From 5af91054f2b7cd3075380f162ab76f0cd49de4ec Mon Sep 17 00:00:00 2001
From: nrusso <nrusso@igichanges.com>
Date: Fri, 17 Nov 2023 00:01:47 -0300
Subject: [PATCH] docs: add supabase sql and readme info

---
 README.md                               | 16 ++++++-
 infrastructure/README.md                |  6 ---
 infrastructure/config                   |  2 -
 infrastructure/firewall.tf              | 59 -------------------------
 infrastructure/instance.tf              | 46 -------------------
 infrastructure/provider.tf              |  3 --
 infrastructure/script.sh                | 33 --------------
 infrastructure/supabase_permissions.sql | 42 ++++++++++++++++++
 infrastructure/vars.tf                  | 29 ------------
 infrastructure/versions.tf              |  8 ----
 10 files changed, 57 insertions(+), 187 deletions(-)
 delete mode 100644 infrastructure/README.md
 delete mode 100644 infrastructure/config
 delete mode 100644 infrastructure/firewall.tf
 delete mode 100644 infrastructure/instance.tf
 delete mode 100644 infrastructure/provider.tf
 delete mode 100644 infrastructure/script.sh
 create mode 100644 infrastructure/supabase_permissions.sql
 delete mode 100644 infrastructure/vars.tf
 delete mode 100644 infrastructure/versions.tf

diff --git a/README.md b/README.md
index cc9a0098..8b2c575b 100644
--- a/README.md
+++ b/README.md
@@ -89,9 +89,23 @@ The directory structures for business domains are as follows:
 
 > **Tip** I know it may sound repetitive, but it is not a framework. NExp is a set of tools or libraries working together through a common structure. All structural code within this project is not fixed and can be changed freely.
 
+### Supabase integration
+
+In the infrastructure folder there is a file called `supabase_permissions.sql` this file is used to manage permissions 
+with these tables.
+
+* roles
+* permissions
+* users_has_roles
+* roles_has_permissions
+
+And a function call `get_authorization`.
+
 ## Advantages
 
-The advantages of using this boilerplate is to save time thinking about certain basic structures common to any project to make an API without having to get everything from scratch. 
+The advantages of using this boilerplate are
+to save time thinking about certain basic structures common to any project to make an API
+without having to get everything from scratch. 
 
 As it is only a boilerplate, you have the freedom to structure the code whatever you want.
 
