vibecarbon 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +663 -0
- package/README.md +188 -0
- package/carbon/.claude/hooks/task-completed-gate.sh +19 -0
- package/carbon/.claude/hooks/teammate-idle-gate.sh +29 -0
- package/carbon/.claude/settings.json +29 -0
- package/carbon/.cursor/rules/vibecarbon.mdc +6 -0
- package/carbon/.dockerignore +57 -0
- package/carbon/.env.example +219 -0
- package/carbon/.github/copilot-instructions.md +3 -0
- package/carbon/.github/workflows/deploy.yml +346 -0
- package/carbon/.github/workflows/vibecarbon-build.yml +81 -0
- package/carbon/.windsurfrules +74 -0
- package/carbon/AGENTS.md +422 -0
- package/carbon/CLAUDE.md +3 -0
- package/carbon/DEVELOPMENT.md +187 -0
- package/carbon/Dockerfile +98 -0
- package/carbon/LICENSE +21 -0
- package/carbon/PRODUCTION.md +364 -0
- package/carbon/README.md +193 -0
- package/carbon/TESTING.md +138 -0
- package/carbon/backup/Dockerfile +75 -0
- package/carbon/backup/backup.sh +95 -0
- package/carbon/backup/compose-backup.sh +140 -0
- package/carbon/biome.json +83 -0
- package/carbon/cloud-init/docker-ce-setup.yaml +55 -0
- package/carbon/cloud-init/k3s/master-init.sh +215 -0
- package/carbon/cloud-init/k3s/supabase-init.sh +167 -0
- package/carbon/cloud-init/k3s/worker-init.sh +147 -0
- package/carbon/components.json +24 -0
- package/carbon/content/blog/authentication-guide.mdx +34 -0
- package/carbon/content/blog/getting-started.mdx +41 -0
- package/carbon/content/changelog/v0-1-0.mdx +40 -0
- package/carbon/content/docs/analytics.mdx +90 -0
- package/carbon/content/docs/authentication.mdx +231 -0
- package/carbon/content/docs/background-jobs.mdx +116 -0
- package/carbon/content/docs/cli.mdx +630 -0
- package/carbon/content/docs/database.mdx +236 -0
- package/carbon/content/docs/deployment.mdx +227 -0
- package/carbon/content/docs/development.mdx +238 -0
- package/carbon/content/docs/environments.mdx +84 -0
- package/carbon/content/docs/getting-started.mdx +112 -0
- package/carbon/content/docs/legal/privacy-policy.mdx +89 -0
- package/carbon/content/docs/legal/terms-of-service.mdx +99 -0
- package/carbon/content/docs/optional-services.mdx +160 -0
- package/carbon/db/Dockerfile +23 -0
- package/carbon/docker-compose.dev-init.yml +5 -0
- package/carbon/docker-compose.metabase.override.yml +14 -0
- package/carbon/docker-compose.metabase.prod.yml +28 -0
- package/carbon/docker-compose.metabase.yml +84 -0
- package/carbon/docker-compose.n8n.override.yml +14 -0
- package/carbon/docker-compose.n8n.prod.yml +31 -0
- package/carbon/docker-compose.n8n.yml +97 -0
- package/carbon/docker-compose.observability.override.yml +18 -0
- package/carbon/docker-compose.observability.prod.yml +28 -0
- package/carbon/docker-compose.observability.yml +125 -0
- package/carbon/docker-compose.override.yml +28 -0
- package/carbon/docker-compose.prod.yml +294 -0
- package/carbon/docker-compose.yml +508 -0
- package/carbon/docker-entrypoint.sh +12 -0
- package/carbon/ha/activate-standby.sh +52 -0
- package/carbon/ha/primary-init.sql +36 -0
- package/carbon/ha/standby-init.sh +74 -0
- package/carbon/k8s/LICENSE +99 -0
- package/carbon/k8s/README.md +272 -0
- package/carbon/k8s/base/app/deployment.yaml +130 -0
- package/carbon/k8s/base/app/hpa.yaml +44 -0
- package/carbon/k8s/base/app/kustomization.yaml +10 -0
- package/carbon/k8s/base/app/network-policy.yaml +124 -0
- package/carbon/k8s/base/app/pdb.yaml +14 -0
- package/carbon/k8s/base/app/rbac.yaml +36 -0
- package/carbon/k8s/base/app/service.yaml +16 -0
- package/carbon/k8s/base/backup/cronjob.yaml +120 -0
- package/carbon/k8s/base/backup/kustomization.yaml +7 -0
- package/carbon/k8s/base/backup/network-policy.yaml +31 -0
- package/carbon/k8s/base/backup/rbac.yaml +7 -0
- package/carbon/k8s/base/cluster-autoscaler/deployment.yaml +103 -0
- package/carbon/k8s/base/cluster-autoscaler/kustomization.yaml +17 -0
- package/carbon/k8s/base/cluster-autoscaler/rbac.yaml +109 -0
- package/carbon/k8s/base/config/configmap.yaml +48 -0
- package/carbon/k8s/base/config/kustomization.yaml +8 -0
- package/carbon/k8s/base/hetzner-ccm/kustomization.yaml +9 -0
- package/carbon/k8s/base/hetzner-csi/kustomization.yaml +9 -0
- package/carbon/k8s/base/kustomization.yaml +43 -0
- package/carbon/k8s/base/namespace.yaml +7 -0
- package/carbon/k8s/base/network-policies.yaml +95 -0
- package/carbon/k8s/base/registry/kustomization.yaml +5 -0
- package/carbon/k8s/base/registry/local-registry.yaml +193 -0
- package/carbon/k8s/base/traefik/certificate.yaml +21 -0
- package/carbon/k8s/base/traefik/configmap.yaml +13 -0
- package/carbon/k8s/base/traefik/deployment.yaml +165 -0
- package/carbon/k8s/base/traefik/ingressroute.yaml +141 -0
- package/carbon/k8s/base/traefik/kustomization.yaml +11 -0
- package/carbon/k8s/base/traefik/middleware.yaml +109 -0
- package/carbon/k8s/base/traefik/network-policy.yaml +92 -0
- package/carbon/k8s/base/traefik/service.yaml +38 -0
- package/carbon/k8s/flux/README.md +49 -0
- package/carbon/k8s/flux/clusters/primary/vibecarbon.yaml +128 -0
- package/carbon/k8s/flux/clusters/standby/vibecarbon.yaml +83 -0
- package/carbon/k8s/gitops/cert-manager-webhook-hetzner/helm-release.yaml +38 -0
- package/carbon/k8s/gitops/cert-manager-webhook-hetzner/helm-repository.yaml +16 -0
- package/carbon/k8s/gitops/cert-manager-webhook-hetzner/kustomization.yaml +10 -0
- package/carbon/k8s/gitops/supabase/helm-release.yaml +66 -0
- package/carbon/k8s/gitops/supabase/helm-repository.yaml +18 -0
- package/carbon/k8s/gitops/supabase/kustomization.yaml +33 -0
- package/carbon/k8s/infra/cert-manager-resources/cluster-issuers-cloudflare.yaml +51 -0
- package/carbon/k8s/infra/cert-manager-resources/cluster-issuers-hetzner.yaml +59 -0
- package/carbon/k8s/infra/cert-manager-resources/cluster-issuers-manual.yaml +43 -0
- package/carbon/k8s/infra/cert-manager-resources/kustomization.yaml +15 -0
- package/carbon/k8s/infra/kustomization.yaml +21 -0
- package/carbon/k8s/infra/traefik-crds/kustomization.yaml +10 -0
- package/carbon/k8s/overlays/local/configmap.yaml +23 -0
- package/carbon/k8s/overlays/local/ingressroute-studio.yaml +104 -0
- package/carbon/k8s/overlays/local/kustomization.yaml +215 -0
- package/carbon/k8s/overlays/local/namespace.yaml +8 -0
- package/carbon/k8s/overlays/local/secrets.yaml +32 -0
- package/carbon/k8s/overlays/production/kustomization.yaml +34 -0
