From ce3239598dbf44256df547dafa54d3d036db5db9 Mon Sep 17 00:00:00 2001
From: Matt <matt@letsbe.solutions>
Date: Mon, 26 Jan 2026 12:12:33 +0100
Subject: [PATCH] Add auth helper functions (uid, role, jwt) to init.sql

These functions are normally created by GoTrue but our init.sql
runs first. Needed for RLS policies that use auth.uid().

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---
 deploy/init.sql | 41 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 41 insertions(+)

diff --git a/deploy/init.sql b/deploy/init.sql
index 02379ee..a6e7564 100644
--- a/deploy/init.sql
+++ b/deploy/init.sql
@@ -97,6 +97,47 @@ ALTER DATABASE postgres SET search_path TO public, extensions;
 CREATE EXTENSION IF NOT EXISTS "uuid-ossp" WITH SCHEMA extensions;
 CREATE EXTENSION IF NOT EXISTS "pgcrypto" WITH SCHEMA extensions;
 
+-- ============================================
+-- AUTH HELPER FUNCTIONS
+-- These are normally created by GoTrue, but we need them for RLS policies
+-- ============================================
+
+-- Get current user ID from JWT
+CREATE OR REPLACE FUNCTION auth.uid()
+RETURNS UUID
+LANGUAGE sql
+STABLE
+AS $$
+  SELECT COALESCE(
+    current_setting('request.jwt.claim.sub', true),
+    (current_setting('request.jwt.claims', true)::jsonb ->> 'sub')
+  )::uuid
+$$;
+
+-- Get current user role from JWT
+CREATE OR REPLACE FUNCTION auth.role()
+RETURNS TEXT
+LANGUAGE sql
+STABLE
+AS $$
+  SELECT COALESCE(
+    current_setting('request.jwt.claim.role', true),
+    (current_setting('request.jwt.claims', true)::jsonb ->> 'role')
+  )::text
+$$;
+
+-- Get JWT claim value
+CREATE OR REPLACE FUNCTION auth.jwt()
+RETURNS JSONB
+LANGUAGE sql
+STABLE
+AS $$
+  SELECT COALESCE(
+    current_setting('request.jwt.claims', true)::jsonb,
+    '{}'::jsonb
+  )
+$$;
+
 -- ============================================
 -- MIGRATION 001: Initial Schema
 -- ============================================