Support WALRUS (Postgres RLS) Integration with Realtime Server #10
Comments
|
Progress:
|
|
@w3b6x9 is it possible to access a docker image that sends the realtime |
|
@acupofjose yep, so I just pushed up some changes to https://github.com/supabase/realtime/tree/rls. You can spin up Postgres and Realtime with
Feel free to use
and
for your convenience. The above JWT was signed with the secret found in |
|
Just a heads up I just updated the |
|
@acupofjose wow that was fast! awesome work! |
Feature request
Is your feature request related to a problem? Please describe.
Currently, Realtime server sends all database changes to all connected clients despite Postgres Row Level Security policies. This poses security concerns when developers wish to broadcast database changes containing sensitive data to an authorized subset of connected clients based on tables with RLS enabled and row security policies.
Realtime server will integrate WALRUS (Write Ahead Log Realtime Unified Security), which means there are some changes that lib clients need to make in order to support this new security functionality.
Describe the solution you'd like
The following changes will need to be made:
user_tokenwhen subscribing client to Realtime channel.Realtime w/ WALRUS will pass Postgres array types as [1, 2, 3], _int4, and ["a", "b", "c"], _text, instead of "{1,2,3}" (_int4/_text) so this can be forwarded without any transformations. However, clients should maintain backward compatibility so they should still be able to handle stringified Postgres array (e.g. "{1,2,3}") cases.
The changes have already been applied to
supabase-jsandrealtime-jsand their PRs can be referenced while making the necessary changes:user_tokenfeat: add user_token when creating realtime channel subscription #270
feat: update transformers to accept already transformed walrus changes #107
fix: error parsing JSON when transforming array data types #113
The bug fixes include longstanding issues with transformers in
realtime-jswhere range types are first JSON parsed (which results in an error sometimes due to Postgres' range exclusive and inclusive bounds) and how stringified (e.g. "{1,2,3}") array types are split (can't always split on "," in cases like _daterange). Please see PR for additional context.Additional context
We're looking to launch WALRUS in Realtime at the end of November, and all developers using the JS client will have to do is version bump their
supabase-jsto v1.2.0, which contains all the changes described above.Please reach out if there's any questions and definitely tag me to confirm PRs if you'd like! Thank you!
The text was updated successfully, but these errors were encountered: