Restrict rescind_invitation RPC to authenticated callers

[riderx]

Summary (AI generated)

• Restricts public.rescind_invitation(email, org_id) so it is no longer callable by anon.
• Normalizes authorization outcomes by returning NO_RIGHTS for non-admin callers before org existence checks, removing org-enumeration leakage.
• Adds migration-level tests covering anonymous execution denial and non-admin behavior for missing organizations.

Motivation (AI generated)

• The previous RPC allowed unauthenticated probing with a publishable key and different error paths (NO_ORG vs NO_RIGHTS), enabling tenant discovery.
• Locking execution and adding assertions strengthens invitation-management security without changing authenticated user workflows.

Business Impact (AI generated)

• Lowers risk of targeted account/social-engineering attacks by removing an admin surface from unauthenticated users.
• Improves security posture with minimal operational impact on existing UI/CLI usage.

Test Plan (AI generated)

• bun lint
• bun lint:backend
• Reviewed PR diff with git diff origin/main...HEAD.
• Added tests in supabase/tests/28_test_new_migration_functions.sql for rescind_invitation anonymous permission denial and NO_RIGHTS consistency across invalid org IDs.

Screenshots

None (backend-only change).

Checklist

• My code follows the code style of this project and passes bun run lint:backend && bun run lint.
• My change requires a change to the documentation.
• My change has adequate E2E test coverage.
• I have tested my code manually, and I have provided steps how to reproduce my tests.

[coderabbitai]

Warning

Rate limit exceeded

@riderx has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 1 minutes and 38 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

📥 Commits

Reviewing files that changed from the base of the PR and between 6103e84 and 5b87302.

📒 Files selected for processing (2)

• supabase/migrations/20260227000000_fix_rescind_invitation_rpc_access.sql
• supabase/tests/28_test_new_migration_functions.sql

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch riderx/fix-rpc-invite-enum

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud