From e1615903e6f6e3696dce61be364a159db1d54164 Mon Sep 17 00:00:00 2001
From: "gpt-engineer-app[bot]"
 <159125892+gpt-engineer-app[bot]@users.noreply.github.com>
Date: Wed, 8 Oct 2025 22:44:23 +0000
Subject: [PATCH] Fix: Restrict access to profiles table

---
 ...1_663d0a65-d097-436e-8e9c-481cc15e6d11.sql | 21 +++++++++++++++++++
 1 file changed, 21 insertions(+)
 create mode 100644 supabase/migrations/20251008224411_663d0a65-d097-436e-8e9c-481cc15e6d11.sql

diff --git a/supabase/migrations/20251008224411_663d0a65-d097-436e-8e9c-481cc15e6d11.sql b/supabase/migrations/20251008224411_663d0a65-d097-436e-8e9c-481cc15e6d11.sql
new file mode 100644
index 00000000..fc692b78
--- /dev/null
+++ b/supabase/migrations/20251008224411_663d0a65-d097-436e-8e9c-481cc15e6d11.sql
@@ -0,0 +1,21 @@
+-- Fix profiles table public exposure vulnerability
+-- Remove the public access policy that allows unauthenticated users to view profiles
+
+-- Drop the existing public access policy
+DROP POLICY IF EXISTS "Public can view non-banned public profiles" ON public.profiles;
+
+-- Create a new policy that requires authentication to view other users' profiles
+-- Only show profiles with public privacy level to authenticated users
+CREATE POLICY "Authenticated users can view public profiles"
+ON public.profiles
+FOR SELECT
+TO authenticated
+USING (
+  (auth.uid() = user_id) 
+  OR is_moderator(auth.uid()) 
+  OR ((privacy_level = 'public') AND (NOT banned))
+);
+
+-- Add comment explaining the security rationale
+COMMENT ON POLICY "Authenticated users can view public profiles" ON public.profiles IS 
+'Restricts profile viewing to authenticated users only. Prevents public scraping of user personal information including locations, timezones, bios, and contact details.';
\ No newline at end of file