Modify backend queries & set user session after login to handle RLS

kevin-lann · kevin-lann · commit bc88f7eab94b · 2025-02-19T14:19:45.000-05:00
diff --git a/course-matrix/backend/src/controllers/coursesController.ts b/course-matrix/backend/src/controllers/coursesController.ts
@@ -1,6 +1,6 @@
 import { Request, Response } from "express";
 import asyncHandler from "../middleware/asyncHandler";
-import { supabaseCourseClient } from "../db/setupDb";
+import { supabase } from "../db/setupDb";
 
 const DEFAULT_COURSE_LIMIT = 1000;
 
@@ -26,7 +26,8 @@ export default {
       } = req.query;
 
       // Query the courses, offerings tables from the database
-      let coursesQuery = supabaseCourseClient
+      let coursesQuery = supabase
+        .schema('course')
         .from("courses")
         .select()
         .limit(Number(limit || DEFAULT_COURSE_LIMIT));
@@ -36,12 +37,14 @@ export default {
           `code.ilike.%${search}%,name.ilike.%${search}%`,
         );
       }
-      let offeringsQuery = supabaseCourseClient.from("offerings").select();
+      let offeringsQuery = supabase
+        .schema('course')
+        .from("offerings")
+        .select();
 
       // Get the data and errors from the queries
       const { data: coursesData, error: coursesError } = await coursesQuery;
-      const { data: offeringsData, error: offeringsError } =
-        await offeringsQuery;
+      const { data: offeringsData, error: offeringsError } = await offeringsQuery;
 
       // Set the courses and offerings data
       const courses = coursesData || [];
diff --git a/course-matrix/backend/src/controllers/departmentsController.ts b/course-matrix/backend/src/controllers/departmentsController.ts
@@ -1,6 +1,6 @@
 import { Request, Response } from "express";
 
-import { supabaseCourseClient } from "../db/setupDb";
+import { supabase } from "../db/setupDb";
 import asyncHandler from "../middleware/asyncHandler";
 
 export default {
@@ -14,7 +14,10 @@ export default {
   getDepartments: asyncHandler(async (req: Request, res: Response) => {
     try {
       // Query the departments table from the database
-      let departmentsQuery = supabaseCourseClient.from("departments").select();
+      let departmentsQuery = supabase
+        .schema('course')
+        .from("departments")
+        .select();
 
       // Get the data and errors from the query
       const { data: departmentsData, error: departmentsError } =
diff --git a/course-matrix/backend/src/controllers/offeringsController.ts b/course-matrix/backend/src/controllers/offeringsController.ts
@@ -1,6 +1,6 @@
 import { Request, Response } from "express";
 import asyncHandler from "../middleware/asyncHandler";
-import { supabaseCourseClient } from "../db/setupDb";
+import { supabase } from "../db/setupDb";
 
 export default {
   /**
@@ -14,7 +14,8 @@ export default {
     try {
       const { course_code, semester } = req.query;
 
-      let offeringsQuery = supabaseCourseClient
+      let offeringsQuery = supabase
+        .schema('course')
         .from("offerings")
         .select()
         .eq("code", course_code)
diff --git a/course-matrix/backend/src/controllers/userController.ts b/course-matrix/backend/src/controllers/userController.ts
@@ -78,6 +78,11 @@ export const login = asyncHandler(async (req: Request, res: Response) => {
 
     res.cookie("refresh_token", data.session?.refresh_token, COOKIE_OPTIONS);
 
+    await supabase.auth.setSession({
+      access_token: data.session.access_token,
+      refresh_token: data.session.refresh_token
+    })
+
     res.status(200).json({
       message: "Login Success!",
       access_token: data.session?.access_token,
diff --git a/course-matrix/backend/src/db/setupDb.ts b/course-matrix/backend/src/db/setupDb.ts
@@ -13,16 +13,4 @@ export const supabase = createClient(
   config.DATABASE_KEY!,
 );
 
-/**
- * Initializes and exports the Supabase course client.
- *
- * This client is used to interact with the Supabase backend services for the course schema.
- * The client is configured using the Supabase URL and API key from the config file.
- */
-export const supabaseCourseClient = createClient(
-  config.DATABASE_URL!,
-  config.DATABASE_KEY!,
-  { db: { schema: "course" } },
-);
-
 console.log("Connected to Supabase Client!");
