github.com/supabase/cli@v1.168.1/internal/restrictions/update/update.go

github.com/supabase/cli@v1.168.1/internal/restrictions/update/update.go (about)

     1  package update
     2  
     3  import (
     4  	"context"
     5  	"fmt"
     6  	"net"
     7  
     8  	"github.com/go-errors/errors"
     9  	"github.com/supabase/cli/internal/utils"
    10  	"github.com/supabase/cli/pkg/api"
    11  )
    12  
    13  func Run(ctx context.Context, projectRef string, dbCidrsToAllow []string, bypassCidrChecks bool) error {
    14  	// 1. separate CIDR to v4 and v6
    15  	body := api.ApplyNetworkRestrictionsJSONRequestBody{
    16  		DbAllowedCidrs:   &[]string{},
    17  		DbAllowedCidrsV6: &[]string{},
    18  	}
    19  	for _, cidr := range dbCidrsToAllow {
    20  		ip, _, err := net.ParseCIDR(cidr)
    21  		if err != nil {
    22  			return errors.Errorf("failed to parse IP: %s", cidr)
    23  		}
    24  		if ip.IsPrivate() && !bypassCidrChecks {
    25  			return errors.Errorf("private IP provided: %s", cidr)
    26  		}
    27  		if ip.To4() != nil {
    28  			*body.DbAllowedCidrs = append(*body.DbAllowedCidrs, cidr)
    29  		} else {
    30  			*body.DbAllowedCidrsV6 = append(*body.DbAllowedCidrsV6, cidr)
    31  		}
    32  	}
    33  
    34  	// 2. update restrictions
    35  	resp, err := utils.GetSupabase().ApplyNetworkRestrictionsWithResponse(ctx, projectRef, body)
    36  	if err != nil {
    37  		return errors.Errorf("failed to apply network restrictions: %w", err)
    38  	}
    39  	if resp.JSON201 == nil {
    40  		return errors.New("failed to apply network restrictions: " + string(resp.Body))
    41  	}
    42  
    43  	fmt.Printf("DB Allowed IPv4 CIDRs: %+v\n", resp.JSON201.Config.DbAllowedCidrs)
    44  	fmt.Printf("DB Allowed IPv6 CIDRs: %+v\n", resp.JSON201.Config.DbAllowedCidrsV6)
    45  	fmt.Printf("Restrictions applied successfully: %+v\n", resp.JSON201.Status == "applied")
    46  	return nil
    47  }