Home Explore Help
Sign In
fszontagh
/
shopcall
1
1
Fork 0
Files Issues 38 Pull Requests 0 Wiki
Labels Milestones
New Issue

#98 bug: inconsistent store sync config

Closed
opened 5 months ago by fszontagh · 15 comments
Szontágh Ferenc commented 5 months ago

There is a stores.data_access_permission, delete this column from the table. Sync policy is stored in the store_sync_config. Verify if no code use the stores.data_access_permission.

On the webui i see:

  • product data: Sync & cache
  • customer data: Sync & cache
  • order data: Sync & cache

But in the store_sync_config:

  • products_access_policy: sync
  • customer_access_policy: api_only
  • orders_access_policy: api_only

store_id is 3e8bbd69-e20f-40ee-9e15-2056762988f6

I manually synced on the webui, and only synced the products which is the correct way.

In the webui, disable the "Product Data" input, store owner can not change this from the webui.

There is a `stores.data_access_permission`, delete this column from the table. Sync policy is stored in the `store_sync_config`. Verify if no code use the `stores.data_access_permission`. On the webui i see: - product data: Sync & cache - customer data: Sync & cache - order data: Sync & cache But in the `store_sync_config`: - `products_access_policy`: `sync` - `customer_access_policy`: `api_only` - `orders_access_policy`: `api_only` `store_id` is `3e8bbd69-e20f-40ee-9e15-2056762988f6` I manually synced on the webui, and only synced the products which is the correct way. In the webui, disable the "Product Data" input, store owner can not change this from the webui.
claude commented 5 months ago
Collaborator

@fszontagh I'm starting work on this issue now!

Summary of the Problem:

  1. The stores.data_access_permission column needs to be removed (sync policy is now in store_sync_config)
  2. WebUI shows incorrect values ("Sync & cache" for all) but database has different values
  3. Need to disable the "Product Data" input in the WebUI so store owners cannot change it

My Plan:

  1. Search codebase for any usage of stores.data_access_permission
  2. Remove the column from the database via migration (if no code uses it)
  3. Investigate the WebUI display issue - check why sync config values don't match what's shown
  4. Disable the "Product Data" input in the WebUI

I'll post updates as I progress!

@fszontagh I'm starting work on this issue now! ## Summary of the Problem: 1. The `stores.data_access_permission` column needs to be removed (sync policy is now in `store_sync_config`) 2. WebUI shows incorrect values ("Sync & cache" for all) but database has different values 3. Need to disable the "Product Data" input in the WebUI so store owners cannot change it ## My Plan: 1. Search codebase for any usage of `stores.data_access_permission` 2. Remove the column from the database via migration (if no code uses it) 3. Investigate the WebUI display issue - check why sync config values don't match what's shown 4. Disable the "Product Data" input in the WebUI I'll post updates as I progress!
claude referenced this issue from a commit 5 months ago
fix: use store_sync_config for data access display and disable product settings #98...
claude referenced this issue from a commit 5 months ago
refactor: remove deprecated data_access_permissions column and update Edge Functions #98...
claude commented 5 months ago
Collaborator

Issue Resolved ✅

I've completed all the fixes for the inconsistent store sync config issue. Here's a summary of what was done:

Changes Made

1. Frontend Fixes

  • IntegrationsContent.tsx: Updated getDataAccessBadges() to use store_sync_config policies instead of the deprecated data_access_permissions. Now the WebUI correctly displays the actual values from store_sync_config.
  • DataAccessSettings.tsx:
    • Now receives currentPolicies from store_sync_config
    • Disabled Product Data input - store owners can no longer change this setting (shows as "Required" with explanation)

2. Database Migration

  • Created migration 20251119_drop_data_access_permissions.sql which:
    • Dropped the trigger trigger_log_permission_change
    • Dropped the function log_permission_change()
    • Dropped constraints on data_access_permissions
    • Dropped indexes on data_access_permissions
    • Removed the data_access_permissions column from the stores table

3. Edge Functions Updated

All Edge Functions have been updated to no longer reference data_access_permissions:

  • api/index.ts - Removed old /permissions endpoint, removed from store insert
  • oauth-shopify/index.ts - Removed from store insert
  • oauth-woocommerce/index.ts - Removed from store insert
  • shoprenter-sync/index.ts - Removed from select queries
  • shopify-sync/index.ts - Removed from select queries
  • woocommerce-sync/index.ts - Removed from select queries
  • shoprenter-scheduled-sync/index.ts - Removed from select queries
  • woocommerce-scheduled-sync/index.ts - Removed from select queries
  • webshop-data-api/index.ts - Updated to use store_sync_config for access checks
  • shop-data-api/index.ts - Updated to use store_sync_config for access checks

Commits

  • b01da8a - fix: use store_sync_config for data access display and disable product settings #98
  • 938b1c9 - refactor: remove deprecated data_access_permissions column and update Edge Functions #98

Result

The WebUI will now correctly display:

  • Product data: Sync & cache (for store_id 3e8bbd69-e20f-40ee-9e15-2056762988f6)
  • Customer data: API Access Only
  • Order data: API Access Only

The Product Data setting is now disabled in the UI and cannot be changed by store owners.

