feat: integration details

Author: gregnr

packages/deploy/src/supabase/deploy.ts renamed to apps/deploy-worker/src/deploy.ts

@@ -1,20 +1,31 @@
-import type { SupabaseClient, SupabaseProviderMetadata } from './types.js'
 import { exec as execSync } from 'node:child_process'
 import { promisify } from 'node:util'
-import { createDeployedDatabase } from './create-deployed-database.js'
-import { getDatabaseUrl, getPoolerUrl } from './get-database-url.js'
-import { DeployError, IntegrationRevokedError } from '../error.js'
-import { generatePassword } from './generate-password.js'
-import { getAccessToken } from './get-access-token.js'
-import { createManagementApiClient } from './management-api/client.js'
+import { DeployError, IntegrationRevokedError } from '@database.build/deploy'
+import {
+  getAccessToken,
+  createManagementApiClient,
+  createDeployedDatabase,
+  generatePassword,
+  getDatabaseUrl,
+  getPoolerUrl,
+  type SupabaseClient,
+  type SupabaseDeploymentConfig,
+  type SupabasePlatformConfig,
+  type SupabaseProviderMetadata,
+} from '@database.build/deploy/supabase'
 const exec = promisify(execSync)
 
 /**
  * Deploy a local database on Supabase
  * If the database was already deployed, it will overwrite the existing database data
  */
 export async function deploy(
-  ctx: { supabase: SupabaseClient },
+  ctx: {
+    supabase: SupabaseClient
+    supabaseAdmin: SupabaseClient
+    supabasePlatformConfig: SupabasePlatformConfig
+    supabaseDeploymentConfig: SupabaseDeploymentConfig
+  },
   params: { databaseId: string; integrationId: number; localDatabaseUrl: string }
 ) {
   // check if the integration is still active
@@ -32,13 +43,13 @@ export async function deploy(
     throw new IntegrationRevokedError()
   }
 
-  const accessToken = await getAccessToken({
+  const accessToken = await getAccessToken(ctx, {
     integrationId: params.integrationId,
     // the integration isn't revoked, so it must have credentials
     credentialsSecretId: integration.data.credentials!,
   })
 
-  const managementApiClient = createManagementApiClient(accessToken)
+  const managementApiClient = createManagementApiClient(ctx, accessToken)
 
   // this is just to check if the integration is still active, an IntegrationRevokedError will be thrown if not
   await managementApiClient.GET('/v1/organizations')
@@ -75,10 +86,10 @@ export async function deploy(
     let databasePassword: string | undefined
 
     if (!deployedDatabase.data) {
-      const createdDeployedDatabase = await createDeployedDatabase(
-        { supabase: ctx.supabase },
-        { databaseId: params.databaseId, integrationId: params.integrationId }
-      )
+      const createdDeployedDatabase = await createDeployedDatabase(ctx, {
+        databaseId: params.databaseId,
+        integrationId: params.integrationId,
+      })
 
       deployedDatabase.data = createdDeployedDatabase.deployedDatabase
       databasePassword = createdDeployedDatabase.databasePassword
@@ -186,7 +197,7 @@ export async function deploy(
 
     return {
       name: project.name,
-      url: `${process.env.SUPABASE_PLATFORM_URL}/dashboard/project/${project.id}`,
+      url: `${ctx.supabasePlatformConfig.url}/dashboard/project/${project.id}`,
       databasePassword,
       databaseUrl: getDatabaseUrl({ project, databasePassword }),
       poolerUrl: getPoolerUrl({ project, databasePassword }),

apps/deploy-worker/src/index.ts

@@ -1,13 +1,30 @@
 import { DeployError, IntegrationRevokedError } from '@database.build/deploy'
-import { createClient } from '@database.build/deploy/supabase'
-import { deploy } from '@database.build/deploy/supabase'
+import {
+  type Database,
+  type Region,
+  type SupabaseDeploymentConfig,
+  type SupabasePlatformConfig,
+} from '@database.build/deploy/supabase'
 import { revokeIntegration } from '@database.build/deploy/supabase'
 import { serve } from '@hono/node-server'
 import { zValidator } from '@hono/zod-validator'
+import { createClient } from '@supabase/supabase-js'
 import { Hono } from 'hono'
 import { cors } from 'hono/cors'
 import { HTTPException } from 'hono/http-exception'
 import { z } from 'zod'
+import { deploy } from './deploy.ts'
+
+const supabasePlatformConfig: SupabasePlatformConfig = {
+  url: process.env.SUPABASE_PLATFORM_URL!,
+  apiUrl: process.env.SUPABASE_PLATFORM_API_URL!,
+  oauthClientId: process.env.SUPABASE_OAUTH_CLIENT_ID!,
+  oauthSecret: process.env.SUPABASE_OAUTH_SECRET!,
+}
+
+const supabaseDeploymentConfig: SupabaseDeploymentConfig = {
+  region: process.env.SUPABASE_PLATFORM_DEPLOY_REGION! as Region,
+}
 
 const app = new Hono()
 
