Merge pull request #17 from launchql/fix/use-supabase-users

Fix/use supabase users

Author: pyramation

.github/workflows/ci.yml

@@ -13,7 +13,7 @@ jobs:
       fail-fast: false
       matrix:
         package:
-          - rls-demo
+          - hello-world
           - supabase
 
     env:

README.md

@@ -35,7 +35,7 @@ npx supabase start
 pnpm install
 
 # Run tests in watch mode
-cd packages/rls-demo
+cd packages/hello-world
 pnpm test:watch
 ```
 
@@ -44,7 +44,7 @@ pnpm test:watch
 This is a LaunchQL workspace combining `pnpm` and `lql` for modular Postgres packages:
 
 - **`packages/supabase`** - Supabase-focused SQL, tests, and helpers
-- **`packages/rls-demo`** - Demo extension showcasing RLS with users/products
+- **`packages/hello-world`** - Demo extension showcasing RLS with users/products
 
 ## Testing
 
@@ -55,7 +55,7 @@ Run tests in different modes:
 pnpm test
 
 # Watch mode for specific package
-cd packages/rls-demo
+cd packages/hello-world
 pnpm test:watch
 
 # Run Supabase package tests

package.json

@@ -40,7 +40,7 @@
     "lerna": "^8.2.3",
     "prettier": "^3.0.2",
     "rimraf": "4.4.1",
-    "supabase-test": "^0.0.9",
+    "supabase-test": "^0.0.10",
     "ts-jest": "^29.4.5",
     "ts-node": "^10.9.2",
     "typescript": "^5.9.3"

packages/rls-demo/LICENSE packages/hello-world/LICENSEpackages/rls-demo/LICENSE renamed to packages/hello-world/LICENSE

@@ -1,5 +1,5 @@
-EXTENSION = launchql-rls-demo
-DATA = sql/launchql-rls-demo--0.0.1.sql
+EXTENSION = hello-world
+DATA = sql/hello-world--0.0.1.sql
 
 PG_CONFIG = pg_config
 PGXS := $(shell $(PG_CONFIG) --pgxs)

packages/rls-demo/Makefile packages/hello-world/Makefilepackages/rls-demo/Makefile renamed to packages/hello-world/Makefile

@@ -0,0 +1,162 @@
+import { getConnections, PgTestClient } from 'supabase-test';
+import { insertUser } from '../test-utils';
+
+let db: PgTestClient;
+let pg: PgTestClient;
+let teardown: () => Promise<void>;
+
+let user1: any;
+let user2: any;
+let user3: any;
+
+const users = [
+  {
+    id: '550e8400-e29b-41d4-a716-446655440001',
+    email: '[email protected]',
+    name: 'Tutorial User 1'
+  },
+  {
+    id: '550e8400-e29b-41d4-a716-446655440002',
+    email: '[email protected]',
+    name: 'Tutorial User 2'
+  },
+  {
+    id: '550e8400-e29b-41d4-a716-446655440003',
+    email: '[email protected]',
+    name: 'Tutorial User 3'
+  }
+];
+
+beforeAll(async () => {
+  ({ pg, db, teardown } = await getConnections());
+  user1 = await insertUser(pg, users[0].email, users[0].id);
+  user2 = await insertUser(pg, users[1].email, users[1].id);
+  user3 = await insertUser(pg, users[2].email, users[2].id);
+});
+
+afterAll(async () => {
+  await teardown();
+});
+
+beforeEach(async () => {
+  await db.beforeEach();
+});
+
+afterEach(async () => {
+  await db.afterEach();
+});
+
+describe('tutorial: basic rls crud operations', () => {
+  it('should allow user to create their own user record', async () => {
+    // set context to simulate authenticated user
+    db.setContext({
+      role: 'authenticated',
+      'request.jwt.claim.sub': user1.id
+    });
+
+    // user can create their own pet
+    const pet = await db.one(
+      `INSERT INTO rls_test.pets (name, breed, user_id) 
+       VALUES ($1, $2, $3) 
+       RETURNING id, name, breed, user_id`,
+      ['Fido', 'Labrador', user1.id]
+    );
+
+    expect(pet.name).toBe('Fido');
+    expect(pet.breed).toBe('Labrador');
+    expect(pet.user_id).toBe(user1.id);
+  });
+
+  it('should prevent user1 from updating user2\'s record', async () => {
+    // user2 creates a pet
+    db.setContext({
+      role: 'authenticated',
+      'request.jwt.claim.sub': user2.id
+    });
+
+    const pet = await db.one(
+      `INSERT INTO rls_test.pets (name, breed, user_id) 
+       VALUES ($1, $2, $3) 
+       RETURNING id, name, breed, user_id`,
+      ['Buddy', 'Golden Retriever', user2.id]
+    );
+
+    expect(pet.user_id).toBe(user2.id);
+
+    // user1 tries to update user2's pet - should throw
+    db.setContext({
+      role: 'authenticated',
+      'request.jwt.claim.sub': user1.id
