From d19fccd12ccd4a71c46706c0da4157322f1a055c Mon Sep 17 00:00:00 2001 From: patdelphi Date: Mon, 18 Aug 2025 10:58:23 +0800 Subject: [PATCH] =?UTF-8?q?feat:=20=E6=B7=BB=E5=8A=A0Supabase=E6=9C=AC?= =?UTF-8?q?=E5=9C=B0=E5=BC=80=E5=8F=91=E7=8E=AF=E5=A2=83=E9=85=8D=E7=BD=AE?= =?UTF-8?q?=E5=92=8CEdge=20Functions?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- supabase/.gitignore | 8 + supabase/config.toml | 334 +++++++++++++++++++++ supabase/functions/bazi-analyzer/index.ts | 145 +++++++++ supabase/functions/ziwei-analyzer/index.ts | 155 ++++++++++ supabase/seed.sql | 82 +++++ 5 files changed, 724 insertions(+) create mode 100644 supabase/.gitignore create mode 100644 supabase/config.toml create mode 100644 supabase/functions/bazi-analyzer/index.ts create mode 100644 supabase/functions/ziwei-analyzer/index.ts create mode 100644 supabase/seed.sql diff --git a/supabase/.gitignore b/supabase/.gitignore new file mode 100644 index 0000000..ad9264f --- /dev/null +++ b/supabase/.gitignore @@ -0,0 +1,8 @@ +# Supabase +.branches +.temp + +# dotenvx +.env.keys +.env.local +.env.*.local diff --git a/supabase/config.toml b/supabase/config.toml new file mode 100644 index 0000000..41969b3 --- /dev/null +++ b/supabase/config.toml @@ -0,0 +1,334 @@ +# For detailed configuration reference documentation, visit: +# https://supabase.com/docs/guides/local-development/cli/config +# A string used to distinguish different Supabase projects on the same host. Defaults to the +# working directory name when running `supabase init`. +project_id = "myiabzmycehtxxyybqfo" + +[api] +enabled = true +# Port to use for the API URL. +port = 54321 +# Schemas to expose in your API. Tables, views and stored procedures in this schema will get API +# endpoints. `public` and `graphql_public` schemas are included by default. +schemas = ["public", "graphql_public"] +# Extra schemas to add to the search_path of every request. +extra_search_path = ["public", "extensions"] +# The maximum number of rows returns from a view, table, or stored procedure. Limits payload size +# for accidental or malicious requests. +max_rows = 1000 + +[api.tls] +# Enable HTTPS endpoints locally using a self-signed certificate. +enabled = false + +[db] +# Port to use for the local database URL. +port = 54322 +# Port used by db diff command to initialize the shadow database. +shadow_port = 54320 +# The database major version to use. This has to be the same as your remote database's. Run `SHOW +# server_version;` on the remote database to check. +major_version = 17 + +[db.pooler] +enabled = false +# Port to use for the local connection pooler. +port = 54329 +# Specifies when a server connection can be reused by other clients. +# Configure one of the supported pooler modes: `transaction`, `session`. +pool_mode = "transaction" +# How many server connections to allow per user/database pair. +default_pool_size = 20 +# Maximum number of client connections allowed. +max_client_conn = 100 + +# [db.vault] +# secret_key = "env(SECRET_VALUE)" + +[db.migrations] +# If disabled, migrations will be skipped during a db push or reset. +enabled = true +# Specifies an ordered list of schema files that describe your database. +# Supports glob patterns relative to supabase directory: "./schemas/*.sql" +schema_paths = [] + +[db.seed] +# If enabled, seeds the database after migrations during a db reset. +enabled = true +# Specifies an ordered list of seed files to load during db reset. +# Supports glob patterns relative to supabase directory: "./seeds/*.sql" +sql_paths = ["./seed.sql"] + +[db.network_restrictions] +# Enable management of network restrictions. +enabled = false +# List of IPv4 CIDR blocks allowed to connect to the database. +# Defaults to allow all IPv4 connections. Set empty array to block all IPs. +allowed_cidrs = ["0.0.0.0/0"] +# List of IPv6 CIDR blocks allowed to connect to the database. +# Defaults to allow all IPv6 connections. Set empty array to block all IPs. +allowed_cidrs_v6 = ["::/0"] + +[realtime] +enabled = true +# Bind realtime via either IPv4 or IPv6. (default: IPv4) +# ip_version = "IPv6" +# The maximum length in bytes of HTTP request headers. (default: 4096) +# max_header_length = 4096 + +[studio] +enabled = true +# Port to use for Supabase Studio. +port = 54323 +# External URL of the API server that frontend connects to. +api_url = "http://127.0.0.1" +# OpenAI API Key to use for Supabase AI in the Supabase Studio. +openai_api_key = "env(OPENAI_API_KEY)" + +# Email testing server. Emails sent with the local dev setup are not actually sent - rather, they +# are monitored, and you can view the emails that would have been sent from the web interface. +[inbucket] +enabled = true +# Port to use for the email testing server web interface. +port = 54324 +# Uncomment to expose additional ports for testing user applications that send emails. +# smtp_port = 54325 +# pop3_port = 54326 +# admin_email = "admin@email.com" +# sender_name = "Admin" + +[storage] +enabled = true +# The maximum file size allowed (e.g. "5MB", "500KB"). +file_size_limit = "50MiB" + +# Image transformation API is available to Supabase Pro plan. +# [storage.image_transformation] +# enabled = true + +# Uncomment to configure local storage buckets +# [storage.buckets.images] +# public = false +# file_size_limit = "50MiB" +# allowed_mime_types = ["image/png", "image/jpeg"] +# objects_path = "./images" + +[auth] +enabled = true +# The base URL of your website. Used as an allow-list for redirects and for constructing URLs used +# in emails. +site_url = "http://127.0.0.1:3000" +# A list of *exact* URLs that auth providers are permitted to redirect to post authentication. +additional_redirect_urls = ["https://127.0.0.1:3000"] +# How long tokens are valid for, in seconds. Defaults to 3600 (1 hour), maximum 604,800 (1 week). +jwt_expiry = 3600 +# Path to JWT signing key. DO NOT commit your signing keys file to git. +# signing_keys_path = "./signing_keys.json" +# If disabled, the refresh token will never expire. +enable_refresh_token_rotation = true +# Allows refresh tokens to be reused after expiry, up to the specified interval in seconds. +# Requires enable_refresh_token_rotation = true. +refresh_token_reuse_interval = 10 +# Allow/disallow new user signups to your project. +enable_signup = true +# Allow/disallow anonymous sign-ins to your project. +enable_anonymous_sign_ins = false +# Allow/disallow testing manual linking of accounts +enable_manual_linking = false +# Passwords shorter than this value will be rejected as weak. Minimum 6, recommended 8 or more. +minimum_password_length = 6 +# Passwords that do not meet the following requirements will be rejected as weak. Supported values +# are: `letters_digits`, `lower_upper_letters_digits`, `lower_upper_letters_digits_symbols` +password_requirements = "" + +[auth.rate_limit] +# Number of emails that can be sent per hour. Requires auth.email.smtp to be enabled. +email_sent = 2 +# Number of SMS messages that can be sent per hour. Requires auth.sms to be enabled. +sms_sent = 30 +# Number of anonymous sign-ins that can be made per hour per IP address. Requires enable_anonymous_sign_ins = true. +anonymous_users = 30 +# Number of sessions that can be refreshed in a 5 minute interval per IP address. +token_refresh = 150 +# Number of