- package/carbon/k8s/test-local.sh +318 -0
- package/carbon/k8s/values/supabase.values.yaml +133 -0
- package/carbon/package.json +154 -0
- package/carbon/runtime.Dockerfile +17 -0
- package/carbon/scripts/_dev-jwt.mjs +45 -0
- package/carbon/scripts/check-rls.ts +53 -0
- package/carbon/scripts/dev-init.js +191 -0
- package/carbon/scripts/dev.js +191 -0
- package/carbon/scripts/docker-down.js +63 -0
- package/carbon/scripts/docker-logs.js +59 -0
- package/carbon/scripts/docker-up.js +222 -0
- package/carbon/scripts/generate-dev-configs.sh +131 -0
- package/carbon/scripts/generate-rss.ts +116 -0
- package/carbon/scripts/generate-sitemap.ts +102 -0
- package/carbon/scripts/k8s-apply.js +71 -0
- package/carbon/scripts/k8s-delete.js +75 -0
- package/carbon/scripts/lib/manifest.js +176 -0
- package/carbon/scripts/secret-scan.mjs +278 -0
- package/carbon/scripts/validate-dev-configs.sh +101 -0
- package/carbon/src/client/App.tsx +202 -0
- package/carbon/src/client/assets/hyperformant-dark.svg +29 -0
- package/carbon/src/client/assets/hyperformant-light.svg +29 -0
- package/carbon/src/client/assets/logos/aider.svg +1 -0
- package/carbon/src/client/assets/logos/antigravity.svg +1 -0
- package/carbon/src/client/assets/logos/bolt.svg +1 -0
- package/carbon/src/client/assets/logos/claude-code.svg +1 -0
- package/carbon/src/client/assets/logos/copilot.svg +1 -0
- package/carbon/src/client/assets/logos/cursor.svg +1 -0
- package/carbon/src/client/assets/logos/gemini-cli.svg +1 -0
- package/carbon/src/client/assets/logos/lovable.svg +1 -0
- package/carbon/src/client/assets/logos/openai-codex.svg +1 -0
- package/carbon/src/client/assets/logos/v0.svg +1 -0
- package/carbon/src/client/assets/logos/windsurf.svg +1 -0
- package/carbon/src/client/assets/vibecarbon-icon.svg +19 -0
- package/carbon/src/client/assets/vibecarbon-logo-dark.svg +29 -0
- package/carbon/src/client/assets/vibecarbon-logo-light.svg +29 -0
- package/carbon/src/client/components/AIIntegrationSection.tsx +120 -0
- package/carbon/src/client/components/AppSidebar.tsx +760 -0
- package/carbon/src/client/components/ArchitectureSection.tsx +46 -0
- package/carbon/src/client/components/CTAFooter.tsx +59 -0
- package/carbon/src/client/components/ComparisonSection.tsx +132 -0
- package/carbon/src/client/components/ContentPanel.tsx +66 -0
- package/carbon/src/client/components/ContentSkeleton.tsx +21 -0
- package/carbon/src/client/components/ErrorBoundary.tsx +46 -0
- package/carbon/src/client/components/FAQSection.tsx +76 -0
- package/carbon/src/client/components/FileUpload.tsx +210 -0
- package/carbon/src/client/components/HeaderActions.tsx +17 -0
- package/carbon/src/client/components/Hero.tsx +608 -0
- package/carbon/src/client/components/ImpersonationBanner.tsx +31 -0
- package/carbon/src/client/components/LanguageSwitcher.tsx +67 -0
- package/carbon/src/client/components/Logo.tsx +87 -0
- package/carbon/src/client/components/LogoStrip.tsx +76 -0
- package/carbon/src/client/components/MetricsStrip.tsx +48 -0
- package/carbon/src/client/components/Nav.tsx +195 -0
- package/carbon/src/client/components/NewsletterSignup.tsx +147 -0
- package/carbon/src/client/components/NotificationDrawer.tsx +171 -0
- package/carbon/src/client/components/PageHeader.tsx +24 -0
- package/carbon/src/client/components/PlanGate.tsx +36 -0
- package/carbon/src/client/components/PricingSection.tsx +371 -0
- package/carbon/src/client/components/SEO.tsx +34 -0
- package/carbon/src/client/components/SmoothScroll.tsx +45 -0
- package/carbon/src/client/components/TechStackSection.tsx +165 -0
- package/carbon/src/client/components/WorkflowSection.tsx +604 -0
- package/carbon/src/client/components/admin/DockerLogs.tsx +276 -0
- package/carbon/src/client/components/admin/PerformanceMetrics.tsx +230 -0
- package/carbon/src/client/components/admin/ServiceCard.tsx +45 -0
- package/carbon/src/client/components/admin/ServicesStatus.tsx +296 -0
- package/carbon/src/client/components/architecture/ArchitectureDiagram.tsx +413 -0
- package/carbon/src/client/components/auth/AuthProvider.tsx +466 -0
- package/carbon/src/client/components/effects/FilmGrainOverlay.tsx +35 -0
- package/carbon/src/client/components/effects/FresnelEdge.tsx +49 -0
- package/carbon/src/client/components/effects/GlowTracker.tsx +46 -0
- package/carbon/src/client/components/effects/SparkBurst.tsx +145 -0
- package/carbon/src/client/components/effects/VGlowEffect.tsx +83 -0
- package/carbon/src/client/components/effects/index.ts +2 -0
- package/carbon/src/client/components/layouts/SidebarLayout.tsx +20 -0
- package/carbon/src/client/components/scroll/ScrollSection.tsx +76 -0
- package/carbon/src/client/components/scroll/ScrollytellingProvider.tsx +81 -0
- package/carbon/src/client/components/scroll/index.ts +2 -0
- package/carbon/src/client/components/ui/accordion.tsx +71 -0
- package/carbon/src/client/components/ui/alert-dialog.tsx +162 -0
- package/carbon/src/client/components/ui/alert.tsx +73 -0
- package/carbon/src/client/components/ui/aspect-ratio.tsx +22 -0
- package/carbon/src/client/components/ui/avatar.tsx +91 -0
- package/carbon/src/client/components/ui/badge.tsx +50 -0
- package/carbon/src/client/components/ui/breadcrumb.tsx +100 -0
- package/carbon/src/client/components/ui/button-group.tsx +78 -0
- package/carbon/src/client/components/ui/button.tsx +120 -0
- package/carbon/src/client/components/ui/calendar.tsx +182 -0
- package/carbon/src/client/components/ui/card.tsx +85 -0
- package/carbon/src/client/components/ui/carousel.tsx +227 -0
- package/carbon/src/client/components/ui/chart.tsx +357 -0
- package/carbon/src/client/components/ui/checkbox.tsx +27 -0
- package/carbon/src/client/components/ui/collapsible.tsx +15 -0
- package/carbon/src/client/components/ui/command.tsx +178 -0
- package/carbon/src/client/components/ui/context-menu.tsx +233 -0
- package/carbon/src/client/components/ui/dialog.tsx +132 -0
- package/carbon/src/client/components/ui/drawer.tsx +118 -0
- package/carbon/src/client/components/ui/dropdown-menu.tsx +242 -0
- package/carbon/src/client/components/ui/empty.tsx +94 -0
- package/carbon/src/client/components/ui/field.tsx +226 -0
- package/carbon/src/client/components/ui/hover-card.tsx +44 -0
- package/carbon/src/client/components/ui/input-group.tsx +146 -0
- package/carbon/src/client/components/ui/input-otp.tsx +83 -0
