Skip to content

harden chat thread view#46

Merged
dnywh merged 1 commit into
mainfrom
dnywh/harden-chat-thread-view
Apr 19, 2026
Merged

harden chat thread view#46
dnywh merged 1 commit into
mainfrom
dnywh/harden-chat-thread-view

Conversation

@dnywh
Copy link
Copy Markdown
Owner

@dnywh dnywh commented Apr 19, 2026

Summary

  • Recreates chat_threads_with_participants with security_invoker = on so underlying table RLS applies to the caller.
  • Revokes all privileges on the view from anon.
  • Narrows authenticated and service_role privileges on the view to SELECT.

Why

The baseline migration originally created this view as security invoker, but a later migration recreated it without that property. Because the view is owned by postgres, that made it behave as security definer and allowed anonymous REST requests to read rows from the view.

This PR should merge before #45 so the coordinate migration can keep its timestamp ordering clean.

Validation

  • npm run supabase:reset
  • Confirmed local chat_threads_with_participants has security_invoker=on
  • Confirmed local anon no longer has SELECT on the view
  • Confirmed local REST request with the anon key returns 401 permission denied
  • npm run check

@vercel
Copy link
Copy Markdown

vercel Bot commented Apr 19, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
peels Ready Ready Preview, Comment Apr 19, 2026 9:02am

@supabase
Copy link
Copy Markdown

supabase Bot commented Apr 19, 2026

This pull request has been ignored for the connected project mfnaqdyunuafbwukbbyr due to reaching the limit of concurrent preview branches.
Go to Project Integrations Settings ↗︎ if you wish to update this limit.

Preview Branches by Supabase.
Learn more about Supabase Branching ↗︎.

@dnywh dnywh requested a review from Copilot April 19, 2026 04:32
@dnywh dnywh marked this pull request as ready for review April 19, 2026 04:33
Copilot AI reviewed Apr 19, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Hardens the public.chat_threads_with_participants view so it evaluates underlying table RLS as the calling role (rather than the view owner) and removes anonymous access via PostgREST.

Changes:

  • Recreates public.chat_threads_with_participants with security_invoker = on.
  • Revokes all privileges on the view from anon (and re-scopes authenticated/service_role to SELECT only).

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@dnywh dnywh force-pushed the dnywh/harden-chat-thread-view branch from a64a3f2 to 4bcd331 Compare April 19, 2026 09:00
@dnywh dnywh force-pushed the dnywh/harden-chat-thread-view branch from 4bcd331 to ec216cc Compare April 19, 2026 09:00
@dnywh dnywh requested a review from Copilot April 19, 2026 09:54
Copilot AI reviewed Apr 19, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 1 out of 1 changed files in this pull request and generated 1 comment.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread supabase/migrations/20260419092500_harden_chat_threads_with_participants_view.sql
Comment on lines +37 to +53
alter view public.listings_public_data
set (security_invoker = on);

alter view public.listings_private_data
set (security_invoker = on);

revoke all on table public.listings_public_data
from anon, authenticated, service_role;

revoke all on table public.listings_private_data
from anon, authenticated, service_role;

grant select on table public.listings_public_data
to anon, authenticated, service_role;

grant select on table public.listings_private_data
to authenticated, service_role;
Copy link

Copilot AI Apr 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This migration also changes public.listings_public_data / public.listings_private_data (sets security_invoker=on and rewrites grants), but the PR description only calls out hardening chat_threads_with_participants. Please update the PR description (or add an in-file comment) to explicitly mention these additional view hardening changes so reviewers understand the full scope and can evaluate any access-impact on listing reads.

Copilot uses AI. Check for mistakes.
@dnywh dnywh merged commit 31898f1 into main Apr 19, 2026
9 checks passed
@dnywh dnywh deleted the dnywh/harden-chat-thread-view branch April 19, 2026 09:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@dnywh