@moneypot/hub 1.18.4 → 1.18.6

package/dist/dashboard/index.html

@@ -4,7 +4,7 @@
     <meta charset="UTF-8" />
     <meta name="viewport" content="width=device-width, initial-scale=1.0" />
     <title>Dashboard</title>
-    <script type="module" crossorigin src="/dashboard/assets/index-DGxc3Ja9.js"></script>
+    <script type="module" crossorigin src="/dashboard/assets/index-BlgWJql2.js"></script>
     <link rel="stylesheet" crossorigin href="/dashboard/assets/index-32DtKox_.css">
   </head>
   <body>

package/dist/src/pg-versions/001-schema.sql

@@ -1,6 +1,4 @@
--- Flattened migrations from 001-015
 
--- Schema Setup
 drop schema if exists public cascade;
 create schema public;
 
@@ -17,10 +15,6 @@ create extension if not exists pgcrypto;
 create extension if not exists "uuid-ossp";
 
 
--- PostgreSQL role setup
--- We need an app_postgraphile role to exist here so that we can grant it permissions.
--- The user can either create it themselves before they run the migrations, or they
--- can update the password after the fact.
 DO $$
 DECLARE
     random_password text := gen_random_uuid()::text;
@@ -30,21 +24,15 @@ BEGIN
     END IF;
 END $$;
 
--- TODO: We may want an hub_secret for things that postgraphile user can't even do (e.g. things we only manipulate in security definer functions)
 
--- UUID v7 generation functions
 CREATE OR REPLACE FUNCTION hub_hidden.uuid_generate_v7() RETURNS uuid LANGUAGE plpgsql PARALLEL SAFE AS $$
   DECLARE
-    -- The current UNIX timestamp in milliseconds
     unix_time_ms CONSTANT bytea NOT NULL DEFAULT substring(int8send((extract(epoch FROM clock_timestamp()) * 1000)::bigint) from 3);
 
-    -- The buffer used to create the UUID, starting with the UNIX timestamp and followed by random bytes
     buffer                bytea NOT NULL DEFAULT unix_time_ms || gen_random_bytes(10);
   BEGIN
-    -- Set most significant 4 bits of 7th byte to 7 (for UUID v7), keeping the last 4 bits unchanged
     buffer = set_byte(buffer, 6, (b'0111' || get_byte(buffer, 6)::bit(4))::bit(8)::int);
 
-    -- Set most significant 2 bits of 9th byte to 2 (the UUID variant specified in RFC 4122), keeping the last 6 bits unchanged
     buffer = set_byte(buffer, 8, (b'10'   || get_byte(buffer, 8)::bit(6))::bit(8)::int);
 
     RETURN encode(buffer, 'hex');
@@ -55,7 +43,6 @@ CREATE OR REPLACE FUNCTION extract_timestamp_from_uuid_v7(uuid_v7 UUID) RETURNS
   SELECT to_timestamp(('x'||replace(uuid_v7::text, '-', ''))::bit(48)::bigint / 1000) AS result;
 $$ LANGUAGE sql IMMUTABLE;
 
--- Helper functions for RLS
 create or replace function hub_hidden.is_operator() returns boolean as $$
   select nullif(current_setting('operator.api_key', true), '') is not null;
 $$ language sql stable;
@@ -76,13 +63,11 @@ create or replace function hub_hidden.current_session_id() returns uuid as $$
   select nullif(current_setting('session.id', true), '')::uuid;
 $$ language sql stable;
 
--- Enums
 create type hub.transfer_status_kind as enum ('PENDING', 'COMPLETED', 'CANCELED', 'UNCLAIMED', 'EXPIRED');
 
--- Tables
 CREATE TABLE hub.casino(
   id          uuid PRIMARY KEY DEFAULT hub_hidden.uuid_generate_v7(),
-  base_url    TEXT NOT NULL, -- todo: this should probably be an array.. 
+  base_url    TEXT NOT NULL,
   name        TEXT NOT NULL,
   graphql_url TEXT NOT NULL
 );
@@ -92,7 +77,7 @@ create unique index casino_graphql_url_key on hub.casino(graphql_url);
 
 create table hub.casino_secret(
   id uuid primary key references hub.casino(id),
-  controller_id uuid not null, -- our controller id in the casino's system
+  controller_id uuid not null,
   api_key uuid not null
 );
 
