Allow Write without Read

Hi there!

I think this is not possible with the current architecture of Thin, but I just wanted to verify before I go re-designing toward another solution. I am building a small Svelte app and I want to allow users to submit information via a form to be captured in the Thin database. These users are new and unauthenticated and I don’t want to force them to create an account.

I don’t want to allow the ability to read that data back via the Thin API (for now, viewing the data in the interface is enough for me). I may want to allow a specific user to read it in the future, but not “everyone.”

Is this impossible? I can’t seem to craft a policy that would allow for writing a record without the ability to subsequently read it by anyone. I also tried setting the policy to allow for reading by a specific user UUID only, but then no anonymous writes are allowed.

I think I’m just hitting the fact that Thin is just translating API calls directly to PSQL functions and PSQL isn’t designed for this type of control. Too bad, though, if that’s the case.


Update: I figured out that I can manually edit the policy and tried this:

CREATE POLICY "Everyone can create contact_requests" ON contact_requests FOR INSERT WITH CHECK (true);
CREATE POLICY "Admin can read" ON contact_requests FOR SELECT USING (ihp_user_id() = '[specific uuid]');

…but that fails on createRecord. I suspect it’s because createRecord might be performing a SELECT to return the result to the caller. Is there a way to tell it not to do that? The documentation suggests maybe not.

I discovered Vercel Postgres yesterday and have shifted to using that instead. That allows me to limit (via database credentials) the database connection within Vercel to just the application server. I think this is a more sensible approach given my use-case. But please comment if I’ve missed something!

Can you share the error message you get with createRecord?