Deprecate getAPIKeys from project settings v2, use new api keys endpoint instead (supabase#37300)

* Deprecate getAPIKeys from project settings v2, use new api keys endpoint instead

* use getPreferredKeys where appropriate

* Prevent usage of secret key for storage and realtime inspector

* Add dashboard API api-keys endpoint

* Simplify

* Disable edge functions test if legacy api keys are disabled

* Revert

* Fix graphiql

* Remove all usage of api keys from project settings, except DisplayApiSettings

* Update

* Fix

* Small fix for an undefined upload url.

* Fix the storage state initialization when the resumable url changes.

---------

Co-authored-by: Ivan Vasilov <[email protected]>

Author: joshenlim

apps/studio/components/interfaces/App/CommandMenu/ApiKeys.tsx

@@ -1,8 +1,8 @@
 import { Key } from 'lucide-react'
 import { useMemo } from 'react'
 
-import { getAPIKeys, useProjectSettingsV2Query } from 'data/config/project-settings-v2-query'
-import { useSelectedProject } from 'hooks/misc/useSelectedProject'
+import { getKeys, useAPIKeysQuery } from 'data/api-keys/api-keys-query'
+import { useSelectedProjectQuery } from 'hooks/misc/useSelectedProject'
 import { Badge, copyToClipboard } from 'ui'
 import type { ICommand } from 'ui-patterns/CommandMenu'
 import {
@@ -21,14 +21,11 @@ export function useApiKeysCommands() {
   const setIsOpen = useSetCommandMenuOpen()
   const setPage = useSetPage()
 
-  const project = useSelectedProject()
+  const { data: project } = useSelectedProjectQuery()
   const ref = project?.ref || '_'
 
-  const { data: settings } = useProjectSettingsV2Query(
-    { projectRef: project?.ref },
-    { enabled: !!project }
-  )
-  const { anonKey, serviceKey } = getAPIKeys(settings)
+  const { data: apiKeys } = useAPIKeysQuery({ projectRef: project?.ref, reveal: true })
+  const { anonKey, serviceKey, publishableKey, allSecretKeys } = getKeys(apiKeys)
 
   const commands = useMemo(
     () =>
@@ -42,9 +39,10 @@ export function useApiKeysCommands() {
               setIsOpen(false)
             },
             badge: () => (
-              <span className="flex items-center gap-2">
+              <span className="flex items-center gap-x-1">
                 <Badge>Project: {project?.name}</Badge>
                 <Badge>Public</Badge>
+                <Badge className="capitalize">{anonKey.type}</Badge>
               </span>
             ),
             icon: () => <Key />,
@@ -58,13 +56,47 @@ export function useApiKeysCommands() {
               setIsOpen(false)
             },
             badge: () => (
-              <span className="flex items-center gap-2">
+              <span className="flex items-center gap-x-1">
                 <Badge>Project: {project?.name}</Badge>
                 <Badge variant="destructive">Secret</Badge>
+                <Badge className="capitalize">{serviceKey.type}</Badge>
+              </span>
+            ),
+            icon: () => <Key />,
+          },
+        project &&
+          publishableKey && {
+            id: 'publishable-key',
+            name: `Copy publishable key`,
+            action: () => {
+              copyToClipboard(publishableKey.api_key ?? '')
+              setIsOpen(false)
+            },
+            badge: () => (
+              <span className="flex items-center gap-x-1">
+                <Badge>Project: {project?.name}</Badge>
+                <Badge className="capitalize">{publishableKey.type}</Badge>
               </span>
             ),
             icon: () => <Key />,
           },
+        ...(project && allSecretKeys
+          ? allSecretKeys.map((key) => ({
+              id: key.id,
+              name: `Copy secret key (${key.name})`,
+              action: () => {
+                copyToClipboard(key.api_key ?? '')
+                setIsOpen(false)
+              },
+              badge: () => (
+                <span className="flex items-center gap-x-1">
+                  <Badge>Project: {project?.name}</Badge>
+                  <Badge className="capitalize">{key.type}</Badge>
+                </span>
+              ),
+              icon: () => <Key />,
+            }))
+          : []),
         !(anonKey || serviceKey) && {
           id: 'api-keys-project-settings',
           name: 'See API keys in Project Settings',

