pg_graphql: pg_graphql not returning via API in Supabase

Describe the bug

Not sure if this is a Supabase issue, or an issue with this extension - feel free to move… I can no longer access GraphQL requests in Supbase outside of the .resolve() method in SQL (i.e via an IDE like Postman or Altair).

All I get when I run an introspection query is heartbeat - whereas I can query multiple entities using resolve()… any ideas?

To Reproduce Steps to reproduce the behavior:

  1. Create a new Supabase project
  2. Create a table
  3. Run a GQL query

Via SQL:

select graphql.resolve($$
    {
      usersCollection(first: 1) {
        edges {
          node {
            id
            email
          }
        }
      }
    }
$$);

{"data":{"usersCollection":{"edges":[{"node":{"id":"e2fdd949-11d5-4325-9c6f-4b6071f779a5","email":"xxxx@gmail.com"}}]}}}

VIA API:

{
  usersCollection(first: 1) {
    edges {
      node {
        id
        email
      }
    }
  }
}

{
  "data": null,
  "errors": [
    {
      "message": "Unknown field 'usersCollection' on type 'Query'"
    }
  ]
}

Expected behavior The API returns the same data as the SQL.

Versions:

  • pg_graphql commit ref: 0.3.1

Additional context Add any other context about the problem here.

About this issue

  • Original URL
  • State: closed
  • Created 2 years ago
  • Reactions: 1
  • Comments: 17 (9 by maintainers)

Most upvoted comments

For anyone who stumbles here… it’s very likely that if you’ve just set up your supabase, and you’ve got RLS enabled, there are probably no policies assigned to your db.

CleanShot 2023-02-23 at 16 13 06@2x

Adding a couple of basic policies will get you started.

+2
brandonscript on Feb 24, 2023

@joesaunderson To confirm public is not being included in the search_path, try running the following through rpc:

create or replace function show_schemas() returns name[] as $$
  select current_schemas(false);
$$ language sql;
+2
steve-chavez on May 31, 2022

@joesaunderson

the anon and authenticated roles do not have usage permission on the public schema

select
    pg_catalog.has_schema_privilege('anon', 'public', 'USAGE'),         -- false
    pg_catalog.has_schema_privilege('authenticated', 'public', 'USAGE') -- false

On newly created projects, both roles have usage permission on public so take a look through you migration files and double check if any of them altering perms

You can resolve the issue by granting usage on public to anon and authenticated. I tested it to confirm

-- Resolves the permissions issue
grant usage on schema public to anon;
grant usage on schema public to authenticated;

-- Verify that anon can select from `organization`
begin;
    set role=anon;
	
    select graphql.resolve($$
    {
      organizationCollection(first: 1) {
        edges {
          node {
            id
          }
        }
      }
    }
    $$); -- {"data": {"organizationCollection": {"edges": []}}}
rollback;

please lmk if that works for you once you’ve had a chance to test it out

I’d dropped the public schema and the first two lines (grants) solved the problem.

+1
codespearhead on Jan 12, 2024

Just a tip: if you’re encountering this issue and working with column-grained privileges, don’t forget to grant select permission on the column containing the foreign key. 🤓

+1
rlataguerra on Jan 2, 2024

@joesaunderson

the anon and authenticated roles do not have usage permission on the public schema

select
    pg_catalog.has_schema_privilege('anon', 'public', 'USAGE'),         -- false
    pg_catalog.has_schema_privilege('authenticated', 'public', 'USAGE') -- false

On newly created projects, both roles have usage permission on public so take a look through you migration files and double check if any of them altering perms

You can resolve the issue by granting usage on public to anon and authenticated. I tested it to confirm

-- Resolves the permissions issue
grant usage on schema public to anon;
grant usage on schema public to authenticated;

-- Verify that anon can select from `organization`
begin;
    set role=anon;
	
    select graphql.resolve($$
    {
      organizationCollection(first: 1) {
        edges {
          node {
            id
          }
        }
      }
    }
    $$); -- {"data": {"organizationCollection": {"edges": []}}}
rollback;

please lmk if that works for you once you’ve had a chance to test it out

+1
olirice on Jun 1, 2022

thanks Steve. That was great for debugging. It turned out not to be search_path

+1
olirice on Jun 1, 2022

I have re-added our proper schema (not the test one).

did you drop and recreate the public schema at any point?

Not intentionally (I deleted the random table via the UI, then ran a migration against the Database URI)

+1
joesaunderson on May 31, 2022

Similar Discord issues:

+1
joesaunderson on May 30, 2022
Read more comments on GitHub
← gotrue: User created via `supabase.auth.admin.createUser` cannot login via OAuth
pg_graphql: Timeout on schema inspection, received: {"message":"The upstream server is timing out"} →