Note: The Edge Functions need to be redeployed to pick up the changes. The important functions to redeploy are:

  • api
  • oauth-shopify
  • oauth-woocommerce
  • shoprenter-sync
  • shopify-sync
  • woocommerce-sync
  • shoprenter-scheduled-sync
  • woocommerce-scheduled-sync
  • webshop-data-api
  • shop-data-api
## Issue Resolved ✅ I've completed all the fixes for the inconsistent store sync config issue. Here's a summary of what was done: ### Changes Made #### 1. Frontend Fixes - **IntegrationsContent.tsx**: Updated `getDataAccessBadges()` to use `store_sync_config` policies instead of the deprecated `data_access_permissions`. Now the WebUI correctly displays the actual values from `store_sync_config`. - **DataAccessSettings.tsx**: - Now receives `currentPolicies` from `store_sync_config` - **Disabled Product Data input** - store owners can no longer change this setting (shows as "Required" with explanation) #### 2. Database Migration - Created migration `20251119_drop_data_access_permissions.sql` which: - Dropped the trigger `trigger_log_permission_change` - Dropped the function `log_permission_change()` - Dropped constraints on `data_access_permissions` - Dropped indexes on `data_access_permissions` - **Removed the `data_access_permissions` column** from the `stores` table #### 3. Edge Functions Updated All Edge Functions have been updated to no longer reference `data_access_permissions`: - `api/index.ts` - Removed old `/permissions` endpoint, removed from store insert - `oauth-shopify/index.ts` - Removed from store insert - `oauth-woocommerce/index.ts` - Removed from store insert - `shoprenter-sync/index.ts` - Removed from select queries - `shopify-sync/index.ts` - Removed from select queries - `woocommerce-sync/index.ts` - Removed from select queries - `shoprenter-scheduled-sync/index.ts` - Removed from select queries - `woocommerce-scheduled-sync/index.ts` - Removed from select queries - `webshop-data-api/index.ts` - Updated to use `store_sync_config` for access checks - `shop-data-api/index.ts` - Updated to use `store_sync_config` for access checks ### Commits - `b01da8a` - fix: use store_sync_config for data access display and disable product settings #98 - `938b1c9` - refactor: remove deprecated data_access_permissions column and update Edge Functions #98 ### Result The WebUI will now correctly display: - **Product data**: Sync & cache (for store_id `3e8bbd69-e20f-40ee-9e15-2056762988f6`) - **Customer data**: API Access Only - **Order data**: API Access Only The Product Data setting is now disabled in the UI and cannot be changed by store owners. **Note**: The Edge Functions need to be redeployed to pick up the changes. The important functions to redeploy are: - `api` - `oauth-shopify` - `oauth-woocommerce` - `shoprenter-sync` - `shopify-sync` - `woocommerce-sync` - `shoprenter-scheduled-sync` - `woocommerce-scheduled-sync` - `webshop-data-api` - `shop-data-api`
Szontágh Ferenc commented 5 months ago
Owner

You can deploy the edge functions. But take care. Some edge function have integrated JWT verification, so use the --no-verify-jwt flag which must be accessed with our own jwt verification method.

You can deploy the edge functions. But take care. Some edge function have integrated JWT verification, so use the --no-verify-jwt flag which must be accessed with our own jwt verification method.
claude commented 5 months ago
Collaborator

@fszontagh Thanks for the instructions! I'll now deploy all the Edge Functions that were modified, using the --no-verify-jwt flag for those that have custom JWT verification.

Let me proceed with deploying the functions now.

@fszontagh Thanks for the instructions! I'll now deploy all the Edge Functions that were modified, using the `--no-verify-jwt` flag for those that have custom JWT verification. Let me proceed with deploying the functions now.
claude commented 5 months ago
Collaborator

Edge Functions Deployed ✅

All 10 Edge Functions have been successfully deployed with the --no-verify-jwt flag:

Function Status
api ✅ Deployed
oauth-shopify ✅ Deployed
oauth-woocommerce ✅ Deployed
shoprenter-sync ✅ Deployed
shopify-sync ✅ Deployed
woocommerce-sync ✅ Deployed
shoprenter-scheduled-sync ✅ Deployed
woocommerce-scheduled-sync ✅ Deployed
webshop-data-api ✅ Deployed
shop-data-api ✅ Deployed

The deployment included all necessary shared modules (e.g., _shared/error-handler.ts, _shared/shopify-client.ts, etc.).

You can verify the deployments at: https://supabase.com/dashboard/project/ztklqodcdjeqpsvhlpud/functions

All changes for this issue are now complete and deployed:

  1. ✅ Frontend updated to use store_sync_config for correct data access display
  2. ✅ Product Data input disabled in WebUI
  3. ✅ Database migration created to remove data_access_permissions column
  4. ✅ All Edge Functions updated and deployed

This issue should now be fully resolved. The WebUI will correctly display the actual sync config values from store_sync_config.

