v1.3.0 (#16)

[1.3.0] - 2024-11-04
@rickypid
⚠️⚠️ Some Breaking Changes ⚠️⚠️

New features
Added Rooms list pagination and searchable
Fixed
Security fix on RLS helper functions

Author: rickypid

CHANGELOG.md

@@ -1,3 +1,16 @@
+## [1.3.0] - 2024-11-04
+#### [@rickypid](https://github.com/rickypid)
+
+⚠️⚠️ **Some Breaking Changes** ⚠️⚠️
+
+### New features
+
+* Added Rooms list pagination and searchable
+
+### Fixed
+
+* Security fix on RLS helper functions
+
 ## [1.2.0] - 2024-10-31
 #### [@rickypid](https://github.com/rickypid)
 

README.md

@@ -253,7 +253,7 @@ Below are the features implemented for each platform:
 | Create group room        | 🚧  |   🚧    | 🚧  |   🚧    |  🚧   |  🚧   |
 | Create channel room      | 🚧  |   🚧    | 🚧  |   🚧    |  🚧   |  🚧   |
 | Chat screen              |  ✅  |    ✅    | 🟡  |    ✅    |  🟡   |  🟡   |
-| Search room              | 🚧  |   🚧    | 🚧  |   🚧    |  🚧   |  🚧   |
+| Search room              |  ✅  |    ✅    | 🟡  |    ✅    |  🟡   |  🟡   |
 | Search message           | 🚧  |   🚧    | 🚧  |   🚧    |  🚧   |  🚧   |
 | Search user              |  ✅  |    ✅    | 🟡  |    ✅    |  🟡   |  🟡   |
 | Upload image             |  ✅  |    ✅    | 🟡  |    ✅    |  🟡   |  🟡   |
@@ -279,3 +279,4 @@ Below are some activities to complete to have a more complete and optimized proj
 4. Chat room channels
 5. Sending audio messages
 6. Improve documentation
+7. Use rooms view for improvement user parsing performance

doc/docs/guides/supabase-security-rls.md

@@ -15,10 +15,11 @@ Security rules make use of some helper functions:
         RETURNS boolean
         LANGUAGE 'plpgsql'
         COST 100
-        VOLATILE NOT LEAKPROOF SECURITY DEFINER
+        VOLATILE NOT LEAKPROOF SECURITY INVOKER
+        SET search_path = ''
     AS $BODY$
     BEGIN
-    return auth.uid() IS NOT NULL;
+        return auth.uid() IS NOT NULL;
     end;
     $BODY$;
 
@@ -27,10 +28,11 @@ Security rules make use of some helper functions:
         RETURNS boolean
         LANGUAGE 'plpgsql'
         COST 100
-        VOLATILE NOT LEAKPROOF SECURITY DEFINER
+        VOLATILE NOT LEAKPROOF SECURITY INVOKER
+        SET search_path = ''
     AS $BODY$
     BEGIN
-    return auth.uid() = user_id;
+        return auth.uid() = user_id;
     end;
     $BODY$;
 
@@ -39,10 +41,11 @@ Security rules make use of some helper functions:
         RETURNS boolean
         LANGUAGE 'plpgsql'
         COST 100
-        VOLATILE NOT LEAKPROOF SECURITY DEFINER
+        VOLATILE NOT LEAKPROOF SECURITY INVOKER
+        SET search_path = ''
     AS $BODY$
     BEGIN
-    return auth.uid() = ANY(members);
+        return auth.uid() = ANY(members);
     end;
     $BODY$;
 
@@ -51,15 +54,16 @@ Security rules make use of some helper functions:
         RETURNS boolean
         LANGUAGE 'plpgsql'
         COST 100
-        VOLATILE NOT LEAKPROOF SECURITY DEFINER
+        VOLATILE NOT LEAKPROOF SECURITY INVOKER
+        SET search_path = ''
     AS $BODY$
     DECLARE
-    members uuid[];
+        members uuid[];
     BEGIN
-    SELECT "userIds" INTO members
-    FROM chats.rooms
-    WHERE id = room_id;
-    return chats.is_member(members);
+        SELECT "userIds" INTO members
+        FROM chats.rooms
+        WHERE id = room_id;
+        return chats.is_member(members);
     end;
     $BODY$;
 ```

doc/docs/guides/supabse-indexes.md

@@ -0,0 +1,11 @@
+---
+id: supabase-indexes
+title: Database Indexes
+---
+
+These indexes are added to improve the performance of foreign keys in database tables:
+
+```sql
+CREATE INDEX ON "chats"."messages" USING btree ("authorId");
+CREATE INDEX ON "chats"."messages" USING btree ("roomId");
+```

doc/docs/guides/supabse-trigges.md

@@ -6,38 +6,73 @@ title: Database Triggers
 This is an example of a triggers that sets room's `lastMessages` to the most recent message sent once recieved in Supabase.
 
