lywsvip/supabase
1
0
Fork 0
mirror of https://github.com/supabase/supabase.git synced 2026-06-17 21:23:59 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
create-pull-request/patch
supabase/apps/studio/components/ui/AdvisorPanel/AdvisorSignals.integration.test.tsx
Danny White b721a2d780 feat(studio): advisor signal items for banned IPs (#44372) 
## What kind of change does this PR introduce?

Feature. Resolves DEPR-430.

## What is the current behaviour?

The homepage Advisor summary, shared Advisor panel, and top-nav Advisor
indicator only surface lints and notifications. Banned IPs are not
represented as dismissible Advisor items, so network bans are easy to
miss unless a user visits Database Settings directly.

The `public bucket allows listing` warning is no longer part of this PR.
That warning will move to a follow-up Splinter `WARN` lint so it can
flow through the standard lint surfaces instead of a bespoke Studio
signal path.

## What is the new behaviour?

- adds a new Advisor `signal` source for banned IPs on the platform
homepage, in the shared Advisor panel, and in the top-nav Advisor
indicator
- keeps dismissals client-side only for now, scoped by project and exact
IP fingerprint
- keeps banned IP signals at `warning` severity because they still
indicate suspicious traffic and remain actionable if a user wants to
review or remove a ban
- leaves `/project/[ref]/advisors/security` as follow-up work because
that surface is still lint-native, and banned IPs are management-plane
signals rather than Splinter lints

| After |
| --- |
| <img width="1728" height="997" alt="Mallet Toolshed
Supabase-65A60B4A-107E-4D79-B9A8-23F754BEAB08"
src="https://github.com/user-attachments/assets/c08ecbbb-c302-43bd-81bb-6ba7eb18b7b3"
/> |

## Reviewer testing notes

1. Use a throwaway project.
2. Get the database connection string for that project.
3. Attempt to connect with the wrong password 3-4 times until you hit an
`ECONNREFUSED`-style error, which should mean your IP has been banned.
4. Refresh Studio and confirm the project overview shows the new `Banned
IP address` signal.
5. Open the Advisor Center and confirm:
   - the top-nav Advisor dot turns warning yellow
   - the signal detail shows `Entity`, `Issue`, and `Resolve`
   - `Edit network bans`, `Dismiss`, and `Learn more` are present
6. Open Database Settings > Network bans and confirm your banned IP
appears there and can be unbanned.
7. Note that `/project/[ref]/advisors/security` will not show this item.
That page is still lint-only, and this banned IP work is a short-term
client-side signal rather than a true lint.

Longer term, we likely want a more durable event model here so banned
IPs can power notifications, webhooks, emails, and other project-level
alerts.

---------

Co-authored-by: kemal <hello@kemal.earth>
Co-authored-by: Charis Lam <26616127+charislam@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-authored-by: Joshen Lim <joshenlimek@gmail.com>
2026-04-20 10:33:56 +10:00