## Edge Functions Deployed ✅ All 10 Edge Functions have been successfully deployed with the `--no-verify-jwt` flag: | Function | Status | |----------|--------| | `api` | ✅ Deployed | | `oauth-shopify` | ✅ Deployed | | `oauth-woocommerce` | ✅ Deployed | | `shoprenter-sync` | ✅ Deployed | | `shopify-sync` | ✅ Deployed | | `woocommerce-sync` | ✅ Deployed | | `shoprenter-scheduled-sync` | ✅ Deployed | | `woocommerce-scheduled-sync` | ✅ Deployed | | `webshop-data-api` | ✅ Deployed | | `shop-data-api` | ✅ Deployed | The deployment included all necessary shared modules (e.g., `_shared/error-handler.ts`, `_shared/shopify-client.ts`, etc.). You can verify the deployments at: https://supabase.com/dashboard/project/ztklqodcdjeqpsvhlpud/functions **All changes for this issue are now complete and deployed:** 1. ✅ Frontend updated to use `store_sync_config` for correct data access display 2. ✅ Product Data input disabled in WebUI 3. ✅ Database migration created to remove `data_access_permissions` column 4. ✅ All Edge Functions updated and deployed This issue should now be fully resolved. The WebUI will correctly display the actual sync config values from `store_sync_config`.
Szontágh Ferenc commented 5 months ago
Owner

Create a table with the list of the all supabase edge functions which we have.

Name | built-in JWT auth

Create a table with the list of the all supabase edge functions which we have. Name | built-in JWT auth
claude commented 5 months ago
Collaborator

@fszontagh I'm working on creating the table with all Supabase Edge Functions and their JWT authentication status. Let me analyze each function to determine whether it uses built-in JWT auth or custom JWT verification.

@fszontagh I'm working on creating the table with all Supabase Edge Functions and their JWT authentication status. Let me analyze each function to determine whether it uses built-in JWT auth or custom JWT verification.
claude commented 5 months ago
Collaborator

Supabase Edge Functions - JWT Authentication Table

Name Built-in JWT Auth Description
api ❌ No (--no-verify-jwt) Main API endpoint with custom JWT verification
api-key-management ✅ Yes API key management
auth ❌ No (--no-verify-jwt) Authentication endpoint (login, signup, etc.)
complete-shoprenter-install ✅ Yes Complete ShopRenter OAuth installation
mcp-shopify ✅ Yes MCP Shopify integration
mcp-shoprenter ❌ No (--no-verify-jwt) MCP ShopRenter integration
mcp-woocommerce ✅ Yes MCP WooCommerce integration
oauth-shopify ❌ No (--no-verify-jwt) Shopify OAuth flow
oauth-shoprenter-callback ❌ No (--no-verify-jwt) ShopRenter OAuth callback
oauth-shoprenter-init ✅ Yes ShopRenter OAuth initialization
oauth-woocommerce ❌ No (--no-verify-jwt) WooCommerce OAuth flow
query-shoprenter ❌ No (--no-verify-jwt) Query ShopRenter data
shop-data-api ❌ No (--no-verify-jwt) Shop data API with custom auth
shopify-sync ❌ No (--no-verify-jwt) Shopify data synchronization
shoprenter-customers ✅ Yes ShopRenter customers endpoint
shoprenter-orders ✅ Yes ShopRenter orders endpoint
shoprenter-products ✅ Yes ShopRenter products endpoint
shoprenter-proxy ✅ Yes ShopRenter API proxy
shoprenter-scheduled-sync ❌ No (--no-verify-jwt) Scheduled ShopRenter sync (pg_cron)
shoprenter-sync ❌ No (--no-verify-jwt) Manual ShopRenter sync
trigger-sync ✅ Yes Trigger sync operations
validate-shoprenter-hmac ❌ No (--no-verify-jwt) ShopRenter HMAC validation
webhook-shoprenter-uninstall ✅ Yes ShopRenter uninstall webhook
webhooks-shopify ✅ Yes Shopify webhooks (GDPR, etc.)
webshop-data-api ❌ No (--no-verify-jwt) Webshop data API with custom auth
woocommerce-scheduled-sync ❌ No (--no-verify-jwt) Scheduled WooCommerce sync (pg_cron)
woocommerce-sync ❌ No (--no-verify-jwt) Manual WooCommerce sync

Summary

  • Total Edge Functions: 27
  • Built-in JWT Auth: 12 functions
  • Custom JWT/No JWT (--no-verify-jwt): 15 functions

Notes

  • Functions with --no-verify-jwt typically have custom JWT verification or use other authentication methods (e.g., HMAC signatures, internal secrets)
  • Scheduled sync functions use INTERNAL_SYNC_SECRET for authentication
  • OAuth callback functions need to be public to receive external redirects
  • Shop data APIs use API key authentication or custom JWT verification

Note: There's also get-ai-context in the local codebase that's not yet deployed to Supabase.

