In my previous post, I laid out a basic strategy for provisioning a PostgreSQL server with the databases and users to support a deployment which respects the principle of least privilege. The big takeaway is that any given web app should likely have two extremely distinct users – one to actually set up the database (think deployment and upgrades) and one to be used once your app is running. Neither of these users should be a superuser – e.g. the default postgres user.

I’ve barely written any JavaScript before, so I don’t *really* know what I’m doing, but I put together an example to configure a PostgreSQL server for web app. Perhaps in the future I’ll make it actually usable as an NPM module, but for now it’s more of an example. It’s on NPM here and on GitHub here – essentially it just performs the steps I outlined in my previous post.

Given how JavaScript is single threaded, I found it was actually surprisingly difficult to write this bit of code. Things like creating the database *have* to finish before actions (e.g. connecting to the database) can begin, so I found it way trickier than I’d readily admit to get it working. All in all, I likely spent almost 2 full days trying to scrape it together to the point its at now. I’ve never really used Promises before, although I’ve certainly heard plenty about them. I’ve also never used Generators before. I’ve certainly never done so much work coercing asynchronous tasks to be synchronous before.

It was an interesting challenge for me, and almost completely useless as it stands, but I think it would actually be useful if I were to finish it off to the point where it could be installed as a global NPM module and invoked from the command line. Perhaps some day, but for right now I’m sick and tired of it and want to move on…