|
| 1 | +apiVersion: v1 |
| 2 | +data: |
| 3 | + 98-webhooks.sql: | |
| 4 | + BEGIN; |
| 5 | + -- Create pg_net extension |
| 6 | + CREATE EXTENSION IF NOT EXISTS pg_net SCHEMA extensions; |
| 7 | + -- Create supabase_functions schema |
| 8 | + CREATE SCHEMA supabase_functions AUTHORIZATION supabase_admin; |
| 9 | + GRANT USAGE ON SCHEMA supabase_functions TO postgres, anon, authenticated, service_role; |
| 10 | + ALTER DEFAULT PRIVILEGES IN SCHEMA supabase_functions GRANT ALL ON TABLES TO postgres, anon, authenticated, service_role; |
| 11 | + ALTER DEFAULT PRIVILEGES IN SCHEMA supabase_functions GRANT ALL ON FUNCTIONS TO postgres, anon, authenticated, service_role; |
| 12 | + ALTER DEFAULT PRIVILEGES IN SCHEMA supabase_functions GRANT ALL ON SEQUENCES TO postgres, anon, authenticated, service_role; |
| 13 | + -- supabase_functions.migrations definition |
| 14 | + CREATE TABLE supabase_functions.migrations ( |
| 15 | + version text PRIMARY KEY, |
| 16 | + inserted_at timestamptz NOT NULL DEFAULT NOW() |
| 17 | + ); |
| 18 | + -- Initial supabase_functions migration |
| 19 | + INSERT INTO supabase_functions.migrations (version) VALUES ('initial'); |
| 20 | + -- supabase_functions.hooks definition |
| 21 | + CREATE TABLE supabase_functions.hooks ( |
| 22 | + id bigserial PRIMARY KEY, |
| 23 | + hook_table_id integer NOT NULL, |
| 24 | + hook_name text NOT NULL, |
| 25 | + created_at timestamptz NOT NULL DEFAULT NOW(), |
| 26 | + request_id bigint |
| 27 | + ); |
| 28 | + CREATE INDEX supabase_functions_hooks_request_id_idx ON supabase_functions.hooks USING btree (request_id); |
| 29 | + CREATE INDEX supabase_functions_hooks_h_table_id_h_name_idx ON supabase_functions.hooks USING btree (hook_table_id, hook_name); |
| 30 | + COMMENT ON TABLE supabase_functions.hooks IS 'Supabase Functions Hooks: Audit trail for triggered hooks.'; |
| 31 | + CREATE FUNCTION supabase_functions.http_request() |
| 32 | + RETURNS trigger |
| 33 | + LANGUAGE plpgsql |
| 34 | + AS $function$ |
| 35 | + DECLARE |
| 36 | + request_id bigint; |
| 37 | + payload jsonb; |
| 38 | + url text := TG_ARGV[0]::text; |
| 39 | + method text := TG_ARGV[1]::text; |
| 40 | + headers jsonb DEFAULT '{}'::jsonb; |
| 41 | + params jsonb DEFAULT '{}'::jsonb; |
| 42 | + timeout_ms integer DEFAULT 1000; |
| 43 | + BEGIN |
| 44 | + IF url IS NULL OR url = 'null' THEN |
| 45 | + RAISE EXCEPTION 'url argument is missing'; |
| 46 | + END IF; |
| 47 | +
|
| 48 | + IF method IS NULL OR method = 'null' THEN |
| 49 | + RAISE EXCEPTION 'method argument is missing'; |
| 50 | + END IF; |
| 51 | +
|
| 52 | + IF TG_ARGV[2] IS NULL OR TG_ARGV[2] = 'null' THEN |
| 53 | + headers = '{"Content-Type": "application/json"}'::jsonb; |
| 54 | + ELSE |
| 55 | + headers = TG_ARGV[2]::jsonb; |
| 56 | + END IF; |
| 57 | +
|
| 58 | + IF TG_ARGV[3] IS NULL OR TG_ARGV[3] = 'null' THEN |
| 59 | + params = '{}'::jsonb; |
| 60 | + ELSE |
| 61 | + params = TG_ARGV[3]::jsonb; |
