-- migrate:up CREATE SCHEMA IF NOT EXISTS auth AUTHORIZATION supabase_admin; -- auth.users definition CREATE TABLE auth.users ( instance_id uuid NULL, id uuid NOT NULL UNIQUE, aud varchar(255) NULL, "role" varchar(255) NULL, email varchar(255) NULL UNIQUE, encrypted_password varchar(255) NULL, confirmed_at timestamptz NULL, invited_at timestamptz NULL, confirmation_token varchar(255) NULL, confirmation_sent_at timestamptz NULL, recovery_token varchar(255) NULL, recovery_sent_at timestamptz NULL, email_change_token varchar(255) NULL, email_change varchar(255) NULL, email_change_sent_at timestamptz NULL, last_sign_in_at timestamptz NULL, raw_app_meta_data jsonb NULL, raw_user_meta_data jsonb NULL, is_super_admin bool NULL, created_at timestamptz NULL, updated_at timestamptz NULL, CONSTRAINT users_pkey PRIMARY KEY (id) ); CREATE INDEX users_instance_id_email_idx ON auth.users USING btree (instance_id, email); CREATE INDEX users_instance_id_idx ON auth.users USING btree (instance_id); comment on table auth.users is 'Auth: Stores user login data within a secure schema.'; -- auth.refresh_tokens definition CREATE TABLE auth.refresh_tokens ( instance_id uuid NULL, id bigserial NOT NULL, "token" varchar(255) NULL, user_id varchar(255) NULL, revoked bool NULL, created_at timestamptz NULL, updated_at timestamptz NULL, CONSTRAINT refresh_tokens_pkey PRIMARY KEY (id) ); CREATE INDEX refresh_tokens_instance_id_idx ON auth.refresh_tokens USING btree (instance_id); CREATE INDEX refresh_tokens_instance_id_user_id_idx ON auth.refresh_tokens USING btree (instance_id, user_id); CREATE INDEX refresh_tokens_token_idx ON auth.refresh_tokens USING btree (token); comment on table auth.refresh_tokens is 'Auth: Store of tokens used to refresh JWT tokens once they expire.'; -- auth.instances definition CREATE TABLE auth.instances ( id uuid NOT NULL, uuid uuid NULL, raw_base_config text NULL, created_at timestamptz NULL, updated_at timestamptz NULL, CONSTRAINT instances_pkey PRIMARY KEY (id) ); comment on table auth.instances is 'Auth: Manages users across multiple sites.'; -- auth.audit_log_entries definition CREATE TABLE auth.audit_log_entries ( instance_id uuid NULL, id uuid NOT NULL, payload json NULL, created_at timestamptz NULL, CONSTRAINT audit_log_entries_pkey PRIMARY KEY (id) ); CREATE INDEX audit_logs_instance_id_idx ON auth.audit_log_entries USING btree (instance_id); comment on table auth.audit_log_entries is 'Auth: Audit trail for user actions.'; -- auth.schema_migrations definition CREATE TABLE auth.schema_migrations ( "version" varchar(255) NOT NULL, CONSTRAINT schema_migrations_pkey PRIMARY KEY ("version") ); comment on table auth.schema_migrations is 'Auth: Manages updates to the auth system.'; INSERT INTO auth.schema_migrations (version) VALUES ('20171026211738'), ('20171026211808'), ('20171026211834'), ('20180103212743'), ('20180108183307'), ('20180119214651'), ('20180125194653'); -- Gets the User ID from the request cookie create or replace function auth.uid() returns uuid as $$ select nullif(current_setting('request.jwt.claim.sub', true), '')::uuid; $$ language sql stable; -- Gets the User ID from the request cookie create or replace function auth.role() returns text as $$ select nullif(current_setting('request.jwt.claim.role', true), '')::text; $$ language sql stable; -- Gets the User email create or replace function auth.email() returns text as $$ select nullif(current_setting('request.jwt.claim.email', true), '')::text; $$ language sql stable; -- usage on auth functions to API roles GRANT USAGE ON SCHEMA auth TO anon, authenticated, service_role; -- Supabase super admin CREATE USER supabase_auth_admin NOINHERIT CREATEROLE LOGIN NOREPLICATION; GRANT ALL PRIVILEGES ON SCHEMA auth TO supabase_auth_admin; GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA auth TO supabase_auth_admin; GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA auth TO supabase_auth_admin; ALTER USER supabase_auth_admin SET search_path = "auth"; ALTER table "auth".users OWNER TO supabase_auth_admin; ALTER table "auth".refresh_tokens OWNER TO supabase_auth_admin; ALTER table "auth".audit_log_entries OWNER TO supabase_auth_admin; ALTER table "auth".instances OWNER TO supabase_auth_admin; ALTER table "auth".schema_migrations OWNER TO supabase_auth_admin; -- migrate:down