mirror of
https://github.com/pacnpal/thrilltrack-explorer.git
synced 2025-12-20 10:31:13 -05:00
82 lines
2.8 KiB
PL/PgSQL
82 lines
2.8 KiB
PL/PgSQL
-- Fix function search paths to prevent security vulnerabilities
|
|
-- This addresses the database linter warnings about mutable search_path
|
|
|
|
-- Fix: cleanup_old_request_metadata
|
|
CREATE OR REPLACE FUNCTION public.cleanup_old_request_metadata()
|
|
RETURNS void
|
|
LANGUAGE plpgsql
|
|
SECURITY DEFINER
|
|
SET search_path = 'public'
|
|
AS $function$
|
|
BEGIN
|
|
DELETE FROM request_metadata
|
|
WHERE created_at < now() - interval '30 days';
|
|
END;
|
|
$function$;
|
|
|
|
-- Fix: update_content_submissions_updated_at (trigger function)
|
|
CREATE OR REPLACE FUNCTION public.update_content_submissions_updated_at()
|
|
RETURNS trigger
|
|
LANGUAGE plpgsql
|
|
SET search_path = 'public'
|
|
AS $function$
|
|
BEGIN
|
|
-- Only update updated_at if actual content has changed
|
|
-- Ignore changes to: updated_at, assigned_to, assigned_at, locked_until, priority, review_count, first_reviewed_at, resolved_at, submitted_at
|
|
IF (
|
|
NEW.content IS DISTINCT FROM OLD.content OR
|
|
NEW.status IS DISTINCT FROM OLD.status OR
|
|
NEW.reviewer_id IS DISTINCT FROM OLD.reviewer_id OR
|
|
NEW.reviewer_notes IS DISTINCT FROM OLD.reviewer_notes OR
|
|
NEW.escalated IS DISTINCT FROM OLD.escalated OR
|
|
NEW.escalation_reason IS DISTINCT FROM OLD.escalation_reason OR
|
|
NEW.approval_mode IS DISTINCT FROM OLD.approval_mode OR
|
|
NEW.user_id IS DISTINCT FROM OLD.user_id OR
|
|
NEW.submission_type IS DISTINCT FROM OLD.submission_type OR
|
|
NEW.escalated_by IS DISTINCT FROM OLD.escalated_by OR
|
|
NEW.escalated_at IS DISTINCT FROM OLD.escalated_at OR
|
|
NEW.original_submission_id IS DISTINCT FROM OLD.original_submission_id
|
|
) THEN
|
|
NEW.updated_at = NOW();
|
|
ELSE
|
|
-- Keep the old updated_at timestamp if only metadata changed
|
|
NEW.updated_at = OLD.updated_at;
|
|
END IF;
|
|
|
|
RETURN NEW;
|
|
END;
|
|
$function$;
|
|
|
|
-- Fix: notify_discord_via_edge (trigger function)
|
|
CREATE OR REPLACE FUNCTION public.notify_discord_via_edge()
|
|
RETURNS trigger
|
|
LANGUAGE plpgsql
|
|
SET search_path = 'public'
|
|
AS $function$
|
|
DECLARE
|
|
url text := 'https://ydvtmnrszybqnbcqbdcy.supabase.co/functions/v1/discord-webhook-poster';
|
|
payload jsonb;
|
|
resp jsonb;
|
|
BEGIN
|
|
payload := jsonb_build_object(
|
|
'table', TG_TABLE_SCHEMA || '.' || TG_TABLE_NAME,
|
|
'row', to_jsonb(NEW)
|
|
);
|
|
|
|
PERFORM public.pg_net.http_post(
|
|
url,
|
|
payload::text,
|
|
'application/json'
|
|
);
|
|
|
|
RETURN NEW;
|
|
EXCEPTION WHEN OTHERS THEN
|
|
-- Log the error and continue (do not fail the DB operation)
|
|
RAISE NOTICE 'Failed to call discord edge function: %', SQLERRM;
|
|
RETURN NEW;
|
|
END;
|
|
$function$;
|
|
|
|
COMMENT ON FUNCTION public.cleanup_old_request_metadata() IS 'Deletes request metadata older than 30 days - now with secure search_path';
|
|
COMMENT ON FUNCTION public.update_content_submissions_updated_at() IS 'Trigger to update updated_at only on content changes - now with secure search_path';
|
|
COMMENT ON FUNCTION public.notify_discord_via_edge() IS 'Trigger to notify Discord via edge function - now with secure search_path'; |