Files
supabase/apps/studio/components/interfaces/Integrations/GraphQL/GraphiQLTab.tsx
Joshen Lim 27188c147c Support creating multiple publishable keys, and deleting publishable keys (#41186)
* Support creating multiple publishable keys, and deleting publishable keys

* FIx types

* Smol

* Smol fix

* Address issues

* Update comment

* Replace all usage of useApiKeysVisiblity for checking permissions to just call useAsyncCheckPermissions directly

* Clean up and deprecate useApiKeysVisibility hook

* ADdress
2025-12-12 16:07:36 +08:00

87 lines
3.2 KiB
TypeScript

import '@graphiql/react/dist/style.css'
import { createGraphiQLFetcher, Fetcher } from '@graphiql/toolkit'
import { PermissionAction } from '@supabase/shared-types/out/constants'
import { useTheme } from 'next-themes'
import { useMemo } from 'react'
import { toast } from 'sonner'
import { useParams } from 'common'
import GraphiQL from 'components/interfaces/GraphQL/GraphiQL'
import { getKeys, useAPIKeysQuery } from 'data/api-keys/api-keys-query'
import { useSessionAccessTokenQuery } from 'data/auth/session-access-token-query'
import { useProjectPostgrestConfigQuery } from 'data/config/project-postgrest-config-query'
import { useAsyncCheckPermissions } from 'hooks/misc/useCheckPermissions'
import { API_URL, IS_PLATFORM } from 'lib/constants'
import { getRoleImpersonationJWT } from 'lib/role-impersonation'
import { useGetImpersonatedRoleState } from 'state/role-impersonation-state'
import { LogoLoader } from 'ui'
export const GraphiQLTab = () => {
const { resolvedTheme } = useTheme()
const { ref: projectRef } = useParams()
const currentTheme = resolvedTheme?.includes('dark') ? 'dark' : 'light'
const { data: accessToken } = useSessionAccessTokenQuery({ enabled: IS_PLATFORM })
const { can: canReadAPIKeys } = useAsyncCheckPermissions(PermissionAction.SECRETS_READ, '*')
const { data: apiKeys, isFetched } = useAPIKeysQuery(
{ projectRef, reveal: true },
{ enabled: canReadAPIKeys }
)
const { serviceKey, secretKey } = getKeys(apiKeys)
const { data: config } = useProjectPostgrestConfigQuery({ projectRef })
const jwtSecret = config?.jwt_secret
const getImpersonatedRoleState = useGetImpersonatedRoleState()
const fetcher = useMemo(() => {
const fetcherFn = createGraphiQLFetcher({
// [Joshen] Opting to hard code /platform for local to match the routes, so that it's clear what's happening
url: `${API_URL}${IS_PLATFORM ? '' : '/platform'}/projects/${projectRef}/api/graphql`,
fetch,
})
const customFetcher: Fetcher = async (graphqlParams, opts) => {
let userAuthorization: string | undefined
const role = getImpersonatedRoleState().role
if (
projectRef !== undefined &&
jwtSecret !== undefined &&
role !== undefined &&
role.type === 'postgrest'
) {
try {
const token = await getRoleImpersonationJWT(projectRef, jwtSecret, role)
userAuthorization = 'Bearer ' + token
} catch (err: any) {
toast.error(`Failed to get JWT for role: ${err.message}`)
}
}
return fetcherFn(graphqlParams, {
...opts,
headers: {
...opts?.headers,
...(accessToken && {
Authorization: `Bearer ${accessToken}`,
}),
'x-graphql-authorization':
opts?.headers?.['Authorization'] ??
opts?.headers?.['authorization'] ??
userAuthorization ??
`Bearer ${secretKey?.api_key ?? serviceKey?.api_key}`,
},
})
}
return customFetcher
}, [projectRef, getImpersonatedRoleState, jwtSecret, accessToken, serviceKey, secretKey?.api_key])
if ((IS_PLATFORM && !accessToken) || !isFetched) {
return <LogoLoader />
}
return <GraphiQL fetcher={fetcher} theme={currentTheme} />
}