chore: remove the auth. namespace mess

Author: velddev

README.md

@@ -262,10 +262,6 @@ Connection string for the database.
 
 Sets the maximum number of open connections to the database. Defaults to 0 which is equivalent to an "unlimited" number of connections.
 
-`DB_NAMESPACE` - `string`
-
-Adds a prefix to all table names.
-
 **Migrations Note**
 
 Migrations are applied automatically when you run `./gotrue`. However, you also have the option to rerun the migrations via the following methods:

app.json

@@ -11,9 +11,6 @@
     "GOTRUE_DB_AUTOMIGRATE": {
       "value": true
     },
-    "GOTRUE_DB_NAMESPACE": {
-      "value": "auth"
-    },
     "GOTRUE_JWT_SECRET": {
       "required": true
     },

cmd/migrate_cmd.go

@@ -63,7 +63,6 @@ func migrate(cmd *cobra.Command, args []string) {
 	}
 	deets.Options = map[string]string{
 		"migration_table_name": "schema_migrations",
-		"Namespace":            globalConfig.DB.Namespace,
 	}
 
 	db, err := pop.NewConnection(deets)

docker-compose-dev.yml

@@ -28,7 +28,5 @@ services:
       - POSTGRES_USER=postgres
       - POSTGRES_PASSWORD=root
       - POSTGRES_DB=postgres
-      # sets the schema name, this should match the `NAMESPACE` env var set in your .env file
-      - DB_NAMESPACE=auth 
 volumes:
   postgres_data:

example.env

@@ -9,7 +9,6 @@ GOTRUE_JWT_ADMIN_ROLES="supabase_admin,service_role"
 
 # Database & API connection details
 GOTRUE_DB_DRIVER="postgres"
-DB_NAMESPACE="auth"
 DATABASE_URL="postgres://supabase_auth_admin:root@localhost:5432/postgres"
 API_EXTERNAL_URL="http://localhost:9999"
 GOTRUE_API_HOST="localhost"

gotrue.exe

@@ -4,7 +4,6 @@ GOTRUE_JWT_AUD="authenticated"
 GOTRUE_JWT_ADMIN_ROLES="supabase_admin,service_role"
 GOTRUE_JWT_DEFAULT_GROUP_NAME="authenticated"
 GOTRUE_DB_DRIVER=postgres
-DB_NAMESPACE="auth"
 GOTRUE_DB_AUTOMIGRATE=true
 DATABASE_URL="postgres://supabase_auth_admin:root@localhost:5432/postgres"
 GOTRUE_API_HOST=localhost

hack/test.env

@@ -6,7 +6,5 @@ psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-E
 
     -- Supabase super admin
     CREATE USER supabase_auth_admin NOINHERIT CREATEROLE LOGIN NOREPLICATION PASSWORD 'root';
-    CREATE SCHEMA IF NOT EXISTS $DB_NAMESPACE AUTHORIZATION supabase_auth_admin;
     GRANT CREATE ON DATABASE postgres TO supabase_auth_admin;
-    ALTER USER supabase_auth_admin SET search_path = '$DB_NAMESPACE';
 EOSQL

init_postgres.sh

@@ -237,7 +237,7 @@ func (ts *MFATestSuite) TestMFAVerifyFactor() {
 				// Set challenge creation so that it has expired in present time.
 				newCreatedAt := time.Now().UTC().Add(-1 * time.Second * time.Duration(ts.Config.MFA.ChallengeExpiryDuration+1))
 				// created_at is managed by buffalo(ORM) needs to be raw query to be updated
-				err := ts.API.db.RawQuery("UPDATE auth.mfa_challenges SET created_at = ? WHERE factor_id = ?", newCreatedAt, f.ID).Exec()
+				err := ts.API.db.RawQuery("UPDATE mfa_challenges SET created_at = ? WHERE factor_id = ?", newCreatedAt, f.ID).Exec()
 				require.NoError(ts.T(), err, "Error updating new test challenge")
 			}
 

internal/api/mfa_test.go

@@ -266,7 +266,7 @@ func (a *API) SAMLACS(w http.ResponseWriter, r *http.Request) error {
 		var terr error
 		var user *models.User
 