281 lines
8.2 KiB
TypeScript
Raw Permalink Blame History

import { screen, waitFor } from '@testing-library/react'
import userEvent from '@testing-library/user-event'
import { afterEach, beforeEach, describe, expect, it, vi } from 'vitest'
import { AdvisorSection } from '@/components/interfaces/ProjectHome/AdvisorSection'
import { SIDEBAR_KEYS } from '@/components/layouts/ProjectLayout/LayoutSidebar/LayoutSidebarProvider'
import { AdvisorPanel } from '@/components/ui/AdvisorPanel/AdvisorPanel'
import { advisorState } from '@/state/advisor-state'
import { sidebarManagerState } from '@/state/sidebar-manager-state'
import { render } from '@/tests/helpers'
const {
mockUseProjectLintsQuery,
mockUseBannedIPsQuery,
mockUseSelectedProjectQuery,
mockUseNotificationsV2Query,
mockUseNotificationsV2UpdateMutation,
mockUseTrack,
} = vi.hoisted(() => ({
mockUseProjectLintsQuery: vi.fn(),
mockUseBannedIPsQuery: vi.fn(),
mockUseSelectedProjectQuery: vi.fn(),
mockUseNotificationsV2Query: vi.fn(),
mockUseNotificationsV2UpdateMutation: vi.fn(),
mockUseTrack: vi.fn(),
}))
vi.mock('common', async () => {
const actual = await vi.importActual<typeof import('common')>('common')
return {
...actual,
useParams: () => ({ ref: 'project-ref' }),
}
})
vi.mock('@/data/lint/lint-query', () => ({
useProjectLintsQuery: mockUseProjectLintsQuery,
}))
vi.mock('@/data/banned-ips/banned-ips-query', () => ({
useBannedIPsQuery: mockUseBannedIPsQuery,
}))
vi.mock('@/hooks/misc/useSelectedProject', () => ({
useSelectedProjectQuery: mockUseSelectedProjectQuery,
}))
vi.mock('@/data/notifications/notifications-v2-query', () => ({
useNotificationsV2Query: mockUseNotificationsV2Query,
}))
vi.mock('@/data/notifications/notifications-v2-update-mutation', () => ({
useNotificationsV2UpdateMutation: mockUseNotificationsV2UpdateMutation,
}))
vi.mock('@/lib/constants', async (importOriginal) => ({
...(await importOriginal<typeof import('@/lib/constants')>()),
IS_PLATFORM: true,
}))
vi.mock('@/lib/telemetry/track', () => ({
useTrack: mockUseTrack,
}))
vi.mock('@/state/ai-assistant-state', () => ({
useAiAssistantStateSnapshot: () => ({
newChat: vi.fn(),
}),
}))
vi.mock('@/components/ui/AiAssistantDropdown', () => ({
AiAssistantDropdown: () => <div data-testid="advisor-assistant-dropdown" />,
}))
vi.mock('./AdvisorFilters', () => ({
AdvisorFilters: () => <div data-testid="advisor-filters" />,
}))
vi.mock('./AdvisorPanelHeader', () => ({
AdvisorPanelHeader: () => <div data-testid="advisor-panel-header" />,
}))
describe('Advisor signals integration', () => {
beforeEach(() => {
window.localStorage.clear()
advisorState.reset()
sidebarManagerState.unregisterSidebar(SIDEBAR_KEYS.ADVISOR_PANEL)
sidebarManagerState.registerSidebar(SIDEBAR_KEYS.ADVISOR_PANEL, () => null)
sidebarManagerState.clearActiveSidebar()
mockUseTrack.mockReturnValue(vi.fn())
mockUseSelectedProjectQuery.mockReturnValue({
data: { ref: 'project-ref' },
})
mockUseProjectLintsQuery.mockImplementation((_variables, options) => {
if (options?.enabled === false) {
return {
data: undefined,
isPending: false,
isError: false,
}
}
return {
data: [
{
cache_key: 'lint-1',
name: 'unknown_lint',
detail: 'Critical lint detail',
level: 'ERROR',
categories: ['SECURITY'],
metadata: {},
},
],
isPending: false,
isError: false,
}
})
mockUseBannedIPsQuery.mockImplementation((_variables, options) => {
if (options?.enabled === false) {
return {
data: undefined,
isPending: false,
isError: false,
}
}
return {
data: {
banned_ipv4_addresses: ['203.0.113.10'],
},
isPending: false,
isError: false,
}
})
mockUseNotificationsV2Query.mockReturnValue({
data: { pages: [[]] },
isPending: false,
isError: false,
})
mockUseNotificationsV2UpdateMutation.mockReturnValue({
mutate: vi.fn(),
})
})
afterEach(() => {
advisorState.reset()
sidebarManagerState.unregisterSidebar(SIDEBAR_KEYS.ADVISOR_PANEL)
sidebarManagerState.clearActiveSidebar()
vi.clearAllMocks()
})
it('renders signal items and dismisses them across the homepage and panel', async () => {
render(
<>
<AdvisorSection />
<AdvisorPanel />
</>
)
expect(screen.getByText('Advisor found 2 issues')).toBeInTheDocument()
expect(screen.getByText('Banned IP address')).toBeInTheDocument()
expect(screen.getAllByText('Critical lint detail').length).toBeGreaterThan(0)
expect(
screen.getAllByText((_, node) =>
Boolean(
node?.textContent?.includes(
'The IP address 203.0.113.10 is temporarily blocked because of suspicious traffic or repeated failed password attempts.'
)
)
).length
).toBeGreaterThan(0)
await userEvent.click(screen.getByText('Banned IP address'))
expect(screen.getByText('Entity')).toBeInTheDocument()
expect(screen.getByText('Issue')).toBeInTheDocument()
expect(screen.getByText('Resolve')).toBeInTheDocument()
expect(screen.getAllByTestId('advisor-assistant-dropdown').length).toBeGreaterThan(0)
expect(
screen.getAllByText((_, node) =>
Boolean(
node?.textContent?.includes(
'The IP address 203.0.113.10 is temporarily blocked because of suspicious traffic or repeated failed password attempts.'
)
)
).length
).toBeGreaterThan(0)
expect(screen.getByRole('link', { name: 'Learn more' })).toHaveAttribute(
'href',
'https://supabase.com/docs/reference/cli/supabase-network-bans'
)
expect(screen.getAllByText('Banned IP address').length).toBeGreaterThan(0)
await userEvent.click(screen.getByRole('button', { name: 'Dismiss' }))
await waitFor(() => {
expect(screen.queryByText('Banned IP address')).not.toBeInTheDocument()
})
expect(screen.getAllByText('Critical lint detail').length).toBeGreaterThan(0)
})
it('shows an overflow affordance when the homepage cap hides additional issues', () => {
mockUseProjectLintsQuery.mockImplementation((_variables, options) => {
if (options?.enabled === false) {
return {
data: undefined,
isPending: false,
isError: false,
}
}
return {
data: [
{
cache_key: 'lint-1',
name: 'unknown_lint',
detail: 'Critical lint detail 1',
level: 'ERROR',
categories: ['SECURITY'],
metadata: {},
},
{
cache_key: 'lint-2',
name: 'unknown_lint',
detail: 'Critical lint detail 2',
level: 'ERROR',
categories: ['SECURITY'],
metadata: {},
},
{
cache_key: 'lint-3',
name: 'unknown_lint',
detail: 'Critical lint detail 3',
level: 'ERROR',
categories: ['SECURITY'],
metadata: {},
},
{
cache_key: 'lint-4',
name: 'unknown_lint',
detail: 'Critical lint detail 4',
level: 'ERROR',
categories: ['SECURITY'],
metadata: {},
},
],
isPending: false,
isError: false,
}
})
render(<AdvisorSection />)
expect(screen.getByText('Advisor found 5 issues')).toBeInTheDocument()
expect(screen.getByRole('button', { name: 'View 1 more issue in Advisor' })).toBeInTheDocument()
expect(screen.queryByText('Banned IP address')).not.toBeInTheDocument()
})
it('does not block the homepage while signal items are pending', () => {
mockUseProjectLintsQuery.mockReturnValue({
data: [],
isPending: false,
isError: false,
})
mockUseBannedIPsQuery.mockReturnValue({
data: undefined,
isPending: true,
isError: false,
})
render(<AdvisorSection />)
// Lints have loaded — homepage renders without being blocked by signal loading
expect(screen.getByText('Advisor found no issues')).toBeInTheDocument()
})
})
Reference in New Issue View Git Blame Copy Permalink