fix missing semicolons (supabase#445)

* fix missing semicolons

* update migration

Author: soedirgo

ebssurrogate/files/unit-tests/unit-test-01.sql

@@ -24,10 +24,10 @@ SELECT has_schema('information_schema');
 SELECT has_schema('public');
 
 -- Check that service_role can execute certain pgsodium functions
-SELECT function_privs_are('pgsodium', 'crypto_aead_det_decrypt', array['bytea', 'bytea', 'uuid', 'bytea'], 'service_role', array['EXECUTE'])
-SELECT function_privs_are('pgsodium', 'crypto_aead_det_encrypt', array['bytea', 'bytea', 'uuid', 'bytea'], 'service_role', array['EXECUTE'])
-SELECT function_privs_are('pgsodium', 'crypto_aead_det_keygen', array[], 'service_role', array['EXECUTE'])
-SELECT function_privs_are('pgsodium', 'crypto_aead_det_noncegen', array[], 'service_role', array['EXECUTE'])
+SELECT function_privs_are('pgsodium', 'crypto_aead_det_decrypt', array['bytea', 'bytea', 'uuid', 'bytea'], 'service_role', array['EXECUTE']);
+SELECT function_privs_are('pgsodium', 'crypto_aead_det_encrypt', array['bytea', 'bytea', 'uuid', 'bytea'], 'service_role', array['EXECUTE']);
+SELECT function_privs_are('pgsodium', 'crypto_aead_det_keygen', array[], 'service_role', array['EXECUTE']);
+SELECT function_privs_are('pgsodium', 'crypto_aead_det_noncegen', array[], 'service_role', array['EXECUTE']);
 
 SELECT * from finish();
 ROLLBACK;

migrations/db/migrations/20221207154255_create_pgsodium_and_vault.sql

@@ -6,6 +6,19 @@ grant pgsodium_keyiduser to postgres with admin option;
 grant pgsodium_keyholder to postgres with admin option;
 grant pgsodium_keymaker  to postgres with admin option;
 
-create extension if not exists supabase_vault;
+do $$
+begin
+  if not exists (select from pg_extension where extname = 'supabase_vault') then
+    create extension supabase_vault;
+    -- Creating the extension creates a table and creates a security label on the table.
+    -- Creating the security label triggers a function that recreates these objects.
+    -- Since the recreation happens in an extension script, these objects become owned by the `supabase_vault` extension.
+    -- This is an issue because then we can't recreate these objects without also dropping the extension.
+    -- Thus we drop the dependency on the `supabase_vault` extension for these objects.
+    alter extension supabase_vault drop view pgsodium.decrypted_key;
+    alter extension supabase_vault drop function pgsodium.key_encrypt_secret;
+  end if;
+end;
+$$;
 
 -- migrate:down

migrations/schema.sql

@@ -510,6 +510,25 @@ END;
 $$;
 
 
+--
+-- Name: key_encrypt_secret(); Type: FUNCTION; Schema: pgsodium; Owner: -
+--
+
+CREATE FUNCTION pgsodium.key_encrypt_secret() RETURNS trigger
+    LANGUAGE plpgsql
+    AS $$
+    BEGIN
+            new.raw_key = CASE WHEN new.raw_key IS NULL THEN NULL ELSE
+                CASE WHEN new.parent_key IS NULL THEN NULL ELSE
+                        pgsodium.crypto_aead_det_encrypt(new.raw_key::bytea, pg_catalog.convert_to((new.id::text || new.associated_data::text)::text, 'utf8'),
+                new.parent_key::uuid,
+                new.raw_key_nonce
+              ) END END;
+    RETURN new;
+    END;
+    $$;
+
+
 --
 -- Name: extension(text); Type: FUNCTION; Schema: storage; Owner: -
 --
@@ -735,6 +754,35 @@ CREATE TABLE auth.users (
 COMMENT ON TABLE auth.users IS 'Auth: Stores user login data within a secure schema.';
 
 
+--
+-- Name: decrypted_key; Type: VIEW; Schema: pgsodium; Owner: -
+--
+
+CREATE VIEW pgsodium.decrypted_key AS
+ SELECT key.id,
+    key.status,
+    key.created,
+    key.expires,
+    key.key_type,
+    key.key_id,
+    key.key_context,
+    key.name,
+    key.associated_data,
+    key.raw_key,
+        CASE
+            WHEN (key.raw_key IS NULL) THEN NULL::bytea
+            ELSE
+            CASE
+                WHEN (key.parent_key IS NULL) THEN NULL::bytea
+                ELSE pgsodium.crypto_aead_det_decrypt(key.raw_key, convert_to(((key.id)::text || key.associated_data), 'utf8'::name), key.parent_key, key.raw_key_nonce)
+            END
+        END AS decrypted_raw_key,
+    key.raw_key_nonce,
+    key.parent_key,
+    key.comment
+   FROM pgsodium.key;
+
+
 --
 -- Name: schema_migrations; Type: TABLE; Schema: public; Owner: -
 --