = "cdk-postgres"
+version.workspace = true
+edition.workspace = true
+authors = ["CDK Developers"]
+description = "PostgreSQL storage backend for CDK"
+license.workspace = true
+homepage = "https://github.com/cashubtc/cdk"
+repository = "https://github.com/cashubtc/cdk.git"
+rust-version.workspace = true                            # MSRV
+readme = "README.md"
+
+# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
+[features]
+default = ["mint", "wallet", "auth"]
+mint = ["cdk-common/mint", "cdk-sql-common/mint"]
+wallet = ["cdk-common/wallet", "cdk-sql-common/wallet"]
+auth = ["cdk-common/auth", "cdk-sql-common/auth"]
+
+[dependencies]
+async-trait.workspace = true
+cdk-common = { workspace = true, features = ["test"] }
+bitcoin.workspace = true
+cdk-sql-common = { workspace = true }
+thiserror.workspace = true
+tokio = { workspace = true, features = ["rt-multi-thread"] }
+tracing.workspace = true
+serde.workspace = true
+serde_json.workspace = true
+lightning-invoice.workspace = true
+uuid.workspace = true
+tokio-postgres = "0.7.13"
+futures-util = "0.3.31"
+postgres-native-tls = "0.5.1"
+once_cell.workspace = true

crates/cdk-postgres/src/db.rs

@@ -0,0 +1,140 @@
+use cdk_common::database::Error;
+use cdk_sql_common::stmt::{Column, Statement};
+use futures_util::{pin_mut, TryStreamExt};
+use tokio_postgres::Client;
+
+use crate::value::PgValue;
+
+#[inline(always)]
+pub async fn pg_batch(conn: &Client, statement: Statement) -> Result<(), Error> {
+    let (sql, _placeholder_values) = statement.to_sql()?;
+
+    conn.batch_execute(&sql)
+        .await
+        .map_err(|e| Error::Database(Box::new(e)))
+}
+
+#[inline(always)]
+pub async fn pg_execute(conn: &Client, statement: Statement) -> Result<usize, Error> {
+    let (sql, placeholder_values) = statement.to_sql()?;
+    let prepared_statement = conn
+        .prepare(&sql)
+        .await
+        .map_err(|e| Error::Database(Box::new(e)))?;
+
+    conn.execute_raw(
+        &prepared_statement,
+        placeholder_values
+            .iter()
+            .map(|x| x.into())
+            .collect::<Vec<PgValue>>(),
+    )
+    .await
+    .map_err(|e| Error::Database(Box::new(e)))
+    .map(|x| x as usize)
+}
+
+#[inline(always)]
+pub async fn pg_fetch_one(
+    conn: &Client,
+    statement: Statement,
+) -> Result<Option<Vec<Column>>, Error> {
+    let (sql, placeholder_values) = statement.to_sql()?;
+    let prepared_statement = conn
+        .prepare(&sql)
+        .await
+        .map_err(|e| Error::Database(Box::new(e)))?;
+
+    let stream = conn
+        .query_raw(
+            &prepared_statement,
+            placeholder_values
+                .iter()
+                .map(|x| x.into())
+                .collect::<Vec<PgValue>>(),
+        )
+        .await
+        .map_err(|e| Error::Database(Box::new(e)))?;
+
+    pin_mut!(stream);
+
+    stream
+        .try_next()
+        .await
+        .map_err(|e| Error::Database(Box::new(e)))?
+        .map(|row| {
+            (0..row.len())
+                .map(|i| row.try_get::<_, PgValue>(i).map(|value| value.into()))
+                .collect::<Result<Vec<_>, _>>()
+        })
+        .transpose()
+        .map_err(|e| Error::Database(Box::new(e)))
+}
+
+#[inline(always)]
+pub async fn pg_fetch_all(conn: &Client, statement: Statement) -> Result<Vec<Vec<Column>>, Error> {
+    let (sql, placeholder_values) = statement.to_sql()?;
+    let prepared_statement = conn
+        .prepare(&sql)
+        .await
+        .map_err(|e| Error::Database(Box::new(e)))?;
+
+    let stream = conn
+        .query_raw(
+            &prepared_statement,
+            placeholder_values
+                .iter()
+                .map(|x| x.into())
+                .collect::<Vec<PgValue>>(),
+        )
+        .await
+        .map_err(|e| Error::Database(Box::new(e)))?;
+
+    pin_mut!(stream);
+
+    let mut rows = vec![];
+    while let Some(row) = stream
+        .try_next()
+        .await
+        .map_err(|e| Error::Database(Box::new(e)))?
+    {
+        rows.push(
+            (0..row.len())
+                .map(|i| row.try_get::<_, PgValue>(i).map(|value| value.into()))
+                .collect::<Result<Vec<_>, _>>()
+                .map_err(|e| Error::Database(Box::new(e)))?,
+        );
+    }
+
+    Ok(rows)
+}
+
+#[inline(always)]
+pub async fn gn_pluck(conn: &Client, statement: Statement) -> Result<Option<Column>, Error> {
+    let (sql, placeholder_values) = statement.to_sql()?;
+    let prepared_statement = conn
+        .prepare(&sql)
+        .await
+        .map_err(|e| Error::Database(Box::new(e)))?;
+
+    let stream = conn
+        .query_raw(
+            &prepared_statement,
+            placeholder_values
+                .iter()
+                .map(|x| x.into())
+                .collect::<Vec<PgValue>>(),
+        )
+        .await
+        .map_err(|e| Error::Database(Box::new(e)))?;
+
+    pin_mut!(stream);
+
+    stream
+        .try_next()
+        .await
+        .map_err(|e| Error::Database(Box::new(e)))?
+        .map(|row| row.try_get::<_, PgValue>(0).map(|value| value.into()))
+        .transpose()
+        .map_err(|e| Error::Database(Box::new(e)))
+}

