npm - @nextblock-cms/db - Versions diffs - 0.2.27 → 0.2.29 - Mend

@nextblock-cms/db 0.2.27 → 0.2.29

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (87) hide show

package/supabase/migrations/20250513194738_setup_roles_and_profiles.sql DELETED Viewed

@@ -1,41 +0,0 @@
--- lowercase sql
--- 1. create the user_role enum type
-create type public.user_role as enum ('ADMIN', 'WRITER', 'USER');
--- 2. create the profiles table
-create table public.profiles (
-  id uuid not null primary key, -- references auth.users(id)
-  updated_at timestamp with time zone,
-  username text unique,
-  full_name text,
-  avatar_url text,
-  website text,
-  role public.user_role not null default 'USER',
-  constraint username_length check (char_length(username) >= 3)
-);
--- 3. set up foreign key from profiles.id to auth.users.id
-alter table public.profiles
-  add constraint profiles_id_fkey
-  foreign key (id)
-  references auth.users (id)
-  on delete cascade; -- if a user is deleted, their profile is also deleted
--- 4. (optional) add some sample inserts for roles if needed directly, though roles are part of the enum.
--- users will get roles assigned. an admin user might need to be set manually or via seed.
--- example: update a specific user to be an admin after they sign up.
--- update public.profiles set role = 'ADMIN' where id = 'user_id_of_admin';
--- 5. (optional) seed an initial admin user if you know their auth.users.id
--- this requires the user to exist in auth.users first.
--- insert into public.profiles (id, username, full_name, role)
--- values ('<some-auth-user-id>', 'admin_user', 'Admin User', 'ADMIN')
--- on conflict (id) do update set role = 'ADMIN';
--- note: the trigger in the next migration is preferred for new users.
--- this manual insert/update is for bootstrapping your first admin.
-comment on table public.profiles is 'profile information for each user, extending auth.users.';
-comment on column public.profiles.id is 'references auth.users.id';
-comment on column public.profiles.role is 'user role for rbac.';

package/supabase/migrations/20250513194910_auto_create_profile_trigger.sql DELETED Viewed

@@ -1,48 +0,0 @@
--- This function is triggered when a new user signs up in auth.users
--- It creates a corresponding profile in public.profiles
--- and assigns 'ADMIN' to the first user, then 'USER' thereafter, using a KV flag in site_settings.
-CREATE OR REPLACE FUNCTION public.handle_new_user()
-RETURNS TRIGGER
-LANGUAGE plpgsql
-SECURITY DEFINER
-SET search_path = 'public'
-AS $$
-DECLARE
-  admin_flag_set BOOLEAN := FALSE;
-  user_role TEXT;
-BEGIN
-  -- Ensure the admin flag row exists
-  INSERT INTO public.site_settings (key, value)
-  VALUES ('is_admin_created', 'false'::jsonb)
-  ON CONFLICT (key) DO NOTHING;
-  -- Lock and read the flag
-  SELECT COALESCE((value)::jsonb::boolean, FALSE)
-  INTO admin_flag_set
-  FROM public.site_settings
-  WHERE key = 'is_admin_created'
-  FOR UPDATE;
-  IF admin_flag_set = FALSE THEN
-    user_role := 'ADMIN';
-    UPDATE public.site_settings
-    SET value = 'true'::jsonb
-    WHERE key = 'is_admin_created';
-  ELSE
-    user_role := 'USER';
-  END IF;
-  INSERT INTO public.profiles (id, role)
-  VALUES (NEW.id, user_role);
-  RETURN NEW;
-END;
-$$;
--- Drop and recreate the trigger to use the updated function
-DROP TRIGGER IF EXISTS on_auth_user_created ON auth.users;
-CREATE TRIGGER on_auth_user_created
-  AFTER INSERT ON auth.users
-  FOR EACH ROW EXECUTE FUNCTION public.handle_new_user();