| 62 | + END IF; |
| 63 | +
|
| 64 | + IF TG_ARGV[4] IS NULL OR TG_ARGV[4] = 'null' THEN |
| 65 | + timeout_ms = 1000; |
| 66 | + ELSE |
| 67 | + timeout_ms = TG_ARGV[4]::integer; |
| 68 | + END IF; |
| 69 | +
|
| 70 | + CASE |
| 71 | + WHEN method = 'GET' THEN |
| 72 | + SELECT http_get INTO request_id FROM net.http_get( |
| 73 | + url, |
| 74 | + params, |
| 75 | + headers, |
| 76 | + timeout_ms |
| 77 | + ); |
| 78 | + WHEN method = 'POST' THEN |
| 79 | + payload = jsonb_build_object( |
| 80 | + 'old_record', OLD, |
| 81 | + 'record', NEW, |
| 82 | + 'type', TG_OP, |
| 83 | + 'table', TG_TABLE_NAME, |
| 84 | + 'schema', TG_TABLE_SCHEMA |
| 85 | + ); |
| 86 | +
|
| 87 | + SELECT http_post INTO request_id FROM net.http_post( |
| 88 | + url, |
| 89 | + payload, |
| 90 | + params, |
| 91 | + headers, |
| 92 | + timeout_ms |
| 93 | + ); |
| 94 | + ELSE |
| 95 | + RAISE EXCEPTION 'method argument % is invalid', method; |
| 96 | + END CASE; |
| 97 | +
|
| 98 | + INSERT INTO supabase_functions.hooks |
| 99 | + (hook_table_id, hook_name, request_id) |
| 100 | + VALUES |
| 101 | + (TG_RELID, TG_NAME, request_id); |
| 102 | +
|
| 103 | + RETURN NEW; |
| 104 | + END |
| 105 | + $function$; |
| 106 | + -- Supabase super admin |
| 107 | + DO |
| 108 | + $$ |
| 109 | + BEGIN |
| 110 | + IF NOT EXISTS ( |
| 111 | + SELECT 1 |
| 112 | + FROM pg_roles |
| 113 | + WHERE rolname = 'supabase_functions_admin' |
| 114 | + ) |
| 115 | + THEN |
| 116 | + CREATE USER supabase_functions_admin NOINHERIT CREATEROLE LOGIN NOREPLICATION; |
| 117 | + END IF; |
| 118 | + END |
| 119 | + $$; |
| 120 | + GRANT ALL PRIVILEGES ON SCHEMA supabase_functions TO supabase_functions_admin; |
| 121 | + GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA supabase_functions TO supabase_functions_admin; |
| 122 | + GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA supabase_functions TO supabase_functions_admin; |
| 123 | + ALTER USER supabase_functions_admin SET search_path = "supabase_functions"; |
| 124 | + ALTER table "supabase_functions".migrations OWNER TO supabase_functions_admin; |
| 125 | + ALTER table "supabase_functions".hooks OWNER TO supabase_functions_admin; |
| 126 | + ALTER function "supabase_functions".http_request() OWNER TO supabase_functions_admin; |
| 127 | + GRANT supabase_functions_admin TO postgres; |
| 128 | + -- Remove unused supabase_pg_net_admin role |
| 129 | + DO |
| 130 | + $$ |
| 131 | + BEGIN |
| 132 | + IF EXISTS ( |
| 133 | + SELECT 1 |
| 134 | + FROM pg_roles |
| 135 | + WHERE rolname = 'supabase_pg_net_admin' |
| 136 | + ) |
| 137 | + THEN |
| 138 | + REASSIGN OWNED BY supabase_pg_net_admin TO supabase_admin; |
| 139 | + DROP OWNED BY supabase_pg_net_admin; |
| 140 | + DROP ROLE supabase_pg_net_admin; |
| 141 | + END IF; |
| 142 | + END |
| 143 | + $$; |
| 144 | + -- pg_net grants when extension is already enabled |
| 145 | + DO |
| 146 | + $$ |
| 147 | + BEGIN |
| 148 | + IF EXISTS ( |
| 149 | + SELECT 1 |
