feat(server): add sql endpoint toggle (#408)

Larkooo · web-flow · commit e253a080ee8c · 2026-01-26T11:05:29.000-06:00
* feat(server): gate sql endpoint

* refactor(server): rename sql flag

* refactor(server): rename sql flag to raw_sql

* fix(cli): allow bool value for http.sql
diff --git a/crates/cli/src/options.rs b/crates/cli/src/options.rs
@@ -330,6 +330,15 @@ pub struct ServerOptions {
     #[arg(value_delimiter = ',')]
     pub http_cors_origins: Option<Vec<String>>,
 
+    /// Enable the SQL playground and query endpoint at /sql.
+    #[arg(
+        long = "http.sql",
+        action = clap::ArgAction::Set,
+        default_value_t = true,
+        help = "Enable the SQL playground and query endpoint at /sql."
+    )]
+    pub raw_sql: bool,
+
     /// Path to the SSL certificate file (.pem)
     #[arg(
         long = "http.tls_cert_path",
@@ -360,6 +369,7 @@ impl Default for ServerOptions {
             http_addr: DEFAULT_HTTP_ADDR,
             http_port: DEFAULT_HTTP_PORT,
             http_cors_origins: None,
+            raw_sql: true,
             tls_cert_path: None,
             tls_key_path: None,
             mkcert: false,
diff --git a/crates/grpc/server/src/lib.rs b/crates/grpc/server/src/lib.rs
@@ -1183,6 +1183,10 @@ impl<P: Provider + Sync + Send + 'static> proto::world::world_server::World for
         &self,
         request: Request<proto::types::SqlQueryRequest>,
     ) -> Result<Response<proto::types::SqlQueryResponse>, Status> {
+        if !self._config.raw_sql {
+            return Err(Status::permission_denied("SQL endpoint is disabled."));
+        }
+
         let proto::types::SqlQueryRequest { query } = request.into_inner();
 
         // Execute the query
@@ -1227,6 +1231,7 @@ pub struct GrpcConfig {
     pub http2_keepalive_interval: Duration,
     pub http2_keepalive_timeout: Duration,
     pub max_message_size: usize,
+    pub raw_sql: bool,
 }
 
 impl Default for GrpcConfig {
@@ -1238,6 +1243,7 @@ impl Default for GrpcConfig {
             http2_keepalive_interval: Duration::from_secs(30),
             http2_keepalive_timeout: Duration::from_secs(10),
             max_message_size: 16 * 1024 * 1024,
+            raw_sql: true,
         }
     }
 }
diff --git a/crates/runner/src/lib.rs b/crates/runner/src/lib.rs
@@ -740,6 +740,7 @@ impl Runner {
                     self.args.grpc.http2_keepalive_timeout,
                 ),
                 max_message_size: self.args.grpc.max_message_size,
+                raw_sql: self.args.server.raw_sql,
             },
             Some(grpc_bind_addr),
         )
@@ -757,6 +758,7 @@ impl Runner {
             None,
             absolute_path.clone(),
             Arc::new(readonly_pool.clone()),
+            self.args.server.raw_sql,
             storage.clone(),
             provider.clone(),
             self.version_spec.clone(),
@@ -837,7 +839,11 @@ impl Runner {
         info!(target: LOG_TARGET, endpoint = %addr, protocol = %protocol, "Starting torii endpoint.");
         info!(target: LOG_TARGET, endpoint = %grpc_addr, "Serving gRPC endpoint.");
         info!(target: LOG_TARGET, endpoint = %gql_endpoint, "Serving Graphql playground.");
-        info!(target: LOG_TARGET, endpoint = %sql_endpoint, "Serving SQL playground.");
+        if self.args.server.raw_sql {
+            info!(target: LOG_TARGET, endpoint = %sql_endpoint, "Serving SQL playground.");
+        } else {
+            info!(target: LOG_TARGET, "SQL endpoint is disabled.");
+        }
         info!(target: LOG_TARGET, endpoint = %mcp_endpoint, "Serving MCP endpoint.");
         info!(target: LOG_TARGET, url = %explorer_url, "Serving World Explorer.");
         info!(target: LOG_TARGET, path = %artifacts_path, "Serving ERC artifacts at path");
diff --git a/crates/server/src/handlers/sql.rs b/crates/server/src/handlers/sql.rs
@@ -12,11 +12,12 @@ use super::Handler;
 #[derive(Debug)]
 pub struct SqlHandler {
     pool: Arc<SqlitePool>,
+    enabled: bool,
 }
 
 impl SqlHandler {
-    pub fn new(pool: Arc<SqlitePool>) -> Self {
-        Self { pool }
+    pub fn new(pool: Arc<SqlitePool>, enabled: bool) -> Self {
+        Self { pool, enabled }
     }
 
     pub async fn execute_query(&self, query: String) -> Response<Body> {
@@ -46,6 +47,14 @@ impl SqlHandler {
         }
     }
 
+    fn disabled_response(&self) -> Response<Body> {
+        Response::builder()
+            .status(StatusCode::FORBIDDEN)
+            .header(CONTENT_TYPE, "text/plain")
+            .body(Body::from("SQL endpoint is disabled."))
+            .unwrap()
+    }
+
     async fn serve_playground(&self) -> Response<Body> {
         let html = include_str!("../../static/sql-playground.html");
 
@@ -58,6 +67,10 @@ impl SqlHandler {
     }
 
     async fn handle_request(&self, req: Request<Body>) -> Response<Body> {
+        if !self.enabled {
+            return self.disabled_response();
+        }
+
         if req.method() == Method::GET && req.uri().query().unwrap_or_default().is_empty() {
             self.serve_playground().await
         } else {
diff --git a/crates/server/src/proxy.rs b/crates/server/src/proxy.rs
@@ -167,6 +167,7 @@ impl<P: Provider + Sync + Send + Debug + 'static> Proxy<P> {
         graphql_addr: Option<SocketAddr>,
         artifacts_dir: Utf8PathBuf,
         pool: Arc<SqlitePool>,
+        raw_sql: bool,
         storage: Arc<S>,
         provider: P,
         version_spec: String,
@@ -176,7 +177,7 @@ impl<P: Provider + Sync + Send + Debug + 'static> Proxy<P> {
         let grpc_proxy_client = Arc::new(create_grpc_proxy_client(&proxy_settings));
         let websocket_proxy_client = Arc::new(create_websocket_proxy_client());
 
-        let handlers: Arc<RwLock<Vec<Box<dyn Handler>>>> = Arc::new(RwLock::new(vec![
+        let handlers: Vec<Box<dyn Handler>> = vec![
             Box::new(GraphQLHandler::new(
                 graphql_addr,
                 grpc_proxy_client.clone(),
@@ -185,9 +186,11 @@ impl<P: Provider + Sync + Send + Debug + 'static> Proxy<P> {
             Box::new(GrpcHandler::new(grpc_addr, grpc_proxy_client.clone())),
             Box::new(McpHandler::new(pool.clone())),
             Box::new(MetadataHandler::new(storage.clone(), provider)),
-            Box::new(SqlHandler::new(pool.clone())),
+            Box::new(SqlHandler::new(pool.clone(), raw_sql)),
             Box::new(StaticHandler::new(artifacts_dir, (*pool).clone())),
-        ]));
+        ];
+
+        let handlers: Arc<RwLock<Vec<Box<dyn Handler>>>> = Arc::new(RwLock::new(handlers));
 
         Self {
             addr,

Original file line number	Diff line number	Diff line change
`@@ -1183,6 +1183,10 @@ impl<P: Provider + Sync + Send + 'static> proto::world::world_server::World for`
`1183`	`1183`	`&self,`
`1184`	`1184`	`request: Request<proto::types::SqlQueryRequest>,`
`1185`	`1185`	`) -> Result<Response<proto::types::SqlQueryResponse>, Status> {`
	`1186`	`+ if !self._config.raw_sql {`
	`1187`	`+ return Err(Status::permission_denied("SQL endpoint is disabled."));`
	`1188`	`+ }`
	`1189`	`+`
`1186`	`1190`	`let proto::types::SqlQueryRequest { query } = request.into_inner();`
`1187`	`1191`
`1188`	`1192`	`// Execute the query`
`@@ -1227,6 +1231,7 @@ pub struct GrpcConfig {`
`1227`	`1231`	`pub http2_keepalive_interval: Duration,`
`1228`	`1232`	`pub http2_keepalive_timeout: Duration,`
`1229`	`1233`	`pub max_message_size: usize,`
	`1234`	`+ pub raw_sql: bool,`
`1230`	`1235`	`}`
`1231`	`1236`
`1232`	`1237`	`impl Default for GrpcConfig {`
`@@ -1238,6 +1243,7 @@ impl Default for GrpcConfig {`
`1238`	`1243`	`http2_keepalive_interval: Duration::from_secs(30),`
`1239`	`1244`	`http2_keepalive_timeout: Duration::from_secs(10),`
`1240`	`1245`	`max_message_size: 16 * 1024 * 1024,`
	`1246`	`+ raw_sql: true,`
`1241`	`1247`	`}`
`1242`	`1248`	`}`
`1243`	`1249`	`}`