apps/studio/components/interfaces/Connect/Connect.tsx

@@ -7,8 +7,8 @@ import { useMemo, useState } from 'react'
 import { DatabaseConnectionString } from 'components/interfaces/Connect/DatabaseConnectionString'
 import { ButtonTooltip } from 'components/ui/ButtonTooltip'
 import Panel from 'components/ui/Panel'
-import { useAPIKeysQuery } from 'data/api-keys/api-keys-query'
-import { getAPIKeys, useProjectSettingsV2Query } from 'data/config/project-settings-v2-query'
+import { getKeys, useAPIKeysQuery } from 'data/api-keys/api-keys-query'
+import { useProjectSettingsV2Query } from 'data/config/project-settings-v2-query'
 import { useCheckPermissions } from 'hooks/misc/useCheckPermissions'
 import { useSelectedProject } from 'hooks/misc/useSelectedProject'
 import { PROJECT_STATUS } from 'lib/constants'
@@ -138,21 +138,28 @@ export const Connect = () => {
     return []
   }
 
-  const { anonKey } = canReadAPIKeys ? getAPIKeys(settings) : { anonKey: null }
-  const { data: apiKeys } = useAPIKeysQuery({ projectRef, reveal: false })
+  const { data: apiKeys } = useAPIKeysQuery({ projectRef })
+  const { anonKey, publishableKey } = canReadAPIKeys
+    ? getKeys(apiKeys)
+    : { anonKey: null, publishableKey: null }
 
   const projectKeys = useMemo(() => {
     const protocol = settings?.app_config?.protocol ?? 'https'
     const endpoint = settings?.app_config?.endpoint ?? ''
     const apiHost = canReadAPIKeys ? `${protocol}://${endpoint ?? '-'}` : ''
 
-    const apiUrl = canReadAPIKeys ? apiHost : null
     return {
       apiUrl: apiHost ?? null,
       anonKey: anonKey?.api_key ?? null,
-      publishableKey: apiKeys?.find(({ type }) => type === 'publishable')?.api_key ?? null,
+      publishableKey: publishableKey?.api_key ?? null,
     }
-  }, [apiKeys, anonKey, canReadAPIKeys, settings])
+  }, [
+    settings?.app_config?.protocol,
+    settings?.app_config?.endpoint,
+    canReadAPIKeys,
+    anonKey?.api_key,
+    publishableKey?.api_key,
+  ])
 
   const filePath = getContentFilePath({
     connectionObject,

apps/studio/components/interfaces/Database/Hooks/FormContents.tsx

@@ -227,8 +227,8 @@ export const FormContents = ({
         errors={errors}
         httpHeaders={httpHeaders}
         httpParameters={httpParameters}
-        onAddHeader={(header?: any) => {
-          if (header) setHttpHeaders(httpHeaders.concat(header))
+        onAddHeaders={(headers?: any[]) => {
+          if (headers) setHttpHeaders(httpHeaders.concat(headers))
           else setHttpHeaders(httpHeaders.concat({ id: uuidv4(), name: '', value: '' }))
         }}
         onUpdateHeader={(idx, property, value) =>

apps/studio/components/interfaces/Database/Hooks/HTTPRequestFields.tsx

@@ -5,7 +5,7 @@ import { useParams } from 'common'
 import { useProjectContext } from 'components/layouts/ProjectLayout/ProjectContext'
 import { ButtonTooltip } from 'components/ui/ButtonTooltip'
 import { FormSection, FormSectionContent, FormSectionLabel } from 'components/ui/Forms/FormSection'
-import { getAPIKeys, useProjectSettingsV2Query } from 'data/config/project-settings-v2-query'
+import { getKeys, useAPIKeysQuery } from 'data/api-keys/api-keys-query'
 import { useEdgeFunctionsQuery } from 'data/edge-functions/edge-functions-query'
 import { uuidv4 } from 'lib/helpers'
 import {
@@ -27,7 +27,7 @@ interface HTTPRequestFieldsProps {
   errors: any
   httpHeaders: HTTPArgument[]
   httpParameters: HTTPArgument[]
-  onAddHeader: (header?: any) => void
+  onAddHeaders: (headers?: any[]) => void
   onUpdateHeader: (idx: number, property: string, value: string) => void
   onRemoveHeader: (idx: number) => void
   onAddParameter: () => void
@@ -40,21 +40,22 @@ const HTTPRequestFields = ({
   errors,
   httpHeaders = [],
   httpParameters = [],
-  onAddHeader,
+  onAddHeaders,
   onUpdateHeader,
   onRemoveHeader,
   onAddParameter,
   onUpdateParameter,
   onRemoveParameter,
 }: HTTPRequestFieldsProps) => {
-  const { project: selectedProject } = useProjectContext()
   const { ref } = useParams()
-  const { data: settings } = useProjectSettingsV2Query({ projectRef: ref })
+  const { project: selectedProject } = useProjectContext()
+
   const { data: functions } = useEdgeFunctionsQuery({ projectRef: ref })
+  const { data: apiKeys } = useAPIKeysQuery({ projectRef: ref, reveal: true })
 
