ENG-430 Add access-token table (#196)

mdroidian · web-flow · commit 725508124ad9 · 2025-06-10T14:25:17.000-06:00
* Add access-token table schema to database types and update config for schema path

* Refactor access-token to access_token in database schema and types for consistency. Update permissions and indexes in SQL migration files.

* add platform_account_id to access_token and updating related types

* rm prettier save on types.gen

* Refactor access_token schema and types: replace stace with request_id, remove id, and update constraints.
diff --git a/packages/database/supabase/config.toml b/packages/database/supabase/config.toml
@@ -59,6 +59,7 @@ schema_paths = [
     './schemas/contributor.sql',
     './schemas/sync.sql',
     './schemas/upload_temp.sql',
+    './schemas/access_token.sql',
 ]
 
 [db.seed]
diff --git a/packages/database/supabase/migrations/20250610201801_create_access_table.sql b/packages/database/supabase/migrations/20250610201801_create_access_table.sql
@@ -0,0 +1,60 @@
+create table "public"."access_token" (
+    "request_id" character varying not null,
+    "access_token" character varying not null,
+    "code" character varying,
+    "platform_account_id" bigint,
+    "created_date" timestamp with time zone not null default timezone('utc'::text, now())
+);
+
+
+CREATE UNIQUE INDEX access_token_access_token_idx ON public.access_token USING btree (access_token);
+
+CREATE INDEX access_token_code_idx ON public.access_token USING btree (code);
+
+CREATE UNIQUE INDEX access_token_pkey ON public.access_token USING btree (request_id);
+
+CREATE INDEX access_token_platform_account_id_idx ON public.access_token USING btree (platform_account_id);
+
+alter table "public"."access_token" add constraint "access_token_pkey" PRIMARY KEY using index "access_token_pkey";
+
+alter table "public"."access_token" add constraint "access_token_code_check" CHECK ((code IS NOT NULL)) not valid;
+
+alter table "public"."access_token" validate constraint "access_token_code_check";
+
+alter table "public"."access_token" add constraint "access_token_platform_account_id_fkey" FOREIGN KEY (platform_account_id) REFERENCES "PlatformAccount"(id) ON UPDATE CASCADE ON DELETE SET NULL not valid;
+
+alter table "public"."access_token" validate constraint "access_token_platform_account_id_fkey";
+
+grant insert on table "public"."access_token" to "anon";
+
+grant select on table "public"."access_token" to "anon";
+
+grant delete on table "public"."access_token" to "authenticated";
+
+grant insert on table "public"."access_token" to "authenticated";
+
+grant references on table "public"."access_token" to "authenticated";
+
+grant select on table "public"."access_token" to "authenticated";
+
+grant trigger on table "public"."access_token" to "authenticated";
+
+grant truncate on table "public"."access_token" to "authenticated";
+
+grant update on table "public"."access_token" to "authenticated";
+
+grant delete on table "public"."access_token" to "service_role";
+
+grant insert on table "public"."access_token" to "service_role";
+
+grant references on table "public"."access_token" to "service_role";
+
+grant select on table "public"."access_token" to "service_role";
+
+grant trigger on table "public"."access_token" to "service_role";
+
+grant truncate on table "public"."access_token" to "service_role";
+
+grant update on table "public"."access_token" to "service_role";
+
+
diff --git a/packages/database/supabase/schemas/access_token.sql b/packages/database/supabase/schemas/access_token.sql
@@ -0,0 +1,28 @@
+create table "access_token" (
+  request_id varchar primary key,
+  -- TODO encrypt this (look into supabase vault)
+  access_token varchar not null,
+  code varchar,
+  platform_account_id bigint,
+  created_date timestamp with time zone default timezone('utc'::text, now()) not null,
+  constraint access_token_code_check check (
+    code is not null
+  ),
+  constraint access_token_platform_account_id_fkey foreign key (platform_account_id)
+    references public."PlatformAccount" (id) on update cascade on delete set null
+);
+
+create unique index access_token_access_token_idx on "access_token" ("access_token");
+create index access_token_code_idx on "access_token" (code);
+create index access_token_platform_account_id_idx on "access_token" (platform_account_id);
+
+-- Revoke dangerous permissions from anon role
+revoke delete on table "public"."access_token" from "anon";
+revoke truncate on table "public"."access_token" from "anon";
+revoke update on table "public"."access_token" from "anon";
+revoke references on table "public"."access_token" from "anon";
+revoke trigger on table "public"."access_token" from "anon";
+
+-- Ensure only necessary permissions remain for anon role
+grant select on table "public"."access_token" to "anon";
+grant insert on table "public"."access_token" to "anon";
diff --git a/packages/database/types.gen.ts b/packages/database/types.gen.ts
@@ -9,6 +9,38 @@ export type Json =
 export type Database = {
   public: {
     Tables: {
+      access_token: {
+        Row: {
+          access_token: string
+          code: string | null
+          created_date: string
+          platform_account_id: number | null
+          request_id: string
+        }
+        Insert: {
+          access_token: string
+          code?: string | null
+          created_date?: string
+          platform_account_id?: number | null
+          request_id: string
+        }
+        Update: {
+          access_token?: string
+          code?: string | null
+          created_date?: string
+          platform_account_id?: number | null
+          request_id?: string
+        }
+        Relationships: [
+          {
+            foreignKeyName: "access_token_platform_account_id_fkey"
+            columns: ["platform_account_id"]
+            isOneToOne: false
+            referencedRelation: "PlatformAccount"
+            referencedColumns: ["id"]
+          },
+        ]
+      }
       AgentIdentifier: {
         Row: {
           account_id: number
@@ -467,6 +499,25 @@ export type Database = {
       [_ in never]: never
     }
     Functions: {
+      alpha_delete_by_source_local_ids: {
+        Args: { p_space_name: string; p_source_local_ids: string[] }
+        Returns: string
+      }
+      alpha_get_last_update_time: {
+        Args: { p_space_name: string }
+        Returns: {
+          last_update_time: string
+        }[]
+      }
+      alpha_upsert_discourse_nodes: {
+        Args: {
+          p_space_name: string
+          p_user_email: string
+          p_user_name: string
+          p_nodes: Json
+        }
+        Returns: string
+      }
       end_sync_task: {
         Args: {
           s_target: number
@@ -515,6 +566,26 @@ export type Database = {
         }
         Returns: unknown
       }
+      upsert_discourse_nodes: {
+        Args: {
+          p_space_name: string
+          p_user_email: string
+          p_user_name: string
+          p_nodes: Json
+          p_platform_name?: string
+          p_platform_url?: string
+          p_space_url?: string
+          p_agent_type?: string
+          p_content_scale?: string
+          p_embedding_model?: string
+          p_document_source_id?: string
+        }
+        Returns: {
+          content_id: number
+          embedding_created: boolean
+          action: string
+        }[]
+      }
     }
     Enums: {
       AgentIdentifierType: "email" | "orcid"

Original file line number	Diff line number	Diff line change
`@@ -59,6 +59,7 @@ schema_paths = [`
`59`	`59`	`'./schemas/contributor.sql',`
`60`	`60`	`'./schemas/sync.sql',`
`61`	`61`	`'./schemas/upload_temp.sql',`
	`62`	`+ './schemas/access_token.sql',`
`62`	`63`	`]`
`63`	`64`
`64`	`65`	`[db.seed]`