sign up and sign-in requests that can be made in a 5 minute interval per IP address (excludes anonymous users). +sign_in_sign_ups = 30 +# Number of OTP / Magic link verifications that can be made in a 5 minute interval per IP address. +token_verifications = 30 +# Number of Web3 logins that can be made in a 5 minute interval per IP address. +web3 = 30 + +# Configure one of the supported captcha providers: `hcaptcha`, `turnstile`. +# [auth.captcha] +# enabled = true +# provider = "hcaptcha" +# secret = "" + +[auth.email] +# Allow/disallow new user signups via email to your project. +enable_signup = true +# If enabled, a user will be required to confirm any email change on both the old, and new email +# addresses. If disabled, only the new email is required to confirm. +double_confirm_changes = true +# If enabled, users need to confirm their email address before signing in. +enable_confirmations = false +# If enabled, users will need to reauthenticate or have logged in recently to change their password. +secure_password_change = false +# Controls the minimum amount of time that must pass before sending another signup confirmation or password reset email. +max_frequency = "1s" +# Number of characters used in the email OTP. +otp_length = 6 +# Number of seconds before the email OTP expires (defaults to 1 hour). +otp_expiry = 3600 + +# Use a production-ready SMTP server +# [auth.email.smtp] +# enabled = true +# host = "smtp.sendgrid.net" +# port = 587 +# user = "apikey" +# pass = "env(SENDGRID_API_KEY)" +# admin_email = "admin@email.com" +# sender_name = "Admin" + +# Uncomment to customize email template +# [auth.email.template.invite] +# subject = "You have been invited" +# content_path = "./supabase/templates/invite.html" + +[auth.sms] +# Allow/disallow new user signups via SMS to your project. +enable_signup = false +# If enabled, users need to confirm their phone number before signing in. +enable_confirmations = false +# Template for sending OTP to users +template = "Your code is {{ .Code }}" +# Controls the minimum amount of time that must pass before sending another sms otp. +max_frequency = "5s" + +# Use pre-defined map of phone number to OTP for testing. +# [auth.sms.test_otp] +# 4152127777 = "123456" + +# Configure logged in session timeouts. +# [auth.sessions] +# Force log out after the specified duration. +# timebox = "24h" +# Force log out if the user has been inactive longer than the specified duration. +# inactivity_timeout = "8h" + +# This hook runs before a new user is created and allows developers to reject the request based on the incoming user object. +# [auth.hook.before_user_created] +# enabled = true +# uri = "pg-functions://postgres/auth/before-user-created-hook" + +# This hook runs before a token is issued and allows you to add additional claims based on the authentication method used. +# [auth.hook.custom_access_token] +# enabled = true +# uri = "pg-functions:////" + +# Configure one of the supported SMS providers: `twilio`, `twilio_verify`, `messagebird`, `textlocal`, `vonage`. +[auth.sms.twilio] +enabled = false +account_sid = "" +message_service_sid = "" +# DO NOT commit your Twilio auth token to git. Use environment variable substitution instead: +auth_token = "env(SUPABASE_AUTH_SMS_TWILIO_AUTH_TOKEN)" + +# Multi-factor-authentication is available to Supabase Pro plan. +[auth.mfa] +# Control how many MFA factors can be enrolled at once per user. +max_enrolled_factors = 10 + +# Control MFA via App Authenticator (TOTP) +[auth.mfa.totp] +enroll_enabled = false +verify_enabled = false + +# Configure MFA via Phone Messaging +[auth.mfa.phone] +enroll_enabled = false +verify_enabled = false +otp_length = 6 +template = "Your code is {{ .Code }}" +max_frequency = "5s" + +# Configure MFA via WebAuthn +# [auth.mfa.web_authn] +# enroll_enabled = true +# verify_enabled = true + +# Use an external OAuth provider. The full list of providers are: `apple`, `azure`, `bitbucket`, +# `discord`, `facebook`, `github`, `gitlab`, `google`, `keycloak`, `linkedin_oidc`, `notion`, `twitch`, +# `twitter`, `slack`, `spotify`, `workos`, `zoom`. +[auth.external.apple] +enabled = false +client_id = "" +# DO NOT commit your OAuth provider secret to git. Use environment variable substitution instead: +secret = "env(SUPABASE_AUTH_EXTERNAL_APPLE_SECRET)" +# Overrides the default auth redirectUrl. +redirect_uri = "" +# Overrides the default auth provider URL. Used to support self-hosted gitlab, single-tenant Azure, +# or any other third-party OIDC providers. +url = "" +# If enabled, the nonce check will be skipped. Required for local sign in with Google auth. +skip_nonce_check = false + +# Allow Solana wallet holders to sign in to your project via the Sign in with Solana (SIWS, EIP-4361) standard. +# You can configure "web3" rate limit in the [auth.rate_limit] section and set up [auth.captcha] if self-hosting. +[auth.web3.solana] +enabled = false + +# Use Firebase Auth as a third-party provider alongside Supabase Auth. +[auth.third_party.firebase] +enabled = false +# project_id = "my-firebase-project" + +# Use Auth0 as a third-party provider alongside Supabase Auth. +[auth.third_party.auth0] +enabled = false +# tenant = "my-auth0-tenant" +# tenant_region = "us" + +# Use AWS Cognito (Amplify) as a third-party provider alongside Supabase Auth. +[auth.third_party.aws_cognito] +enabled = false +# user_pool_id = "my-user-pool-id" +# user_pool_region = "us-east-1" + +# Use Clerk as a third-party provider alongside Supabase Auth. +[auth.third_party.clerk] +enabled = false +# Obtain from https://clerk.com/setup/supabase +# domain = "example.clerk.accounts.dev" + +[edge_runtime] +enabled = true +# Configure one of the supported request policies: `oneshot`, `per_worker`. +# Use `oneshot` for hot reload, or `per_worker` for load testing. +policy = "oneshot" +# Port to attach the Chrome inspector for debugging edge functions. +inspector_port = 8083 +# The Deno major version to use. +deno_version = 1 + +# [edge_runtime.secrets] +# secret_key = "env(SECRET_VALUE)" + +[analytics] +enabled = true +port = 54327 +# Configure one of the supported backends: `postgres`, `bigquery`. +backend = "postgres" + +# Experimental features may be deprecated any time +[experimental] +# Configures Postgres storage engine to use OrioleDB (S3) +orioledb_version = "" +# Configures S3 bucket URL, eg. .s3-.amazonaws.com +s3_host = "env(S3_HOST)" +# Configures S3 bucket region, eg. us-east-1 +s3_region = "env(S3_REGION)" +# Configures AWS_ACCESS_KEY_ID for S3 bucket +s3_access_key = "env(S3_ACCESS_KEY)" +# Configures AWS_SECRET_ACCESS_KEY for S3 bucket +s3_secret_key = "env(S3_SECRET_KEY)" diff --git a/supabase/functions/bazi-analyzer/index.ts b/supabase/functions/bazi-analyzer/index.ts new file mode 100644 index 0000000..8bab27b --- /dev/null +++ b/supabase/functions/bazi-analyzer/index.ts @@ -0,0 +1,145 @@ +// Supabase Edge Function: Bazi Analyzer +// This function analyzes Chinese Four Pillars (Bazi) astrology + +import { serve } from 'https://deno.land/std@0.168.0/http/server.ts' +import { createClient } from 'https://esm.sh/@supabase/supabase-js@2' + +const corsHeaders = { + 'Access-Control-Allow-Origin': '*', + 'Access-Control-Allow-Headers': 'authorization, x-client-info, apikey, content-type', +} + +interface BaziRequest { + birthDate: string + birthTime: string + gender: 'male' | 'female' + location?: string +} + +interface BaziResponse { + success: boolean + data?: { + fourPillars: { + year: { heavenlyStem: string; earthlyBranch: string } + month: { heavenlyStem: string; earthlyBranch: string } + day: { heavenlyStem: string; earthlyBranch: string } + hour: { heavenlyStem: string; earthlyBranch: string } + } + elements: { + wood: number + fire: number + earth: number + metal: number + water: number + } + analysis: { + personality: string + career: string + health: string + relationships: string + } + } + error?: string +} + +serve(async (req) => { + // Handle CORS preflight requests + if (req.method === 'OPTIONS') { + return new Response('ok', { headers: corsHeaders }) + } + + try { + // Initialize Supabase client + const supabaseClient = createClient( + Deno.env.get('SUPABASE_URL') ?? '', + Deno.env.get('SUPABASE_ANON_KEY') ?? '', + { + global: { + headers: { Authorization: req.headers.get('Authorization')! }, + }, + } + ) + + // Get the current user + const { + data: { user }, + } = await supabaseClient.auth.getUser() + + if (!user) { + return new Response( + JSON.stringify({ success: false, error: 'Unauthorized' }), + { + status: 401, + headers: { ...corsHeaders, 'Content-Type': 'application/json' }, + } + ) + } + + // Parse request body + const { birthDate, birthTime, gender, location }: BaziRequest = await req.json() + + if (!birthDate || !birthTime || !gender) { + return new Response( + JSON.stringify({ success: false, error: 'Missing required fields' }), + { + status: 400, + headers: { ...corsHeaders, 'Content-Type': 'application/json' }, + } + ) + } + + // TODO: Implement actual Bazi calculation logic + // For now, return mock data + const mockAnalysis: BaziResponse = { + success: true, + data: { + fourPillars: { + year: { heavenlyStem: '甲', earthlyBranch: '子' }, + month: { heavenlyStem: '乙', earthlyBranch: '丑' }, + day: { heavenlyStem: '丙', earthlyBranch: '寅' }, + hour: { heavenlyStem: '丁', earthlyBranch: '卯' }, + }, + elements: { + wood: 2, + fire: 1, + earth: 1, + metal: 0, + water: 1, + }, + analysis: { + personality: '性格温和,具有创造力,善于沟通。', + career: '适合从事创意、教育或咨询相关工作。', + health: '注意肝胆和心血管健康。', + relationships: '人际关系良好,容易获得他人信任。', + }, + }, + } + + // Save analysis to database + const { error: insertError } = await supabaseClient + .from('analysis_history') + .insert({ + user_id: user.id, + analysis_type: 'bazi', + input_data: { birthDate, birthTime, gender, location }, + result_data: mockAnalysis.data, + }) + + if (insertError) { + console.error('Error saving analysis:', insertError) + } + + return new Response(JSON.stringify(mockAnalysis), { + headers: { ...corsHeaders, 'Content-Type': 'application/json' }, + }) + } catch (error) { + console.error('Error in bazi-analyzer:', error) + return new Response( + JSON.stringify({ success: false, error: 'Internal server error' }), + { + status: 500, + headers: { ...corsHeaders, 'Content-Type': 'application/json' }, + } + ) + } +}) \ No newline at end of file diff --git a/supabase/functions/ziwei-analyzer/index.ts b/supabase/functions/ziwei-analyzer/index.ts new file mode 100644 index 0000000..986389d --- /dev/null +++ b/supabase/functions/ziwei-analyzer/index.ts @@ -0,0 +1,155 @@ +// Supabase Edge Function: Ziwei Analyzer +// This function analyzes Ziwei Doushu (Purple Star Astrology) + +import { serve } from 'https://deno.land/std@0.168.0/http/server.ts' +import { createClient } from 'https://esm.sh/@supabase/supabase-js@2' + +const corsHeaders = { + 'Access-Control-Allow-Origin': '*', + 'Access-Control-Allow-Headers': 