crates/cdk-postgres/src/lib.rs

@@ -0,0 +1,256 @@
+use std::fmt::Debug;
+use std::sync::atomic::AtomicBool;
+use std::sync::{Arc, OnceLock};
+use std::time::Duration;
+
+use cdk_common::database::Error;
+use cdk_sql_common::database::{DatabaseConnector, DatabaseExecutor, GenericTransactionHandler};
+use cdk_sql_common::mint::SQLMintAuthDatabase;
+use cdk_sql_common::pool::{DatabaseConfig, DatabasePool};
+use cdk_sql_common::stmt::{Column, Statement};
+use cdk_sql_common::{SQLMintDatabase, SQLWalletDatabase};
+use db::{gn_pluck, pg_batch, pg_execute, pg_fetch_all, pg_fetch_one};
+use tokio::sync::{Mutex, Notify};
+use tokio::time::timeout;
+use tokio_postgres::{connect, Client, Error as PgError, NoTls};
+
+mod db;
+mod value;
+
+#[derive(Debug)]
+pub struct PgConnectionPool;
+
+#[derive(Clone)]
+pub enum SslMode {
+    NoTls(NoTls),
+    NativeTls(postgres_native_tls::MakeTlsConnector),
+}
+
+impl Default for SslMode {
+    fn default() -> Self {
+        SslMode::NoTls(NoTls {})
+    }
+}
+
+impl Debug for SslMode {
+    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+        let debug_text = match self {
+            Self::NoTls(_) => "NoTls",
+            Self::NativeTls(_) => "NativeTls",
+        };
+
+        write!(f, "SslMode::{debug_text}")
+    }
+}
+
+/// Postgres configuration
+#[derive(Clone, Debug)]
+pub struct PgConfig {
+    url: String,
+    tls: SslMode,
+}
+
+impl DatabaseConfig for PgConfig {
+    fn default_timeout(&self) -> Duration {
+        Duration::from_secs(10)
+    }
+
+    fn max_size(&self) -> usize {
+        20
+    }
+}
+
+impl From<&str> for PgConfig {
+    fn from(value: &str) -> Self {
+        PgConfig {
+            url: value.to_owned(),
+            tls: Default::default(),
+        }
+    }
+}
+
+impl DatabasePool for PgConnectionPool {
+    type Config = PgConfig;
+
+    type Connection = PostgresConnection;
+
+    type Error = PgError;
+
+    fn new_resource(
+        config: &Self::Config,
+        still_valid: Arc<AtomicBool>,
+        timeout: Duration,
+    ) -> Result<Self::Connection, cdk_sql_common::pool::Error<Self::Error>> {
+        Ok(PostgresConnection::new(
+            config.to_owned(),
+            timeout,
+            still_valid,
+        ))
+    }
+}
+
+/// A postgres connection
+#[derive(Debug)]
+pub struct PostgresConnection {
+    timeout: Duration,
+    error: Arc<Mutex<Option<cdk_common::database::Error>>>,
+    result: Arc<OnceLock<Client>>,
+    notify: Arc<Notify>,
+}
+
+impl PostgresConnection {
+    /// Creates a new instance
+    pub fn new(config: PgConfig, timeout: Duration, still_valid: Arc<AtomicBool>) -> Self {
+        let failed = Arc::new(Mutex::new(None));
+        let result = Arc::new(OnceLock::new());
+        let notify = Arc::new(Notify::new());
+        let error_clone = failed.clone();
+        let result_clone = result.clone();
+        let notify_clone = notify.clone();
+
+        tokio::spawn(async move {
+            match config.tls {
+                SslMode::NoTls(tls) => {
+                    let (client, connection) = match connect(&config.url, tls).await {
+                        Ok((client, connection)) => (client, connection),
+                        Err(err) => {
+                            *error_clone.lock().await =
+                                Some(cdk_common::database::Error::Database(Box::new(err)));
+                            still_valid.store(false, std::sync::atomic::Ordering::Release);
+                            notify_clone.notify_waiters();
+                            return;
+                        }
+                    };
+
+                    tokio::spawn(async move {
+                        let _ = connection.await;
+                        still_valid.store(false, std::sync::atomic::Ordering::Release);
+                    });
+
+                    let _ = result_clone.set(client);
+                    notify_clone.notify_waiters();
+                }
+                SslMode::NativeTls(tls) => {
+                    let (client, connection) = match connect(&config.url, tls).await {
