rest-api/db/migrations/20240720132802_exposed_views_functions.sql

-- migrate:up
CREATE VIEW api.account WITH ( security_invoker = ON
) AS
SELECT
  *
FROM
  internal.user
WHERE
  id = (
    CURRENT_SETTING(
      'request.jwt.claims', TRUE
)::JSON ->> 'user_id')::UUID;

CREATE VIEW api.user WITH ( security_invoker = ON
) AS
SELECT
  id,
  username,
  created_at,
  max_number_websites
FROM
  internal.user;

CREATE VIEW api.website WITH ( security_invoker = ON
) AS
SELECT
  *
FROM
  internal.website;

CREATE VIEW api.settings WITH ( security_invoker = ON
) AS
SELECT
  *
FROM
  internal.settings;

CREATE VIEW api.header WITH ( security_invoker = ON
) AS
SELECT
  *
FROM
  internal.header;

CREATE VIEW api.home WITH ( security_invoker = ON
) AS
SELECT
  *
FROM
  internal.home;

CREATE VIEW api.article WITH ( security_invoker = ON
) AS
SELECT
  *
FROM
  internal.article;

CREATE VIEW api.docs_category WITH ( security_invoker = ON
) AS
SELECT
  *
FROM
  internal.docs_category;

CREATE VIEW api.footer WITH ( security_invoker = ON
) AS
SELECT
  *
FROM
  internal.footer;

CREATE VIEW api.collab WITH ( security_invoker = ON
) AS
SELECT
  *
FROM
  internal.collab;

CREATE FUNCTION api.create_website (content_type VARCHAR(10), title VARCHAR(50), OUT website_id UUID)
AS $$
DECLARE
  _website_id UUID;
  _user_id UUID := (CURRENT_SETTING('request.jwt.claims', TRUE)::JSON ->> 'user_id')::UUID;
  _user_website_count INT := (
    SELECT
      COUNT(*)
    FROM
      internal.website AS w
    WHERE
      w.user_id = _user_id);
  _user_max_websites_allowed_count INT := (
    SELECT
      u.max_number_websites
    FROM
      internal.user AS u
    WHERE
      id = _user_id);
BEGIN
  IF (_user_website_count + 1 > _user_max_websites_allowed_count) THEN
    RAISE invalid_parameter_value
    USING message = FORMAT('Limit of %s websites exceeded', _user_max_websites_allowed_count);
  END IF;
    INSERT INTO internal.website (content_type, title)
      VALUES (create_website.content_type, create_website.title)
    RETURNING
      id INTO _website_id;
    INSERT INTO internal.settings (website_id)
      VALUES (_website_id);
    INSERT INTO internal.header (website_id, logo_text)
      VALUES (_website_id, 'archtika ' || create_website.content_type);
    INSERT INTO internal.home (website_id, main_content)
      VALUES (_website_id, '## About

archtika is a FLOSS, modern, performant and lightweight CMS (Content Mangement System) in the form of a web application. It allows you to easily create, manage and publish minimal, responsive and SEO friendly blogging and documentation websites with official, professionally designed templates. It is also possible to add contributors to your sites, which is very useful for larger projects where, for example, several people are constantly working on the documentation.');
    INSERT INTO internal.footer (website_id, additional_text)
      VALUES (_website_id, 'archtika is a free, open, modern, performant and lightweight CMS');
    website_id := _website_id;
END;
$$
LANGUAGE plpgsql
SECURITY DEFINER;

GRANT EXECUTE ON FUNCTION api.create_website TO authenticated_user;

-- Security invoker only works on views if the user has access to the underlying table
GRANT SELECT ON internal.user TO authenticated_user;

GRANT SELECT ON api.account TO authenticated_user;

GRANT SELECT ON api.user TO authenticated_user;

GRANT SELECT, UPDATE (title), DELETE ON internal.website TO authenticated_user;

GRANT SELECT, UPDATE, DELETE ON api.website TO authenticated_user;

GRANT SELECT, UPDATE (accent_color_dark_theme, accent_color_light_theme, background_color_dark_theme, background_color_light_theme, favicon_image) ON internal.settings TO authenticated_user;

