StanGirard/quivr
1
1
Fork 0
mirror of https://github.com/StanGirard/quivr.git synced 2024-11-23 12:26:03 +03:00
Code Issues Packages Projects Releases Wiki Activity

feat: supabase vault (#1605)

Browse Source 
# Description

https://github.com/StanGirard/quivr/issues/1551

## Checklist before requesting a review

Please delete options that are not relevant.

- [ ] My code follows the style guidelines of this project
- [ ] I have performed a self-review of my code
- [ ] I have commented hard-to-understand areas
- [ ] I have ideally added tests that prove my fix is effective or that
my feature works
- [ ] New and existing unit tests pass locally with my changes
- [ ] Any dependent changes have been merged

## Screenshots (if appropriate):
This commit is contained in:
Zineb El Bachiri 2023-11-07 16:57:25 +01:00 committed by GitHub
parent dd2bc1f6fc
commit ed5de8b80c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
37 changed files with 216 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
backend/repository/external_api_secret/__init__.py Normal file
View File

@ -0,0 +1,3 @@
from .create_secret import create_secret
from .delete_secret import delete_secret
from .read_secret import read_secret

21
backend/repository/external_api_secret/create_secret.py Normal file
View File

@ -0,0 +1,21 @@
from uuid import UUID
from models import get_supabase_client
from utils import build_secret_unique_name
def create_secret(
user_id: UUID, brain_id: UUID, secret_name: str, secret_value
) -> UUID | None:
supabase_client = get_supabase_client()
response = supabase_client.rpc(
"insert_secret",
{
"name": build_secret_unique_name(
user_id=user_id, brain_id=brain_id, secret_name=secret_name
),
"secret": secret_value,
},
).execute()
return response.data

18
backend/repository/external_api_secret/delete_secret.py Normal file
View File

@ -0,0 +1,18 @@
from uuid import UUID
from models import get_supabase_client
from utils import build_secret_unique_name
def delete_secret(user_id: UUID, brain_id: UUID, secret_name: str) -> bool:
supabase_client = get_supabase_client()
response = supabase_client.rpc(
"delete_secret",
{
"name": build_secret_unique_name(
user_id=user_id, brain_id=brain_id, secret_name=secret_name
),
},
).execute()
return response.data

20
backend/repository/external_api_secret/read_secret.py Normal file
View File

@ -0,0 +1,20 @@
from uuid import UUID
from models import get_supabase_client
from utils import build_secret_unique_name
def read_secret(
user_id: UUID, brain_id: UUID, secret_name: str, secret_value
) -> UUID | None:
supabase_client = get_supabase_client()
response = supabase_client.rpc(
"read_secret",
{
"secret_name": build_secret_unique_name(
user_id=user_id, brain_id=brain_id, secret_name=secret_name
),
},
).execute()
return response.data

5
backend/repository/external_api_secret/utils.py Normal file
View File

@ -0,0 +1,5 @@
from uuid import UUID
def build_secret_unique_name(user_id: UUID, brain_id: UUID, secret_name: str):
return f"{user_id}-{brain_id}-{secret_name}"

53
scripts/20231107104700_setup_vault.sql Normal file
View File

@ -0,0 +1,53 @@
CREATE OR REPLACE FUNCTION insert_secret(name text, secret text)
returns uuid
language plpgsql
security definer
set search_path = public
as $$
begin
return vault.create_secret(secret, name);
end;
$$;
create or replace function read_secret(secret_name text)
returns text
language plpgsql
security definer set search_path = public
as $$
declare
secret text;
begin
select decrypted_secret from vault.decrypted_secrets where name =
secret_name into secret;
return secret;
end;
$$;
create or replace function delete_secret(secret_name text)
returns text
language plpgsql
security definer set search_path = public
as $$
declare
deleted_rows int;
begin
delete from vault.decrypted_secrets where name = secret_name;
get diagnostics deleted_rows = row_count;
if deleted_rows = 0 then
return false;
else
return true;
end if;
end;
$$;
-- Insert a migration record if it doesn't exist
INSERT INTO migrations (name)
SELECT '20231107104700_setup_vault'
WHERE NOT EXISTS (
SELECT 1 FROM migrations WHERE name = '20231107104700_setup_vault'
);
-- Commit the changes
COMMIT;

