Commit 1ca29b0
committed
fix: restrict leaderboard member visibility and fix auth recursion
- Tighten public.leaderboard_members policy to only allow users
to see their own membership (user_id = auth.uid()).
- Update LeaderbordList: select owner_id, capture query error,
and filter joined boards to role == "member".
- Use supabase.auth.getUser() in auth proxy and return undefined
at the end of the middleware.
- Log auth middleware triggers and return early in proxy.ts1 parent 39d5708 commit 1ca29b0
4 files changed
Lines changed: 12 additions & 19 deletions
File tree
- app
- components/dashboard
- lib/proxy
- sql
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
27 | 27 | | |
28 | 28 | | |
29 | 29 | | |
30 | | - | |
| 30 | + | |
31 | 31 | | |
32 | | - | |
| 32 | + | |
33 | 33 | | |
34 | | - | |
| 34 | + | |
35 | 35 | | |
36 | 36 | | |
37 | 37 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
25 | 25 | | |
26 | 26 | | |
27 | 27 | | |
28 | | - | |
29 | | - | |
30 | | - | |
31 | | - | |
32 | | - | |
| 28 | + | |
| 29 | + | |
33 | 30 | | |
34 | 31 | | |
35 | 32 | | |
| |||
49 | 46 | | |
50 | 47 | | |
51 | 48 | | |
52 | | - | |
| 49 | + | |
53 | 50 | | |
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
16 | 16 | | |
17 | 17 | | |
18 | 18 | | |
19 | | - | |
| 19 | + | |
| 20 | + | |
| 21 | + | |
| 22 | + | |
20 | 23 | | |
21 | 24 | | |
22 | 25 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
57 | 57 | | |
58 | 58 | | |
59 | 59 | | |
60 | | - | |
| 60 | + | |
61 | 61 | | |
62 | 62 | | |
63 | | - | |
64 | | - | |
65 | | - | |
66 | | - | |
67 | | - | |
68 | | - | |
69 | | - | |
70 | | - | |
| 63 | + | |
71 | 64 | | |
72 | 65 | | |
73 | 66 | | |
| |||
0 commit comments