ENG-589 Transfer the functionality to create spaces from vercel's space route to a supabase edge function (#291)

* Transfer the functionality to create spaces from vercel's space route to a supabase function.
This allows to not use the service key in vercel, improving security.

* Use direct route

* some repairs

* remove .npmrc

* some repairs

* Make deno typechecking of supabase edge functions part of lint stage.
Deno seems to require a very up-to-date supabase client, so update that.

* cite duplicate origins

* internal references

* Use deno lint instead of deno check. Simpler if done locally.

* re-export syntax

* comment on reexport

* ts-ignore

* make linting work, and apply linting to scripts

Author: maparent

apps/roam/package.json

@@ -30,8 +30,8 @@
     "@octokit/auth-app": "^7.1.4",
     "@octokit/core": "^6.1.3",
     "@repo/types": "*",
-    "@supabase/auth-js": "^2.70.0",
-    "@supabase/supabase-js": "^2.50.0",
+    "@supabase/auth-js": "^2.71.1",
+    "@supabase/supabase-js": "^2.52.0",
     "@tldraw/tldraw": "^2.0.0-alpha.12",
     "@vercel/blob": "^0.27.0",
     "contrast-color": "^1.0.1",

apps/roam/src/utils/supabaseContext.ts

@@ -9,7 +9,7 @@ import getBlockProps from "~/utils/getBlockProps";
 import setBlockProps from "~/utils/setBlockProps";
 import { type DGSupabaseClient } from "@repo/ui/lib/supabase/client";
 import {
-  fetchOrCreateSpaceId,
+  fetchOrCreateSpaceDirect,
   fetchOrCreatePlatformAccount,
   createLoggedInClient,
 } from "@repo/ui/lib/supabase/contextFunctions";
@@ -57,12 +57,14 @@ export const getSupabaseContext = async (): Promise<SupabaseContext | null> => {
       const url = getRoamUrl();
       const spaceName = window.roamAlphaAPI.graph.name;
       const platform: Platform = "Roam";
-      const spaceId = await fetchOrCreateSpaceId({
+      const spaceResult = await fetchOrCreateSpaceDirect({
         password: spacePassword,
         url,
         name: spaceName,
         platform,
       });
+      if (!spaceResult.data) throw new Error("Failed to create space");
+      const spaceId = spaceResult.data.id;
       const userId = await fetchOrCreatePlatformAccount({
         platform: "Roam",
         accountLocalId,