0
scripts/20230606131110_add_uuid_user_id.sql → scripts/old_migrations/migrations_06_2023/20230606131110_add_uuid_user_id.sql
View File

0
scripts/20230620170840_add_vectors_brains.sql → scripts/old_migrations/migrations_06_2023/20230620170840_add_vectors_brains.sql
View File

0
scripts/20230620183620_use_supabase_user_id.sql → scripts/old_migrations/migrations_06_2023/20230620183620_use_supabase_user_id.sql
View File

0
scripts/20230627151100_update_match_vectors.sql → scripts/old_migrations/migrations_06_2023/20230627151100_update_match_vectors.sql
View File

0
scripts/20230629143400_add_file_sha1_brains_vectors.sql → scripts/old_migrations/migrations_06_2023/20230629143400_add_file_sha1_brains_vectors.sql
View File

0
scripts/20230701180101_add_prompts_table.sql → scripts/old_migrations/migrations_07_2023/20230701180101_add_prompts_table.sql
View File

0
scripts/202307111517030_add_subscription_invitations_table.sql → scripts/old_migrations/migrations_07_2023/202307111517030_add_subscription_invitations_table.sql
View File

0
scripts/202307111517031_change_vectors_id_type.sql → scripts/old_migrations/migrations_07_2023/202307111517031_change_vectors_id_type.sql
View File

0
scripts/20230717164900_add_get_user_email_by_user_id.sql → scripts/old_migrations/migrations_07_2023/20230717164900_add_get_user_email_by_user_id.sql
View File

0
scripts/20230717173000_add_get_user_id_by_user_email.sql → scripts/old_migrations/migrations_07_2023/20230717173000_add_get_user_id_by_user_email.sql
View File

0
scripts/202307241530031_add_fields_to_brain.sql → scripts/old_migrations/migrations_07_2023/202307241530031_add_fields_to_brain.sql
View File

0
scripts/20230731172400_add_user_identity_table.sql → scripts/old_migrations/migrations_07_2023/20230731172400_add_user_identity_table.sql
View File

0
scripts/20230802120700_add_prompt_id_to_brain.sql → scripts/old_migrations/migrations_08_2023/20230802120700_add_prompt_id_to_brain.sql
View File

0
scripts/20230809154300_add_prompt_id_brain_id_to_chat_history_table.sql → scripts/old_migrations/migrations_08_2023/20230809154300_add_prompt_id_brain_id_to_chat_history_table.sql
View File

0
scripts/202308181004030_rename_users_table.sql → scripts/old_migrations/migrations_08_2023/202308181004030_rename_users_table.sql
View File

0
scripts/202308217004800_add_public_prompts_examples.sql → scripts/old_migrations/migrations_08_2023/202308217004800_add_public_prompts_examples.sql
View File

0
scripts/20230906151400_add_notifications_table.sql → scripts/old_migrations/migrations_09_2023/20230906151400_add_notifications_table.sql
View File

0
scripts/202309127004032_add_user_limits.sql → scripts/old_migrations/migrations_09_2023/202309127004032_add_user_limits.sql
View File

0
scripts/20230913110420_add_storage_bucket.sql → scripts/old_migrations/migrations_09_2023/20230913110420_add_storage_bucket.sql
View File

0
scripts/202309151054032_add_knowledge_tables.sql → scripts/old_migrations/migrations_09_2023/202309151054032_add_knowledge_tables.sql
View File

0
scripts/202309157004032_add_sha1_column.sql → scripts/old_migrations/migrations_09_2023/202309157004032_add_sha1_column.sql
View File

0
scripts/20230921160000_add_last_update_field_to_brain.sql → scripts/old_migrations/migrations_09_2023/20230921160000_add_last_update_field_to_brain.sql
View File

0
scripts/202309307004032_change_user_settings.sql → scripts/old_migrations/migrations_09_2023/202309307004032_change_user_settings.sql
View File

0
scripts/20231004150000_add_onboarding_table.sql → scripts/old_migrations/migrations_10_2023/20231004150000_add_onboarding_table.sql
View File