@@ -102,7 +87,6 @@ create table hub.jwk_set (
   updated_at timestamptz not null default now()
 );
 
--- For audit/debugging
 create table hub.jwk_set_snapshot (
   id uuid primary key default hub_hidden.uuid_generate_v7(),
   casino_id uuid not null references hub.casino(id),
@@ -113,12 +97,11 @@ create index jwks_snapshot_casino_id_idx on hub.jwk_set_snapshot(casino_id);
 
 create table hub.api_key (
   id           uuid primary key default hub_hidden.uuid_generate_v7(),
-  key          uuid unique not null default gen_random_uuid(), -- uuid v4
+  key          uuid unique not null default gen_random_uuid(),
   last_used_at timestamptz null,
   revoked_at   timestamptz null
 );
 
--- This will get populated from each casino graphql API.
 create table hub.currency(
   key text not null,
   casino_id uuid not null references hub.casino(id),
@@ -133,10 +116,9 @@ create table hub.user (
     id              uuid NOT NULL PRIMARY KEY DEFAULT hub_hidden.uuid_generate_v7(),
     casino_id       uuid NOT NULL references hub.casino(id),
     mp_user_id uuid NOT NULL,
-    uname           text NOT NULL -- from the casino
+    uname           text NOT NULL
 );
 
--- A user can only represent one mp_user_id (Moneypot record) per MP casino.
 create unique index user_casino_id_mp_user_id_key on hub.user(casino_id, mp_user_id);
 
 create table hub_hidden.transfer_cursor (
@@ -147,10 +129,9 @@ create table hub_hidden.transfer_cursor (
 create table hub.experience (
     id                    uuid NOT NULL PRIMARY KEY DEFAULT hub_hidden.uuid_generate_v7(),
     casino_id             uuid NOT NULL references hub.casino(id),
-    mp_experience_id  uuid NOT NULL, -- graphql id of experience in MP casino
+    mp_experience_id  uuid NOT NULL,
     name                  text NOT NULL
 );
--- An experience can only represent one mp_experience_id (Moneypot record) per MP casino.
 CREATE UNIQUE INDEX experience_casino_id_mp_experience_id_key ON hub.experience(casino_id, mp_experience_id);
 CREATE INDEX experience_mp_experience_id_idx ON hub.experience(mp_experience_id);
 
@@ -170,11 +151,11 @@ CREATE UNIQUE INDEX bankroll_casino_id_currency_key_key ON hub.bankroll(casino_i
 CREATE INDEX bankroll_casino_id_idx ON hub.bankroll(casino_id);
 
 create table hub.session (
-    id uuid primary key default hub_hidden.uuid_generate_v7(), --
+    id uuid primary key default hub_hidden.uuid_generate_v7(),
     casino_id  uuid  NOT NULL references hub.casino(id),
-    user_id uuid not null references hub.user(id), -- graphql id of MP user
-    experience_id uuid not null references hub.experience(id), -- graphql id of MP experience
-    user_token uuid not null, -- uuid from MP user_token
+    user_id uuid not null references hub.user(id),
+    experience_id uuid not null references hub.experience(id),
+    user_token uuid not null,
     expired_at timestamptz not null DEFAULT now() + interval '1 year',
     key UUID NOT NULL DEFAULT gen_random_uuid()
 );
@@ -182,17 +163,15 @@ create table hub.session (
 CREATE INDEX session_casino_id_idx ON hub.session(casino_id);
 CREATE INDEX session_user_id_idx ON hub.session(user_id);
 CREATE INDEX session_experience_id_idx ON hub.session(experience_id);
--- TODO: Shouldn't these only be unique per casino/exp?
 CREATE UNIQUE INDEX session_user_token_idx ON hub.session(user_token);
 CREATE UNIQUE INDEX session_key_idx ON hub.session(key);
 
