-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathupdate_auth_schema.sql
More file actions
65 lines (53 loc) · 2.41 KB
/
update_auth_schema.sql
File metadata and controls
65 lines (53 loc) · 2.41 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
-- 1. Profiles Table (Heartbeat Sync)
CREATE TABLE IF NOT EXISTS public.profiles (
id UUID PRIMARY KEY REFERENCES auth.users ON DELETE CASCADE,
email TEXT,
last_active_at TIMESTAMPTZ,
last_active_site_origin TEXT,
created_at TIMESTAMPTZ DEFAULT NOW(),
updated_at TIMESTAMPTZ DEFAULT NOW()
);
-- Safely add columns if table exists but columns don't
DO $$
BEGIN
IF NOT EXISTS (SELECT 1 FROM information_schema.columns WHERE table_name='profiles' AND column_name='last_active_at') THEN
ALTER TABLE public.profiles ADD COLUMN last_active_at TIMESTAMPTZ;
END IF;
IF NOT EXISTS (SELECT 1 FROM information_schema.columns WHERE table_name='profiles' AND column_name='last_active_site_origin') THEN
ALTER TABLE public.profiles ADD COLUMN last_active_site_origin TEXT;
END IF;
END $$;
ALTER TABLE public.profiles ENABLE ROW LEVEL SECURITY;
-- Drop existing policies to avoid conflicts
DROP POLICY IF EXISTS "Users can view own profile" ON public.profiles;
DROP POLICY IF EXISTS "Users can update own profile" ON public.profiles;
DROP POLICY IF EXISTS "Users can insert own profile" ON public.profiles;
CREATE POLICY "Users can view own profile"
ON public.profiles FOR SELECT
USING (auth.uid() = id);
CREATE POLICY "Users can update own profile"
ON public.profiles FOR UPDATE
USING (auth.uid() = id);
CREATE POLICY "Users can insert own profile"
ON public.profiles FOR INSERT
WITH CHECK (auth.uid() = id);
-- 2. Authorized Users Table (Matrix Authorization)
CREATE TABLE IF NOT EXISTS public.authorized_users (
user_id UUID PRIMARY KEY REFERENCES auth.users ON DELETE CASCADE,
expires_at TIMESTAMPTZ, -- NULL means permanent
created_at TIMESTAMPTZ DEFAULT NOW()
);
ALTER TABLE public.authorized_users ENABLE ROW LEVEL SECURITY;
-- Drop existing policies
DROP POLICY IF EXISTS "Authorized users is public read" ON public.authorized_users;
DROP POLICY IF EXISTS "Only Perfhelf can manage authorized_users" ON public.authorized_users;
-- Allow read access to everyone
CREATE POLICY "Authorized users is public read"
ON public.authorized_users FOR SELECT
TO authenticated
USING (true);
-- Admin Policy (Hardcoded Email Check)
-- Note: This relies on the JWT containing the email, which Supabase does by default.
CREATE POLICY "Only Perfhelf can manage authorized_users"
ON public.authorized_users FOR ALL
USING (auth.jwt() ->> 'email' = 'perfhelf@gmail.com');