|
2 | 2 |
|
3 | 3 | CREATE SCHEMA IF NOT EXISTS auth AUTHORIZATION supabase_admin; |
4 | 4 |
|
5 | | --- auth.users definition |
6 | | - |
7 | | -CREATE TABLE auth.users ( |
8 | | - instance_id uuid NULL, |
9 | | - id uuid NOT NULL UNIQUE, |
10 | | - aud varchar(255) NULL, |
11 | | - "role" varchar(255) NULL, |
12 | | - email varchar(255) NULL UNIQUE, |
13 | | - encrypted_password varchar(255) NULL, |
14 | | - confirmed_at timestamptz NULL, |
15 | | - invited_at timestamptz NULL, |
16 | | - confirmation_token varchar(255) NULL, |
17 | | - confirmation_sent_at timestamptz NULL, |
18 | | - recovery_token varchar(255) NULL, |
19 | | - recovery_sent_at timestamptz NULL, |
20 | | - email_change_token varchar(255) NULL, |
21 | | - email_change varchar(255) NULL, |
22 | | - email_change_sent_at timestamptz NULL, |
23 | | - last_sign_in_at timestamptz NULL, |
24 | | - raw_app_meta_data jsonb NULL, |
25 | | - raw_user_meta_data jsonb NULL, |
26 | | - is_super_admin bool NULL, |
27 | | - created_at timestamptz NULL, |
28 | | - updated_at timestamptz NULL, |
29 | | - CONSTRAINT users_pkey PRIMARY KEY (id) |
30 | | -); |
31 | | -CREATE INDEX users_instance_id_email_idx ON auth.users USING btree (instance_id, email); |
32 | | -CREATE INDEX users_instance_id_idx ON auth.users USING btree (instance_id); |
33 | | -comment on table auth.users is 'Auth: Stores user login data within a secure schema.'; |
34 | | - |
35 | | --- auth.refresh_tokens definition |
36 | | - |
37 | | -CREATE TABLE auth.refresh_tokens ( |
38 | | - instance_id uuid NULL, |
39 | | - id bigserial NOT NULL, |
40 | | - "token" varchar(255) NULL, |
41 | | - user_id varchar(255) NULL, |
42 | | - revoked bool NULL, |
43 | | - created_at timestamptz NULL, |
44 | | - updated_at timestamptz NULL, |
45 | | - CONSTRAINT refresh_tokens_pkey PRIMARY KEY (id) |
46 | | -); |
47 | | -CREATE INDEX refresh_tokens_instance_id_idx ON auth.refresh_tokens USING btree (instance_id); |
48 | | -CREATE INDEX refresh_tokens_instance_id_user_id_idx ON auth.refresh_tokens USING btree (instance_id, user_id); |
49 | | -CREATE INDEX refresh_tokens_token_idx ON auth.refresh_tokens USING btree (token); |
50 | | -comment on table auth.refresh_tokens is 'Auth: Store of tokens used to refresh JWT tokens once they expire.'; |
51 | | - |
52 | | --- auth.instances definition |
53 | | - |
54 | | -CREATE TABLE auth.instances ( |
55 | | - id uuid NOT NULL, |
56 | | - uuid uuid NULL, |
57 | | - raw_base_config text NULL, |
58 | | - created_at timestamptz NULL, |
59 | | - updated_at timestamptz NULL, |
60 | | - CONSTRAINT instances_pkey PRIMARY KEY (id) |
61 | | -); |
62 | | -comment on table auth.instances is 'Auth: Manages users across multiple sites.'; |
63 | | - |
64 | | --- auth.audit_log_entries definition |
65 | | - |
66 | | -CREATE TABLE auth.audit_log_entries ( |
67 | | - instance_id uuid NULL, |
68 | | - id uuid NOT NULL, |
69 | | - payload json NULL, |
70 | | - created_at timestamptz NULL, |
71 | | - CONSTRAINT audit_log_entries_pkey PRIMARY KEY (id) |
72 | | -); |
73 | | -CREATE INDEX audit_logs_instance_id_idx ON auth.audit_log_entries USING btree (instance_id); |
74 | | -comment on table auth.audit_log_entries is 'Auth: Audit trail for user actions.'; |
75 | | - |
76 | | --- auth.schema_migrations definition |
77 | | - |
78 | | -CREATE TABLE auth.schema_migrations ( |
79 | | - "version" varchar(255) NOT NULL, |
80 | | - CONSTRAINT schema_migrations_pkey PRIMARY KEY ("version") |
81 | | -); |
82 | | -comment on table auth.schema_migrations is 'Auth: Manages updates to the auth system.'; |
83 | | - |
84 | | -INSERT INTO auth.schema_migrations (version) |
85 | | -VALUES ('20171026211738'), |
86 | | - ('20171026211808'), |
87 | | - ('20171026211834'), |
88 | | - ('20180103212743'), |
89 | | - ('20180108183307'), |
90 | | - ('20180119214651'), |
91 | | - ('20180125194653'); |
92 | | - |
93 | | --- Gets the User ID from the request cookie |
94 | | -create or replace function auth.uid() returns uuid as $$ |
95 | | - select nullif(current_setting('request.jwt.claim.sub', true), '')::uuid; |
96 | | -$$ language sql stable; |
97 | | - |
98 | | --- Gets the User ID from the request cookie |
99 | | -create or replace function auth.role() returns text as $$ |
100 | | - select nullif(current_setting('request.jwt.claim.role', true), '')::text; |
101 | | -$$ language sql stable; |
102 | | - |
103 | | --- Gets the User email |
104 | | -create or replace function auth.email() returns text as $$ |
105 | | - select nullif(current_setting('request.jwt.claim.email', true), '')::text; |
106 | | -$$ language sql stable; |
107 | | - |
108 | 5 | -- usage on auth functions to API roles |
109 | 6 | GRANT USAGE ON SCHEMA auth TO anon, authenticated, service_role; |
110 | 7 |
|
111 | 8 | -- Supabase super admin |
112 | 9 | CREATE USER supabase_auth_admin NOINHERIT CREATEROLE LOGIN NOREPLICATION; |
113 | 10 | GRANT ALL PRIVILEGES ON SCHEMA auth TO supabase_auth_admin; |
114 | | -GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA auth TO supabase_auth_admin; |
115 | | -GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA auth TO supabase_auth_admin; |
116 | 11 | ALTER USER supabase_auth_admin SET search_path = "auth"; |
117 | | -ALTER table "auth".users OWNER TO supabase_auth_admin; |
118 | | -ALTER table "auth".refresh_tokens OWNER TO supabase_auth_admin; |
119 | | -ALTER table "auth".audit_log_entries OWNER TO supabase_auth_admin; |
120 | | -ALTER table "auth".instances OWNER TO supabase_auth_admin; |
121 | | -ALTER table "auth".schema_migrations OWNER TO supabase_auth_admin; |
122 | 12 |
|
123 | 13 | -- migrate:down |
0 commit comments