--- MP transfers turn into deposits and withdraws in hub
 create table hub.deposit (
-    id uuid primary key default hub_hidden.uuid_generate_v7(), 
+    id uuid primary key default hub_hidden.uuid_generate_v7(),
     casino_id uuid not null references hub.casino(id),
-    mp_transfer_id text not null, -- graphql id for (external) MP casino transfer
-    user_id uuid not null references hub.user(id), 
-    experience_id uuid not null references hub.experience(id), 
+    mp_transfer_id text not null,
+    user_id uuid not null references hub.user(id),
+    experience_id uuid not null references hub.experience(id),
     amount float8 not null check (amount > 0),
     currency_key text not null,
     foreign key (currency_key, casino_id) references hub.currency(key, casino_id)
@@ -205,15 +184,12 @@ CREATE INDEX deposit_casino_id_idx ON hub.deposit(casino_id);
 
 create table hub.withdrawal_request (
   id uuid not null primary key default hub_hidden.uuid_generate_v7(),
-  -- Save all the things we need to make the MP transferCurrencyExperienceToUser request
   casino_id uuid not null references hub.casino(id),
   experience_id uuid not null references hub.experience(id),
   user_id uuid not null references hub.user(id),
   amount float not null check (amount > 0),
   currency_key text not null,
 
-  -- This is set once we can confirm the transfer was created in MP 
-  -- while submitting metadata={id: withdrawal_request.id}
   mp_transfer_id text null,
 
   foreign key (currency_key, casino_id) references hub.currency(key, casino_id)
@@ -223,15 +199,15 @@ CREATE INDEX withdrawal_request_user_id_idx ON hub.withdrawal_request(user_id);
 CREATE INDEX withdrawal_request_experience_id_idx ON hub.withdrawal_request(experience_id);
 CREATE INDEX withdrawal_request_casino_id_idx ON hub.withdrawal_request(casino_id);
 
-CREATE UNIQUE INDEX withdrawal_request_casino_id_mp_transfer_id_key ON hub.withdrawal_request(casino_id, mp_transfer_id) 
+CREATE UNIQUE INDEX withdrawal_request_casino_id_mp_transfer_id_key ON hub.withdrawal_request(casino_id, mp_transfer_id)
 WHERE mp_transfer_id IS NOT NULL;
 
 create table hub.withdrawal (
-    id uuid primary key default hub_hidden.uuid_generate_v7(), 
-    casino_id uuid not null references hub.casino(id), 
-    mp_transfer_id text not null, -- Gets set once we confirm that MP casino has the transfer
-    user_id uuid not null references hub.user(id), 
-    experience_id uuid not null references hub.experience(id), 
+    id uuid primary key default hub_hidden.uuid_generate_v7(),
+    casino_id uuid not null references hub.casino(id),
+    mp_transfer_id text not null,
+    user_id uuid not null references hub.user(id),
+    experience_id uuid not null references hub.experience(id),
     amount float8 not null check (amount > 0),
     currency_key text not null,
     status hub.transfer_status_kind not null,
@@ -262,7 +238,6 @@ CREATE INDEX faucet_claim_experience_id_idx ON hub.faucet_claim(experience_id);
 CREATE INDEX faucet_claim_casino_id_idx ON hub.faucet_claim(casino_id);
 CREATE INDEX faucet_claim_currency_key_idx ON hub.faucet_claim(currency_key);
 
--- User balances derived from transfers per experience
 create table hub.balance (
     casino_id uuid not null references hub.casino(id),
     user_id uuid not null references hub.user(id),
@@ -278,12 +253,9 @@ CREATE INDEX balance_user_id_idx ON hub.balance(user_id);
 CREATE INDEX balance_experience_id_idx ON hub.balance(experience_id);
 CREATE INDEX balance_casino_id_idx ON hub.balance(casino_id);
 
