From b8a0d5a5f360d620ca99a215f0c453e57e6e8315 Mon Sep 17 00:00:00 2001
From: Kurdistan Tech Ministry <info@pezkuwichain.io>
Date: Tue, 24 Feb 2026 06:28:16 +0300
Subject: [PATCH] fix: add storage RLS policies for p2p-payment-proofs bucket

Allow open INSERT/SELECT/DELETE on p2p-payment-proofs bucket since
users authenticate via wallet identity, not Supabase Auth.
---
 ...224070000_storage_payment_proofs_policy.sql | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)
 create mode 100644 web/supabase/migrations/20260224070000_storage_payment_proofs_policy.sql

diff --git a/web/supabase/migrations/20260224070000_storage_payment_proofs_policy.sql b/web/supabase/migrations/20260224070000_storage_payment_proofs_policy.sql
new file mode 100644
index 00000000..8a21d755
--- /dev/null
+++ b/web/supabase/migrations/20260224070000_storage_payment_proofs_policy.sql
@@ -0,0 +1,18 @@
+-- Storage policies for p2p-payment-proofs bucket
+-- Users are wallet-based (no auth.uid()), so policies must be open
+-- Proof files auto-expire in 1 day via cleanup-proofs edge function
+
+-- Allow anyone to upload payment proofs
+CREATE POLICY "Allow payment proof uploads"
+  ON storage.objects FOR INSERT
+  WITH CHECK (bucket_id = 'p2p-payment-proofs');
+
+-- Allow anyone to read payment proofs (public bucket)
+CREATE POLICY "Allow payment proof reads"
+  ON storage.objects FOR SELECT
+  USING (bucket_id = 'p2p-payment-proofs');
+
+-- Allow deletion (for cleanup-proofs edge function via service role)
+CREATE POLICY "Allow payment proof deletes"
+  ON storage.objects FOR DELETE
+  USING (bucket_id = 'p2p-payment-proofs');