apps/website/app/api/supabase/space/route.ts

@@ -1,138 +1,15 @@
 import { NextResponse, NextRequest } from "next/server";
-import {
-  type PostgrestSingleResponse,
-  PostgrestError,
-  type User,
-} from "@supabase/supabase-js";
-import { createClient } from "~/utils/supabase/server";
-import { getOrCreateEntity, ItemValidator } from "~/utils/supabase/dbUtils";
 import {
   createApiResponse,
   handleRouteError,
   defaultOptionsHandler,
-  asPostgrestFailure,
 } from "~/utils/supabase/apiUtils";
-import { Tables, TablesInsert } from "@repo/database/types.gen.ts";
-import { spaceAnonUserEmail } from "@repo/ui/lib/utils";
-
-type SpaceDataInput = TablesInsert<"Space">;
-type SpaceRecord = Tables<"Space">;
-
-type SpaceCreationInput = SpaceDataInput & { password: string };
-
-const spaceValidator: ItemValidator<SpaceCreationInput> = (space) => {
-  if (!space || typeof space !== "object")
-    return "Invalid request body: expected a JSON object.";
-  const { name, url, platform, password } = space;
-
-  if (!name || typeof name !== "string" || name.trim() === "")
-    return "Missing or invalid name.";
-  if (!url || typeof url !== "string" || url.trim() === "")
-    return "Missing or invalid URL.";
-  if (platform === undefined || !["Roam", "Obsidian"].includes(platform))
-    return "Missing or invalid platform.";
-  if (!password || typeof password !== "string" || password.length < 8)
-    return "password must be at least 8 characters";
-  return null;
-};
-
-const processAndGetOrCreateSpace = async (
-  supabasePromise: ReturnType<typeof createClient>,
-  data: SpaceCreationInput,
-): Promise<PostgrestSingleResponse<SpaceRecord>> => {
-  const { name, url, platform, password } = data;
-  const error = spaceValidator(data);
-  if (error !== null) return asPostgrestFailure(error, "invalid space");
-
-  const supabase = await supabasePromise;
-
-  const result = await getOrCreateEntity<"Space">({
-    supabase,
-    tableName: "Space",
-    insertData: {
-      name: name.trim(),
-      url: url.trim().replace(/\/$/, ""),
-      platform,
-    },
-    uniqueOn: ["url"],
-  });
-  if (result.error) return result;
-  const space_id = result.data.id;
-
-  // this is related but each step is idempotent, so con retry w/o transaction
-  const email = spaceAnonUserEmail(platform, result.data.id);
-  let anonymousUser: User | null = null;
-  {
-    const { error, data } = await supabase.auth.signInWithPassword({
-      email,
-      password,
-    });
-    if (error && error.message !== "Invalid login credentials") {
-      // Handle unexpected errors
-      return asPostgrestFailure(error.message, "authentication_error");
-    }
-    anonymousUser = data.user;
-  }
-  if (anonymousUser === null) {
-    const resultCreateAnonymousUser = await supabase.auth.admin.createUser({
-      email,
-      password,
-      email_confirm: true,
-    });
-    if (resultCreateAnonymousUser.error) {
-      return {
-        count: null,
-        status: resultCreateAnonymousUser.error.status || -1,
-        statusText: resultCreateAnonymousUser.error.message,
-        data: null,
-        error: new PostgrestError({
-          message: resultCreateAnonymousUser.error.message,
-          details:
-            typeof resultCreateAnonymousUser.error.cause === "string"
-              ? resultCreateAnonymousUser.error.cause
-              : "",
-          hint: "",
-          code: resultCreateAnonymousUser.error.code || "unknown",
-        }),
-      }; // space created but not its user, try again
-    }
-    anonymousUser = resultCreateAnonymousUser.data.user;
-  }
-  // NOTE: The next few steps could be done as the new user, except the SpaceAccess
-  const anonPlatformUserResult = await getOrCreateEntity<"PlatformAccount">({
-    supabase,
-    tableName: "PlatformAccount",
-    insertData: {
-      platform,
-      account_local_id: email,
-      name: `Anonymous of space ${space_id}`,
-      agent_type: "anonymous",
-      dg_account: anonymousUser.id,
-    },
-    uniqueOn: ["account_local_id", "platform"],
-  });
-  if (anonPlatformUserResult.error) return anonPlatformUserResult;
-
-  const resultAnonUserSpaceAccess = await getOrCreateEntity<"SpaceAccess">({
-    supabase,
-    tableName: "SpaceAccess",
-    insertData: {
-      space_id,
-      account_id: anonPlatformUserResult.data.id,
-      editor: true,
-    },
-    uniqueOn: ["space_id", "account_id"],
-  });
-  if (resultAnonUserSpaceAccess.error) return resultAnonUserSpaceAccess; // space created but not connected, try again
-  return result;
-};
+import { fetchOrCreateSpaceDirect } from "@repo/ui/lib/supabase/contextFunctions";
 
 export const POST = async (request: NextRequest): Promise<NextResponse> => {
-  const supabasePromise = createClient();
-
   try {
-    const body: SpaceCreationInput = await request.json();
-    const result = await processAndGetOrCreateSpace(supabasePromise, body);
+    const body = await request.json();
+    const result = await fetchOrCreateSpaceDirect(body);
     return createApiResponse(request, result);
   } catch (e: unknown) {
     return handleRouteError(request, e, "/api/supabase/space");

apps/website/app/utils/supabase/apiUtils.ts

@@ -6,6 +6,9 @@ import {
 
 import { Database } from "@repo/database/types.gen.ts";
 import { createClient } from "~/utils/supabase/server";
+import { asPostgrestFailure } from "@repo/ui/lib/supabase/contextFunctions";
+// Temporarily re-exporting because many imports point here. Will be moved to a future packages/utils.
+export { asPostgrestFailure } from "@repo/ui/lib/supabase/contextFunctions";
 import cors from "~/utils/llm/cors";
 