   const edgeFunctions = functions ?? []
-  const { serviceKey } = getAPIKeys(settings)
-  const apiKey = serviceKey?.api_key ?? '[YOUR API KEY]'
+  const { serviceKey, secretKey } = getKeys(apiKeys)
+  const apiKey = secretKey?.api_key ?? serviceKey?.api_key ?? '[YOUR API KEY]'
 
   return (
     <>
@@ -159,30 +160,37 @@ const HTTPRequestFields = ({
                 size="tiny"
                 icon={<Plus />}
                 className={cn(type === 'supabase_function' && 'rounded-r-none px-3')}
-                onClick={onAddHeader}
+                onClick={() => onAddHeaders()}
               >
                 Add a new header
               </Button>
               {type === 'supabase_function' && (
                 <DropdownMenu>
                   <DropdownMenuTrigger asChild>
-                    <Button type="default" className="rounded-l-none px-[4px] py-[5px]">
-                      <ChevronDown />
-                    </Button>
+                    <Button
+                      type="default"
+                      icon={<ChevronDown />}
+                      className="rounded-l-none px-[4px] py-[5px]"
+                    />
                   </DropdownMenuTrigger>
                   <DropdownMenuContent align="end" side="bottom">
                     <DropdownMenuItem
                       key="add-auth-header"
-                      onClick={() =>
-                        onAddHeader({
-                          id: uuidv4(),
-                          name: 'Authorization',
-                          value: `Bearer ${apiKey}`,
-                        })
-                      }
+                      onClick={() => {
+                        onAddHeaders([
+                          {
+                            id: uuidv4(),
+                            name: 'Authorization',
+                            value: `Bearer ${apiKey}`,
+                          },
+                          ...(serviceKey?.type === 'secret'
+                            ? [{ id: uuidv4(), name: 'apikey', value: apiKey }]
+                            : []),
+                        ])
+                      }}
                     >
                       <div className="space-y-1">
-                        <p className="block text-foreground">Add auth header with service key</p>
+                        <p className="block text-foreground">Add auth header with secret key</p>
                         <p className="text-foreground-light">
                           Required if your edge function enforces JWT verification
                         </p>
@@ -192,11 +200,13 @@ const HTTPRequestFields = ({
                     <DropdownMenuItem
                       key="add-source-header"
                       onClick={() =>
-                        onAddHeader({
-                          id: uuidv4(),
-                          name: 'x-supabase-webhook-source',
-                          value: `[Use a secret value]`,
-                        })
+                        onAddHeaders([
+                          {
+                            id: uuidv4(),
+                            name: 'x-supabase-webhook-source',
+                            value: `[Use a secret value]`,
+                          },
+                        ])
                       }
                     >
                       <div className="space-y-1">

apps/studio/components/interfaces/Docs/Authentication.tsx

@@ -1,7 +1,8 @@
 import Link from 'next/link'
 
 import { useParams } from 'common'
-import { getAPIKeys, useProjectSettingsV2Query } from 'data/config/project-settings-v2-query'
+import { getKeys, useAPIKeysQuery } from 'data/api-keys/api-keys-query'
+import { useProjectSettingsV2Query } from 'data/config/project-settings-v2-query'
 import CodeSnippet from './CodeSnippet'
 import Snippets from './Snippets'
 
