プレイグラウンド、サンドボックス、使い捨てスクリプト置き場
0

Configure Feed

Select the types of activity you want to include in your feed.

create supabase

Kohei Watanabe (Oct 14, 2021, 6:45 PM +0900) c824cef1 938427a6

+469
+1
supabase/.gitignore
··· 1 + /.env
+42
supabase/docker-compose.yml
··· 1 + # NOTICE: DON'T USE IT IN PRODUCTION. 本番環境で使用しないで。 2 + version: "3" 3 + services: 4 + kong: 5 + image: kong:2.6.0-alpine 6 + environment: 7 + KONG_DATABASE: "off" 8 + KONG_DECLARATIVE_CONFIG: /var/lib/kong/kong.yml 9 + KONG_PLUGINS: request-transformer,cors,key-auth 10 + volumes: 11 + - ./kong:/var/lib/kong 12 + ports: 13 + - 8000:8000 14 + auth: 15 + image: supabase/gotrue:v2.1.8 16 + depends_on: 17 + - db 18 + environment: 19 + PORT: "9999" 20 + GOTRUE_SITE_URL: http://localhost:3000 21 + GOTRUE_DB_DRIVER: postgres 22 + DATABASE_URL: postgres://postgres:${POSTGRES_PASSWORD}@db:5432/postgres?search_path=auth 23 + GOTRUE_JWT_SECRET: ${JWT_SECRET} 24 + GOTRUE_JWT_DEFAULT_GROUP_NAME: authenticated 25 + GOTRUE_MAILER_AUTOCONFIRM: "true" 26 + rest: 27 + image: postgrest/postgrest:v8.0.0 28 + depends_on: 29 + - db 30 + environment: 31 + PGRST_DB_URI: postgres://postgres:${POSTGRES_PASSWORD}@db:5432/postgres 32 + PGRST_DB_SCHEMA: public,storage 33 + PGRST_DB_ANON_ROLE: anon 34 + PGRST_JWT_SECRET: ${JWT_SECRET} 35 + # realtime: 36 + # storage: 37 + db: 38 + image: supabase/postgres:13.3.0 39 + environment: 40 + POSTGRES_PASSWORD: ${POSTGRES_PASSWORD} 41 + volumes: 42 + - ./initdb.d:/docker-entrypoint-initdb.d
+51
supabase/initdb.d/00-initial-schema.sql
··· 1 + -- (c) 2021 Supabase Inc. 2 + -- license: https://github.com/supabase/supabase/blob/master/LICENSE 3 + -- https://github.com/supabase/supabase/blob/30b9f748fe163420375244fa350e14bcfa235a3f/docker/volumes/db/init/00-initial-schema.sql 4 + 5 + -- Set up reatime 6 + -- create publication supabase_realtime; -- defaults to empty publication 7 + create publication supabase_realtime; 8 + 9 + -- Supabase super admin 10 + create user supabase_admin; 11 + alter user supabase_admin with superuser createdb createrole replication bypassrls; 12 + 13 + -- Extension namespacing 14 + create SCHEMA IF NOT exists extensions; 15 + create extension if not exists "uuid-ossp" with schema extensions; 16 + create extension if not exists pgcrypto with schema extensions; 17 + create extension if not exists pgjwt with schema extensions; 18 + 19 + -- Set up auth roles for the developer 20 + create role anon nologin noinherit; 21 + create role authenticated nologin noinherit; -- "logged in" user: web_user, app_user, etc 22 + create role service_role nologin noinherit bypassrls; -- allow developers to create JWT's that bypass their policies 23 + 24 + create user authenticator noinherit; 25 + grant anon to authenticator; 26 + grant authenticated to authenticator; 27 + grant service_role to authenticator; 28 + grant supabase_admin to authenticator; 29 + 30 + grant usage on schema public to postgres, anon, authenticated, service_role; 31 + alter default privileges in schema public grant all on tables to postgres, anon, authenticated, service_role; 32 + alter default privileges in schema public grant all on functions to postgres, anon, authenticated, service_role; 33 + alter default privileges in schema public grant all on sequences to postgres, anon, authenticated, service_role; 