--- Views
-create view hub.active_session as 
+create view hub.active_session as
 select * from hub.session where expired_at > now();
 
--- Triggers
--- Every time a new casino is inserted, a notification is sent to the channel 'new_casino'
 CREATE OR REPLACE FUNCTION notify_new_casino()
 RETURNS TRIGGER AS $$
 BEGIN
@@ -301,34 +273,29 @@ EXECUTE FUNCTION notify_new_casino();
 
 CREATE OR REPLACE FUNCTION hub.notify_balance_change() RETURNS TRIGGER AS $$
 BEGIN
-    -- For INSERT operations, always notify
     IF TG_OP = 'INSERT' THEN
         PERFORM pg_notify(
           'hub:user:' || NEW.user_id || ':balance_alert',
           json_build_object('currency_key', NEW.currency_key)::text
         );
-    -- For UPDATE operations, only notify if amount changed
     ELSIF TG_OP = 'UPDATE' AND NEW.amount IS DISTINCT FROM OLD.amount THEN
         PERFORM pg_notify(
           'hub:user:' || NEW.user_id || ':balance_alert',
           json_build_object('currency_key', NEW.currency_key)::text
         );
     END IF;
-    
-    -- trigger wants us to return new row
+
     RETURN NEW;
 END;
 $$ LANGUAGE plpgsql;
 
-CREATE TRIGGER balance_change_alert 
+CREATE TRIGGER balance_change_alert
 AFTER INSERT OR UPDATE OF amount ON hub.balance
-FOR EACH ROW 
+FOR EACH ROW
 EXECUTE FUNCTION hub.notify_balance_change();
 
--- Grants
 grant usage on schema public to app_postgraphile;
 grant usage on schema hub to app_postgraphile;
--- hub_hidden utils like hub_hidden.current_user_id() should be accessible to app_postgraphile
 grant usage on schema hub_hidden to app_postgraphile;
 
 grant select on table hub.currency to app_postgraphile;
@@ -351,7 +318,6 @@ grant select on table hub.withdrawal_request to app_postgraphile;
 grant update on hub.casino to app_postgraphile;
 grant update on table hub.bankroll to app_postgraphile;
 
--- Row Level Security
 alter table hub.casino enable row level security;
 alter table hub.casino_secret enable row level security;
 alter table hub.user enable row level security;
@@ -368,14 +334,11 @@ alter table hub.jwk_set_snapshot enable row level security;
 alter table hub.withdrawal_request enable row level security;
 alter table hub.faucet_claim enable row level security;
 
--- RLS Policies
 
--- PUBLIC POLICIES
 create policy select_casino on hub.casino for select using (true);
 create policy select_currency on hub.currency for select using (true);
 create policy select_bankroll on hub.bankroll for select using (true);
 
--- OPERATOR-ONLY POLICIES
 create policy select_experience on hub.experience for select using (
   hub_hidden.is_operator()
 );
@@ -404,55 +367,45 @@ create policy update_bankroll on hub.bankroll for update using (
   hub_hidden.is_operator()
 );
 
--- MIXED-USE POLICIES
--- We should scope every user check to the current experience
--- Else you will accidentally see the user's rows for other experiences
 
 create policy select_user on hub.user for select using (
   hub_hidden.is_operator() or (
-    -- Users can only see their own records
     id = hub_hidden.current_user_id()
   )
 );
 
 create policy select_balance on hub.balance for select using (
   hub_hidden.is_operator() OR (
-    -- Users can only see their own records
     user_id = hub_hidden.current_user_id()
   )
 );
 
 create policy select_deposit on hub.deposit for select using (
   hub_hidden.is_operator() OR (
-    -- Users can only see their own records
     user_id = hub_hidden.current_user_id()
   )
 );
 
 create policy select_withdrawal on hub.withdrawal for select using (
   hub_hidden.is_operator() OR (
-    -- Users can only see their own records
     user_id = hub_hidden.current_user_id()
   )
 );
 
