CalvinBackup/gstack
1
0
Fork 0
mirror of https://github.com/garrytan/gstack.git synced 2026-05-05 05:05:08 +02:00
Code Issues Packages Projects Releases Wiki Activity

fix: keep INSERT policies for old client compat, preserve extra columns

Browse Source 
- Keep anon INSERT policies so pre-v0.11.16 clients can still sync
  telemetry via PostgREST while new clients use edge functions
- Add error_message/failed_step columns to migration (reconcile repo
  with live schema) instead of dropping them
- Security fix still lands: SELECT and UPDATE policies are dropped

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Garry Tan
2026-03-24 14:44:05 -07:00
parent ac0fe41097
commit 531bb29474
1 changed files with 12 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files
supabase/migrations/002_tighten_rls.sql
+12 -9
View File
@@ -1,6 +1,6 @@
-- 002_tighten_rls.sql
-- Lock down all anon access. All reads/writes now go through edge functions
-- (which use SUPABASE_SERVICE_ROLE_KEY and bypass RLS).
-- Lock down read/update access. Keep INSERT policies so old clients can still
-- write via PostgREST while new clients migrate to edge functions.
-- Drop all SELECT policies (anon key should not read telemetry data)
DROP POLICY IF EXISTS "anon_select" ON telemetry_events;
@@ -10,18 +10,21 @@ DROP POLICY IF EXISTS "anon_select" ON update_checks;
-- Drop dangerous UPDATE policy (was unrestricted on all columns)
DROP POLICY IF EXISTS "anon_update_last_seen" ON installations;
-- Drop INSERT policies (writes go through edge functions now)
DROP POLICY IF EXISTS "anon_insert_only" ON telemetry_events;
DROP POLICY IF EXISTS "anon_insert_only" ON installations;
DROP POLICY IF EXISTS "anon_insert_only" ON update_checks;
-- Keep INSERT policies — old clients (pre-v0.11.16) still POST directly to
-- PostgREST. These will be dropped in a future migration once adoption of
-- edge-function-based sync is widespread.
-- (anon_insert_only ON telemetry_events — kept)
-- (anon_insert_only ON installations — kept)
-- (anon_insert_only ON update_checks — kept)
-- Explicitly revoke view access (belt-and-suspenders)
REVOKE SELECT ON crash_clusters FROM anon;
REVOKE SELECT ON skill_sequences FROM anon;
-- Drop stale columns that exist live but not in 001_telemetry.sql
ALTER TABLE telemetry_events DROP COLUMN IF EXISTS error_message;
ALTER TABLE telemetry_events DROP COLUMN IF EXISTS failed_step;
-- Keep error_message and failed_step columns (exist on live schema, may be
-- used in future). Add them to the migration record so repo matches live.
ALTER TABLE telemetry_events ADD COLUMN IF NOT EXISTS error_message TEXT;
ALTER TABLE telemetry_events ADD COLUMN IF NOT EXISTS failed_step TEXT;
-- Cache table for community-pulse aggregation (prevents DoS via repeated queries)
CREATE TABLE IF NOT EXISTS community_pulse_cache (