mirror of
https://github.com/supabase/supabase.git
synced 2026-07-06 00:26:00 -04:00
3521ff06e1
## Context Back to working on the [RLS Tester](https://github.com/orgs/supabase/discussions/45233), slowly adding support for mutation queries. First part here will be to add support for testing `INSERT` based queries (Note that there's no changes to the sandbox stuff in this PR) ## Changes involved - If testing an `INSERT` query, we show a big warning first that the query will be ran on the actual DB - Note that we skip the warning if the sandbox is used <img width="534" height="231" alt="image" src="https://github.com/user-attachments/assets/ef75a0c9-61e4-49b0-9d78-458e8e5f7f4f" /> - If the testing as an anon user + RLS enabled <img width="601" height="386" alt="image" src="https://github.com/user-attachments/assets/b21f048d-bac1-4ddd-b84b-c231ae9f9e3e" /> - If testing as an auth-ed user + RLS enabled, but the INSERT violates RLS (conditions don't meet) <img width="604" height="489" alt="image" src="https://github.com/user-attachments/assets/41c40486-48d5-4eee-b7cd-8f993edc47be" /> - Else if testing as an auth-ed user + RLS enabled and INSERT matches RLS <img width="612" height="402" alt="image" src="https://github.com/user-attachments/assets/41854b40-b351-408b-8d23-cc5e0fa40813" /> - Minor cosmetic layout change here - Use layout horizontal - Also added the user ID below the dropdown with click to copy action for convenience <img width="615" height="528" alt="image" src="https://github.com/user-attachments/assets/b9c04395-5435-474a-b3c5-640143faa782" /> - Added inline guard againsts some conditions - Should not be able to run UPDATE or DELETE queries <img width="622" height="319" alt="image" src="https://github.com/user-attachments/assets/351af7c6-8f1e-47ae-8651-3b9b0b512490" /> - Should not be able to run multiple queries <img width="612" height="317" alt="image" src="https://github.com/user-attachments/assets/603d9a1f-1d1f-40f2-806d-93aea6b6cf8e" /> ## To test - [ ] Verify that the RLS Tester works as expected for an insert query - Against actual DB - Against sandbox (only available on staging) - [ ] Verify that inline guards are all working as expected - Let me know if there's any edge cases I might have missed! <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * RLS Tester results are now operation-aware (SELECT vs mutations), with clearer “no rows/all rows” and policy evaluation explanations. * Added copy-to-clipboard for the impersonated user ID. * Query parsing now surfaces richer context, including WHERE clause details and statement count, and SELECT-only previews. * **Bug Fixes** * Improved handling of blocked mutation queries and RLS-related error messaging. * Updated RLS Tester navigation to the correct policies page. * Refined sandbox-assisted execution flow and empty/error states. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
73 lines
2.2 KiB
TypeScript
73 lines
2.2 KiB
TypeScript
import { PGliteWorker } from '@electric-sql/pglite/worker'
|
|
|
|
import { SANDBOX_SETUP_STATEMENTS } from './sandbox.constants'
|
|
import { applySchema, applySeed } from './sandbox.utils'
|
|
import { type DatabaseSchemaDDLData } from '@/data/rls-tester/get-schema-ddl'
|
|
import { type TableSeedData } from '@/data/rls-tester/get-seed-data'
|
|
import { getErrorMessage } from '@/lib/get-error-message'
|
|
|
|
type RLSTestResult = Record<string, unknown>[]
|
|
|
|
export interface SandboxCore {
|
|
setSchema(data: DatabaseSchemaDDLData): Promise<void>
|
|
setSeed(tables: TableSeedData[]): Promise<void>
|
|
destroy(): Promise<void>
|
|
run: (props: { sql: string }) => Promise<{ result: RLSTestResult }>
|
|
}
|
|
|
|
let instance: SandboxCore | null = null
|
|
let initPromise: Promise<SandboxCore> | null = null
|
|
|
|
export const getSandboxCore = async () => {
|
|
if (instance) return instance
|
|
if (!initPromise) {
|
|
initPromise = boot().finally(() => {
|
|
initPromise = null
|
|
})
|
|
}
|
|
return initPromise
|
|
}
|
|
|
|
const boot = async (): Promise<SandboxCore> => {
|
|
const webWorker = new Worker(new URL('./pglite.worker.ts', import.meta.url), { type: 'module' })
|
|
const pg = await PGliteWorker.create(webWorker)
|
|
|
|
for (const sql of SANDBOX_SETUP_STATEMENTS) {
|
|
try {
|
|
await pg.exec(sql)
|
|
} catch (err) {
|
|
console.warn('[Postgres sandbox] setup:', (err as Error).message, `— ${sql.slice(0, 60)}`)
|
|
}
|
|
}
|
|
|
|
function makeExecutor() {
|
|
return { execSql: (sql: string) => pg.exec(sql).then(() => undefined as void) }
|
|
}
|
|
|
|
async function setSchema(data: DatabaseSchemaDDLData): Promise<void> {
|
|
await applySchema(makeExecutor(), data)
|
|
}
|
|
|
|
async function setSeed(tables: TableSeedData[]): Promise<void> {
|
|
await applySeed(makeExecutor(), tables)
|
|
}
|
|
|
|
const run = async ({ sql }: { sql: string }) => {
|
|
try {
|
|
const results = await pg.exec(sql)
|
|
return { result: results.at(-1)?.rows ?? [] }
|
|
} catch (error) {
|
|
await pg.exec('ROLLBACK').catch(() => {})
|
|
throw error instanceof Error ? error : new Error(getErrorMessage(error) ?? String(error))
|
|
}
|
|
}
|
|
|
|
const destroy = async () => {
|
|
webWorker.terminate()
|
|
instance = null
|
|
}
|
|
|
|
instance = { run, destroy, setSchema, setSeed }
|
|
return instance
|
|
}
|