mirror of
https://github.com/sourcebot-dev/sourcebot.git
synced 2025-12-16 22:35:34 +00:00
f3a8fa3dab
Some checks failed
Publish to ghcr / build (linux/amd64, blacksmith-4vcpu-ubuntu-2404) (push) Has been cancelled
Publish to ghcr / build (linux/arm64, blacksmith-8vcpu-ubuntu-2204-arm) (push) Has been cancelled
Update Roadmap Released / update (push) Has been cancelled
Publish to ghcr / merge (push) Has been cancelled
* generate protobuf types * stream poc over SSE * wip: make stream search api follow existing schema. Modify UI to support streaming * fix scrolling issue * Dockerfile * wip on lezer parser grammar for query language * add lezer tree -> grpc transformer * remove spammy log message * fix syntax highlighting by adding a module resolution for @lezer/common * further wip on query language * Add case sensitivity and regexp toggles * Improved type safety / cleanup for query lang * support search contexts * update Dockerfile with query langauge package * fix filter * Add skeletons to filter panel when search is streaming * add client side caching * improved cancelation handling * add isSearchExausted flag for flagging when a search captured all results * Add back posthog search_finished event * remove zoekt tenant enforcement * migrate blocking search over to grpc. Centralize everything in searchApi * branch handling * plumb file weburl * add repo_sets filter for repositories a user has access to * refactor a bunch of stuff + add support for passing in Query IR to search api * refactor * dev README * wip on better error handling * error handling for stream path * update mcp * changelog wip * type fix * style * Support rev:* wildcard * changelog * changelog nit * feedback * fix build * update docs and remove uneeded test file
85 lines
3.1 KiB
TypeScript
85 lines
3.1 KiB
TypeScript
import 'server-only';
|
|
import { env, getDBConnectionString } from "@sourcebot/shared";
|
|
import { Prisma, PrismaClient, UserWithAccounts } from "@sourcebot/db";
|
|
import { hasEntitlement } from "@sourcebot/shared";
|
|
|
|
// @see: https://authjs.dev/getting-started/adapters/prisma
|
|
const globalForPrisma = globalThis as unknown as { prisma: PrismaClient }
|
|
|
|
const dbConnectionString = getDBConnectionString();
|
|
|
|
// @NOTE: In almost all cases, the userScopedPrismaClientExtension should be used
|
|
// (since actions & queries are scoped to a particular user). There are some exceptions
|
|
// (e.g., in initialize.ts).
|
|
//
|
|
// @todo: we can mark this as `__unsafePrisma` in the future once we've migrated
|
|
// all of the actions & queries to use the userScopedPrismaClientExtension to avoid
|
|
// accidental misuse.
|
|
export const prisma = globalForPrisma.prisma || new PrismaClient({
|
|
// @note: this code is evaluated at build time, and will throw exceptions if these env vars are not set.
|
|
// Here we explicitly check if the DATABASE_URL or the individual database variables are set, and only
|
|
...(dbConnectionString !== undefined ? {
|
|
datasources: {
|
|
db: {
|
|
url: dbConnectionString,
|
|
},
|
|
}
|
|
} : {}),
|
|
})
|
|
if (env.NODE_ENV !== "production") globalForPrisma.prisma = prisma
|
|
|
|
/**
|
|
* Creates a prisma client extension that scopes queries to striclty information
|
|
* a given user should be able to access.
|
|
*/
|
|
export const userScopedPrismaClientExtension = (user?: UserWithAccounts) => {
|
|
return Prisma.defineExtension(
|
|
(prisma) => {
|
|
return prisma.$extends({
|
|
query: {
|
|
...(env.EXPERIMENT_EE_PERMISSION_SYNC_ENABLED === 'true' && hasEntitlement('permission-syncing') ? {
|
|
repo: {
|
|
async $allOperations({ args, query }) {
|
|
const argsWithWhere = args as Record<string, unknown> & {
|
|
where?: Prisma.RepoWhereInput;
|
|
}
|
|
|
|
argsWithWhere.where = {
|
|
...(argsWithWhere.where || {}),
|
|
...getRepoPermissionFilterForUser(user),
|
|
};
|
|
|
|
return query(args);
|
|
}
|
|
}
|
|
} : {})
|
|
}
|
|
})
|
|
})
|
|
}
|
|
|
|
/**
|
|
* Returns a filter for repositories that the user has access to.
|
|
*/
|
|
export const getRepoPermissionFilterForUser = (user?: UserWithAccounts): Prisma.RepoWhereInput => {
|
|
return {
|
|
OR: [
|
|
// Only include repos that are permitted to the user
|
|
...((user && user.accounts.length > 0) ? [
|
|
{
|
|
permittedAccounts: {
|
|
some: {
|
|
accountId: {
|
|
in: user.accounts.map(account => account.id),
|
|
}
|
|
}
|
|
}
|
|
},
|
|
] : []),
|
|
// or are public.
|
|
{
|
|
isPublic: true,
|
|
}
|
|
]
|
|
}
|
|
}
|