feat: validate supabase direct connections

Author: Xetera

.gitignore

@@ -37,4 +37,4 @@ lerna-debug.log*
 # Sentry Config File
 .sentryclirc
 lgtm
-sync
+/sync

src/server/http.ts

@@ -22,11 +22,24 @@ async function onSync(req: Request) {
   try {
     body = SyncRequest.parse(JSON.parse(bodyString));
   } catch (e: unknown) {
-    console.log(e);
     if (e instanceof ZodError) {
-      return new Response(e.message, { status: 400 });
+      return Response.json(
+        {
+          kind: "error",
+          type: "invalid_body",
+          error: e.issues.map((issue) => issue.message).join("\n"),
+        },
+        { status: 400 }
+      );
     }
-    return new Response("Invalid body", { status: 400 });
+    return Response.json(
+      {
+        kind: "error",
+        type: "unknown_error",
+        error: String(e),
+      },
+      { status: 400 }
+    );
   }
   const { seed, schema, requiredRows, maxRows } = body;
   const span = trace.getActiveSpan();
@@ -45,21 +58,21 @@ async function onSync(req: Request) {
   span?.setAttribute("requiredRows", requiredRows);
   span?.setAttribute("db.host", url.hostname);
   let dbUrl: URL;
-  try {
-    dbUrl = new URL(body.db);
-  } catch (e: unknown) {
-    span?.setStatus({ code: SpanStatusCode.ERROR, message: "invalid_db_url" });
-    if (e instanceof Error) {
-      return Response.json(
-        { kind: "error", type: "invalid_db_url", error: e.message },
-        { status: 400 }
-      );
-    }
-    return new Response("Invalid db url", { status: 400 });
-  }
+  // try {
+  //   dbUrl = new URL(body.db);
+  // } catch (e: unknown) {
+  //   span?.setStatus({ code: SpanStatusCode.ERROR, message: "invalid_db_url" });
+  //   if (e instanceof Error) {
+  //     return Response.json(
+  //       { kind: "error", type: "invalid_db_url", error: e.message },
+  //       { status: 400 }
+  //     );
+  //   }
+  //   return new Response("Invalid db url", { status: 400 });
+  // }
   let result: SyncResult;
   try {
-    result = await syncer.syncWithUrl(dbUrl, schema, {
+    result = await syncer.syncWithUrl(body.db, schema, {
       requiredRows,
       maxRows,
       seed,

src/server/sync.dto.ts

@@ -1,15 +1,8 @@
 import { z } from "zod/v4";
+import { Connectable } from "../sync/connectable.ts";
 
 export const SyncRequest = z.object({
-  // We shouldn't be doing separate validations on both the front end and here? Should probably consolidate
-  db: z
-    .string()
-    .refine(
-      (val) => val.startsWith("postgres://") || val.startsWith("postgresql://"),
-      {
-        message: "Must start with 'postgres://' or 'postgresql://'",
-      }
-    ),
+  db: z.string().transform(Connectable.transform),
   seed: z.coerce.number().min(0).max(1).default(0),
   schema: z.coerce.string().default("public"),
   requiredRows: z.coerce.number().positive().default(2),

