Enforce RLS when user opted in to MFA. (#188)

* Allow Super Admin to view tables using RLS * Replace previous usages of the Admin client using the authed client using the new RLS * Enforce MFA for Super Admin users * Enforce RLS when user opted in to MFA. * Add Super Admin Access Policies and Update Database Types * Consolidate super admin logic into a single function that uses the RPC is_super_admin * Added Super Admin E2E tests * Fixes and improvements * Bump version to 2.5.0
2025-03-02 10:21:01 +07:00
parent 9cf7bf0aac
commit 131b1061e6
61 changed files with 2193 additions and 302 deletions
--- a/apps/dev-tool/app/variables/components/app-environment-variables-manager.tsx
+++ b/apps/dev-tool/app/variables/components/app-environment-variables-manager.tsx
@@ -47,8 +47,6 @@ type ValidationResult = {
  };
 };

-type VariableRecord = Record<string, string>;
-
 export function AppEnvironmentVariablesManager({
  state,
 }: React.PropsWithChildren<{
@@ -71,11 +69,11 @@ function EnvList({ appState }: { appState: AppEnvState }) {
  const [search, setSearch] = useState('');
  const searchParams = useSearchParams();

-  const secretVars = searchParams.get('secret') === 'true';
-  const publicVars = searchParams.get('public') === 'true';
-  const privateVars = searchParams.get('private') === 'true';
-  const overriddenVars = searchParams.get('overridden') === 'true';
-  const invalidVars = searchParams.get('invalid') === 'true';
+  const showSecretVars = searchParams.get('secret') === 'true';
+  const showPublicVars = searchParams.get('public') === 'true';
+  const showPrivateVars = searchParams.get('private') === 'true';
+  const showOverriddenVars = searchParams.get('overridden') === 'true';
+  const showInvalidVars = searchParams.get('invalid') === 'true';

  const toggleExpanded = (key: string) => {
    setExpandedVars((prev) => ({
@@ -558,16 +556,16 @@ function EnvList({ appState }: { appState: AppEnvState }) {

    if (
      !search &&
-      !secretVars &&
-      !publicVars &&
-      !privateVars &&
-      !invalidVars &&
-      !overriddenVars
+      !showSecretVars &&
+      !showPublicVars &&
+      !showPrivateVars &&
+      !showInvalidVars &&
+      !showOverriddenVars
    ) {
      return true;
    }

-    const isSecret = model?.secret;
+    const isSecret = model?.secret ?? false;
    const isPublic = varState.key.startsWith('NEXT_PUBLIC_');
    const isPrivate = !isPublic;

@@ -575,23 +573,23 @@ function EnvList({ appState }: { appState: AppEnvState }) {
      ? varState.key.toLowerCase().includes(search.toLowerCase())
      : true;

-    if (isPublic && publicVars && isInSearch) {
-      return true;
+    if (showPublicVars && isInSearch) {
+      return isPublic;
    }

-    if (isSecret && secretVars && isInSearch) {
-      return true;
+    if (showSecretVars && isInSearch) {
+      return isSecret;
    }

-    if (isPrivate && privateVars && isInSearch) {
-      return true;
+    if (showPrivateVars && isInSearch) {
+      return isPrivate;
    }

-    if (overriddenVars && varState.isOverridden && isInSearch) {
-      return true;
+    if (showOverriddenVars && isInSearch) {
+      return varState.isOverridden;
    }

-    if (invalidVars) {
+    if (showInvalidVars) {
      const allVariables = getEffectiveVariablesValue(appState);

      let hasError = false;
@@ -637,14 +635,10 @@ function EnvList({ appState }: { appState: AppEnvState }) {
        }
      }

-      if (hasError && isInSearch) return true;
+      return hasError && isInSearch;
    }

-    if (isInSearch) {
-      return true;
-    }
-
-    return false;
+    return isInSearch;
  };

  // Update groups to use allVarsWithValidation instead of appState.variables
@@ -679,11 +673,11 @@ function EnvList({ appState }: { appState: AppEnvState }) {
          <div>
            <FilterSwitcher
              filters={{
-                secret: secretVars,
-                public: publicVars,
-                overridden: overriddenVars,
-                private: privateVars,
-                invalid: invalidVars,
+                secret: showSecretVars,
+                public: showPublicVars,
+                overridden: showOverriddenVars,
+                private: showPrivateVars,
+                invalid: showInvalidVars,
              }}
            />
          </div>
--- a/apps/dev-tool/app/variables/lib/env-variables-model.ts
+++ b/apps/dev-tool/app/variables/lib/env-variables-model.ts
@@ -925,9 +925,7 @@ export const envVariables: EnvVariableModel[] = [
        },
      ],
      validate: ({ value }) => {
-        return z
-          .string()
-          .safeParse(value);
+        return z.string().safeParse(value);
      },
    },
  },