rest-api/db/migrations/20240720132802_exposed_views_functions.sql

-- migrate:up
CREATE VIEW api.account
WITH (security_invoker = on)
AS
SELECT id, username
FROM internal.user
WHERE id = (current_setting('request.jwt.claims', true)::json->>'user_id')::UUID;

CREATE VIEW api.user
WITH (security_invoker = on)
AS
SELECT id, username
FROM internal.user;

CREATE VIEW api.website
WITH (security_invoker = on)
AS
SELECT
  id,
  user_id,
  content_type,
  title,
  created_at,
  last_modified_at,
  last_modified_by
FROM internal.website;

CREATE VIEW api.media
WITH (security_invoker = on)
AS
SELECT
  id,
  website_id,
  user_id,
  original_name,
  file_system_path,
  created_at
FROM internal.media;

CREATE VIEW api.settings
WITH (security_invoker = on)
AS
SELECT
  website_id,
  accent_color_light_theme,
  accent_color_dark_theme,
  favicon_image,
  last_modified_at,
  last_modified_by
FROM internal.settings;

CREATE VIEW api.header
WITH (security_invoker = on)
AS
SELECT
  website_id,
  logo_type,
  logo_text,
  logo_image,
  last_modified_at,
  last_modified_by
FROM internal.header;

CREATE view api.home
WITH (security_invoker = on)
AS
SELECT
  website_id,
  main_content,
  last_modified_at,
  last_modified_by
FROM internal.home;

CREATE VIEW api.article
WITH (security_invoker = on)
AS
SELECT
  id,
  website_id,
  user_id,
  title,
  meta_description,
  meta_author,
  cover_image,
  publication_date,
  main_content,
  created_at,
  last_modified_at,
  last_modified_by
FROM internal.article;

CREATE VIEW api.footer
WITH (security_invoker = on)
AS
SELECT
  website_id,
  additional_text,
  last_modified_at,
  last_modified_by
FROM internal.footer;

CREATE VIEW api.collab
WITH (security_invoker = on)
AS
SELECT
  website_id,
  user_id,
  permission_level,
  added_at,
  last_modified_at,
  last_modified_by
FROM internal.collab;

CREATE VIEW api.change_log
WITH (security_invoker = on)
AS
SELECT
  website_id,
  user_id,
  change_summary,
  previous_value,
  new_value,
  timestamp
FROM internal.change_log;

CREATE FUNCTION
api.create_website(content_type VARCHAR(10), title VARCHAR(50), OUT website_id UUID) AS $$
DECLARE
  _website_id UUID;
  _user_id UUID;
BEGIN
  _user_id := (current_setting('request.jwt.claims', true)::json->>'user_id')::UUID;

  INSERT INTO internal.website (content_type, title)
  VALUES (create_website.content_type, create_website.title)
  RETURNING id INTO _website_id;

  INSERT INTO internal.settings (website_id)
  VALUES (_website_id);

  INSERT INTO internal.header (website_id, logo_text)
  VALUES (_website_id, 'archtika ' || create_website.content_type);

  INSERT INTO internal.home (website_id, main_content)
  VALUES
    (_website_id, '
## About

archtika is a FLOSS, modern, performant and lightweight CMS (Content Mangement System) in the form of a web application. It allows you to easily create, manage and publish minimal, responsive and SEO friendly blogging and documentation websites with official, professionally designed templates.

It is also possible to add contributors to your sites, which is very useful for larger projects where, for example, several people are constantly working on the documentation.

## How it works

For the backend, PostgreSQL is used in combination with PostgREST to create a RESTful API. JSON web tokens along with row-level security control authentication and authorisation flows.

The web application uses SvelteKit with SSR (Server Side Rendering) and Svelte version 5, currently in beta.

NGINX is used to deploy the websites, serving the static site files from the `/var/www/archtika-websites` directory. The static files can be found in this directory via the path `<user_id>/<website_id>`, which is dynamically created by the web application.
  ');

  INSERT INTO internal.footer (website_id, additional_text)
  VALUES (_website_id, 'archtika is a free, open, modern, performant and lightweight CMS'); 

  website_id := _website_id;
END;
$$ LANGUAGE plpgsql SECURITY DEFINER;

GRANT EXECUTE ON FUNCTION api.create_website(VARCHAR(10), VARCHAR(50)) TO authenticated_user;


