lywsvip/supabase
1
0
Fork 0
mirror of https://github.com/supabase/supabase.git synced 2026-05-11 10:49:48 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
create-pull-request/patch
supabase/apps/studio/data/api-settings/create-and-expose-api-schema-mutation.ts
Charis 3f97eeea5a feat(studio): extend safe SQL model to policy editor and related interfaces (#45560) 
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.

YES

## What kind of change does this PR introduce?

Refactor / security improvement

## What is the current behavior?

SQL fragments across Studio are built from plain `string` values with no
type-level distinction between developer-authored SQL, DB-sourced
identifiers, and user-typed or externally-influenced content.

## What is the new behavior?

Extends the safe SQL model to additional Studio interfaces, using
`SafeSqlFragment`, `safeSql`, `ident()`, `literal()`, `untrustedSql()`,
and `acceptUntrustedSql()` from `@supabase/pg-meta/src/pg-format`:

- **Policy editor**: template constants typed as `SafeSqlFragment` via
`safeSql` tagged literals; Monaco editor `onInputChange` emits
`untrustedSql()`; `acceptUntrustedSql()` called only at the Save
gesture; roles selector emits a composed `SafeSqlFragment` via `ident()`
+ `joinSqlFragments()`
- **Auth hooks**: grant/revoke SQL statements use `ident()` for schema
and function names
- **Docs description editor**: `COMMENT ON` queries use `ident()` and
`literal()` for table/column/function names and values
- **Cron jobs**: `cron.schedule()` call and HTTP request builder use
`literal()` for all user-provided values
- **GraphQL linter CTA**: `REVOKE` statement uses `ident()` for schema,
table, and role
- **Storage public bucket warning**: `DROP POLICY` uses `ident()` for
policy name
- **View security autofix modal**: `ALTER VIEW` uses `ident()` for
schema and view name
- **API settings**: `CREATE SCHEMA` mutation uses `safeSql` tagged
literal
- **Database event trigger delete**: `DROP EVENT TRIGGER` uses `ident()`
for trigger name
- **Database queues query**: queue list query uses `safeSql` tagged
literal
- **Role impersonation**: function invocation SQL uses `ident()` and
`literal()`

## Manual testing checklist

- Authentication > Policies
- Authentication > Hooks
- Integrations > Queues
- Database > Event Triggers
- Integrations > Cron Jobs
- Table Editor > View entity security autofix
- API Settings > expose schema
- Linter > GraphQL exposure CTA
- Docs > table/column description editor
- Role impersonation (user impersonation panel)

## Additional context

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Refactor**
* Replaced ad-hoc SQL string building with a safer, fragment-based SQL
construction across auth, policies, integrations, storage, and DB
operations to improve SQL safety while preserving behavior.

* **Bug Fixes / UX**
* Policy editor and code editor now propagate role and input changes
more reliably, improving editor responsiveness and policy handling
without UI changes.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-05-05 12:02:52 -04:00

93 lines
2.7 KiB
TypeScript
Raw Permalink Blame History

import { safeSql } from '@supabase/pg-meta/src/pg-format'
import { useMutation, useQueryClient } from '@tanstack/react-query'
import { components } from 'api-types'
import { toast } from 'sonner'
import { configKeys } from '@/data/config/keys'
import { databaseKeys } from '@/data/database/keys'
import { handleError, patch } from '@/data/fetchers'
import { executeSql } from '@/data/sql/execute-sql-query'
import type { ResponseError, UseCustomMutationOptions } from '@/types'
export type CreateAndExposeAPISchemaVariables = {
projectRef: string
connectionString?: string | null
existingPostgrestConfig: {
db_pool?: number | null
max_rows: number
db_extra_search_path: string
db_schema: string
}
}
type UpdatePostgrestConfigBody = components['schemas']['UpdatePostgrestConfigBody']
export async function createAndExposeApiSchema({
projectRef,
connectionString,
existingPostgrestConfig,
}: CreateAndExposeAPISchemaVariables) {
const sql = safeSql`create schema if not exists api;
grant usage on schema api to anon, authenticated;`
await executeSql({ projectRef, connectionString, sql })
const { db_extra_search_path, db_pool, db_schema, max_rows } = existingPostgrestConfig
const body: UpdatePostgrestConfigBody = {
max_rows,
db_extra_search_path,
db_schema: `api, ${db_schema}`,
}
if (db_pool) body.db_pool = db_pool
const { error } = await patch('/platform/projects/{ref}/config/postgrest', {
params: { path: { ref: projectRef } },
body,
})
if (error) handleError(error)
return true
}
type CreateAndExposeAPISchemaData = Awaited<ReturnType<typeof createAndExposeApiSchema>>
export const useCreateAndExposeAPISchemaMutation = ({
onSuccess,
onError,
...options
}: Omit<
UseCustomMutationOptions<
CreateAndExposeAPISchemaData,
ResponseError,
CreateAndExposeAPISchemaVariables
>,
'mutationFn'
> = {}) => {
const queryClient = useQueryClient()
return useMutation<
CreateAndExposeAPISchemaData,
ResponseError,
CreateAndExposeAPISchemaVariables
>({
mutationFn: (vars) => createAndExposeApiSchema(vars),
async onSuccess(data, variables, context) {
const { projectRef } = variables
await Promise.all([
queryClient.invalidateQueries({ queryKey: databaseKeys.schemas(projectRef) }),
queryClient.invalidateQueries({ queryKey: configKeys.postgrest(projectRef) }),
])
await onSuccess?.(data, variables, context)
},
async onError(data, variables, context) {
if (onError === undefined) {
toast.error(`Failed to create and expose API schema: ${data.message}`)
} else {
onError(data, variables, context)
}
},
...options,
})
}
Reference in New Issue View Git Blame Copy Permalink