Closes#47015
## What kind of change does this PR introduce?
Bug fix.
## What is the current behavior?
The queue message list paginates with `WHERE enqueued_at > <last>` and
`ORDER BY enqueued_at`. `enqueued_at` is not unique: pgmq defaults it to
`now()`, so every message sent in one `send_batch` shares a timestamp.
When a group of same-timestamp messages straddles a page boundary, the
strict cursor skips the rest of that group, so those messages never
appear in the grid even though they are still in the queue. With 40
messages from one batch, only 30 render.
## What is the new behavior?
Pagination uses a composite `(enqueued_at, msg_id)` keyset cursor and
orders by the same pair. `msg_id` is unique within each queue/archive
table and breaks the tie, so no rows are dropped between pages. After
the change, all 40 messages render. This mirrors the cron-runs query,
which already paginates on a unique key.
## Additional context
Added a test in
`apps/studio/data/database-queues/database-queue-messages-infinite-query.test.ts`
asserting next pages use the composite cursor and order by `enqueued_at,
msg_id`.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Bug Fixes**
* Improved database queue message pagination to reliably retrieve all
messages, including those with identical enqueued timestamps, preventing
potential message skipping during pagination.
* **Tests**
* Added test coverage for database queue message pagination behavior.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Co-authored-by: Ali Waseem <waseema393@gmail.com>
## Context
Just some clean up as I was going through stuff
- `useExecuteSqlQuery` is deprecated and not used at all
- As such `execute-sql-query` is technically irrelevant, the more
relevant file is `execute-sql-mutation`
- Hence opting to consolidate `execute-sql-query` into
`execute-sql-mutation`
- Also removing `ExecuteSqlError` since its just re-exporting the
`ResponseError` type
There's a lot of file changes but its essentially just updating the
importing statements across the files
## Summary
- Converts ~27 `executeSql` call sites in `apps/studio/data/**` to build
SQL through `safeSql` / `ident` / `literal` / `keyword` /
`joinSqlFragments` instead of raw template-string interpolation.
- Tightens the `useDatabaseCronJobCreateMutation` and
`useDatabaseEventTriggerCreateMutation` `sql`/`query` parameter types
from `string` to `SafeSqlFragment` (callers already produce one).
- Updates `getDeleteEnumeratedTypeSQL` in `packages/pg-meta` to return
`SafeSqlFragment`.
- Fixes a bug noticed while testing where Queues integration does not
correctly handle queues with uppercase names.
## Pages to manually test
- Integrations > Cron Jobs
- Integrations > Queues
- Database > Triggers > Event Triggers
- Database > Indexes
- Reports > Query Performance
- Storage
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
## Release Notes
* **Bug Fixes**
* Queue lookups now correctly handle case-insensitive queue names.
* Queue table references are now properly managed and consistently
applied throughout the queue management interface.
* Improved queue name display normalization in the user interface.
* **Chores**
* Enhanced SQL query safety across the database layer through
parameterized query construction and safer templating approaches.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
Refactor / security improvement
## What is the current behavior?
SQL fragments across Studio are built from plain `string` values with no
type-level distinction between developer-authored SQL, DB-sourced
identifiers, and user-typed or externally-influenced content.
## What is the new behavior?
Extends the safe SQL model to additional Studio interfaces, using
`SafeSqlFragment`, `safeSql`, `ident()`, `literal()`, `untrustedSql()`,
and `acceptUntrustedSql()` from `@supabase/pg-meta/src/pg-format`:
- **Policy editor**: template constants typed as `SafeSqlFragment` via
`safeSql` tagged literals; Monaco editor `onInputChange` emits
`untrustedSql()`; `acceptUntrustedSql()` called only at the Save
gesture; roles selector emits a composed `SafeSqlFragment` via `ident()`
+ `joinSqlFragments()`
- **Auth hooks**: grant/revoke SQL statements use `ident()` for schema
and function names
- **Docs description editor**: `COMMENT ON` queries use `ident()` and
`literal()` for table/column/function names and values
- **Cron jobs**: `cron.schedule()` call and HTTP request builder use
`literal()` for all user-provided values
- **GraphQL linter CTA**: `REVOKE` statement uses `ident()` for schema,
table, and role
- **Storage public bucket warning**: `DROP POLICY` uses `ident()` for
policy name
- **View security autofix modal**: `ALTER VIEW` uses `ident()` for
schema and view name
- **API settings**: `CREATE SCHEMA` mutation uses `safeSql` tagged
literal
- **Database event trigger delete**: `DROP EVENT TRIGGER` uses `ident()`
for trigger name
- **Database queues query**: queue list query uses `safeSql` tagged
literal
- **Role impersonation**: function invocation SQL uses `ident()` and
`literal()`
## Manual testing checklist
- Authentication > Policies
- Authentication > Hooks
- Integrations > Queues
- Database > Event Triggers
- Integrations > Cron Jobs
- Table Editor > View entity security autofix
- API Settings > expose schema
- Linter > GraphQL exposure CTA
- Docs > table/column description editor
- Role impersonation (user impersonation panel)
## Additional context
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Refactor**
* Replaced ad-hoc SQL string building with a safer, fragment-based SQL
construction across auth, policies, integrations, storage, and DB
operations to improve SQL safety while preserving behavior.
