fix: Fix enc/dec function to make them trackable by hasura

whiterabbit1983 · whiterabbit1983 · commit 56e492dc8404 · 2025-06-21T12:05:17.000+03:00
diff --git a/memory-store/migrations/000042_add_api_keys.down.sql b/memory-store/migrations/000042_add_api_keys.down.sql
@@ -1,9 +1,13 @@
 BEGIN;
 
--- Drop helper functions
+-- Drop helper functions (updated signatures due to composite type returns)
 DROP FUNCTION IF EXISTS decrypt_api_key(BYTEA, TEXT);
 DROP FUNCTION IF EXISTS encrypt_api_key(TEXT, TEXT);
 
+-- Drop composite types
+DROP TYPE IF EXISTS decrypted_api_key_result;
+DROP TYPE IF EXISTS encrypted_api_key_result;
+
 -- Drop trigger and function
 DROP TRIGGER IF EXISTS update_api_keys_timestamp_trigger ON api_keys;
 DROP FUNCTION IF EXISTS update_api_keys_timestamp();
diff --git a/memory-store/migrations/000042_add_api_keys.up.sql b/memory-store/migrations/000042_add_api_keys.up.sql
@@ -42,29 +42,57 @@ CREATE INDEX IF NOT EXISTS idx_api_keys_name ON api_keys(name);
 CREATE INDEX IF NOT EXISTS idx_api_keys_metadata ON api_keys USING gin(metadata);
 CREATE INDEX IF NOT EXISTS idx_api_keys_deleted_at ON api_keys(deleted_at) WHERE deleted_at IS NULL;
 
+-- Create composite types for function return values (so they can be tracked by Hasura)
+DO $$
+BEGIN
+    IF NOT EXISTS (
+        SELECT 1 FROM pg_type WHERE typname = 'encrypted_api_key_result'
+    ) THEN
+        CREATE TYPE encrypted_api_key_result AS (
+            encrypted_value BYTEA
+        );
+    END IF;
+END $$;
+
+DO $$
+BEGIN
+    IF NOT EXISTS (
+        SELECT 1 FROM pg_type WHERE typname = 'decrypted_api_key_result'
+    ) THEN
+        CREATE TYPE decrypted_api_key_result AS (
+            decrypted_value TEXT
+        );
+    END IF;
+END $$;
+
 -- Helper functions for encryption/decryption (following secrets pattern)
+-- Modified to return composite types so they can be tracked by Hasura
 CREATE OR REPLACE FUNCTION encrypt_api_key(
     p_value TEXT,
     p_key TEXT
-) RETURNS BYTEA AS $$
+) RETURNS encrypted_api_key_result AS $$
 BEGIN
-    RETURN pgp_sym_encrypt(
-        p_value,
-        p_key,
-        'cipher-algo=aes256'
-    );
+    RETURN ROW(
+        pgp_sym_encrypt(
+            p_value,
+            p_key,
+            'cipher-algo=aes256'
+        )
+    )::encrypted_api_key_result;
 END;
 $$ LANGUAGE plpgsql SECURITY DEFINER;
 
 CREATE OR REPLACE FUNCTION decrypt_api_key(
     p_encrypted_value BYTEA,
     p_key TEXT
-) RETURNS TEXT AS $$
+) RETURNS decrypted_api_key_result AS $$
 BEGIN
-    RETURN pgp_sym_decrypt(
-        p_encrypted_value,
-        p_key
-    );
+    RETURN ROW(
+        pgp_sym_decrypt(
+            p_encrypted_value,
+            p_key
+        )
+    )::decrypted_api_key_result;
 END;
 $$ LANGUAGE plpgsql SECURITY DEFINER;
 