+                        Ok((client, connection)) => (client, connection),
+                        Err(err) => {
+                            *error_clone.lock().await =
+                                Some(cdk_common::database::Error::Database(Box::new(err)));
+                            still_valid.store(false, std::sync::atomic::Ordering::Release);
+                            notify_clone.notify_waiters();
+                            return;
+                        }
+                    };
+
+                    tokio::spawn(async move {
+                        let _ = connection.await;
+                        still_valid.store(false, std::sync::atomic::Ordering::Release);
+                    });
+
+                    let _ = result_clone.set(client);
+                    notify_clone.notify_waiters();
+                }
+            }
+        });
+
+        Self {
+            error: failed,
+            timeout,
+            result,
+            notify,
+        }
+    }
+
+    /// Gets the wrapped instance or the connection error. The connection is returned as reference,
+    /// and the actual error is returned once, next times a generic error would be returned
+    async fn inner(&self) -> Result<&Client, cdk_common::database::Error> {
+        if let Some(client) = self.result.get() {
+            return Ok(client);
+        }
+
+        if let Some(error) = self.error.lock().await.take() {
+            return Err(error);
+        }
+
+        if timeout(self.timeout, self.notify.notified()).await.is_err() {
+            return Err(cdk_common::database::Error::Internal("Timeout".to_owned()));
+        }
+
+        // Check result again
+        if let Some(client) = self.result.get() {
+            Ok(client)
+        } else if let Some(error) = self.error.lock().await.take() {
+            Err(error)
+        } else {
+            Err(cdk_common::database::Error::Internal(
+                "Failed connection".to_owned(),
+            ))
+        }
+    }
+}
+
+#[async_trait::async_trait]
+impl DatabaseConnector for PostgresConnection {
+    type Transaction = GenericTransactionHandler<Self>;
+}
+
+#[async_trait::async_trait]
+impl DatabaseExecutor for PostgresConnection {
+    fn name() -> &'static str {
+        "postgres"
+    }
+
+    async fn execute(&self, statement: Statement) -> Result<usize, Error> {
+        pg_execute(self.inner().await?, statement).await
+    }
+
+    async fn fetch_one(&self, statement: Statement) -> Result<Option<Vec<Column>>, Error> {
+        pg_fetch_one(self.inner().await?, statement).await
+    }
+
+    async fn fetch_all(&self, statement: Statement) -> Result<Vec<Vec<Column>>, Error> {
+        pg_fetch_all(self.inner().await?, statement).await
+    }
+
+    async fn pluck(&self, statement: Statement) -> Result<Option<Column>, Error> {
+        gn_pluck(self.inner().await?, statement).await
+    }
+
+    async fn batch(&self, statement: Statement) -> Result<(), Error> {
+        pg_batch(self.inner().await?, statement).await
+    }
+}
+
+/// Mint DB implementation with PostgreSQL
+pub type MintPgDatabase = SQLMintDatabase<PgConnectionPool>;
+
+/// Mint Auth database with Postgres
+#[cfg(feature = "auth")]
+pub type MintPgAuthDatabase = SQLMintAuthDatabase<PgConnectionPool>;
+
+/// Mint DB implementation with PostgresSQL
+pub type WalletPgDatabase = SQLWalletDatabase<PgConnectionPool>;
+
+#[cfg(test)]
+mod test {
+    use cdk_common::mint_db_test;
+    use once_cell::sync::Lazy;
+    use tokio::sync::Mutex;
+
+    use super::*;
+
+    static MIGRATION_LOCK: Lazy<Mutex<()>> = Lazy::new(|| Mutex::new(()));
+
+    async fn provide_db() -> MintPgDatabase {
+        let m = MIGRATION_LOCK.lock().await;
+        let db_url = std::env::var("PG_DB_URL")
+            .unwrap_or("host=localhost user=test password=test dbname=testdb port=5433".to_owned());
+        let db = MintPgDatabase::new(db_url.as_str())
+            .await
+            .expect("database");
+        drop(m);
+        db
+    }
+
+    mint_db_test!(provide_db);
+}