- package/carbon/src/client/components/ui/input.tsx +20 -0
- package/carbon/src/client/components/ui/item.tsx +188 -0
- package/carbon/src/client/components/ui/kbd.tsx +26 -0
- package/carbon/src/client/components/ui/label.tsx +21 -0
- package/carbon/src/client/components/ui/menubar.tsx +250 -0
- package/carbon/src/client/components/ui/navigation-menu.tsx +155 -0
- package/carbon/src/client/components/ui/pagination.tsx +102 -0
- package/carbon/src/client/components/ui/popover.tsx +75 -0
- package/carbon/src/client/components/ui/progress.tsx +66 -0
- package/carbon/src/client/components/ui/radio-group.tsx +36 -0
- package/carbon/src/client/components/ui/resizable.tsx +46 -0
- package/carbon/src/client/components/ui/scroll-area.tsx +48 -0
- package/carbon/src/client/components/ui/select.tsx +186 -0
- package/carbon/src/client/components/ui/separator.tsx +21 -0
- package/carbon/src/client/components/ui/sheet.tsx +124 -0
- package/carbon/src/client/components/ui/sidebar.tsx +702 -0
- package/carbon/src/client/components/ui/skeleton.tsx +13 -0
- package/carbon/src/client/components/ui/slider.tsx +57 -0
- package/carbon/src/client/components/ui/sonner.tsx +45 -0
- package/carbon/src/client/components/ui/spinner.tsx +15 -0
- package/carbon/src/client/components/ui/switch.tsx +30 -0
- package/carbon/src/client/components/ui/table.tsx +89 -0
- package/carbon/src/client/components/ui/tabs.tsx +73 -0
- package/carbon/src/client/components/ui/textarea.tsx +18 -0
- package/carbon/src/client/components/ui/toggle-group.tsx +87 -0
- package/carbon/src/client/components/ui/toggle.tsx +44 -0
- package/carbon/src/client/components/ui/tooltip.tsx +56 -0
- package/carbon/src/client/hooks/api/index.ts +14 -0
- package/carbon/src/client/hooks/api/useAuthSettings.ts +80 -0
- package/carbon/src/client/hooks/api/useSubscription.ts +87 -0
- package/carbon/src/client/hooks/use-mobile.ts +21 -0
- package/carbon/src/client/hooks/useMousePosition.ts +91 -0
- package/carbon/src/client/hooks/useNotifications.tsx +124 -0
- package/carbon/src/client/hooks/useOrganizationMembers.ts +127 -0
- package/carbon/src/client/hooks/useOrganizations.tsx +230 -0
- package/carbon/src/client/hooks/usePackageManager.ts +69 -0
- package/carbon/src/client/hooks/useReducedMotion.ts +20 -0
- package/carbon/src/client/hooks/useRunningServices.ts +114 -0
- package/carbon/src/client/hooks/useScrollProgress.ts +56 -0
- package/carbon/src/client/index.css +467 -0
- package/carbon/src/client/index.html +56 -0
- package/carbon/src/client/lib/admin-services.ts +151 -0
- package/carbon/src/client/lib/api.ts +32 -0
- package/carbon/src/client/lib/blog.ts +35 -0
- package/carbon/src/client/lib/changelog.ts +33 -0
- package/carbon/src/client/lib/docs-search.ts +101 -0
- package/carbon/src/client/lib/docs.ts +37 -0
- package/carbon/src/client/lib/i18n.ts +32 -0
- package/carbon/src/client/lib/supabase.ts +72 -0
- package/carbon/src/client/lib/tailwind-colors.ts +357 -0
- package/carbon/src/client/lib/theme.ts +117 -0
- package/carbon/src/client/lib/utils.ts +22 -0
- package/carbon/src/client/locales/de.json +529 -0
- package/carbon/src/client/locales/en.json +461 -0
- package/carbon/src/client/locales/es.json +529 -0
- package/carbon/src/client/locales/fr.json +529 -0
- package/carbon/src/client/locales/pt.json +529 -0
- package/carbon/src/client/main.tsx +56 -0
- package/carbon/src/client/mdx.d.ts +13 -0
- package/carbon/src/client/pages/ApiDocs.tsx +76 -0
- package/carbon/src/client/pages/AuthCallback.tsx +34 -0
- package/carbon/src/client/pages/Blog.tsx +167 -0
- package/carbon/src/client/pages/Changelog.tsx +171 -0
- package/carbon/src/client/pages/Charts.tsx +388 -0
- package/carbon/src/client/pages/Checkout.tsx +227 -0
- package/carbon/src/client/pages/Contact.tsx +174 -0
- package/carbon/src/client/pages/Dashboard.tsx +368 -0
- package/carbon/src/client/pages/Docs.tsx +372 -0
- package/carbon/src/client/pages/ForgotPassword.tsx +111 -0
- package/carbon/src/client/pages/Home.tsx +187 -0
- package/carbon/src/client/pages/Legal.tsx +100 -0
- package/carbon/src/client/pages/Login.tsx +408 -0
- package/carbon/src/client/pages/MFAVerify.tsx +156 -0
- package/carbon/src/client/pages/NotFound.tsx +21 -0
- package/carbon/src/client/pages/Onboarding.tsx +246 -0
- package/carbon/src/client/pages/ResetPassword.tsx +200 -0
- package/carbon/src/client/pages/UIComponents.tsx +390 -0
- package/carbon/src/client/pages/admin/ContactSubmissions.tsx +220 -0
- package/carbon/src/client/pages/admin/Dashboard.tsx +24 -0
- package/carbon/src/client/pages/admin/Infrastructure.tsx +257 -0
- package/carbon/src/client/pages/admin/Jobs.tsx +225 -0
- package/carbon/src/client/pages/admin/Logs.tsx +18 -0
- package/carbon/src/client/pages/admin/Newsletter.tsx +300 -0
- package/carbon/src/client/pages/admin/Notifications.tsx +603 -0
- package/carbon/src/client/pages/admin/Organizations.tsx +306 -0
- package/carbon/src/client/pages/admin/Settings.tsx +314 -0
- package/carbon/src/client/pages/admin/Theme.tsx +465 -0
- package/carbon/src/client/pages/admin/Users.tsx +365 -0
- package/carbon/src/client/pages/api-docs.css +156 -0
- package/carbon/src/client/pages/organizations/Details.tsx +200 -0
- package/carbon/src/client/pages/organizations/Members.tsx +402 -0
- package/carbon/src/client/pages/settings/Billing.tsx +473 -0
- package/carbon/src/client/pages/settings/Profile.tsx +160 -0
- package/carbon/src/client/pages/settings/Security.tsx +341 -0
- package/carbon/src/client/public/favicon.svg +19 -0
- package/carbon/src/client/public/robots.txt +8 -0
- package/carbon/src/server/billing/index.ts +104 -0
- package/carbon/src/server/billing/provider.ts +81 -0
- package/carbon/src/server/billing/providers/paddle.ts +314 -0
- package/carbon/src/server/billing/providers/polar.ts +325 -0
- package/carbon/src/server/billing/providers/stripe.ts +233 -0
- package/carbon/src/server/emails/templates.ts +116 -0
- package/carbon/src/server/index.ts +554 -0
- package/carbon/src/server/lib/auth.ts +6 -0
- package/carbon/src/server/lib/email.ts +64 -0
- package/carbon/src/server/lib/env.ts +112 -0
- package/carbon/src/server/lib/errors.ts +21 -0
- package/carbon/src/server/lib/logger.ts +17 -0
- package/carbon/src/server/lib/rate-limiter.ts +288 -0
- package/carbon/src/server/lib/request.ts +34 -0