GRANT SELECT, UPDATE ON api.settings TO authenticated_user;

GRANT SELECT, UPDATE (logo_type, logo_text, logo_image) ON internal.header TO authenticated_user;

GRANT SELECT, UPDATE ON api.header TO authenticated_user;

GRANT SELECT, UPDATE (main_content, meta_description) ON internal.home TO authenticated_user;

GRANT SELECT, UPDATE ON api.home TO authenticated_user;

GRANT SELECT, INSERT (website_id, title, meta_description, meta_author, cover_image, publication_date, main_content, category, article_weight), UPDATE (title, meta_description, meta_author, cover_image, publication_date, main_content, category, article_weight), DELETE ON internal.article TO authenticated_user;

GRANT SELECT, INSERT, UPDATE, DELETE ON api.article TO authenticated_user;

GRANT SELECT, INSERT (website_id, category_name, category_weight), UPDATE (category_name, category_weight), DELETE ON internal.docs_category TO authenticated_user;

GRANT SELECT, INSERT, UPDATE, DELETE ON api.docs_category TO authenticated_user;

GRANT SELECT, UPDATE (additional_text) ON internal.footer TO authenticated_user;

GRANT SELECT, UPDATE ON api.footer TO authenticated_user;

GRANT SELECT, INSERT (website_id, user_id, permission_level), UPDATE (permission_level), DELETE ON internal.collab TO authenticated_user;

GRANT SELECT, INSERT, UPDATE, DELETE ON api.collab TO authenticated_user;

-- migrate:down
Initial commit 2024-07-31 07:23:32 +02:00			`-- migrate:up`
Add postgres sql file formatting via pg_format 2024-08-08 22:29:04 +02:00			`CREATE VIEW api.account WITH ( security_invoker = ON`
			`) AS`
			`SELECT`
Add TypeScript definitions via pg-to-ts and refactor migrations 2024-09-10 17:29:57 +02:00			`*`
Add postgres sql file formatting via pg_format 2024-08-08 22:29:04 +02:00			`FROM`
			`internal.user`
			`WHERE`
			`id = (`
			`CURRENT_SETTING(`
			`'request.jwt.claims', TRUE`
			`)::JSON ->> 'user_id')::UUID;`

			`CREATE VIEW api.user WITH ( security_invoker = ON`
			`) AS`
			`SELECT`
			`id,`
Add administrator role plus manage dashboard and cleanup database migrations 2024-10-08 21:20:44 +02:00			`username,`
			`created_at,`
			`max_number_websites`
Add postgres sql file formatting via pg_format 2024-08-08 22:29:04 +02:00			`FROM`
			`internal.user;`