 create policy select_session on hub.session for select using (
   hub_hidden.is_operator() OR (
-    -- Users can only see their own records
     user_id = hub_hidden.current_user_id()
   )
 );
 
 create policy select_withdrawal_request on hub.withdrawal_request for select using (
   hub_hidden.is_operator() OR (
-    -- Users can only see their own records
     user_id = hub_hidden.current_user_id()
   )
 );
 
 create policy select_faucet_claim on hub.faucet_claim for select using (
   hub_hidden.is_operator() OR (
-    -- Users can only see their own records
     user_id = hub_hidden.current_user_id()
   )
 );

package/dist/src/pg-versions/002-balance-id.sql

@@ -1,11 +1,8 @@
--- Add balance.id UUID PK column
--- Migrate the existing surrogate PK to a unique index.
 
 ALTER TABLE hub.balance ADD COLUMN id uuid default hub_hidden.uuid_generate_v7();
 UPDATE hub.balance SET id = hub_hidden.uuid_generate_v7();
 ALTER TABLE hub.balance ALTER COLUMN id SET NOT NULL;
 
--- Migrate old PK to unique index
 ALTER TABLE hub.balance DROP CONSTRAINT balance_pkey;
 ALTER TABLE hub.balance ADD CONSTRAINT balance_pkey PRIMARY KEY (id);
 CREATE UNIQUE INDEX balance_casino_id_user_id_experience_id_currency_key_key ON hub.balance(casino_id, user_id, experience_id, currency_key);

package/dist/src/pg-versions/003-take-request.sql

@@ -1,107 +1,85 @@
--- Create a simplified take request system with a single table state machine
 
--- UNDO
 
--- DROP TABLE IF EXISTS hub.take_transfer;
--- DROP TABLE IF EXISTS hub.take_request;
--- DROP TYPE IF EXISTS hub.mp_take_request_status;
--- DROP TYPE IF EXISTS hub.mp_transfer_status;
 
--- Local take request status that doesn't map to MP's take_request_status kind
 CREATE TYPE hub.take_request_status AS ENUM (
-  'PENDING',    -- Initial state
-  'PROCESSING', -- Funds reserved, transfer in progress
-  'COMPLETED',  -- Transfer completed successfully
-  'FAILED',     -- Transfer failed, needs investigation
-  'REJECTED'    -- Request rejected (insufficient funds, etc)
+  'PENDING',
+  'PROCESSING',
+  'COMPLETED',
+  'FAILED',
+  'REJECTED'
 );
 
--- Maps to MP's app_public.take_request_status enum
 CREATE TYPE hub.mp_take_request_status AS ENUM (
-  'PENDING',              -- Initial state
-  'TRANSFERRED',          -- Experience controller successfully transferred to player
-  'CONTROLLER_REJECTED',  -- Hub controller rejected the take request (player had zero balance)
-  'USER_CANCELED'         -- Player canceled the take request
+  'PENDING',
+  'TRANSFERRED',
+  'CONTROLLER_REJECTED',
+  'USER_CANCELED'
 );
 
--- Maps to MP's app_public.transfer_status_kind enum
 CREATE TYPE hub.mp_transfer_status AS ENUM (
-  'PENDING',    -- Initial state
-  'COMPLETED',  -- Balance transfer completed
-  'CANCELED',   -- Player canceled
-  'UNCLAIMED',  -- Controller hasn't claimed
-  'EXPIRED'     -- Transfer expired
+  'PENDING',
+  'COMPLETED',
+  'CANCELED',
+  'UNCLAIMED',
+  'EXPIRED'
 );
 