34 + 35 + -- Allow Extensions to be used in the API 36 + grant usage on schema extensions to postgres, anon, authenticated, service_role; 37 + 38 + -- Set up namespacing 39 + alter user supabase_admin SET search_path TO public, extensions; -- don't include the "auth" schema 40 + 41 + -- These are required so that the users receive grants whenever "supabase_admin" creates tables/function 42 + alter default privileges for user supabase_admin in schema public grant all 43 + on sequences to postgres, anon, authenticated, service_role; 44 + alter default privileges for user supabase_admin in schema public grant all 45 + on tables to postgres, anon, authenticated, service_role; 46 + alter default privileges for user supabase_admin in schema public grant all 47 + on functions to postgres, anon, authenticated, service_role; 48 + 49 + -- Set short statement/query timeouts for API roles 50 + alter role anon set statement_timeout = '3s'; 51 + alter role authenticated set statement_timeout = '8s';
+123
supabase/initdb.d/01-auth-schema.sql
··· 1 + -- (c) 2021 Supabase Inc. 2 + -- license: https://github.com/supabase/supabase/blob/master/LICENSE 3 + -- https://github.com/supabase/supabase/blob/30b9f748fe163420375244fa350e14bcfa235a3f/docker/volumes/db/init/01-auth-schema.sql 4 + 5 + CREATE SCHEMA IF NOT EXISTS auth AUTHORIZATION supabase_admin; 6 + 7 + -- auth.users definition 8 + 9 + CREATE TABLE auth.users ( 10 + instance_id uuid NULL, 11 + id uuid NOT NULL UNIQUE, 12 + aud varchar(255) NULL, 13 + "role" varchar(255) NULL, 14 + email varchar(255) NULL UNIQUE, 15 + encrypted_password varchar(255) NULL, 16 + confirmed_at timestamptz NULL, 17 + invited_at timestamptz NULL, 18 + confirmation_token varchar(255) NULL, 19 + confirmation_sent_at timestamptz NULL, 20 + recovery_token varchar(255) NULL, 21 + recovery_sent_at timestamptz NULL, 22 + email_change_token varchar(255) NULL, 23 + email_change varchar(255) NULL, 24 + email_change_sent_at timestamptz NULL, 25 + last_sign_in_at timestamptz NULL, 26 + raw_app_meta_data jsonb NULL, 27 + raw_user_meta_data jsonb NULL, 28 + is_super_admin bool NULL, 29 + created_at timestamptz NULL, 30 + updated_at timestamptz NULL, 31 + CONSTRAINT users_pkey PRIMARY KEY (id) 32 + ); 33 + CREATE INDEX users_instance_id_email_idx ON auth.users USING btree (instance_id, email); 34 + CREATE INDEX users_instance_id_idx ON auth.users USING btree (instance_id); 35 + comment on table auth.users is 'Auth: Stores user login data within a secure schema.'; 36 + 37 + -- auth.refresh_tokens definition 38 + 39 + CREATE TABLE auth.refresh_tokens ( 40 + instance_id uuid NULL, 41 + id bigserial NOT NULL, 42 + "token" varchar(255) NULL, 43 + user_id varchar(255) NULL, 44 + revoked bool NULL, 45 + created_at timestamptz NULL, 46 + updated_at timestamptz NULL, 47 + CONSTRAINT refresh_tokens_pkey PRIMARY KEY (id) 48 + ); 49 + CREATE INDEX refresh_tokens_instance_id_idx ON auth.refresh_tokens USING btree (instance_id); 50 + CREATE INDEX refresh_tokens_instance_id_user_id_idx ON auth.refresh_tokens USING btree (instance_id, user_id); 51 + CREATE INDEX refresh_tokens_token_idx ON auth.refresh_tokens USING btree (token); 52 + comment on table auth.refresh_tokens is 'Auth: Store of tokens used to refresh JWT tokens once they expire.'; 53 + 