package/supabase/migrations/20250513194916_rls_for_profiles.sql DELETED Viewed

@@ -1,85 +0,0 @@
--- lowercase sql
--- 1. enable row level security on the profiles table
-alter table public.profiles enable row level security;
--- 2. create policies for profiles table
--- allow users to read their own profile
-create policy "users_can_select_own_profile"
-on public.profiles for select
-using (auth.uid() = id);
--- allow users to update their own profile
-create policy "users_can_update_own_profile"
-on public.profiles for update
-using (auth.uid() = id)
-with check (auth.uid() = id);
--- allow admins to select any profile
-create policy "admins_can_select_any_profile"
-on public.profiles for select
-using (
-  exists (
-    select 1
-    from public.profiles
-    where id = auth.uid() and role = 'ADMIN'
-  )
-);
--- allow admins to update any profile
-create policy "admins_can_update_any_profile"
-on public.profiles for update
-using (
-  exists (
-    select 1
-    from public.profiles
-    where id = auth.uid() and role = 'ADMIN'
-  )
-)
-with check (
-  exists (
-    select 1
-    from public.profiles
-    where id = auth.uid() and role = 'ADMIN'
-  )
-);
--- allow admins to insert profiles (e.g., for manual setup, though trigger handles new users)
-create policy "admins_can_insert_profiles"
-on public.profiles for insert
-with check (
-  exists (
-    select 1
-    from public.profiles
-    where id = auth.uid() and role = 'ADMIN'
-  )
-);
--- (optional) allow any authenticated user to read any profile if roles need to be widely available
--- create policy "authenticated_users_can_read_profiles"
--- on public.profiles for select
--- to authenticated
--- using (true);
--- For now, we'll stick to more restrictive select policies above.
--- The middleware will need to fetch the current user's role. The "users_can_select_own_profile"
--- policy allows this. If an admin needs to see other user's roles in a list,
--- "admins_can_select_any_profile" covers that.
-comment on policy "users_can_select_own_profile" on public.profiles is 'users can read their own profile.';
-comment on policy "users_can_update_own_profile" on public.profiles is 'users can update their own profile.';
-comment on policy "admins_can_select_any_profile" on public.profiles is 'admin users can read any profile.';
-comment on policy "admins_can_update_any_profile" on public.profiles is 'admin users can update any profile.';
-comment on policy "admins_can_insert_profiles" on public.profiles is 'admin users can insert new profiles.';
--- Note on Deletion: Deletion is handled by `on delete cascade` from `auth.users`.
--- If direct deletion from `profiles` table is needed (e.g., by an admin), a policy would be:
--- create policy "admins_can_delete_profiles"
--- on public.profiles for delete
--- using (
---   exists (
---     select 1
---     from public.profiles
---     where id = auth.uid() and role = 'ADMIN'
---   )
--- );

package/supabase/migrations/20250514125634_fix_recursive_rls_policies.sql DELETED Viewed

@@ -1,51 +0,0 @@
--- Migration to fix recursive RLS policies on the 'profiles' table
--- 1. Create a helper function to get the current user's role securely
--- This function runs with the definer's privileges, avoiding RLS recursion
--- when called from within an RLS policy.
-create or replace function public.get_current_user_role()
-returns public.user_role -- Your ENUM type for roles
-language sql
-stable -- Indicates the function doesn't modify the database
-security definer
-set search_path = public -- Ensures 'profiles' table is found in 'public' schema
-as $$
-  select role from public.profiles where id = auth.uid();
-$$;
-comment on function public.get_current_user_role() is 'Fetches the role of the currently authenticated user. SECURITY DEFINER to prevent RLS recursion issues when used in policies.';
--- 2. Drop the old, problematic RLS policies
--- It's good practice to drop before creating, even if they might not exist or cause errors if they don't.
--- The original error means the "admins_can_select_any_profile" policy was indeed created.
-drop policy if exists "admins_can_select_any_profile" on public.profiles;
-drop policy if exists "admins_can_update_any_profile" on public.profiles;
-drop policy if exists "admins_can_insert_profiles" on public.profiles;
--- Add any other admin policies that used the recursive pattern, e.g., for delete
--- drop policy if exists "admins_can_delete_profiles" on public.profiles;
--- 3. Recreate the admin policies using the helper function
--- For SELECT: Allows admins to select any profile.
-create policy "admins_can_select_any_profile"
-on public.profiles for select
-using (public.get_current_user_role() = 'ADMIN'); -- Compares ENUM to 'ADMIN' literal
--- For UPDATE: Allows admins to update any profile.
-create policy "admins_can_update_any_profile"
-on public.profiles for update
-using (public.get_current_user_role() = 'ADMIN')
-with check (public.get_current_user_role() = 'ADMIN');
--- For INSERT: Allows admins to insert profiles (trigger handles new users, this is for manual admin action).
-create policy "admins_can_insert_profiles"
-on public.profiles for insert
-with check (public.get_current_user_role() = 'ADMIN');
--- (Optional) If you had an admin delete policy with the recursive pattern:
--- create policy "admins_can_delete_profiles"
--- on public.profiles for delete
--- using (public.get_current_user_role() = 'ADMIN');
--- Note: The "users_can_select_own_profile" and "users_can_update_own_profile"
--- policies from your previous migration are fine and do not need to be changed
--- as they don't have the recursive subquery pattern.