- package/carbon/src/server/lib/stripe.ts +42 -0
- package/carbon/src/server/lib/supabase.ts +65 -0
- package/carbon/src/server/middleware/requirePlan.ts +80 -0
- package/carbon/src/server/routes/_internal/services-status.ts +958 -0
- package/carbon/src/server/routes/_internal/verify-role.ts +185 -0
- package/carbon/src/server/routes/health.ts +48 -0
- package/carbon/src/server/routes/v1/admin/contact.ts +128 -0
- package/carbon/src/server/routes/v1/admin/jobs.ts +171 -0
- package/carbon/src/server/routes/v1/admin/newsletter.ts +237 -0
- package/carbon/src/server/routes/v1/auth.ts +390 -0
- package/carbon/src/server/routes/v1/billing.ts +718 -0
- package/carbon/src/server/routes/v1/contact.ts +93 -0
- package/carbon/src/server/routes/v1/index.ts +1333 -0
- package/carbon/src/server/routes/v1/newsletter.ts +181 -0
- package/carbon/src/server/routes/v1/performance.ts +157 -0
- package/carbon/src/server/routes/v1/stats.ts +170 -0
- package/carbon/src/server/routes/v1/theme.ts +106 -0
- package/carbon/src/server/routes/webhooks/billing.ts +376 -0
- package/carbon/src/server/routes/webhooks/stripe.ts +276 -0
- package/carbon/src/server/types.ts +11 -0
- package/carbon/src/shared/pricing.ts +155 -0
- package/carbon/src/shared/types.ts +338 -0
- package/carbon/supabase/migrations/00001_init.sql +717 -0
- package/carbon/supabase/migrations/00002_theme_settings.sql +13 -0
- package/carbon/supabase/migrations/00003_pg_cron.sql +121 -0
- package/carbon/supabase/migrations/00004_contact_newsletter.sql +81 -0
- package/carbon/supabase/migrations/00005_localization_languages.sql +22 -0
- package/carbon/supabase/seed.sql +16 -0
- package/carbon/tests/_helpers/app.ts +45 -0
- package/carbon/tests/_helpers/env.ts +37 -0
- package/carbon/tests/_helpers/factories.ts +69 -0
- package/carbon/tests/_helpers/jwt.ts +23 -0
- package/carbon/tests/_helpers/setup-integration.ts +20 -0
- package/carbon/tests/_helpers/setup-rtl.ts +12 -0
- package/carbon/tests/component/ErrorBoundary.test.tsx +53 -0
- package/carbon/tests/component/use-auth-settings.test.tsx +119 -0
- package/carbon/tests/integration/server/routes/contact.test.ts +162 -0
- package/carbon/tests/integration/server/routes/health.test.ts +61 -0
- package/carbon/tests/structural/i18n-parity.test.ts +42 -0
- package/carbon/tests/unit/client/utils.test.ts +49 -0
- package/carbon/tests/unit/shared/pricing.test.ts +93 -0
- package/carbon/tsconfig.json +27 -0
- package/carbon/tsconfig.server.json +27 -0
- package/carbon/tsconfig.test.json +9 -0
- package/carbon/vite.config.ts +110 -0
- package/carbon/vitest.config.ts +74 -0
- package/carbon/volumes/db/jwt.sql +57 -0
- package/carbon/volumes/db/metabase-init.sh +29 -0
- package/carbon/volumes/db/n8n-init.sh +25 -0
- package/carbon/volumes/db/realtime.sql +33 -0
- package/carbon/volumes/db/roles.sql +93 -0
- package/carbon/volumes/db/set-passwords.sh +12 -0
- package/carbon/volumes/db/super-admin.dev.sql +113 -0
- package/carbon/volumes/db/super-admin.generated.sql +113 -0
- package/carbon/volumes/db/super-admin.sql +114 -0
- package/carbon/volumes/grafana/dashboards/logs.json +179 -0
- package/carbon/volumes/grafana/dashboards/overview.json +523 -0
- package/carbon/volumes/grafana/dashboards/postgresql.json +337 -0
- package/carbon/volumes/grafana/dashboards.dev/logs.json +179 -0
- package/carbon/volumes/grafana/dashboards.dev/overview.json +156 -0
- package/carbon/volumes/grafana/dashboards.dev/postgresql.json +337 -0
- package/carbon/volumes/grafana/provisioning/dashboards/dashboards.dev.yml +16 -0
- package/carbon/volumes/grafana/provisioning/dashboards/dashboards.yml +16 -0
- package/carbon/volumes/grafana/provisioning/datasources/datasources.yml +43 -0
- package/carbon/volumes/kong/docker-entrypoint.sh +9 -0
- package/carbon/volumes/kong/kong.yml +208 -0
- package/carbon/volumes/loki/loki-config.yml +58 -0
- package/carbon/volumes/n8n/hooks.js +131 -0
- package/carbon/volumes/n8n/scripts/setup.sh +66 -0
- package/carbon/volumes/prometheus/prometheus.yml +43 -0
- package/carbon/volumes/promtail/promtail-config.yml +64 -0
- package/carbon/volumes/traefik/middlewares.dev.yml +83 -0
- package/carbon/volumes/traefik/middlewares.yml +95 -0
- package/carbon/volumes/traefik/vite-dev.yml +20 -0
- package/package.json +95 -0
- package/src/access.js +354 -0
- package/src/activate.js +187 -0
- package/src/add.js +718 -0
- package/src/backup.js +786 -0
- package/src/cli.js +350 -0
- package/src/configure.js +967 -0
- package/src/console.js +155 -0
- package/src/create.js +1499 -0
- package/src/deploy.js +311 -0
- package/src/destroy.js +2033 -0
- package/src/diagnose.js +735 -0
- package/src/down.js +80 -0
- package/src/failover.js +1032 -0
- package/src/lib/backup-s3.js +179 -0
- package/src/lib/build.js +33 -0
- package/src/lib/checksum.js +28 -0
- package/src/lib/ci-setup.js +666 -0
- package/src/lib/cli/help.js +129 -0
- package/src/lib/cli/parse-flags.js +160 -0
- package/src/lib/cli/select-action.js +65 -0
- package/src/lib/cli/select-environment.js +108 -0
- package/src/lib/cli/tty-guard.js +75 -0
- package/src/lib/cloudflare.js +447 -0
- package/src/lib/colors.js +52 -0
- package/src/lib/command.js +361 -0
- package/src/lib/config.js +359 -0
- package/src/lib/cost.js +103 -0
- package/src/lib/deploy/bundle.js +231 -0
- package/src/lib/deploy/compose/acme-verify.js +121 -0
- package/src/lib/deploy/compose/build-args.js +78 -0
- package/src/lib/deploy/compose/ha.js +1874 -0
- package/src/lib/deploy/compose/index.js +1294 -0
- package/src/lib/deploy/compose/reconcile.js +74 -0
- package/src/lib/deploy/github.js +382 -0
- package/src/lib/deploy/image.js +191 -0
- package/src/lib/deploy/index.js +119 -0
- package/src/lib/deploy/k8s/LICENSE +99 -0
- package/src/lib/deploy/k8s/gitops-deploy.js +298 -0
- package/src/lib/deploy/k8s/ha/index.js +1000 -0
- package/src/lib/deploy/k8s/index.js +62 -0
- package/src/lib/deploy/k8s/k3s.js +2515 -0
- package/src/lib/deploy/orchestrator.js +1401 -0
- package/src/lib/deploy/prompts.js +545 -0
- package/src/lib/deploy/remote-build.js +130 -0
- package/src/lib/deploy/state.js +120 -0
- package/src/lib/deploy/utils.js +328 -0
- package/src/lib/deploy-logger.js +93 -0
- package/src/lib/dns-propagation.js +48 -0
- package/src/lib/environment.js +58 -0
- package/src/lib/fetch-retry.js +103 -0
- package/src/lib/github-environments.js +335 -0
