[pull] master from supabase:master#958
Merged
Merged
Conversation
…#46239) ## I have read the [CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md) file. YES ## What kind of change does this PR introduce? Bug fix (security hardening). ## What is the current behavior? [PRODSEC-120](https://linear.app/supabase/issue/PRODSEC-120/mythos-ant-2026-btrnt5a3-server-action-accepts-client-controlled-crm) — the marketing form server action accepts the full \`crm\` config (Notion \`database_id\`, HubSpot \`formGuid\`, Customer.io \`event\`, \`staticProperties\`, etc.) from the client, so a crafted submission can write to any Notion database the integration token reaches, post to any HubSpot form in the portal, or trigger arbitrary Customer.io events. ## What is the new behavior? The client now posts only \`{ slug, formId }\` plus the field values; \`submitFormAction\` validates the ref with Zod, looks the trusted CRM config up from the in-process \`_go/**\` page registry via a resolver wired up in \`instrumentation.ts\`, and fails closed if the form isn't found. \`SectionRenderer\` also strips \`crm\` from the section before it crosses into the client bundle (so \`database_id\` / \`formGuid\` no longer ship in page HTML), \`getAllGoPages\` rejects any form section with \`crm\` but no stable \`id\`, and per-submission size/character limits were tightened. ## Additional context Separate follow-ups (not in this PR): confirm \`NOTION_FORMS_API_KEY\` is write-only and scoped to the forms subtree, and chase down the \`NOTION_EVENTS_API_KEY\` validity issue raised on the Linear ticket. <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** - Forms now support unique identifiers for enhanced tracking and management - Server-side form configuration management for improved reliability * **Improvements** - Enhanced form validation during page initialization to catch configuration issues - Improved form submission handling with better error detection and reporting - Strengthened form operations with fail-safe configuration resolution <!-- review_stack_entry_start --> [](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/46239?utm_source=github_walkthrough&utm_medium=github&utm_campaign=change_stack) <!-- review_stack_entry_end --> <!-- end of auto-generated comment: release notes by coderabbit.ai -->
## I have read the [CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md) file. YES ## What kind of change does this PR introduce? Refactor / security hardening (part of a stacked series applying compile-time SQL provenance tracking to analytics call sites). ## What is the current behavior? The `queryType: 'logs'` presets in `PRESET_CONFIG` (API ×8, Storage ×2) build BigQuery SQL by splicing filter keys and values via plain string interpolation through `generateRegexpWhere`, with no compile-time guarantee that the output is injection-safe. `ReportQueryLogs.sql` returns `string` and `getLogsSql` returns `string`. ## What is the new behavior? - `generateRegexpWhereSafe` added to `Reports.constants.ts`: routes filter keys through `quotedIdent` (dropping predicates whose identifier fails the `[A-Za-z_][A-Za-z0-9_]*` regex) and values through `analyticsLiteral`. Values must be raw/unquoted — the function handles all quoting and escaping itself. - All ten `queryType: 'logs'` presets migrated to use the `safeLogSql` template tag and `generateRegexpWhereSafe`. - `ReportQueryLogs.sql` return type tightened from `string` to `SafeLogSqlFragment`; `getLogsSql` return type updated to match. - Manual pre-quoting of the `identifier` filter removed in `useApiReport` and `useStorageReport` (`value: \`'${identifier}'\`` → `value: identifier`), since `analyticsLiteral` now handles quoting. ## Additional context Smoke test: `/observability/api-overview`, `/observability/storage`. To exercise the replica `identifier` filter, select a replica on `/observability/database` first, then navigate to those pages.
