fix: infinite recursion bug

marcus-pousette · marcus-pousette · commit 1e89b2bf3369 · 2025-12-23T16:06:26.000+01:00
diff --git a/supabase/migrations/20251223143000_fix_powergit_create_org.sql b/supabase/migrations/20251223143000_fix_powergit_create_org.sql
@@ -0,0 +1,71 @@
+-- Fix org create RPC for Postgres plpgsql.variable_conflict=error environments.
+-- Earlier deployments used an unqualified `org_id` column reference inside
+-- `powergit_create_org`, which collides with the function argument and raises:
+--   column reference "org_id" is ambiguous
+
+create or replace function public.powergit_create_org(org_id text, name text default null)
+returns public.orgs
+language plpgsql
+security definer
+set search_path = public
+as $$
+declare
+  uid uuid;
+  normalized text;
+  candidate_name text;
+  existing public.orgs%rowtype;
+  member_count int;
+begin
+  uid := auth.uid();
+  if uid is null then
+    raise exception 'Not authenticated.' using errcode = '28000';
+  end if;
+
+  normalized := lower(trim(org_id));
+  if normalized is null or normalized = '' then
+    raise exception 'org_id is required.' using errcode = '22023';
+  end if;
+
+  if normalized like 'gh-%' or normalized like 'github-%' then
+    raise exception 'Org ids starting with "gh-" or "github-" are reserved.' using errcode = '22023';
+  end if;
+
+  if normalized !~ '^[a-z0-9][a-z0-9._-]{0,79}$' then
+    raise exception 'Invalid org id "%". Use 1-80 chars: [a-z0-9._-].', normalized using errcode = '22023';
+  end if;
+
+  candidate_name := nullif(trim(coalesce(name, '')), '');
+
+  select * into existing from public.orgs where id = normalized limit 1;
+  if found then
+    -- Qualify org_id to avoid ambiguity with the `org_id` function argument.
+    select count(*) into member_count from public.org_members m where m.org_id = normalized;
+    if member_count = 0 then
+      update public.orgs
+        set
+          name = coalesce(candidate_name, public.orgs.name),
+          created_by = coalesce(public.orgs.created_by, uid),
+          updated_at = now()
+        where id = normalized;
+      insert into public.org_members (org_id, user_id, role)
+        values (normalized, uid, 'admin')
+        on conflict on constraint org_members_pkey do update set role = 'admin', updated_at = now();
+      select * into existing from public.orgs where id = normalized limit 1;
+      return existing;
+    end if;
+    raise exception 'Org "%" already exists.', normalized using errcode = '23505';
+  end if;
+
+  insert into public.orgs (id, name, created_by)
+    values (normalized, candidate_name, uid)
+    returning * into existing;
+
+  insert into public.org_members (org_id, user_id, role)
+    values (normalized, uid, 'admin')
+    on conflict on constraint org_members_pkey do update set role = 'admin', updated_at = now();
+
+  return existing;
+end;
+$$;
+
+grant execute on function public.powergit_create_org(text, text) to authenticated;
diff --git a/supabase/migrations/20251223144000_fix_org_acl_helper_functions.sql b/supabase/migrations/20251223144000_fix_org_acl_helper_functions.sql
@@ -0,0 +1,82 @@
+-- Fix org ACL helper functions for RLS recursion.
+-- Older deployments defined these helpers as INVOKER functions, but they are used inside RLS
+-- policies for `org_members`, causing infinite recursion and:
+--   stack depth limit exceeded
+--
+-- This migration replaces the helpers with SECURITY DEFINER variants that (a) avoid recursion by
+-- bypassing RLS as the table owner and (b) refuse checks for other users by validating auth.uid().
+
+create or replace function public.powergit_user_is_org_member(org_id text, user_id uuid)
+returns boolean
+language sql
+stable
+security definer
+set search_path = public
+as $$
+  select case
+    when auth.uid() is distinct from $2 then false
+    else exists (
+      select 1
+      from public.org_members m
+      where m.org_id = $1
+        and m.user_id = $2
+    )
+  end;
+$$;
+
+create or replace function public.powergit_user_is_org_admin(org_id text, user_id uuid)
+returns boolean
+language sql
+stable
+security definer
+set search_path = public
+as $$
+  select case
+    when auth.uid() is distinct from $2 then false
+    else exists (
+      select 1
+      from public.org_members m
+      where m.org_id = $1
+        and m.user_id = $2
+        and m.role = 'admin'
+    )
+  end;
+$$;
+
+create or replace function public.powergit_user_can_read_repo(org_id text, repo_id text, user_id uuid)
+returns boolean
+language sql
+stable
+security definer
+set search_path = public
+as $$
+  select case
+    when auth.uid() is distinct from $3 then false
+    else public.powergit_repo_is_public($1, $2)
+      or public.powergit_user_is_org_member($1, $3)
+  end;
+$$;
+
+create or replace function public.powergit_user_can_write_repo(org_id text, repo_id text, user_id uuid)
+returns boolean
+language sql
+stable
+security definer
+set search_path = public
+as $$
+  select case
+    when auth.uid() is distinct from $3 then false
+    else exists (
+      select 1
+      from public.org_members m
+      where m.org_id = $1
+        and m.user_id = $3
+        and m.role in ('admin', 'write')
+    )
+  end;
+$$;
+
+grant execute on function public.powergit_user_is_org_member(text, uuid) to anon, authenticated, service_role;
+grant execute on function public.powergit_user_is_org_admin(text, uuid) to anon, authenticated, service_role;
+grant execute on function public.powergit_user_can_read_repo(text, text, uuid) to anon, authenticated, service_role;
+grant execute on function public.powergit_user_can_write_repo(text, text, uuid) to anon, authenticated, service_role;
