patrick/sojorn
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
sojorn/_legacy/supabase/migrations/20260119_e2ee_fix_policies.sql
Patrick Britton 434937961c security: sanitized baseline for public release
2026-02-15 00:33:24 -06:00

112 lines
4.8 KiB
SQL
Raw Blame History

-- ============================================================================
-- E2EE Policy Fix Migration
-- ============================================================================
-- This migration safely recreates policies that may have failed on initial run.
-- Uses DROP IF EXISTS before CREATE to be idempotent.
-- ============================================================================
-- ============================================================================
-- 1. Fix e2ee_session_commands policies
-- ============================================================================
DROP POLICY IF EXISTS session_commands_select_own ON e2ee_session_commands;
DROP POLICY IF EXISTS session_commands_insert_own ON e2ee_session_commands;
DROP POLICY IF EXISTS session_commands_update_own ON e2ee_session_commands;
CREATE POLICY session_commands_select_own ON e2ee_session_commands
FOR SELECT USING (auth.uid() = user_id);
CREATE POLICY session_commands_insert_own ON e2ee_session_commands
FOR INSERT WITH CHECK (auth.uid() = user_id);
CREATE POLICY session_commands_update_own ON e2ee_session_commands
FOR UPDATE USING (auth.uid() = user_id);
-- ============================================================================
-- 2. Fix e2ee_session_events policies
-- ============================================================================
DROP POLICY IF EXISTS session_events_select_own ON e2ee_session_events;
DROP POLICY IF EXISTS session_events_insert_own ON e2ee_session_events;
DROP POLICY IF EXISTS session_events_update_own ON e2ee_session_events;
CREATE POLICY session_events_select_own ON e2ee_session_events
FOR SELECT USING (auth.uid() = user_id);
CREATE POLICY session_events_insert_own ON e2ee_session_events
FOR INSERT WITH CHECK (auth.uid() = user_id);
CREATE POLICY session_events_update_own ON e2ee_session_events
FOR UPDATE USING (auth.uid() = user_id);
-- ============================================================================
-- 3. Fix e2ee_decryption_failures policies
-- ============================================================================
DROP POLICY IF EXISTS decryption_failures_select_own ON e2ee_decryption_failures;
DROP POLICY IF EXISTS decryption_failures_insert_own ON e2ee_decryption_failures;
DROP POLICY IF EXISTS decryption_failures_update_own ON e2ee_decryption_failures;
CREATE POLICY decryption_failures_select_own ON e2ee_decryption_failures
FOR SELECT USING (auth.uid() = recipient_id);
CREATE POLICY decryption_failures_insert_own ON e2ee_decryption_failures
FOR INSERT WITH CHECK (auth.uid() = recipient_id);
CREATE POLICY decryption_failures_update_own ON e2ee_decryption_failures
FOR UPDATE USING (auth.uid() = recipient_id);
-- ============================================================================
-- 4. Fix e2ee_session_state policies
-- ============================================================================
DROP POLICY IF EXISTS session_state_select_own ON e2ee_session_state;
CREATE POLICY session_state_select_own ON e2ee_session_state
FOR SELECT USING (auth.uid() = user_id OR auth.uid() = peer_id);
-- ============================================================================
-- 5. Safely add tables to realtime publication (ignore if already added)
-- ============================================================================
DO $$
BEGIN
-- Add e2ee_session_events if not already in publication
IF NOT EXISTS (
SELECT 1 FROM pg_publication_tables
WHERE pubname = 'supabase_realtime'
AND tablename = 'e2ee_session_events'
) THEN
ALTER PUBLICATION supabase_realtime ADD TABLE e2ee_session_events;
END IF;
-- Add e2ee_session_commands if not already in publication
IF NOT EXISTS (
SELECT 1 FROM pg_publication_tables
WHERE pubname = 'supabase_realtime'
AND tablename = 'e2ee_session_commands'
) THEN
ALTER PUBLICATION supabase_realtime ADD TABLE e2ee_session_commands;
END IF;
-- Add e2ee_session_state if not already in publication
IF NOT EXISTS (
SELECT 1 FROM pg_publication_tables
WHERE pubname = 'supabase_realtime'
AND tablename = 'e2ee_session_state'
) THEN
ALTER PUBLICATION supabase_realtime ADD TABLE e2ee_session_state;
END IF;
END $$;
-- ============================================================================
-- 6. Ensure event type constraint includes all types
-- ============================================================================
ALTER TABLE e2ee_session_events
DROP CONSTRAINT IF EXISTS e2ee_session_events_event_type_check;
ALTER TABLE e2ee_session_events
ADD CONSTRAINT e2ee_session_events_event_type_check
CHECK (event_type IN ('session_reset', 'conversation_cleanup', 'key_refresh', 'decryption_failure', 'session_mismatch', 'session_established'));
Reference in a new issue View git blame Copy permalink