@@ -32,7 +49,15 @@ app.post(
       throw new HTTPException(401, { message: 'Unauthorized' })
     }
 
-    const supabase = createClient()
+    const supabaseAdmin = createClient<Database>(
+      process.env.SUPABASE_URL!,
+      process.env.SUPABASE_SERVICE_ROLE_KEY!
+    )
+
+    const supabase = createClient<Database>(
+      process.env.SUPABASE_URL!,
+      process.env.SUPABASE_ANON_KEY!
+    )
 
     const { error } = await supabase.auth.setSession({
       access_token: accessToken,
@@ -43,16 +68,23 @@ app.post(
       throw new HTTPException(401, { message: 'Unauthorized' })
     }
 
+    const ctx = {
+      supabase,
+      supabaseAdmin,
+      supabasePlatformConfig,
+      supabaseDeploymentConfig,
+    }
+
     try {
-      const project = await deploy({ supabase }, { databaseId, integrationId, localDatabaseUrl })
+      const project = await deploy(ctx, { databaseId, integrationId, localDatabaseUrl })
       return c.json({ project })
     } catch (error: unknown) {
       console.error(error)
       if (error instanceof DeployError) {
         throw new HTTPException(500, { message: error.message })
       }
       if (error instanceof IntegrationRevokedError) {
-        await revokeIntegration({ supabase }, { integrationId })
+        await revokeIntegration(ctx, { integrationId })
         throw new HTTPException(406, { message: error.message })
       }
       throw new HTTPException(500, { message: 'Internal server error' })

apps/deploy-worker/tsconfig.json

@@ -2,6 +2,7 @@
   "extends": "@total-typescript/tsconfig/tsc/no-dom/app",
   "include": ["src/**/*.ts"],
   "compilerOptions": {
+    "allowImportingTsExtensions": true,
     "noEmit": true,
     "outDir": "dist"
   }

apps/web/.env.example

@@ -3,6 +3,7 @@ NEXT_PUBLIC_SUPABASE_URL="<supabase-api-url>"
 NEXT_PUBLIC_BROWSER_PROXY_DOMAIN="browser.dev.db.build"
 NEXT_PUBLIC_DEPLOY_WORKER_DOMAIN="http://localhost:4000"
 NEXT_PUBLIC_SUPABASE_OAUTH_CLIENT_ID="<supabase-oauth-client-id>"
+NEXT_PUBLIC_SUPABASE_PLATFORM_URL=https://supabase.com
 NEXT_PUBLIC_SUPABASE_PLATFORM_API_URL=https://api.supabase.com
 
 OPENAI_API_KEY="<openai-api-key>"

