Cannot enable RLS policy for storage.buckets table
storageI am Trying to upload files in supabase buckets. I am not using supabase AUth I have my own token creation system and user table.
Now I have setup RLS policy all the buckets as shown below
CREATE POLICY "anon can do 1x24yub_0" ON "storage"."objects" FOR INSERT TO "anon" WITH CHECK ((("bucket_id" = 'fontuploads'::"text") AND ("split_part"("name", '/'::"text", 1) = "public"."get_org_id"())));
CREATE POLICY "anon can do 1x24yub_1" ON "storage"."objects" FOR SELECT TO "anon" USING ((("bucket_id" = 'fontuploads'::"text") AND ("split_part"("name", '/'::"text", 1) = "public"."get_org_id"())));
The get_org_id() function is designed to handle the custom Header passed from the Frontend using below function
export const supabaseAuthClient = () => {
const userSession = userSessionStore();
return createClient(supabaseUrl, supabaseAnonKey, {
global: {
headers: {
'Authorization': userSession?.session?.token ? ${userSession?.session.token} : ''
}
}
});
};
Where the userSession?.session.token is my custom token.
The get_org_id function decodes the authtoken and gets org_id encoded in the token. THe token is generated with below function
def create_jwt_token(user):
payload = {
"sub":user["id"],
"app_metadata":{
"org_id":user["org_id"],
"is_active":user["is_active"],
"is_super_admin":user["is_super_admin"]
},
'exp': datetime.utcnow()+timedelta(days=30) # Token valid for 30 days
}
token = jwt.encode(payload,jwt_secret_key, algorithm='HS256')
return token
However when I try to upload image, it gives below error
{
"statusCode": "403",
"error": "Unauthorized",
"message": "signature verification failed"
}
I tried to see of the RLS policy is enabled or not for storage shcema and found out that storage.buckets has the RLS disabled.
When I tried to enable using the query
ALTER TABLE storage.buckets
ENABLE ROW LEVEL SECURITY;
it gave me below error
Error: Failed to run sql query: ERROR: 42501: must be owner of table buckets
Can anyone help me?
Now I have setup RLS policy all the buckets as shown below
CREATE POLICY "anon can do 1x24yub_0" ON "storage"."objects" FOR INSERT TO "anon" WITH CHECK ((("bucket_id" = 'fontuploads'::"text") AND ("split_part"("name", '/'::"text", 1) = "public"."get_org_id"())));
CREATE POLICY "anon can do 1x24yub_1" ON "storage"."objects" FOR SELECT TO "anon" USING ((("bucket_id" = 'fontuploads'::"text") AND ("split_part"("name", '/'::"text", 1) = "public"."get_org_id"())));
The get_org_id() function is designed to handle the custom Header passed from the Frontend using below function
export const supabaseAuthClient = () => {
const userSession = userSessionStore();
return createClient(supabaseUrl, supabaseAnonKey, {
global: {
headers: {
'Authorization': userSession?.session?.token ? ${userSession?.session.token} : ''
}
}
});
};
Where the userSession?.session.token is my custom token.
The get_org_id function decodes the authtoken and gets org_id encoded in the token. THe token is generated with below function
def create_jwt_token(user):
payload = {
"sub":user["id"],
"app_metadata":{
"org_id":user["org_id"],
"is_active":user["is_active"],
"is_super_admin":user["is_super_admin"]
},
'exp': datetime.utcnow()+timedelta(days=30) # Token valid for 30 days
}
token = jwt.encode(payload,jwt_secret_key, algorithm='HS256')
return token
However when I try to upload image, it gives below error
{
"statusCode": "403",
"error": "Unauthorized",
"message": "signature verification failed"
}
I tried to see of the RLS policy is enabled or not for storage shcema and found out that storage.buckets has the RLS disabled.
When I tried to enable using the query
ALTER TABLE storage.buckets
ENABLE ROW LEVEL SECURITY;
it gave me below error
Error: Failed to run sql query: ERROR: 42501: must be owner of table buckets
Can anyone help me?
