pacnpal/thrilltrack-explorer
1
0
Fork 0
mirror of https://github.com/pacnpal/thrilltrack-explorer.git synced 2025-12-22 15:11:13 -05:00
Code Issues Packages Projects Releases Wiki Activity

Improve security by auditing service role key usage in edge functions

Browse Source 
Audit and document the usage of service role keys in multiple Supabase edge functions (cancel-email-change, process-selective-approval, seed-test-data) to ensure secure and scoped access.

Replit-Commit-Author: Agent
Replit-Commit-Session-Id: fe5b902e-beda-40fc-bf87-a3c4ab300e3a
Replit-Commit-Checkpoint-Type: intermediate_checkpoint
This commit is contained in:
pac7
2025-10-08 12:56:58 +00:00
parent 852adc51d6
commit aee512b8a1
4 changed files with 24 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
supabase/functions/process-selective-approval/index.ts
View File

@@ -73,6 +73,11 @@ serve(async (req) => {
{ status: 401, headers: { ...corsHeaders, 'Content-Type': 'application/json' } }
);
}
// SECURITY NOTE: Service role key used later in this function
// Reason: Need to bypass RLS to write approved changes to entity tables
// (parks, rides, companies, ride_models) which have RLS policies
// Security measures: User auth verified above, moderator role checked via RPC
const authenticatedUserId = user.id;