			`CREATE VIEW api.website WITH ( security_invoker = ON`
			`) AS`
Replace SQL wildcard selectors with explicit columns for better versioning 2024-08-03 22:06:29 +02:00			`SELECT`
Add TypeScript definitions via pg-to-ts and refactor migrations 2024-09-10 17:29:57 +02:00			`*`
Add postgres sql file formatting via pg_format 2024-08-08 22:29:04 +02:00			`FROM`
Remove NGINX website directories from API and fix some minor issues 2024-10-17 16:53:31 +02:00			`internal.website;`
Initial commit 2024-07-31 07:23:32 +02:00
Add postgres sql file formatting via pg_format 2024-08-08 22:29:04 +02:00			`CREATE VIEW api.settings WITH ( security_invoker = ON`
			`) AS`
Replace SQL wildcard selectors with explicit columns for better versioning 2024-08-03 22:06:29 +02:00			`SELECT`
Add TypeScript definitions via pg-to-ts and refactor migrations 2024-09-10 17:29:57 +02:00			`*`
Add postgres sql file formatting via pg_format 2024-08-08 22:29:04 +02:00			`FROM`
			`internal.settings;`
Initial commit 2024-07-31 07:23:32 +02:00
Add postgres sql file formatting via pg_format 2024-08-08 22:29:04 +02:00			`CREATE VIEW api.header WITH ( security_invoker = ON`
			`) AS`
Replace SQL wildcard selectors with explicit columns for better versioning 2024-08-03 22:06:29 +02:00			`SELECT`
Add TypeScript definitions via pg-to-ts and refactor migrations 2024-09-10 17:29:57 +02:00			`*`
Add postgres sql file formatting via pg_format 2024-08-08 22:29:04 +02:00			`FROM`
			`internal.header;`
Initial commit 2024-07-31 07:23:32 +02:00
Add postgres sql file formatting via pg_format 2024-08-08 22:29:04 +02:00			`CREATE VIEW api.home WITH ( security_invoker = ON`
			`) AS`
Replace SQL wildcard selectors with explicit columns for better versioning 2024-08-03 22:06:29 +02:00			`SELECT`
Add TypeScript definitions via pg-to-ts and refactor migrations 2024-09-10 17:29:57 +02:00			`*`
Add postgres sql file formatting via pg_format 2024-08-08 22:29:04 +02:00			`FROM`
			`internal.home;`
Initial commit 2024-07-31 07:23:32 +02:00
Add postgres sql file formatting via pg_format 2024-08-08 22:29:04 +02:00			`CREATE VIEW api.article WITH ( security_invoker = ON`
			`) AS`
Replace SQL wildcard selectors with explicit columns for better versioning 2024-08-03 22:06:29 +02:00			`SELECT`
Add TypeScript definitions via pg-to-ts and refactor migrations 2024-09-10 17:29:57 +02:00			`*`
Add postgres sql file formatting via pg_format 2024-08-08 22:29:04 +02:00			`FROM`
			`internal.article;`
Initial commit 2024-07-31 07:23:32 +02:00
Add TypeScript definitions via pg-to-ts and refactor migrations 2024-09-10 17:29:57 +02:00			`CREATE VIEW api.docs_category WITH ( security_invoker = ON`
			`) AS`
			`SELECT`
			`*`
			`FROM`
			`internal.docs_category;`