package/supabase/migrations/20250514143016_setup_languages_table.sql DELETED Viewed

@@ -1,66 +0,0 @@
--- lowercase sql
--- 1. create the languages table
-create table public.languages (
-  id bigint generated by default as identity primary key,
-  code text not null unique, -- e.g., 'en', 'fr' (BCP 47 language tags)
-  name text not null, -- e.g., 'English', 'Français'
-  is_default boolean not null default false,
-  created_at timestamp with time zone not null default now(),
-  updated_at timestamp with time zone not null default now()
-);
-comment on table public.languages is 'Stores supported languages for the CMS.';
-comment on column public.languages.code is 'BCP 47 language code (e.g., en, en-US, fr, fr-CA).';
-comment on column public.languages.name is 'Human-readable name of the language.';
-comment on column public.languages.is_default is 'Indicates if this is the default fallback language.';
--- 2. create a partial unique index to ensure only one language can be default
--- This ensures data integrity at the database level for the is_default flag.
-create unique index ensure_single_default_language_idx
-on public.languages (is_default)
-where (is_default = true);
--- 3. seed initial languages: english (default) and french
-insert into public.languages (code, name, is_default)
-values
-  ('en', 'English', true),
-  ('fr', 'Français', false);
--- 4. enable row level security (rls) on the languages table
-alter table public.languages enable row level security;
--- 5. create rls policies for the languages table
--- policy: allow public read access to languages
-create policy "languages_are_publicly_readable"
-on public.languages for select
-to anon, authenticated
-using (true);
--- policy: allow admins to manage languages (insert, update, delete)
-create policy "admins_can_manage_languages"
-on public.languages for all -- covers insert, update, delete
-to authenticated
-using (
-  -- check if the user is an admin by calling the helper function created in phase 1
-  public.get_current_user_role() = 'ADMIN'
-)
-with check (
-  public.get_current_user_role() = 'ADMIN'
-);
--- (Optional) Trigger to automatically update 'updated_at' timestamp
-create or replace function public.handle_languages_update()
-returns trigger
-language plpgsql
-as $$
-begin
-  new.updated_at = now();
-  return new;
-end;
-$$;
-create trigger on_languages_update
-  before update on public.languages
-  for each row
-  execute procedure public.handle_languages_update();

package/supabase/migrations/20250514171549_create_pages_table.sql DELETED Viewed

@@ -1,73 +0,0 @@
--- lowercase sql
--- define page_status enum (if not already defined for other tables)
--- checking if type exists to prevent error if run multiple times or if defined elsewhere
-do $$
-begin
-  if not exists (select 1 from pg_type where typname = 'page_status') then
-    create type public.page_status as enum ('draft', 'published', 'archived');
-  end if;
-end
-$$;
--- create pages table
-create table public.pages (
-  id bigint generated by default as identity primary key,
-  language_id bigint not null references public.languages(id) on delete cascade,
-  author_id uuid references public.profiles(id) on delete set null,
-  title text not null,
-  slug text not null,
-  status public.page_status not null default 'draft',
-  meta_title text,
-  meta_description text,
-  created_at timestamp with time zone not null default now(),
-  updated_at timestamp with time zone not null default now()
-);
-comment on table public.pages is 'stores static pages for the website.';
-comment on column public.pages.language_id is 'the language of this page version.';
-comment on column public.pages.author_id is 'the user who originally created the page.';
-comment on column public.pages.slug is 'url-friendly identifier for the page, unique per language.';
-comment on column public.pages.status is 'publication status of the page.';
-comment on column public.pages.meta_title is 'seo title for the page.';
-comment on column public.pages.meta_description is 'seo description for the page.';
-alter table public.pages
-  add constraint pages_language_id_slug_key unique (language_id, slug);
-alter table public.pages enable row level security;
-create policy "pages_are_publicly_readable_when_published"
-on public.pages for select
-to anon, authenticated
-using (status = 'published');
-create policy "authors_writers_admins_can_read_own_drafts"
-on public.pages for select
-to authenticated
-using (
-  (status <> 'published' and author_id = auth.uid()) or
-  (status <> 'published' and public.get_current_user_role() in ('ADMIN', 'WRITER'))
-);
-create policy "admins_and_writers_can_manage_pages"
-on public.pages for all
-to authenticated
-using (public.get_current_user_role() in ('ADMIN', 'WRITER'))
-with check (public.get_current_user_role() in ('ADMIN', 'WRITER'));
-create or replace function public.handle_pages_update()
-returns trigger
-language plpgsql
-security definer set search_path = public
-as $$
-begin
-  new.updated_at = now();
-  return new;
-end;
-$$;
-create trigger on_pages_update
-  before update on public.pages
-  for each row
-  execute procedure public.handle_pages_update();

package/supabase/migrations/20250514171550_create_posts_table.sql DELETED Viewed

@@ -1,61 +0,0 @@
--- lowercase sql
-create table public.posts (
-  id bigint generated by default as identity primary key,
-  language_id bigint not null references public.languages(id) on delete cascade,
-  author_id uuid references public.profiles(id) on delete set null,
-  title text not null,
-  slug text not null,
-  excerpt text,
-  status public.page_status not null default 'draft', -- reuse page_status
-  published_at timestamp with time zone,
-  meta_title text,
-  meta_description text,
-  created_at timestamp with time zone not null default now(),
-  updated_at timestamp with time zone not null default now()
-);
-comment on table public.posts is 'stores blog posts or news articles.';
-comment on column public.posts.slug is 'url-friendly identifier, unique per language.';
-comment on column public.posts.excerpt is 'a short summary of the post.';
-comment on column public.posts.published_at is 'date and time for publication.';
-alter table public.posts
-  add constraint posts_language_id_slug_key unique (language_id, slug);
-alter table public.posts enable row level security;
-create policy "posts_are_publicly_readable_when_published"
-on public.posts for select
-to anon, authenticated
-using (status = 'published' and (published_at is null or published_at <= now()));
-create policy "authors_writers_admins_can_read_own_draft_posts"
-on public.posts for select
-to authenticated
-using (
-  (status <> 'published' and author_id = auth.uid()) or
-  (status <> 'published'and public.get_current_user_role() in ('ADMIN', 'WRITER'))
-);
-create policy "admins_and_writers_can_manage_posts"
-on public.posts for all
-to authenticated
-using (public.get_current_user_role() in ('ADMIN', 'WRITER'))
-with check (public.get_current_user_role() in ('ADMIN', 'WRITER'));
-create or replace function public.handle_posts_update()
-returns trigger
-language plpgsql
-security definer set search_path = public
-as $$
-begin
-  new.updated_at = now();
-  return new;
-end;
-$$;
-create trigger on_posts_update
-  before update on public.posts
-  for each row
-  execute procedure public.handle_posts_update();