| 150 | + FROM pg_extension |
| 151 | + WHERE extname = 'pg_net' |
| 152 | + ) |
| 153 | + THEN |
| 154 | + GRANT USAGE ON SCHEMA net TO supabase_functions_admin, postgres, anon, authenticated, service_role; |
| 155 | + ALTER function net.http_get(url text, params jsonb, headers jsonb, timeout_milliseconds integer) SECURITY DEFINER; |
| 156 | + ALTER function net.http_post(url text, body jsonb, params jsonb, headers jsonb, timeout_milliseconds integer) SECURITY DEFINER; |
| 157 | + ALTER function net.http_get(url text, params jsonb, headers jsonb, timeout_milliseconds integer) SET search_path = net; |
| 158 | + ALTER function net.http_post(url text, body jsonb, params jsonb, headers jsonb, timeout_milliseconds integer) SET search_path = net; |
| 159 | + REVOKE ALL ON FUNCTION net.http_get(url text, params jsonb, headers jsonb, timeout_milliseconds integer) FROM PUBLIC; |
| 160 | + REVOKE ALL ON FUNCTION net.http_post(url text, body jsonb, params jsonb, headers jsonb, timeout_milliseconds integer) FROM PUBLIC; |
| 161 | + GRANT EXECUTE ON FUNCTION net.http_get(url text, params jsonb, headers jsonb, timeout_milliseconds integer) TO supabase_functions_admin, postgres, anon, authenticated, service_role; |
| 162 | + GRANT EXECUTE ON FUNCTION net.http_post(url text, body jsonb, params jsonb, headers jsonb, timeout_milliseconds integer) TO supabase_functions_admin, postgres, anon, authenticated, service_role; |
| 163 | + END IF; |
| 164 | + END |
| 165 | + $$; |
| 166 | + -- Event trigger for pg_net |
| 167 | + CREATE OR REPLACE FUNCTION extensions.grant_pg_net_access() |
| 168 | + RETURNS event_trigger |
| 169 | + LANGUAGE plpgsql |
| 170 | + AS $$ |
| 171 | + BEGIN |
| 172 | + IF EXISTS ( |
| 173 | + SELECT 1 |
| 174 | + FROM pg_event_trigger_ddl_commands() AS ev |
| 175 | + JOIN pg_extension AS ext |
| 176 | + ON ev.objid = ext.oid |
| 177 | + WHERE ext.extname = 'pg_net' |
| 178 | + ) |
| 179 | + THEN |
| 180 | + GRANT USAGE ON SCHEMA net TO supabase_functions_admin, postgres, anon, authenticated, service_role; |
| 181 | + ALTER function net.http_get(url text, params jsonb, headers jsonb, timeout_milliseconds integer) SECURITY DEFINER; |
| 182 | + ALTER function net.http_post(url text, body jsonb, params jsonb, headers jsonb, timeout_milliseconds integer) SECURITY DEFINER; |
| 183 | + ALTER function net.http_get(url text, params jsonb, headers jsonb, timeout_milliseconds integer) SET search_path = net; |
| 184 | + ALTER function net.http_post(url text, body jsonb, params jsonb, headers jsonb, timeout_milliseconds integer) SET search_path = net; |
| 185 | + REVOKE ALL ON FUNCTION net.http_get(url text, params jsonb, headers jsonb, timeout_milliseconds integer) FROM PUBLIC; |
| 186 | + REVOKE ALL ON FUNCTION net.http_post(url text, body jsonb, params jsonb, headers jsonb, timeout_milliseconds integer) FROM PUBLIC; |
