PublicArchive/supabase
2
0
Fork 0
mirror of https://github.com/supabase/supabase.git synced 2026-06-28 19:39:19 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
docs/postgres-lint
supabase/apps/studio/data/projects/project-create-mutation.ts
T
Alaister Young 409a38a4ea [FE-3145] feat(studio): use data_api_revoke_default_privileges flag (#45683) 
Swap the project-creation revoke from custom `db_sql` over to the new
`data_api_revoke_default_privileges` API field. Same behaviour, just
delegated to the platform so non-studio flows (branches, CLI, terraform)
can apply the same revoke logic — addresses
[FE-3145](https://linear.app/supabase/issue/FE-3145/swap-frontend-to-use-revoke-default-privileges-flag).

Backend support landed in supabase/platform#32158 and
supabase/platform#32493 (FUP that decoupled the flag from
`data_api_use_api_schema`).

**Changed:**
- `apps/studio/data/projects/project-create-mutation.ts` — accepts
`dataApiRevokeDefaultPrivileges` and forwards it as
`data_api_revoke_default_privileges`
- `apps/studio/pages/new/[slug].tsx` — drops the inline
`buildDefaultPrivilegesSql('revoke')` injection in `dbSql`, passes the
flag instead
-
`apps/studio/pages/integrations/vercel/[slug]/deploy-button/new-project.tsx`
— same swap on the Vercel deploy-button flow
- `packages/api-types/types/platform.d.ts` — adds the new field to
`CreateProjectBody`

**Preserved:**
- The `dataApiRevokeOnCreateDefault` PostHog flag still gates the
default checkbox state and telemetry — only the SQL application changes
- `data_api_use_api_schema: false` stays as-is — projects keep `public`
+ `graphql_public` exposed, no project-shape change

## To test

- Project creation form (`/new/<org>`):
- With PostHog flag off: "Automatically expose new tables" defaults to
checked → request body has `data_api_revoke_default_privileges: false`
- Manually uncheck the box → request body has
`data_api_revoke_default_privileges: true`, project ends up with revoked
default grants on `public`
- With "Enable Data API" off → `data_api_revoke_default_privileges:
false` (no point revoking when nothing's exposed)
- Vercel deploy-button flow
(`/integrations/vercel/<slug>/deploy-button`):
  - Same checkbox behaviour as above
  - Migration SQL from the GitHub repo still runs as `db_sql` separately

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **New Features**
* Added support for a dedicated `dataApiRevokeDefaultPrivileges` option
during project creation.

* **Refactor**
* Simplified Data API privilege configuration by using a dedicated
parameter instead of SQL-based management across project creation flows.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->

---------

Co-authored-by: Alaister Young <10985857+alaister@users.noreply.github.com>
2026-05-08 13:24:25 +08:00

117 lines
3.6 KiB
TypeScript
Raw Permalink Blame History

import { useMutation } from '@tanstack/react-query'
import { toast } from 'sonner'
import { DesiredInstanceSize, PostgresEngine, ReleaseChannel } from './new-project.constants'
import { useInvalidateProjectsInfiniteQuery } from './org-projects-infinite-query'
import type { components } from '@/data/api'
import { handleError, post } from '@/data/fetchers'
import { PROVIDERS } from '@/lib/constants'
import { captureCriticalError } from '@/lib/error-reporting'
import type { ResponseError, UseCustomMutationOptions } from '@/types'
type CreateProjectBody = components['schemas']['CreateProjectBody']
type CloudProvider = CreateProjectBody['cloud_provider']
export type ProjectCreateVariables = {
name: string
organizationSlug: string
dbPass: string
dbRegion?: string
regionSelection?: CreateProjectBody['region_selection']
dbSql?: string
dbPricingTierId?: string
cloudProvider?: string
authSiteUrl?: string
customSupabaseRequest?: object
dbInstanceSize?: DesiredInstanceSize
dataApiExposedSchemas?: string[]
dataApiUseApiSchema?: boolean
dataApiRevokeDefaultPrivileges?: boolean
postgresEngine?: PostgresEngine
releaseChannel?: ReleaseChannel
highAvailability?: boolean
githubInstallationId?: CreateProjectBody['github_installation_id']
githubRepositoryId?: CreateProjectBody['github_repository_id']
}
export async function createProject({
name,
organizationSlug,
dbPass,
dbRegion,
regionSelection,
dbSql,
cloudProvider = PROVIDERS.AWS.id,
authSiteUrl,
customSupabaseRequest,
dbInstanceSize,
dataApiExposedSchemas,
dataApiUseApiSchema,
dataApiRevokeDefaultPrivileges,
postgresEngine,
releaseChannel,
highAvailability,
githubInstallationId,
githubRepositoryId,
}: ProjectCreateVariables) {
const body: CreateProjectBody = {
cloud_provider: cloudProvider as CloudProvider,
organization_slug: organizationSlug,
name,
db_pass: dbPass,
db_region: dbRegion,
region_selection: regionSelection,
db_sql: dbSql,
auth_site_url: authSiteUrl,
...(customSupabaseRequest !== undefined && {
custom_supabase_internal_requests: customSupabaseRequest as any,
}),
desired_instance_size: dbInstanceSize,
data_api_exposed_schemas: dataApiExposedSchemas,
data_api_use_api_schema: dataApiUseApiSchema,
data_api_revoke_default_privileges: dataApiRevokeDefaultPrivileges,
postgres_engine: postgresEngine,
release_channel: releaseChannel,
high_availability: highAvailability,
github_installation_id: githubInstallationId,
github_repository_id: githubRepositoryId,
}
const { data, error } = await post(`/platform/projects`, {
body,
})
if (error) handleError(error)
return data
}
type ProjectCreateData = Awaited<ReturnType<typeof createProject>>
export const useProjectCreateMutation = ({
onSuccess,
onError,
...options
}: Omit<
UseCustomMutationOptions<ProjectCreateData, ResponseError, ProjectCreateVariables>,
'mutationFn'
> = {}) => {
const { invalidateProjectsQuery } = useInvalidateProjectsInfiniteQuery()
return useMutation<ProjectCreateData, ResponseError, ProjectCreateVariables>({
mutationFn: (vars) => createProject(vars),
async onSuccess(data, variables, context) {
await invalidateProjectsQuery()
await onSuccess?.(data, variables, context)
},
async onError(data, variables, context) {
if (onError === undefined) {
toast.error(`Failed to create new project: ${data.message}`)
} else {
onError(data, variables, context)
}
captureCriticalError(data, 'create project')
},
...options,
})
}
Reference in New Issue View Git Blame Copy Permalink