import { PermissionAction } from '@supabase/shared-types/out/constants' import dayjs from 'dayjs' import { useMemo, useRef } from 'react' import { useParams } from 'common' import { FormHeader } from 'components/ui/Forms/FormHeader' import { APIKeysData, useAPIKeysQuery } from 'data/api-keys/api-keys-query' import useLogsQuery from 'hooks/analytics/useLogsQuery' import { useAsyncCheckProjectPermissions } from 'hooks/misc/useCheckPermissions' import { Card, CardContent, EyeOffIcon, Skeleton, WarningIcon, cn } from 'ui' import { Table, TableBody, TableCell, TableHead, TableHeader, TableRow, } from 'ui/src/components/shadcn/ui/table' import { APIKeyRow } from './APIKeyRow' import CreateSecretAPIKeyDialog from './CreateSecretAPIKeyDialog' interface LastSeenData { [hash: string]: { timestamp: string } } function useLastSeen(projectRef: string): LastSeenData { const now = useRef(new Date()).current const query = useLogsQuery(projectRef, { iso_timestamp_start: new Date(now.getTime() - 24 * 60 * 60 * 1000).toISOString(), iso_timestamp_end: now.toISOString(), sql: "-- last-used-secret-api-keys\nSELECT unix_millis(max(timestamp)) as timestamp, apikey.`hash` FROM edge_logs cross join unnest(metadata) as m cross join unnest(m.request) as request cross join unnest(request.sb) as sb cross join unnest(sb.apikey) as sbapikey cross join unnest(sbapikey.apikey) as apikey WHERE apikey.error is null and apikey.`hash` is not null and apikey.prefix like 'sb_secret_%' GROUP BY apikey.`hash`", }) return useMemo(() => { if (query.isLoading || !query.logData) { return {} } const now = dayjs() return (query.logData as unknown as { timestamp: number; hash: string }[]).reduce((a, i) => { a[i.hash] = { timestamp: `${dayjs.duration(now.diff(dayjs(i.timestamp))).humanize(false)} ago`, } return a }, {} as LastSeenData) }, [query]) } export const SecretAPIKeys = () => { const { ref: projectRef } = useParams() const { data: apiKeysData, isLoading: isLoadingApiKeys, error, } = useAPIKeysQuery({ projectRef, reveal: false }) const { can: canReadAPIKeys, isLoading: isLoadingPermissions } = useAsyncCheckProjectPermissions( PermissionAction.TENANT_SQL_ADMIN_WRITE, '*' ) const lastSeen = useLastSeen(projectRef!) const secretApiKeys = useMemo( () => apiKeysData?.filter( (key): key is Extract => key.type === 'secret' ) ?? [], [apiKeysData] ) const empty = secretApiKeys?.length === 0 && !isLoadingApiKeys && !isLoadingPermissions const RowLoading = () => ( ) const TableContainer = ({ children }: { children: React.ReactNode }) => (
} /> Name API Key Last Seen {children}
) if (isLoadingApiKeys || isLoadingPermissions) { return ( ) } if (!canReadAPIKeys) { return (

You do not have permission to read API Secret Keys

Contact your organization owner/admin to request access.

) } if (error) { return (

Error loading Secret API Keys

{error.message}

) } if (empty) { return (

No secret API keys found

Your project is not accessible via secret keys—there are no active secret keys created.

) } return ( {secretApiKeys.map((apiKey) => ( ))} ) }