search

supabase / cli

Supabase CLI. Manage postgres migrations, run Supabase locally, deploy edge functions. Postgres backups. Generating types from your database schema.
https://supabase.com/docs/reference/cli/about
MIT License
1.09k stars 212 forks source link

feat(storage): allow assets filetype upload via seeding #2923

Closed avallete closed 4 days ago

avallete commented 4 days ago

What kind of change does this PR introduce?

What is the current behavior?

While using storage seeding on a project, I noticed an issue with the CLI's behavior. My goal was to seed some "assets" into a public bucket. Although this worked in staging via the dashboard, the generated URL locally always had a text/plain content-type instead of text/javascript.

The bug stemmed from two issues:

  1. Outdated Studio image: The Studio image was out of date and was fixed in a version where the generated URL for a file didn't account for the file's "content-type." This has been resolved in the latest Studio container image release.

  2. Inconsistent file type inference: Depending on the upload method (via the Studio web app or db reset and seeding), file types were inferred differently. The web app properly assigned the correct file type (e.g., text/javascript, text/html), while seeding did not.

    This discrepancy occurs because, at seed time in the CLI, we use http.DetectContentType, which follows the mimesniff convention. This convention intentionally avoids assigning certain MIME types, such as text/javascript, for security reasons However, these restrictions don't apply in our case because:

  3. We already allow this content type to be uploaded via the platform.

  4. We control who can upload files to a dedicated bucket.

What is the new behavior?

To enable automatic seeding of these file types without disrupting existing setups, I've introduced a new extension_detector option in the bucket definition. When enabled, this option attempts to detect the file type based on the file's extension. If successful, it overrides the type detected via content sniffing.

This solution was chosen after evaluating multiple alternative packages, which did not outperform our current file type detection approach (mimetypes, filetype).

Additional context

The motivation behind uploading text/javascript files was to experiment with using Supabase buckets as both storage and a hosting provider. The goal was to rely solely on Supabase to deploy a website, without needing additional services like Vercel or other hosting providers.

coveralls commented 4 days ago

Pull Request Test Coverage Report for Build 12052020442

Details

Totals Coverage Status
Change from base Build 12042817512: 0.0%
Covered Lines: 6399
Relevant Lines: 10741
💛 - Coveralls