Merge pull request #194 from supabase/fix/advisor-security-report

fix

Author: imor

supabase/migrations/20240705083738_remove_contact_email.sql

@@ -0,0 +1,33 @@
+drop view if exists public.accounts;
+
+create view
+  public.accounts
+with
+  (security_invoker = true) as
+select
+  acc.id,
+  acc.handle,
+  obj.name as avatar_path,
+  acc.display_name,
+  acc.bio,
+  acc.created_at
+from
+  app.accounts acc
+  left join storage.objects obj on acc.avatar_id = obj.id;
+
+drop view if exists public.organizations;
+
+create view
+  public.organizations
+with
+  (security_invoker = true) as
+select
+  org.id,
+  org.handle,
+  obj.name as avatar_path,
+  org.display_name,
+  org.bio,
+  org.created_at
+from
+  app.organizations org
+  left join storage.objects obj on org.avatar_id = obj.id;

website/data/database.types.ts

@@ -6,7 +6,7 @@ export type Json =
   | { [key: string]: Json | undefined }
   | Json[]
 
-export interface Database {
+export type Database = {
   graphql_public: {
     Tables: {
       [_ in never]: never
@@ -41,7 +41,6 @@ export interface Database {
         Row: {
           avatar_path: string | null
           bio: string | null
-          contact_email: string | null
           created_at: string | null
           display_name: string | null
           handle: string | null
@@ -51,6 +50,7 @@ export interface Database {
           {
             foreignKeyName: 'accounts_id_fkey'
             columns: ['id']
+            isOneToOne: true
             referencedRelation: 'users'
             referencedColumns: ['id']
           },
@@ -68,12 +68,14 @@ export interface Database {
           {
             foreignKeyName: 'downloads_package_id_fkey'
             columns: ['package_id']
+            isOneToOne: false
             referencedRelation: 'packages'
             referencedColumns: ['id']
           },
           {
             foreignKeyName: 'downloads_package_id_fkey'
             columns: ['package_id']
+            isOneToOne: false
             referencedRelation: 'packages'
             referencedColumns: ['id']
           },
@@ -102,24 +104,28 @@ export interface Database {
           {
             foreignKeyName: 'members_account_id_fkey'
             columns: ['account_id']
+            isOneToOne: false
             referencedRelation: 'accounts'
             referencedColumns: ['id']
           },
           {
             foreignKeyName: 'members_account_id_fkey'
             columns: ['account_id']
+            isOneToOne: false
             referencedRelation: 'accounts'
             referencedColumns: ['id']
           },
           {
             foreignKeyName: 'members_organization_id_fkey'
             columns: ['organization_id']
+            isOneToOne: false
             referencedRelation: 'organizations'
             referencedColumns: ['id']
           },
           {
             foreignKeyName: 'members_organization_id_fkey'
             columns: ['organization_id']
+            isOneToOne: false
             referencedRelation: 'organizations'
             referencedColumns: ['id']
           },
@@ -129,7 +135,6 @@ export interface Database {
         Row: {
           avatar_path: string | null
           bio: string | null
-          contact_email: string | null
           created_at: string | null
           display_name: string | null
           handle: string | null
@@ -152,12 +157,14 @@ export interface Database {
           {
             foreignKeyName: 'package_upgrades_package_id_fkey'
             columns: ['package_id']
+            isOneToOne: false
             referencedRelation: 'packages'
             referencedColumns: ['id']
           },
           {
             foreignKeyName: 'package_upgrades_package_id_fkey'
             columns: ['package_id']
+            isOneToOne: false
             referencedRelation: 'packages'
             referencedColumns: ['id']
           },
@@ -180,12 +187,14 @@ export interface Database {
           {
             foreignKeyName: 'package_versions_package_id_fkey'