## I have read the [CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md) file. YES ## What kind of change does this PR introduce? Security / refactor — migrates `SharedAPIReport.constants.ts` to the proven-authorship model (`SafeLogSqlFragment`). ## What is the current behavior? All seven SQL builders in `SHARED_API_REPORT_SQL` return plain `string` and interpolate filter values via `generateRegexpWhere`, which performs manual quoting without sanitization. The source table name (`edge_logs` / `function_edge_logs`) is also interpolated as a raw string. Queries are executed via a local `fetchLogs` function that calls `get()` directly, bypassing the `executeAnalyticsSql` wire boundary. ## What is the new behavior? - Each SQL builder is rewritten with the `safeLogSql` template tag and returns `SafeLogSqlFragment`. - Filter keys route through `quotedIdent` (predicates with invalid identifiers are dropped); values route through `analyticsLiteral` (single quotes and backslashes are escaped). - A `SOURCE_TABLE` branded map covers the two possible source tables; `sourceTable()` looks up the branded fragment instead of interpolating a raw string. - `fetchLogs` is removed; `useQueries` calls `executeAnalyticsSql` directly with `method: 'get'`, routing through the shared wire boundary. - The `queryFn` wraps the call in a try/catch that also checks `data?.error`, preserving the original Sentry capture behaviour (`'Shared API Report Error'`) for both network and API-level errors. ## Additional context
… guides (#46178) ## I have read the [CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md) file. YES ## What kind of change does this PR introduce? Docs update (new guides + follow-up documentation fix from review feedback). ## What is the current behavior? There was no consolidated docs example for resumable WebSockets with Edge Functions, and no dedicated troubleshooting guide for worker timeouts / WebSocket drops. ## What is the new behavior? - Adds a resumable WebSockets guide for Edge Functions, including: - session persistence - event replay - idempotency pattern and schema examples - client/server example flow - Adds an Edge Functions troubleshooting guide for worker timeouts and WebSocket drops. - Updates docs navigation to surface the new guides. - Follow-up fix from review feedback: the browser client example now stores `sessionId` and `lastEventId` in `sessionStorage` (instead of `localStorage`). ## Additional context - Branch has been updated with latest `origin/master`. - This PR remains documentation-focused; no production runtime code changes were introduced. <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Documentation** * Added a guide on resumable WebSockets covering session persistence, event replay, idempotency patterns, SQL schema examples, and client/server usage. * Added a troubleshooting guide on Edge Functions worker timeouts and WebSocket drops with scenarios, symptoms, and practical workarounds. * Enhanced WebSocket docs with a production note on worker lifecycle and keeping runtime promises open to avoid premature shutdown. * Navigation updated to surface the new guides. <!-- review_stack_entry_start --> [](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/46178?utm_source=github_walkthrough&utm_medium=github&utm_campaign=change_stack) <!-- review_stack_entry_end --> <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: Lakshan Perera <lakshan@supabase.io> Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> Co-authored-by: CodeRabbit <noreply@coderabbit.ai> Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
## Summary Adds documentation for the new Logs pricing SKUs (Ingest and Query) ahead of the July 1 launch. Part of the [O11Y Logs Pricing RFC](https://linear.app/supabase/project/rfc-supabase-observability-product-packaging-and-pricing-77990c05a767) rollout (PRD R6). **This is the docs PR.** Pricing page changes (`apps/www`) and Studio dashboard changes are separate PRs. ### New pages - **Logs overview** (`manage-your-usage/logs.mdx`) — both SKUs at a glance, summary pricing table, Logs vs Log Drains clarification - **Logs Ingest detail** (`manage-your-usage/logs-ingest.mdx`) — full billing details, invoice examples, optimization tips - **Logs Query detail** (`manage-your-usage/logs-query.mdx`) — full billing details, invoice examples, optimization tips - **Pricing partials** for both SKUs (`pricing_logs_ingest.mdx`, `pricing_logs_query.mdx`) ### Updated pages - **Cost control** — added Logs Ingest + Logs Query to "Usage items covered by the Spend Cap" list - **Telemetry/logs** — added link to the new manage-usage overview page - **Navigation sidebar** — added Logs, Logs Ingest, Logs Query entries before Log Drains ### Notes - Screenshots are marked as TODO placeholders — will be added once Studio surfaces are live - Follows the existing manage-usage page pattern (storage-size, MAU, etc.) - Canonical pricing: Ingest $0.50/GB over 5 GB, Query $0.002/GB over 1,000 GB (Free/Pro/Team) ## Test plan - [x] Verify pages render at `/docs/guides/platform/manage-your-usage/logs`, `/logs-ingest`, `/logs-query` - [x] Verify sidebar navigation shows new entries - [x] Verify cost-control page lists both items under "covered by Spend Cap" - [x] Verify `<$Partial />` pricing tables render correctly - [x] Verify telemetry/logs page shows new billing link - [x] Verify no broken links 🤖 Generated with [Claude Code](https://claude.com/claude-code) <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Documentation** * Added guides for managing Logs, Logs Ingest, and Logs Query usage with pricing, billing scenarios, quota examples, and optimization tips * Added Platform → Billing navigation items: Logs, Logs Ingest, Logs Query * Included overage pricing tables, Spend Cap coverage updates, “Coming soon” billing caveats, clarified Logs vs. Log Drains, and linked usage management from the Logging guide * **Chore** * Whitelisted "Better Stack" in spelling checks <!-- review_stack_entry_start --> [](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/46095?utm_source=github_walkthrough&utm_medium=github&utm_campaign=change_stack) <!-- review_stack_entry_end --> <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Co-authored-by: Chris Chinchilla <chris.ward@supabase.io>
](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/46239?utm_source=github_walkthrough&utm_medium=github&utm_campaign=change_stack){kind=link}
](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/46178?utm_source=github_walkthrough&utm_medium=github&utm_campaign=change_stack){kind=link}
](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/46095?utm_source=github_walkthrough&utm_medium=github&utm_campaign=change_stack){kind=link}
github-actions
Bot
added
the
documentation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot] (v2.0.0-alpha.4)
Can you help keep this open source service alive? 💖 Please sponsor : )