crates/cdk-postgres/src/value.rs

@@ -0,0 +1,130 @@
+use std::fmt::Debug;
+
+use cdk_sql_common::value::Value;
+use tokio_postgres::types::{self, FromSql, ToSql};
+
+#[derive(Debug)]
+pub enum PgValue<'a> {
+    Null,
+    Integer(i64),
+    Real(f64),
+    Text(&'a str),
+    Blob(&'a [u8]),
+}
+
+impl<'a> From<&'a Value> for PgValue<'a> {
+    fn from(value: &'a Value) -> Self {
+        match value {
+            Value::Blob(b) => PgValue::Blob(b),
+            Value::Text(text) => PgValue::Text(text.as_str()),
+            Value::Null => PgValue::Null,
+            Value::Integer(i) => PgValue::Integer(*i),
+            Value::Real(r) => PgValue::Real(*r),
+        }
+    }
+}
+
+impl<'a> From<PgValue<'a>> for Value {
+    fn from(val: PgValue<'a>) -> Self {
+        match val {
+            PgValue::Blob(value) => Value::Blob(value.to_owned()),
+            PgValue::Text(value) => Value::Text(value.to_owned()),
+            PgValue::Null => Value::Null,
+            PgValue::Integer(n) => Value::Integer(n),
+            PgValue::Real(r) => Value::Real(r),
+        }
+    }
+}
+
+impl<'a> FromSql<'a> for PgValue<'a> {
+    fn accepts(_ty: &types::Type) -> bool {
+        true
+    }
+
+    fn from_sql(
+        ty: &types::Type,
+        raw: &'a [u8],
+    ) -> Result<Self, Box<dyn std::error::Error + Sync + Send>> {
+        Ok(match *ty {
+            types::Type::VARCHAR | types::Type::TEXT | types::Type::BPCHAR | types::Type::NAME => {
+                PgValue::Text(<&str as FromSql>::from_sql(ty, raw)?)
+            }
+            types::Type::BOOL => PgValue::Integer(if <bool as FromSql>::from_sql(ty, raw)? {
+                1
+            } else {
+                0
+            }),
+            types::Type::INT2 => PgValue::Integer(<i8 as FromSql>::from_sql(ty, raw)? as i64),
+            types::Type::INT4 => PgValue::Integer(<i32 as FromSql>::from_sql(ty, raw)? as i64),
+            types::Type::INT8 => PgValue::Integer(<i64 as FromSql>::from_sql(ty, raw)?),
+            types::Type::BIT_ARRAY | types::Type::BYTEA | types::Type::UNKNOWN => {
+                PgValue::Blob(<&[u8] as FromSql>::from_sql(ty, raw)?)
+            }
+            _ => panic!("Unsupported type {ty:?}"),
+        })
+    }
+
+    fn from_sql_null(_ty: &types::Type) -> Result<Self, Box<dyn std::error::Error + Sync + Send>> {
+        Ok(PgValue::Null)
+    }
+}
+
+impl ToSql for PgValue<'_> {
+    fn to_sql(
+        &self,
+        ty: &types::Type,
+        out: &mut types::private::BytesMut,
+    ) -> Result<types::IsNull, Box<dyn std::error::Error + Sync + Send>>
+    where
+        Self: Sized,
+    {
+        match self {
+            PgValue::Blob(blob) => blob.to_sql(ty, out),
+            PgValue::Text(text) => text.to_sql(ty, out),
+            PgValue::Null => Ok(types::IsNull::Yes),
+            PgValue::Real(r) => r.to_sql(ty, out),
+            PgValue::Integer(i) => match *ty {
+                types::Type::BOOL => (*i != 0).to_sql(ty, out),
+                types::Type::INT2 => (*i as i16).to_sql(ty, out),
+                types::Type::INT4 => (*i as i32).to_sql(ty, out),
+                _ => i.to_sql_checked(ty, out),
+            },
+        }
+    }
+
+    fn accepts(_ty: &types::Type) -> bool
+    where
+        Self: Sized,
+    {
+        true
+    }
+
+    fn encode_format(&self, ty: &types::Type) -> types::Format {
+        match self {
+            PgValue::Blob(blob) => blob.encode_format(ty),
+            PgValue::Text(text) => text.encode_format(ty),
+            PgValue::Null => types::Format::Text,
+            PgValue::Real(r) => r.encode_format(ty),
+            PgValue::Integer(i) => i.encode_format(ty),
+        }
+    }
+
+    fn to_sql_checked(
+        &self,
+        ty: &types::Type,
+        out: &mut types::private::BytesMut,
+    ) -> Result<types::IsNull, Box<dyn std::error::Error + Sync + Send>> {
+        match self {
+            PgValue::Blob(blob) => blob.to_sql_checked(ty, out),
+            PgValue::Text(text) => text.to_sql_checked(ty, out),
+            PgValue::Null => Ok(types::IsNull::Yes),
+            PgValue::Real(r) => r.to_sql_checked(ty, out),
+            PgValue::Integer(i) => match *ty {
+                types::Type::BOOL => (*i != 0).to_sql_checked(ty, out),
+                types::Type::INT2 => (*i as i16).to_sql_checked(ty, out),
+                types::Type::INT4 => (*i as i32).to_sql_checked(ty, out),
+                _ => i.to_sql_checked(ty, out),
+            },
+        }
+    }
+}