- package/src/lib/hetzner-dns.js +377 -0
- package/src/lib/hetzner-guided-setup.js +275 -0
- package/src/lib/host-keys.js +37 -0
- package/src/lib/iac/cloud-init.js +52 -0
- package/src/lib/iac/index.js +325 -0
- package/src/lib/iac/programs/hetzner-compose.js +130 -0
- package/src/lib/iac/programs/hetzner-k8s.js +320 -0
- package/src/lib/kubectl.js +81 -0
- package/src/lib/licensing/index.js +259 -0
- package/src/lib/licensing/tiers.js +181 -0
- package/src/lib/licensing/validator.js +171 -0
- package/src/lib/merge-package-json.js +90 -0
- package/src/lib/operator-ip.js +381 -0
- package/src/lib/package-manager.js +111 -0
- package/src/lib/perf.js +71 -0
- package/src/lib/project-guard.js +39 -0
- package/src/lib/project.js +334 -0
- package/src/lib/providers/base.js +276 -0
- package/src/lib/providers/hetzner-s3.js +656 -0
- package/src/lib/providers/hetzner.js +755 -0
- package/src/lib/providers/index.js +164 -0
- package/src/lib/s3.js +510 -0
- package/src/lib/secret-scan.js +583 -0
- package/src/lib/secrets.js +63 -0
- package/src/lib/server-types.js +195 -0
- package/src/lib/shell.js +91 -0
- package/src/lib/ssh.js +241 -0
- package/src/lib/tracker.js +242 -0
- package/src/lib/upgrade-policy.js +170 -0
- package/src/lib/validators.js +105 -0
- package/src/lib/version.js +5 -0
- package/src/remove.js +292 -0
- package/src/reset.js +97 -0
- package/src/restore.js +871 -0
- package/src/scale.js +1734 -0
- package/src/shell.js +222 -0
- package/src/status.js +981 -0
- package/src/up.js +264 -0
- package/src/upgrade.js +721 -0
|
@@ -0,0 +1,57 @@
|
|
|
1
|
+
-- JWT Functions for Supabase
|
|
2
|
+
-- These functions are used by PostgREST and RLS policies
|
|
3
|
+
|
|
4
|
+
-- Create extensions schema if not exists
|
|
5
|
+
CREATE SCHEMA IF NOT EXISTS extensions;
|
|
6
|
+
|
|
7
|
+
-- Function to get current user ID from JWT
|
|
8
|
+
CREATE OR REPLACE FUNCTION auth.uid()
|
|
9
|
+
RETURNS uuid
|
|
10
|
+
LANGUAGE sql
|
|
11
|
+
STABLE
|
|
12
|
+
AS $$
|
|
13
|
+
SELECT NULLIF(
|
|
14
|
+
COALESCE(
|
|
15
|
+
current_setting('request.jwt.claim.sub', true),
|
|
16
|
+
current_setting('request.jwt.claims', true)::json->>'sub'
|
|
17
|
+
),
|
|
18
|
+
''
|
|
19
|
+
)::uuid
|
|
20
|
+
$$;
|
|
21
|
+
|
|
22
|
+
-- Function to get current user role from JWT
|
|
23
|
+
CREATE OR REPLACE FUNCTION auth.role()
|
|
24
|
+
RETURNS text
|
|
25
|
+
LANGUAGE sql
|
|
26
|
+
STABLE
|
|
27
|
+
AS $$
|
|
28
|
+
SELECT COALESCE(
|
|
29
|
+
current_setting('request.jwt.claim.role', true),
|
|
30
|
+
current_setting('request.jwt.claims', true)::json->>'role'
|
|
31
|
+
)::text
|
|
32
|
+
$$;
|
|
33
|
+
|
|
34
|
+
-- Function to get current user email from JWT
|
|
35
|
+
CREATE OR REPLACE FUNCTION auth.email()
|
|
36
|
+
RETURNS text
|
|
37
|
+
LANGUAGE sql
|
|
38
|
+
STABLE
|
|
39
|
+
AS $$
|
|
40
|
+
SELECT COALESCE(
|
|
41
|
+
current_setting('request.jwt.claim.email', true),
|
|
42
|
+
current_setting('request.jwt.claims', true)::json->>'email'
|
|
43
|
+
)::text
|
|
44
|
+
$$;
|
|
45
|
+
|
|
46
|
+
-- Note: auth.jwt() function is created by GoTrue during its migrations
|
|
47
|
+
-- We don't create it here to avoid ownership conflicts
|
|
48
|
+
|
|
49
|
+
-- Transfer ownership to supabase_auth_admin so GoTrue can manage these functions
|
|
50
|
+
ALTER FUNCTION auth.uid() OWNER TO supabase_auth_admin;
|
|
51
|
+
ALTER FUNCTION auth.role() OWNER TO supabase_auth_admin;
|
|
52
|
+
ALTER FUNCTION auth.email() OWNER TO supabase_auth_admin;
|
|
53
|
+
|
|
54
|
+
-- Grant execute permissions
|
|
55
|
+
GRANT EXECUTE ON FUNCTION auth.uid() TO anon, authenticated, service_role;
|
|
56
|
+
GRANT EXECUTE ON FUNCTION auth.role() TO anon, authenticated, service_role;
|
|
57
|
+
GRANT EXECUTE ON FUNCTION auth.email() TO anon, authenticated, service_role;
|
|
@@ -0,0 +1,29 @@
|
|
|
1
|
+
#!/bin/bash
|
|
2
|
+
set -e
|
|
3
|
+
|
|
4
|
+
# Metabase Database Initialization
|
|
5
|
+
# Creates the metabase database and user for analytics
|
|
6
|
+
# Password is injected from POSTGRES_PASSWORD env var at runtime (never hardcoded)
|
|
7
|
+
|
|
8
|
+
# Create metabase role if it doesn't exist (quoted heredoc — no variable expansion)
|
|
9
|
+
psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<'EOSQL'
|
|
10
|
+
DO $$
|
|
11
|
+
BEGIN
|
|
12
|
+
IF NOT EXISTS (SELECT FROM pg_catalog.pg_roles WHERE rolname = 'metabase') THEN
|
|
13
|
+
CREATE ROLE metabase WITH LOGIN;
|
|
14
|
+
END IF;
|
|
15
|
+
END
|
|
16
|
+
$$;
|
|
17
|
+
EOSQL
|
|
18
|
+
|
|
19
|
+
# Set password and create database (unquoted heredoc — POSTGRES_PASSWORD is expanded)
|
|
20
|
+
psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<EOSQL
|
|
21
|
+
ALTER ROLE metabase WITH PASSWORD '${POSTGRES_PASSWORD}';
|
|
22
|
+
SELECT 'CREATE DATABASE metabase WITH OWNER metabase ENCODING ''UTF8'' TEMPLATE template0'
|
|
23
|
+
WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = 'metabase')\gexec
|
|
24
|
+
GRANT ALL PRIVILEGES ON DATABASE metabase TO metabase;
|
|
25
|
+
GRANT CONNECT ON DATABASE postgres TO metabase;
|
|
26
|
+
GRANT USAGE ON SCHEMA public TO metabase;
|
|
27
|
+
GRANT SELECT ON ALL TABLES IN SCHEMA public TO metabase;
|
|
28
|
+
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT ON TABLES TO metabase;
|
|
29
|
+
EOSQL
|
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
#!/bin/bash
|
|
2
|
+
set -e
|
|
3
|
+
|
|
4
|
+
# n8n Database Initialization
|
|
5
|
+
# Creates dedicated n8n user and database for workflow automation
|
|
6
|
+
# Password is injected from POSTGRES_PASSWORD env var at runtime (never hardcoded)
|
|
7
|
+
|
|
8
|
+
# Create n8n role if it doesn't exist (quoted heredoc — no variable expansion)
|
|
9
|
+
psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<'EOSQL'
|
|
10
|
+
DO $$
|
|
11
|
+
BEGIN
|
|
12
|
+
IF NOT EXISTS (SELECT FROM pg_catalog.pg_roles WHERE rolname = 'n8n') THEN
|
|
13
|
+
CREATE ROLE n8n WITH LOGIN;
|
|
14
|
+
END IF;
|
|
15
|
+
END
|
|
16
|
+
$$;
|
|
17
|
+
EOSQL
|
|
18
|
+
|
|
19
|
+
# Set password and create database (unquoted heredoc — POSTGRES_PASSWORD is expanded)
|
|
20
|
+
psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<EOSQL
|
|
21
|
+
ALTER ROLE n8n WITH PASSWORD '${POSTGRES_PASSWORD}';
|
|
22
|
+
SELECT 'CREATE DATABASE n8n WITH OWNER n8n ENCODING ''UTF8'' TEMPLATE template0'
|
|
23
|