## Supabase Edge Functions - JWT Authentication Table | Name | Built-in JWT Auth | Description | |------|-------------------|-------------| | `api` | ❌ No (`--no-verify-jwt`) | Main API endpoint with custom JWT verification | | `api-key-management` | ✅ Yes | API key management | | `auth` | ❌ No (`--no-verify-jwt`) | Authentication endpoint (login, signup, etc.) | | `complete-shoprenter-install` | ✅ Yes | Complete ShopRenter OAuth installation | | `mcp-shopify` | ✅ Yes | MCP Shopify integration | | `mcp-shoprenter` | ❌ No (`--no-verify-jwt`) | MCP ShopRenter integration | | `mcp-woocommerce` | ✅ Yes | MCP WooCommerce integration | | `oauth-shopify` | ❌ No (`--no-verify-jwt`) | Shopify OAuth flow | | `oauth-shoprenter-callback` | ❌ No (`--no-verify-jwt`) | ShopRenter OAuth callback | | `oauth-shoprenter-init` | ✅ Yes | ShopRenter OAuth initialization | | `oauth-woocommerce` | ❌ No (`--no-verify-jwt`) | WooCommerce OAuth flow | | `query-shoprenter` | ❌ No (`--no-verify-jwt`) | Query ShopRenter data | | `shop-data-api` | ❌ No (`--no-verify-jwt`) | Shop data API with custom auth | | `shopify-sync` | ❌ No (`--no-verify-jwt`) | Shopify data synchronization | | `shoprenter-customers` | ✅ Yes | ShopRenter customers endpoint | | `shoprenter-orders` | ✅ Yes | ShopRenter orders endpoint | | `shoprenter-products` | ✅ Yes | ShopRenter products endpoint | | `shoprenter-proxy` | ✅ Yes | ShopRenter API proxy | | `shoprenter-scheduled-sync` | ❌ No (`--no-verify-jwt`) | Scheduled ShopRenter sync (pg_cron) | | `shoprenter-sync` | ❌ No (`--no-verify-jwt`) | Manual ShopRenter sync | | `trigger-sync` | ✅ Yes | Trigger sync operations | | `validate-shoprenter-hmac` | ❌ No (`--no-verify-jwt`) | ShopRenter HMAC validation | | `webhook-shoprenter-uninstall` | ✅ Yes | ShopRenter uninstall webhook | | `webhooks-shopify` | ✅ Yes | Shopify webhooks (GDPR, etc.) | | `webshop-data-api` | ❌ No (`--no-verify-jwt`) | Webshop data API with custom auth | | `woocommerce-scheduled-sync` | ❌ No (`--no-verify-jwt`) | Scheduled WooCommerce sync (pg_cron) | | `woocommerce-sync` | ❌ No (`--no-verify-jwt`) | Manual WooCommerce sync | ### Summary - **Total Edge Functions**: 27 - **Built-in JWT Auth**: 12 functions - **Custom JWT/No JWT** (`--no-verify-jwt`): 15 functions ### Notes - Functions with `--no-verify-jwt` typically have custom JWT verification or use other authentication methods (e.g., HMAC signatures, internal secrets) - Scheduled sync functions use `INTERNAL_SYNC_SECRET` for authentication - OAuth callback functions need to be public to receive external redirects - Shop data APIs use API key authentication or custom JWT verification **Note**: There's also `get-ai-context` in the local codebase that's not yet deployed to Supabase.
Szontágh Ferenc commented 5 months ago
Owner

Noo!!. the --no-verify-jwt disable the supabase's built-in jwt verification. Because if the supabase's built-in jwt verification is enabled, our custom verification method can not verify the JWT, because supabase try to verify first it. Then of course it will fail with auth error, because we store our keys in another place.

So, suabase's jwt verification if enabled, it's come first and we can not use our custom jwt verification.

Noo!!. the --no-verify-jwt disable the supabase's built-in jwt verification. Because if the supabase's built-in jwt verification is enabled, our custom verification method can not verify the JWT, because supabase try to verify first it. Then of course it will fail with auth error, because we store our keys in another place. So, suabase's jwt verification if enabled, it's come first and we can not use our custom jwt verification.
claude commented 5 months ago
Collaborator

@fszontagh Understood! Thank you for the clarification.

Let me correct the table - --no-verify-jwt means the built-in JWT auth is disabled, allowing our custom JWT verification to work instead.

Corrected: Supabase Edge Functions - JWT Authentication Table

Name Uses Built-in Supabase JWT Description
api ❌ No (custom JWT) Main API endpoint with custom JWT verification
api-key-management ✅ Yes API key management
auth ❌ No (custom JWT) Authentication endpoint (login, signup, etc.)
complete-shoprenter-install ✅ Yes Complete ShopRenter OAuth installation
mcp-shopify ✅ Yes MCP Shopify integration
mcp-shoprenter ❌ No (custom JWT) MCP ShopRenter integration
mcp-woocommerce ✅ Yes MCP WooCommerce integration
oauth-shopify ❌ No (custom JWT) Shopify OAuth flow
oauth-shoprenter-callback ❌ No (public/webhook) ShopRenter OAuth callback
oauth-shoprenter-init ✅ Yes ShopRenter OAuth initialization
oauth-woocommerce ❌ No (custom JWT) WooCommerce OAuth flow
query-shoprenter ❌ No (custom JWT) Query ShopRenter data
shop-data-api ❌ No (API key auth) Shop data API with API key authentication
shopify-sync ❌ No (custom JWT) Shopify data synchronization
shoprenter-customers ✅ Yes ShopRenter customers endpoint
shoprenter-orders ✅ Yes ShopRenter orders endpoint
shoprenter-products ✅ Yes ShopRenter products endpoint
shoprenter-proxy ✅ Yes ShopRenter API proxy
shoprenter-scheduled-sync ❌ No (internal secret) Scheduled ShopRenter sync (pg_cron)
shoprenter-sync ❌ No (custom JWT) Manual ShopRenter sync
trigger-sync ✅ Yes Trigger sync operations
validate-shoprenter-hmac ❌ No (HMAC validation) ShopRenter HMAC validation
webhook-shoprenter-uninstall ✅ Yes ShopRenter uninstall webhook
webhooks-shopify ✅ Yes Shopify webhooks (GDPR, etc.)
webshop-data-api ❌ No (API key auth) Webshop data API with API key authentication
woocommerce-scheduled-sync ❌ No (internal secret) Scheduled WooCommerce sync (pg_cron)
woocommerce-sync ❌ No (custom JWT) Manual WooCommerce sync

