fix(#69): Use service role key for seeding

This commit is contained in:
Josh Creek
2026-01-02 20:35:38 +00:00
parent 78c3230b92
commit 0e2d7f7792
4 changed files with 8 additions and 34 deletions
+2 -1
View File
@@ -1,2 +1,3 @@
PUBLIC_SUPABASE_URL="your-supabase-project-url"
PUBLIC_SUPABASE_ANON_KEY="your-supabase-anon-key"
PUBLIC_SUPABASE_ANON_KEY="your-supabase-anon-key"
SUPABASE_SERVICE_ROLE_KEY="your-supabase-service-role-key"
+2 -1
View File
@@ -10,7 +10,8 @@ A web app to track completion of a living Pokédex.
4. An example `.env` file is provided in the repository. You will need to copy `.env.example` to `.env` and fill in the values with your own credentials. For local development with Supabase running in Docker, you can use the following values:
- The `PUBLIC_SUPABASE_URL` will be `"http://127.0.0.1:54321"`
- The `PUBLIC_SUPABASE_ANON_KEY` will be the 'Publishable' authentication key displayed when you run Supabase in the terminal.
- The `PUBLIC_SUPABASE_ANON_KEY` will be the 'Publishable' authentication key displayed when you run Supabase in the terminal
- The `SUPABASE_SERVICE_ROLE_KEY` will be the 'Secret' authentication key displayed when you run Supabase in the terminal
5. Start local Supabase and a development server with `npm run dev:supabase`
6. The Pokédex data is automatically seeded via database migrations when Supabase starts
+4 -2
View File
@@ -1,6 +1,7 @@
import { json } from '@sveltejs/kit';
import { createClient } from '@supabase/supabase-js';
import { PUBLIC_SUPABASE_URL, PUBLIC_SUPABASE_ANON_KEY } from '$env/static/public';
import { PUBLIC_SUPABASE_URL } from '$env/static/public';
import { SUPABASE_SERVICE_ROLE_KEY } from '$env/static/private';
import dex from '$lib/helpers/pokedex.json';
import RegionGameMappingJson from '$lib/helpers/region-game-mapping.json';
@@ -10,7 +11,8 @@ export const GET = async () => {
return json({ message: 'Seeding not allowed in production' }, { status: 403 });
}
const supabase = createClient(PUBLIC_SUPABASE_URL, PUBLIC_SUPABASE_ANON_KEY);
// Use service role key to bypass RLS for seeding operations
const supabase = createClient(PUBLIC_SUPABASE_URL, SUPABASE_SERVICE_ROLE_KEY);
try {
// Seed Pokédex entries
@@ -1,30 +0,0 @@
-- Add INSERT policies for reference data tables to enable seeding
-- These policies allow anyone to insert into reference tables (pokedex_entries, region_game_mappings, metadata)
-- This is acceptable because:
-- 1. These are read-only reference data tables for the application
-- 2. Seeding only happens in development/setup phase
-- 3. In production, you would typically use service role or disable seeding
-- Add INSERT policy for pokedex_entries
CREATE POLICY "Allow insert for pokedex entries" ON pokedex_entries
FOR INSERT WITH CHECK (true);
-- Add UPDATE policy for pokedex_entries (in case re-seeding needs to update)
CREATE POLICY "Allow update for pokedex entries" ON pokedex_entries
FOR UPDATE USING (true);
-- Add INSERT policy for region_game_mappings
CREATE POLICY "Allow insert for region game mappings" ON region_game_mappings
FOR INSERT WITH CHECK (true);
-- Add UPDATE policy for region_game_mappings
CREATE POLICY "Allow update for region game mappings" ON region_game_mappings
FOR UPDATE USING (true);
-- Add INSERT policy for metadata
CREATE POLICY "Allow insert for metadata" ON metadata
FOR INSERT WITH CHECK (true);
-- Add UPDATE policy for metadata
CREATE POLICY "Allow update for metadata" ON metadata
FOR UPDATE USING (true);