src/sync/connectable.ts

@@ -0,0 +1,96 @@
+import { z } from "zod/v4";
+import { env } from "../env.ts";
+
+/**
+ * Represents a valid connection to a database.
+ * Connectable instances are always pre-validated and don't need to be validated again.
+ */
+export class Connectable {
+  private constructor(public readonly url: URL) {}
+
+  /**
+   * Custom logic for parsing a string into a Connectable through zod.
+   */
+  static transform(
+    urlString: string,
+    ctx: z.RefinementCtx<string>
+  ): Connectable {
+    if (
+      !urlString.startsWith("postgres://") &&
+      !urlString.startsWith("postgresql://")
+    ) {
+      ctx.addIssue({
+        code: "custom",
+        message: "URL must start with 'postgres://' or 'postgresql://'",
+        expected: "string",
+        input: urlString,
+      });
+      return z.NEVER;
+    }
+
+    let url: URL;
+    try {
+      url = new URL(urlString);
+    } catch (_: unknown) {
+      ctx.addIssue({
+        code: "invalid_type",
+        message: "Invalid URL",
+        expected: "string",
+        input: urlString,
+      });
+      return z.NEVER;
+    }
+    // we don't want to allow localhost access for hosted sync instances
+    // to prevent users from connecting to our hosted db
+    // (even though all our dbs should should be password protected)
+    const isLocalhost =
+      url.hostname === "localhost" ||
+      // ipv4 localhost
+      /^127\.\d{1,3}\.\d{1,3}\.\d{1,3}$/.test(url.hostname) ||
+      // ipv6 localhost
+      url.hostname === "[::1]";
+    if (isLocalhost && env.HOSTED) {
+      ctx.addIssue({
+        code: "custom",
+        message:
+          "Syncing to localhost is not allowed. Run the sync server locally to access your local database",
+      });
+    }
+    // Our current hosted sync instances do not support ipv6
+    // we need users to use pooler.supabase.com instead
+    if (env.HOSTED && Connectable.isDirectSupabaseConnection(url)) {
+      const account = Connectable.extractSupabaseAccount(url);
+      // send the user directly to the right place if there's an account available
+      const link = account
+        ? `https://supabase.com/dashboard/project/${account}?showConnect=true`
+        : "https://supabase.com/docs/guides/troubleshooting/supabase--your-network-ipv4-and-ipv6-compatibility-cHe3BP";
+      ctx.addIssue({
+        code: "custom",
+        message: `You are using a direct connection to a supabase instance. Supabase does not accept IPv4 connections, try using a transaction pooler connection instead ${link}`,
+      });
+    }
+    if (ctx.issues.length > 0) {
+      return z.NEVER;
+    }
+    return new Connectable(url);
+  }
+
+  private static extractSupabaseAccount(url: URL): string | undefined {
+    const match = url.toString().match(/db\.(\w+)\.supabase\.co/);
+    if (!match) {
+      return;
+    }
+    return match[1];
+  }
+
+  private static isDirectSupabaseConnection(url: URL) {
+    return (
+      url.hostname.includes("supabase.co") &&
+      !url.hostname.includes("pooler.supabase.co")
+    );
+  }
+
+  toString() {
+    return this.url.toString();
+  }
+}

src/sync/syncer.ts

@@ -13,7 +13,7 @@ import {
 import { PostgresSchemaLink } from "./schema.ts";
 import { withSpan } from "../otel.ts";
 import { SpanStatusCode } from "@opentelemetry/api";
-import { env } from "../env.ts";
+import { Connectable } from "./connectable.ts";
 
 type SyncOptions = DependencyAnalyzerOptions;
 
@@ -72,29 +72,11 @@ export class PostgresSyncer {
   constructor() {}
 
   async syncWithUrl(
-    url: URL,
+    connectable: Connectable,
     schemaName: string,
     options: SyncOptions
   ): Promise<SyncResult> {
-    // we don't want to allow localhost access for hosted sync instances
-    // to prevent users from connecting to our hosted db
-    // (even though all our dbs should should be password protected)
-    const isLocalhost =
-      url.hostname === "localhost" ||
-      // ipv4 localhost
-      /^127\.\d{1,3}\.\d{1,3}\.\d{1,3}$/.test(url.hostname) ||
-      // ipv6 localhost
-      url.hostname === "[::1]";
-    if (isLocalhost && env.HOSTED) {
-      return {
-        kind: "error",
-        type: "postgres_connection_error",
-        error: new Error(
-          "Syncing to localhost is not allowed. Run the sync server locally to access your local database"
-        ),
-      };
-    }
-    const urlString = url.toString();
+    const urlString = connectable.toString();
     let sql = this.connections.get(urlString);
     if (!sql) {
       sql = postgres(urlString);