Fix security warnings

supabase/migrations/20251020214036_8d0737a8-a881-40a2-9a58-7c0e261013ef.sql

@@ -0,0 +1,49 @@
+-- Fix search_path for security definer functions
+
+-- Drop and recreate update_updated_at_column with search_path
+DROP FUNCTION IF EXISTS update_updated_at_column() CASCADE;
+
+CREATE OR REPLACE FUNCTION update_updated_at_column()
+RETURNS TRIGGER AS $$
+BEGIN
+  NEW.updated_at = now();
+  RETURN NEW;
+END;
+$$ LANGUAGE plpgsql SECURITY DEFINER SET search_path = public;
+
+-- Recreate triggers
+CREATE TRIGGER update_profiles_updated_at
+  BEFORE UPDATE ON public.profiles
+  FOR EACH ROW EXECUTE FUNCTION update_updated_at_column();
+
+CREATE TRIGGER update_global_settings_updated_at
+  BEFORE UPDATE ON public.global_settings
+  FOR EACH ROW EXECUTE FUNCTION update_updated_at_column();
+
+CREATE TRIGGER update_container_settings_updated_at
+  BEFORE UPDATE ON public.container_settings
+  FOR EACH ROW EXECUTE FUNCTION update_updated_at_column();
+
+-- Drop and recreate handle_new_user with proper search_path
+DROP FUNCTION IF EXISTS public.handle_new_user() CASCADE;
+
+CREATE OR REPLACE FUNCTION public.handle_new_user()
+RETURNS TRIGGER AS $$
+BEGIN
+  INSERT INTO public.profiles (id, username)
+  VALUES (
+    NEW.id,
+    COALESCE(NEW.raw_user_meta_data->>'username', split_part(NEW.email, '@', 1))
+  );
+  
+  INSERT INTO public.global_settings (user_id)
+  VALUES (NEW.id);
+  
+  RETURN NEW;
+END;
+$$ LANGUAGE plpgsql SECURITY DEFINER SET search_path = public;
+
+-- Recreate trigger
+CREATE TRIGGER on_auth_user_created
+  AFTER INSERT ON auth.users
+  FOR EACH ROW EXECUTE FUNCTION public.handle_new_user();