supabase-operator/assets/migrations/init-scripts/00000000000001-auth-schema.sql

-- migrate:up

CREATE SCHEMA IF NOT EXISTS auth AUTHORIZATION supabase_admin;

-- auth.users definition

CREATE TABLE auth.users (
    instance_id uuid NULL,
    id uuid NOT NULL UNIQUE,
    aud varchar(255) NULL,
    "role" varchar(255) NULL,
    email varchar(255) NULL UNIQUE,
    encrypted_password varchar(255) NULL,
    confirmed_at timestamptz NULL,
    invited_at timestamptz NULL,
    confirmation_token varchar(255) NULL,
    confirmation_sent_at timestamptz NULL,
    recovery_token varchar(255) NULL,
    recovery_sent_at timestamptz NULL,
    email_change_token varchar(255) NULL,
    email_change varchar(255) NULL,
    email_change_sent_at timestamptz NULL,
    last_sign_in_at timestamptz NULL,
    raw_app_meta_data jsonb NULL,
    raw_user_meta_data jsonb NULL,
    is_super_admin bool NULL,
    created_at timestamptz NULL,
    updated_at timestamptz NULL,
    CONSTRAINT users_pkey PRIMARY KEY (id)
);
CREATE INDEX users_instance_id_email_idx ON auth.users USING btree (instance_id, email);
CREATE INDEX users_instance_id_idx ON auth.users USING btree (instance_id);
comment on table auth.users is 'Auth: Stores user login data within a secure schema.';

-- auth.refresh_tokens definition

CREATE TABLE auth.refresh_tokens (
    instance_id uuid NULL,
    id bigserial NOT NULL,
    "token" varchar(255) NULL,
    user_id varchar(255) NULL,
    revoked bool NULL,
    created_at timestamptz NULL,
    updated_at timestamptz NULL,
    CONSTRAINT refresh_tokens_pkey PRIMARY KEY (id)
);
CREATE INDEX refresh_tokens_instance_id_idx ON auth.refresh_tokens USING btree (instance_id);
CREATE INDEX refresh_tokens_instance_id_user_id_idx ON auth.refresh_tokens USING btree (instance_id, user_id);
CREATE INDEX refresh_tokens_token_idx ON auth.refresh_tokens USING btree (token);
comment on table auth.refresh_tokens is 'Auth: Store of tokens used to refresh JWT tokens once they expire.';

-- auth.instances definition

CREATE TABLE auth.instances (
    id uuid NOT NULL,
    uuid uuid NULL,
    raw_base_config text NULL,
    created_at timestamptz NULL,
    updated_at timestamptz NULL,
    CONSTRAINT instances_pkey PRIMARY KEY (id)
);
comment on table auth.instances is 'Auth: Manages users across multiple sites.';

-- auth.audit_log_entries definition

CREATE TABLE auth.audit_log_entries (
    instance_id uuid NULL,
    id uuid NOT NULL,
    payload json NULL,
    created_at timestamptz NULL,
    CONSTRAINT audit_log_entries_pkey PRIMARY KEY (id)
);
CREATE INDEX audit_logs_instance_id_idx ON auth.audit_log_entries USING btree (instance_id);
comment on table auth.audit_log_entries is 'Auth: Audit trail for user actions.';

-- auth.schema_migrations definition

CREATE TABLE auth.schema_migrations (
    "version" varchar(255) NOT NULL,
    CONSTRAINT schema_migrations_pkey PRIMARY KEY ("version")
);
comment on table auth.schema_migrations is 'Auth: Manages updates to the auth system.';

INSERT INTO auth.schema_migrations (version)
VALUES  ('20171026211738'),
        ('20171026211808'),
        ('20171026211834'),
        ('20180103212743'),
        ('20180108183307'),
        ('20180119214651'),
        ('20180125194653');

-- Gets the User ID from the request cookie
create or replace function auth.uid() returns uuid as $$
  select nullif(current_setting('request.jwt.claim.sub', true), '')::uuid;
$$ language sql stable;

-- Gets the User ID from the request cookie
create or replace function auth.role() returns text as $$
  select nullif(current_setting('request.jwt.claim.role', true), '')::text;
$$ language sql stable;

-- Gets the User email
create or replace function auth.email() returns text as $$
  select nullif(current_setting('request.jwt.claim.email', true), '')::text;
$$ language sql stable;

-- usage on auth functions to API roles
GRANT USAGE ON SCHEMA auth TO anon, authenticated, service_role;

-- Supabase super admin
CREATE USER supabase_auth_admin NOINHERIT CREATEROLE LOGIN NOREPLICATION;
GRANT ALL PRIVILEGES ON SCHEMA auth TO supabase_auth_admin;
GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA auth TO supabase_auth_admin;
GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA auth TO supabase_auth_admin;
ALTER USER supabase_auth_admin SET search_path = "auth";
ALTER table "auth".users OWNER TO supabase_auth_admin;
ALTER table "auth".refresh_tokens OWNER TO supabase_auth_admin;
ALTER table "auth".audit_log_entries OWNER TO supabase_auth_admin;
ALTER table "auth".instances OWNER TO supabase_auth_admin;
ALTER table "auth".schema_migrations OWNER TO supabase_auth_admin;

-- migrate:down
feat(db): prepare migrations and core CRD 2024-12-13 08:09:14 +00:00			`-- migrate:up`