crates/cdk-postgres/start_db_for_test.sh

@@ -0,0 +1,30 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+CONTAINER_NAME="rust-test-pg"
+DB_USER="test"
+DB_PASS="test"
+DB_NAME="testdb"
+DB_PORT="5433"
+
+echo "Starting fresh PostgreSQL container..."
+docker run -d --rm \
+  --name "${CONTAINER_NAME}" \
+  -e POSTGRES_USER="${DB_USER}" \
+  -e POSTGRES_PASSWORD="${DB_PASS}" \
+  -e POSTGRES_DB="${DB_NAME}" \
+  -p ${DB_PORT}:5432 \
+  postgres:16
+
+echo "Waiting for PostgreSQL to be ready and database '${DB_NAME}' to exist..."
+until docker exec -e PGPASSWORD="${DB_PASS}" "${CONTAINER_NAME}" \
+    psql -U "${DB_USER}" -d "${DB_NAME}" -c "SELECT 1;" >/dev/null 2>&1; do
+  sleep 0.5
+done
+
+docker exec -e PGPASSWORD="${DB_PASS}" "${CONTAINER_NAME}" \
+  psql -U "${DB_USER}" -d "${DB_NAME}" -c "CREATE DATABASE mintdb;"
+docker exec -e PGPASSWORD="${DB_PASS}" "${CONTAINER_NAME}" \
+  psql -U "${DB_USER}" -d "${DB_NAME}" -c "CREATE DATABASE mintdb_auth;"
+
+export DATABASE_URL="host=localhost user=${DB_USER} password=${DB_PASS} dbname=${DB_NAME} port=${DB_PORT}"

crates/cdk-sql-common/src/mint/auth/migrations.rs

@@ -1,6 +1,7 @@
 /// @generated
 /// Auto-generated by build.rs
 pub static MIGRATIONS: &[(&str, &str, &str)] = &[
+    ("postgres", "1_init.sql", include_str!(r#"./migrations/postgres/1_init.sql"#)),
     ("sqlite", "1_fix_sqlx_migration.sql", include_str!(r#"./migrations/sqlite/1_fix_sqlx_migration.sql"#)),
     ("sqlite", "20250109143347_init.sql", include_str!(r#"./migrations/sqlite/20250109143347_init.sql"#)),
 ];

crates/cdk-sql-common/src/mint/auth/migrations/postgres/1_init.sql

@@ -0,0 +1,43 @@
+CREATE TABLE IF NOT EXISTS proof (
+y BYTEA PRIMARY KEY,
+keyset_id TEXT NOT NULL,
+secret TEXT NOT NULL,
+c BYTEA NOT NULL,
+state TEXT NOT NULL
+);
+
+CREATE INDEX IF NOT EXISTS state_index ON proof(state);
+CREATE INDEX IF NOT EXISTS secret_index ON proof(secret);
+
+
+-- Keysets Table
+
+CREATE TABLE IF NOT EXISTS keyset (
+    id TEXT PRIMARY KEY,
+    unit TEXT NOT NULL,
+    active BOOL NOT NULL,
+    valid_from INTEGER NOT NULL,
+    valid_to INTEGER,
+    derivation_path TEXT NOT NULL,
+    max_order INTEGER NOT NULL,
+    derivation_path_index INTEGER NOT NULL
+);
+
+CREATE INDEX IF NOT EXISTS unit_index ON keyset(unit);
+CREATE INDEX IF NOT EXISTS active_index ON keyset(active);
+
+
+CREATE TABLE IF NOT EXISTS blind_signature (
+    y BYTEA PRIMARY KEY,
+    amount INTEGER NOT NULL,
+    keyset_id TEXT NOT NULL,
+    c BYTEA NOT NULL
+);
+
+CREATE INDEX IF NOT EXISTS keyset_id_index ON blind_signature(keyset_id);
+
+
+CREATE TABLE IF NOT EXISTS protected_endpoints (
+    endpoint TEXT PRIMARY KEY,
+    auth TEXT NOT NULL
+);

crates/cdk-sql-common/src/mint/auth/mod.rs

@@ -262,9 +262,10 @@ where
             FROM
                 keyset
             WHERE
-                active = 1;
+                active = :active;
             "#,
         )?
+        .bind("active", true)
         .pluck(&*conn)
         .await?
         .map(|id| Ok::<_, Error>(column_as_string!(id, Id::from_str, Id::from_bytes)))

crates/cdk-sql-common/src/mint/migrations.rs

@@ -1,6 +1,7 @@
 /// @generated
 /// Auto-generated by build.rs
 pub static MIGRATIONS: &[(&str, &str, &str)] = &[
+    ("postgres", "1_initial.sql", include_str!(r#"./migrations/postgres/1_initial.sql"#)),
     ("sqlite", "1_fix_sqlx_migration.sql", include_str!(r#"./migrations/sqlite/1_fix_sqlx_migration.sql"#)),
     ("sqlite", "20240612124932_init.sql", include_str!(r#"./migrations/sqlite/20240612124932_init.sql"#)),
     ("sqlite", "20240618195700_quote_state.sql", include_str!(r#"./migrations/sqlite/20240618195700_quote_state.sql"#)),

