48 lines
1.4 KiB
Go
48 lines
1.4 KiB
Go
package update
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
"net"
|
|
|
|
"github.com/go-errors/errors"
|
|
"github.com/supabase/cli/internal/utils"
|
|
"github.com/supabase/cli/pkg/api"
|
|
)
|
|
|
|
func Run(ctx context.Context, projectRef string, dbCidrsToAllow []string, bypassCidrChecks bool) error {
|
|
// 1. separate CIDR to v4 and v6
|
|
body := api.V1UpdateNetworkRestrictionsJSONRequestBody{
|
|
DbAllowedCidrs: &[]string{},
|
|
DbAllowedCidrsV6: &[]string{},
|
|
}
|
|
for _, cidr := range dbCidrsToAllow {
|
|
ip, _, err := net.ParseCIDR(cidr)
|
|
if err != nil {
|
|
return errors.Errorf("failed to parse IP: %s", cidr)
|
|
}
|
|
if ip.IsPrivate() && !bypassCidrChecks {
|
|
return errors.Errorf("private IP provided: %s", cidr)
|
|
}
|
|
if ip.To4() != nil {
|
|
*body.DbAllowedCidrs = append(*body.DbAllowedCidrs, cidr)
|
|
} else {
|
|
*body.DbAllowedCidrsV6 = append(*body.DbAllowedCidrsV6, cidr)
|
|
}
|
|
}
|
|
|
|
// 2. update restrictions
|
|
resp, err := utils.GetSupabase().V1UpdateNetworkRestrictionsWithResponse(ctx, projectRef, body)
|
|
if err != nil {
|
|
return errors.Errorf("failed to apply network restrictions: %w", err)
|
|
}
|
|
if resp.JSON201 == nil {
|
|
return errors.New("failed to apply network restrictions: " + string(resp.Body))
|
|
}
|
|
|
|
fmt.Printf("DB Allowed IPv4 CIDRs: %+v\n", resp.JSON201.Config.DbAllowedCidrs)
|
|
fmt.Printf("DB Allowed IPv6 CIDRs: %+v\n", resp.JSON201.Config.DbAllowedCidrsV6)
|
|
fmt.Printf("Restrictions applied successfully: %+v\n", resp.JSON201.Status == "applied")
|
|
return nil
|
|
}
|