-		// accounts potentially created via SAML can contain non-unique email addresses in the auth.users table
+		// accounts potentially created via SAML can contain non-unique email addresses in the users table
 		if user, terr = a.createAccountFromExternalIdentity(tx, r, &userProvidedData, "sso:"+ssoProvider.ID.String()); terr != nil {
 			return terr
 		}

internal/api/samlacs.go

@@ -1,6 +1,5 @@
--- auth.users definition
-
-CREATE TABLE IF NOT EXISTS {{ index .Options "Namespace" }}.users (
+-- users definition
+CREATE TABLE IF NOT EXISTS users (
 	instance_id uuid NULL,
 	id uuid NOT NULL UNIQUE,
 	aud varchar(255) NULL,
@@ -24,13 +23,11 @@ CREATE TABLE IF NOT EXISTS {{ index .Options "Namespace" }}.users (
 	updated_at timestamptz NULL,
 	CONSTRAINT users_pkey PRIMARY KEY (id)
 );
-CREATE INDEX IF NOT EXISTS users_instance_id_email_idx ON {{ index .Options "Namespace" }}.users USING btree (instance_id, email);
-CREATE INDEX IF NOT EXISTS users_instance_id_idx ON {{ index .Options "Namespace" }}.users USING btree (instance_id);
-comment on table {{ index .Options "Namespace" }}.users is 'Auth: Stores user login data within a secure schema.';
-
--- auth.refresh_tokens definition
-
-CREATE TABLE IF NOT EXISTS {{ index .Options "Namespace" }}.refresh_tokens (
+CREATE INDEX IF NOT EXISTS users_instance_id_email_idx ON users USING btree (instance_id, email);
+CREATE INDEX IF NOT EXISTS users_instance_id_idx ON users USING btree (instance_id);
+comment on table users is 'Auth: Stores user login data within a secure schema.';
+-- refresh_tokens definition
+CREATE TABLE IF NOT EXISTS refresh_tokens (
 	instance_id uuid NULL,
 	id bigserial NOT NULL,
 	"token" varchar(255) NULL,
@@ -40,49 +37,47 @@ CREATE TABLE IF NOT EXISTS {{ index .Options "Namespace" }}.refresh_tokens (
 	updated_at timestamptz NULL,
 	CONSTRAINT refresh_tokens_pkey PRIMARY KEY (id)
 );
-CREATE INDEX IF NOT EXISTS refresh_tokens_instance_id_idx ON {{ index .Options "Namespace" }}.refresh_tokens USING btree (instance_id);
-CREATE INDEX IF NOT EXISTS refresh_tokens_instance_id_user_id_idx ON {{ index .Options "Namespace" }}.refresh_tokens USING btree (instance_id, user_id);
-CREATE INDEX IF NOT EXISTS refresh_tokens_token_idx ON {{ index .Options "Namespace" }}.refresh_tokens USING btree (token);
-comment on table {{ index .Options "Namespace" }}.refresh_tokens is 'Auth: Store of tokens used to refresh JWT tokens once they expire.';
-
--- auth.instances definition
-
-CREATE TABLE IF NOT EXISTS {{ index .Options "Namespace" }}.instances (
+CREATE INDEX IF NOT EXISTS refresh_tokens_instance_id_idx ON refresh_tokens USING btree (instance_id);
+CREATE INDEX IF NOT EXISTS refresh_tokens_instance_id_user_id_idx ON refresh_tokens USING btree (instance_id, user_id);
+CREATE INDEX IF NOT EXISTS refresh_tokens_token_idx ON refresh_tokens USING btree (token);
+comment on table refresh_tokens is 'Auth: Store of tokens used to refresh JWT tokens once they expire.';
+-- instances definition
+CREATE TABLE IF NOT EXISTS instances (
 	id uuid NOT NULL,
 	uuid uuid NULL,
 	raw_base_config text NULL,
 	created_at timestamptz NULL,
 	updated_at timestamptz NULL,
 	CONSTRAINT instances_pkey PRIMARY KEY (id)
 );
-comment on table {{ index .Options "Namespace" }}.instances is 'Auth: Manages users across multiple sites.';
-
--- auth.audit_log_entries definition
-
-CREATE TABLE IF NOT EXISTS {{ index .Options "Namespace" }}.audit_log_entries (
+comment on table instances is 'Auth: Manages users across multiple sites.';
+-- audit_log_entries definition
+CREATE TABLE IF NOT EXISTS audit_log_entries (
 	instance_id uuid NULL,
 	id uuid NOT NULL,
 	payload json NULL,
 	created_at timestamptz NULL,
 	CONSTRAINT audit_log_entries_pkey PRIMARY KEY (id)
 );
-CREATE INDEX IF NOT EXISTS audit_logs_instance_id_idx ON {{ index .Options "Namespace" }}.audit_log_entries USING btree (instance_id);
-comment on table {{ index .Options "Namespace" }}.audit_log_entries is 'Auth: Audit trail for user actions.';
-
--- auth.schema_migrations definition
-
-CREATE TABLE IF NOT EXISTS {{ index .Options "Namespace" }}.schema_migrations (
+CREATE INDEX IF NOT EXISTS audit_logs_instance_id_idx ON audit_log_entries USING btree (instance_id);
+comment on table audit_log_entries is 'Auth: Audit trail for user actions.';
+-- schema_migrations definition
+CREATE TABLE IF NOT EXISTS schema_migrations (
 	"version" varchar(255) NOT NULL,
 	CONSTRAINT schema_migrations_pkey PRIMARY KEY ("version")
 );
-comment on table auth.schema_migrations is 'Auth: Manages updates to the auth system.';
-		
+comment on table schema_migrations is 'Auth: Manages updates to the auth system.';
 -- Gets the User ID from the request cookie
-create or replace function {{ index .Options "Namespace" }}.uid() returns uuid as $$
-  select nullif(current_setting('request.jwt.claim.sub', true), '')::uuid;
+create or replace function uid() returns uuid as $$
+select nullif(
+		current_setting('request.jwt.claim.sub', true),
+		''
+	)::uuid;
 $$ language sql stable;
-
 -- Gets the User ID from the request cookie
-create or replace function {{ index .Options "Namespace" }}.role() returns text as $$
-  select nullif(current_setting('request.jwt.claim.role', true), '')::text;
-$$ language sql stable;
+create or replace function role() returns text as $$
+select nullif(
+		current_setting('request.jwt.claim.role', true),
+		''
+	)::text;
+$$ language sql stable;