@@ -12,9 +13,10 @@ interface AuthenticationProps {
 
 const Authentication = ({ selectedLang, showApiKey }: AuthenticationProps) => {
   const { ref: projectRef } = useParams()
+  const { data: apiKeys } = useAPIKeysQuery({ projectRef })
   const { data: settings } = useProjectSettingsV2Query({ projectRef })
 
-  const { anonKey, serviceKey } = getAPIKeys(settings)
+  const { anonKey, serviceKey } = getKeys(apiKeys)
   const protocol = settings?.app_config?.protocol ?? 'https'
   const hostEndpoint = settings?.app_config?.endpoint
   const endpoint = `${protocol}://${hostEndpoint ?? ''}`

apps/studio/components/interfaces/Functions/EdgeFunctionDetails/EdgeFunctionDetails.constants.ts

@@ -12,7 +12,7 @@ export const INVOCATION_TABS: InvocationTab[] = [
     label: 'cURL',
     language: 'bash',
     code: (functionUrl, _, apiKey) => `curl -L -X POST '${functionUrl}' \\
-  -H 'Authorization: Bearer ${apiKey}' \\
+  -H 'Authorization: Bearer ${apiKey}' \\ ${apiKey.includes('publishable') ? `\n  -H 'apikey: ${apiKey}' \\` : ''}
   -H 'Content-Type: application/json' \\
   --data '{"name":"Functions"}'`,
   },

apps/studio/components/interfaces/Functions/EdgeFunctionDetails/EdgeFunctionDetails.tsx

@@ -12,7 +12,8 @@ import z from 'zod'
 import { useParams } from 'common'
 import { ScaffoldSection, ScaffoldSectionTitle } from 'components/layouts/Scaffold'
 import AlertError from 'components/ui/AlertError'
-import { getAPIKeys, useProjectSettingsV2Query } from 'data/config/project-settings-v2-query'
+import { getKeys, useAPIKeysQuery } from 'data/api-keys/api-keys-query'
+import { useProjectSettingsV2Query } from 'data/config/project-settings-v2-query'
 import { useCustomDomainsQuery } from 'data/custom-domains/custom-domains-query'
 import { useEdgeFunctionQuery } from 'data/edge-functions/edge-function-query'
 import { useEdgeFunctionDeleteMutation } from 'data/edge-functions/edge-functions-delete-mutation'
@@ -60,6 +61,7 @@ export const EdgeFunctionDetails = () => {
   const [showDeleteModal, setShowDeleteModal] = useState(false)
   const canUpdateEdgeFunction = useCheckPermissions(PermissionAction.FUNCTIONS_WRITE, '*')
 
+  const { data: apiKeys } = useAPIKeysQuery({ projectRef })
   const { data: settings } = useProjectSettingsV2Query({ projectRef })
   const { data: customDomainData } = useCustomDomainsQuery({ projectRef })
   const {
@@ -86,8 +88,8 @@ export const EdgeFunctionDetails = () => {
     defaultValues: { name: '', verify_jwt: false },
   })
 
-  const { anonKey } = getAPIKeys(settings)
-  const apiKey = anonKey?.api_key ?? '[YOUR ANON KEY]'
+  const { anonKey, publishableKey } = getKeys(apiKeys)
+  const apiKey = publishableKey?.api_key ?? anonKey?.api_key ?? '[YOUR ANON KEY]'
 
   const protocol = settings?.app_config?.protocol ?? 'https'
   const endpoint = settings?.app_config?.endpoint ?? ''

apps/studio/components/interfaces/Functions/EdgeFunctionDetails/EdgeFunctionTesterSheet.tsx

