fix: RLS auth bypass for signup/login flows
Some checks failed
CI — P2 Drift (Go + Node) / saas (push) Successful in 26s
CI — P3 Alert / test (push) Successful in 23s
CI — P6 Run / build-push (push) Failing after 15s
CI — P2 Drift (Go + Node) / agent (push) Successful in 38s
CI — P4 Portal / test (push) Successful in 34s
CI — P5 Cost / test (push) Successful in 35s
CI — P6 Run / saas (push) Successful in 33s
CI — P2 Drift (Go + Node) / build-push (push) Failing after 50s
CI — P3 Alert / build-push (push) Failing after 5s
CI — P4 Portal / build-push (push) Failing after 51s
CI — P5 Cost / build-push (push) Failing after 15s
Some checks failed
CI — P2 Drift (Go + Node) / saas (push) Successful in 26s
CI — P3 Alert / test (push) Successful in 23s
CI — P6 Run / build-push (push) Failing after 15s
CI — P2 Drift (Go + Node) / agent (push) Successful in 38s
CI — P4 Portal / test (push) Successful in 34s
CI — P5 Cost / test (push) Successful in 35s
CI — P6 Run / saas (push) Successful in 33s
CI — P2 Drift (Go + Node) / build-push (push) Failing after 50s
CI — P3 Alert / build-push (push) Failing after 5s
CI — P4 Portal / build-push (push) Failing after 51s
CI — P5 Cost / build-push (push) Failing after 15s
- Add set_config('app.tenant_id') before user INSERT in signup tx
- Add 004_auth_rls_fix.sql: permissive SELECT on users/api_keys for
auth lookups, INSERT on users with tenant context check
- db-setup now runs migrations on every up (idempotent)
This commit is contained in:
Protocol dd0c Agent
@@ -222,6 +222,9 @@ export function registerAuthRoutes(app: FastifyInstance, jwtSecret: string, pool
|
||||
role = 'owner';
|
||||
}
|
||||
|
||||
// Set tenant context for RLS before inserting user
|
||||
await client.query("SELECT set_config('app.tenant_id', $1, true)", [tenantId]);
|
||||
|
||||
const user = await client.query(
|
||||
`INSERT INTO users (tenant_id, email, password_hash, role) VALUES ($1, $2, $3, $4) RETURNING id`,
|
||||
[tenantId, body.email, passwordHash, role],
|
||||
|
||||
Reference in New Issue
Block a user