migrations

apps/api/supabase/migrations/20240613063301_remote_schema.sql

@@ -214,6 +214,63 @@ begin
 end;
 $_$;
 
+CREATE OR REPLACE FUNCTION public.webhook()
+    RETURNS trigger
+    SET search_path = public
+    SECURITY DEFINER
+    LANGUAGE 'plpgsql'
+AS
+$$
+DECLARE
+    url text;
+    secret text;
+    payload jsonb;
+    request_id bigint;
+    signature text;
+    path text;
+BEGIN
+    -- Extract the first item from TG_ARGV as path
+    path = TG_ARGV[0];
+
+    -- Get the webhook URL and secret from the vault
+    SELECT decrypted_secret INTO url FROM vault.decrypted_secrets WHERE name = 'WEBHOOK_ENDPOINT' LIMIT 1;
+    SELECT decrypted_secret INTO secret FROM vault.decrypted_secrets WHERE name = 'WEBHOOK_SECRET' LIMIT 1;
+
+    -- Generate the payload
+    payload = jsonb_build_object(
+        'old_record', old,
+        'record', new,
+        'type', tg_op,
+        'table', tg_table_name,
+        'schema', tg_table_schema
+    );
+
+    -- Generate the signature
+    signature = generate_hmac(secret, payload::text);
+
+    -- Send the webhook request
+    SELECT http_post
+    INTO request_id
+    FROM
+        net.http_post(
+                url :=  url || '/' || path,
+                body := payload,
+                headers := jsonb_build_object(
+                        'Content-Type', 'application/json',
+                        'X-Supabase-Signature', signature
+                ),
+               timeout_milliseconds := 3000
+        );
+
+    -- Insert the request ID into the Supabase hooks table
+    INSERT INTO supabase_functions.hooks
+        (hook_table_id, hook_name, request_id)
+    VALUES (tg_relid, tg_name, request_id);
+
+    RETURN new;
+END;
+$$;
+
 ALTER FUNCTION "public"."calculated_vat"("public"."transactions") OWNER TO "postgres";
 
 CREATE OR REPLACE FUNCTION "public"."extract_product_names"("products_json" "json") RETURNS "text"
@@ -1179,8 +1236,6 @@ CREATE INDEX "transactions_team_id_idx" ON "public"."transactions" USING "btree"
 
 CREATE INDEX "users_on_team_team_id_idx" ON "public"."users_on_team" USING "btree" ("team_id");
 
-CREATE OR REPLACE TRIGGER "embed_category" AFTER INSERT OR UPDATE OF "name" ON "public"."transaction_categories" FOR EACH ROW WHEN (("new"."system" = false)) EXECUTE FUNCTION "supabase_functions"."http_request"('https://pytddvqiozwrhfbwqazp.supabase.co/functions/v1/generate-category-embedding', 'POST', '{"Content-type":"application/json","Authorization":"Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZSIsInJlZiI6InB5dGRkdnFpb3p3cmhmYndxYXpwIiwicm9sZSI6ImFub24iLCJpYXQiOjE2OTY1ODM2MzgsImV4cCI6MjAxMjE1OTYzOH0.ICOeoR7nVt1bxKtTYfo1xe4m2l3d2CMmqh1kKZAb35c"}', '{}', '5000');
-
 CREATE OR REPLACE TRIGGER "generate_category_slug" BEFORE INSERT ON "public"."transaction_categories" FOR EACH ROW EXECUTE FUNCTION "public"."generate_slug_from_name"();
 
 CREATE OR REPLACE TRIGGER "insert_system_categories_trigger" AFTER INSERT ON "public"."teams" FOR EACH ROW EXECUTE FUNCTION "public"."insert_system_categories"();

apps/api/supabase/migrations/20240624102912_remote_schema.sql

@@ -0,0 +1,3 @@
+CREATE TRIGGER vault_upload AFTER INSERT ON storage.objects FOR EACH ROW EXECUTE FUNCTION supabase_functions.http_request('https://cloud.trigger.dev/api/v1/sources/http/clxhxy07hfixvo93155n4t3bw', 'POST', '{"Content-type":"application/json","Authorization":"Bearer 45fe98e53abae5f592f97432da5d3e388b71bbfe3194aa1c82e02ed83af225e1"}', '{}', '3000');
+
+

apps/api/supabase/migrations/20240624102944_remote_schema.sql

@@ -0,0 +1,5 @@
+drop trigger if exists "user_registered" on "auth"."users";
+
+CREATE TRIGGER user_registered AFTER INSERT ON auth.users FOR EACH ROW EXECUTE FUNCTION webhook('webhook/registered');
+
+

apps/api/supabase/migrations/20240624103555_remote_schema.sql

@@ -0,0 +1,65 @@
+drop trigger if exists "match_transaction" on "public"."transactions";
+
+drop policy "Enable select for authenticated users only" on "public"."teams";
+
+drop policy "Enable select for authenticated users only" on "public"."transaction_enrichments";
+
+drop policy "Users can read members belonging to the same team" on "public"."users";
+
+drop policy "Enable select for authenticated users only" on "public"."users_on_team";
+
+set check_function_bodies = off;
+
+CREATE OR REPLACE FUNCTION public.create_team(name character varying)
+ RETURNS uuid
+ LANGUAGE plpgsql
+ SECURITY DEFINER
+ SET search_path TO 'public'
+AS $function$
+declare
+    new_team_id uuid;
+begin
+    insert into teams (name) values (name) returning id into new_team_id;
+    insert into users_on_team (user_id, team_id, role) values (auth.uid(), new_team_id, 'owner');
+
+    return new_team_id;
+end;
+$function$
+;
+
+CREATE OR REPLACE FUNCTION public.generate_hmac(secret_key text, message text)
+ RETURNS text
+ LANGUAGE plpgsql
+AS $function$
+DECLARE
+    hmac_result bytea;
+BEGIN
+    hmac_result := extensions.hmac(message::bytea, secret_key::bytea, 'sha256');
+    RETURN encode(hmac_result, 'base64');
+END;
+$function$
+;
+
+create policy "Users can select users if they are in the same team"
+on "public"."users"
+as permissive
+for select
+to authenticated
+using ((EXISTS ( SELECT 1
+   FROM users_on_team
+  WHERE ((users_on_team.user_id = ( SELECT auth.uid() AS uid)) AND (users_on_team.team_id = users.team_id)))));
+
+
+create policy "Enable read access for all users"
+on "public"."users_on_team"
+as permissive
+for select
+to public
+using (true);
+
+
+CREATE TRIGGER embed_category AFTER INSERT OR UPDATE ON public.transaction_categories FOR EACH ROW EXECUTE FUNCTION supabase_functions.http_request('https://pytddvqiozwrhfbwqazp.supabase.co/functions/v1/generate-category-embedding', 'POST', '{"Content-type":"application/json"}', '{}', '5000');
+
+CREATE TRIGGER match_transaction AFTER INSERT ON public.transactions FOR EACH ROW EXECUTE FUNCTION webhook('webhook/inbox/match');
+
+