* **Bug Fixes / UX**
* Policy editor and code editor now propagate role and input changes
more reliably, improving editor responsiveness and policy handling
without UI changes.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Follow-up to #44451 which added `literal()` escaping to 4 queue message
files. The remaining 5 files in the same directory still use raw string
interpolation.
The create mutation was the biggest gap -- no `literal()` and no
`isQueueNameValid` at all. It could also interpolate `undefined` into
SQL when partition config is missing.
Applied the same pattern from #44451 to all 5 files: import `literal`,
wrap interpolated values. For the metrics query and create mutation,
also used `ident()` for table name references.
## Summary by CodeRabbit
* **Refactor**
* Improved internal SQL query construction for database queue operations
to enhance code reliability and maintainability.
## What
Escapes user-controlled string values before interpolating them into SQL
in `apps/studio/data/database-queues/`.
## Why
Several queue message queries were constructing SQL via direct string
interpolation without sanitization:
| File | Value | Risk |
|------|-------|------|
| `database-queue-messages-send-mutation.ts` | `payload` | **High** —
arbitrary user-provided JSON; a single quote breaks the query and a
crafted payload could execute arbitrary SQL |
| `database-queue-messages-infinite-query.ts` | `afterTimestamp` |
Medium — sourced from a previous DB result, but still unsafe to
interpolate |
| `database-queue-messages-delete-mutation.ts` | `messageId` | Low —
typed `number`, but truncated for safety |
| `database-queue-messages-archive-mutation.ts` | `messageId` | Low —
same as above |
## Fix
- Escape string literals with the standard PostgreSQL approach (doubling
single quotes `'` → `''`) before interpolation
- Wrap numeric `messageId` values with `Math.trunc()` to prevent
floating-point edge cases
- `queueName` was already validated via `isQueueNameValid` regex
(alphanumeric/underscore/hyphen only) — no change needed
Fixes#44375
## Test plan
- [x] Open Queue Messages panel in Studio
- [x] Send a message with a payload containing single quotes (e.g.
`{"key": "it's a value"}`) — verify it sends without error
- [x] Verify pagination still works correctly after fix
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Bug Fixes**
* Improved safety of queue operations by ensuring message IDs, payloads,
timestamps, and queue names are handled securely to prevent injection
and formatting issues.
* Normalized numeric message fields (IDs/delays) for consistent
processing.
* Increased stability and correctness of archive, delete, query, and
send operations; no public APIs were changed.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
Bug fix
## What is the current behavior?
The `getNextPageParam` function in
`database-queue-messages-infinite-query.ts` uses `<=` instead of `>=`,
which means pagination never stops. Since the result length is always
less than or equal to the page size, `hasNextPage` is always `true`,
causing infinite API requests when viewing queue messages in Studio.
Resolves#44291
## What is the new behavior?
Uses `>=` to correctly detect when there are more pages, consistent with
every other infinite query in the codebase:
- `database-cron-jobs-infinite-query.ts` uses `>=`
- `users-infinite-query.ts` uses `>=`
- `database-cron-jobs-runs-infinite-query.ts` uses `< PAGE_SIZE` to
return `undefined` (equivalent logic)
## Additional context
One character change: `<=` to `>=` on line 112.
## Context
Shifting more dashboard queries into pg-meta so that we centralize all
manually written queries in one place
Having them in packages/pg-meta also allows us to write tests for them
## To test
Just needs a smoke test on
- Table Editor
- Fetching entities
- Viewing definition
- SQL Editor
- View ongoing queries
- Abort queries
- Integrations
- Queues
- Database
- Migrations
-Triggers (Updating)
* Bump the deps, refactor deprecated code.
* Migrate keepPreviousData usage.
* Migrate all uses of InfiniteQuery.
