Files
supabase/apps/studio/lib/api/self-hosted/util.ts
Matt Rossman 31b6368049 feat: read-only mode for self-hosted MCP (#39041)
* feat: add `crypto-js`, `encryptString` with sample key

* feat: include POSTGRES_PASSWORD in generated .env.test

* feat: include POSTGRES_PASSWORD in turbo.json for studio

* feat: read only query support

* feat: configurable `POSTGRES_HOST`, `POSTGRES_DB`, `POSTGRES_PORT`

* chore: rename POSTGRES_USER to clarify write permission

* feat: configurable `PG_META_CRYPTO_KEY`

* chore: add `PG_META_CRYPTO_KEY` to generateLocalEnv

* feat: add 'postgres-meta' to linter dictionary

* feat: restore read-only toggle in local MCP URL builder
2025-10-06 16:14:27 -04:00

31 lines
887 B
TypeScript

import crypto from 'crypto-js'
import { IS_PLATFORM } from 'lib/constants'
import {
ENCRYPTION_KEY,
POSTGRES_DATABASE,
POSTGRES_HOST,
POSTGRES_PASSWORD,
POSTGRES_PORT,
POSTGRES_USER_READ_WRITE,
POSTGRES_USER_READ_ONLY,
} from './constants'
/**
* Asserts that the current environment is self-hosted.
*/
export function assertSelfHosted() {
if (IS_PLATFORM) {
throw new Error('This function can only be called in self-hosted environments')
}
}
export function encryptString(stringToEncrypt: string): string {
return crypto.AES.encrypt(stringToEncrypt, ENCRYPTION_KEY).toString()
}
export function getConnectionString({ readOnly }: { readOnly: boolean }) {
const postgresUser = readOnly ? POSTGRES_USER_READ_ONLY : POSTGRES_USER_READ_WRITE
return `postgresql://${postgresUser}:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DATABASE}`
}