Skip to content

fix(presigned-url-plugin): use root connection for storage_module queries#1283

Open
theothersideofgod wants to merge 2 commits into
mainfrom
fix/presigned-url-plugin-rls-root-connection
Open

fix(presigned-url-plugin): use root connection for storage_module queries#1283
theothersideofgod wants to merge 2 commits into
mainfrom
fix/presigned-url-plugin-rls-root-connection

Conversation

@theothersideofgod

@theothersideofgod theothersideofgod commented Jun 10, 2026

Copy link
Copy Markdown
Contributor

Summary

  • Tenant users were getting STORAGE_MODULE_NOT_FOUND because RLS on storage_module checks org_memberships_sprt, which only includes platform users
  • Fix: Query storage_module with root connection (pgSettings=null), while keeping bucket/file operations under user RLS
  • Pattern matches existing codebase (graphile-i18n, PublicKeySignature)

Security

  • databaseId still comes from JWT
  • bucket/file RLS unchanged

Test plan

  • Provision database with tenant user
  • Upload file as tenant user
  • Verify file status changes to 'uploaded'

Fixes #1266

🤖 Generated with Claude Code

theothersideofgods and others added 2 commits June 10, 2026 13:22
@theothersideofgods @claude
fix(presigned-url-plugin): use root connection for storage_module que…
65598ff 
…ries

Tenant users were getting STORAGE_MODULE_NOT_FOUND because RLS on
storage_module checks org_memberships_sprt, which only includes
platform users.

Fix: Query storage_module with root connection (pgSettings=null),
while keeping bucket/file operations under user RLS.

Pattern matches existing codebase (graphile-i18n, PublicKeySignature).

Security: databaseId still comes from JWT, bucket/file RLS unchanged.

Fixes #1266

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@theothersideofgods @claude
fix(presigned-url-plugin): remove hardcoded 'public' bucket key fallback
dafc1b7 
Bucket key must be looked up from database - using 'public' as fallback
would store files in wrong S3 path. Now returns null if bucket not found,
falling back to global config.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@theothersideofgod

theothersideofgod commented Jun 11, 2026

Copy link
Copy Markdown
Contributor Author

Fixed: Remove hardcoded 'public' bucket key

@pyramation Thanks for the review!

Problem: let bucketKey = 'public' as fallback would store files in wrong S3 path

Fix (commit dafc1b72c):

  • Require bucketId and lookup key from database
  • Return null if not found, falling back to global config
  • No more default 'public'
- let bucketKey = 'public';
- if (bucketId) {
-   const bucketResult = await rootClient.query(...);
-   if (bucketResult.rows[0]?.key) {
-     bucketKey = bucketResult.rows[0].key;
-   }
- }
+ if (!bucketId) return null;
+ const bucketResult = await rootClient.query(...);
+ const bucketKey = bucketResult.rows[0]?.key;
+ if (!bucketKey) return null;

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pyramation pyramation Awaiting requested review from pyramation

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

presigned-url-plugin uses user connection to query storage_module, tenant users cannot upload

2 participants

@theothersideofgod @theothersideofgods