--- Create the simplified take request table
 CREATE TABLE hub.take_request (
   id UUID PRIMARY KEY DEFAULT hub_hidden.uuid_generate_v7(),
-  mp_take_request_id UUID UNIQUE NOT NULL, -- MP take request ID 
+  mp_take_request_id UUID UNIQUE NOT NULL,
   user_id UUID NOT NULL REFERENCES hub.user(id),
   experience_id UUID NOT NULL REFERENCES hub.experience(id),
   casino_id UUID NOT NULL REFERENCES hub.casino(id),
   currency_key TEXT NOT NULL,
-  amount FLOAT NULL, -- NULL means "take all"
+  amount FLOAT NULL,
   status hub.take_request_status NOT NULL DEFAULT 'PENDING',
-  mp_status hub.mp_take_request_status NOT NULL DEFAULT 'PENDING', -- MP's take request status
-  status_changed_at TIMESTAMPTZ NOT NULL DEFAULT now(), -- When our status was last changed
+  mp_status hub.mp_take_request_status NOT NULL DEFAULT 'PENDING',
+  status_changed_at TIMESTAMPTZ NOT NULL DEFAULT now(),
   reserved_amount FLOAT NOT NULL,
-  mp_transfer_id UUID NULL, -- ID of the transfer
-  -- mp_transfer_status is just informational
+  mp_transfer_id UUID NULL,
   mp_transfer_status hub.mp_transfer_status NULL,
-  -- Whether we need to call completeTransfer
-  transfer_needs_completion BOOLEAN NOT NULL DEFAULT TRUE, 
-  -- When we last attempted to complete the transfer
-  transfer_completion_attempted_at TIMESTAMPTZ NULL, 
+  transfer_needs_completion BOOLEAN NOT NULL DEFAULT TRUE,
+  transfer_completion_attempted_at TIMESTAMPTZ NULL,
   updated_at TIMESTAMPTZ NOT NULL DEFAULT now(),
-  
+
   FOREIGN KEY (currency_key, casino_id) REFERENCES hub.currency(key, casino_id)
 );
 
--- Create indexes for queries we'll run frequently
 CREATE INDEX take_request_casino_id_idx ON hub.take_request(casino_id);
 CREATE INDEX take_request_user_id_idx ON hub.take_request(user_id);
 CREATE INDEX take_request_experience_id_idx ON hub.take_request(experience_id);
 CREATE INDEX take_request_status_idx ON hub.take_request(status);
 CREATE INDEX take_request_updated_at_idx ON hub.take_request(updated_at);
--- A mp_take_request_id is unique per casino
-CREATE UNIQUE INDEX take_request_casino_id_mp_take_request_id_key ON hub.take_request(casino_id, mp_take_request_id); 
--- A mp_transfer_id is unique per casino
+CREATE UNIQUE INDEX take_request_casino_id_mp_take_request_id_key ON hub.take_request(casino_id, mp_take_request_id);
 CREATE UNIQUE INDEX take_request_casino_id_mp_transfer_id_key ON hub.take_request(casino_id, mp_transfer_id) WHERE mp_transfer_id IS NOT NULL;
 
 
--- Create a function to automatically update timestamps
 CREATE OR REPLACE FUNCTION hub.update_take_request_timestamps()
 RETURNS TRIGGER AS $$
 BEGIN
   NEW.updated_at = NOW();
-  
-  -- Update status_changed_at if status is changing
+
   IF OLD.status IS DISTINCT FROM NEW.status THEN
     NEW.status_changed_at = NOW();
   END IF;
-  
+
   RETURN NEW;
 END;
 $$ LANGUAGE plpgsql;
 
--- Create trigger to call the function
 CREATE TRIGGER update_take_request_timestamps
 BEFORE UPDATE ON hub.take_request
 FOR EACH ROW
 EXECUTE FUNCTION hub.update_take_request_timestamps();
 
--- GRANTS
 
 GRANT SELECT ON hub.take_request TO app_postgraphile;
 
--- RLS
 
 ALTER TABLE hub.take_request ENABLE ROW LEVEL SECURITY;
 
