chore: safeguard both pgsodium and vault

dragarcia · dragarcia · commit d455bbfa0851 · 2023-04-06T15:41:00.000+08:00
diff --git a/migrations/db/migrations/20221207154255_create_pgsodium_and_vault.sql b/migrations/db/migrations/20221207154255_create_pgsodium_and_vault.sql
@@ -1,32 +1,39 @@
 -- migrate:up
 
-create extension if not exists pgsodium;
-
-grant pgsodium_keyiduser to postgres with admin option;
-grant pgsodium_keyholder to postgres with admin option;
-grant pgsodium_keymaker  to postgres with admin option;
-
-grant execute on function pgsodium.crypto_aead_det_decrypt(bytea, bytea, uuid, bytea) to service_role;
-grant execute on function pgsodium.crypto_aead_det_encrypt(bytea, bytea, uuid, bytea) to service_role;
-grant execute on function pgsodium.crypto_aead_det_keygen to service_role;
-
--- Only install as well if the extension is actually installed
 DO $$
 DECLARE
+  pgsodium_exists boolean;
   vault_exists boolean;
 BEGIN
+  pgsodium_exists = (
+    select count(*) = 1 
+    from pg_available_extensions 
+    where name = 'pgsodium'
+  );
+  
   vault_exists = (
       select count(*) = 1 
       from pg_available_extensions 
       where name = 'supabase_vault'
   );
 
-  IF vault_exists 
+  IF pgsodium_exists 
   THEN
-  create extension if not exists supabase_vault;
-  END IF;
-END $$;
+    create extension if not exists pgsodium;
+
+    grant pgsodium_keyiduser to postgres with admin option;
+    grant pgsodium_keyholder to postgres with admin option;
+    grant pgsodium_keymaker  to postgres with admin option;
 
+    grant execute on function pgsodium.crypto_aead_det_decrypt(bytea, bytea, uuid, bytea) to service_role;
+    grant execute on function pgsodium.crypto_aead_det_encrypt(bytea, bytea, uuid, bytea) to service_role;
+    grant execute on function pgsodium.crypto_aead_det_keygen to service_role;
 
+    IF vault_exists
+    THEN
+      create extension if not exists supabase_vault;
+    END IF;
+  END IF;
+END $$;
 
 -- migrate:down
