From 640718fbc11e597d72bf410bc3b9566fcc3ab921 Mon Sep 17 00:00:00 2001 From: Kang Ming Date: Tue, 25 Jun 2024 16:19:24 +0800 Subject: [PATCH 1/3] Revert "fix: revert define search path in auth functions (#1634)" This reverts commit 155e87ef8129366d665968f64d1fc66676d07e16. --- .../20240612114525_set_search_path.up.sql | 43 +++++++++++++++++++ 1 file changed, 43 insertions(+) create mode 100644 migrations/20240612114525_set_search_path.up.sql diff --git a/migrations/20240612114525_set_search_path.up.sql b/migrations/20240612114525_set_search_path.up.sql new file mode 100644 index 000000000..5d6ff2081 --- /dev/null +++ b/migrations/20240612114525_set_search_path.up.sql @@ -0,0 +1,43 @@ +-- set the search_path to an empty string to force fully qualified names in the function +do $$ +begin + -- auth.uid() function + create or replace function auth.uid() + returns uuid + set search_path to '' + as $func$ + select nullif(current_setting('request.jwt.claim.sub', true), '')::uuid; + $func$ language sql stable; + + -- auth.role() function + create or replace function {{ index .Options "Namespace" }}.role() + returns text + set search_path to '' + as $func$ + select nullif(current_setting('request.jwt.claim.role', true), '')::text; + $func$ language sql stable; + + -- auth.email() function + create or replace function {{ index .Options "Namespace" }}.email() + returns text + set search_path to '' + as $func$ + select + coalesce( + current_setting('request.jwt.claim.email', true), + (current_setting('request.jwt.claims', true)::jsonb ->> 'email') + )::text + $func$ language sql stable; + + -- auth.jwt() function + create or replace function {{ index .Options "Namespace" }}.jwt() + returns jsonb + set search_path to '' + as $func$ + select + coalesce( + nullif(current_setting('request.jwt.claim', true), ''), + nullif(current_setting('request.jwt.claims', true), '') + )::jsonb; + $func$ language sql stable; +end $$; From 9bfcd8232e8ae0b2e8ed1eeed6a0cca6b495acf4 Mon Sep 17 00:00:00 2001 From: Kang Ming Date: Tue, 25 Jun 2024 16:22:16 +0800 Subject: [PATCH 2/3] fix: update migration for setting search path on auth functions --- migrations/20240612114525_set_search_path.up.sql | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/migrations/20240612114525_set_search_path.up.sql b/migrations/20240612114525_set_search_path.up.sql index 5d6ff2081..d2ef73ab9 100644 --- a/migrations/20240612114525_set_search_path.up.sql +++ b/migrations/20240612114525_set_search_path.up.sql @@ -6,7 +6,10 @@ begin returns uuid set search_path to '' as $func$ - select nullif(current_setting('request.jwt.claim.sub', true), '')::uuid; + select coalesce( + nullif(current_setting('request.jwt.claim.sub', true), ''), + (nullif(current_setting('request.jwt.claims', true), '')::jsonb ->> 'sub') + )::uuid $func$ language sql stable; -- auth.role() function @@ -14,7 +17,10 @@ begin returns text set search_path to '' as $func$ - select nullif(current_setting('request.jwt.claim.role', true), '')::text; + select coalesce( + nullif(current_setting('request.jwt.claim.role', true), ''), + (nullif(current_setting('request.jwt.claims', true), '')::jsonb ->> 'role') + )::text $func$ language sql stable; -- auth.email() function From d1f6e04aed5ea2091a6adb5cafe60b7b03599958 Mon Sep 17 00:00:00 2001 From: Kang Ming Date: Tue, 25 Jun 2024 16:32:21 +0800 Subject: [PATCH 3/3] chore: rename migration file --- ...t_search_path.up.sql => 20240625163155_set_search_path.up.sql} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename migrations/{20240612114525_set_search_path.up.sql => 20240625163155_set_search_path.up.sql} (100%) diff --git a/migrations/20240612114525_set_search_path.up.sql b/migrations/20240625163155_set_search_path.up.sql similarity index 100% rename from migrations/20240612114525_set_search_path.up.sql rename to migrations/20240625163155_set_search_path.up.sql