From 640718fbc11e597d72bf410bc3b9566fcc3ab921 Mon Sep 17 00:00:00 2001 From: Kang Ming Date: Tue, 25 Jun 2024 16:19:24 +0800 Subject: [PATCH] Revert "fix: revert define search path in auth functions (#1634)" This reverts commit 155e87ef8129366d665968f64d1fc66676d07e16. --- .../20240612114525_set_search_path.up.sql | 43 +++++++++++++++++++ 1 file changed, 43 insertions(+) create mode 100644 migrations/20240612114525_set_search_path.up.sql diff --git a/migrations/20240612114525_set_search_path.up.sql b/migrations/20240612114525_set_search_path.up.sql new file mode 100644 index 000000000..5d6ff2081 --- /dev/null +++ b/migrations/20240612114525_set_search_path.up.sql @@ -0,0 +1,43 @@ +-- set the search_path to an empty string to force fully qualified names in the function +do $$ +begin + -- auth.uid() function + create or replace function auth.uid() + returns uuid + set search_path to '' + as $func$ + select nullif(current_setting('request.jwt.claim.sub', true), '')::uuid; + $func$ language sql stable; + + -- auth.role() function + create or replace function {{ index .Options "Namespace" }}.role() + returns text + set search_path to '' + as $func$ + select nullif(current_setting('request.jwt.claim.role', true), '')::text; + $func$ language sql stable; + + -- auth.email() function + create or replace function {{ index .Options "Namespace" }}.email() + returns text + set search_path to '' + as $func$ + select + coalesce( + current_setting('request.jwt.claim.email', true), + (current_setting('request.jwt.claims', true)::jsonb ->> 'email') + )::text + $func$ language sql stable; + + -- auth.jwt() function + create or replace function {{ index .Options "Namespace" }}.jwt() + returns jsonb + set search_path to '' + as $func$ + select + coalesce( + nullif(current_setting('request.jwt.claim', true), ''), + nullif(current_setting('request.jwt.claims', true), '') + )::jsonb; + $func$ language sql stable; +end $$;