PublicArchive/supabase
2
0
Fork 0
mirror of https://github.com/supabase/supabase.git synced 2026-05-06 08:56:46 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
0433eeb5f5cc6c41b80c85793a3b7be1fc976119
supabase/apps/studio/data/vault/vault-secrets-query.ts
T
Charis 0433eeb5f5 feat(studio): mark sql provenance for safety (#45336) 
Mark provenance of SQL via the branded types SafeSqlFragment and
UntrustedSqlFragment. Only SafeSqlFragment should be executed;
UntrustedSqlFragments require some kind of implicit user approval (show
on screen + user has to click something) before they are promoted to
SafeSqlFragment.

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Editor and RLS tester show loading states for inferred/generated SQL
and include a dedicated user SQL editor for safer edits.

* **Refactor**
* Platform-wide SQL handling tightened: snippets and AI-generated SQL
are treated as untrusted/display-only until promoted, improving safety
and consistency.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-05-04 13:08:06 -04:00

53 lines
1.6 KiB
TypeScript
Raw Blame History

import { safeSql } from '@supabase/pg-meta'
import { Query } from '@supabase/pg-meta/src/query'
import { useQuery } from '@tanstack/react-query'
import { vaultSecretsKeys } from './keys'
import { executeSql, ExecuteSqlError } from '@/data/sql/execute-sql-query'
import type { UseCustomQueryOptions, VaultSecret } from '@/types'
export const getVaultSecretsSql = () => {
const sql = new Query()
.from('secrets', 'vault')
.select(safeSql`id,name,description,secret,created_at,updated_at`)
.toSql()
return sql
}
export type VaultSecretsVariables = {
projectRef?: string
connectionString?: string | null
}
export async function getVaultSecrets(
{ projectRef, connectionString }: VaultSecretsVariables,
signal?: AbortSignal
) {
const sql = getVaultSecretsSql()
const { result } = await executeSql(
{ projectRef, connectionString, sql, queryKey: ['vault-secrets'] },
signal
)
return result as VaultSecret[]
}
export type VaultSecretsData = Awaited<ReturnType<typeof getVaultSecrets>>
export type VaultSecretsError = ExecuteSqlError
export const useVaultSecretsQuery = <TData = VaultSecretsData>(
{ projectRef, connectionString }: VaultSecretsVariables,
{
enabled = true,
...options
}: UseCustomQueryOptions<VaultSecretsData, VaultSecretsError, TData> = {}
) =>
useQuery<VaultSecretsData, VaultSecretsError, TData>({
queryKey: vaultSecretsKeys.list(projectRef),
queryFn: ({ signal }) => getVaultSecrets({ projectRef, connectionString }, signal),
enabled: enabled && typeof projectRef !== 'undefined',
...options,
})
Reference in New Issue View Git Blame Copy Permalink