			`CREATE SCHEMA IF NOT EXISTS auth AUTHORIZATION supabase_admin;`

			`-- auth.users definition`

			`CREATE TABLE auth.users (`
			`instance_id uuid NULL,`
			`id uuid NOT NULL UNIQUE,`
			`aud varchar(255) NULL,`
			`"role" varchar(255) NULL,`
			`email varchar(255) NULL UNIQUE,`
			`encrypted_password varchar(255) NULL,`
			`confirmed_at timestamptz NULL,`
			`invited_at timestamptz NULL,`
			`confirmation_token varchar(255) NULL,`
			`confirmation_sent_at timestamptz NULL,`
			`recovery_token varchar(255) NULL,`
			`recovery_sent_at timestamptz NULL,`
			`email_change_token varchar(255) NULL,`
			`email_change varchar(255) NULL,`
			`email_change_sent_at timestamptz NULL,`
			`last_sign_in_at timestamptz NULL,`
			`raw_app_meta_data jsonb NULL,`
			`raw_user_meta_data jsonb NULL,`
			`is_super_admin bool NULL,`
			`created_at timestamptz NULL,`
			`updated_at timestamptz NULL,`
			`CONSTRAINT users_pkey PRIMARY KEY (id)`
			`);`
			`CREATE INDEX users_instance_id_email_idx ON auth.users USING btree (instance_id, email);`
			`CREATE INDEX users_instance_id_idx ON auth.users USING btree (instance_id);`
			`comment on table auth.users is 'Auth: Stores user login data within a secure schema.';`

			`-- auth.refresh_tokens definition`

			`CREATE TABLE auth.refresh_tokens (`
			`instance_id uuid NULL,`
			`id bigserial NOT NULL,`
			`"token" varchar(255) NULL,`
			`user_id varchar(255) NULL,`
			`revoked bool NULL,`
			`created_at timestamptz NULL,`
			`updated_at timestamptz NULL,`
			`CONSTRAINT refresh_tokens_pkey PRIMARY KEY (id)`
			`);`
			`CREATE INDEX refresh_tokens_instance_id_idx ON auth.refresh_tokens USING btree (instance_id);`
			`CREATE INDEX refresh_tokens_instance_id_user_id_idx ON auth.refresh_tokens USING btree (instance_id, user_id);`
			`CREATE INDEX refresh_tokens_token_idx ON auth.refresh_tokens USING btree (token);`
			`comment on table auth.refresh_tokens is 'Auth: Store of tokens used to refresh JWT tokens once they expire.';`

			`-- auth.instances definition`

			`CREATE TABLE auth.instances (`
			`id uuid NOT NULL,`
			`uuid uuid NULL,`
			`raw_base_config text NULL,`
			`created_at timestamptz NULL,`
			`updated_at timestamptz NULL,`
			`CONSTRAINT instances_pkey PRIMARY KEY (id)`
			`);`
			`comment on table auth.instances is 'Auth: Manages users across multiple sites.';`

			`-- auth.audit_log_entries definition`

			`CREATE TABLE auth.audit_log_entries (`
			`instance_id uuid NULL,`
			`id uuid NOT NULL,`
			`payload json NULL,`
			`created_at timestamptz NULL,`
			`CONSTRAINT audit_log_entries_pkey PRIMARY KEY (id)`
			`);`
			`CREATE INDEX audit_logs_instance_id_idx ON auth.audit_log_entries USING btree (instance_id);`
			`comment on table auth.audit_log_entries is 'Auth: Audit trail for user actions.';`

			`-- auth.schema_migrations definition`

			`CREATE TABLE auth.schema_migrations (`
			`"version" varchar(255) NOT NULL,`
			`CONSTRAINT schema_migrations_pkey PRIMARY KEY ("version")`
			`);`
			`comment on table auth.schema_migrations is 'Auth: Manages updates to the auth system.';`

			`INSERT INTO auth.schema_migrations (version)`
			`VALUES ('20171026211738'),`
			`('20171026211808'),`
			`('20171026211834'),`
			`('20180103212743'),`
			`('20180108183307'),`
			`('20180119214651'),`
			`('20180125194653');`

			`-- Gets the User ID from the request cookie`
			`create or replace function auth.uid() returns uuid as $$`
			`select nullif(current_setting('request.jwt.claim.sub', true), '')::uuid;`
			`$$ language sql stable;`

			`-- Gets the User ID from the request cookie`
			`create or replace function auth.role() returns text as $$`
			`select nullif(current_setting('request.jwt.claim.role', true), '')::text;`
			`$$ language sql stable;`

			`-- Gets the User email`
			`create or replace function auth.email() returns text as $$`
			`select nullif(current_setting('request.jwt.claim.email', true), '')::text;`
			`$$ language sql stable;`

			`-- usage on auth functions to API roles`
			`GRANT USAGE ON SCHEMA auth TO anon, authenticated, service_role;`

			`-- Supabase super admin`
			`CREATE USER supabase_auth_admin NOINHERIT CREATEROLE LOGIN NOREPLICATION;`
			`GRANT ALL PRIVILEGES ON SCHEMA auth TO supabase_auth_admin;`
			`GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA auth TO supabase_auth_admin;`
			`GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA auth TO supabase_auth_admin;`
			`ALTER USER supabase_auth_admin SET search_path = "auth";`
			`ALTER table "auth".users OWNER TO supabase_auth_admin;`
			`ALTER table "auth".refresh_tokens OWNER TO supabase_auth_admin;`
			`ALTER table "auth".audit_log_entries OWNER TO supabase_auth_admin;`
			`ALTER table "auth".instances OWNER TO supabase_auth_admin;`
			`ALTER table "auth".schema_migrations OWNER TO supabase_auth_admin;`

			`-- migrate:down`