Skip to content

Commit

Permalink
fix: define search path in auth functions (supabase#1616)
Browse files Browse the repository at this point in the history
## What kind of change does this PR introduce?
* Set search_path to empty string in all auth functions
  • Loading branch information
kangmingtay authored and LashaJini committed Nov 13, 2024
1 parent 70aebdd commit c7061b2
Showing 1 changed file with 43 additions and 0 deletions.
43 changes: 43 additions & 0 deletions migrations/20240612114525_set_search_path.up.sql
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
-- set the search_path to an empty string to force fully qualified names in the function
do $$
begin
-- auth.uid() function
create or replace function auth.uid()
returns uuid
set search_path to ''
as $func$
select nullif(current_setting('request.jwt.claim.sub', true), '')::uuid;
$func$ language sql stable;

-- auth.role() function
create or replace function {{ index .Options "Namespace" }}.role()
returns text
set search_path to ''
as $func$
select nullif(current_setting('request.jwt.claim.role', true), '')::text;
$func$ language sql stable;

-- auth.email() function
create or replace function {{ index .Options "Namespace" }}.email()
returns text
set search_path to ''
as $func$
select
coalesce(
current_setting('request.jwt.claim.email', true),
(current_setting('request.jwt.claims', true)::jsonb ->> 'email')
)::text
$func$ language sql stable;

-- auth.jwt() function
create or replace function {{ index .Options "Namespace" }}.jwt()
returns jsonb
set search_path to ''
as $func$
select
coalesce(
nullif(current_setting('request.jwt.claim', true), ''),
nullif(current_setting('request.jwt.claims', true), '')
)::jsonb;
$func$ language sql stable;
end $$;

0 comments on commit c7061b2

Please sign in to comment.