Add postgres sql file formatting via pg_format 2024-08-08 22:29:04 +02:00			`CREATE VIEW api.footer WITH ( security_invoker = ON`
			`) AS`
Replace SQL wildcard selectors with explicit columns for better versioning 2024-08-03 22:06:29 +02:00			`SELECT`
Add TypeScript definitions via pg-to-ts and refactor migrations 2024-09-10 17:29:57 +02:00			`*`
Add postgres sql file formatting via pg_format 2024-08-08 22:29:04 +02:00			`FROM`
			`internal.footer;`
Initial commit 2024-07-31 07:23:32 +02:00
Add postgres sql file formatting via pg_format 2024-08-08 22:29:04 +02:00			`CREATE VIEW api.collab WITH ( security_invoker = ON`
			`) AS`
Replace SQL wildcard selectors with explicit columns for better versioning 2024-08-03 22:06:29 +02:00			`SELECT`
Add TypeScript definitions via pg-to-ts and refactor migrations 2024-09-10 17:29:57 +02:00			`*`
Add postgres sql file formatting via pg_format 2024-08-08 22:29:04 +02:00			`FROM`
			`internal.collab;`
Initial commit 2024-07-31 07:23:32 +02:00
Add postgres sql file formatting via pg_format 2024-08-08 22:29:04 +02:00			`CREATE FUNCTION api.create_website (content_type VARCHAR(10), title VARCHAR(50), OUT website_id UUID)`
			`AS $$`
Initial commit 2024-07-31 07:23:32 +02:00			`DECLARE`
Rename Postgres tables for better recognition and add additional routes in web app 2024-07-31 10:29:46 +02:00			`_website_id UUID;`
Add TypeScript definitions via pg-to-ts and refactor migrations 2024-09-10 17:29:57 +02:00			`_user_id UUID := (CURRENT_SETTING('request.jwt.claims', TRUE)::JSON ->> 'user_id')::UUID;`
Add administrator role plus manage dashboard and cleanup database migrations 2024-10-08 21:20:44 +02:00			`_user_website_count INT := (`
			`SELECT`
			`COUNT(*)`
			`FROM`
			`internal.website AS w`
			`WHERE`
			`w.user_id = _user_id);`
			`_user_max_websites_allowed_count INT := (`
			`SELECT`
			`u.max_number_websites`
			`FROM`
			`internal.user AS u`
			`WHERE`
			`id = _user_id);`
Initial commit 2024-07-31 07:23:32 +02:00			`BEGIN`
Add administrator role plus manage dashboard and cleanup database migrations 2024-10-08 21:20:44 +02:00			`IF (_user_website_count + 1 > _user_max_websites_allowed_count) THEN`
			`RAISE invalid_parameter_value`
			`USING message = FORMAT('Limit of %s websites exceeded', _user_max_websites_allowed_count);`
			`END IF;`
			`INSERT INTO internal.website (content_type, title)`
			`VALUES (create_website.content_type, create_website.title)`
			`RETURNING`
			`id INTO _website_id;`
			`INSERT INTO internal.settings (website_id)`
			`VALUES (_website_id);`
			`INSERT INTO internal.header (website_id, logo_text)`
			`VALUES (_website_id, 'archtika ' \|\| create_website.content_type);`
			`INSERT INTO internal.home (website_id, main_content)`
			`VALUES (_website_id, '## About`
Initial commit 2024-07-31 07:23:32 +02:00
Add theme toggle for templates 2024-10-03 18:51:30 +02:00			`archtika is a FLOSS, modern, performant and lightweight CMS (Content Mangement System) in the form of a web application. It allows you to easily create, manage and publish minimal, responsive and SEO friendly blogging and documentation websites with official, professionally designed templates. It is also possible to add contributors to your sites, which is very useful for larger projects where, for example, several people are constantly working on the documentation.');`
Add administrator role plus manage dashboard and cleanup database migrations 2024-10-08 21:20:44 +02:00			`INSERT INTO internal.footer (website_id, additional_text)`
			`VALUES (_website_id, 'archtika is a free, open, modern, performant and lightweight CMS');`
			`website_id := _website_id;`
Initial commit 2024-07-31 07:23:32 +02:00			`END;`
Add postgres sql file formatting via pg_format 2024-08-08 22:29:04 +02:00			`$$`
			`LANGUAGE plpgsql`
			`SECURITY DEFINER;`
Initial commit 2024-07-31 07:23:32 +02:00
Add administrator role plus manage dashboard and cleanup database migrations 2024-10-08 21:20:44 +02:00			`GRANT EXECUTE ON FUNCTION api.create_website TO authenticated_user;`
Initial commit 2024-07-31 07:23:32 +02:00
			`-- Security invoker only works on views if the user has access to the underlying table`
			`GRANT SELECT ON internal.user TO authenticated_user;`
Add postgres sql file formatting via pg_format 2024-08-08 22:29:04 +02:00
Add collaborator page 2024-08-05 19:33:35 +02:00			`GRANT SELECT ON api.account TO authenticated_user;`
Add postgres sql file formatting via pg_format 2024-08-08 22:29:04 +02:00
Initial commit 2024-07-31 07:23:32 +02:00			`GRANT SELECT ON api.user TO authenticated_user;`