@@ -6,9 +6,10 @@ import * as z from 'zod'
 
 import { useParams } from 'common'
 import { RoleImpersonationPopover } from 'components/interfaces/RoleImpersonationSelector'
+import { getKeys, useAPIKeysQuery } from 'data/api-keys/api-keys-query'
 import { useSessionAccessTokenQuery } from 'data/auth/session-access-token-query'
 import { useProjectPostgrestConfigQuery } from 'data/config/project-postgrest-config-query'
-import { getAPIKeys, useProjectSettingsV2Query } from 'data/config/project-settings-v2-query'
+import { useProjectSettingsV2Query } from 'data/config/project-settings-v2-query'
 import { useEdgeFunctionTestMutation } from 'data/edge-functions/edge-function-test-mutation'
 import { useSendEventMutation } from 'data/telemetry/send-event-mutation'
 import { useSelectedOrganization } from 'hooks/misc/useSelectedOrganization'
@@ -86,10 +87,11 @@ export const EdgeFunctionTesterSheet = ({ visible, onClose }: EdgeFunctionTester
   const [response, setResponse] = useState<ResponseData | null>(null)
   const [error, setError] = useState<string | null>(null)
 
+  const { data: apiKeys } = useAPIKeysQuery({ projectRef })
   const { data: config } = useProjectPostgrestConfigQuery({ projectRef })
   const { data: settings } = useProjectSettingsV2Query({ projectRef })
   const { data: accessToken } = useSessionAccessTokenQuery({ enabled: IS_PLATFORM })
-  const { serviceKey } = getAPIKeys(settings)
+  const { serviceKey } = getKeys(apiKeys)
 
   const { mutate: sendEvent } = useSendEventMutation()
   const { mutate: testEdgeFunction, isLoading } = useEdgeFunctionTestMutation({

apps/studio/components/interfaces/Functions/TerminalInstructions.tsx

@@ -6,7 +6,8 @@ import { useParams } from 'common'
 import CommandRender from 'components/interfaces/Functions/CommandRender'
 import { DocsButton } from 'components/ui/DocsButton'
 import { useAccessTokensQuery } from 'data/access-tokens/access-tokens-query'
-import { getAPIKeys, useProjectSettingsV2Query } from 'data/config/project-settings-v2-query'
+import { getKeys, useAPIKeysQuery } from 'data/api-keys/api-keys-query'
+import { useProjectSettingsV2Query } from 'data/config/project-settings-v2-query'
 import { useCustomDomainsQuery } from 'data/custom-domains/custom-domains-query'
 import {
   Button,
@@ -30,11 +31,12 @@ export const TerminalInstructions = forwardRef<
   const [showInstructions, setShowInstructions] = useState(!closable)
 
   const { data: tokens } = useAccessTokensQuery()
+  const { data: apiKeys } = useAPIKeysQuery({ projectRef })
   const { data: settings } = useProjectSettingsV2Query({ projectRef })
   const { data: customDomainData } = useCustomDomainsQuery({ projectRef })
 
-  const { anonKey } = getAPIKeys(settings)
-  const apiKey = anonKey?.api_key ?? '[YOUR ANON KEY]'
+  const { anonKey, publishableKey } = getKeys(apiKeys)
+  const apiKey = publishableKey?.api_key ?? anonKey?.api_key ?? '[YOUR ANON KEY]'
 
   const protocol = settings?.app_config?.protocol ?? 'https'
   const endpoint = settings?.app_config?.endpoint ?? ''
@@ -74,15 +76,14 @@ export const TerminalInstructions = forwardRef<
       comment: 'Deploy your function',
     },
     {
-      command: `curl -L -X POST 'https://${projectRef}.supabase.${restUrlTld}/functions/v1/hello-world' -H 'Authorization: Bearer ${
-        apiKey ?? '[YOUR ANON KEY]'
-      }' --data '{"name":"Functions"}'`,
+      command: `curl -L -X POST 'https://${projectRef}.supabase.${restUrlTld}/functions/v1/hello-world' -H 'Authorization: Bearer ${apiKey}'${anonKey?.type === 'publishable' ? ` -H 'apikey: ${apiKey}'` : ''} --data '{"name":"Functions"}'`,
       description: 'Invokes the hello-world function',
       jsx: () => {
         return (
           <>
             <span className="text-brand-600">curl</span> -L -X POST '{functionsEndpoint}
-            /hello-world' -H 'Authorization: Bearer [YOUR ANON KEY]'{' '}
+            /hello-world' -H 'Authorization: Bearer [YOUR ANON KEY]' s
+            {anonKey?.type === 'publishable' ? " -H 'apikey: [YOUR ANON KEY]' " : ''}
             {`--data '{"name":"Functions"}'`}
           </>
         )