lywsvip/supabase
1
0
Fork 0
mirror of https://github.com/supabase/supabase.git synced 2026-06-12 00:01:19 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
create-pull-request/patch
supabase/apps/studio/components/interfaces/Auth/RLSTester/UserSqlEditor.tsx
Charis 0433eeb5f5 feat(studio): mark sql provenance for safety (#45336) 
Mark provenance of SQL via the branded types SafeSqlFragment and
UntrustedSqlFragment. Only SafeSqlFragment should be executed;
UntrustedSqlFragments require some kind of implicit user approval (show
on screen + user has to click something) before they are promoted to
SafeSqlFragment.

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Editor and RLS tester show loading states for inferred/generated SQL
and include a dedicated user SQL editor for safer edits.

* **Refactor**
* Platform-wide SQL handling tightened: snippets and AI-generated SQL
are treated as untrusted/display-only until promoted, improving safety
and consistency.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-05-04 13:08:06 -04:00

29 lines
825 B
TypeScript
Raw Permalink Blame History

import { rawSql, type SafeSqlFragment } from '@supabase/pg-meta'
import type { ComponentProps } from 'react'
import { CodeEditor } from '@/components/ui/CodeEditor/CodeEditor'
interface UserSqlEditorProps {
id: string
value: SafeSqlFragment
placeholder?: SafeSqlFragment
actions?: ComponentProps<typeof CodeEditor>['actions']
onChange: (sql: SafeSqlFragment) => void
}
/**
* Wraps CodeEditor for user-authored SQL. The rawSql boundary lives here — any
* text the user types is immediately promoted to SafeSqlFragment so callers
* never handle plain strings.
*/
export const UserSqlEditor = ({ value, onChange, ...props }: UserSqlEditorProps) => {
return (
<CodeEditor
language="pgsql"
value={value}
onInputChange={(val) => onChange(rawSql(val ?? ''))}
{...props}
/>
)
}
Reference in New Issue View Git Blame Copy Permalink