+
WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = 'n8n')\gexec
|
|
24
|
+
GRANT ALL PRIVILEGES ON DATABASE n8n TO n8n;
|
|
25
|
+
EOSQL
|
|
@@ -0,0 +1,33 @@
|
|
|
1
|
+
-- Realtime Schema Setup
|
|
2
|
+
-- This sets up the required schema for Supabase Realtime
|
|
3
|
+
|
|
4
|
+
-- Create realtime schema
|
|
5
|
+
CREATE SCHEMA IF NOT EXISTS _realtime;
|
|
6
|
+
|
|
7
|
+
-- Grant permissions to postgres and supabase_admin (used by Realtime service)
|
|
8
|
+
GRANT USAGE ON SCHEMA _realtime TO postgres, supabase_admin;
|
|
9
|
+
GRANT ALL ON SCHEMA _realtime TO postgres, supabase_admin;
|
|
10
|
+
|
|
11
|
+
-- Create publication for realtime
|
|
12
|
+
DO $$
|
|
13
|
+
BEGIN
|
|
14
|
+
IF NOT EXISTS (SELECT 1 FROM pg_publication WHERE pubname = 'supabase_realtime') THEN
|
|
15
|
+
CREATE PUBLICATION supabase_realtime;
|
|
16
|
+
END IF;
|
|
17
|
+
END
|
|
18
|
+
$$;
|
|
19
|
+
|
|
20
|
+
-- Function to enable realtime for a table
|
|
21
|
+
CREATE OR REPLACE FUNCTION _realtime.enable_table(table_name text)
|
|
22
|
+
RETURNS void
|
|
23
|
+
LANGUAGE plpgsql
|
|
24
|
+
SECURITY DEFINER
|
|
25
|
+
SET search_path = ''
|
|
26
|
+
AS $$
|
|
27
|
+
BEGIN
|
|
28
|
+
EXECUTE format('ALTER PUBLICATION supabase_realtime ADD TABLE %I', table_name);
|
|
29
|
+
END;
|
|
30
|
+
$$;
|
|
31
|
+
|
|
32
|
+
-- Grant execute permission
|
|
33
|
+
GRANT EXECUTE ON FUNCTION _realtime.enable_table(text) TO postgres, supabase_admin;
|
|
@@ -0,0 +1,93 @@
|
|
|
1
|
+
-- Supabase Roles Setup
|
|
2
|
+
-- Creates required roles and grants for Supabase services
|
|
3
|
+
-- Passwords are set separately by set-passwords.sh (never hardcoded in SQL)
|
|
4
|
+
|
|
5
|
+
-- Drop auth.jwt() if it exists - GoTrue will recreate it with correct return type (jsonb)
|
|
6
|
+
DROP FUNCTION IF EXISTS auth.jwt();
|
|
7
|
+
|
|
8
|
+
-- Create roles if they don't exist (fallback for non-Supabase postgres images)
|
|
9
|
+
DO $$
|
|
10
|
+
BEGIN
|
|
11
|
+
-- anon role (for anonymous access)
|
|
12
|
+
IF NOT EXISTS (SELECT FROM pg_catalog.pg_roles WHERE rolname = 'anon') THEN
|
|
13
|
+
CREATE ROLE anon NOLOGIN NOINHERIT;
|
|
14
|
+
END IF;
|
|
15
|
+
|
|
16
|
+
-- authenticated role (for logged-in users)
|
|
17
|
+
IF NOT EXISTS (SELECT FROM pg_catalog.pg_roles WHERE rolname = 'authenticated') THEN
|
|
18
|
+
CREATE ROLE authenticated NOLOGIN NOINHERIT;
|
|
19
|
+
END IF;
|
|
20
|
+
|
|
21
|
+
-- service_role (for server-side operations)
|
|
22
|
+
IF NOT EXISTS (SELECT FROM pg_catalog.pg_roles WHERE rolname = 'service_role') THEN
|
|
23
|
+
CREATE ROLE service_role NOLOGIN NOINHERIT BYPASSRLS;
|
|
24
|
+
END IF;
|
|
25
|
+
|
|
26
|
+
-- authenticator role (PostgREST uses this)
|
|
27
|
+
IF NOT EXISTS (SELECT FROM pg_catalog.pg_roles WHERE rolname = 'authenticator') THEN
|
|
28
|
+
CREATE ROLE authenticator NOINHERIT LOGIN;
|
|
29
|
+
END IF;
|
|
30
|
+
|
|
31
|
+
-- supabase_admin role
|
|
32
|
+
IF NOT EXISTS (SELECT FROM pg_catalog.pg_roles WHERE rolname = 'supabase_admin') THEN
|
|
33
|
+
CREATE ROLE supabase_admin LOGIN;
|
|
34
|
+
END IF;
|
|
35
|
+
|
|
36
|
+
-- supabase_auth_admin role (for GoTrue)
|
|
37
|
+
IF NOT EXISTS (SELECT FROM pg_catalog.pg_roles WHERE rolname = 'supabase_auth_admin') THEN
|
|
38
|
+
CREATE ROLE supabase_auth_admin NOINHERIT CREATEROLE LOGIN;
|
|
39
|
+
END IF;
|
|
40
|
+
|
|
41
|
+
-- supabase_storage_admin role (for Storage)
|
|
42
|
+
IF NOT EXISTS (SELECT FROM pg_catalog.pg_roles WHERE rolname = 'supabase_storage_admin') THEN
|
|
43
|
+
CREATE ROLE supabase_storage_admin NOINHERIT CREATEROLE LOGIN;
|
|
44
|
+
END IF;
|
|
45
|
+
END
|
|
46
|
+
$$;
|
|
47
|
+
|
|
48
|
+
-- Grant role memberships
|
|
49
|
+
GRANT anon TO authenticator;
|
|
50
|
+
GRANT authenticated TO authenticator;
|
|
51
|
+
GRANT service_role TO authenticator;
|
|
52
|
+
GRANT supabase_admin TO authenticator;
|
|
53
|
+
|
|
54
|
+
-- Grant schema permissions (principle of least privilege)
|
|
55
|
+
GRANT USAGE ON SCHEMA public TO anon, authenticated, service_role;
|
|
56
|
+
|
|
57
|
+
-- anon role: must be granted access explicitly per table via RLS
|
|
58
|
+
GRANT SELECT ON ALL SEQUENCES IN SCHEMA public TO anon;
|
|
59
|
+
|
|
60
|
+
-- authenticated role: SELECT, INSERT, UPDATE, DELETE (controlled by RLS)
|
|
61
|
+
GRANT SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA public TO authenticated;
|
|
62
|
+
GRANT USAGE ON ALL SEQUENCES IN SCHEMA public TO authenticated;
|
|
63
|
+
|
|
64
|
+
-- service_role: ALL (bypasses RLS - use carefully)
|
|
65
|
+
GRANT ALL ON ALL TABLES IN SCHEMA public TO service_role;
|
|
66
|
+
GRANT ALL ON ALL SEQUENCES IN SCHEMA public TO service_role;
|
|
67
|
+
GRANT ALL ON ALL ROUTINES IN SCHEMA public TO service_role;
|
|
68
|
+
|
|
69
|
+
-- Default privileges for future objects
|
|
70
|
+
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT, INSERT, UPDATE, DELETE ON TABLES TO authenticated;
|
|
71
|
+
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL ON TABLES TO service_role;
|
|
72
|
+
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT USAGE ON SEQUENCES TO authenticated;
|
|
73
|
+
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL ON SEQUENCES TO service_role;
|
|
74
|
+
|
|
75
|
+
-- Create auth schema for GoTrue (or fix ownership if it already exists)
|
|
76
|
+
CREATE SCHEMA IF NOT EXISTS auth AUTHORIZATION supabase_auth_admin;
|
|
77
|
+
ALTER SCHEMA auth OWNER TO supabase_auth_admin;
|
|
78
|
+
GRANT ALL ON SCHEMA auth TO supabase_auth_admin;
|
|
79
|
+
GRANT USAGE ON SCHEMA auth TO anon, authenticated, service_role;
|
|
80
|
+
|
|
81
|
+
-- Create storage schema for Storage (or fix ownership if it already exists)
|
|
82
|
+
CREATE SCHEMA IF NOT EXISTS storage AUTHORIZATION supabase_storage_admin;
|
|
83
|
+
ALTER SCHEMA storage OWNER TO supabase_storage_admin;
|
|
84
|
+
GRANT ALL ON SCHEMA storage TO supabase_storage_admin;
|
|
85
|
+
GRANT USAGE ON SCHEMA storage TO anon, authenticated, service_role;
|
|
86
|
+
|
|
87
|
+
-- Create extensions
|
|
88
|
+
CREATE EXTENSION IF NOT EXISTS "uuid-ossp" WITH SCHEMA extensions;
|
|
89
|
+
CREATE EXTENSION IF NOT EXISTS pgcrypto WITH SCHEMA extensions;
|
|
90
|
+
CREATE EXTENSION IF NOT EXISTS pgjwt WITH SCHEMA extensions;
|
|
91
|
+
|
|
92
|
+
-- Ensure service_role has BYPASSRLS
|
|
93
|
+
ALTER ROLE service_role WITH BYPASSRLS;
