System updates

All projects

• PostgREST updated to v9.0.0
• Realtime updated to v0.19.0
• Storage updated to 0.10.0
• GoTrue to v2.2.10

New projects

• PostgreSQL updated to v14.1

Manual Changes Required

Update custom auth functions

Details

The PostgREST release notes document some changes to the way GUC variables are handled here.

Supabase has created a config flag in the Dashboard to ensure that this will not be a breaking change. These changes are required before you can upgrade to PostgreSQL 14+, or use Realtime RLS.

Supabase has already updated all the default auth functions (auth.uid(), auth.role() and auth.email()), however we have no way of updating functions which we have not written ourselves.

Affected

• Any project that have custom auth functions or generally any function that use legacy GUC naming convention to access JWT claims (eg current_setting('request.jwt.claims.XXX', true).
  • This change is required for PostgreSQL 14+.
  • This change is required for Realtime row level security

Unaffected

• New projects
• Existing projects who haven't written custom auth functions.

How to update

You need to update all functions that are using the legacy GUC naming convention (current_setting('request.jwt.claims.XXX', true)) to use the new convention (current_setting('request.jwt.claims', true)::json->>'XXX').

After you have made this change, you can safely

Example

For example, Supabase rewrote the auth.role() functions like this, to handle both legacy and new:

-- PREVIOUSLY
create or replace function auth.role() 
returns text 
language sql stable
as $$
  select current_setting('request.jwt.claim.role', true)::text;
$$;

-- UPDATED FUNCTION TO HANDLE NEW GUC NAMING SCHEME
create or replace function auth.role() 
returns text 
language sql stable
as $$
  select 
  	coalesce(
		current_setting('request.jwt.claim.role', true),
		(current_setting('request.jwt.claims', true)::jsonb ->> 'role')
	)::text
$$;