diff --git a/infrastructure/README.md b/infrastructure/README.md
deleted file mode 100644
index 23594d11..00000000
--- a/infrastructure/README.md
+++ /dev/null
@@ -1,6 +0,0 @@
-Copy your keys ssh here.
-
-Create a file called terraform.tfvars(like a .env file) with this data.
-File terraform.tfvars
-
-do_token="createToken-from-account-of-digital-ocean" FINGERPRINT="fingerprint-from-sshkey-in-digital-ocean" 
\ No newline at end of file
diff --git a/infrastructure/config b/infrastructure/config
deleted file mode 100644
index 1d44ddaf..00000000
--- a/infrastructure/config
+++ /dev/null
@@ -1,2 +0,0 @@
-Host github.com
-  StrictHostKeyChecking no
diff --git a/infrastructure/firewall.tf b/infrastructure/firewall.tf
deleted file mode 100644
index a512fe19..00000000
--- a/infrastructure/firewall.tf
+++ /dev/null
@@ -1,59 +0,0 @@
-
-resource "digitalocean_firewall" "experience" {
-  name = "only-22-80-and-443"
-
-  droplet_ids = [digitalocean_droplet.experience.id]
-
-  inbound_rule {
-    protocol = "tcp"
-    port_range = "22"
-    source_addresses = ["0.0.0.0/0"]
-  }
-
-  inbound_rule {
-    protocol = "tcp"
-    port_range = "80"
-    source_addresses = ["0.0.0.0/0", "::/0"]
-  }
-
-  inbound_rule {
-    protocol = "tcp"
-    port_range = "8089"
-    source_addresses = ["0.0.0.0/0", "::/0"]
-  }
-
-  inbound_rule {
-    protocol = "tcp"
-    port_range = "9002"
-    source_addresses = ["0.0.0.0/0", "::/0"]
-  }
-
-  inbound_rule {
-    protocol = "tcp"
-    port_range = "8027"
-    source_addresses = ["0.0.0.0/0", "::/0"]
-  }
-
-  outbound_rule {
-    protocol = "udp"
-    port_range = "53"
-    destination_addresses  = ["0.0.0.0/0", "::/0"]
-  }
-
-  outbound_rule {
-    protocol = "icmp"
-    destination_addresses = ["0.0.0.0/0", "::/0"]
-  }
-
-  outbound_rule {
-    protocol = "tcp"
-    port_range = "80"
-    destination_addresses = ["0.0.0.0/0", "::/0"]
-  }
-
-  outbound_rule {
-    protocol = "tcp"
-    port_range = "443"
-    destination_addresses = ["0.0.0.0/0", "::/0"]
-  }
-}
\ No newline at end of file
diff --git a/infrastructure/instance.tf b/infrastructure/instance.tf
deleted file mode 100644
index c44fbdba..00000000
--- a/infrastructure/instance.tf
+++ /dev/null
@@ -1,46 +0,0 @@
-resource "digitalocean_droplet" "experience" {
-  image  = var.IMAGE
-  name   = var.NAME
-  region = var.REGION
-  size   = var.SIZE
-  ssh_keys =[var.FINGERPRINT]
-
-  connection {
-        host = self.ipv4_address
-        user = "root"
-        type = "ssh"
-        private_key = file(var.PATH_TO_PRIVATE_KEY)
-        timeout = "2m"
-  }
-
-  provisioner "file" {
-    source      = "script.sh"
-    destination = "/tmp/script.sh"
-  }
-
-  provisioner "file" {
-    source = "id_rsa"
-    destination = "/tmp/id_rsa"
-  }
-
-  provisioner "file" {
-    source = "id_rsa.pub"
-    destination = "/tmp/id_rsa.pub"
-  }
-
-  provisioner "file" {
-    source = "config"
-    destination = "/tmp/config"
-  }
-
-  provisioner "remote-exec" {
-    inline = [
-      "chmod +x /tmp/script.sh",
-      "bash /tmp/script.sh",
-    ]
-  }
-
-  provisioner "local-exec" {
-    command = "echo ${digitalocean_droplet.experience.ipv4_address} >> public_ips.txt"
-  }
-}
diff --git a/infrastructure/provider.tf b/infrastructure/provider.tf
deleted file mode 100644
index d80cc8b9..00000000
--- a/infrastructure/provider.tf
+++ /dev/null
@@ -1,3 +0,0 @@
-provider "digitalocean" {
-  token = var.do_token
-}
diff --git a/infrastructure/script.sh b/infrastructure/script.sh
deleted file mode 100644
index 29a750b8..00000000
--- a/infrastructure/script.sh
+++ /dev/null
@@ -1,33 +0,0 @@
-#!/usr/bin/env bash
-
-# sleep until instance is ready
-until [[ -f /var/lib/cloud/instance/boot-finished ]]; do
-  sleep 1
-done
-
-apt update
-apt install apt-transport-https ca-certificates curl software-properties-common -y
-
-curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
-add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu focal stable"
-
-apt update
-apt install docker.io -y
-systemctl enable --now docker
-
-wget -O  /usr/local/bin/docker-compose https://github.com/docker/compose/releases/download/1.25.0/docker-compose-Linux-x86_64
-chmod +x /usr/local/bin/docker-compose
-
-useradd -m -G docker experience -s /bin/bash
-mkdir /home/experience/.ssh
-chown experience:experience /home/experience/.ssh
-cp ~/.ssh/authorized_keys /home/experience/.ssh/authorized_keys
-
-
-cp /tmp/id_rsa /home/experience/.ssh/id_rsa
-cp /tmp/id_rsa.pub /home/experience/.ssh/id_rsa.pub
-cp /tmp/config /home/experience/.ssh/config
-
-chmod 600 /home/experience/.ssh/id_rsa
-chown -R experience:experience /home/experience/.ssh
-
diff --git a/infrastructure/supabase_permissions.sql b/infrastructure/supabase_permissions.sql
new file mode 100644
index 00000000..41304ef3
--- /dev/null
+++ b/infrastructure/supabase_permissions.sql
@@ -0,0 +1,42 @@
+CREATE TABLE roles (
+  id UUID PRIMARY KEY DEFAULT uuid_generate_v4(),
+  name TEXT NOT NULL,
+  slug TEXT UNIQUE NOT NULL
+);
+
+CREATE TABLE permissions (
+  id UUID PRIMARY KEY DEFAULT uuid_generate_v4(),
+  name TEXT UNIQUE NOT NULL
+);
+
+CREATE TABLE users_has_roles (
+  user_id UUID NOT NULL,
+  role_id UUID NOT NULL,
+  PRIMARY KEY (user_id, role_id),
+  FOREIGN KEY (user_id) REFERENCES auth.users(id),
+  FOREIGN KEY (role_id) REFERENCES roles(id)
+);
+
+CREATE TABLE roles_has_permissions (
+  role_id UUID NOT NULL,
+  permission_id UUID NOT NULL,
+  PRIMARY KEY (role_id, permission_id),
+  FOREIGN KEY (role_id) REFERENCES roles(id),
+  FOREIGN KEY (permission_id) REFERENCES permissions(id)
+);
+
+CREATE OR REPLACE FUNCTION get_authorization(field_user_id UUID, permission_name TEXT) RETURNS BOOLEAN AS $$
+DECLARE
+    has_permission BOOLEAN;
+BEGIN
+    SELECT EXISTS (
+        SELECT 1
+        FROM users_has_roles uhr
+        JOIN roles_has_permissions rhp ON uhr.role_id = rhp.role_id
+        JOIN permissions p ON rhp.permission_id = p.id
+        WHERE uhr.user_id = field_user_id AND p.name = permission_name
+    ) INTO has_permission;
+
+    RETURN has_permission;
+END;
+$$ LANGUAGE plpgsql;
diff --git a/infrastructure/vars.tf b/infrastructure/vars.tf
deleted file mode 100644
index 89de7adf..00000000
--- a/infrastructure/vars.tf
+++ /dev/null
@@ -1,29 +0,0 @@
-variable "do_token" {}
-
-variable "FINGERPRINT" {}
-
-variable "REGION" {
-  default = "nyc1"
-}
-variable "SIZE" {
-  default = "s-1vcpu-1gb"
-}
-
-variable "IMAGE" {
-    default = "ubuntu-20-04-x64"
-}
-
-variable "PATH_TO_PRIVATE_KEY" {
-  default = "id_rsa"
-}
-
-variable "PATH_TO_PUBLIC_KEY" {
-  default = "id_rsa.pub"
-}
-variable "INSTANCE_USERNAME" {
-  default = "root"
-}
-
-variable "NAME" {
-  default = "experience"
-}
\ No newline at end of file
diff --git a/infrastructure/versions.tf b/infrastructure/versions.tf
deleted file mode 100644
index ce94a0ca..00000000
--- a/infrastructure/versions.tf
+++ /dev/null
@@ -1,8 +0,0 @@
-terraform {
-  required_providers {
-    digitalocean = {
-      source = "digitalocean/digitalocean"
-    }
-  }
-  required_version = ">= 0.13"
-}