crates/cdk-sql-common/src/mint/migrations/postgres/1_initial.sql

@@ -0,0 +1,100 @@
+CREATE TABLE keyset (
+  id TEXT PRIMARY KEY, unit TEXT NOT NULL,
+  active BOOL NOT NULL, valid_from INTEGER NOT NULL,
+  valid_to INTEGER, derivation_path TEXT NOT NULL,
+  max_order INTEGER NOT NULL, input_fee_ppk INTEGER,
+  derivation_path_index INTEGER
+);
+CREATE INDEX unit_index ON keyset(unit);
+CREATE INDEX active_index ON keyset(active);
+CREATE TABLE melt_quote (
+  id TEXT PRIMARY KEY,
+  unit TEXT NOT NULL,
+  amount INTEGER NOT NULL,
+  request TEXT NOT NULL,
+  fee_reserve INTEGER NOT NULL,
+  expiry INTEGER NOT NULL,
+  state TEXT CHECK (
+    state IN ('UNPAID', 'PENDING', 'PAID')
+  ) NOT NULL DEFAULT 'UNPAID',
+  payment_preimage TEXT,
+  request_lookup_id TEXT,
+  created_time INTEGER NOT NULL DEFAULT 0,
+  paid_time INTEGER,
+  payment_method TEXT NOT NULL DEFAULT 'bolt11',
+  options TEXT,
+  request_lookup_id_kind TEXT NOT NULL DEFAULT 'payment_hash'
+);
+CREATE INDEX melt_quote_state_index ON melt_quote(state);
+CREATE UNIQUE INDEX unique_request_lookup_id_melt ON melt_quote(request_lookup_id);
+CREATE TABLE melt_request (
+  id TEXT PRIMARY KEY, inputs TEXT NOT NULL,
+  outputs TEXT, method TEXT NOT NULL,
+  unit TEXT NOT NULL
+);
+CREATE TABLE config (
+  id TEXT PRIMARY KEY, value TEXT NOT NULL
+);
+CREATE TABLE IF NOT EXISTS "proof" (
+  y BYTEA PRIMARY KEY,
+  amount INTEGER NOT NULL,
+  keyset_id TEXT NOT NULL,
+  secret TEXT NOT NULL,
+  c BYTEA NOT NULL,
+  witness TEXT,
+  state TEXT CHECK (
+    state IN (
+      'SPENT', 'PENDING', 'UNSPENT', 'RESERVED',
+      'UNKNOWN'
+    )
+  ) NOT NULL,
+  quote_id TEXT,
+  created_time INTEGER NOT NULL DEFAULT 0
+);
+CREATE TABLE IF NOT EXISTS "blind_signature" (
+  blinded_message BYTEA PRIMARY KEY,
+  amount INTEGER NOT NULL,
+  keyset_id TEXT NOT NULL,
+  c BYTEA NOT NULL,
+  dleq_e TEXT,
+  dleq_s TEXT,
+  quote_id TEXT,
+  created_time INTEGER NOT NULL DEFAULT 0
+);
+CREATE TABLE IF NOT EXISTS "mint_quote" (
+  id TEXT PRIMARY KEY, amount INTEGER,
+  unit TEXT NOT NULL, request TEXT NOT NULL,
+  expiry INTEGER NOT NULL, request_lookup_id TEXT UNIQUE,
+  pubkey TEXT, created_time INTEGER NOT NULL DEFAULT 0,
+  amount_paid INTEGER NOT NULL DEFAULT 0,
+  amount_issued INTEGER NOT NULL DEFAULT 0,
+  payment_method TEXT NOT NULL DEFAULT 'BOLT11',
+  request_lookup_id_kind TEXT NOT NULL DEFAULT 'payment_hash'
+);
+CREATE INDEX idx_mint_quote_created_time ON mint_quote(created_time);
+CREATE INDEX idx_mint_quote_expiry ON mint_quote(expiry);
+CREATE INDEX idx_mint_quote_request_lookup_id ON mint_quote(request_lookup_id);
+CREATE INDEX idx_mint_quote_request_lookup_id_and_kind ON mint_quote(
+  request_lookup_id, request_lookup_id_kind
+);
+CREATE TABLE mint_quote_payments (
+  id SERIAL PRIMARY KEY,
+  quote_id TEXT NOT NULL,
+  payment_id TEXT NOT NULL UNIQUE,
+  timestamp INTEGER NOT NULL,
+  amount INTEGER NOT NULL,
+  FOREIGN KEY (quote_id) REFERENCES mint_quote(id)
+);
+CREATE INDEX idx_mint_quote_payments_payment_id ON mint_quote_payments(payment_id);
+CREATE INDEX idx_mint_quote_payments_quote_id ON mint_quote_payments(quote_id);
+CREATE TABLE mint_quote_issued (
+  id SERIAL PRIMARY KEY,
+  quote_id TEXT NOT NULL,
+  amount INTEGER NOT NULL,
+  timestamp INTEGER NOT NULL,
+  FOREIGN KEY (quote_id) REFERENCES mint_quote(id)
+);
+CREATE INDEX idx_mint_quote_issued_quote_id ON mint_quote_issued(quote_id);
+CREATE INDEX idx_melt_quote_request_lookup_id_and_kind ON mint_quote(
+  request_lookup_id, request_lookup_id_kind
+);

crates/cdk-sql-common/src/mint/mod.rs

@@ -407,12 +407,12 @@ where
     }
 
     async fn set_active_keyset(&mut self, unit: CurrencyUnit, id: Id) -> Result<(), Error> {
-        query(r#"UPDATE keyset SET active=FALSE WHERE unit IS :unit"#)?
+        query(r#"UPDATE keyset SET active=FALSE WHERE unit = :unit"#)?
             .bind("unit", unit.to_string())
             .execute(&self.inner)
             .await?;
 