54 + -- auth.instances definition 55 + 56 + CREATE TABLE auth.instances ( 57 + id uuid NOT NULL, 58 + uuid uuid NULL, 59 + raw_base_config text NULL, 60 + created_at timestamptz NULL, 61 + updated_at timestamptz NULL, 62 + CONSTRAINT instances_pkey PRIMARY KEY (id) 63 + ); 64 + comment on table auth.instances is 'Auth: Manages users across multiple sites.'; 65 + 66 + -- auth.audit_log_entries definition 67 + 68 + CREATE TABLE auth.audit_log_entries ( 69 + instance_id uuid NULL, 70 + id uuid NOT NULL, 71 + payload json NULL, 72 + created_at timestamptz NULL, 73 + CONSTRAINT audit_log_entries_pkey PRIMARY KEY (id) 74 + ); 75 + CREATE INDEX audit_logs_instance_id_idx ON auth.audit_log_entries USING btree (instance_id); 76 + comment on table auth.audit_log_entries is 'Auth: Audit trail for user actions.'; 77 + 78 + -- auth.schema_migrations definition 79 + 80 + CREATE TABLE auth.schema_migrations ( 81 + "version" varchar(255) NOT NULL, 82 + CONSTRAINT schema_migrations_pkey PRIMARY KEY ("version") 83 + ); 84 + comment on table auth.schema_migrations is 'Auth: Manages updates to the auth system.'; 85 + 86 + INSERT INTO auth.schema_migrations (version) 87 + VALUES ('20171026211738'), 88 + ('20171026211808'), 89 + ('20171026211834'), 90 + ('20180103212743'), 91 + ('20180108183307'), 92 + ('20180119214651'), 93 + ('20180125194653'); 94 + 95 + -- Gets the User ID from the request cookie 96 + create or replace function auth.uid() returns uuid as $$ 97 + select nullif(current_setting('request.jwt.claim.sub', true), '')::uuid; 98 + $$ language sql stable; 99 + 100 + -- Gets the User ID from the request cookie 101 + create or replace function auth.role() returns text as $$ 102 + select nullif(current_setting('request.jwt.claim.role', true), '')::text; 103 + $$ language sql stable; 104 + 105 + -- Gets the User email 106 + create or replace function auth.email() returns text as $$ 107 + select nullif(current_setting('request.jwt.claim.email', true), '')::text; 108 + $$ language sql stable; 109 + 110 + -- usage on auth functions to API roles 111 + GRANT USAGE ON SCHEMA auth TO anon, authenticated, service_role; 112 + 113 + -- Supabase super admin 114 + CREATE USER supabase_auth_admin NOINHERIT CREATEROLE LOGIN NOREPLICATION; 115 + GRANT ALL PRIVILEGES ON SCHEMA auth TO supabase_auth_admin; 116 + GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA auth TO supabase_auth_admin; 117 + GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA auth TO supabase_auth_admin; 118 + ALTER USER supabase_auth_admin SET search_path = "auth"; 119 + ALTER table "auth".users OWNER TO supabase_auth_admin; 120 + ALTER table "auth".refresh_tokens OWNER TO supabase_auth_admin; 121 + ALTER table "auth".audit_log_entries OWNER TO supabase_auth_admin; 122 + ALTER table "auth".instances OWNER TO supabase_auth_admin; 123 + ALTER table "auth".schema_migrations OWNER TO supabase_auth_admin;
+120
supabase/initdb.d/02-storage-schema.sql
