LinumIQ/linumiq_net-web_app
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
37f79ff1b15e8a31428d28c39603469f631744cb
linumiq_net-web_app/supabase/migrations/0001_admin.sql
T
Gerhard Scheikl fb4880a1d9 feat(admin): comprehensive admin interface (users, tunnels, metrics, audit, reserved subdomains) 
Adds an authenticated admin surface gated by auth.users.app_metadata.role==='admin'.

- lib/auth/admin-guard.ts: requireAdmin() (pages) + requireAdminApi() (routes)
- middleware.ts: defense-in-depth /admin and /api/admin guarding
- API: users (list/detail/role/ban/delete), tunnels (list + active/quota/reset/reassign/regenerate-token/delete), metrics, audit log, reserved subdomains
- Self-lockout prevention (no self demote/ban/delete)
- Best-effort Redis kill-switch via dependency-free net-socket client (REDIS_URL)
- admin_audit_log + reserved_subdomains migration (RLS on, service-role only)
- Admin UI (overview, users, tunnels, reserved, audit) + conditional nav link
2026-05-31 10:58:23 +02:00

49 lines
1.8 KiB
SQL
Raw Blame History

-- 0001_admin.sql
-- Additive, idempotent migration for the LinumIQ admin interface.
-- Safe to run multiple times.
-- 1. Admin audit log -------------------------------------------------------
create table if not exists public.admin_audit_log (
id bigint generated always as identity primary key,
actor_id uuid,
actor_email text,
action text not null,
target_type text,
target_id text,
details jsonb not null default '{}'::jsonb,
created_at timestamptz not null default now()
);
create index if not exists admin_audit_log_created_at_idx
on public.admin_audit_log (created_at desc);
-- 2. Reserved subdomains ---------------------------------------------------
create table if not exists public.reserved_subdomains (
name text primary key,
created_at timestamptz not null default now()
);
-- Seed with the current hardcoded reserved names (lib/validation.ts).
insert into public.reserved_subdomains (name) values
('app'),
('api'),
('www'),
('admin'),
('auth'),
('mail'),
('static')
on conflict (name) do nothing;
-- 3. Lock down with RLS, NO policies ---------------------------------------
-- RLS is enabled with NO policies so that the anon/authenticated roles cannot
-- read or write these tables at all. The application performs every admin
-- operation through the service-role client, which bypasses RLS. This keeps
-- the audit log and reserved list inaccessible to ordinary users.
alter table public.admin_audit_log enable row level security;
alter table public.reserved_subdomains enable row level security;
comment on table public.admin_audit_log is
'Admin action audit trail. RLS enabled with no policies: service-role only.';
comment on table public.reserved_subdomains is
'Reserved subdomain names (admin-managed). RLS enabled with no policies: service-role only.';
Reference in New Issue View Git Blame Copy Permalink