-        query(r#"UPDATE keyset SET active=TRUE WHERE unit IS :unit AND id IS :id"#)?
+        query(r#"UPDATE keyset SET active=TRUE WHERE unit = :unit AND id = :id"#)?
             .bind("unit", unit.to_string())
             .bind("id", id.to_string())
             .execute(&self.inner)
@@ -443,7 +443,8 @@ where
     async fn get_active_keyset_id(&self, unit: &CurrencyUnit) -> Result<Option<Id>, Self::Err> {
         let conn = self.pool.get().map_err(|e| Error::Database(Box::new(e)))?;
         Ok(
-            query(r#" SELECT id FROM keyset WHERE active = 1 AND unit IS :unit"#)?
+            query(r#" SELECT id FROM keyset WHERE active = :active AND unit = :unit"#)?
+                .bind("active", true)
                 .bind("unit", unit.to_string())
                 .pluck(&*conn)
                 .await?
@@ -458,17 +459,20 @@ where
 
     async fn get_active_keysets(&self) -> Result<HashMap<CurrencyUnit, Id>, Self::Err> {
         let conn = self.pool.get().map_err(|e| Error::Database(Box::new(e)))?;
-        Ok(query(r#"SELECT id, unit FROM keyset WHERE active = 1"#)?
-            .fetch_all(&*conn)
-            .await?
-            .into_iter()
-            .map(|row| {
-                Ok((
-                    column_as_string!(&row[1], CurrencyUnit::from_str),
-                    column_as_string!(&row[0], Id::from_str, Id::from_bytes),
-                ))
-            })
-            .collect::<Result<HashMap<_, _>, Error>>()?)
+        Ok(
+            query(r#"SELECT id, unit FROM keyset WHERE active = :active"#)?
+                .bind("active", true)
+                .fetch_all(&*conn)
+                .await?
+                .into_iter()
+                .map(|row| {
+                    Ok((
+                        column_as_string!(&row[1], CurrencyUnit::from_str),
+                        column_as_string!(&row[0], Id::from_str, Id::from_bytes),
+                    ))
+                })
+                .collect::<Result<HashMap<_, _>, Error>>()?,
+        )
     }
 
     async fn get_keyset_info(&self, id: &Id) -> Result<Option<MintKeySetInfo>, Self::Err> {

crates/cdk-sql-common/src/wallet/migrations.rs

@@ -1,6 +1,7 @@
 /// @generated
 /// Auto-generated by build.rs
 pub static MIGRATIONS: &[(&str, &str, &str)] = &[
+    ("postgres", "1_initial.sql", include_str!(r#"./migrations/postgres/1_initial.sql"#)),
     ("sqlite", "1_fix_sqlx_migration.sql", include_str!(r#"./migrations/sqlite/1_fix_sqlx_migration.sql"#)),
     ("sqlite", "20240612132920_init.sql", include_str!(r#"./migrations/sqlite/20240612132920_init.sql"#)),
     ("sqlite", "20240618200350_quote_state.sql", include_str!(r#"./migrations/sqlite/20240618200350_quote_state.sql"#)),