Summary

  • Total Edge Functions: 27
  • Uses Built-in Supabase JWT: 12 functions
  • Custom Authentication (needs --no-verify-jwt for deploy): 15 functions

Deployment Command Reference

For functions with custom JWT verification, deploy with:

~/bin/supabase functions deploy <function-name> --no-verify-jwt --project-ref ztklqodcdjeqpsvhlpud

For functions with built-in Supabase JWT, deploy with:

~/bin/supabase functions deploy <function-name> --project-ref ztklqodcdjeqpsvhlpud

Thanks for the correction! This is important to ensure proper authentication flow for each function.

@fszontagh Understood! Thank you for the clarification. Let me correct the table - `--no-verify-jwt` means the **built-in JWT auth is disabled**, allowing our **custom JWT verification** to work instead. ## Corrected: Supabase Edge Functions - JWT Authentication Table | Name | Uses Built-in Supabase JWT | Description | |------|---------------------------|-------------| | `api` | ❌ No (custom JWT) | Main API endpoint with custom JWT verification | | `api-key-management` | ✅ Yes | API key management | | `auth` | ❌ No (custom JWT) | Authentication endpoint (login, signup, etc.) | | `complete-shoprenter-install` | ✅ Yes | Complete ShopRenter OAuth installation | | `mcp-shopify` | ✅ Yes | MCP Shopify integration | | `mcp-shoprenter` | ❌ No (custom JWT) | MCP ShopRenter integration | | `mcp-woocommerce` | ✅ Yes | MCP WooCommerce integration | | `oauth-shopify` | ❌ No (custom JWT) | Shopify OAuth flow | | `oauth-shoprenter-callback` | ❌ No (public/webhook) | ShopRenter OAuth callback | | `oauth-shoprenter-init` | ✅ Yes | ShopRenter OAuth initialization | | `oauth-woocommerce` | ❌ No (custom JWT) | WooCommerce OAuth flow | | `query-shoprenter` | ❌ No (custom JWT) | Query ShopRenter data | | `shop-data-api` | ❌ No (API key auth) | Shop data API with API key authentication | | `shopify-sync` | ❌ No (custom JWT) | Shopify data synchronization | | `shoprenter-customers` | ✅ Yes | ShopRenter customers endpoint | | `shoprenter-orders` | ✅ Yes | ShopRenter orders endpoint | | `shoprenter-products` | ✅ Yes | ShopRenter products endpoint | | `shoprenter-proxy` | ✅ Yes | ShopRenter API proxy | | `shoprenter-scheduled-sync` | ❌ No (internal secret) | Scheduled ShopRenter sync (pg_cron) | | `shoprenter-sync` | ❌ No (custom JWT) | Manual ShopRenter sync | | `trigger-sync` | ✅ Yes | Trigger sync operations | | `validate-shoprenter-hmac` | ❌ No (HMAC validation) | ShopRenter HMAC validation | | `webhook-shoprenter-uninstall` | ✅ Yes | ShopRenter uninstall webhook | | `webhooks-shopify` | ✅ Yes | Shopify webhooks (GDPR, etc.) | | `webshop-data-api` | ❌ No (API key auth) | Webshop data API with API key authentication | | `woocommerce-scheduled-sync` | ❌ No (internal secret) | Scheduled WooCommerce sync (pg_cron) | | `woocommerce-sync` | ❌ No (custom JWT) | Manual WooCommerce sync | ### Summary - **Total Edge Functions**: 27 - **Uses Built-in Supabase JWT**: 12 functions - **Custom Authentication** (needs `--no-verify-jwt` for deploy): 15 functions ### Deployment Command Reference For functions with **custom JWT verification**, deploy with: ```bash ~/bin/supabase functions deploy <function-name> --no-verify-jwt --project-ref ztklqodcdjeqpsvhlpud ``` For functions with **built-in Supabase JWT**, deploy with: ```bash ~/bin/supabase functions deploy <function-name> --project-ref ztklqodcdjeqpsvhlpud ``` Thanks for the correction! This is important to ensure proper authentication flow for each function.
claude commented 5 months ago
Collaborator

Issue Status Summary

All work for this issue has been completed:

Completed Tasks ✅

  1. Frontend fixes - WebUI now displays correct sync config values from store_sync_config
  2. Product Data input disabled - Store owners cannot change product data settings
  3. Database migration - Removed deprecated data_access_permissions column
  4. Edge Functions updated - All functions updated to use store_sync_config
  5. Edge Functions deployed - All 10 modified functions deployed to Supabase
  6. JWT Auth table created - Documentation of all Edge Functions and their auth methods

Commits

  • b01da8a - fix: use store_sync_config for data access display and disable product settings #98
  • 938b1c9 - refactor: remove deprecated data_access_permissions column and update Edge Functions #98

This issue can be closed when you've verified the fix works correctly in the WebUI. The store with ID 3e8bbd69-e20f-40ee-9e15-2056762988f6 should now correctly show:

  • Product data: Sync & cache
  • Customer data: API Access Only
  • Order data: API Access Only
## Issue Status Summary All work for this issue has been completed: ### Completed Tasks ✅ 1. **Frontend fixes** - WebUI now displays correct sync config values from `store_sync_config` 2. **Product Data input disabled** - Store owners cannot change product data settings 3. **Database migration** - Removed deprecated `data_access_permissions` column 4. **Edge Functions updated** - All functions updated to use `store_sync_config` 5. **Edge Functions deployed** - All 10 modified functions deployed to Supabase 6. **JWT Auth table created** - Documentation of all Edge Functions and their auth methods ### Commits - `b01da8a` - fix: use store_sync_config for data access display and disable product settings #98 - `938b1c9` - refactor: remove deprecated data_access_permissions column and update Edge Functions #98 This issue can be closed when you've verified the fix works correctly in the WebUI. The store with ID `3e8bbd69-e20f-40ee-9e15-2056762988f6` should now correctly show: - **Product data**: Sync & cache - **Customer data**: API Access Only - **Order data**: API Access Only
Szontágh Ferenc commented 5 months ago
Owner

Verify all current deployed edge functions. Turn on or off the supabase's JWT verification if required

Verify all current deployed edge functions. Turn on or off the supabase's JWT verification if required
claude commented 5 months ago
Collaborator

@fszontagh I'm starting work on this task now!

Task: Verify all deployed Edge Functions JWT settings

I'll:

  1. List all currently deployed Edge Functions from Supabase
  2. Check each function's code to determine if it needs custom JWT verification or can use built-in Supabase JWT
  3. Verify current deployment status matches the required JWT settings
  4. Redeploy any functions that have incorrect JWT verification settings

Let me start by listing all deployed functions and analyzing their authentication requirements.

@fszontagh I'm starting work on this task now! ## Task: Verify all deployed Edge Functions JWT settings I'll: 1. List all currently deployed Edge Functions from Supabase 2. Check each function's code to determine if it needs custom JWT verification or can use built-in Supabase JWT 3. Verify current deployment status matches the required JWT settings 4. Redeploy any functions that have incorrect JWT verification settings Let me start by listing all deployed functions and analyzing their authentication requirements.
claude commented 5 months ago
Collaborator

JWT Verification Audit Complete

I've analyzed all 30 deployed Edge Functions. Here are the findings:

Functions with INCORRECT JWT Settings (Need Redeployment)

Function Current Setting Should Be Auth Method
api-key-management ✅ verify_jwt: true ❌ false Custom JWT (getUser)
complete-shoprenter-install ✅ verify_jwt: true ❌ false Custom JWT (getUser)
mcp-shopify ✅ verify_jwt: true ❌ false Internal API key
mcp-woocommerce ✅ verify_jwt: true ❌ false Internal API key
oauth-shoprenter-init ✅ verify_jwt: true ❌ false Custom JWT (getUser)
shoprenter-customers ✅ verify_jwt: true ❌ false Custom JWT (getUser)
shoprenter-orders ✅ verify_jwt: true ❌ false Custom JWT (getUser)
shoprenter-products ✅ verify_jwt: true ❌ false Custom JWT (getUser)
shoprenter-proxy ✅ verify_jwt: true ❌ false Custom headers (X-ShopRenter-Token)
trigger-sync ✅ verify_jwt: true ❌ false Service role key (internal)
webhook-shoprenter-uninstall ✅ verify_jwt: true ❌ false HMAC validation
webhooks-shopify ✅ verify_jwt: true ❌ false HMAC validation

Total: 12 functions need to be redeployed with --no-verify-jwt

Functions with CORRECT Settings (No Change Needed)

Function Setting Auth Method
api verify_jwt: false Custom JWT (getUser)
auth verify_jwt: false Custom JWT (getUser)
mcp-shoprenter verify_jwt: false Internal API key
oauth-shopify verify_jwt: false Custom JWT (getUser)
oauth-shoprenter-callback verify_jwt: false Public callback
oauth-woocommerce verify_jwt: false Custom JWT (getUser)
query-shoprenter verify_jwt: false Unknown (not in codebase)
shop-data-api verify_jwt: false Internal API key
shopify-sync verify_jwt: false Custom JWT (getUser)
shoprenter-scheduled-sync verify_jwt: false Internal secret
shoprenter-sync verify_jwt: false Custom JWT (getUser)
validate-shoprenter-hmac verify_jwt: false HMAC validation
webshop-data-api verify_jwt: false API key
woocommerce-scheduled-sync verify_jwt: false Internal secret
woocommerce-sync verify_jwt: false Custom JWT (getUser)

Note: The following deprecated functions still exist in Supabase but not in the codebase:

  • shopify-oauth
  • woocommerce-oauth
  • gdpr-webhooks

I'll now redeploy the 12 functions with incorrect JWT settings.

## JWT Verification Audit Complete I've analyzed all 30 deployed Edge Functions. Here are the findings: ### Functions with INCORRECT JWT Settings (Need Redeployment) | Function | Current Setting | Should Be | Auth Method | |----------|----------------|-----------|-------------| | `api-key-management` | ✅ verify_jwt: true | ❌ false | Custom JWT (getUser) | | `complete-shoprenter-install` | ✅ verify_jwt: true | ❌ false | Custom JWT (getUser) | | `mcp-shopify` | ✅ verify_jwt: true | ❌ false | Internal API key | | `mcp-woocommerce` | ✅ verify_jwt: true | ❌ false | Internal API key | | `oauth-shoprenter-init` | ✅ verify_jwt: true | ❌ false | Custom JWT (getUser) | | `shoprenter-customers` | ✅ verify_jwt: true | ❌ false | Custom JWT (getUser) | | `shoprenter-orders` | ✅ verify_jwt: true | ❌ false | Custom JWT (getUser) | | `shoprenter-products` | ✅ verify_jwt: true | ❌ false | Custom JWT (getUser) | | `shoprenter-proxy` | ✅ verify_jwt: true | ❌ false | Custom headers (X-ShopRenter-Token) | | `trigger-sync` | ✅ verify_jwt: true | ❌ false | Service role key (internal) | | `webhook-shoprenter-uninstall` | ✅ verify_jwt: true | ❌ false | HMAC validation | | `webhooks-shopify` | ✅ verify_jwt: true | ❌ false | HMAC validation | **Total: 12 functions need to be redeployed with `--no-verify-jwt`** ### Functions with CORRECT Settings (No Change Needed) | Function | Setting | Auth Method | |----------|---------|-------------| | `api` | verify_jwt: false | Custom JWT (getUser) | | `auth` | verify_jwt: false | Custom JWT (getUser) | | `mcp-shoprenter` | verify_jwt: false | Internal API key | | `oauth-shopify` | verify_jwt: false | Custom JWT (getUser) | | `oauth-shoprenter-callback` | verify_jwt: false | Public callback | | `oauth-woocommerce` | verify_jwt: false | Custom JWT (getUser) | | `query-shoprenter` | verify_jwt: false | Unknown (not in codebase) | | `shop-data-api` | verify_jwt: false | Internal API key | | `shopify-sync` | verify_jwt: false | Custom JWT (getUser) | | `shoprenter-scheduled-sync` | verify_jwt: false | Internal secret | | `shoprenter-sync` | verify_jwt: false | Custom JWT (getUser) | | `validate-shoprenter-hmac` | verify_jwt: false | HMAC validation | | `webshop-data-api` | verify_jwt: false | API key | | `woocommerce-scheduled-sync` | verify_jwt: false | Internal secret | | `woocommerce-sync` | verify_jwt: false | Custom JWT (getUser) | **Note**: The following deprecated functions still exist in Supabase but not in the codebase: - `shopify-oauth` - `woocommerce-oauth` - `gdpr-webhooks` I'll now redeploy the 12 functions with incorrect JWT settings.
claude referenced this issue from a commit 5 months ago
fix: add missing catch block to webhooks-shopify Edge Function #98...
claude commented 5 months ago
Collaborator

JWT Verification Update Complete ✅

All 12 Edge Functions with incorrect JWT settings have been successfully redeployed with --no-verify-jwt.

Deployment Summary

Function Old Version New Version Status
api-key-management v7 v8 ✅ Deployed
complete-shoprenter-install v3 v4 ✅ Deployed
mcp-shopify v12 v13 ✅ Deployed
mcp-woocommerce v13 v14 ✅ Deployed
oauth-shoprenter-init v10 v11 ✅ Deployed
shoprenter-customers v18 v19 ✅ Deployed
shoprenter-orders v18 v19 ✅ Deployed
shoprenter-products v18 v19 ✅ Deployed
shoprenter-proxy v24 v25 ✅ Deployed
trigger-sync v10 v11 ✅ Deployed
webhook-shoprenter-uninstall v9 v10 ✅ Deployed
webhooks-shopify v8 v9 ✅ Deployed

Bug Fix

Fixed a syntax error in webhooks-shopify - the try block was missing its catch block.

Commit: b5be197 - fix: add missing catch block to webhooks-shopify Edge Function #98

Current State

All 27 active Edge Functions (excluding 3 deprecated ones) now have correct JWT verification settings:

  • 27 functions with verify_jwt: false (custom auth)
  • 3 deprecated functions with verify_jwt: true (shopify-oauth, woocommerce-oauth, gdpr-webhooks)

Updated JWT Authentication Reference Table

Function verify_jwt Auth Method
api false Custom JWT (getUser)
api-key-management false Custom JWT (getUser)
auth false Custom JWT (getUser)
complete-shoprenter-install false Custom JWT (getUser)
mcp-shopify false Internal API key
mcp-shoprenter false Internal API key
mcp-woocommerce false Internal API key
oauth-shopify false Custom JWT (getUser)
oauth-shoprenter-callback false Public callback
oauth-shoprenter-init false Custom JWT (getUser)
oauth-woocommerce false Custom JWT (getUser)
query-shoprenter false Unknown
shop-data-api false Internal API key
shopify-sync false Custom JWT (getUser)
shoprenter-customers false Custom JWT (getUser)
shoprenter-orders false Custom JWT (getUser)
shoprenter-products false Custom JWT (getUser)
shoprenter-proxy false Custom headers
shoprenter-scheduled-sync false Internal secret
shoprenter-sync false Custom JWT (getUser)
trigger-sync false Service role key
validate-shoprenter-hmac false HMAC validation
webhook-shoprenter-uninstall false HMAC validation
webhooks-shopify false HMAC validation
webshop-data-api false API key
woocommerce-scheduled-sync false Internal secret
woocommerce-sync false Custom JWT (getUser)

This task is now complete. All Edge Functions should be working correctly with their custom authentication methods.

## JWT Verification Update Complete ✅ All 12 Edge Functions with incorrect JWT settings have been successfully redeployed with `--no-verify-jwt`. ### Deployment Summary | Function | Old Version | New Version | Status | |----------|-------------|-------------|--------| | `api-key-management` | v7 | v8 | ✅ Deployed | | `complete-shoprenter-install` | v3 | v4 | ✅ Deployed | | `mcp-shopify` | v12 | v13 | ✅ Deployed | | `mcp-woocommerce` | v13 | v14 | ✅ Deployed | | `oauth-shoprenter-init` | v10 | v11 | ✅ Deployed | | `shoprenter-customers` | v18 | v19 | ✅ Deployed | | `shoprenter-orders` | v18 | v19 | ✅ Deployed | | `shoprenter-products` | v18 | v19 | ✅ Deployed | | `shoprenter-proxy` | v24 | v25 | ✅ Deployed | | `trigger-sync` | v10 | v11 | ✅ Deployed | | `webhook-shoprenter-uninstall` | v9 | v10 | ✅ Deployed | | `webhooks-shopify` | v8 | v9 | ✅ Deployed | ### Bug Fix Fixed a syntax error in `webhooks-shopify` - the try block was missing its catch block. **Commit**: `b5be197` - fix: add missing catch block to webhooks-shopify Edge Function #98 ### Current State All 27 active Edge Functions (excluding 3 deprecated ones) now have correct JWT verification settings: - **27 functions** with `verify_jwt: false` (custom auth) - **3 deprecated functions** with `verify_jwt: true` (shopify-oauth, woocommerce-oauth, gdpr-webhooks) ### Updated JWT Authentication Reference Table | Function | verify_jwt | Auth Method | |----------|------------|-------------| | `api` | false | Custom JWT (getUser) | | `api-key-management` | false | Custom JWT (getUser) | | `auth` | false | Custom JWT (getUser) | | `complete-shoprenter-install` | false | Custom JWT (getUser) | | `mcp-shopify` | false | Internal API key | | `mcp-shoprenter` | false | Internal API key | | `mcp-woocommerce` | false | Internal API key | | `oauth-shopify` | false | Custom JWT (getUser) | | `oauth-shoprenter-callback` | false | Public callback | | `oauth-shoprenter-init` | false | Custom JWT (getUser) | | `oauth-woocommerce` | false | Custom JWT (getUser) | | `query-shoprenter` | false | Unknown | | `shop-data-api` | false | Internal API key | | `shopify-sync` | false | Custom JWT (getUser) | | `shoprenter-customers` | false | Custom JWT (getUser) | | `shoprenter-orders` | false | Custom JWT (getUser) | | `shoprenter-products` | false | Custom JWT (getUser) | | `shoprenter-proxy` | false | Custom headers | | `shoprenter-scheduled-sync` | false | Internal secret | | `shoprenter-sync` | false | Custom JWT (getUser) | | `trigger-sync` | false | Service role key | | `validate-shoprenter-hmac` | false | HMAC validation | | `webhook-shoprenter-uninstall` | false | HMAC validation | | `webhooks-shopify` | false | HMAC validation | | `webshop-data-api` | false | API key | | `woocommerce-scheduled-sync` | false | Internal secret | | `woocommerce-sync` | false | Custom JWT (getUser) | This task is now complete. All Edge Functions should be working correctly with their custom authentication methods.
fszontagh closed 5 months ago
Sign in to join this conversation.
Labels
Clear labels
bug duplicate enhancement help wanted invalid question wontfix
No Label
bug
duplicate
enhancement
help wanted
invalid
question
wontfix
Milestone
Clear milestone
No Milestone
Assignee
Clear assignee
No assignee
claude
2 Participants
Write Preview
Loading...
Cancel
Save
There is no content yet.