* Fix refetchInterval in queries.
* Migrate all use of isLoading to isPending in mutations.
* Fix accessing location in claim-project.
* Fix a bug in duplicate query keys.
* Migrate all queries to use isPending.
* Revert "Fix accessing location in claim-project."
This reverts commit 2a07df64b5.
* Revert the rss.xml file to master.
* fix: input validation for queue name
* grammar
* fix: whitespacing issue
* Reuse the validation logic for queue name.
* Reuse the query name schema in the create queue sheet.
---------
Co-authored-by: Ivan Vasilov <vasilov.ivan@gmail.com>
* Add custom types for queries, mutations and infinite queries.
* Migrate all queries to use the new type.
* Migrate all infinite queries to useCustomInfiniteQueryOptions.
* Migrate all mutations to use useCustomMutationOptions.
* Add type to all imports in `types` folder.
* added queues and keys to fetch version
* updated to support postREST queue management
* updated to use existing hook
* removed unused keys
* - added semvar lib
- updated logic to use semvar lib
* The conditional read was added in 1.5.0.
---------
Co-authored-by: Ivan Vasilov <vasilov.ivan@gmail.com>
* Migrate all uses of invalidateQueries to use object syntax.
* Migrate the remainder of useInfiniteQuery.
* Migrate all setQueriesData.
* Migrate all fetchQuery uses.
* Migrate some leftover functions from RQ.
* Fix issues found by Charis.
* fix: response error codes
* upgrade docs
* remove request url modification middleware
* move api routes for self-hosted to platform folder
* remove some lib/common/fetch usage
* docs: use middleware for openapi-fetch (#30600)
Get rid of the unauthedAllowedPost function (I don't think there's any harm in letting any requests that require authentication to just 403, they should be disabled at the React Query level and if not they will fail gracefully enough...)
* fix local count query
* add default values for clone mutation
* fix ts and codegen
* add missing lodash dep to playwright tests
* Fix the playwright tests to match the new folder structure for selfhosted variant.
* remove unused import
* Remove unused state
* remove unused sql debug mutation
* remove unused export
* fix notifications query
* fix jwt updating status
* fix typescript
* save sql snippet after renaming
* update codegen & fix ts error
* override array querySerializer
---------
Co-authored-by: Charis <26616127+charislam@users.noreply.github.com>
Co-authored-by: Joshen Lim <joshenlimek@gmail.com>
Co-authored-by: Ivan Vasilov <vasilov.ivan@gmail.com>
* Add settings for queues: toggle expose through postgrest + permissions via table privileges
* Ensure appropriate grants are granted when toggling, and revoked when disabling
* Update to use queues_public schema
* Update queue schema to pgmq_public and add/remove from data api when enabling/disabling
* Fix query for retrieving toggle state
* Add schema invalidation
* Remove hard code
* Use QueuesSettings from Queues folder, remove from NewQueues
* Update SQL for toggling exposure + support RLS enabling
* Support toggling RLS for a queue
* Update admonition copy in queues for enabling/disable postgrest exposure
* Add custom RLS policy for queue
* Minor style fixes
* Fix
* Remove hard code
* Update RLS to add message regarding relevancy only if exposure to PostgREST is enabled
* Update message in exposing queues to postgREST
* Address feedback
* Address feedback
* Don't revoke postgres role stuff
* Remove hard code
* Update copy
* Update
* Address Oli's feedback, ensure that queues ALL have RLS enabled prior to allowing exposure to PostgREST
* Address remaining feedback
* Remove hardcode
* Update
* Address feedback
* Rename the regular/normal queues to basic.
* Move the partitioned type of queues to the end.
* Add metrics for the queues.
* Add actions for postponing and deleting a message.
* Add queue actions for purging and deleting a queue.
* Minor fixes for the empty stateof the queues page.
* Add a modal to send a message to the queue.
* Minor fixes.
* Correct some button texts.
* Refactor the metrics to switch to a rougher estimate method if it timeouts.
* Fix type errors.
* More minor fixes.
* Make the title prop on ProjectIntegrationLayout mandatory. Fix the title on some of the integration pages. Fix wrong layout on wrappers/new.
* Add code for the initial page.
* Make the FilterPopover more type-safe.
* Add a page to list message in a single queue.
* Add feature flag for queues.
* Handle the case where pgmq is not available on the database.
* Minor fixes.
* Some minor fixes.
* Fix the query when fetching only archived messages.
* Fix the filters when there's no choices selected.
* Add a comment for local dev.
* Add a max size to the queue name input.
oniani1