Add postgres sql file formatting via pg_format 2024-08-08 22:29:04 +02:00
Add ability to export articles, track publications in json file on NGINX, fix vulnerabilities and refactor 2024-11-19 18:49:40 +01:00			`GRANT SELECT, UPDATE (title), DELETE ON internal.website TO authenticated_user;`
Add postgres sql file formatting via pg_format 2024-08-08 22:29:04 +02:00
Rename Postgres tables for better recognition and add additional routes in web app 2024-07-31 10:29:46 +02:00			`GRANT SELECT, UPDATE, DELETE ON api.website TO authenticated_user;`
Add postgres sql file formatting via pg_format 2024-08-08 22:29:04 +02:00
Refactor web app code and add background color setting 2024-09-27 16:59:29 +02:00			`GRANT SELECT, UPDATE (accent_color_dark_theme, accent_color_light_theme, background_color_dark_theme, background_color_light_theme, favicon_image) ON internal.settings TO authenticated_user;`
Add postgres sql file formatting via pg_format 2024-08-08 22:29:04 +02:00
Rename Postgres tables for better recognition and add additional routes in web app 2024-07-31 10:29:46 +02:00			`GRANT SELECT, UPDATE ON api.settings TO authenticated_user;`
Add postgres sql file formatting via pg_format 2024-08-08 22:29:04 +02:00
Set base CSP, security headers and set column permissions for tables 2024-09-24 16:06:24 +02:00			`GRANT SELECT, UPDATE (logo_type, logo_text, logo_image) ON internal.header TO authenticated_user;`
Add postgres sql file formatting via pg_format 2024-08-08 22:29:04 +02:00
Rename Postgres tables for better recognition and add additional routes in web app 2024-07-31 10:29:46 +02:00			`GRANT SELECT, UPDATE ON api.header TO authenticated_user;`
Add postgres sql file formatting via pg_format 2024-08-08 22:29:04 +02:00
Add OpenGraph head tags and more tests 2024-10-04 17:09:51 +02:00			`GRANT SELECT, UPDATE (main_content, meta_description) ON internal.home TO authenticated_user;`
Add postgres sql file formatting via pg_format 2024-08-08 22:29:04 +02:00
Rename Postgres tables for better recognition and add additional routes in web app 2024-07-31 10:29:46 +02:00			`GRANT SELECT, UPDATE ON api.home TO authenticated_user;`
Add postgres sql file formatting via pg_format 2024-08-08 22:29:04 +02:00
Set base CSP, security headers and set column permissions for tables 2024-09-24 16:06:24 +02:00			`GRANT SELECT, INSERT (website_id, title, meta_description, meta_author, cover_image, publication_date, main_content, category, article_weight), UPDATE (title, meta_description, meta_author, cover_image, publication_date, main_content, category, article_weight), DELETE ON internal.article TO authenticated_user;`
Add postgres sql file formatting via pg_format 2024-08-08 22:29:04 +02:00
Rename Postgres tables for better recognition and add additional routes in web app 2024-07-31 10:29:46 +02:00			`GRANT SELECT, INSERT, UPDATE, DELETE ON api.article TO authenticated_user;`
Add postgres sql file formatting via pg_format 2024-08-08 22:29:04 +02:00
Set base CSP, security headers and set column permissions for tables 2024-09-24 16:06:24 +02:00			`GRANT SELECT, INSERT (website_id, category_name, category_weight), UPDATE (category_name, category_weight), DELETE ON internal.docs_category TO authenticated_user;`
Add TypeScript definitions via pg-to-ts and refactor migrations 2024-09-10 17:29:57 +02:00
			`GRANT SELECT, INSERT, UPDATE, DELETE ON api.docs_category TO authenticated_user;`

Set base CSP, security headers and set column permissions for tables 2024-09-24 16:06:24 +02:00			`GRANT SELECT, UPDATE (additional_text) ON internal.footer TO authenticated_user;`
Add postgres sql file formatting via pg_format 2024-08-08 22:29:04 +02:00
Rename Postgres tables for better recognition and add additional routes in web app 2024-07-31 10:29:46 +02:00			`GRANT SELECT, UPDATE ON api.footer TO authenticated_user;`
Add postgres sql file formatting via pg_format 2024-08-08 22:29:04 +02:00
Set base CSP, security headers and set column permissions for tables 2024-09-24 16:06:24 +02:00			`GRANT SELECT, INSERT (website_id, user_id, permission_level), UPDATE (permission_level), DELETE ON internal.collab TO authenticated_user;`
Add postgres sql file formatting via pg_format 2024-08-08 22:29:04 +02:00
Rename Postgres tables for better recognition and add additional routes in web app 2024-07-31 10:29:46 +02:00			`GRANT SELECT, INSERT, UPDATE, DELETE ON api.collab TO authenticated_user;`
Add postgres sql file formatting via pg_format 2024-08-08 22:29:04 +02:00
Initial commit 2024-07-31 07:23:32 +02:00			`-- migrate:down`