··· 1 + -- (c) 2021 Supabase Inc. 2 + -- license: https://github.com/supabase/supabase/blob/master/LICENSE 3 + -- https://github.com/supabase/supabase/blob/30b9f748fe163420375244fa350e14bcfa235a3f/docker/volumes/db/init/02-storage-schema.sql 4 + 5 + CREATE SCHEMA IF NOT EXISTS storage AUTHORIZATION supabase_admin; 6 + 7 + grant usage on schema storage to postgres, anon, authenticated, service_role; 8 + alter default privileges in schema storage grant all on tables to postgres, anon, authenticated, service_role; 9 + alter default privileges in schema storage grant all on functions to postgres, anon, authenticated, service_role; 10 + alter default privileges in schema storage grant all on sequences to postgres, anon, authenticated, service_role; 11 + 12 + CREATE TABLE "storage"."buckets" ( 13 + "id" text not NULL, 14 + "name" text NOT NULL, 15 + "owner" uuid, 16 + "created_at" timestamptz DEFAULT now(), 17 + "updated_at" timestamptz DEFAULT now(), 18 + CONSTRAINT "buckets_owner_fkey" FOREIGN KEY ("owner") REFERENCES "auth"."users"("id"), 19 + PRIMARY KEY ("id") 20 + ); 21 + CREATE UNIQUE INDEX "bname" ON "storage"."buckets" USING BTREE ("name"); 22 + 23 + CREATE TABLE "storage"."objects" ( 24 + "id" uuid NOT NULL DEFAULT extensions.uuid_generate_v4(), 25 + "bucket_id" text, 26 + "name" text, 27 + "owner" uuid, 28 + "created_at" timestamptz DEFAULT now(), 29 + "updated_at" timestamptz DEFAULT now(), 30 + "last_accessed_at" timestamptz DEFAULT now(), 31 + "metadata" jsonb, 32 + CONSTRAINT "objects_bucketId_fkey" FOREIGN KEY ("bucket_id") REFERENCES "storage"."buckets"("id"), 33 + CONSTRAINT "objects_owner_fkey" FOREIGN KEY ("owner") REFERENCES "auth"."users"("id"), 34 + PRIMARY KEY ("id") 35 + ); 36 + CREATE UNIQUE INDEX "bucketid_objname" ON "storage"."objects" USING BTREE ("bucket_id","name"); 37 + CREATE INDEX name_prefix_search ON storage.objects(name text_pattern_ops); 38 + 39 + ALTER TABLE storage.objects ENABLE ROW LEVEL SECURITY; 40 + 41 + CREATE FUNCTION storage.foldername(name text) 42 + RETURNS text[] 43 + LANGUAGE plpgsql 44 + AS $function$ 45 + DECLARE 46 + _parts text[]; 47 + BEGIN 48 + select string_to_array(name, '/') into _parts; 49 + return _parts[1:array_length(_parts,1)-1]; 50 + END 51 + $function$; 52 + 53 + CREATE FUNCTION storage.filename(name text) 54 + RETURNS text 55 + LANGUAGE plpgsql 56 + AS $function$ 57 + DECLARE 58 + _parts text[]; 59 + BEGIN 60 + select string_to_array(name, '/') into _parts; 61 + return _parts[array_length(_parts,1)]; 62 + END 63 + $function$; 64 + 65 + CREATE FUNCTION storage.extension(name text) 66 + RETURNS text 67 + LANGUAGE plpgsql 68 + AS $function$ 69 + DECLARE 70 + _parts text[]; 71 + _filename text; 72 + BEGIN 73 + select string_to_array(name, '/') into _parts; 74 + select _parts[array_length(_parts,1)] into _filename; 75 + -- @todo return the last part instead of 2 76 + return split_part(_filename, '.', 2); 77 + END 78 + $function$; 79 + 80 + CREATE FUNCTION storage.search(prefix text, bucketname text, limits int DEFAULT 100, levels int DEFAULT 1, offsets int DEFAULT 0) 81 + RETURNS TABLE ( 82 + name text, 83 + id uuid, 84 + updated_at TIMESTAMPTZ, 85 + created_at TIMESTAMPTZ, 86 + last_accessed_at TIMESTAMPTZ, 87 + metadata jsonb 88 + ) 89 + LANGUAGE plpgsql 90 + AS $function$ 91 + DECLARE 92 + _bucketId text; 93 + BEGIN 94 + -- will be replaced by migrations when server starts 95 + -- saving space for cloud-init 96 + END 97 + $function$; 98 + 99 + -- create migrations table 100 + -- https://github.com/ThomWright/postgres-migrations/blob/master/src/migrations/0_create-migrations-table.sql 101 + -- we add this table here and not let it be auto-created