Feature: Dashboard DB access routes#2153
Conversation
![claude[bot]](https://avatars.githubusercontent.com/in/1236702?s=60&v=4){kind=small}
…abase-admin-migration
…github.com/e2b-dev/infra into feature/dashboard-supabase-admin-migration
…github.com/e2b-dev/infra into feature/dashboard-supabase-admin-migration
…enerate protobuf files with protoc-gen-go v1.36.11
…QL queries related to team members and team resolution
…github.com/e2b-dev/infra into feature/dashboard-supabase-admin-migration
ben-fornefeld
requested review from
ValentaTomas,
dobrac and
jakubno
as code owners
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 3241207317
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
| @@ -0,0 +1,21 @@ | |||
| -- +goose Up | |||
There was a problem hiding this comment.
This migration is added under packages/db/pkg/dashboard/migrations, but our migration runner and version gating only read packages/db/migrations (see packages/db/scripts/migrator.go using migrationsDir = "./migrations" and scripts/get-latest-migration.sh scanning packages/db/migrations). That means public.env_defaults and teams.profile_picture_url will not be created in deployed databases while new queries already reference them, causing runtime SQL errors on the new dashboard endpoints.
Useful? React with 👍 / 👎.
| "github.com/e2b-dev/infra/packages/shared/pkg/telemetry" | ||
| ) | ||
|
|
||
| func (s *APIStore) PatchTeamsTeamId(c *gin.Context, _ api.TeamId) { |
There was a problem hiding this comment.
This endpoint ignores the teamId path parameter (_ api.TeamId) and updates teamInfo.Team.ID from auth context instead, so /teams/{A} with header team {B} still mutates team B. That mismatch makes the URL identity unreliable and can lead clients to update the wrong team unless path and auth team are explicitly checked.
Useful? React with 👍 / 👎.
…github.com/e2b-dev/infra into feature/dashboard-supabase-admin-migration
dobrac
left a comment
dobrac
left a comment
There was a problem hiding this comment.
lgtm in general, just small nits
… ensure proper locking behavior
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
dobrac
left a comment
dobrac
left a comment
There was a problem hiding this comment.
please check the open conversations, otherwise lgtm!
| return &b.Name | ||
| } | ||
|
|
||
| func parseUpdateTeamBody(bodyReader io.Reader) (updateTeamBody, error) { |
There was a problem hiding this comment.
this function is now not used, correct?
There was a problem hiding this comment.
no it's still used. the abstraction i added takes custom io.Reader parser as input
…github.com/e2b-dev/infra into feature/dashboard-supabase-admin-migration
…abase-admin-migration
* wip: create initial routes and queries * add: resolve team by slug * revert: outcommented sql migration check in dashboard api * chore: auto-commit generated changes * fix: update description for team identity resolution endpoint to clarify slug usage * feat: profile picture crud * chore: auto-commit generated changes * chore: move sql and migration files from this branch into separate dashboard db pkg * refactor: update database access method in teams_list handler and regenerate protobuf files with protoc-gen-go v1.36.11 * chore: auto-commit generated changes * refactor: rename GetDefaultTemplateAliases method and remove unused SQL queries related to team members and team resolution * chore: address comments * improve: team member update error handling + update team profile picture clearability * chore: auto-commit generated changes * refactor: standardize team ID naming across API and handlers * fix: lint * chore: share gin body parser utils * refactor: update team member handling and improve error management in API * test: add unit test for handling deletion of default team members and ensure proper locking behavior * chore: auto-commit generated changes * refactor: team member add/delete handling * add: team blockage information in teams list --------- Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
3 participants
Note
Medium Risk
Adds new dashboard API endpoints plus DB schema/query changes (team profile picture, default templates, team membership mutations) that impact persisted data and authorization checks. Main risk is incorrect auth/team scoping or transactional edge cases when adding/removing members.
Overview
Adds Dashboard API endpoints to list a user’s teams, resolve a team by slug, update team details (including clearing
profilePictureUrl), manage team members (list/add/remove with transactional locking to prevent removing defaults/last member), and list default templates with latest uploaded build info and aliases. This is backed by new dashboard DB migrations (env_defaults,teams.profile_picture_url), new sqlc queries/types for teams/members/templates, and a sharedginutilsbody parsing helper that replaces the API service’s local request parsing utility.Written by Cursor Bugbot for commit 3bd7da4. This will update automatically on new commits. Configure here.