migrations/00_init_auth_schema.up.sql

@@ -1,19 +1,17 @@
 -- alter user schema
-
-ALTER TABLE {{ index .Options "Namespace" }}.users 
+ALTER TABLE users
 ADD COLUMN IF NOT EXISTS phone VARCHAR(15) NULL UNIQUE DEFAULT NULL,
-ADD COLUMN IF NOT EXISTS phone_confirmed_at timestamptz NULL DEFAULT NULL,
-ADD COLUMN IF NOT EXISTS phone_change VARCHAR(15) NULL DEFAULT '',
-ADD COLUMN IF NOT EXISTS phone_change_token VARCHAR(255) NULL DEFAULT '',
-ADD COLUMN IF NOT EXISTS phone_change_sent_at timestamptz NULL DEFAULT NULL;
-
-DO $$
-BEGIN
-  IF NOT EXISTS(SELECT *
-    FROM information_schema.columns
-    WHERE table_schema = '{{ index .Options "Namespace" }}' and table_name='users' and column_name='email_confirmed_at')
-  THEN
-      ALTER TABLE "{{ index .Options "Namespace" }}"."users" RENAME COLUMN "confirmed_at" TO "email_confirmed_at";
-  END IF;
-END $$;
-
+  ADD COLUMN IF NOT EXISTS phone_confirmed_at timestamptz NULL DEFAULT NULL,
+  ADD COLUMN IF NOT EXISTS phone_change VARCHAR(15) NULL DEFAULT '',
+  ADD COLUMN IF NOT EXISTS phone_change_token VARCHAR(255) NULL DEFAULT '',
+  ADD COLUMN IF NOT EXISTS phone_change_sent_at timestamptz NULL DEFAULT NULL;
+DO $$ BEGIN IF NOT EXISTS(
+  SELECT *
+  FROM information_schema.columns
+  WHERE table_name = 'users'
+    and column_name = 'email_confirmed_at'
+) THEN
+ALTER TABLE "users"
+  RENAME COLUMN "confirmed_at" TO "email_confirmed_at";
+END IF;
+END $$;