package/supabase/migrations/20250514171552_create_media_table.sql DELETED Viewed

@@ -1,45 +0,0 @@
--- lowercase sql
-create table public.media (
-  id uuid primary key default gen_random_uuid(),
-  uploader_id uuid references public.profiles(id) on delete set null,
-  file_name text not null,
-  object_key text not null unique,
-  file_type text,
-  size_bytes bigint,
-  description text,
-  created_at timestamp with time zone not null default now(),
-  updated_at timestamp with time zone not null default now()
-);
-comment on table public.media is 'stores information about uploaded media assets.';
-comment on column public.media.object_key is 'unique key (path) in cloudflare r2.';
-alter table public.media enable row level security;
-create policy "media_is_readable_by_all"
-on public.media for select
-to anon, authenticated
-using (true);
-create policy "admins_and_writers_can_manage_media"
-on public.media for all
-to authenticated
-using (public.get_current_user_role() in ('ADMIN', 'WRITER'))
-with check (public.get_current_user_role() in ('ADMIN', 'WRITER'));
-create or replace function public.handle_media_update()
-returns trigger
-language plpgsql
-security definer set search_path = public
-as $$
-begin
-  new.updated_at = now();
-  return new;
-end;
-$$;
-create trigger on_media_update
-  before update on public.media
-  for each row
-  execute procedure public.handle_media_update();

package/supabase/migrations/20250514171553_create_blocks_table.sql DELETED Viewed

@@ -1,54 +0,0 @@
--- lowercase sql
-create table public.blocks (
-  id bigint generated by default as identity primary key,
-  page_id bigint references public.pages(id) on delete cascade,
-  post_id bigint references public.posts(id) on delete cascade,
-  language_id bigint not null references public.languages(id) on delete cascade,
-  block_type text not null,
-  content jsonb,
-  "order" integer not null default 0,
-  created_at timestamp with time zone not null default now(),
-  updated_at timestamp with time zone not null default now(),
-  constraint check_exactly_one_parent check (
-    (page_id is not null and post_id is null) or
-    (post_id is not null and page_id is null)
-  )
-);
-comment on table public.blocks is 'stores content blocks for pages and posts.';
-comment on column public.blocks.block_type is 'type of the block, e.g., "text", "image".';
-comment on column public.blocks.content is 'jsonb content specific to the block_type.';
-comment on column public.blocks.order is 'sort order of the block.';
-alter table public.blocks enable row level security;
-create policy "blocks_are_readable_if_parent_is_published"
-on public.blocks for select
-to anon, authenticated
-using (
-  (page_id is not null and exists(select 1 from public.pages p where p.id = blocks.page_id and p.status = 'published')) or
-  (post_id is not null and exists(select 1 from public.posts pt where pt.id = blocks.post_id and pt.status = 'published' and (pt.published_at is null or pt.published_at <= now())))
-);
-create policy "admins_and_writers_can_manage_blocks"
-on public.blocks for all
-to authenticated
-using (public.get_current_user_role() in ('ADMIN', 'WRITER'))
-with check (public.get_current_user_role() in ('ADMIN', 'WRITER'));
-create or replace function public.handle_blocks_update()
-returns trigger
-language plpgsql
-security definer set search_path = public
-as $$
-begin
-  new.updated_at = now();
-  return new;
-end;
-$$;
-create trigger on_blocks_update
-  before update on public.blocks
-  for each row
-  execute procedure public.handle_blocks_update();

package/supabase/migrations/20250514171615_create_navigation_table.sql DELETED Viewed

