PublicArchive/supabase
2
0
Fork 0
mirror of https://github.com/supabase/supabase.git synced 2026-05-08 01:40:13 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
create-pull-request/patch
supabase/apps/studio/components/interfaces/TableGridEditor/ViewEntityAutofixSecurityModal.tsx
T
Charis 3f97eeea5a feat(studio): extend safe SQL model to policy editor and related interfaces (#45560) 
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.

YES

## What kind of change does this PR introduce?

Refactor / security improvement

## What is the current behavior?

SQL fragments across Studio are built from plain `string` values with no
type-level distinction between developer-authored SQL, DB-sourced
identifiers, and user-typed or externally-influenced content.

## What is the new behavior?

Extends the safe SQL model to additional Studio interfaces, using
`SafeSqlFragment`, `safeSql`, `ident()`, `literal()`, `untrustedSql()`,
and `acceptUntrustedSql()` from `@supabase/pg-meta/src/pg-format`:

- **Policy editor**: template constants typed as `SafeSqlFragment` via
`safeSql` tagged literals; Monaco editor `onInputChange` emits
`untrustedSql()`; `acceptUntrustedSql()` called only at the Save
gesture; roles selector emits a composed `SafeSqlFragment` via `ident()`
+ `joinSqlFragments()`
- **Auth hooks**: grant/revoke SQL statements use `ident()` for schema
and function names
- **Docs description editor**: `COMMENT ON` queries use `ident()` and
`literal()` for table/column/function names and values
- **Cron jobs**: `cron.schedule()` call and HTTP request builder use
`literal()` for all user-provided values
- **GraphQL linter CTA**: `REVOKE` statement uses `ident()` for schema,
table, and role
- **Storage public bucket warning**: `DROP POLICY` uses `ident()` for
policy name
- **View security autofix modal**: `ALTER VIEW` uses `ident()` for
schema and view name
- **API settings**: `CREATE SCHEMA` mutation uses `safeSql` tagged
literal
- **Database event trigger delete**: `DROP EVENT TRIGGER` uses `ident()`
for trigger name
- **Database queues query**: queue list query uses `safeSql` tagged
literal
- **Role impersonation**: function invocation SQL uses `ident()` and
`literal()`

## Manual testing checklist

- Authentication > Policies
- Authentication > Hooks
- Integrations > Queues
- Database > Event Triggers
- Integrations > Cron Jobs
- Table Editor > View entity security autofix
- API Settings > expose schema
- Linter > GraphQL exposure CTA
- Docs > table/column description editor
- Role impersonation (user impersonation panel)

## Additional context

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Refactor**
* Replaced ad-hoc SQL string building with a safer, fragment-based SQL
construction across auth, policies, integrations, storage, and DB
operations to improve SQL safety while preserving behavior.

* **Bug Fixes / UX**
* Policy editor and code editor now propagate role and input changes
more reliably, improving editor responsiveness and policy handling
without UI changes.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-05-05 12:02:52 -04:00

108 lines
3.7 KiB
TypeScript
Raw Permalink Blame History

import { ident, safeSql } from '@supabase/pg-meta/src/pg-format'
import { useQueryClient } from '@tanstack/react-query'
import { toast } from 'sonner'
import { ScrollArea } from 'ui'
import { ConfirmationModal } from 'ui-patterns/Dialogs/ConfirmationModal'
import { GenericSkeletonLoader } from 'ui-patterns/ShimmeringLoader'
import { SimpleCodeBlock } from 'ui-patterns/SimpleCodeBlock'
import { useViewDefinitionQuery } from '@/data/database/view-definition-query'
import { lintKeys } from '@/data/lint/keys'
import { useExecuteSqlMutation } from '@/data/sql/execute-sql-mutation'
import { Entity, isViewLike } from '@/data/table-editor/table-editor-types'
import { useSelectedProjectQuery } from '@/hooks/misc/useSelectedProject'
interface ViewEntityAutofixSecurityModalProps {
table: Entity
isAutofixViewSecurityModalOpen: boolean
setIsAutofixViewSecurityModalOpen: (isAutofixViewSecurityModalOpen: boolean) => void
}
export const ViewEntityAutofixSecurityModal = ({
table,
isAutofixViewSecurityModalOpen,
setIsAutofixViewSecurityModalOpen,
}: ViewEntityAutofixSecurityModalProps) => {
const { data: project } = useSelectedProjectQuery()
const queryClient = useQueryClient()
const {
isSuccess,
isPending: isLoading,
data,
} = useViewDefinitionQuery(
{
id: table?.id,
projectRef: project?.ref,
connectionString: project?.connectionString,
},
{
enabled: isAutofixViewSecurityModalOpen && isViewLike(table),
}
)
const { mutate: execute } = useExecuteSqlMutation({
onSuccess: async () => {
toast.success('View security changed successfully')
setIsAutofixViewSecurityModalOpen(false)
await queryClient.invalidateQueries({ queryKey: lintKeys.lint(project?.ref) })
},
onError: (error) => {
toast.error(`Failed to autofix view security: ${error.message}`)
},
})
function handleConfirm() {
const sql = safeSql`ALTER VIEW ${ident(table.schema)}.${ident(table.name)} SET (security_invoker = on);`
execute({
projectRef: project?.ref,
connectionString: project?.connectionString,
sql,
})
}
if (!isViewLike(table)) {
return null
}
return (
<ConfirmationModal
visible={isAutofixViewSecurityModalOpen}
size="xlarge"
title="Confirm autofixing view security"
confirmLabel="Confirm"
onCancel={() => setIsAutofixViewSecurityModalOpen(false)}
onConfirm={() => handleConfirm()}
>
<p className="text-sm text-foreground-light">
Setting <code>security_invoker=on</code> ensures the View runs with the permissions of the
querying user, reducing the risk of unintended data exposure.
</p>
<div className="flex items-center gap-8 mt-8">
<div className=" border rounded-md w-1/2">
<div className="p-4 pb-0 bg-200 font-mono text-sm font-semibold">Existing query</div>
<ScrollArea className="h-[225px] px-4 py-2">
{isLoading && <GenericSkeletonLoader />}
{isSuccess && (
<SimpleCodeBlock>
{`create view ${table.schema}.${table.name} as\n ${data}`}
</SimpleCodeBlock>
)}
</ScrollArea>
</div>
<div className=" border rounded-md w-1/2">
<div className="p-4 pb-0 bg-200 font-mono text-sm font-semibold">Updated query</div>
<ScrollArea className="h-[225px] px-4 py-2">
{isLoading && <GenericSkeletonLoader />}
{isSuccess && (
<SimpleCodeBlock>
{`create view ${table.schema}.${table.name} with (security_invoker = on) as\n ${data}`}
</SimpleCodeBlock>
)}
</ScrollArea>
</div>
</div>
</ConfirmationModal>
)
}
Reference in New Issue View Git Blame Copy Permalink