forked from usualdork/EndlessClaude
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathsecurity_schema.sql
More file actions
31 lines (26 loc) · 1.08 KB
/
Copy pathsecurity_schema.sql
File metadata and controls
31 lines (26 loc) · 1.08 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
-- Create a table to store allowed IP addresses for administrative access
CREATE TABLE allowed_ips (
id UUID PRIMARY KEY DEFAULT uuid_generate_v4(),
ip_address TEXT NOT NULL UNIQUE,
label TEXT, -- e.g., 'Master Admin IP'
created_at TIMESTAMP WITH TIME ZONE DEFAULT NOW()
);
ALTER TABLE allowed_ips ENABLE ROW LEVEL SECURITY;
-- Only allow service role (backend) to read this for now
CREATE POLICY "Strict backend only access" ON allowed_ips
FOR SELECT USING (false);
-- NEW: Table for User-Generated API Keys
CREATE TABLE user_api_keys (
id UUID PRIMARY KEY DEFAULT uuid_generate_v4(),
user_id UUID REFERENCES auth.users(id) ON DELETE CASCADE,
api_key TEXT NOT NULL UNIQUE,
label TEXT, -- e.g. 'My Personal App'
is_active BOOLEAN DEFAULT true,
usage_count INTEGER DEFAULT 0,
last_used TIMESTAMP WITH TIME ZONE,
created_at TIMESTAMP WITH TIME ZONE DEFAULT NOW()
);
ALTER TABLE user_api_keys ENABLE ROW LEVEL SECURITY;
-- Users can read their own keys
CREATE POLICY "Users can view own keys" ON user_api_keys
FOR SELECT USING (auth.uid() = user_id);