@@ -1,56 +0,0 @@
--- lowercase sql
-do $$
-begin
-  if not exists (select 1 from pg_type where typname = 'menu_location') then
-    create type public.menu_location as enum ('HEADER', 'FOOTER', 'SIDEBAR');
-  end if;
-end
-$$;
-create table public.navigation_items (
-  id bigint generated by default as identity primary key,
-  language_id bigint not null references public.languages(id) on delete cascade,
-  menu_key public.menu_location not null,
-  label text not null,
-  url text not null,
-  parent_id bigint references public.navigation_items(id) on delete cascade,
-  "order" integer not null default 0,
-  page_id bigint references public.pages(id) on delete set null,
-  created_at timestamp with time zone not null default now(),
-  updated_at timestamp with time zone not null default now()
-);
-comment on table public.navigation_items is 'stores navigation menu items.';
-comment on column public.navigation_items.menu_key is 'identifies the menu this item belongs to.';
-create index idx_navigation_items_menu_lang_order on public.navigation_items (menu_key, language_id, "order");
-alter table public.navigation_items enable row level security;
-create policy "navigation_is_publicly_readable"
-on public.navigation_items for select
-to anon, authenticated
-using (true);
-create policy "admins_can_manage_navigation"
-on public.navigation_items for all
-to authenticated
-using (public.get_current_user_role() = 'ADMIN')
-with check (public.get_current_user_role() = 'ADMIN');
-create or replace function public.handle_navigation_items_update()
-returns trigger
-language plpgsql
-security definer set search_path = public
-as $$
-begin
-  new.updated_at = now();
-  return new;
-end;
-$$;
-create trigger on_navigation_items_update
-  before update on public.navigation_items
-  for each row
-  execute procedure public.handle_navigation_items_update();

package/supabase/migrations/20250514171627_rls_policies_for_content_tables.sql DELETED Viewed

@@ -1,70 +0,0 @@
--- supabase/migrations/YYYYMMDDHHMMSS_rls_policies_for_content_tables.sql
--- lowercase sql
-begin;
---
--- Pages Table RLS
---
-alter table public.pages enable row level security;
-drop policy if exists "authors_writers_admins_can_read_own_or_all_drafts" on public.pages;
--- allow authenticated users (authors, writers, admins) to read their own or all non-published pages
-create policy "authors_writers_admins_can_read_own_or_all_drafts"
-on public.pages for select
-to authenticated
-using (
-  (status <> 'published' and author_id = auth.uid()) or -- author can read their own non-published
-  (status <> 'published' and public.get_current_user_role() in ('ADMIN', 'WRITER')) -- admins/writers can read all non-published
-);
---
--- Posts Table RLS
---
-alter table public.posts enable row level security;
-drop policy if exists "authors_writers_admins_can_read_own_or_all_draft_posts" on public.posts;
--- allow authenticated users (authors, writers, admins) to read their own or all non-published posts
-create policy "authors_writers_admins_can_read_own_or_all_draft_posts"
-on public.posts for select
-to authenticated
-using (
-  (status <> 'published' and author_id = auth.uid()) or
-  (status <> 'published'and public.get_current_user_role() in ('ADMIN', 'WRITER'))
-);
---
--- Media Table RLS
---
-alter table public.media enable row level security;
---
--- Blocks Table RLS
---
-alter table public.blocks enable row level security;
-drop policy if exists "blocks_are_readable_if_parent_is_published" on public.blocks;
--- allow anonymous and authenticated users to read blocks if their parent page/post is published
-create policy "blocks_are_readable_if_parent_is_published"
-on public.blocks for select
-to anon, authenticated
-using (
-  (page_id is not null and exists(select 1 from public.pages p where p.id = blocks.page_id and p.status = 'published')) or
-  (post_id is not null and exists(select 1 from public.posts pt where pt.id = blocks.post_id and pt.status = 'published' and (pt.published_at is null or pt.published_at <= now())))
-);
--- allow admins and writers to insert, update, delete blocks
-drop policy if exists "admins_and_writers_can_manage_blocks" on public.blocks;
-create policy "admins_and_writers_can_manage_blocks"
-on public.blocks for all
-to authenticated
-using (public.get_current_user_role() in ('ADMIN', 'WRITER'))
-with check (public.get_current_user_role() in ('ADMIN', 'WRITER'));
---
--- Navigation Items Table RLS
---
-alter table public.navigation_items enable row level security;
-commit;