apps/web/app/api/integrations/[id]/details/route.ts

@@ -0,0 +1,129 @@
+import { IntegrationRevokedError } from '@database.build/deploy'
+import {
+  createManagementApiClient,
+  getAccessToken,
+  revokeIntegration,
+  SupabasePlatformConfig,
+} from '@database.build/deploy/supabase'
+import { createAdminClient, createClient } from '~/utils/supabase/server'
+
+export type IntegrationDetails = {
+  id: number
+  provider: {
+    id: number
+    name: string
+  }
+  organization: {
+    id: string
+    name: string
+  }
+}
+
+const supabasePlatformConfig: SupabasePlatformConfig = {
+  url: process.env.NEXT_PUBLIC_SUPABASE_PLATFORM_URL!,
+  apiUrl: process.env.NEXT_PUBLIC_SUPABASE_PLATFORM_API_URL!,
+  oauthClientId: process.env.NEXT_PUBLIC_SUPABASE_OAUTH_CLIENT_ID!,
+  oauthSecret: process.env.SUPABASE_OAUTH_SECRET!,
+}
+
+/**
+ * Gets the details of an integration by querying the Supabase
+ * management API. Details include the organization ID and name
+ * that the integration is scoped to.
+ */
+export async function GET(req: Request, { params }: { params: Promise<{ id: string }> }) {
+  const { id } = await params
+  const supabase = createClient()
+  const supabaseAdmin = createAdminClient()
+
+  const ctx = {
+    supabase,
+    supabaseAdmin,
+    supabasePlatformConfig,
+  }
+
+  const integrationId = parseInt(id, 10)
+
+  try {
+    const { data: integration, error: getIntegrationError } = await supabase
+      .from('deployment_provider_integrations')
+      .select('*, provider:deployment_providers!inner(id, name)')
+      .eq('id', integrationId)
+      .single()
+
+    if (getIntegrationError) {
+      throw new Error('Integration not found', { cause: getIntegrationError })
+    }
+
+    if (integration.revoked_at) {
+      throw new IntegrationRevokedError()
+    }
+
+    const credentialsSecretId = integration.credentials
+
+    if (!credentialsSecretId) {
+      throw new Error('Integration has no credentials')
+    }
+
+    if (!integration.scope) {
+      throw new Error('Integration has no scope')
+    }
+
+    if (
+      typeof integration.scope !== 'object' ||
+      !('organizationId' in integration.scope) ||
+      typeof integration.scope.organizationId !== 'string'
+    ) {
+      throw new Error('Integration scope is invalid')
+    }
+
+    const accessToken = await getAccessToken(ctx, {
+      integrationId: integration.id,
+      credentialsSecretId,
+    })
+
+    const managementApiClient = createManagementApiClient(ctx, accessToken)
+
+    const { data: organization, error: getOrgError } = await managementApiClient.GET(
+      `/v1/organizations/{slug}`,
+      {
+        params: {
+          path: {
+            slug: integration.scope.organizationId,
+          },
+        },
+      }
+    )
+
+    if (getOrgError) {
+      throw new Error('Failed to retrieve organization', { cause: getOrgError })
+    }
+
+    const integrationDetails: IntegrationDetails = {
+      id: integration.id,
+      provider: {
+        id: integration.provider.id,
+        name: integration.provider.name,
+      },
+      organization: {
+        id: organization.id,
+        name: organization.name,
+      },
+    }
+
+    return Response.json(integrationDetails)
+  } catch (error: unknown) {
+    console.error(error)
+
+    if (error instanceof IntegrationRevokedError) {
+      await revokeIntegration(ctx, { integrationId })
+      return Response.json({ message: error.message }, { status: 406 })
+    }
+
+    if (error instanceof Error) {
+      return Response.json({ message: error.message }, { status: 400 })
+    }
+
+    return Response.json({ message: 'Internal server error' }, { status: 500 })
+  }
+}

apps/web/app/api/oauth/supabase/callback/route.ts

@@ -74,8 +74,6 @@ export async function GET(req: NextRequest) {
     token_type: 'Bearer'
   }
 
-  console.log({ tokens })
-
   const organizationsResponse = await fetch(
     `${process.env.NEXT_PUBLIC_SUPABASE_PLATFORM_API_URL}/v1/organizations`,
     {
@@ -128,9 +126,11 @@ export async function GET(req: NextRequest) {
 
   const adminClient = createAdminClient()
 
+  const secretName = `oauth_credentials_supabase_${organization.id}_${user.id}`
+
   // store the tokens as secret
-  const credentialsSecret = await adminClient.rpc('insert_secret', {
-    name: `oauth_credentials_supabase_${organization.id}_${user.id}`,
+  const credentialsSecret = await adminClient.rpc('upsert_secret', {
+    name: secretName,
     secret: JSON.stringify({
       accessToken: tokens.access_token,
       expiresAt: new Date(now + tokens.expires_in * 1000).toISOString(),
@@ -139,12 +139,11 @@ export async function GET(req: NextRequest) {
   })
 
   if (credentialsSecret.error) {
+    console.error(credentialsSecret.error)
     return new Response('Failed to store the integration credentials as secret', { status: 500 })
   }
 
-  let integrationId: number
-
-  // if an existing revoked integration exists, update the tokens and cancel the revokation
+  // if an existing revoked integration exists, update the tokens and cancel the revocation
   if (revokedIntegration) {
     const updateIntegrationResponse = await supabase
       .from('deployment_provider_integrations')
@@ -157,8 +156,6 @@ export async function GET(req: NextRequest) {
     if (updateIntegrationResponse.error) {
       return new Response('Failed to update integration', { status: 500 })
     }
-
-    integrationId = revokedIntegration.id
   } else {
     const createIntegrationResponse = await supabase
       .from('deployment_provider_integrations')
@@ -175,13 +172,7 @@ export async function GET(req: NextRequest) {
     if (createIntegrationResponse.error) {
       return new Response('Failed to create integration', { status: 500 })
     }
-
-    integrationId = createIntegrationResponse.data.id
   }
 
-  const params = new URLSearchParams({
-    integration: integrationId.toString(),
-  })
-
-  return NextResponse.redirect(new URL(`/deploy/${state.databaseId}?${params.toString()}`, req.url))
+  return NextResponse.redirect(new URL(`/db/${state.databaseId}?deploy=Supabase`, req.url))
 }