| 187 | + GRANT EXECUTE ON FUNCTION net.http_get(url text, params jsonb, headers jsonb, timeout_milliseconds integer) TO supabase_functions_admin, postgres, anon, authenticated, service_role; |
| 188 | + GRANT EXECUTE ON FUNCTION net.http_post(url text, body jsonb, params jsonb, headers jsonb, timeout_milliseconds integer) TO supabase_functions_admin, postgres, anon, authenticated, service_role; |
| 189 | + END IF; |
| 190 | + END; |
| 191 | + $$; |
| 192 | + COMMENT ON FUNCTION extensions.grant_pg_net_access IS 'Grants access to pg_net'; |
| 193 | + DO |
| 194 | + $$ |
| 195 | + BEGIN |
| 196 | + IF NOT EXISTS ( |
| 197 | + SELECT 1 |
| 198 | + FROM pg_event_trigger |
| 199 | + WHERE evtname = 'issue_pg_net_access' |
| 200 | + ) THEN |
| 201 | + CREATE EVENT TRIGGER issue_pg_net_access ON ddl_command_end WHEN TAG IN ('CREATE EXTENSION') |
| 202 | + EXECUTE PROCEDURE extensions.grant_pg_net_access(); |
| 203 | + END IF; |
| 204 | + END |
| 205 | + $$; |
| 206 | + INSERT INTO supabase_functions.migrations (version) VALUES ('20210809183423_update_grants'); |
| 207 | + ALTER function supabase_functions.http_request() SECURITY DEFINER; |
| 208 | + ALTER function supabase_functions.http_request() SET search_path = supabase_functions; |
| 209 | + REVOKE ALL ON FUNCTION supabase_functions.http_request() FROM PUBLIC; |
| 210 | + GRANT EXECUTE ON FUNCTION supabase_functions.http_request() TO postgres, anon, authenticated, service_role; |
| 211 | + COMMIT; |
| 212 | + 99-jwt.sql: | |
| 213 | + \set jwt_secret `echo "$JWT_SECRET"` |
| 214 | + \set jwt_exp `echo "$JWT_EXP"` |
| 215 | +
|
| 216 | + ALTER DATABASE postgres SET "app.settings.jwt_secret" TO :jwt_secret; |
| 217 | + ALTER DATABASE postgres SET "app.settings.jwt_exp" TO :jwt_exp; |
| 218 | + 99-logs.sql: | |
| 219 | + \set pguser `echo "$POSTGRES_USER"` |
| 220 | +
|
| 221 | + create schema if not exists _analytics; |
| 222 | + alter schema _analytics owner to :pguser; |
| 223 | + 99-realtime.sql: | |
| 224 | + \set pguser `echo "$POSTGRES_USER"` |
| 225 | +
|
| 226 | + create schema if not exists _realtime; |
| 227 | + alter schema _realtime owner to :pguser; |
| 228 | + 99-roles.sql: | |
| 229 | + -- NOTE: change to your own passwords for production environments |
| 230 | + \set pgpass `echo "$POSTGRES_PASSWORD"` |
| 231 | +
|
| 232 | + ALTER USER authenticator WITH PASSWORD :'pgpass'; |
| 233 | + ALTER USER pgbouncer WITH PASSWORD :'pgpass'; |
| 234 | + ALTER USER supabase_auth_admin WITH PASSWORD :'pgpass'; |
| 235 | + ALTER USER supabase_functions_admin WITH PASSWORD :'pgpass'; |
| 236 | + ALTER USER supabase_storage_admin WITH PASSWORD :'pgpass'; |
| 237 | +kind: ConfigMap |
| 238 | +metadata: |
| 239 | + labels: |
| 240 | + app.kubernetes.io/instance: squadquest-supabase |
| 241 | + app.kubernetes.io/managed-by: Helm |
| 242 | + app.kubernetes.io/name: supabase |
| 243 | + helm.sh/chart: supabase-0.1.3 |
| 244 | + name: squadquest-supabase-supabase-db-initdb |
| 245 | + namespace: squadquest-supabase |
0 commit comments