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
#!/bin/bash
|
|
2
|
+
set -e
|
|
3
|
+
|
|
4
|
+
# Set passwords for Supabase service roles from POSTGRES_PASSWORD env var.
|
|
5
|
+
# Mounted at /docker-entrypoint-initdb.d/zz-set-passwords.sh (top level)
|
|
6
|
+
# so the standard postgres entrypoint runs it AFTER migrate.sh creates the roles.
|
|
7
|
+
|
|
8
|
+
psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<EOSQL
|
|
9
|
+
ALTER ROLE authenticator WITH PASSWORD '${POSTGRES_PASSWORD}';
|
|
10
|
+
ALTER ROLE supabase_auth_admin WITH PASSWORD '${POSTGRES_PASSWORD}';
|
|
11
|
+
ALTER ROLE supabase_storage_admin WITH PASSWORD '${POSTGRES_PASSWORD}';
|
|
12
|
+
EOSQL
|
|
@@ -0,0 +1,113 @@
|
|
|
1
|
+
-- Create initial admin user in auth.users (Development Version)
|
|
2
|
+
-- Uses credentials provided during `vibecarbon create`
|
|
3
|
+
|
|
4
|
+
DO $$
|
|
5
|
+
DECLARE
|
|
6
|
+
admin_email TEXT := '{{ADMIN_EMAIL}}';
|
|
7
|
+
admin_password_hash TEXT := '{{ADMIN_PASSWORD_HASH}}';
|
|
8
|
+
new_user_id UUID;
|
|
9
|
+
BEGIN
|
|
10
|
+
-- Only create if admin email is provided and not empty
|
|
11
|
+
IF admin_email IS NOT NULL AND admin_email != '' THEN
|
|
12
|
+
|
|
13
|
+
-- Check if user already exists
|
|
14
|
+
IF NOT EXISTS (SELECT 1 FROM auth.users WHERE email = admin_email) THEN
|
|
15
|
+
-- Generate a new UUID for the user
|
|
16
|
+
new_user_id := gen_random_uuid();
|
|
17
|
+
|
|
18
|
+
-- Create admin user with bcrypt-hashed password
|
|
19
|
+
-- Note: GoTrue expects token columns to be empty strings, not NULL
|
|
20
|
+
INSERT INTO auth.users (
|
|
21
|
+
instance_id,
|
|
22
|
+
id,
|
|
23
|
+
aud,
|
|
24
|
+
role,
|
|
25
|
+
email,
|
|
26
|
+
encrypted_password,
|
|
27
|
+
email_confirmed_at,
|
|
28
|
+
confirmation_sent_at,
|
|
29
|
+
raw_app_meta_data,
|
|
30
|
+
raw_user_meta_data,
|
|
31
|
+
created_at,
|
|
32
|
+
updated_at,
|
|
33
|
+
confirmation_token,
|
|
34
|
+
recovery_token,
|
|
35
|
+
email_change_token_new,
|
|
36
|
+
email_change_token_current,
|
|
37
|
+
email_change,
|
|
38
|
+
phone,
|
|
39
|
+
phone_change,
|
|
40
|
+
phone_change_token,
|
|
41
|
+
reauthentication_token
|
|
42
|
+
) VALUES (
|
|
43
|
+
'00000000-0000-0000-0000-000000000000',
|
|
44
|
+
new_user_id,
|
|
45
|
+
'authenticated',
|
|
46
|
+
'authenticated',
|
|
47
|
+
admin_email,
|
|
48
|
+
admin_password_hash,
|
|
49
|
+
NOW(),
|
|
50
|
+
NOW(),
|
|
51
|
+
jsonb_build_object(
|
|
52
|
+
'provider', 'email',
|
|
53
|
+
'providers', ARRAY['email'],
|
|
54
|
+
'role', 'super_admin'
|
|
55
|
+
),
|
|
56
|
+
'{"onboarding_completed": true}'::jsonb,
|
|
57
|
+
NOW(),
|
|
58
|
+
NOW(),
|
|
59
|
+
'',
|
|
60
|
+
'',
|
|
61
|
+
'',
|
|
62
|
+
'',
|
|
63
|
+
'',
|
|
64
|
+
'',
|
|
65
|
+
'',
|
|
66
|
+
'',
|
|
67
|
+
''
|
|
68
|
+
);
|
|
69
|
+
|
|
70
|
+
-- Create identity record for email provider
|
|
71
|
+
INSERT INTO auth.identities (
|
|
72
|
+
id,
|
|
73
|
+
user_id,
|
|
74
|
+
identity_data,
|
|
75
|
+
provider,
|
|
76
|
+
provider_id,
|
|
77
|
+
last_sign_in_at,
|
|
78
|
+
created_at,
|
|
79
|
+
updated_at
|
|
80
|
+
) VALUES (
|
|
81
|
+
gen_random_uuid(),
|
|
82
|
+
new_user_id,
|
|
83
|
+
jsonb_build_object(
|
|
84
|
+
'sub', new_user_id::text,
|
|
85
|
+
'email', admin_email,
|
|
86
|
+
'email_verified', true
|
|
87
|
+
),
|
|
88
|
+
'email',
|
|
89
|
+
new_user_id::text,
|
|
90
|
+
NOW(),
|
|
91
|
+
NOW(),
|
|
92
|
+
NOW()
|
|
93
|
+
);
|
|
94
|
+
|
|
95
|
+
RAISE NOTICE 'Created dev admin user: % with id: %', admin_email, new_user_id;
|
|
96
|
+
ELSE
|
|
97
|
+
-- Update existing user to have super_admin role if they don't already
|
|
98
|
+
UPDATE auth.users
|
|
99
|
+
SET raw_app_meta_data = raw_app_meta_data || '{"role": "super_admin"}'::jsonb,
|
|
100
|
+
updated_at = NOW()
|
|
101
|
+
WHERE email = admin_email
|
|
102
|
+
AND (raw_app_meta_data->>'role' IS NULL OR raw_app_meta_data->>'role' != 'super_admin');
|
|
103
|
+
|
|
104
|
+
IF FOUND THEN
|
|
105
|
+
RAISE NOTICE 'Updated existing user % to admin role', admin_email;
|
|
106
|
+
ELSE
|
|
107
|
+
RAISE NOTICE 'User % already exists with admin role', admin_email;
|
|
108
|
+
END IF;
|
|
109
|
+
END IF;
|
|
110
|
+
ELSE
|
|
111
|
+
RAISE NOTICE 'Skipping admin user creation - no admin email configured';
|
|
112
|
+
END IF;
|
|
113
|
+
END $$;
|
|
@@ -0,0 +1,113 @@
|
|
|
1
|
+
-- Create initial admin user in auth.users (Development Version)
|
|
2
|
+
-- Uses credentials provided during `vibecarbon create`
|
|
3
|
+
|
|
4
|
+
DO $$
|
|
5
|
+
DECLARE
|
|
6
|
+
admin_email TEXT := 'admin@example.com';
|
|
7
|
+
admin_password_hash TEXT := '$2b$10$OWzZo/eSlFAb2S9oX4Ps5.prj7LzVfAWo7N1cFrL3N8Z3HLUZtvOm';
|
|
8
|
+
new_user_id UUID;
|
|
9
|
+
BEGIN
|
|
10
|
+
-- Only create if admin email is provided and not empty
|
|
11
|
+
IF admin_email IS NOT NULL AND admin_email != '' THEN
|
|
12
|
+
|
|
13
|
+
-- Check if user already exists
|
|
14
|
+
IF NOT EXISTS (SELECT 1 FROM auth.users WHERE email = admin_email) THEN
|
|
15
|
+
-- Generate a new UUID for the user
|
|
16
|
+
new_user_id := gen_random_uuid();
|
|
17
|
+
|
|
18
|
+
-- Create admin user with bcrypt-hashed password
|
|
19
|
+
-- Note: GoTrue expects token columns to be empty strings, not NULL
|
|
20
|
+
INSERT INTO auth.users (
|
|
21
|
+
instance_id,
|
|
22
|
+
id,
|
|
23
|
+
aud,
|
|
24
|
+
role,
|
|
25
|
+
email,
|
|
26
|
+
encrypted_password,
|
|
27
|
+
email_confirmed_at,
|
|
28
|
+
confirmation_sent_at,
|
|
29
|
+
raw_app_meta_data,
|
|
30
|
+
raw_user_meta_data,
|
|
31
|
+
created_at,
|
|
32
|
+
updated_at,
|
|
33
|
+
confirmation_token,
|
|
34
|
+
recovery_token,
|
|
35
|
+
email_change_token_new,
|
|
36
|
+
email_change_token_current,
|
|
37
|
+
email_change,
|
|
38
|
+
phone,
|
|
39
|
+
phone_change,
|
|
40
|
+
phone_change_token,
|
|
41
|
+
reauthentication_token
