mirror of
https://github.com/supabase/supabase.git
synced 2026-05-06 08:56:46 -04:00
Charis
0433eeb5f5
Mark provenance of SQL via the branded types SafeSqlFragment and UntrustedSqlFragment. Only SafeSqlFragment should be executed; UntrustedSqlFragments require some kind of implicit user approval (show on screen + user has to click something) before they are promoted to SafeSqlFragment. <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Editor and RLS tester show loading states for inferred/generated SQL and include a dedicated user SQL editor for safer edits. * **Refactor** * Platform-wide SQL handling tightened: snippets and AI-generated SQL are treated as untrusted/display-only until promoted, improving safety and consistency. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
85 lines
2.3 KiB
TypeScript
85 lines
2.3 KiB
TypeScript
import { InfiniteData, useInfiniteQuery } from '@tanstack/react-query'
|
|
|
|
import { Content } from './content-query'
|
|
import { remapSqlContentFields } from './content-remap'
|
|
import { contentKeys } from './keys'
|
|
import { SNIPPET_PAGE_LIMIT } from './sql-folders-query'
|
|
import { get } from '@/data/fetchers'
|
|
import { UseCustomInfiniteQueryOptions } from '@/types'
|
|
|
|
export type SqlSnippet = Extract<Content, { type: 'sql' }>
|
|
|
|
interface GetSqlSnippetsVariables {
|
|
projectRef?: string
|
|
cursor?: string
|
|
visibility?: SqlSnippet['visibility']
|
|
favorite?: boolean
|
|
name?: string
|
|
sort?: 'name' | 'inserted_at'
|
|
}
|
|
|
|
export async function getSqlSnippets(
|
|
{ projectRef, cursor, visibility, favorite, name, sort }: GetSqlSnippetsVariables,
|
|
signal?: AbortSignal
|
|
) {
|
|
if (typeof projectRef === 'undefined') {
|
|
throw new Error('projectRef is required for getSqlSnippets')
|
|
}
|
|
|
|
const sortOrder = sort === 'name' ? 'asc' : 'desc'
|
|
|
|
const { data, error } = await get('/platform/projects/{ref}/content', {
|
|
params: {
|
|
path: { ref: projectRef },
|
|
query: {
|
|
type: 'sql',
|
|
cursor,
|
|
visibility,
|
|
favorite,
|
|
name,
|
|
limit: SNIPPET_PAGE_LIMIT.toString(),
|
|
sort_by: sort,
|
|
sort_order: sortOrder,
|
|
},
|
|
},
|
|
signal,
|
|
})
|
|
|
|
if (error) {
|
|
throw error
|
|
}
|
|
|
|
return {
|
|
cursor: data.cursor,
|
|
contents: remapSqlContentFields(data.data as unknown as SqlSnippet[]),
|
|
}
|
|
}
|
|
|
|
export type SqlSnippetsData = Awaited<ReturnType<typeof getSqlSnippets>>
|
|
export type SqlSnippetsError = unknown
|
|
|
|
export const useSqlSnippetsQuery = <TData = SqlSnippetsData>(
|
|
{ projectRef, sort, name, visibility, favorite }: Omit<GetSqlSnippetsVariables, 'cursor'>,
|
|
{
|
|
enabled = true,
|
|
...options
|
|
}: UseCustomInfiniteQueryOptions<
|
|
SqlSnippetsData,
|
|
SqlSnippetsError,
|
|
InfiniteData<TData>,
|
|
readonly unknown[],
|
|
string | undefined
|
|
> = {}
|
|
) =>
|
|
useInfiniteQuery({
|
|
queryKey: contentKeys.sqlSnippets(projectRef, { sort, name, visibility, favorite }),
|
|
queryFn: ({ signal, pageParam: cursor }) =>
|
|
getSqlSnippets({ projectRef, cursor, sort, name, visibility, favorite }, signal),
|
|
enabled: enabled && typeof projectRef !== 'undefined',
|
|
initialPageParam: undefined,
|
|
getNextPageParam(lastPage) {
|
|
return lastPage.cursor
|
|
},
|
|
...options,
|
|
})
|