supabase · georgRusanov · Jul 13, 2025 · Jul 14, 2025 · Jul 14, 2025 · Jul 14, 2025
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -176,8 +176,13 @@ jobs:
           npm ci
           npm run build
 
+      - name: Install jq
+        run: sudo apt-get update && sudo apt-get install -y jq
+
       - name: Run integration tests
-        run: npm run test:integration || npm run test:integration
+        run: |
+          export SUPABASE_SERVICE_ROLE_KEY="$(supabase status --output json | jq -r '.SERVICE_ROLE_KEY')"
+          npm run test:integration || npm run test:integration
 
       - name: Stop Supabase
         if: always()

diff --git a/supabase/migrations/20250422000000_create_todos_table.sql b/supabase/migrations/20250422000000_create_todos_table.sql
@@ -3,15 +3,52 @@ CREATE TABLE IF NOT EXISTS public.todos (
     id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
     task TEXT NOT NULL,
     is_complete BOOLEAN NOT NULL DEFAULT FALSE,
-    created_at TIMESTAMPTZ NOT NULL DEFAULT NOW()
+    created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
+    user_id UUID REFERENCES auth.users(id)
 );
 
 -- Set up Row Level Security (RLS)
 ALTER TABLE public.todos ENABLE ROW LEVEL SECURITY;
 
--- Create policies
-CREATE POLICY "Allow anonymous access to todos" ON public.todos
-    FOR ALL
+-- Allow anonymous users to read all todos (public data)
+CREATE POLICY "Allow anonymous read access" ON public.todos
+    FOR SELECT
+    TO anon
+    USING (true);
+
+-- Allow anonymous users to insert todos (for backward compatibility with old tests)
+CREATE POLICY "Allow anonymous insert access" ON public.todos
+    FOR INSERT
     TO anon
-    USING (true)
     WITH CHECK (true);
+
+-- Allow anonymous users to delete todos (for backward compatibility with old tests)
+CREATE POLICY "Allow anonymous delete access" ON public.todos
+    FOR DELETE
+    TO anon
+    USING (true);
+
+-- Allow authenticated users to read their own todos
+CREATE POLICY "Allow authenticated read own todos" ON public.todos
+    FOR SELECT
+    TO authenticated
+    USING (auth.uid() = user_id);
+
+-- Allow authenticated users to insert their own todos
+CREATE POLICY "Allow authenticated insert own todos" ON public.todos
+    FOR INSERT
+    TO authenticated
+    WITH CHECK (auth.uid() = user_id);
+
+-- Allow authenticated users to update their own todos
+CREATE POLICY "Allow authenticated update own todos" ON public.todos
+    FOR UPDATE
+    TO authenticated
+    USING (auth.uid() = user_id)
+    WITH CHECK (auth.uid() = user_id);
+
+-- Allow authenticated users to delete their own todos
+CREATE POLICY "Allow authenticated delete own todos" ON public.todos
+    FOR DELETE
+    TO authenticated
+    USING (auth.uid() = user_id);
diff --git a/supabase/migrations/20250424000000_storage_anon_policy.sql b/supabase/migrations/20250424000000_storage_anon_policy.sql
@@ -0,0 +1,4 @@
+-- Create test bucket for storage tests
+insert into storage.buckets (id, name, public)
+values ('test-bucket', 'test-bucket', false)
+on conflict (id) do nothing;
diff --git a/test/deno/integration.test.ts b/test/deno/integration.test.ts
@@ -88,6 +88,64 @@ Deno.test(
         assertEquals(data.user!.email, email)
       })
 
+      await t.step('Authentication - should sign in and out successfully', async () => {
+        const email = `deno-signout-${Date.now()}@example.com`
+        const password = 'password123'
+
+        await supabase.auth.signUp({ email, password })
+        const { data, error } = await supabase.auth.signInWithPassword({ email, password })
+
+        assertEquals(error, null)
+        assertExists(data.user)
+        assertEquals(data.user!.email, email)
+
+        const { error: signOutError } = await supabase.auth.signOut()
+
+        assertEquals(signOutError, null)
+      })
+
+      await t.step('Authentication - should get current user', async () => {
+        const email = `deno-getuser-${Date.now()}@example.com`
+        const password = 'password123'
+
+        await supabase.auth.signUp({ email, password })
+        await supabase.auth.signInWithPassword({ email, password })
+
+        const { data, error } = await supabase.auth.getUser()
+
+        assertEquals(error, null)
+        assertExists(data.user)
+        assertEquals(data.user!.email, email)
+      })
+
+      await t.step('Authentication - should handle invalid credentials', async () => {
+        const email = `deno-invalid-${Date.now()}@example.com`
+        const password = 'password123'
+
+        await supabase.auth.signUp({ email, password })
+
+        const { data, error } = await supabase.auth.signInWithPassword({
+          email,
+          password: 'wrongpassword',
+        })
+
+        assertExists(error)
+        assertEquals(data.user, null)
+      })
+
+      await t.step('Authentication - should handle non-existent user', async () => {
+        const email = `deno-nonexistent-${Date.now()}@example.com`
+        const password = 'password123'
+
+        const { data, error } = await supabase.auth.signInWithPassword({
+          email,
+          password,
+        })
+
+        assertExists(error)
+        assertEquals(data.user, null)
+      })
+
       await t.step('Realtime - is able to connect and broadcast', async () => {
         const channelName = `channel-${crypto.randomUUID()}`
         let channel: RealtimeChannel