Hey everybody, I whave built a next js application with supabase and supabase auth. For now I don't want anybody to be able to create an account and sign in and use the application. Instead I will like to restrict this access and create some sort of approval system where I have to manually approve. Has anybody experience in building such solution? If so on a high level, how do I go about it?

sql

create or replace function public.join_lobby_by_id(username_input text, pfp_input text, tag_input text, lobby_id int) 
returns int as $$
declare
  player_id int;
  players_number int;
  players_lobby int[];
  begin
    players_lobby := ARRAY[1,2,3,4];
    players_number = size from lobbies where id = lobby_id;

    player_id := (floor(random() * 9) + 1) * pow(10, 3);
    player_id := player_id + (floor(random() * 9) + 1) * pow(10, 2);
    player_id := player_id + (floor(random() * 9) + 1) * pow(10, 1);
    player_id := player_id + (floor(random() * 9) + 1) * pow(10, 0);

    if username_input LIKE '%>%' or username_input LIKE '%<%' or length(username_input) > 15 or length(username_input) < 3 then
      return -1;
      
    end if;
    insert into players(id, username, pfp, tag)
    values(player_id, username_input, pfp_input, tag_input);
    SELECT players INTO players_lobby
    FROM lobbies
    WHERE id = lobby_id;

    update lobbies 
    set players = array_append(players_lobby, player_id)
    where id = lobby_id;
    return player_id;
    
  end
$$ language plpgsql 
security definer set search_path = public;

Error: "\"[\" must introduce explicitly-specified array dimensions." "malformed array literal: \"[]\"" I'm trying to add a "player id" to another array that I want to take from the database

I have recently created a new db out of a dump of an existing db, and all seemed to work well until I added webhook triggers to a table. now every action throws an error like “function net.http_post does not exist”- and indeed this function doesn’t exist. I have tried to create this function with the query from the other database, but it doesn’t let me, saying I don’t belong to the supabase_admin role. Has anyone ever encountered this? how do I go about fixing this please?

Hello, i want to join two tables on equal values, but the only joins i found were based on equal column names or foreign keys, both are things i can't apply to my use case. Is there any possibility to do this?

Hello, I found some code with count on the supabase docs that can be used to check if a row exists but I'm not sure where to implement the match.

When I startup supabase with the cli (supabase start), migrations are run from supabase/migrations. How do I achieve similar when starting from docker compose? Here's the docker-compose.yml I'm using: https://github.com/supabase/supabase/blob/master/docker/docker-compose.yml I cloned the repo using these instructions: https://supabase.com/docs/guides/self-hosting/docker I see `docker/dev/data.sq`l and

docker/volumes/db/init/data.sql

Do I need to use those files somehow?

It seems that connecting to the Supabase dashboard has issues when using a computer other than the one that is hosting Supabase. A solution seems to exist if you are using the raw docker hosting: https://github.com/supabase/supabase/discussions/7126 It seems that changing the api url for studio from localhost to actual ip of the machine solves this problem, however I am using the Supabase cli to start up the services (supabase start) and I don't see an option for changing that url in the config.toml (https://supabase.com/docs/reference/cli/config). Is there a way to set those env variables when using the cli startup? Or will I have to use the raw docker compose setup? Thanks so much!

i just logged into supabase and discovered my data is missing (hence project down). can someone of the team take a look please? i am pretty sure i didn't explicitally delete anything and it seems like projects going on hold isn't supposed to delete data, too.

For sending emails related to supabase? Example: confrim signup, forgot password etc. This is how i use the mail in python:

python
import smtplib
from napkin import response, request


recipient = request.body['recipient']
referrer_name = request.body['referrer_name']


server = smtplib.SMTP('smtp.gmail.com', 587)
server.starttls()
server.login('test.info@gmail.com', 'XXXXX')

# Set the sender and recipient
sender = 'example.sender.info@gmail.com'

# Set the subject and body of the email
subject = 'Referral Closed'
body = f"""
Dear {referrer_name},

This is an example mail
"""""

# Construct the email
email = f'Subject: {subject}\n\n{body}'

# Send the email
server.sendmail(sender, recipient, email)

# Disconnect from the server
server.quit()

response.status_code = 200
response.body = "OK"

Can i use the this email to send emails from supabase?