-- Security invoker only works on views if the user has access to the underlying table
GRANT SELECT ON internal.user TO authenticated_user;
GRANT SELECT ON api.account TO authenticated_user;
GRANT SELECT ON api.user TO authenticated_user;
GRANT SELECT, UPDATE, DELETE ON internal.website TO authenticated_user;
GRANT SELECT, UPDATE, DELETE ON api.website TO authenticated_user;
GRANT SELECT, INSERT ON internal.media TO authenticated_user;
GRANT SELECT, INSERT ON api.media TO authenticated_user;
GRANT SELECT, UPDATE ON internal.settings TO authenticated_user;
GRANT SELECT, UPDATE ON api.settings TO authenticated_user;
GRANT SELECT, UPDATE ON internal.header TO authenticated_user;
GRANT SELECT, UPDATE ON api.header TO authenticated_user;
GRANT SELECT, UPDATE ON internal.home TO authenticated_user;
GRANT SELECT, UPDATE ON api.home TO authenticated_user;
GRANT SELECT, INSERT, UPDATE, DELETE ON internal.article TO authenticated_user;
GRANT SELECT, INSERT, UPDATE, DELETE ON api.article TO authenticated_user;
GRANT SELECT, UPDATE ON internal.footer TO authenticated_user;
GRANT SELECT, UPDATE ON api.footer TO authenticated_user;
GRANT SELECT, INSERT, UPDATE, DELETE ON internal.collab TO authenticated_user;
GRANT SELECT, INSERT, UPDATE, DELETE ON api.collab TO authenticated_user;
GRANT SELECT ON internal.change_log TO authenticated_user;
GRANT SELECT ON api.change_log TO authenticated_user; 

-- migrate:down
REVOKE SELECT ON internal.user FROM authenticated_user;
REVOKE SELECT, UPDATE, DELETE ON internal.website FROM authenticated_user;
REVOKE SELECT, INSERT ON internal.media FROM authenticated_user;
REVOKE SELECT, UPDATE ON internal.settings FROM authenticated_user;
REVOKE SELECT, UPDATE ON internal.header FROM authenticated_user;
REVOKE SELECT, INSERT, UPDATE, DELETE ON internal.article FROM authenticated_user;
REVOKE SELECT, UPDATE ON internal.footer FROM authenticated_user;
REVOKE SELECT, INSERT, UPDATE, DELETE ON internal.collab FROM authenticated_user;
REVOKE SELECT ON internal.change_log FROM authenticated_user;

DROP FUNCTION api.create_website(VARCHAR(10), VARCHAR(50));

DROP VIEW api.change_log;
DROP VIEW api.collab;
DROP VIEW api.footer;
DROP VIEW api.home;
DROP VIEW api.article;
DROP VIEW api.header;
DROP VIEW api.settings;
DROP VIEW api.media;
DROP VIEW api.website;
DROP VIEW api.user;
DROP VIEW api.account;
Initial commit 2024-07-31 07:23:32 +02:00			`-- migrate:up`
Add collaborator page 2024-08-05 19:33:35 +02:00			`CREATE VIEW api.account`
			`WITH (security_invoker = on)`
			`AS`
			`SELECT id, username`
			`FROM internal.user`
			`WHERE id = (current_setting('request.jwt.claims', true)::json->>'user_id')::UUID;`

Initial commit 2024-07-31 07:23:32 +02:00			`CREATE VIEW api.user`
			`WITH (security_invoker = on)`
			`AS`
			`SELECT id, username`
			`FROM internal.user;`