migrations/20210710035447_alter_users.up.sql

@@ -1,4 +1,8 @@
 -- adds confirmed at
-
-ALTER TABLE {{ index .Options "Namespace" }}.users
-ADD COLUMN IF NOT EXISTS confirmed_at timestamptz GENERATED ALWAYS AS (LEAST (users.email_confirmed_at, users.phone_confirmed_at)) STORED;
+ALTER TABLE users
+ADD COLUMN IF NOT EXISTS confirmed_at timestamptz GENERATED ALWAYS AS (
+        LEAST (
+            users.email_confirmed_at,
+            users.phone_confirmed_at
+        )
+    ) STORED;

migrations/20210722035447_adds_confirmed_at.up.sql

@@ -1,15 +1,17 @@
 -- adds email_change_confirmed
-
-ALTER TABLE {{ index .Options "Namespace" }}.users
-ADD COLUMN IF NOT EXISTS email_change_token_current varchar(255) null DEFAULT '', 
-ADD COLUMN IF NOT EXISTS email_change_confirm_status smallint DEFAULT 0 CHECK (email_change_confirm_status >= 0 AND email_change_confirm_status <= 2);
-
-DO $$
-BEGIN
-  IF NOT EXISTS(SELECT *
-    FROM information_schema.columns
-    WHERE table_schema = '{{ index .Options "Namespace" }}' and table_name='users' and column_name='email_change_token_new')
-  THEN
-      ALTER TABLE "{{ index .Options "Namespace" }}"."users" RENAME COLUMN "email_change_token" TO "email_change_token_new";
-  END IF;
-END $$;
+ALTER TABLE users
+ADD COLUMN IF NOT EXISTS email_change_token_current varchar(255) null DEFAULT '',
+  ADD COLUMN IF NOT EXISTS email_change_confirm_status smallint DEFAULT 0 CHECK (
+    email_change_confirm_status >= 0
+    AND email_change_confirm_status <= 2
+  );
+DO $$ BEGIN IF NOT EXISTS(
+  SELECT *
+  FROM information_schema.columns
+  WHERE table_name = 'users'
+    and column_name = 'email_change_token_new'
+) THEN
+ALTER TABLE "users"
+  RENAME COLUMN "email_change_token" TO "email_change_token_new";
+END IF;
+END $$;

migrations/20210730183235_add_email_change_confirmed.up.sql

@@ -1,6 +1,5 @@
 -- adds identities table 
-
-CREATE TABLE IF NOT EXISTS {{ index .Options "Namespace" }}.identities (
+CREATE TABLE IF NOT EXISTS identities (
     id text NOT NULL,
     user_id uuid NOT NULL,
     identity_data JSONB NOT NULL,
@@ -9,6 +8,6 @@ CREATE TABLE IF NOT EXISTS {{ index .Options "Namespace" }}.identities (
     created_at timestamptz NULL,
     updated_at timestamptz NULL,
     CONSTRAINT identities_pkey PRIMARY KEY (provider, id),
-    CONSTRAINT identities_user_id_fkey FOREIGN KEY (user_id) REFERENCES {{ index .Options "Namespace" }}.users(id) ON DELETE CASCADE
+    CONSTRAINT identities_user_id_fkey FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE
 );
-COMMENT ON TABLE {{ index .Options "Namespace" }}.identities is 'Auth: Stores identities associated to a user.';
+COMMENT ON TABLE identities is 'Auth: Stores identities associated to a user.';