             columns: ['package_id']
+            isOneToOne: false
             referencedRelation: 'packages'
             referencedColumns: ['id']
           },
           {
             foreignKeyName: 'package_versions_package_id_fkey'
             columns: ['package_id']
+            isOneToOne: false
             referencedRelation: 'packages'
             referencedColumns: ['id']
           },
@@ -209,6 +218,7 @@ export interface Database {
           {
             foreignKeyName: 'packages_handle_fkey'
             columns: ['handle']
+            isOneToOne: false
             referencedRelation: 'handle_registry'
             referencedColumns: ['handle']
           },
@@ -443,11 +453,107 @@ export interface Database {
           {
             foreignKeyName: 'objects_bucketId_fkey'
             columns: ['bucket_id']
+            isOneToOne: false
             referencedRelation: 'buckets'
             referencedColumns: ['id']
           },
         ]
       }
+      s3_multipart_uploads: {
+        Row: {
+          bucket_id: string
+          created_at: string
+          id: string
+          in_progress_size: number
+          key: string
+          owner_id: string | null
+          upload_signature: string
+          version: string
+        }
+        Insert: {
+          bucket_id: string
+          created_at?: string
+          id: string
+          in_progress_size?: number
+          key: string
+          owner_id?: string | null
+          upload_signature: string
+          version: string
+        }
+        Update: {
+          bucket_id?: string
+          created_at?: string
+          id?: string
+          in_progress_size?: number
+          key?: string
+          owner_id?: string | null
+          upload_signature?: string
+          version?: string
+        }
+        Relationships: [
+          {
+            foreignKeyName: 's3_multipart_uploads_bucket_id_fkey'
+            columns: ['bucket_id']
+            isOneToOne: false
+            referencedRelation: 'buckets'
+            referencedColumns: ['id']
+          },
+        ]
+      }
+      s3_multipart_uploads_parts: {
+        Row: {
+          bucket_id: string
+          created_at: string
+          etag: string
+          id: string
+          key: string
+          owner_id: string | null
+          part_number: number
+          size: number
+          upload_id: string
+          version: string
+        }
+        Insert: {
+          bucket_id: string
+          created_at?: string
+          etag: string
+          id?: string
+          key: string
+          owner_id?: string | null
+          part_number: number
+          size?: number
+          upload_id: string
+          version: string
+        }
+        Update: {
+          bucket_id?: string
+          created_at?: string
+          etag?: string
+          id?: string
+          key?: string
+          owner_id?: string | null
+          part_number?: number
+          size?: number
+          upload_id?: string
+          version?: string
+        }
+        Relationships: [
+          {
+            foreignKeyName: 's3_multipart_uploads_parts_bucket_id_fkey'
+            columns: ['bucket_id']
+            isOneToOne: false
+            referencedRelation: 'buckets'
+            referencedColumns: ['id']
+          },
+          {
+            foreignKeyName: 's3_multipart_uploads_parts_upload_id_fkey'
+            columns: ['upload_id']
+            isOneToOne: false
+            referencedRelation: 's3_multipart_uploads'
+            referencedColumns: ['id']
+          },
+        ]
+      }
     }
     Views: {
       [_ in never]: never
@@ -478,7 +584,7 @@ export interface Database {
         Args: {
           name: string
         }
-        Returns: unknown
+        Returns: string[]
       }
       get_size_by_bucket: {
         Args: Record<PropertyKey, never>
@@ -487,6 +593,37 @@ export interface Database {
           bucket_id: string
         }[]
       }
+      list_multipart_uploads_with_delimiter: {