Rename Postgres tables for better recognition and add additional routes in web app 2024-07-31 10:29:46 +02:00			`CREATE VIEW api.website`
Initial commit 2024-07-31 07:23:32 +02:00			`WITH (security_invoker = on)`
			`AS`
Replace SQL wildcard selectors with explicit columns for better versioning 2024-08-03 22:06:29 +02:00			`SELECT`
			`id,`
Update policies for collaborators for stricter rules 2024-08-08 16:30:01 +02:00			`user_id,`
Replace SQL wildcard selectors with explicit columns for better versioning 2024-08-03 22:06:29 +02:00			`content_type,`
			`title,`
			`created_at,`
			`last_modified_at,`
			`last_modified_by`
Rename Postgres tables for better recognition and add additional routes in web app 2024-07-31 10:29:46 +02:00			`FROM internal.website;`
Initial commit 2024-07-31 07:23:32 +02:00
Rename Postgres tables for better recognition and add additional routes in web app 2024-07-31 10:29:46 +02:00			`CREATE VIEW api.media`
Initial commit 2024-07-31 07:23:32 +02:00			`WITH (security_invoker = on)`
			`AS`
Replace SQL wildcard selectors with explicit columns for better versioning 2024-08-03 22:06:29 +02:00			`SELECT`
			`id,`
			`website_id,`
			`user_id,`
			`original_name,`
			`file_system_path,`
			`created_at`
Rename Postgres tables for better recognition and add additional routes in web app 2024-07-31 10:29:46 +02:00			`FROM internal.media;`
Initial commit 2024-07-31 07:23:32 +02:00
Rename Postgres tables for better recognition and add additional routes in web app 2024-07-31 10:29:46 +02:00			`CREATE VIEW api.settings`
Initial commit 2024-07-31 07:23:32 +02:00			`WITH (security_invoker = on)`
			`AS`
Replace SQL wildcard selectors with explicit columns for better versioning 2024-08-03 22:06:29 +02:00			`SELECT`
			`website_id,`
			`accent_color_light_theme,`
			`accent_color_dark_theme,`
			`favicon_image,`
			`last_modified_at,`
			`last_modified_by`
Rename Postgres tables for better recognition and add additional routes in web app 2024-07-31 10:29:46 +02:00			`FROM internal.settings;`
Initial commit 2024-07-31 07:23:32 +02:00
Rename Postgres tables for better recognition and add additional routes in web app 2024-07-31 10:29:46 +02:00			`CREATE VIEW api.header`
Initial commit 2024-07-31 07:23:32 +02:00			`WITH (security_invoker = on)`
			`AS`
Replace SQL wildcard selectors with explicit columns for better versioning 2024-08-03 22:06:29 +02:00			`SELECT`
			`website_id,`
			`logo_type,`
			`logo_text,`
			`logo_image,`
			`last_modified_at,`
			`last_modified_by`
Rename Postgres tables for better recognition and add additional routes in web app 2024-07-31 10:29:46 +02:00			`FROM internal.header;`
Initial commit 2024-07-31 07:23:32 +02:00
Rename Postgres tables for better recognition and add additional routes in web app 2024-07-31 10:29:46 +02:00			`CREATE view api.home`
Initial commit 2024-07-31 07:23:32 +02:00			`WITH (security_invoker = on)`
			`AS`
Replace SQL wildcard selectors with explicit columns for better versioning 2024-08-03 22:06:29 +02:00			`SELECT`
			`website_id,`
			`main_content,`
			`last_modified_at,`
			`last_modified_by`
Rename Postgres tables for better recognition and add additional routes in web app 2024-07-31 10:29:46 +02:00			`FROM internal.home;`
Initial commit 2024-07-31 07:23:32 +02:00
Rename Postgres tables for better recognition and add additional routes in web app 2024-07-31 10:29:46 +02:00			`CREATE VIEW api.article`
Initial commit 2024-07-31 07:23:32 +02:00			`WITH (security_invoker = on)`
			`AS`
Replace SQL wildcard selectors with explicit columns for better versioning 2024-08-03 22:06:29 +02:00			`SELECT`
			`id,`
			`website_id,`
Add user id field to article table 2024-08-07 16:25:05 +02:00			`user_id,`
Replace SQL wildcard selectors with explicit columns for better versioning 2024-08-03 22:06:29 +02:00			`title,`
			`meta_description,`
			`meta_author,`
			`cover_image,`
			`publication_date,`
			`main_content,`
			`created_at,`
			`last_modified_at,`
			`last_modified_by`
Rename Postgres tables for better recognition and add additional routes in web app 2024-07-31 10:29:46 +02:00			`FROM internal.article;`
Initial commit 2024-07-31 07:23:32 +02:00
Rename Postgres tables for better recognition and add additional routes in web app 2024-07-31 10:29:46 +02:00			`CREATE VIEW api.footer`
Initial commit 2024-07-31 07:23:32 +02:00			`WITH (security_invoker = on)`
			`AS`
Replace SQL wildcard selectors with explicit columns for better versioning 2024-08-03 22:06:29 +02:00			`SELECT`
			`website_id,`
			`additional_text,`
			`last_modified_at,`
			`last_modified_by`
Rename Postgres tables for better recognition and add additional routes in web app 2024-07-31 10:29:46 +02:00			`FROM internal.footer;`
Initial commit 2024-07-31 07:23:32 +02:00
Rename Postgres tables for better recognition and add additional routes in web app 2024-07-31 10:29:46 +02:00			`CREATE VIEW api.collab`
Initial commit 2024-07-31 07:23:32 +02:00			`WITH (security_invoker = on)`
			`AS`
Replace SQL wildcard selectors with explicit columns for better versioning 2024-08-03 22:06:29 +02:00			`SELECT`
			`website_id,`
			`user_id,`
			`permission_level,`
			`added_at,`
			`last_modified_at,`
			`last_modified_by`
Rename Postgres tables for better recognition and add additional routes in web app 2024-07-31 10:29:46 +02:00			`FROM internal.collab;`
Initial commit 2024-07-31 07:23:32 +02:00
Rename Postgres tables for better recognition and add additional routes in web app 2024-07-31 10:29:46 +02:00			`CREATE VIEW api.change_log`
Initial commit 2024-07-31 07:23:32 +02:00			`WITH (security_invoker = on)`
			`AS`
Replace SQL wildcard selectors with explicit columns for better versioning 2024-08-03 22:06:29 +02:00			`SELECT`
			`website_id,`
			`user_id,`
			`change_summary,`
			`previous_value,`
			`new_value,`
			`timestamp`
Rename Postgres tables for better recognition and add additional routes in web app 2024-07-31 10:29:46 +02:00			`FROM internal.change_log;`
Initial commit 2024-07-31 07:23:32 +02:00
			`CREATE FUNCTION`
Rename Postgres tables for better recognition and add additional routes in web app 2024-07-31 10:29:46 +02:00			`api.create_website(content_type VARCHAR(10), title VARCHAR(50), OUT website_id UUID) AS $$`
Initial commit 2024-07-31 07:23:32 +02:00			`DECLARE`
Rename Postgres tables for better recognition and add additional routes in web app 2024-07-31 10:29:46 +02:00			`_website_id UUID;`
Add user id field to article table 2024-08-07 16:25:05 +02:00			`_user_id UUID;`
Initial commit 2024-07-31 07:23:32 +02:00			`BEGIN`
Add user id field to article table 2024-08-07 16:25:05 +02:00			`_user_id := (current_setting('request.jwt.claims', true)::json->>'user_id')::UUID;`