migrations/20210909172000_create_identities_table.up.sql

@@ -1,24 +1,23 @@
 -- adds parent column
-
-ALTER TABLE {{ index .Options "Namespace" }}.refresh_tokens
+ALTER TABLE refresh_tokens
 ADD COLUMN IF NOT EXISTS parent varchar(255) NULL;
-
-DO $$
-BEGIN
-  IF NOT EXISTS(SELECT *
-    FROM information_schema.constraint_column_usage
-    WHERE table_schema = '{{ index .Options "Namespace" }}' and table_name='refresh_tokens' and constraint_name='refresh_tokens_token_unique')
-  THEN
-      ALTER TABLE "{{ index .Options "Namespace" }}"."refresh_tokens" ADD CONSTRAINT refresh_tokens_token_unique UNIQUE ("token");
-  END IF;
-
-  IF NOT EXISTS(SELECT *
-    FROM information_schema.constraint_column_usage
-    WHERE table_schema = '{{ index .Options "Namespace" }}' and table_name='refresh_tokens' and constraint_name='refresh_tokens_parent_fkey')
-  THEN
-      ALTER TABLE "{{ index .Options "Namespace" }}"."refresh_tokens" ADD CONSTRAINT refresh_tokens_parent_fkey FOREIGN KEY (parent) REFERENCES {{ index .Options "Namespace" }}.refresh_tokens("token");
-  END IF;
-
-  CREATE INDEX IF NOT EXISTS refresh_tokens_parent_idx ON "{{ index .Options "Namespace" }}"."refresh_tokens" USING btree (parent);
-END $$;
-
+DO $$ BEGIN IF NOT EXISTS(
+  SELECT *
+  FROM information_schema.constraint_column_usage
+  WHERE table_name = 'refresh_tokens'
+    and constraint_name = 'refresh_tokens_token_unique'
+) THEN
+ALTER TABLE "refresh_tokens"
+ADD CONSTRAINT refresh_tokens_token_unique UNIQUE ("token");
+END IF;
+IF NOT EXISTS(
+  SELECT *
+  FROM information_schema.constraint_column_usage
+  WHERE table_name = 'refresh_tokens'
+    and constraint_name = 'refresh_tokens_parent_fkey'
+) THEN
+ALTER TABLE "refresh_tokens"
+ADD CONSTRAINT refresh_tokens_parent_fkey FOREIGN KEY (parent) REFERENCES refresh_tokens("token");
+END IF;
+CREATE INDEX IF NOT EXISTS refresh_tokens_parent_idx ON "refresh_tokens" USING btree (parent);
+END $$;

migrations/20210927181326_add_refresh_token_parent.up.sql

@@ -1,3 +1,2 @@
 -- create index on identities.user_id
-
-CREATE INDEX IF NOT EXISTS identities_user_id_idx ON "{{ index .Options "Namespace" }}".identities using btree (user_id);
+CREATE INDEX IF NOT EXISTS identities_user_id_idx ON identities using btree (user_id);

migrations/20211122151130_create_user_id_idx.up.sql

@@ -1,34 +1,22 @@
 -- update auth functions
-
-create or replace function {{ index .Options "Namespace" }}.uid() 
-returns uuid 
-language sql stable
-as $$
-  select 
-  coalesce(
+create or replace function uid() returns uuid language sql stable as $$
+select coalesce(
     current_setting('request.jwt.claim.sub', true),
-    (current_setting('request.jwt.claims', true)::jsonb ->> 'sub')
-  )::uuid
-$$;
-
-create or replace function {{ index .Options "Namespace" }}.role() 
-returns text 
-language sql stable
-as $$
-  select 
-  coalesce(
+    (
+      current_setting('request.jwt.claims', true)::jsonb->>'sub'
+    )
+  )::uuid $$;
+create or replace function role() returns text language sql stable as $$
+select coalesce(
     current_setting('request.jwt.claim.role', true),
-    (current_setting('request.jwt.claims', true)::jsonb ->> 'role')
-  )::text
-$$;
-
-create or replace function {{ index .Options "Namespace" }}.email() 
-returns text 
-language sql stable
-as $$
-  select 
-  coalesce(
+    (
+      current_setting('request.jwt.claims', true)::jsonb->>'role'
+    )
+  )::text $$;
+create or replace function email() returns text language sql stable as $$
+select coalesce(
     current_setting('request.jwt.claim.email', true),
-    (current_setting('request.jwt.claims', true)::jsonb ->> 'email')
-  )::text
-$$;
+    (
+      current_setting('request.jwt.claims', true)::jsonb->>'email'
+    )
+  )::text $$;