When it comes to workflows, it is possible to send data to a database via an SQL request. There are two ways to do this: using “Formula” or using “JavaScript.” What is the correct approach to send a JavaScript request based on my example (see screenshot below)?
I have taken a very simple example in the screenshot, and I just want to understand the functionality so that I can then convert it into more complex functions.
Is the formula you sent above not working? If yes, what kind of error is it returning? Also, why do you concatenate strings with +? why not write it as a single string?
1 Like
This is very unusual. What API are you using that supports sending direct SQL? A central subject in cybersecurity is preventing the front end from injecting SQL to the backend.
1 Like
In order to include variables in an SQL request, I have to separate them with “” and + so that the variable is not seen as text.
I use a sql request action in the workflow to transfer changes to data to my SQl database. Is there a clearly secure way to send data to a PostgreSQL database via a SQL query?
Usually one would route a request to a back-end using the variables you want to send, andthen that back-end would be responsible for forming a SQL query.
With limited exceptions, weweb actions run on the front end - within the user’s browser. That means a malefactor with access to their computer, credentials, or pulling the token can write whatever SQL they want back to your endpoint, because the weweb code is not locked down. Backend code (supabase, pipedream, Xano, etc) would be a more secure router and standard practice for managing this workflow.
3 Likes
As a small update, I have now switched my database to Supabase. It’s a cool tool! I hope the WeWeb Team expands it with additional important features.
1 Like
What kind of features are you missing in terms of WeWeb and Supabase?
I think one of the key feature would be the integration of uploading files directly to the storage of Supabase. In my mind it could solved within the plug-in. But I recognized, that this feature ist on the WeWeb “Request a feature” page. I’l be hoping that the WeWeb Team sets a focus on it
1 Like
You can do that upload using the signed URL functionality of Supabase today. It might not have the same ergonomics that an eventual first-party plugin would have, but its not super complex near as I see.
2 Likes
I even managed to get the upload to work via javascript:
Next question is how to get the link from Supabase as “signed url” for displaying the item in a collection. Do you have an advice?
var formData = new FormData();
var imagefile = wwLib.getFrontDocument().querySelector('#shot_thumbnail input');
var originalFileName = variables[/* fileUploaderID input - value */ 'XXXX']?.['name'];
var user_id = pluginVariables[/* supabaseAuth user */ 'XXXXX']['user']?.['id']
var timestamp = Date.now();
var uniqueFileName = timestamp + '_' + user_id + '_' + originalFileName;
formData.append("content", imagefile.files[0]);
return await axios.post("https://XXXX.supabase.co/storage/v1/object/images/shotlist_thumbnails/" + uniqueFileName, formData, {
headers: {
"Content-Type": "multipart/form-data",
"Authorization": "Bearer XXXXXX"
}
});pluginVariables[/* supabaseAuth user */ 'XXXX']['user']?.['id']
1 Like
Yes that’s the right thing I’am searching for!
Unfortunately, I don’t understand exactly how to put the following code in the javascript field so that the request is also sent to the correct Supabase endpoint and I also use my credentials correctly. Can you help me here and give an example?
I understand! This is the kind of deeper work we do in State Change office hours and our forum.
The proximate error is about using async/await - and that is relatively fixable - but I don’t think that’s your real problem. At a guess, the code you are looking at is meant to be run on the backend e.g. a function or some such rather than in weweb, because it requires the API key in order to generate the signed URL.