ENG-950 Refactor the concept query function with new security-scoped views to avoid RLS slowdown (#482)

* Make queries through security-aware views to bypass RLS. Optimize the RLS functions.

* Also avoid policy overlap. 

* Use foreign key, not computed relation, where possible in queries.ts

Author: maparent

packages/database/src/dbTypes.ts

@@ -102,10 +102,17 @@ export const fetchOrCreateSpaceDirect = async (
     });
 
   if (result2.data === null) {
-    return asPostgrestFailure(
-      JSON.stringify(result2.error),
-      "Failed to create space",
-    );
+    // eslint-disable-next-line @typescript-eslint/no-unsafe-member-access
+    let error: string = (result2.error?.message as string | undefined) || "";
+    // eslint-disable-next-line @typescript-eslint/no-unsafe-member-access
+    if (result2.error?.context?.body)
+      try {
+        // eslint-disable-next-line
+        error += await new Response(result2.error.context.body).text();
+      } catch (err) {
+        // could not parse, not important
+      }
+    return asPostgrestFailure(error, "Failed to create space");
   }
   return {
     data: result2.data,

packages/database/src/lib/contextFunctions.ts

@@ -114,12 +114,14 @@ const composeConceptQuery = ({
   if (contentFields.length > 0) {
     const args: string[] = contentFields.slice();
     if (documentFields.length > 0) {
-      args.push("Document (\n" + documentFields.join(",\n") + ")");
+      args.push(
+        `Document:my_documents!document_id${innerContent ? "!inner" : ""} (\n${documentFields.join(",\n")})`,
+      );
     }
-    q += `,\nContent${innerContent ? "!inner" : ""} (\n${args.join(",\n")})`;
+    q += `,\nContent:my_contents!represented_by_id${innerContent ? "!inner" : ""} (\n${args.join(",\n")})`;
   }
   if (nodeAuthor !== undefined) {
-    q += ", author:author_id!inner(account_local_id)";
+    q += ", author:my_accounts!author_id!inner(account_local_id)";
   }
   if (
     inRelsOfType !== undefined ||
@@ -139,16 +141,18 @@ const composeConceptQuery = ({
       if (inRelsToNodesOfType !== undefined && !args2.includes("schema_id"))
         args2.push("schema_id");
       if (inRelsToNodeLocalIds !== undefined)
-        args2.push("Content!inner(source_local_id)");
+        args2.push(
+          "Content:my_contents!represented_by_id!inner(source_local_id)",
+        );
       if (inRelsToNodesOfAuthor !== undefined) {
         if (!args2.includes("author_id")) args2.push("author_id");
-        args2.push("author:author_id!inner(account_local_id)");
+        args2.push("author:my_accounts!author_id!inner(account_local_id)");
       }
       args.push(`subnodes:concepts_of_relation!inner(${args2.join(",\n")})`);
     }
     q += `, relations:concept_in_relations!inner(${args.join(",\n")})`;
   }
-  let query = supabase.from("Concept").select(q);
+  let query = supabase.from("my_concepts").select(q);
   if (fetchNodes === true) {
     query = query.eq("arity", 0);
   } else if (fetchNodes === false) {
@@ -172,7 +176,7 @@ const composeConceptQuery = ({
     else throw new Error("schemaDbIds should be a number or number[]");
   }
   if (baseNodeLocalIds.length > 0)
-    query = query.in("content.source_local_id", baseNodeLocalIds);
+    query = query.in("Content.source_local_id", baseNodeLocalIds);
   if (inRelsOfType !== undefined && inRelsOfType.length > 0)
     query = query.in("relations.schema_id", inRelsOfType);
   if (inRelsToNodesOfType !== undefined && inRelsToNodesOfType.length > 0)

packages/database/src/lib/queries.ts

@@ -114,6 +114,7 @@ const processAndGetOrCreateSpace = async (
       return asPostgrestFailure(error.message, "authentication_error");
     }
     anonymousUser = data.user;
+    await supabase.auth.signOut({ scope: "local" });
   }
   if (anonymousUser === null) {
     const resultCreateAnonymousUser = await supabase.auth.admin.createUser({
@@ -185,28 +186,28 @@ const processAndGetOrCreateSpace = async (
 const allowedOrigins = ["https://roamresearch.com", "http://localhost:3000"];
 
 const isVercelPreviewUrl = (origin: string): boolean =>
-    /^https:\/\/.*-discourse-graph-[a-z0-9]+\.vercel\.app$/.test(origin)
+  /^https:\/\/.*-discourse-graph-[a-z0-9]+\.vercel\.app$/.test(origin);
 
 const isAllowedOrigin = (origin: string): boolean =>
   allowedOrigins.some((allowed) => origin.startsWith(allowed)) ||
   isVercelPreviewUrl(origin);
 
 // @ts-ignore Deno is not visible to the IDE
 Deno.serve(async (req) => {
-    const origin = req.headers.get("origin");
-    const originIsAllowed = origin && isAllowedOrigin(origin);
-    if (req.method === "OPTIONS") {
-      return new Response(null, {
-        status: 204,
-        headers: {
-          ...(originIsAllowed ? { "Access-Control-Allow-Origin": origin } : {}),
-          "Access-Control-Allow-Methods": "GET, POST, OPTIONS",
-          "Access-Control-Allow-Headers":
-            "Content-Type, Authorization, x-vercel-protection-bypass, x-client-info, apikey",
-          "Access-Control-Max-Age": "86400",
-        },
-      });
-    }
+  const origin = req.headers.get("origin");
+  const originIsAllowed = origin && isAllowedOrigin(origin);
+  if (req.method === "OPTIONS") {
+    return new Response(null, {
+      status: 204,
+      headers: {
+        ...(originIsAllowed ? { "Access-Control-Allow-Origin": origin } : {}),
+        "Access-Control-Allow-Methods": "GET, POST, OPTIONS",
+        "Access-Control-Allow-Headers":
+          "Content-Type, Authorization, x-vercel-protection-bypass, x-client-info, apikey",
+        "Access-Control-Max-Age": "86400",
+      },
+    });
+  }
 
   const input = await req.json();
   // @ts-ignore Deno is not visible to the IDE