I'm trying to pitch Supabase as a much simpler approach to building an app for a company I have a contract with. They have already started with Django and MySQL, but I could redo it all on Supabase in a couple of weeks, I think. I'm just afraid that they'll notice the "public beta" label and eliminate Supabase based only on that. If it'll be out of public beta in 2023, that would be great. If it is still two years away, that's another thing. Thanks!

Hi everyone! My project has: -apps (with a unique id e.g. b4c84d45-2a76-450a-ad74-f3d780770e94) -users (with a user-inputted id that is unique within each app but not necessarily unique across all apps e.g. "jack") I want to enforce the uniqueness of user's id within each app and, for example, look up "jack" within the app that has id b4c84d45-2a76-450a-ad74-f3d780770e94 I have tried to implement this using a composite primary key:

CREATE TABLE apps (
    id UUID PRIMARY KEY default uuid_generate_v4() unique,
    name VARCHAR(255) NOT NULL
);

CREATE TABLE users (
    id UUID not null,
    app_id UUID REFERENCES apps(id) on delete cascade not null,
    display_name VARCHAR(255),
    PRIMARY KEY (id, app_id)
);

But the error I get back in the Supabase editor is

Failed to run sql query: there is no unique constraint matching given keys for referenced table "users"

Any tips or help is appreciated!

I'm wondering if I am missing something. On my local instance I can use SSR to fetch data from supabase without issue. Here is my function which I believe is pretty minimal and should not take > 10seconds to respond.

export const getServerSideProps = async (ctx) => {
  const supabase = createServerSupabaseClient(ctx);
  const { report, client } = ctx.query;
  let { data, error } = await supabase
    .from(`reports`)
    .select('status, years_covered, year_end, progress, dates')
    .single()
    .eq('id', report);

  if (error) console.error(error);
  return { props: { report, client, data } };
};

I have both Supabase and Vercel region set in eu-west-2. I have no issue with CSR and have in fact moved a lot of my SSR code to the client to avoid this timeout but I feel like something is wrong. Surely I should be able to query one row from one table before Vercel timesout? Not saying this is a supabase issue but just wondering if anyone else has experienced it with Vercel/AWS? I am on vercel free tier and the issue did seem better when I was doing the pro trial. I will upgrade to pro but I feel like free tier should be able to handle this request? Thanks for your time 🙂 Github Discussion for search engines: https://github.com/supabase/supabase/discussions/12559

when trying this query

SELECT array_append(ARRAY['apple', 'banana', 'cherry'], ARRAY['date', 'elderberry']);

i get this error

Failed to run sql query: function array_append(text[], text[]) does not exist

I am currently building a SQL file that can be used to bootstrap a supabase project, but I cannot find a good way to make buckets public and turn on live for tables. Is this possible? Additionally, is there an easier way to export my supabase schemas to store in github so I don't have to keep destroying all my tables and rebuilding them from my sql query?

Hi -- I'm trying to run a Prisma migration in production and keep running into this issue after running the deploy command (which previously worked a month or so ago)

The database server at XXXXXX:5432 was reached but timed out. 
Please make sure your database server is running at XXXXXX:5432
Context: Timed out trying to acquire a postgres advisory lock (SELECT pg_advisory_lock(72707369)). Elapsed: 10000ms. See https://pris.ly/d/migrate-advisory-locking for details.

I'm running Prisma 4.8. I'm also deploying it from my local machine, not in a CI environment. (WSL2) I also recently upgraded my supabase postgres instance, so I'm wondering if that could have affected anything.

