From 0e2d7f7792dec117d7c1c19c30692fad75ec3df5 Mon Sep 17 00:00:00 2001 From: Josh Creek <8179928+jcreek@users.noreply.github.com> Date: Fri, 2 Jan 2026 20:35:38 +0000 Subject: [PATCH] fix(#69): Use service role key for seeding --- .env.example | 3 +- README.md | 3 +- src/routes/api/seed/+server.ts | 6 ++-- ...000005_add_insert_policies_for_seeding.sql | 30 ------------------- 4 files changed, 8 insertions(+), 34 deletions(-) delete mode 100644 supabase/migrations/20250126000005_add_insert_policies_for_seeding.sql diff --git a/.env.example b/.env.example index af3e33d..921bbe0 100644 --- a/.env.example +++ b/.env.example @@ -1,2 +1,3 @@ PUBLIC_SUPABASE_URL="your-supabase-project-url" -PUBLIC_SUPABASE_ANON_KEY="your-supabase-anon-key" \ No newline at end of file +PUBLIC_SUPABASE_ANON_KEY="your-supabase-anon-key" +SUPABASE_SERVICE_ROLE_KEY="your-supabase-service-role-key" \ No newline at end of file diff --git a/README.md b/README.md index c7f8b94..f27cc67 100644 --- a/README.md +++ b/README.md @@ -10,7 +10,8 @@ A web app to track completion of a living Pokédex. 4. An example `.env` file is provided in the repository. You will need to copy `.env.example` to `.env` and fill in the values with your own credentials. For local development with Supabase running in Docker, you can use the following values: - The `PUBLIC_SUPABASE_URL` will be `"http://127.0.0.1:54321"` - - The `PUBLIC_SUPABASE_ANON_KEY` will be the 'Publishable' authentication key displayed when you run Supabase in the terminal. + - The `PUBLIC_SUPABASE_ANON_KEY` will be the 'Publishable' authentication key displayed when you run Supabase in the terminal + - The `SUPABASE_SERVICE_ROLE_KEY` will be the 'Secret' authentication key displayed when you run Supabase in the terminal 5. Start local Supabase and a development server with `npm run dev:supabase` 6. The Pokédex data is automatically seeded via database migrations when Supabase starts diff --git a/src/routes/api/seed/+server.ts b/src/routes/api/seed/+server.ts index 53e7d59..3b4d661 100644 --- a/src/routes/api/seed/+server.ts +++ b/src/routes/api/seed/+server.ts @@ -1,6 +1,7 @@ import { json } from '@sveltejs/kit'; import { createClient } from '@supabase/supabase-js'; -import { PUBLIC_SUPABASE_URL, PUBLIC_SUPABASE_ANON_KEY } from '$env/static/public'; +import { PUBLIC_SUPABASE_URL } from '$env/static/public'; +import { SUPABASE_SERVICE_ROLE_KEY } from '$env/static/private'; import dex from '$lib/helpers/pokedex.json'; import RegionGameMappingJson from '$lib/helpers/region-game-mapping.json'; @@ -10,7 +11,8 @@ export const GET = async () => { return json({ message: 'Seeding not allowed in production' }, { status: 403 }); } - const supabase = createClient(PUBLIC_SUPABASE_URL, PUBLIC_SUPABASE_ANON_KEY); + // Use service role key to bypass RLS for seeding operations + const supabase = createClient(PUBLIC_SUPABASE_URL, SUPABASE_SERVICE_ROLE_KEY); try { // Seed Pokédex entries diff --git a/supabase/migrations/20250126000005_add_insert_policies_for_seeding.sql b/supabase/migrations/20250126000005_add_insert_policies_for_seeding.sql deleted file mode 100644 index 09a0fdb..0000000 --- a/supabase/migrations/20250126000005_add_insert_policies_for_seeding.sql +++ /dev/null @@ -1,30 +0,0 @@ --- Add INSERT policies for reference data tables to enable seeding --- These policies allow anyone to insert into reference tables (pokedex_entries, region_game_mappings, metadata) --- This is acceptable because: --- 1. These are read-only reference data tables for the application --- 2. Seeding only happens in development/setup phase --- 3. In production, you would typically use service role or disable seeding - --- Add INSERT policy for pokedex_entries -CREATE POLICY "Allow insert for pokedex entries" ON pokedex_entries - FOR INSERT WITH CHECK (true); - --- Add UPDATE policy for pokedex_entries (in case re-seeding needs to update) -CREATE POLICY "Allow update for pokedex entries" ON pokedex_entries - FOR UPDATE USING (true); - --- Add INSERT policy for region_game_mappings -CREATE POLICY "Allow insert for region game mappings" ON region_game_mappings - FOR INSERT WITH CHECK (true); - --- Add UPDATE policy for region_game_mappings -CREATE POLICY "Allow update for region game mappings" ON region_game_mappings - FOR UPDATE USING (true); - --- Add INSERT policy for metadata -CREATE POLICY "Allow insert for metadata" ON metadata - FOR INSERT WITH CHECK (true); - --- Add UPDATE policy for metadata -CREATE POLICY "Allow update for metadata" ON metadata - FOR UPDATE USING (true);