LinumIQ/linumiq_net-web_app
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
17fe6421686f4c7501415de21203232ce88b35a6
linumiq_net-web_app/supabase/migrations/README.md
T
Gerhard Scheikl fb4880a1d9 feat(admin): comprehensive admin interface (users, tunnels, metrics, audit, reserved subdomains) 
Adds an authenticated admin surface gated by auth.users.app_metadata.role==='admin'.

- lib/auth/admin-guard.ts: requireAdmin() (pages) + requireAdminApi() (routes)
- middleware.ts: defense-in-depth /admin and /api/admin guarding
- API: users (list/detail/role/ban/delete), tunnels (list + active/quota/reset/reassign/regenerate-token/delete), metrics, audit log, reserved subdomains
- Self-lockout prevention (no self demote/ban/delete)
- Best-effort Redis kill-switch via dependency-free net-socket client (REDIS_URL)
- admin_audit_log + reserved_subdomains migration (RLS on, service-role only)
- Admin UI (overview, users, tunnels, reserved, audit) + conditional nav link
2026-05-31 10:58:23 +02:00

54 lines
1.6 KiB
Markdown
Raw Blame History

# Database migrations
Additive, idempotent SQL migrations for the LinumIQ web app. Each file is safe
to run multiple times.
## Applying a migration
Migrations are plain SQL applied with `psql` inside the running Supabase
Postgres container.
Default self-hosted Supabase credentials are user `postgres`, database
`postgres`. Adjust `DB_USER` / `DB_NAME` / `CONTAINER` to match your deployment.
### Production
```sh
CONTAINER=supabase-db
DB_USER=postgres
DB_NAME=postgres
docker exec -i "$CONTAINER" psql -U "$DB_USER" -d "$DB_NAME" < supabase/migrations/0001_admin.sql
```
### Development
```sh
docker exec -i supabase-dev-db psql -U postgres -d postgres < supabase/migrations/0001_admin.sql
```
## Migrations
| File | Description |
| ----------------- | --------------------------------------------------------------------------- |
| `0001_admin.sql` | `admin_audit_log` + `reserved_subdomains` tables (RLS on, service-role only) |
## Bootstrapping the first admin
The admin role lives in `auth.users.app_metadata.role`. To promote a user to
admin manually (only the service role / SQL can write `app_metadata`):
```sql
update auth.users
set raw_app_meta_data =
coalesce(raw_app_meta_data, '{}'::jsonb) || '{"role":"admin"}'::jsonb
where email = 'you@example.com';
```
Run it the same way:
```sh
docker exec -i supabase-db psql -U postgres -d postgres -c \
"update auth.users set raw_app_meta_data = coalesce(raw_app_meta_data,'{}'::jsonb) || '{\"role\":\"admin\"}'::jsonb where email = 'you@example.com';"
```
Reference in New Issue View Git Blame Copy Permalink