I tried uploading it to supabase but it didn't work Below is what i tried

<q-file
          type="file"
          style="padding: 8px; margin: 12px"
          label="Project picture"
          rounded
          outlined
          counter
          max-files="1"
          clearable
          use-chips
          max-file-size="3072000"
          v-model="file"
          accept=".png,.jpg,.gif,.avif,image/*"
          ><template v-slot:prepend><q-icon name="attach_file" /></template
        ></q-file>

  const savePic = async () => {
      try {
        const { error } = await supabase.storage.from("profiles").upload(file, {
          cacheControl: "3600",
          upsert: false,
        });
        if (error) throw error;
        statusMsg.value = "Successfully added";
        file.value = null;
      } catch (error) {
        error.value = "Error: ${error.message}";
        setTimeout(() => {
          error.value = false;
        }, 5000);
      }
    };

I've followed along with the user management tutorial in the docs for next.js but did things a little differently. Whenever a session is started after a user signs in/signs up using the auth ui component, I conditionally render a link to another page, a page in which I use the

useSession

hook provided by

supabase/auth-helpers-react

to pass in to a

Profile

component as a prop. This is the component where I am using a

useEffect

hook that has an asynchronous callback

getProfile()

where I filter through a table in my db and check if a rows id is equal to the id of the current user by using

.eq('id', user.id)

. This is the line that seems to be causing the error

TypeError: Cannot read properties of null (reading 'id')

. The sessioncontext is wrapped around

<Component {...pageProps} />

in

app.js

so user.id should be available everywhere right? Or would this only be possible if I was conditionally rendering the entire component in

index.js

like in the tutorial? I haven't been able to find any docs on the auth-helpers. Can any one help?

In making a sveltekit api the user can the call the endpoints and interact with superbase in those functions as the user through my own sveltekit front end when users are logged in I am sure the users can call the sveltekit api of my site when my website is live from other applications. Im curious though how I might be able to let those calls have a user session and the associated user privelidges when calling supabase functions I assume I would need to make a table to let users create api public and private key and then when the sveltekit api gets hit with the correct public and private key I would need to call supabase to verify it matches in the table and then somehow create a session for the user before proceeding with the api function Perhaps this is too complex or maybe makes perfect sense I am new to making api's so idk

I'm working on implementing a social media app. Currently, I'm focusing on the follow feature. In order for me to write and test many use cases, I need about 10 users to test with. Is there a way for me to insert new users into auth.users without having to actually go through the auth process for each one? I only have one phone number. Is there a better way to do this?

I am wondering what the best way is to handle OAuth sign in/ups when doing an Expo (React Native) app. Right now I am doing it like this: ./facebook.js

js
import { makeRedirectUri, startAsync } from "expo-auth-session";
import { supabase, supabaseUrl } from "../supabase";

export const signInWithFacebook = async () => {
  const redirectUrl = makeRedirectUri({
    path: "/auth/callback",
  });

  const authResponse = await startAsync({
    authUrl: `${supabaseUrl}/auth/v1/authorize?provider=facebook&redirect_to=${redirectUrl}`,
    returnUrl: redirectUrl,
  });

  if (authResponse.type === "success") {
    supabase.auth.setSession({
      access_token: authResponse.params.access_token,
      refresh_token: authResponse.params.refresh_token,
    });
  }
};

(Taken from https://dev.to/fedorish/google-sign-in-using-supabase-and-react-native-expo-14jf) I am in search for a more native way to achieve this. Any experiences or knowledge?

Im looking into introducing the ability for a user to upload,edit,delete data without making an account. It seems like the best solution would be to create a guest UUID and store it in cookies, then use this UUID in a rls policy. Does anyone have any examples (preferably nuxt but next is very helpful also) on how to send custom jwt data to supabase and access that using a policy?

