-
Notifications
You must be signed in to change notification settings - Fork 9
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
10 changed files
with
89 additions
and
128 deletions.
There are no files selected for viewing
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,6 +1,5 @@ | ||
[workspace] | ||
members = [ | ||
"postgres", | ||
"realtime", | ||
"storage", | ||
] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,87 +1,6 @@ | ||
-- Create the user_awareness partition of the af_collab_update table | ||
CREATE TABLE af_collab_update_user_awareness PARTITION OF af_collab_update FOR | ||
VALUES IN (5); | ||
-- Add the encrypt column to the af_collab_update table. If the encrypt column is | ||
-- null, then the update is not encrypted. | ||
ALTER TABLE af_collab_update | ||
ADD COLUMN encrypt INTEGER DEFAULT 0; | ||
-- Add encryption_sign column to the af_user table | ||
ALTER TABLE af_user | ||
ADD COLUMN encryption_sign TEXT; | ||
CREATE OR REPLACE FUNCTION prevent_reset_encryption_sign_func() RETURNS TRIGGER AS $$ BEGIN IF OLD.encryption_sign IS NOT NULL | ||
AND NEW.encryption_sign IS DISTINCT | ||
FROM OLD.encryption_sign THEN RAISE EXCEPTION 'The encryption sign can not be reset once it has been set'; | ||
END IF; | ||
RETURN NEW; | ||
END; | ||
$$ LANGUAGE plpgsql; | ||
CREATE TRIGGER trigger_prevent_reset_encryption_sign BEFORE | ||
UPDATE ON af_user FOR EACH ROW EXECUTE FUNCTION prevent_reset_encryption_sign_func(); | ||
-- Re-create the af_user_profile_view to show the 'encrypt' column in the view. | ||
DROP VIEW af_user_profile_view; | ||
CREATE VIEW af_user_profile_view AS | ||
SELECT u.*, | ||
w.workspace_id AS latest_workspace_id | ||
FROM af_user u | ||
INNER JOIN ( | ||
SELECT uid, | ||
workspace_id, | ||
rank() OVER ( | ||
PARTITION BY uid | ||
ORDER BY updated_at DESC | ||
) AS rn | ||
FROM af_workspace_member | ||
) w ON u.uid = w.uid | ||
AND w.rn = 1; | ||
-- Currently, we aren't using the JWT token for requests, so there's no need to validate | ||
-- auth.jwt() ->> 'email' against the email. | ||
ALTER POLICY af_user_update_policy ON public.af_user USING (true) WITH CHECK (true); | ||
-- Update the flush_collab_updates function that accept a new column called encrypt | ||
CREATE OR REPLACE FUNCTION public.flush_collab_updates_v3( | ||
oid TEXT, | ||
new_value BYTEA, | ||
encrypt INTEGER, | ||
md5 TEXT, | ||
value_size INTEGER, | ||
partition_key INTEGER, | ||
uid BIGINT, | ||
workspace_id UUID, | ||
removed_keys BIGINT [], | ||
did TEXT | ||
) RETURNS void AS $$ | ||
DECLARE lock_key INTEGER; | ||
BEGIN -- Hashing the oid to an integer for the advisory lock | ||
lock_key := (hashtext(oid)::bigint)::integer; | ||
-- Getting a session level lock | ||
PERFORM pg_advisory_lock(lock_key); | ||
-- Deleting rows with keys in removed_keys | ||
DELETE FROM af_collab_update | ||
WHERE key = ANY (removed_keys); | ||
-- Inserting a new update with the new key and value | ||
INSERT INTO af_collab_update( | ||
oid, | ||
value, | ||
encrypt, | ||
md5, | ||
value_size, | ||
partition_key, | ||
uid, | ||
workspace_id, | ||
did | ||
) | ||
VALUES ( | ||
oid, | ||
new_value, | ||
encrypt, | ||
md5, | ||
value_size, | ||
partition_key, | ||
uid, | ||
workspace_id, | ||
did | ||
); | ||
-- Releasing the lock | ||
PERFORM pg_advisory_unlock(lock_key); | ||
RETURN; | ||
END; | ||
$$ LANGUAGE plpgsql; | ||