|
|
42
|
+
) VALUES (
|
|
43
|
+
'00000000-0000-0000-0000-000000000000',
|
|
44
|
+
new_user_id,
|
|
45
|
+
'authenticated',
|
|
46
|
+
'authenticated',
|
|
47
|
+
admin_email,
|
|
48
|
+
admin_password_hash,
|
|
49
|
+
NOW(),
|
|
50
|
+
NOW(),
|
|
51
|
+
jsonb_build_object(
|
|
52
|
+
'provider', 'email',
|
|
53
|
+
'providers', ARRAY['email'],
|
|
54
|
+
'role', 'super_admin'
|
|
55
|
+
),
|
|
56
|
+
'{}'::jsonb,
|
|
57
|
+
NOW(),
|
|
58
|
+
NOW(),
|
|
59
|
+
'',
|
|
60
|
+
'',
|
|
61
|
+
'',
|
|
62
|
+
'',
|
|
63
|
+
'',
|
|
64
|
+
'',
|
|
65
|
+
'',
|
|
66
|
+
'',
|
|
67
|
+
''
|
|
68
|
+
);
|
|
69
|
+
|
|
70
|
+
-- Create identity record for email provider
|
|
71
|
+
INSERT INTO auth.identities (
|
|
72
|
+
id,
|
|
73
|
+
user_id,
|
|
74
|
+
identity_data,
|
|
75
|
+
provider,
|
|
76
|
+
provider_id,
|
|
77
|
+
last_sign_in_at,
|
|
78
|
+
created_at,
|
|
79
|
+
updated_at
|
|
80
|
+
) VALUES (
|
|
81
|
+
gen_random_uuid(),
|
|
82
|
+
new_user_id,
|
|
83
|
+
jsonb_build_object(
|
|
84
|
+
'sub', new_user_id::text,
|
|
85
|
+
'email', admin_email,
|
|
86
|
+
'email_verified', true
|
|
87
|
+
),
|
|
88
|
+
'email',
|
|
89
|
+
new_user_id::text,
|
|
90
|
+
NOW(),
|
|
91
|
+
NOW(),
|
|
92
|
+
NOW()
|
|
93
|
+
);
|
|
94
|
+
|
|
95
|
+
RAISE NOTICE 'Created dev admin user: % with id: %', admin_email, new_user_id;
|
|
96
|
+
ELSE
|
|
97
|
+
-- Update existing user to have super_admin role if they don't already
|
|
98
|
+
UPDATE auth.users
|
|
99
|
+
SET raw_app_meta_data = raw_app_meta_data || '{"role": "super_admin"}'::jsonb,
|
|
100
|
+
updated_at = NOW()
|
|
101
|
+
WHERE email = admin_email
|
|
102
|
+
AND (raw_app_meta_data->>'role' IS NULL OR raw_app_meta_data->>'role' != 'super_admin');
|
|
103
|
+
|
|
104
|
+
IF FOUND THEN
|
|
105
|
+
RAISE NOTICE 'Updated existing user % to admin role', admin_email;
|
|
106
|
+
ELSE
|
|
107
|
+
RAISE NOTICE 'User % already exists with admin role', admin_email;
|
|
108
|
+
END IF;
|
|
109
|
+
END IF;
|
|
110
|
+
ELSE
|
|
111
|
+
RAISE NOTICE 'Skipping admin user creation - no admin email configured';
|
|
112
|
+
END IF;
|
|
113
|
+
END $$;
|
|
@@ -0,0 +1,114 @@
|
|
|
1
|
+
-- Create initial admin user in auth.users
|
|
2
|
+
-- This runs after Supabase GoTrue is initialized
|
|
3
|
+
-- Password hash is generated during project creation (plain password is never stored)
|
|
4
|
+
|
|
5
|
+
DO $$
|
|
6
|
+
DECLARE
|
|
7
|
+
admin_email TEXT := '{{ADMIN_EMAIL}}';
|
|
8
|
+
admin_password_hash TEXT := '{{ADMIN_PASSWORD_HASH}}';
|
|
9
|
+
new_user_id UUID;
|
|
10
|
+
BEGIN
|
|
11
|
+
-- Only create if admin email is provided and not empty
|
|
12
|
+
IF admin_email IS NOT NULL AND admin_email != '' THEN
|
|
13
|
+
|
|
14
|
+
-- Check if user already exists
|
|
15
|
+
IF NOT EXISTS (SELECT 1 FROM auth.users WHERE email = admin_email) THEN
|
|
16
|
+
-- Generate a new UUID for the user
|
|
17
|
+
new_user_id := gen_random_uuid();
|
|
18
|
+
|
|
19
|
+
-- Create admin user with bcrypt-hashed password
|
|
20
|
+
-- Note: GoTrue expects token columns to be empty strings, not NULL
|
|
21
|
+
INSERT INTO auth.users (
|
|
22
|
+
instance_id,
|
|
23
|
+
id,
|
|
24
|
+
aud,
|
|
25
|
+
role,
|
|
26
|
+
email,
|
|
27
|
+
encrypted_password,
|
|
28
|
+
email_confirmed_at,
|
|
29
|
+
confirmation_sent_at,
|
|
30
|
+
raw_app_meta_data,
|
|
31
|
+
raw_user_meta_data,
|
|
32
|
+
created_at,
|
|
33
|
+
updated_at,
|
|
34
|
+
confirmation_token,
|
|
35
|
+
recovery_token,
|
|
36
|
+
email_change_token_new,
|
|
37
|
+
email_change_token_current,
|
|
38
|
+
email_change,
|
|
39
|
+
phone,
|
|
40
|
+
phone_change,
|
|
41
|
+
phone_change_token,
|
|
42
|
+
reauthentication_token
|
|
43
|
+
) VALUES (
|
|
44
|
+
'00000000-0000-0000-0000-000000000000',
|
|
45
|
+
new_user_id,
|
|
46
|
+
'authenticated',
|
|
47
|
+
'authenticated',
|
|
48
|
+
admin_email,
|
|
49
|
+
admin_password_hash,
|
|
50
|
+
NOW(),
|
|
51
|
+
NOW(),
|
|
52
|
+
jsonb_build_object(
|
|
53
|
+
'provider', 'email',
|
|
54
|
+
'providers', ARRAY['email'],
|
|
55
|
+
'role', 'super_admin'
|
|
56
|
+
),
|
|
57
|
+
'{"onboarding_completed": true}'::jsonb,
|
|
58
|
+
NOW(),
|
|
59
|
+
NOW(),
|
|
60
|
+
'',
|
|
61
|
+
'',
|
|
62
|
+
'',
|
|
63
|
+
'',
|
|
64
|
+
'',
|
|
65
|
+
'',
|
|
66
|
+
'',
|
|
67
|
+
'',
|
|
68
|
+
''
|
|
69
|
+
);
|
|
70
|
+
|
|
71
|
+
-- Create identity record for email provider
|
|
72
|
+
INSERT INTO auth.identities (
|
|
73
|
+
id,
|
|
74
|
+
user_id,
|
|
75
|
+
identity_data,
|
|
76
|
+
provider,
|
|
77
|
+
provider_id,
|
|
78
|
+
last_sign_in_at,
|
|
79
|
+
created_at,
|
|
80
|
+
updated_at
|
|
81
|
+
) VALUES (
|
|
82
|
+
gen_random_uuid(),
|
|
83
|
+
new_user_id,
|
|
84
|
+
jsonb_build_object(
|
|
85
|
+
'sub', new_user_id::text,
|
|
86
|
+
'email', admin_email,
|
|
87
|
+
'email_verified', true
|
|
88
|
+
),
|
|
89
|
+
'email',
|
|
90
|
+
new_user_id::text,
|
|
91
|
+
NOW(),
|
|
92
|
+
NOW(),
|
|
93
|
+
NOW()
|
|
94
|
+
);
|
|
95
|
+
|
|
96
|
+
RAISE NOTICE 'Created admin user: % with id: %', admin_email, new_user_id;
|
|
97
|
+
ELSE
|
|
98
|
+
-- Update existing user to have super_admin role if they don't already
|
|
99
|
+
UPDATE auth.users
|
|
100
|
+
SET raw_app_meta_data = raw_app_meta_data || '{"role": "super_admin"}'::jsonb,
|
|
101
|
+
updated_at = NOW()
|
|
102
|
+
WHERE email = admin_email
|
|
103
|
+
AND (raw_app_meta_data->>'role' IS NULL OR raw_app_meta_data->>'role' != 'super_admin');
|
|
104
|
+
|
|
105
|
+
IF FOUND THEN
|
|
106
|
+
RAISE NOTICE 'Updated existing user % to admin role', admin_email;
|
|
107
|
+
ELSE
|
|
108
|
+
RAISE NOTICE 'User % already exists with admin role', admin_email;
|
|
109
|
+
END IF;
|
|
110
|
+
END IF;
|
|
111
|
+
ELSE
|
|
112
|
+
RAISE NOTICE 'Skipping admin user creation - no admin email configured';
|
|
113
|
+
END IF;
|
|
114
|
+
END $$;
|