+        Args: {
+          bucket_id: string
+          prefix_param: string
+          delimiter_param: string
+          max_keys?: number
+          next_key_token?: string
+          next_upload_token?: string
+        }
+        Returns: {
+          key: string
+          id: string
+          created_at: string
+        }[]
+      }
+      list_objects_with_delimiter: {
+        Args: {
+          bucket_id: string
+          prefix_param: string
+          delimiter_param: string
+          max_keys?: number
+          start_after?: string
+          next_token?: string
+        }
+        Returns: {
+          name: string
+          id: string
+          metadata: Json
+          updated_at: string
+        }[]
+      }
       search: {
         Args: {
           prefix: string
@@ -516,3 +653,85 @@ export interface Database {
     }
   }
 }
+
+type PublicSchema = Database[Extract<keyof Database, 'public'>]
+
+export type Tables<
+  PublicTableNameOrOptions extends
+    | keyof (PublicSchema['Tables'] & PublicSchema['Views'])
+    | { schema: keyof Database },
+  TableName extends PublicTableNameOrOptions extends { schema: keyof Database }
+    ? keyof (Database[PublicTableNameOrOptions['schema']]['Tables'] &
+        Database[PublicTableNameOrOptions['schema']]['Views'])
+    : never = never,
+> = PublicTableNameOrOptions extends { schema: keyof Database }
+  ? (Database[PublicTableNameOrOptions['schema']]['Tables'] &
+      Database[PublicTableNameOrOptions['schema']]['Views'])[TableName] extends {
+      Row: infer R
+    }
+    ? R
+    : never
+  : PublicTableNameOrOptions extends keyof (PublicSchema['Tables'] &
+        PublicSchema['Views'])
+    ? (PublicSchema['Tables'] &
+        PublicSchema['Views'])[PublicTableNameOrOptions] extends {
+        Row: infer R
+      }
+      ? R
+      : never
+    : never
+
+export type TablesInsert<
+  PublicTableNameOrOptions extends
+    | keyof PublicSchema['Tables']
+    | { schema: keyof Database },
+  TableName extends PublicTableNameOrOptions extends { schema: keyof Database }
+    ? keyof Database[PublicTableNameOrOptions['schema']]['Tables']
+    : never = never,
+> = PublicTableNameOrOptions extends { schema: keyof Database }
+  ? Database[PublicTableNameOrOptions['schema']]['Tables'][TableName] extends {
+      Insert: infer I
+    }
+    ? I
+    : never
+  : PublicTableNameOrOptions extends keyof PublicSchema['Tables']
+    ? PublicSchema['Tables'][PublicTableNameOrOptions] extends {
+        Insert: infer I
+      }
+      ? I
+      : never
+    : never
+
+export type TablesUpdate<
+  PublicTableNameOrOptions extends
+    | keyof PublicSchema['Tables']
+    | { schema: keyof Database },
+  TableName extends PublicTableNameOrOptions extends { schema: keyof Database }
+    ? keyof Database[PublicTableNameOrOptions['schema']]['Tables']
+    : never = never,
+> = PublicTableNameOrOptions extends { schema: keyof Database }
+  ? Database[PublicTableNameOrOptions['schema']]['Tables'][TableName] extends {
+      Update: infer U
+    }
+    ? U
+    : never
+  : PublicTableNameOrOptions extends keyof PublicSchema['Tables']
+    ? PublicSchema['Tables'][PublicTableNameOrOptions] extends {
+        Update: infer U
+      }
+      ? U
+      : never
+    : never
+
+export type Enums<
+  PublicEnumNameOrOptions extends
+    | keyof PublicSchema['Enums']
+    | { schema: keyof Database },
+  EnumName extends PublicEnumNameOrOptions extends { schema: keyof Database }
+    ? keyof Database[PublicEnumNameOrOptions['schema']]['Enums']
+    : never = never,
+> = PublicEnumNameOrOptions extends { schema: keyof Database }
+  ? Database[PublicEnumNameOrOptions['schema']]['Enums'][EnumName]
+  : PublicEnumNameOrOptions extends keyof PublicSchema['Enums']
+    ? PublicSchema['Enums'][PublicEnumNameOrOptions]
+    : never

website/lib/validations.ts

@@ -21,7 +21,6 @@ export const SignUpSchema = z.object({
 export const UpdateProfileSchema = z.object({
   displayName,
   handle,
-  contactEmail: email.or(z.literal('')),
   bio: z.string().max(255),
 })