0
scripts/20231005170000_add_onboarding_a_to_onboarding_table.sql → scripts/old_migrations/migrations_10_2023/20231005170000_add_onboarding_a_to_onboarding_table.sql
View File

0
scripts/20231010120000_add_create_user_onboarding_function.sql → scripts/old_migrations/migrations_10_2023/20231010120000_add_create_user_onboarding_function.sql
View File

0
scripts/20231012150000_add_creation_time_to_onboardings_table.sql → scripts/old_migrations/migrations_10_2023/20231012150000_add_creation_time_to_onboardings_table.sql
View File

0
scripts/20231023140000_add_stripe_wrapper.sql → scripts/old_migrations/migrations_10_2023/20231023140000_add_stripe_wrapper.sql
View File

0
scripts/20231023160000_copy_auth_users_to_public_users.sql → scripts/old_migrations/migrations_10_2023/20231023160000_copy_auth_users_to_public_users.sql
View File

50
scripts/pg_tables.sql
View File

@ -167,13 +167,59 @@ CREATE TABLE IF NOT EXISTS brain_subscription_invitations (
FOREIGN KEY (brain_id) REFERENCES brains (brain_id)
);
-- Create functions for secrets in vault
CREATE OR REPLACE FUNCTION insert_secret(name text, secret text)
returns uuid
language plpgsql
security definer
set search_path = public
as $$
begin
return vault.create_secret(secret, name);
end;
$$;
create or replace function read_secret(secret_name text)
returns text
language plpgsql
security definer set search_path = public
as $$
declare
secret text;
begin
select decrypted_secret from vault.decrypted_secrets where name =
secret_name into secret;
return secret;
end;
$$;
create or replace function delete_secret(secret_name text)
returns text
language plpgsql
security definer set search_path = public
as $$
declare
deleted_rows int;
begin
delete from vault.decrypted_secrets where name = secret_name;
get diagnostics deleted_rows = row_count;
if deleted_rows = 0 then
return false;
else
return true;
end if;
end;
$$;
CREATE TABLE IF NOT EXISTS migrations (
name VARCHAR(255) PRIMARY KEY,
executed_at TIMESTAMPTZ DEFAULT current_timestamp
);
INSERT INTO migrations (name)
SELECT '202307111517031_change_vectors_id_type'
SELECT '20231107104700_setup_vault'
WHERE NOT EXISTS (
SELECT 1 FROM migrations WHERE name = '202307111517031_change_vectors_id_type'
SELECT 1 FROM migrations WHERE name = '20231107104700_setup_vault'
);

52
scripts/tables.sql
View File

@ -398,10 +398,54 @@ CREATE POLICY "Access Quivr Storage 1jccrwz_2" ON storage.objects FOR UPDATE TO
CREATE POLICY "Access Quivr Storage 1jccrwz_3" ON storage.objects FOR DELETE TO anon USING (bucket_id = 'quivr');
-- Create functions for secrets in vault
CREATE OR REPLACE FUNCTION insert_secret(name text, secret text)
returns uuid
language plpgsql
security definer
set search_path = public
as $$
begin
return vault.create_secret(secret, name);
end;
$$;
create or replace function read_secret(secret_name text)
returns text
language plpgsql
security definer set search_path = public
as $$
declare
secret text;
begin
select decrypted_secret from vault.decrypted_secrets where name =
secret_name into secret;
return secret;
end;
$$;
create or replace function delete_secret(secret_name text)
returns text
language plpgsql
security definer set search_path = public
as $$
declare
deleted_rows int;
begin
delete from vault.decrypted_secrets where name = secret_name;
get diagnostics deleted_rows = row_count;
if deleted_rows = 0 then
return false;
else
return true;
end if;
end;
$$;
INSERT INTO migrations (name)
SELECT '20231106110000_add_field_brain_type_to_brain_table'
SELECT '20231107104700_setup_vault'
WHERE NOT EXISTS (
SELECT 1 FROM migrations WHERE name = '20231106110000_add_field_brain_type_to_brain_table'
SELECT 1 FROM migrations WHERE name = '20231107104700_setup_vault'
);