so that the permissions are properly applied to it 102 + CREATE TABLE IF NOT EXISTS storage.migrations ( 103 + id integer PRIMARY KEY, 104 + name varchar(100) UNIQUE NOT NULL, 105 + hash varchar(40) NOT NULL, -- sha1 hex encoded hash of the file name and contents, to ensure it hasn't been altered since applying the migration 106 + executed_at timestamp DEFAULT current_timestamp 107 + ); 108 + 109 + CREATE USER supabase_storage_admin NOINHERIT CREATEROLE LOGIN NOREPLICATION; 110 + GRANT ALL PRIVILEGES ON SCHEMA storage TO supabase_storage_admin; 111 + GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA storage TO supabase_storage_admin; 112 + GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA storage TO supabase_storage_admin; 113 + ALTER USER supabase_storage_admin SET search_path = "storage"; 114 + ALTER table "storage".objects owner to supabase_storage_admin; 115 + ALTER table "storage".buckets owner to supabase_storage_admin; 116 + ALTER table "storage".migrations OWNER TO supabase_storage_admin; 117 + ALTER function "storage".foldername(text) owner to supabase_storage_admin; 118 + ALTER function "storage".filename(text) owner to supabase_storage_admin; 119 + ALTER function "storage".extension(text) owner to supabase_storage_admin; 120 + ALTER function "storage".search(text,text,int,int,int) owner to supabase_storage_admin;
+72
supabase/initdb.d/03-post-setup.sql
··· 1 + -- (c) 2021 Supabase Inc. 2 + -- license: https://github.com/supabase/supabase/blob/master/LICENSE 3 + -- https://github.com/supabase/supabase/blob/30b9f748fe163420375244fa350e14bcfa235a3f/docker/volumes/db/init/03-post-setup.sql 4 + 5 + ALTER ROLE postgres SET search_path TO "\$user",public,extensions; 6 + CREATE OR REPLACE FUNCTION extensions.notify_api_restart() 7 + RETURNS event_trigger 8 + LANGUAGE plpgsql 9 + AS $$ 10 + BEGIN 11 + NOTIFY ddl_command_end; 12 + END; 13 + $$; 14 + CREATE EVENT TRIGGER api_restart ON ddl_command_end 15 + EXECUTE PROCEDURE extensions.notify_api_restart(); 16 + COMMENT ON FUNCTION extensions.notify_api_restart IS 'Sends a notification to the API to restart. If your database schema has changed, this is required so that Supabase can rebuild the relationships.'; 17 + 18 + -- Trigger for pg_cron 19 + CREATE OR REPLACE FUNCTION extensions.grant_pg_cron_access() 20 + RETURNS event_trigger 21 + LANGUAGE plpgsql 22 + AS $$ 23 + DECLARE 24 + schema_is_cron bool; 25 + BEGIN 26 + schema_is_cron = ( 27 + SELECT n.nspname = 'cron' 28 + FROM pg_event_trigger_ddl_commands() AS ev 29 + LEFT JOIN pg_catalog.pg_namespace AS n 30 + ON ev.objid = n.oid 31 + ); 32 + 33 + IF schema_is_cron 34 + THEN 35 + grant usage on schema cron to postgres with grant option; 36 + 37 + alter default privileges in schema cron grant all on tables to postgres with grant option; 38 + alter default privileges in schema cron grant all on functions to postgres with grant option; 39 + alter default privileges in schema cron grant all on sequences to postgres with grant option; 40 + 41 + alter default privileges for user supabase_admin in schema cron grant all 42 + on sequences to postgres with grant option; 43 + alter default privileges for user supabase_admin in schema cron grant all 44 + on tables to postgres with grant option; 45 + alter default privileges for user