ALTER POLICY af_user_update_policy ON public.af_user USING (true) WITH CHECK (true); |
1 change: 1 addition & 0 deletions
1
postgres/migrations/V3__awareness.down.sql → postgres/migrations/V4__encryption.down.sql
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,2 +1,3 @@ | ||
DROP TRIGGER IF EXISTS trigger_prevent_reset_encryption_sign ON af_user; | ||
DROP FUNCTION IF EXISTS prevent_reset_encryption_sign_func; | ||
DROP FUNCTION IF EXISTS flush_collab_updates_v3; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,86 @@ | ||
-- Add the encrypt column to the af_collab_update table. If the encrypt column is | ||
-- 0, then the update is not encrypted. | ||
ALTER TABLE af_collab_update | ||
ADD COLUMN encrypt INTEGER DEFAULT 0; | ||
-- Add the encrypt column to the af_collab_snapshot table. If the encrypt column is | ||
-- 0, then the update is not encrypted. | ||
ALTER TABLE af_collab_snapshot | ||
ADD COLUMN encrypt INTEGER DEFAULT 0; | ||
-- Add encryption_sign column to the af_user table | ||
ALTER TABLE af_user | ||
ADD COLUMN encryption_sign TEXT; | ||
CREATE OR REPLACE FUNCTION prevent_reset_encryption_sign_func() RETURNS TRIGGER AS $$ BEGIN IF OLD.encryption_sign IS NOT NULL | ||
AND NEW.encryption_sign IS DISTINCT | ||
FROM OLD.encryption_sign THEN RAISE EXCEPTION 'The encryption sign can not be reset once it has been set'; | ||
END IF; | ||
RETURN NEW; | ||
END; | ||
$$ LANGUAGE plpgsql; | ||
CREATE TRIGGER trigger_prevent_reset_encryption_sign BEFORE | ||
UPDATE ON af_user FOR EACH ROW EXECUTE FUNCTION prevent_reset_encryption_sign_func(); | ||
|
||
-- Re-create the af_user_profile_view to show the 'encrypt' column in the view. | ||
DROP VIEW af_user_profile_view; | ||
CREATE VIEW af_user_profile_view AS | ||
SELECT u.*, | ||
w.workspace_id AS latest_workspace_id | ||
FROM af_user u | ||
INNER JOIN ( | ||
SELECT uid, | ||
workspace_id, | ||
rank() OVER ( | ||
PARTITION BY uid | ||
ORDER BY updated_at DESC | ||
) AS rn | ||
FROM af_workspace_member | ||
) w ON u.uid = w.uid | ||
AND w.rn = 1; | ||
-- Update the flush_collab_updates function that accept a new column called encrypt | ||
CREATE OR REPLACE FUNCTION public.flush_collab_updates_v3( | ||
oid TEXT, | ||
new_value BYTEA, | ||
encrypt INTEGER, | ||
md5 TEXT, | ||
value_size INTEGER, | ||
partition_key INTEGER, | ||
uid BIGINT, | ||
workspace_id UUID, | ||
removed_keys BIGINT [], | ||
did TEXT | ||
) RETURNS void AS $$ | ||
DECLARE lock_key INTEGER; | ||
BEGIN -- Hashing the oid to an integer for the advisory lock | ||
lock_key := (hashtext(oid)::bigint)::integer; | ||
-- Getting a session level lock | ||
PERFORM pg_advisory_lock(lock_key); | ||
-- Deleting rows with keys in removed_keys | ||
DELETE FROM af_collab_update | ||
WHERE key = ANY (removed_keys); | ||
-- Inserting a new update with the new key and value | ||
INSERT INTO af_collab_update( | ||
oid, | ||
value, | ||
encrypt, | ||
md5, | ||
value_size, | ||
partition_key, | ||
uid, | ||
workspace_id, | ||
did | ||
) | ||
VALUES ( | ||
oid, | ||
new_value, | ||
encrypt, | ||
md5, | ||
value_size, | ||
partition_key, | ||
uid, | ||
workspace_id, | ||
did | ||
); | ||
-- Releasing the lock | ||
PERFORM pg_advisory_unlock(lock_key); | ||
RETURN; | ||
END; | ||
$$ LANGUAGE plpgsql; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file was deleted.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.