PublicArchive/supabase
2
0
Fork 0
mirror of https://github.com/supabase/supabase.git synced 2026-05-06 08:56:46 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
0433eeb5f5cc6c41b80c85793a3b7be1fc976119
supabase/apps/studio/data/content/content-query.ts
T
Charis 0433eeb5f5 feat(studio): mark sql provenance for safety (#45336) 
Mark provenance of SQL via the branded types SafeSqlFragment and
UntrustedSqlFragment. Only SafeSqlFragment should be executed;
UntrustedSqlFragments require some kind of implicit user approval (show
on screen + user has to click something) before they are promoted to
SafeSqlFragment.

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Editor and RLS tester show loading states for inferred/generated SQL
and include a dedicated user SQL editor for safer edits.

* **Refactor**
* Platform-wide SQL handling tightened: snippets and AI-generated SQL
are treated as untrusted/display-only until promoted, improving safety
and consistency.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-05-04 13:08:06 -04:00

71 lines
2.1 KiB
TypeScript
Raw Blame History

import { useQuery } from '@tanstack/react-query'
import { components } from 'api-types'
import { remapSqlContentFields } from './content-remap'
import { contentKeys } from './keys'
import { get, handleError } from '@/data/fetchers'
import type { Dashboards, LogSqlSnippets, SqlSnippets, UseCustomQueryOptions } from '@/types'
export type ContentBase = components['schemas']['GetUserContentResponse']['data'][number]
export type Content = Omit<ContentBase, 'content' | 'type'> &
(
| {
type: 'sql'
content: SqlSnippets.Content
}
| {
type: 'report'
content: Dashboards.Content
}
| {
type: 'log_sql'
content: LogSqlSnippets.Content
}
)
export type ContentType = Content['type']
interface GetContentVariables {
projectRef?: string
type: ContentType
name?: string
limit?: number
}
export async function getContent(
{ projectRef, type, name, limit = 10 }: GetContentVariables,
signal?: AbortSignal
) {
if (typeof projectRef === 'undefined') {
throw new Error('projectRef is required for getContent')
}
const { data, error } = await get('/platform/projects/{ref}/content', {
params: { path: { ref: projectRef }, query: { type, name, limit: limit.toString() } },
signal,
})
if (error) handleError(error)
return {
cursor: data.cursor,
content: remapSqlContentFields(data.data as unknown as Content[]),
}
}
export type ContentData = Awaited<ReturnType<typeof getContent>>
export type ContentError = unknown
/** @deprecated Use useContentInfiniteQuery from content-infinite-query instead */
export const useContentQuery = <TData = ContentData>(
{ projectRef, type, name, limit }: GetContentVariables,
{ enabled = true, ...options }: UseCustomQueryOptions<ContentData, ContentError, TData> = {}
) =>
useQuery<ContentData, ContentError, TData>({
queryKey: contentKeys.list(projectRef, { type, name, limit }),
queryFn: ({ signal }) => getContent({ projectRef, type, name, limit }, signal),
enabled: enabled && typeof projectRef !== 'undefined',
...options,
})
Reference in New Issue View Git Blame Copy Permalink