Skip to content

Harden upsert_version_meta RPC auth path#1713

Open
riderx wants to merge 1 commit intomainfrom
riderx/fix-version-metrics
Open

Harden upsert_version_meta RPC auth path#1713
riderx wants to merge 1 commit intomainfrom
riderx/fix-version-metrics

Conversation

@riderx
Copy link
Member

@riderx riderx commented Feb 27, 2026
edited
Loading

Summary (AI generated)

  • Added migration supabase/migrations/20260227000000_harden_upsert_version_meta.sql to secure the public RPC.
  • The updated upsert_version_meta flow now rejects anonymous/authenticated misuse, validates write authorization for the target app, and verifies p_version_id belongs to p_app_id.
  • Existing insert behavior remains aligned with current expectations for positive/negative size bookkeeping and duplicate suppression.
  • Granted execution only to service_role and revoked all execute rights from anon and authenticated.

Test plan (AI generated)

  • Ran bun lint.
  • Reviewed the PR diff with git diff origin/main...HEAD.

Screenshots (AI generated)

  • Not applicable for backend migration change.

Checklist (AI generated)

  • My code follows the code style of this project and passes bun run lint:backend && bun run lint.
  • My change requires a change to the documentation.
  • I have updated the documentation accordingly.
  • My change has adequate E2E test coverage.
  • I have tested my code manually, and I have provided steps how to reproduce my tests.

Generated with AI

@coderabbitai
Copy link
Contributor

coderabbitai bot commented Feb 27, 2026

Warning

Rate limit exceeded

@riderx has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 22 minutes and 35 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

📥 Commits

Reviewing files that changed from the base of the PR and between e719357 and 0ae4325.

📒 Files selected for processing (1)
  • supabase/migrations/20260227000000_harden_upsert_version_meta.sql
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch riderx/fix-version-metrics

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@sonarqubecloud
Copy link

sonarqubecloud bot commented Feb 27, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@riderx