supabase_admin in schema cron grant all 46 + on functions to postgres with grant option; 47 + 48 + grant all privileges on all tables in schema cron to postgres with grant option; 49 + 50 + END IF; 51 + 52 + END; 53 + $$; 54 + CREATE EVENT TRIGGER issue_pg_cron_access ON ddl_command_end WHEN TAG in ('CREATE SCHEMA') 55 + EXECUTE PROCEDURE extensions.grant_pg_cron_access(); 56 + COMMENT ON FUNCTION extensions.grant_pg_cron_access IS 'Grants access to pg_cron'; 57 + 58 + -- Supabase dashboard user 59 + CREATE ROLE dashboard_user NOSUPERUSER CREATEDB CREATEROLE REPLICATION; 60 + GRANT ALL ON DATABASE postgres TO dashboard_user; 61 + GRANT ALL ON SCHEMA auth TO dashboard_user; 62 + GRANT ALL ON SCHEMA extensions TO dashboard_user; 63 + GRANT ALL ON SCHEMA storage TO dashboard_user; 64 + GRANT ALL ON ALL TABLES IN SCHEMA auth TO dashboard_user; 65 + GRANT ALL ON ALL TABLES IN SCHEMA extensions TO dashboard_user; 66 + -- GRANT ALL ON ALL TABLES IN SCHEMA storage TO dashboard_user; 67 + GRANT ALL ON ALL SEQUENCES IN SCHEMA auth TO dashboard_user; 68 + GRANT ALL ON ALL SEQUENCES IN SCHEMA storage TO dashboard_user; 69 + GRANT ALL ON ALL SEQUENCES IN SCHEMA extensions TO dashboard_user; 70 + GRANT ALL ON ALL ROUTINES IN SCHEMA auth TO dashboard_user; 71 + GRANT ALL ON ALL ROUTINES IN SCHEMA storage TO dashboard_user; 72 + GRANT ALL ON ALL ROUTINES IN SCHEMA extensions TO dashboard_user;
+13
supabase/initdb.d/99-example.sql
··· 1 + ALTER DEFAULT PRIVILEGES IN SCHEMA public REVOKE ALL PRIVILEGES ON TABLES FROM anon, authenticated; 2 + 3 + CREATE TABLE users ( 4 + uuid UUID PRIMARY KEY DEFAULT uuid_generate_v4(), 5 + role NAME NOT NULL DEFAULT current_user, 6 + name TEXT 7 + ); 8 + 9 + GRANT ALL PRIVILEGES (name) ON users TO authenticated; 10 + GRANT SELECT ON users TO anon, authenticated; 11 + 12 + ALTER TABLE users ENABLE ROW LEVEL SECURITY; 13 + CREATE POLICY users_policy ON users USING (role = current_user);
+47
supabase/kong/kong.yml
··· 1 + _format_version: "1.1" 2 + services: 3 + - url: http://auth:9999/verify 4 + routes: 5 + - paths: [/auth/v1/verify] 6 + plugins: 7 + - name: cors 8 + - url: http://auth:9999/callback 9 + routes: 10 + - paths: [/auth/v1/callback] 11 + plugins: 12 + - name: cors 13 + - url: http://auth:9999/authorize 14 + routes: 15 + - paths: [/auth/v1/authorize] 16 + plugins: 17 + - name: cors 18 + - url: http://auth:9999/ 19 + routes: 20 + - paths: [/auth/v1/] 21 + plugins: 22 + - name: cors 23 + - name: key-auth 24 + - url: http://rest:3000/ 25 + routes: 26 + - paths: [/rest/v1/] 27 + plugins: 28 + - name: cors 29 + - name: key-auth 30 + - url: http://realtime:4000/socket/ 31 + routes: 32 + - paths: [/realtime/v1/] 33 + plugins: 34 + - name: cors 35 + - name: key-auth 36 + - url: http://storage:5000/ 37 + routes: 38 + - paths: [/storage/v1/] 39 + plugins: 40 + - name: cors 41 + consumers: 42 + - username: anon 43 + keyauth_credentials: 44 + - key: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJyb2xlIjoiYW5vbiIsImlhdCI6MTYyNzIwODU0MCwiZXhwIjoxOTc0MzYzNzQwfQ.zcaQfHd3VA7XgJmdGfmV86OLVJT9s2MTmSy-e69BpUY 45 + - username: service_role 46 + keyauth_credentials: 47 + - key: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJyb2xlIjoic2VydmljZV9yb2xlIiwiaWF0IjoxNjI3MjA4NTQwLCJleHAiOjE5NzQzNjM3NDB9.pkT3PNpO4DtO45Ac5HK_TKCx8sGLgNtV__pr_ZrRSAU