+    });
+
+    await expect(
+      db.one(
+        `UPDATE rls_test.pets 
+         SET name = $1 
+         WHERE id = $2 
+         RETURNING id, name, breed, user_id`,
+        ['Hacked Name', pet.id]
+      )
+    ).rejects.toThrow();
+  });
+
+  it('should allow users to see only their own data in list queries', async () => {
+    // set context to user1
+    db.setContext({
+      role: 'authenticated',
+      'request.jwt.claim.sub': user1.id
+    });
+
+    // create multiple users as admin
+    await db.one(
+      `INSERT INTO rls_test.pets (name, breed, user_id) 
+       VALUES ($1, $2, $3) 
+       RETURNING id`,
+      ['Fido', 'Labrador', user1.id]
+    );
+
+    // set context to user1
+    db.setContext({
+      role: 'authenticated',
+      'request.jwt.claim.sub': user2.id
+    });
+
+    await db.one(
+      `INSERT INTO rls_test.pets (name, breed, user_id) 
+       VALUES ($1, $2, $3) 
+       RETURNING id`,
+      ['Buddy', 'Golden Retriever', user2.id]
+    );
+
+    // set context to user1
+    db.setContext({
+      role: 'authenticated',
+      'request.jwt.claim.sub': user3.id
+    });
+
+    await db.one(
+      `INSERT INTO rls_test.pets (name, breed, user_id) 
+       VALUES ($1, $2, $3) 
+       RETURNING id`,
+      ['Rex', 'German Shepherd', user3.id]
+    );
+
+    // set context to user1
+    db.setContext({
+      role: 'authenticated',
+      'request.jwt.claim.sub': user1.id
+    });
+
+    // user1 should only see their own record in a list query
+    const allUsers = await db.many(
+      `SELECT id, name, breed, user_id FROM rls_test.pets ORDER BY name`
+    );
+
+    expect(allUsers.length).toBe(1);
+    expect(allUsers[0].user_id).toBe(user1.id);
+    expect(allUsers[0].name).toBe('Fido');
+    expect(allUsers[0].breed).toBe('Labrador');
+  });
+
+});
+

packages/rls-demo/README.md packages/hello-world/README.mdpackages/rls-demo/README.md renamed to packages/hello-world/README.md

@@ -0,0 +1,4 @@
+id,name,breed,user_id
+660e8400-e29b-41d4-a716-446655440001,Fido,Labrador,550e8400-e29b-41d4-a716-446655440001
+660e8400-e29b-41d4-a716-446655440002,Buddy,Golden Retriever,550e8400-e29b-41d4-a716-446655440002
+660e8400-e29b-41d4-a716-446655440003,Rex,German Shepherd,550e8400-e29b-41d4-a716-446655440003

packages/hello-world/__tests__/hello-world.test.ts

@@ -0,0 +1,15 @@
+-- Seed data for rls_test schema
+-- This file can be used to populate the database with test data
+
+-- Insert test users
+INSERT INTO auth.users (id, email) VALUES 
+  ('550e8400-e29b-41d4-a716-446655440001', '[email protected]'),
+  ('550e8400-e29b-41d4-a716-446655440002', '[email protected]'),
+  ('550e8400-e29b-41d4-a716-446655440003', '[email protected]'),
+  ('550e8400-e29b-41d4-a716-446655440004', '[email protected]');
+
+-- Insert test pets
+INSERT INTO rls_test.pets (id, name, breed, user_id) VALUES 
+  ('660e8400-e29b-41d4-a716-446655440001', 'Fido', 'Labrador', '550e8400-e29b-41d4-a716-446655440001'),
+  ('660e8400-e29b-41d4-a716-446655440002', 'Buddy', 'Golden Retriever', '550e8400-e29b-41d4-a716-446655440002'),
+  ('660e8400-e29b-41d4-a716-446655440003', 'Rex', 'German Shepherd', '550e8400-e29b-41d4-a716-446655440003');

packages/hello-world/__tests__/seeding/data/pets.csv

@@ -0,0 +1,36 @@
+export const users = [
+  {
+    id: '550e8400-e29b-41d4-a716-446655440001',
+    email: '[email protected]'
+  },
+  {
+    id: '550e8400-e29b-41d4-a716-446655440002',
+    email: '[email protected]'
+  },
+  {
+    id: '550e8400-e29b-41d4-a716-446655440003',
+    email: '[email protected]'
+  }
+];
+
+export const pets = [
+  {
+    id: '660e8400-e29b-41d4-a716-446655440001',
+    name: 'Fido',
+    breed: 'Labrador',
+    user_id: '550e8400-e29b-41d4-a716-446655440001'
+  },
+  {
+    id: '660e8400-e29b-41d4-a716-446655440002',
+    name: 'Buddy',
+    breed: 'Golden Retriever',
+    user_id: '550e8400-e29b-41d4-a716-446655440002'
+  },
+  {
+    id: '660e8400-e29b-41d4-a716-446655440003',
+    name: 'Rex',
+    breed: 'German Shepherd',
+    user_id: '550e8400-e29b-41d4-a716-446655440003'
+  }
+];
+