Rename Postgres tables for better recognition and add additional routes in web app 2024-07-31 10:29:46 +02:00			`INSERT INTO internal.website (content_type, title)`
			`VALUES (create_website.content_type, create_website.title)`
			`RETURNING id INTO _website_id;`
Initial commit 2024-07-31 07:23:32 +02:00
Rename Postgres tables for better recognition and add additional routes in web app 2024-07-31 10:29:46 +02:00			`INSERT INTO internal.settings (website_id)`
			`VALUES (_website_id);`
Initial commit 2024-07-31 07:23:32 +02:00
Rename Postgres tables for better recognition and add additional routes in web app 2024-07-31 10:29:46 +02:00			`INSERT INTO internal.header (website_id, logo_text)`
			`VALUES (_website_id, 'archtika ' \|\| create_website.content_type);`
Initial commit 2024-07-31 07:23:32 +02:00
Rename Postgres tables for better recognition and add additional routes in web app 2024-07-31 10:29:46 +02:00			`INSERT INTO internal.home (website_id, main_content)`
Initial commit 2024-07-31 07:23:32 +02:00			`VALUES`
Update README, row level policies for collaborators and articles and fix minor issues 2024-08-08 20:31:38 +02:00			`(_website_id, '`
			`## About`
Initial commit 2024-07-31 07:23:32 +02:00
Update README, row level policies for collaborators and articles and fix minor issues 2024-08-08 20:31:38 +02:00			`archtika is a FLOSS, modern, performant and lightweight CMS (Content Mangement System) in the form of a web application. It allows you to easily create, manage and publish minimal, responsive and SEO friendly blogging and documentation websites with official, professionally designed templates.`

			`It is also possible to add contributors to your sites, which is very useful for larger projects where, for example, several people are constantly working on the documentation.`

			`## How it works`

			`For the backend, PostgreSQL is used in combination with PostgREST to create a RESTful API. JSON web tokens along with row-level security control authentication and authorisation flows.`

			`The web application uses SvelteKit with SSR (Server Side Rendering) and Svelte version 5, currently in beta.`