 CREATE POLICY select_take_request ON hub.take_request FOR SELECT USING (
   hub_hidden.is_operator() OR (
-    -- Users can only see their own records
     user_id = hub_hidden.current_user_id()
   )
 );

package/dist/src/pg-versions/004-rls-scope-to-experience.sql

@@ -1,26 +1,18 @@
 drop policy if exists select_user on hub.user;
 create policy select_user on hub.user for select using (
-  hub_hidden.is_operator() or 
-  -- Users can only see their own records
-  -- Users are global and not scoped to experiences
+  hub_hidden.is_operator() or
   (
     id = hub_hidden.current_user_id() and
-    -- casino_id match is redundant but we'll include it for consistency
     casino_id = hub_hidden.current_casino_id()
   )
 );
 
--- These are all scoped to the current experience
---
--- Technically, matching on (user_id, experience_id) is sufficient since
--- experience implies casino, but we'll match on all three to be explicit.
 
 drop policy if exists select_balance on hub.balance;
 create policy select_balance on hub.balance for select using (
-  hub_hidden.is_operator() OR 
-  -- Users can only see their own records for current experience
+  hub_hidden.is_operator() OR
   (
-    user_id = hub_hidden.current_user_id() and 
+    user_id = hub_hidden.current_user_id() and
     experience_id = hub_hidden.current_experience_id() and
     casino_id = hub_hidden.current_casino_id()
   )
@@ -29,9 +21,8 @@ create policy select_balance on hub.balance for select using (
 drop policy if exists select_deposit on hub.deposit;
 create policy select_deposit on hub.deposit for select using (
   hub_hidden.is_operator() OR
-  -- Users can only see their own records for current experience
   (
-    user_id = hub_hidden.current_user_id() and 
+    user_id = hub_hidden.current_user_id() and
     experience_id = hub_hidden.current_experience_id() and
     casino_id = hub_hidden.current_casino_id()
   )
@@ -40,9 +31,8 @@ create policy select_deposit on hub.deposit for select using (
 drop policy if exists select_withdrawal on hub.withdrawal;
 create policy select_withdrawal on hub.withdrawal for select using (
   hub_hidden.is_operator() OR
-  -- Users can only see their own records for current experience
   (
-    user_id = hub_hidden.current_user_id() and 
+    user_id = hub_hidden.current_user_id() and
     experience_id = hub_hidden.current_experience_id() and
     casino_id = hub_hidden.current_casino_id()
   )
@@ -51,9 +41,8 @@ create policy select_withdrawal on hub.withdrawal for select using (
 drop policy if exists select_session on hub.session;
 create policy select_session on hub.session for select using (
   hub_hidden.is_operator() OR
-  -- Users can only see their own records for current experience
   (
-    user_id = hub_hidden.current_user_id() and 
+    user_id = hub_hidden.current_user_id() and
     experience_id = hub_hidden.current_experience_id() and
     casino_id = hub_hidden.current_casino_id()
   )
@@ -62,9 +51,8 @@ create policy select_session on hub.session for select using (
 drop policy if exists select_withdrawal_request on hub.withdrawal_request;
 create policy select_withdrawal_request on hub.withdrawal_request for select using (
   hub_hidden.is_operator() OR
-  -- Users can only see their own records for current experience
   (
-    user_id = hub_hidden.current_user_id() and 
+    user_id = hub_hidden.current_user_id() and
     experience_id = hub_hidden.current_experience_id() and
     casino_id = hub_hidden.current_casino_id()
   )
@@ -73,9 +61,8 @@ create policy select_withdrawal_request on hub.withdrawal_request for select usi
 drop policy if exists select_faucet_claim on hub.faucet_claim;
 create policy select_faucet_claim on hub.faucet_claim for select using (
   hub_hidden.is_operator() OR
-  -- Users can only see their own records for current experience
   (
-    user_id = hub_hidden.current_user_id() and 
+    user_id = hub_hidden.current_user_id() and
     experience_id = hub_hidden.current_experience_id() and
     casino_id = hub_hidden.current_casino_id()
   )

package/dist/src/pg-versions/005-hash-chain.sql

@@ -10,58 +10,48 @@ CREATE TABLE hub.hash_chain (
   current_iteration int NOT NULL check (current_iteration between 0 and max_iteration)
 );
 
