diff --git a/migrations/before/20230312043000_supabase_auth.sql b/migrations/before/20230312043000_supabase_auth.sql.bak similarity index 100% rename from migrations/before/20230312043000_supabase_auth.sql rename to migrations/before/20230312043000_supabase_auth.sql.bak diff --git a/migrations/before/supabase_auth.sh b/migrations/before/supabase_auth.sh new file mode 100755 index 00000000..76dce9cf --- /dev/null +++ b/migrations/before/supabase_auth.sh @@ -0,0 +1,45 @@ +#!/usr/bin/bash +set -e + +psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL + -- Create the anon and authenticated roles if they don't exist + CREATE OR REPLACE FUNCTION create_roles(roles text []) RETURNS void LANGUAGE plpgsql AS \$\$ + DECLARE role_name text; + BEGIN FOREACH role_name IN ARRAY roles LOOP IF NOT EXISTS ( + SELECT 1 + FROM pg_roles + WHERE rolname = role_name + ) THEN EXECUTE 'CREATE ROLE ' || role_name; + END IF; + END LOOP; + END; + \$\$; + SELECT create_roles(ARRAY ['anon', 'authenticated']); + + -- Create supabase_admin user if it does not exist + DO \$\$ BEGIN IF NOT EXISTS ( + SELECT + FROM pg_catalog.pg_roles + WHERE rolname = 'supabase_admin' + ) THEN CREATE USER supabase_admin LOGIN CREATEROLE CREATEDB REPLICATION BYPASSRLS; + END IF; + END \$\$; + + -- Create supabase_auth_admin user if it does not exist + DO \$\$ BEGIN IF NOT EXISTS ( + SELECT + FROM pg_catalog.pg_roles + WHERE rolname = '$SUPABASE_USER' + ) THEN CREATE USER "$SUPABASE_USER" BYPASSRLS NOINHERIT CREATEROLE LOGIN NOREPLICATION PASSWORD '$SUPABASE_PASSWORD'; + END IF; + END \$\$; + + -- Create auth schema if it does not exist + CREATE SCHEMA IF NOT EXISTS auth AUTHORIZATION $SUPABASE_USER; + + -- Grant permissions + GRANT CREATE ON DATABASE postgres TO $SUPABASE_USER; + + -- Set search_path for supabase_auth_admin + ALTER USER $SUPABASE_USER SET search_path = 'auth'; +EOSQL \ No newline at end of file