mirror of
https://github.com/jcreek/LivingDexTracker.git
synced 2026-07-12 18:43:45 +00:00
fix(#69): Use service role key for seeding
This commit is contained in:
+2
-1
@@ -1,2 +1,3 @@
|
||||
PUBLIC_SUPABASE_URL="your-supabase-project-url"
|
||||
PUBLIC_SUPABASE_ANON_KEY="your-supabase-anon-key"
|
||||
PUBLIC_SUPABASE_ANON_KEY="your-supabase-anon-key"
|
||||
SUPABASE_SERVICE_ROLE_KEY="your-supabase-service-role-key"
|
||||
@@ -10,7 +10,8 @@ A web app to track completion of a living Pokédex.
|
||||
4. An example `.env` file is provided in the repository. You will need to copy `.env.example` to `.env` and fill in the values with your own credentials. For local development with Supabase running in Docker, you can use the following values:
|
||||
|
||||
- The `PUBLIC_SUPABASE_URL` will be `"http://127.0.0.1:54321"`
|
||||
- The `PUBLIC_SUPABASE_ANON_KEY` will be the 'Publishable' authentication key displayed when you run Supabase in the terminal.
|
||||
- The `PUBLIC_SUPABASE_ANON_KEY` will be the 'Publishable' authentication key displayed when you run Supabase in the terminal
|
||||
- The `SUPABASE_SERVICE_ROLE_KEY` will be the 'Secret' authentication key displayed when you run Supabase in the terminal
|
||||
|
||||
5. Start local Supabase and a development server with `npm run dev:supabase`
|
||||
6. The Pokédex data is automatically seeded via database migrations when Supabase starts
|
||||
|
||||
@@ -1,6 +1,7 @@
|
||||
import { json } from '@sveltejs/kit';
|
||||
import { createClient } from '@supabase/supabase-js';
|
||||
import { PUBLIC_SUPABASE_URL, PUBLIC_SUPABASE_ANON_KEY } from '$env/static/public';
|
||||
import { PUBLIC_SUPABASE_URL } from '$env/static/public';
|
||||
import { SUPABASE_SERVICE_ROLE_KEY } from '$env/static/private';
|
||||
import dex from '$lib/helpers/pokedex.json';
|
||||
import RegionGameMappingJson from '$lib/helpers/region-game-mapping.json';
|
||||
|
||||
@@ -10,7 +11,8 @@ export const GET = async () => {
|
||||
return json({ message: 'Seeding not allowed in production' }, { status: 403 });
|
||||
}
|
||||
|
||||
const supabase = createClient(PUBLIC_SUPABASE_URL, PUBLIC_SUPABASE_ANON_KEY);
|
||||
// Use service role key to bypass RLS for seeding operations
|
||||
const supabase = createClient(PUBLIC_SUPABASE_URL, SUPABASE_SERVICE_ROLE_KEY);
|
||||
|
||||
try {
|
||||
// Seed Pokédex entries
|
||||
|
||||
@@ -1,30 +0,0 @@
|
||||
-- Add INSERT policies for reference data tables to enable seeding
|
||||
-- These policies allow anyone to insert into reference tables (pokedex_entries, region_game_mappings, metadata)
|
||||
-- This is acceptable because:
|
||||
-- 1. These are read-only reference data tables for the application
|
||||
-- 2. Seeding only happens in development/setup phase
|
||||
-- 3. In production, you would typically use service role or disable seeding
|
||||
|
||||
-- Add INSERT policy for pokedex_entries
|
||||
CREATE POLICY "Allow insert for pokedex entries" ON pokedex_entries
|
||||
FOR INSERT WITH CHECK (true);
|
||||
|
||||
-- Add UPDATE policy for pokedex_entries (in case re-seeding needs to update)
|
||||
CREATE POLICY "Allow update for pokedex entries" ON pokedex_entries
|
||||
FOR UPDATE USING (true);
|
||||
|
||||
-- Add INSERT policy for region_game_mappings
|
||||
CREATE POLICY "Allow insert for region game mappings" ON region_game_mappings
|
||||
FOR INSERT WITH CHECK (true);
|
||||
|
||||
-- Add UPDATE policy for region_game_mappings
|
||||
CREATE POLICY "Allow update for region game mappings" ON region_game_mappings
|
||||
FOR UPDATE USING (true);
|
||||
|
||||
-- Add INSERT policy for metadata
|
||||
CREATE POLICY "Allow insert for metadata" ON metadata
|
||||
FOR INSERT WITH CHECK (true);
|
||||
|
||||
-- Add UPDATE policy for metadata
|
||||
CREATE POLICY "Allow update for metadata" ON metadata
|
||||
FOR UPDATE USING (true);
|
||||
Reference in New Issue
Block a user