'authorization, x-client-info, apikey, content-type', +} + +interface ZiweiRequest { + birthDate: string + birthTime: string + gender: 'male' | 'female' + location?: string +} + +interface ZiweiResponse { + success: boolean + data?: { + palaces: { + ming: { position: string; stars: string[] } + xiong: { position: string; stars: string[] } + cai: { position: string; stars: string[] } + guan: { position: string; stars: string[] } + tian: { position: string; stars: string[] } + fu: { position: string; stars: string[] } + zi: { position: string; stars: string[] } + nu: { position: string; stars: string[] } + qian: { position: string; stars: string[] } + ji: { position: string; stars: string[] } + tian2: { position: string; stars: string[] } + xiang: { position: string; stars: string[] } + } + mainStars: string[] + luckyStars: string[] + unluckyStars: string[] + analysis: { + personality: string + career: string + wealth: string + relationships: string + health: string + } + } + error?: string +} + +serve(async (req) => { + // Handle CORS preflight requests + if (req.method === 'OPTIONS') { + return new Response('ok', { headers: corsHeaders }) + } + + try { + // Initialize Supabase client + const supabaseClient = createClient( + Deno.env.get('SUPABASE_URL') ?? '', + Deno.env.get('SUPABASE_ANON_KEY') ?? '', + { + global: { + headers: { Authorization: req.headers.get('Authorization')! }, + }, + } + ) + + // Get the current user + const { + data: { user }, + } = await supabaseClient.auth.getUser() + + if (!user) { + return new Response( + JSON.stringify({ success: false, error: 'Unauthorized' }), + { + status: 401, + headers: { ...corsHeaders, 'Content-Type': 'application/json' }, + } + ) + } + + // Parse request body + const { birthDate, birthTime, gender, location }: ZiweiRequest = await req.json() + + if (!birthDate || !birthTime || !gender) { + return new Response( + JSON.stringify({ success: false, error: 'Missing required fields' }), + { + status: 400, + headers: { ...corsHeaders, 'Content-Type': 'application/json' }, + } + ) + } + + // TODO: Implement actual Ziwei calculation logic + // For now, return mock data + const mockAnalysis: ZiweiResponse = { + success: true, + data: { + palaces: { + ming: { position: '子', stars: ['紫微', '天府'] }, + xiong: { position: '丑', stars: ['太阳', '巨门'] }, + cai: { position: '寅', stars: ['天机', '太阴'] }, + guan: { position: '卯', stars: ['天同', '天梁'] }, + tian: { position: '辰', stars: ['七杀'] }, + fu: { position: '巳', stars: ['破军'] }, + zi: { position: '午', stars: ['廉贞', '贪狼'] }, + nu: { position: '未', stars: ['天相'] }, + qian: { position: '申', stars: ['天马'] }, + ji: { position: '酉', stars: ['文昌'] }, + tian2: { position: '戌', stars: ['文曲'] }, + xiang: { position: '亥', stars: ['左辅', '右弼'] }, + }, + mainStars: ['紫微', '天府', '太阳', '巨门', '天机', '太阴'], + luckyStars: ['文昌', '文曲', '左辅', '右弼', '天马'], + unluckyStars: ['擎羊', '陀罗', '火星', '铃星'], + analysis: { + personality: '性格高贵,具有领导才能,喜欢掌控全局。', + career: '适合从事管理、政治或高端服务业。', + wealth: '财运稳定,有贵人相助,投资需谨慎。', + relationships: '人际关系复杂,需要平衡各方利益。', + health: '注意心脏和血压问题,保持规律作息。', + }, + }, + } + + // Save analysis to database + const { error: insertError } = await supabaseClient + .from('analysis_history') + .insert({ + user_id: user.id, + analysis_type: 'ziwei', + input_data: { birthDate, birthTime, gender, location }, + result_data: mockAnalysis.data, + }) + + if (insertError) { + console.error('Error saving analysis:', insertError) + } + + return new Response(JSON.stringify(mockAnalysis), { + headers: { ...corsHeaders, 'Content-Type': 'application/json' }, + }) + } catch (error) { + console.error('Error in ziwei-analyzer:', error) + return new Response( + JSON.stringify({ success: false, error: 'Internal server error' }), + { + status: 500, + headers: { ...corsHeaders, 'Content-Type': 'application/json' }, + } + ) + } +}) \ No newline at end of file diff --git a/supabase/seed.sql b/supabase/seed.sql new file mode 100644 index 0000000..d4f07a8 --- /dev/null +++ b/supabase/seed.sql @@ -0,0 +1,82 @@ +-- Supabase AI Numerology Project Seed Data +-- This file contains initial data for the numerology analysis platform + +-- Enable necessary extensions +CREATE EXTENSION IF NOT EXISTS "uuid-ossp"; +CREATE EXTENSION IF NOT EXISTS "pgcrypto"; + +-- Create profiles table if it doesn't exist +CREATE TABLE IF NOT EXISTS public.profiles ( + id UUID REFERENCES auth.users(id) ON DELETE CASCADE PRIMARY KEY, + username TEXT UNIQUE, + full_name TEXT, + avatar_url TEXT, + birth_date DATE, + birth_time TIME, + birth_location TEXT, + created_at TIMESTAMP WITH TIME ZONE DEFAULT NOW(), + updated_at TIMESTAMP WITH TIME ZONE DEFAULT NOW() +); + +-- Create analysis_history table if it doesn't exist +CREATE TABLE IF NOT EXISTS public.analysis_history ( + id UUID DEFAULT uuid_generate_v4() PRIMARY KEY, + user_id UUID REFERENCES auth.users(id) ON DELETE CASCADE, + analysis_type TEXT NOT NULL CHECK (analysis_type IN ('bazi', 'ziwei', 'yijing', 'wuxing')), + input_data JSONB NOT NULL, + result_data JSONB NOT NULL, + created_at TIMESTAMP WITH TIME ZONE DEFAULT NOW() +); + +-- Enable Row Level Security +ALTER TABLE public.profiles ENABLE ROW LEVEL SECURITY; +ALTER TABLE public.analysis_history ENABLE ROW LEVEL SECURITY; + +-- Create policies for profiles table +CREATE POLICY "Users can view own profile" ON public.profiles + FOR SELECT USING (auth.uid() = id); + +CREATE POLICY "Users can update own profile" ON public.profiles + FOR UPDATE USING (auth.uid() = id); + +CREATE POLICY "Users can insert own profile" ON public.profiles + FOR INSERT WITH CHECK (auth.uid() = id); + +-- Create policies for analysis_history table +CREATE POLICY "Users can view own analysis history" ON public.analysis_history + FOR SELECT USING (auth.uid() = user_id); + +CREATE POLICY "Users can insert own analysis history" ON public.analysis_history + FOR INSERT WITH CHECK (auth.uid() = user_id); + +-- Create indexes for better performance +CREATE INDEX IF NOT EXISTS idx_analysis_history_user_id ON public.analysis_history(user_id); +CREATE INDEX IF NOT EXISTS idx_analysis_history_type ON public.analysis_history(analysis_type); +CREATE INDEX IF NOT EXISTS idx_analysis_history_created_at ON public.analysis_history(created_at DESC); + +-- Insert some sample data (optional) +-- Note: This would only work if there are existing users +-- INSERT INTO public.profiles (id, username, full_name) +-- VALUES ('00000000-0000-0000-0000-000000000000', 'demo_user', 'Demo User') +-- ON CONFLICT (id) DO NOTHING; + +-- Create a function to automatically create a profile when a user signs up +CREATE OR REPLACE FUNCTION public.handle_new_user() +RETURNS TRIGGER AS $$ +BEGIN + INSERT INTO public.profiles (id, username, full_name) + VALUES (NEW.id, NEW.email, NEW.raw_user_meta_data->>'full_name'); + RETURN NEW; +END; +$$ LANGUAGE plpgsql SECURITY DEFINER; + +-- Create trigger to automatically create profile on user signup +DROP TRIGGER IF EXISTS on_auth_user_created ON auth.users; +CREATE TRIGGER on_auth_user_created + AFTER INSERT ON auth.users + FOR EACH ROW EXECUTE FUNCTION public.handle_new_user(); + +-- Grant necessary permissions +GRANT USAGE ON SCHEMA public TO anon, authenticated; +GRANT ALL ON public.profiles TO anon, authenticated; +GRANT ALL ON public.analysis_history TO anon, authenticated; \ No newline at end of file