graph, graphql, store: Make SQL queries configurable (default: off)

Author: lutter

docs/environment-variables.md

@@ -284,3 +284,6 @@ those.
   graph-node bugs, but since it is hard to work around them, setting this
   variable to something like 10 makes it possible to work around such a bug
   while it is being fixed (default: 0)
+- `GRAPH_ENABLE_SQL_QUERIES`: Enable the experimental [SQL query
+  interface](implementation/sql-interface.md).
+  (default: false)

docs/implementation/sql-interface.md

@@ -4,6 +4,8 @@
 interface will ever be brought to production use. It's solely here to help
 evaluate the utility of such an interface**
 
+**The interface is only available if the environment variable `GRAPH_ENABLE_SQL_QUERIES` is set to `true`**
+
 SQL queries can be issued by posting a JSON document to
 `/subgraphs/sql`. The server will respond with a JSON response that
 contains the records matching the query in JSON form.

graph/src/env/mod.rs

@@ -24,6 +24,7 @@ lazy_static! {
 #[cfg(debug_assertions)]
 lazy_static! {
     pub static ref TEST_WITH_NO_REORG: Mutex<bool> = Mutex::new(false);
+    pub static ref TEST_SQL_QUERIES_ENABLED: Mutex<bool> = Mutex::new(false);
 }
 
 /// Panics if:
@@ -189,6 +190,10 @@ pub struct EnvVars {
     /// Set by the environment variable `ETHEREUM_REORG_THRESHOLD`. The default
     /// value is 250 blocks.
     reorg_threshold: BlockNumber,
+    /// Enable SQL query interface. SQL queries are disabled by default
+    /// because they are still experimental. Set by the environment variable
+    /// `GRAPH_ENABLE_SQL_QUERIES`. Off by default.
+    enable_sql_queries: bool,
     /// The time to wait between polls when using polling block ingestor.
     /// The value is set by `ETHERUM_POLLING_INTERVAL` in millis and the
     /// default is 1000.
@@ -341,6 +346,7 @@ impl EnvVars {
             external_ws_base_url: inner.external_ws_base_url,
             static_filters_threshold: inner.static_filters_threshold,
             reorg_threshold: inner.reorg_threshold,
+            enable_sql_queries: inner.enable_sql_queries.0,
             ingestor_polling_interval: Duration::from_millis(inner.ingestor_polling_interval),
             subgraph_settings: inner.subgraph_settings,
             prefer_substreams_block_streams: inner.prefer_substreams_block_streams,
@@ -414,6 +420,27 @@ impl EnvVars {
     pub fn reorg_threshold(&self) -> i32 {
         self.reorg_threshold
     }
+
+    #[cfg(debug_assertions)]
+    pub fn sql_queries_enabled(&self) -> bool {
+        // SQL queries are disabled by default for security.
+        // For testing purposes, we allow tests to enable SQL queries via TEST_SQL_QUERIES_ENABLED.
+        if *TEST_SQL_QUERIES_ENABLED.lock().unwrap() {
+            true
+        } else {
+            self.enable_sql_queries
+        }
+    }
+    #[cfg(not(debug_assertions))]
+    pub fn sql_queries_enabled(&self) -> bool {
+        self.enable_sql_queries
+    }
+
+    #[cfg(debug_assertions)]
+    pub fn enable_sql_queries_for_tests(&self, enable: bool) {
+        let mut lock = TEST_SQL_QUERIES_ENABLED.lock().unwrap();
+        *lock = enable;
+    }
 }
 
 impl Default for EnvVars {
@@ -514,6 +541,8 @@ struct Inner {
     // JSON-RPC specific.
     #[envconfig(from = "ETHEREUM_REORG_THRESHOLD", default = "250")]
     reorg_threshold: BlockNumber,
+    #[envconfig(from = "GRAPH_ENABLE_SQL_QUERIES", default = "false")]
+    enable_sql_queries: EnvVarBoolean,
     #[envconfig(from = "ETHEREUM_POLLING_INTERVAL", default = "1000")]
     ingestor_polling_interval: u64,
     #[envconfig(from = "GRAPH_EXPERIMENTAL_SUBGRAPH_SETTINGS")]

graphql/src/runner.rs

@@ -258,6 +258,14 @@ where
         self: Arc<Self>,
         req: SqlQueryReq,
     ) -> Result<Vec<SqlQueryObject>, QueryExecutionError> {
+        // Check if SQL queries are enabled
+        if !ENV_VARS.sql_queries_enabled() {
+            return Err(QueryExecutionError::SqlError(
+                "SQL queries are disabled. Set GRAPH_ENABLE_SQL_QUERIES=true to enable."
+                    .to_string(),
+            ));
+        }
+
         let store = self
             .store
             .query_store(QueryTarget::Deployment(

store/postgres/src/query_store.rs

@@ -67,6 +67,14 @@ impl QueryStoreTrait for QueryStore {
         &self,
         sql: &str,
     ) -> Result<Vec<SqlQueryObject>, graph::prelude::QueryExecutionError> {
+        // Check if SQL queries are enabled
+        if !ENV_VARS.sql_queries_enabled() {
+            return Err(QueryExecutionError::SqlError(
+                "SQL queries are disabled. Set GRAPH_ENABLE_SQL_QUERIES=true to enable."
+                    .to_string(),
+            ));
+        }
+
         let mut conn = self
             .store
             .get_replica_conn(self.replica_id)

store/test-store/tests/graphql/sql.rs

@@ -8,6 +8,9 @@ use graph::prelude::{r, QueryExecutionError};
 use std::collections::BTreeSet;
 use test_store::{run_test_sequentially, STORE};
 
+#[cfg(debug_assertions)]
+use graph::env::ENV_VARS;
+
 // Import test setup from query.rs module
 use super::query::{setup, IdType};
 
@@ -18,6 +21,8 @@ where
 {
     let sql = sql.to_string(); // Convert to owned String
     run_test_sequentially(move |store| async move {
+        ENV_VARS.enable_sql_queries_for_tests(true);
+
         for id_type in [IdType::String, IdType::Bytes, IdType::Int8] {
             let name = id_type.deployment_id();
             let deployment = setup(store.as_ref(), name, BTreeSet::new(), id_type).await;
@@ -33,7 +38,9 @@ where
             let result = query_store.execute_sql(&sql);
             test(result, id_type);
         }
-    })
+
+        ENV_VARS.enable_sql_queries_for_tests(false);
+    });
 }
 
 #[test]