- SQL migrations: users, collectives, collective_members, collective_invitations,
full RLS policies, is_active_member/is_member/is_admin helpers,
accept_invitation SECURITY DEFINER function, admin auto-promote trigger,
avatars storage bucket
- Auth refactor: replace keycloak-js with Supabase OAuth (GoTrue OIDC proxy,
Option B). signInWithOAuth({ provider: 'keycloak' }) + PKCE flow
- GoTrue config: GOTRUE_EXTERNAL_KEYCLOAK_URL + GOTRUE_EXTERNAL_KEYCLOAK_REDIRECT_URI
added to docker-compose.dev.yml; Keycloak realm updated with GoTrue callback URI
- New routes: /auth/callback, /invitation/[token], /(app)/collective/manage
- Functional onboarding: create collective or join via invite link
- Full settings page: display name (debounced), avatar (initials/emoji/upload),
language switcher, Keycloak account console link
- Components: Avatar.svelte (initials/emoji/upload with fallback),
ImageCropper.svelte (cropperjs, 1:1 crop, lazy-loaded)
- i18n: added all Fase 1 message keys (en + es); renamed 'delete' → 'action_delete'
(JS reserved word); fixed plugin-m-function-matcher major-version URL format
- Database types: manually seeded packages/types/src/database.ts from migrations
- .env.development: committed public dev defaults for SvelteKit type checking
- CLAUDE.md: documented /etc/hosts requirement for keycloak hostname
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
42 lines
1.2 KiB
SQL
42 lines
1.2 KiB
SQL
-- Migration 004: Storage bucket for user avatars
|
|
|
|
INSERT INTO storage.buckets (id, name, public, file_size_limit, allowed_mime_types)
|
|
VALUES (
|
|
'avatars',
|
|
'avatars',
|
|
false, -- private: access via signed URLs only
|
|
2097152, -- 2 MB per file
|
|
ARRAY['image/webp', 'image/jpeg', 'image/png', 'image/gif']
|
|
)
|
|
ON CONFLICT (id) DO NOTHING;
|
|
|
|
-- Storage RLS: a user can read/write only their own avatar folder ({user_id}/avatar.*)
|
|
|
|
CREATE POLICY avatars_select
|
|
ON storage.objects FOR SELECT
|
|
USING (
|
|
bucket_id = 'avatars'
|
|
AND (storage.foldername(name))[1] = auth.uid()::text
|
|
);
|
|
|
|
CREATE POLICY avatars_insert
|
|
ON storage.objects FOR INSERT
|
|
WITH CHECK (
|
|
bucket_id = 'avatars'
|
|
AND (storage.foldername(name))[1] = auth.uid()::text
|
|
);
|
|
|
|
CREATE POLICY avatars_update
|
|
ON storage.objects FOR UPDATE
|
|
USING (
|
|
bucket_id = 'avatars'
|
|
AND (storage.foldername(name))[1] = auth.uid()::text
|
|
);
|
|
|
|
CREATE POLICY avatars_delete
|
|
ON storage.objects FOR DELETE
|
|
USING (
|
|
bucket_id = 'avatars'
|
|
AND (storage.foldername(name))[1] = auth.uid()::text
|
|
);
|