 ```sql
-    CREATE OR REPLACE FUNCTION chats.update_last_messages()
-        RETURNS TRIGGER AS $$
-    DECLARE
+CREATE OR REPLACE FUNCTION chats.update_last_messages()
+    RETURNS TRIGGER
+    SET search_path = ''
+AS $$
+DECLARE
     ts_in_milliseconds bigint;
-    BEGIN
+BEGIN
     SELECT EXTRACT(epoch FROM NOW()) * 1000 INTO ts_in_milliseconds;
     UPDATE chats.rooms
     SET "updatedAt" = ts_in_milliseconds,
         "lastMessages" = jsonb_build_array(NEW)
     WHERE id = NEW."roomId";
     RETURN NEW;
-    END;
-    $$ LANGUAGE plpgsql;
-    
-    CREATE TRIGGER update_last_messages_trigger
-        AFTER INSERT ON chats.messages
-        FOR EACH ROW
-    EXECUTE FUNCTION chats.update_last_messages();
+END;
+$$ LANGUAGE plpgsql;
+
+drop trigger if exists update_last_messages_trigger on chats.messages;
+CREATE TRIGGER update_last_messages_trigger
+    AFTER INSERT OR UPDATE ON chats.messages
+    FOR EACH ROW
+EXECUTE FUNCTION chats.update_last_messages();
 ```
 
 "This trigger, on the other hand, is responsible for setting the message status to `sent` when it is added to the `messages` table:
 
 ```sql
-CREATE OR REPLACE FUNCTION set_message_status_to_sent()
-RETURNS TRIGGER AS $$
+CREATE OR REPLACE FUNCTION chats.set_message_status_to_sent()
+    RETURNS TRIGGER
+    SET search_path = ''
+AS $$
 BEGIN
-NEW.status := 'sent';
-RETURN NEW;
+    NEW.status := 'sent';
+    RETURN NEW;
 END;
 $$ LANGUAGE plpgsql;
 
+drop trigger if exists update_status_before_insert on chats.messages;
 CREATE TRIGGER update_status_before_insert
-BEFORE INSERT ON chats.messages
-FOR EACH ROW EXECUTE FUNCTION set_message_status_to_sent();
+    BEFORE INSERT ON chats.messages
+    FOR EACH ROW EXECUTE FUNCTION chats.set_message_status_to_sent();
+```
+
+"This trigger, is responsible for replicate `auth.users` table rows in `chats.users` table, this is to avoid exposing user data :
+
+```sql
+
+CREATE OR REPLACE FUNCTION chats.handle_new_user()
+    RETURNS trigger
+    LANGUAGE 'plpgsql'
+    COST 100
+    VOLATILE NOT LEAKPROOF SECURITY DEFINER
+    SET search_path=public
+    SET search_path = ''
+AS $BODY$
+DECLARE
+    ts_in_milliseconds bigint;
+BEGIN
+    SELECT EXTRACT(epoch FROM NOW()) * 1000 INTO ts_in_milliseconds;
+    insert into chats.users (id, "createdAt", "updatedAt", "lastSeen")
+    values (new.id, ts_in_milliseconds, ts_in_milliseconds, ts_in_milliseconds);
+    return new;
+end;
+$BODY$;
+
+drop trigger if exists on_auth_user_created on auth.users;
+create trigger on_auth_user_created
+    after insert on auth.users
+    for each row execute procedure chats.handle_new_user();
+
 ```

doc/docs/introduction/supabase-package-installation.md

@@ -3,6 +3,6 @@ id: supabase-package-installation
 title: Installation supabase_flutter
 ---
 
-This library depends on [supabase_flutter](https://pub.dev/packages/supabase_flutter). Follow the instructions there to configure the Firebase project and install [supabase_flutter](https://supabase.com/docs/reference/dart/introduction) plugin.
+This library depends on [supabase_flutter](https://pub.dev/packages/supabase_flutter). Follow the instructions there to configure the Supabase project and install [supabase_flutter](https://supabase.com/docs/reference/dart/introduction) plugin.
 
 Add `flutter_supabase_chat_core` to your package's `pubspec.yaml` file. Check current version on [pub.dev](https://pub.dev/packages/flutter_supabase_chat_core/install).

doc/docusaurus.config.ts

@@ -28,7 +28,6 @@ const config: Config = {
         defaultLocale: 'en',
         locales: ['en'],
     },
-
     presets: [
         [
             'classic',
@@ -51,6 +50,11 @@ const config: Config = {
     themeConfig: {
         // Replace with your project's social card
         image: 'img/social-card.png',
+        colorMode: {
+            defaultMode: 'dark',
+            disableSwitch: false,
+            respectPrefersColorScheme: false,
+        },
         navbar: {
             title: 'Flutter Supabase Chat Core',
             logo: {