--- TODO: Should probably index current_iteration
--- CREATE INDEX hash_chain_current_iteration_idx ON hub.hash_chain(current_iteration);
 
 CREATE INDEX hash_chain_user_id_idx ON hub.hash_chain(user_id);
 CREATE INDEX hash_chain_experience_id_idx ON hub.hash_chain(experience_id);
 CREATE INDEX hash_chain_casino_id_idx ON hub.hash_chain(casino_id);
 
--- Ensure only one active hash_chain per user per experience per casino
 CREATE UNIQUE INDEX active_hash_chain_idx
   ON hub.hash_chain (user_id, experience_id, casino_id)
   WHERE active = true;
 
 CREATE TYPE hub.hash_kind AS ENUM (
-  'TERMINAL', -- max iteration hash (e.g. iteration 1000)
-  'INTERMEDIATE', -- intermediate hash (e.g. iteration 1-999)
-  'PREIMAGE' -- preimage hash (always iteration 0)
+  'TERMINAL',
+  'INTERMEDIATE',
+  'PREIMAGE'
 );
 
--- this is the base table for all bets events
 CREATE TABLE hub.hash (
   id            uuid PRIMARY KEY DEFAULT hub_hidden.uuid_generate_v7(),
   kind          hub.hash_kind NOT NULL,
   hash_chain_id uuid NOT NULL REFERENCES hub.hash_chain(id),
-  iteration     int NOT NULL check (iteration >= 0),    -- which Nth value from the hash chain it is
-  digest        bytea NOT NULL,   -- the actual hash we got from hash chain server
-  metadata      jsonb NOT NULL DEFAULT '{}' -- operator can store game-specific tags
+  iteration     int NOT NULL check (iteration >= 0),
+  digest        bytea NOT NULL,
+  metadata      jsonb NOT NULL DEFAULT '{}'
 );
 
 CREATE INDEX hash_hash_chain_id_idx ON hub.hash(hash_chain_id);
 
--- Ensure iterations are unique per hash_chain to avoid dupe mistakes
 CREATE UNIQUE INDEX hash_hash_chain_id_iteration_idx ON hub.hash(hash_chain_id, iteration);
 
--- Ensure a hash_chain only has of each end-type hash
 CREATE UNIQUE INDEX hash_chain_terminal_hash_idx ON hub.hash (hash_chain_id)
   WHERE kind = 'TERMINAL';
 CREATE UNIQUE INDEX hash_chain_preimage_hash_idx ON hub.hash (hash_chain_id)
   WHERE kind = 'PREIMAGE';
 
--- GRANTS
 
 GRANT SELECT ON TABLE hub.hash_chain TO app_postgraphile;
 GRANT SELECT ON TABLE hub.hash TO app_postgraphile;
 
--- RLS
 ALTER TABLE hub.hash_chain ENABLE ROW LEVEL SECURITY;
 ALTER TABLE hub.hash ENABLE ROW LEVEL SECURITY;
 
 CREATE POLICY select_hash_chain ON hub.hash_chain FOR SELECT USING (
-  -- Operator can see all rows
   hub_hidden.is_operator() OR
-  -- User can see their own rows
   (
     user_id = hub_hidden.current_user_id() AND
     experience_id = hub_hidden.current_experience_id() AND
@@ -69,14 +59,11 @@ CREATE POLICY select_hash_chain ON hub.hash_chain FOR SELECT USING (
   )
 );
 
--- TODO: Since we have RLS we could just make hashes public for simplicity/perf
 CREATE POLICY select_hash ON hub.hash FOR SELECT USING (
-  -- Operator can see all rows
   hub_hidden.is_operator() OR
-  -- User can see their own rows by checking the associated hash_chain
   EXISTS (
-    SELECT 1 
-    FROM hub.hash_chain 
+    SELECT 1
+    FROM hub.hash_chain
     WHERE hub.hash_chain.id = hub.hash.hash_chain_id
       AND hub.hash_chain.user_id = hub_hidden.current_user_id()
       AND hub.hash_chain.experience_id = hub_hidden.current_experience_id()