vortex/postgres-setup.sql at master · domingues/vortex · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
CREATE TABLE IF NOT EXISTS messages
(
    id          SERIAL PRIMARY KEY,
    "timestamp" TIMESTAMP WITH TIME ZONE NOT NULL DEFAULT CURRENT_TIMESTAMP,
    content     BYTEA                    NOT NULL
);

CREATE OR REPLACE FUNCTION read_messages(
    since_id INT
)
    RETURNS TABLE
            (
                id          integer,
                "timestamp" TIMESTAMP WITH TIME ZONE,
                content     BYTEA
            )
AS
$$
BEGIN
    RETURN QUERY
        SELECT m.id AS message_id,
               m."timestamp",
               m.content
        FROM messages AS m
        WHERE m.id > since_id;
END;
$$ LANGUAGE plpgsql
    SECURITY DEFINER;

CREATE OR REPLACE FUNCTION send_messages(
    messages_to_insert BYTEA[]
) RETURNS VOID AS
$$
DECLARE
    message_bytea BYTEA;
BEGIN
    IF array_length(messages_to_insert, 1) > 0 THEN
        FOREACH message_bytea IN ARRAY messages_to_insert
            LOOP
                IF LENGTH(message_bytea) > 1024 THEN
                    RAISE EXCEPTION '';
                ELSE
                    INSERT INTO messages (content)
                    VALUES (message_bytea);
                END IF;
            END LOOP;
        NOTIFY new_messages;
    END IF;
END;
$$ LANGUAGE plpgsql
    SECURITY DEFINER;

CREATE OR REPLACE FUNCTION activate_listener()
    RETURNS VOID AS
$$
BEGIN
    LISTEN new_messages;
END;
$$ LANGUAGE plpgsql
    SECURITY DEFINER;

-- guest group and permissions
CREATE ROLE guest_group;

GRANT CONNECT ON DATABASE chat TO guest_group;

REVOKE ALL PRIVILEGES ON SCHEMA public FROM guest_group;
REVOKE ALL PRIVILEGES ON ALL TABLES IN SCHEMA public FROM guest_group;
REVOKE ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public FROM guest_group;
REVOKE ALL PRIVILEGES ON DATABASE postgres FROM guest_group;

GRANT EXECUTE ON FUNCTION read_messages TO guest_group;
GRANT EXECUTE ON FUNCTION send_messages TO guest_group;
GRANT EXECUTE ON FUNCTION activate_listener TO guest_group;

-- guest users
CREATE ROLE guest_1 PASSWORD 'guest_1' LOGIN;

REVOKE ALL PRIVILEGES ON SCHEMA public FROM guest_1;
REVOKE ALL PRIVILEGES ON ALL TABLES IN SCHEMA public FROM guest_1;
REVOKE ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public FROM guest_1;
REVOKE ALL PRIVILEGES ON DATABASE postgres FROM guest_1;

GRANT guest_group TO guest_1;