crates/cdk-sql-common/src/wallet/migrations/postgres/1_initial.sql

@@ -0,0 +1,80 @@
+CREATE TABLE mint (
+  mint_url TEXT PRIMARY KEY, name TEXT, 
+  pubkey BYTEA, version TEXT, description TEXT, 
+  description_long TEXT, contact TEXT, 
+  nuts TEXT, motd TEXT, icon_url TEXT, 
+  mint_time INTEGER, urls TEXT, tos_url TEXT
+);
+CREATE TABLE keyset (
+  id TEXT PRIMARY KEY, 
+  mint_url TEXT NOT NULL, 
+  unit TEXT NOT NULL, 
+  active BOOL NOT NULL, 
+  counter INTEGER NOT NULL DEFAULT 0, 
+  input_fee_ppk INTEGER, 
+  final_expiry INTEGER DEFAULT NULL, 
+  FOREIGN KEY(mint_url) REFERENCES mint(mint_url) ON UPDATE CASCADE ON DELETE CASCADE
+);
+CREATE TABLE melt_quote (
+  id TEXT PRIMARY KEY, 
+  unit TEXT NOT NULL, 
+  amount INTEGER NOT NULL, 
+  request TEXT NOT NULL, 
+  fee_reserve INTEGER NOT NULL, 
+  expiry INTEGER NOT NULL, 
+  state TEXT CHECK (
+    state IN ('UNPAID', 'PENDING', 'PAID')
+  ) NOT NULL DEFAULT 'UNPAID', 
+  payment_preimage TEXT
+);
+CREATE TABLE key (
+  id TEXT PRIMARY KEY, keys TEXT NOT NULL
+);
+CREATE INDEX melt_quote_state_index ON melt_quote(state);
+CREATE TABLE IF NOT EXISTS "proof" (
+  y BYTEA PRIMARY KEY, 
+  mint_url TEXT NOT NULL, 
+  state TEXT CHECK (
+    state IN (
+      'SPENT', 'UNSPENT', 'PENDING', 'RESERVED', 
+      'PENDING_SPENT'
+    )
+  ) NOT NULL, 
+  spending_condition TEXT, 
+  unit TEXT NOT NULL, 
+  amount INTEGER NOT NULL, 
+  keyset_id TEXT NOT NULL, 
+  secret TEXT NOT NULL, 
+  c BYTEA NOT NULL, 
+  witness TEXT, 
+  dleq_e BYTEA, 
+  dleq_s BYTEA, 
+  dleq_r BYTEA
+);
+CREATE TABLE transactions (
+  id BYTEA PRIMARY KEY, 
+  mint_url TEXT NOT NULL, 
+  direction TEXT CHECK (
+    direction IN ('Incoming', 'Outgoing')
+  ) NOT NULL, 
+  amount INTEGER NOT NULL, 
+  fee INTEGER NOT NULL, 
+  unit TEXT NOT NULL, 
+  ys BYTEA NOT NULL, 
+  timestamp INTEGER NOT NULL, 
+  memo TEXT, 
+  metadata TEXT
+);
+CREATE INDEX mint_url_index ON transactions(mint_url);
+CREATE INDEX direction_index ON transactions(direction);
+CREATE INDEX unit_index ON transactions(unit);
+CREATE INDEX timestamp_index ON transactions(timestamp);
+CREATE TABLE IF NOT EXISTS "mint_quote" (
+  id TEXT PRIMARY KEY, mint_url TEXT NOT NULL, 
+  payment_method TEXT NOT NULL DEFAULT 'bolt11', 
+  amount INTEGER, unit TEXT NOT NULL, 
+  request TEXT NOT NULL, state TEXT NOT NULL, 
+  expiry INTEGER NOT NULL, amount_paid INTEGER NOT NULL DEFAULT 0, 
+  amount_issued INTEGER NOT NULL DEFAULT 0, 
+  secret_key TEXT
+);

misc/fake_itests.sh

@@ -1,7 +1,7 @@
 #!/usr/bin/env bash
 
 # Script to run fake mint tests with proper handling of race conditions
-# This script ensures the .env file is properly created and available 
+# This script ensures the .env file is properly created and available
 # before running tests
 
 # Function to perform cleanup
@@ -28,6 +28,10 @@ cleanup() {
         echo "Temp directory removed: $CDK_ITESTS_DIR"
     fi
 
+    if [ -n "$CONTAINER_NAME" ]; then
+        docker rm "${CONTAINER_NAME}" -f
+    fi
+
     # Unset all environment variables
     unset CDK_ITESTS_DIR
     unset CDK_TEST_MINT_URL
@@ -56,6 +60,26 @@ cargo build -p cdk-integration-tests
 
 # Start the fake mint binary with the new Rust-based approach
 echo "Starting fake mint using Rust binary..."
+
+if [ "${CDK_MINTD_DATABASE}" = "POSTGRES" ]; then
+    export CONTAINER_NAME="rust-fake-test-pg"
+    DB_USER="test"
+    DB_PASS="test"
+    DB_NAME="testdb"
+    DB_PORT="15433"
+
+    docker run -d --rm \
+      --name "${CONTAINER_NAME}" \
+      -e POSTGRES_USER="${DB_USER}" \
+      -e POSTGRES_PASSWORD="${DB_PASS}" \
+      -e POSTGRES_DB="${DB_NAME}" \
+      -p ${DB_PORT}:5432 \
+      postgres:16
+    export PG_DB_URL="host=localhost user=${DB_USER} password=${DB_PASS} dbname=${DB_NAME} port=${DB_PORT}"
+
+    echo "Starting fresh PostgreSQL container..."
+fi
+
 if [ "$2" = "external_signatory" ]; then
     echo "Starting with external signatory support"
 
@@ -64,7 +88,7 @@ if [ "$2" = "external_signatory" ]; then
     cargo run --bin signatory -- -w $CDK_ITESTS_DIR -u "sat" -u "usd"  &
     export CDK_SIGNATORY_PID=$!
     sleep 5
-    
+
     cargo run --bin start_fake_mint -- --enable-logging --external-signatory "$CDK_MINTD_DATABASE" "$CDK_ITESTS_DIR" &
 else
     cargo run --bin start_fake_mint -- --enable-logging "$CDK_MINTD_DATABASE" "$CDK_ITESTS_DIR" &