			NGINX is used to deploy the websites, serving the static site files from the `/var/www/archtika-websites` directory. The static files can be found in this directory via the path `<user_id>/<website_id>`, which is dynamically created by the web application.
			`');`
Initial commit 2024-07-31 07:23:32 +02:00
Rename Postgres tables for better recognition and add additional routes in web app 2024-07-31 10:29:46 +02:00			`INSERT INTO internal.footer (website_id, additional_text)`
Update README, row level policies for collaborators and articles and fix minor issues 2024-08-08 20:31:38 +02:00			`VALUES (_website_id, 'archtika is a free, open, modern, performant and lightweight CMS');`
Initial commit 2024-07-31 07:23:32 +02:00
Rename Postgres tables for better recognition and add additional routes in web app 2024-07-31 10:29:46 +02:00			`website_id := _website_id;`
Initial commit 2024-07-31 07:23:32 +02:00			`END;`
			`$$ LANGUAGE plpgsql SECURITY DEFINER;`

Rename Postgres tables for better recognition and add additional routes in web app 2024-07-31 10:29:46 +02:00			`GRANT EXECUTE ON FUNCTION api.create_website(VARCHAR(10), VARCHAR(50)) TO authenticated_user;`
Initial commit 2024-07-31 07:23:32 +02:00

			`-- Security invoker only works on views if the user has access to the underlying table`
			`GRANT SELECT ON internal.user TO authenticated_user;`
Add collaborator page 2024-08-05 19:33:35 +02:00			`GRANT SELECT ON api.account TO authenticated_user;`
Initial commit 2024-07-31 07:23:32 +02:00			`GRANT SELECT ON api.user TO authenticated_user;`
Rename Postgres tables for better recognition and add additional routes in web app 2024-07-31 10:29:46 +02:00			`GRANT SELECT, UPDATE, DELETE ON internal.website TO authenticated_user;`
			`GRANT SELECT, UPDATE, DELETE ON api.website TO authenticated_user;`
			`GRANT SELECT, INSERT ON internal.media TO authenticated_user;`
			`GRANT SELECT, INSERT ON api.media TO authenticated_user;`
			`GRANT SELECT, UPDATE ON internal.settings TO authenticated_user;`
			`GRANT SELECT, UPDATE ON api.settings TO authenticated_user;`
			`GRANT SELECT, UPDATE ON internal.header TO authenticated_user;`
			`GRANT SELECT, UPDATE ON api.header TO authenticated_user;`
			`GRANT SELECT, UPDATE ON internal.home TO authenticated_user;`
			`GRANT SELECT, UPDATE ON api.home TO authenticated_user;`
			`GRANT SELECT, INSERT, UPDATE, DELETE ON internal.article TO authenticated_user;`
			`GRANT SELECT, INSERT, UPDATE, DELETE ON api.article TO authenticated_user;`
			`GRANT SELECT, UPDATE ON internal.footer TO authenticated_user;`
			`GRANT SELECT, UPDATE ON api.footer TO authenticated_user;`
			`GRANT SELECT, INSERT, UPDATE, DELETE ON internal.collab TO authenticated_user;`
			`GRANT SELECT, INSERT, UPDATE, DELETE ON api.collab TO authenticated_user;`
			`GRANT SELECT ON internal.change_log TO authenticated_user;`
			`GRANT SELECT ON api.change_log TO authenticated_user;`
Initial commit 2024-07-31 07:23:32 +02:00
			`-- migrate:down`
			`REVOKE SELECT ON internal.user FROM authenticated_user;`
Rename Postgres tables for better recognition and add additional routes in web app 2024-07-31 10:29:46 +02:00			`REVOKE SELECT, UPDATE, DELETE ON internal.website FROM authenticated_user;`
			`REVOKE SELECT, INSERT ON internal.media FROM authenticated_user;`
			`REVOKE SELECT, UPDATE ON internal.settings FROM authenticated_user;`
			`REVOKE SELECT, UPDATE ON internal.header FROM authenticated_user;`
			`REVOKE SELECT, INSERT, UPDATE, DELETE ON internal.article FROM authenticated_user;`
			`REVOKE SELECT, UPDATE ON internal.footer FROM authenticated_user;`
			`REVOKE SELECT, INSERT, UPDATE, DELETE ON internal.collab FROM authenticated_user;`
			`REVOKE SELECT ON internal.change_log FROM authenticated_user;`

			`DROP FUNCTION api.create_website(VARCHAR(10), VARCHAR(50));`

			`DROP VIEW api.change_log;`
			`DROP VIEW api.collab;`
			`DROP VIEW api.footer;`
			`DROP VIEW api.home;`
			`DROP VIEW api.article;`
			`DROP VIEW api.header;`
			`DROP VIEW api.settings;`
			`DROP VIEW api.media;`
			`DROP VIEW api.website;`
Add collaborator page 2024-08-05 19:33:35 +02:00			`DROP VIEW api.user;`
			`DROP VIEW api.account;`