 /**
@@ -134,23 +137,3 @@ export const makeDefaultDeleteHandler =
     const response = await supabase.from(tableName).delete().eq(pk, idN);
     return createApiResponse(request, response);
   };
-
-export const asPostgrestFailure = (
-  message: string,
-  code: string,
-  status: number = 400,
-): PostgrestSingleResponse<any> => {
-  return {
-    data: null,
-    error: {
-      message,
-      code,
-      details: "",
-      hint: "",
-      name: code,
-    },
-    count: null,
-    statusText: code,
-    status,
-  };
-};

apps/website/app/utils/supabase/server.ts

@@ -4,12 +4,10 @@ import { Database } from "@repo/database/types.gen.ts";
 
 // Inspired by https://supabase.com/ui/docs/nextjs/password-based-auth
 
-export const createClient = async (service = true) => {
+export const createClient = async () => {
   const cookieStore = await cookies();
   const supabaseUrl = process.env.SUPABASE_URL;
-  const supabaseKey = service
-    ? process.env.SUPABASE_SERVICE_ROLE_KEY
-    : process.env.SUPABASE_ANON_KEY;
+  const supabaseKey = process.env.SUPABASE_ANON_KEY;
 
   if (!supabaseUrl || !supabaseKey) {
     throw new Error("Missing required Supabase environment variables");

package-lock.json

@@ -1,11 +1,12 @@
-import base from "@repo/eslint-config/react-internal";
+import { config as base } from "@repo/eslint-config/react-internal";
 
 export default [
   ...base,
   {
     languageOptions: {
       parserOptions: {
         tsconfigRootDir: ".",
+        project: "./tsconfig.json",
       },
     },
   }

packages/database/eslint.config.mjs

@@ -6,9 +6,9 @@ import {
   type Database,
   type Enums,
 } from "@repo/database/types.gen.ts";
-import { spaceAnonUserEmail } from "@repo/ui/lib/utils";
 import {
-  fetchOrCreateSpaceId,
+  spaceAnonUserEmail,
+  fetchOrCreateSpaceIndirect,
   fetchOrCreatePlatformAccount,
 } from "@repo/ui/lib/supabase/contextFunctions";
 
@@ -117,12 +117,17 @@ When(
     if (PLATFORMS.indexOf(platform) < 0)
       throw new Error(`Platform must be one of ${PLATFORMS}`);
     const localRefs: Record<string, any> = world.localRefs || {};
-    const spaceId = await fetchOrCreateSpaceId({
+    const spaceResponse = await fetchOrCreateSpaceIndirect({
       password: SPACE_ANONYMOUS_PASSWORD,
       url: `https://roamresearch.com/#/app/${spaceName}`,
       name: spaceName,
       platform,
     });
+    if (!spaceResponse.data)
+      throw new Error(
+        `Could not create space: ${JSON.stringify(spaceResponse.error)}`,
+      );
+    const spaceId = spaceResponse.data.id;
     localRefs[spaceName] = spaceId;
     const userId = await fetchOrCreatePlatformAccount({
       platform,

packages/database/features/step-definitions/stepdefs.ts

@@ -10,10 +10,10 @@
   },
   "scripts": {
     "init": "supabase login",
-    "dev": "supabase start",
+    "dev": "supabase start && supabase functions serve",
     "stop": "supabase stop",
     "check-types": "npm run lint && supabase stop && npm run dbdiff",
-    "lint": "tsx scripts/lint.ts",
+    "lint": "eslint . && tsx scripts/lint.ts",
     "lint:fix": "tsx scripts/lint.ts -f",
     "build": "tsx scripts/build.ts",
     "test": "tsc && cucumber-js",