From ad2179325f9237e3168d0546dd5045dc09a11185 Mon Sep 17 00:00:00 2001 From: joel Date: Mon, 24 Jun 2024 17:03:14 +0200 Subject: [PATCH 1/4] fix: revert changes to auth functions --- ...40624145325_recreate_auth_functions.up.sql | 52 +++++++++++++++++++ 1 file changed, 52 insertions(+) create mode 100644 migrations/20240624145325_recreate_auth_functions.up.sql diff --git a/migrations/20240624145325_recreate_auth_functions.up.sql b/migrations/20240624145325_recreate_auth_functions.up.sql new file mode 100644 index 0000000000..d7262b2f28 --- /dev/null +++ b/migrations/20240624145325_recreate_auth_functions.up.sql @@ -0,0 +1,52 @@ +-- set the search_path to an empty string to force fully qualified names in the function +do $$ +begin + -- auth.uid() function + create or replace function auth.uid() + returns uuid + set search_path to '' + as $func$ + select nullif( + coalesce( + current_setting('request.jwt.claim.sub', true), + (current_setting('request.jwt.claims', true)::jsonb ->> 'sub') + ), + '' + )::uuid + $func$ language sql stable; + + -- auth.role() function + create or replace function {{ index .Options "Namespace" }}.role() + returns text + set search_path to '' + as $func$ + select + coalesce( + nullif(current_setting('request.jwt.claim.role', true), ''), + (nullif(current_setting('request.jwt.claims', true), '')::jsonb ->> 'role') + )::text + $func$ language sql stable; + + -- auth.email() function + create or replace function {{ index .Options "Namespace" }}.email() + returns text + set search_path to '' + as $func$ + select + coalesce( + nullif(current_setting('request.jwt.claim.email', true), ''), + (nullif(current_setting('request.jwt.claims', true), '')::jsonb ->> 'email') + )::text + $func$ language sql stable; + + -- auth.jwt() function + create or replace function {{ index .Options "Namespace" }}.jwt() + returns jsonb + as $func$ + select + coalesce( + nullif(current_setting('request.jwt.claim', true), ''), + nullif(current_setting('request.jwt.claims', true), '') + )::jsonb + $func$ language sql stable; +end $$; From ad48c85f85f90e2f34ce108c29741df3a3fb1392 Mon Sep 17 00:00:00 2001 From: Joel Lee Date: Mon, 24 Jun 2024 17:09:17 +0200 Subject: [PATCH 2/4] fix: drop auth prefix in favour of namespace --- migrations/20240624145325_recreate_auth_functions.up.sql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/migrations/20240624145325_recreate_auth_functions.up.sql b/migrations/20240624145325_recreate_auth_functions.up.sql index d7262b2f28..d87c6c6c94 100644 --- a/migrations/20240624145325_recreate_auth_functions.up.sql +++ b/migrations/20240624145325_recreate_auth_functions.up.sql @@ -2,7 +2,7 @@ do $$ begin -- auth.uid() function - create or replace function auth.uid() + create or replace function {{ index .Options "Namespace" }}.uid() returns uuid set search_path to '' as $func$ From cf5358aa9a759f15728bdb846c9fe3af49fde327 Mon Sep 17 00:00:00 2001 From: joel Date: Mon, 24 Jun 2024 17:17:42 +0200 Subject: [PATCH 3/4] fix: adjust whitespace --- ...40624145325_recreate_auth_functions.up.sql | 36 +++++++++---------- 1 file changed, 17 insertions(+), 19 deletions(-) diff --git a/migrations/20240624145325_recreate_auth_functions.up.sql b/migrations/20240624145325_recreate_auth_functions.up.sql index d87c6c6c94..2d545d457a 100644 --- a/migrations/20240624145325_recreate_auth_functions.up.sql +++ b/migrations/20240624145325_recreate_auth_functions.up.sql @@ -6,12 +6,10 @@ begin returns uuid set search_path to '' as $func$ - select nullif( - coalesce( - current_setting('request.jwt.claim.sub', true), - (current_setting('request.jwt.claims', true)::jsonb ->> 'sub') - ), - '' + select + coalesce( + nullif(current_setting('request.jwt.claim.sub', true), ''), + (nullif(current_setting('request.jwt.claims', true), '')::jsonb ->> 'sub') )::uuid $func$ language sql stable; @@ -20,28 +18,28 @@ begin returns text set search_path to '' as $func$ - select - coalesce( - nullif(current_setting('request.jwt.claim.role', true), ''), - (nullif(current_setting('request.jwt.claims', true), '')::jsonb ->> 'role') - )::text + select + coalesce( + nullif(current_setting('request.jwt.claim.role', true), ''), + (nullif(current_setting('request.jwt.claims', true), '')::jsonb ->> 'role') + )::text $func$ language sql stable; -- auth.email() function create or replace function {{ index .Options "Namespace" }}.email() - returns text - set search_path to '' + returns text + set search_path to '' as $func$ - select - coalesce( - nullif(current_setting('request.jwt.claim.email', true), ''), - (nullif(current_setting('request.jwt.claims', true), '')::jsonb ->> 'email') - )::text + select + coalesce( + nullif(current_setting('request.jwt.claim.email', true), ''), + (nullif(current_setting('request.jwt.claims', true), '')::jsonb ->> 'email') + )::text $func$ language sql stable; -- auth.jwt() function create or replace function {{ index .Options "Namespace" }}.jwt() - returns jsonb + returns jsonb as $func$ select coalesce( From 21d9641d5d8dd68e527ad1de77987fb41a161ad7 Mon Sep 17 00:00:00 2001 From: joel Date: Mon, 24 Jun 2024 17:32:12 +0200 Subject: [PATCH 4/4] fix: set search path to '' --- migrations/20240624145325_recreate_auth_functions.up.sql | 1 + 1 file changed, 1 insertion(+) diff --git a/migrations/20240624145325_recreate_auth_functions.up.sql b/migrations/20240624145325_recreate_auth_functions.up.sql index 2d545d457a..7bcf10bbe9 100644 --- a/migrations/20240624145325_recreate_auth_functions.up.sql +++ b/migrations/20240624145325_recreate_auth_functions.up.sql @@ -40,6 +40,7 @@ begin -- auth.jwt() function create or replace function {{ index .Options "Namespace" }}.jwt() returns jsonb + set search_path to '' as $func$ select coalesce(