Skip to content

test(it): add JWT auth for PostgREST mutation access control#1875

Merged
ekremney merged 2 commits intomainfrom
feat/postgrest-jwt-auth
Feb 27, 2026
Merged

test(it): add JWT auth for PostgREST mutation access control#1875
ekremney merged 2 commits intomainfrom
feat/postgrest-jwt-auth

Conversation

@ekremney
Copy link
Member

@ekremney ekremney commented Feb 27, 2026

Summary

Adapts IT tests for mysticat-data-service PR #92 which introduces the postgrest_writer role for JWT-based mutation access control.

  • Add postgrest-jwt.js utility for HS256 JWT generation (mirrors _make_jwt() from mysticat-data-service)
  • Configure PGRST_JWT_SECRET in docker-compose.yml
  • Pass POSTGREST_API_KEY to dev server for postgres mode
  • Bump mysticat-data-service image to v1.13.0

After this change, DELETE and UPDATE operations through PostgREST require JWT authentication, while SELECT and INSERT remain anonymous.

Test plan

  • PostgreSQL IT tests pass (277 passing)

🤖 Generated with Claude Code

@ekremney @claude
test(it): add JWT auth for PostgREST mutation access control
53bc22d 
Adapts IT tests for mysticat-data-service PR #92 which introduces
the postgrest_writer role for JWT-based mutation access control.

Changes:
- Add postgrest-jwt.js utility for HS256 JWT generation
- Configure PGRST_JWT_SECRET in docker-compose.yml
- Pass POSTGREST_API_KEY to dev server for postgres mode
- Bump mysticat-data-service image to v1.13.0

After this change, DELETE and UPDATE operations through PostgREST
require JWT authentication, while SELECT and INSERT remain anonymous.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@ekremney ekremney force-pushed the feat/postgrest-jwt-auth branch from 2ebf8d1 to 53bc22d Compare February 27, 2026 17:42
@github-actions
Copy link

github-actions bot commented Feb 27, 2026

This PR will trigger no release when merged.

@codecov
Copy link

codecov bot commented Feb 27, 2026

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

@ekremney ekremney requested a review from solaris007 February 27, 2026 17:49
@ekremney
Copy link
Member Author

ekremney commented Feb 27, 2026

@solaris007 I need to merge this PR as I this is only tests change. Your comments will be addressed in a separate PR retroactively

@ekremney ekremney merged commit d8254f5 into main Feb 27, 2026
18 checks passed
@ekremney ekremney deleted the feat/postgrest-jwt-auth branch February 27, 2026 17:53
@solaris007
Copy link
Member

solaris007 commented Feb 27, 2026

🎉 This PR is included in version 1.325.1 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@solaris007 solaris007 Awaiting requested review from solaris007

Assignees

No one assigned

Labels

released

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ekremney @solaris007