Custom JWT with RLS Authorize

I am passing a jwt token to neon with a payload of

{
  "operator_id": "1",
  "sub": "1",
  "exp": 1740683759,
  "iat": 1740680159
}

{
  "operator_id": "1",
  "sub": "1",
  "exp": 1740683759,
  "iat": 1740680159
}

{
  "operator_id": "1",
  "sub": "1",
  "exp": 1740683759,
  "iat": 1740680159
}

{
  "operator_id": "1",
  "sub": "1",
  "exp": 1740683759,
  "iat": 1740680159
}

I have enabled RLS

and heres a snippit of my schema written in drizzle

export const employee = pgTable(
  "employee",
  {
    employeeId: serial("employeeId").primaryKey(),
    userId: integer("userId")
      .notNull()
      .references(() => users.id),
    positionId: integer("positionId")
      .notNull()
      .references(() => position.positionId),
    operatorId: integer("operatorId")
      .notNull()
      .references(() => operator.operatorId),
  },
  (t) => ({
    employeeSelectPolicy: pgPolicy("employee_select", {
      for: "select",
      to: "authenticated",
      using: sql`(select auth.operator_id() = operatorId)`,
    }),
    employeeInsertPolicy: pgPolicy("employee_insert", {
      for: "insert",
      to: "authenticated",
      withCheck: sql`(select auth.operator_id() = operatorId)`,
    }),
    employeeUpdatePolicy: pgPolicy("employee_update", {
      for: "update",
      to: "authenticated",
      using: sql`(select auth.operator_id() = operatorId)`,
    }),
    employeeDeletePolicy: pgPolicy("employee_delete", {
      for: "delete",
      to: "authenticated",
      using: sql`(select auth.operator_id() = operatorId)`,
    }),
  })
);

export const employee = pgTable(
  "employee",
  {
    employeeId: serial("employeeId").primaryKey(),
    userId: integer("userId")
      .notNull()
      .references(() => users.id),
    positionId: integer("positionId")
      .notNull()
      .references(() => position.positionId),
    operatorId: integer("operatorId")
      .notNull()
      .references(() => operator.operatorId),
  },
  (t) => ({
    employeeSelectPolicy: pgPolicy("employee_select", {
      for: "select",
      to: "authenticated",
      using: sql`(select auth.operator_id() = operatorId)`,
    }),
    employeeInsertPolicy: pgPolicy("employee_insert", {
      for: "insert",
      to: "authenticated",
      withCheck: sql`(select auth.operator_id() = operatorId)`,
    }),
    employeeUpdatePolicy: pgPolicy("employee_update", {
      for: "update",
      to: "authenticated",
      using: sql`(select auth.operator_id() = operatorId)`,
    }),
    employeeDeletePolicy: pgPolicy("employee_delete", {
      for: "delete",
      to: "authenticated",
      using: sql`(select auth.operator_id() = operatorId)`,
    }),
  })
);

export const employee = pgTable(
  "employee",
  {
    employeeId: serial("employeeId").primaryKey(),
    userId: integer("userId")
      .notNull()
      .references(() => users.id),
    positionId: integer("positionId")
      .notNull()
      .references(() => position.positionId),
    operatorId: integer("operatorId")
      .notNull()
      .references(() => operator.operatorId),
  },
  (t) => ({
    employeeSelectPolicy: pgPolicy("employee_select", {
      for: "select",
      to: "authenticated",
      using: sql`(select auth.operator_id() = operatorId)`,
    }),
    employeeInsertPolicy: pgPolicy("employee_insert", {
      for: "insert",
      to: "authenticated",
      withCheck: sql`(select auth.operator_id() = operatorId)`,
    }),
    employeeUpdatePolicy: pgPolicy("employee_update", {
      for: "update",
      to: "authenticated",
      using: sql`(select auth.operator_id() = operatorId)`,
    }),
    employeeDeletePolicy: pgPolicy("employee_delete", {
      for: "delete",
      to: "authenticated",
      using: sql`(select auth.operator_id() = operatorId)`,
    }),
  })
);

export const employee = pgTable(
  "employee",
  {
    employeeId: serial("employeeId").primaryKey(),
    userId: integer("userId")
      .notNull()
      .references(() => users.id),
    positionId: integer("positionId")
      .notNull()
      .references(() => position.positionId),
    operatorId: integer("operatorId")
      .notNull()
      .references(() => operator.operatorId),
  },
  (t) => ({
    employeeSelectPolicy: pgPolicy("employee_select", {
      for: "select",
      to: "authenticated",
      using: sql`(select auth.operator_id() = operatorId)`,
    }),
    employeeInsertPolicy: pgPolicy("employee_insert", {
      for: "insert",
      to: "authenticated",
      withCheck: sql`(select auth.operator_id() = operatorId)`,
    }),
    employeeUpdatePolicy: pgPolicy("employee_update", {
      for: "update",
      to: "authenticated",
      using: sql`(select auth.operator_id() = operatorId)`,
    }),
    employeeDeletePolicy: pgPolicy("employee_delete", {
      for: "delete",
      to: "authenticated",
      using: sql`(select auth.operator_id() = operatorId)`,
    }),
  })
);

When I try to query for all the records I get nothing.

as soon as I change to neondb_owner, everything works. Could anyone help me fix the issue

Custom JWT with RLS Authorize

Similar Threads

Similar Threads

Similar Threads