In the database I have

readiness_items

which are linked to

readiness_tables

and I have a realtime subscription to each of the respective tables. There can be multiple "ReadinessTable" each with multiple "ReadinessItem". Whenever I add an item to an individual table, I get multiple messages back from the websocket. One message for each "ReadinessTable". Is this how it is supposed to work or have I missed something? In the following payload, you can see the

readinessTableId

is different than the one used in the topic.

javascript
{
  "event": "postgres_changes",
  "payload": {
    "data": {
      "columns": [...],
      "commit_timestamp": "2023-02-21T01:13:13Z",
      "errors": null,
      "record": {
        "completeDate": null,
        "createdAt": "2023-02-21T01:13:13.718137+00:00",
        "description": "Description of item",
        "id": "sj7hPjrvEarSVrM1kQpeC9",
        "meta": {},
        "readinessTableId": "9PVjE7ZjdVJFq5vk5X8YW1",
        "releaseId": "j7ZskHh1ieD4BDPT8onfTx",
        "status": "Not yet started",
        "teamId": "7HyBvzaHiAFZy5vLE7AuEe",
        "updatedAt": "2023-02-21T01:13:13.718137+00:00"
      },
      "schema": "public",
      "table": "readiness_items",
      "type": "INSERT"
    },
    "ids": [
      21927122
    ]
  },
  "ref": null,
  "topic": "realtime:readiness_items:readinessTableId=eq.inYnUf4R66mnqK22T6JjSz"
}

I have two tables in my public schema that reference the id in the auth.users. user_profiles_public: - user_id: the user the profile is for (primary key & foreign key referencing auth.users.id) - username: text - profile_picture: text - ... other user data user_requests: - initial_user_id: the id of a user who has made a request (composite primary key & foreign key referencing auth.users.id) - target_user_id: the id of the user the request was made to (composite primary key & foreign key referencing auth.users.id) - created_at: timestamp of when the request was made - ... other request data I am trying to get a list of all the users who have sent a request to the logged in user. i want to present this user with the username, profile picture, and how long ago they sent the request. my current working solution is to first query the requests table to get all the users, then iterate over that and fetch the required profiles. This feels inefficient but I cant figure out a way to join these tables in a supabaseJS query. is is this possible? if so how?

Is it okay for the ``ANON Key`` to be exposed to the public over here?

I'm using the Next.js Auth Helpers useUser hook to determine if the user is logged in on the app. However, when fetching the logged in user's account details inside an API route, calling getSession inside of the an API route as an extra check returns null.

When I use Graphql with flutter it receive 0 rows back if I have RLS enabled. If I disable RLS I receive data. When using the REST API I receive data when RLS is enabled so its not the RLS roles. Do I have to enable Anon access in RLS and if so how can I still guard access based on the logged in user on the client?

I've a custom schema

users

, and have granted permissions

sql
create schema if not exists users;
-- not sure which permissions are really needed
-- since I'm still getting permission denied
grant all on schema users to authenticated;
grant all on schema users to authenticator;
grant all privileges on schema users to authenticated;
grant all privileges on schema users to authenticator;

Inside the

users

schema, I've a table called

config

, with a security policy

sql
create table if not exists users.config
(
    id uuid primary key references auth.users,
    config jsonb not null default '{}'::jsonb
);
alter table users.config enable row level security;
create policy "Users can CRUD own config" on users.config
    for all
    using (id = auth.uid())
    with check (id = auth.uid());

Finally, I've a view with

security_invoker=on

in the

public

schema that exposes this table

sql
create or replace view public.user_config with (security_invoker=on) as
select *
from users.config;

Have also configured

Extra search path

in API settings of supabase to

public, extensions, common, users, wikis, minds

When querying via an authenticated user, I'm getting the following error on the frontend

js
{
  code: '42501',
  details: null,
  hint: null,
  message: 'permission denied for table config'
}

Postgres logs have the following (in first comment because the post was getting too long) Please help 😅 Thanks!

Hi community, here is another interesting issue i need some help with: #1: I am trying to fetch data from an external url like this The external API works fine: > WITH response AS ( > SELECT net.http_post( > url:='https://***/webservice/endpoint'::text, > headers:=jsonb_build_object( > 'Content-Type', 'application/json', > 'Authorization', concat('Bearer ', data->>'key') > ), > body:=req::jsonb, > timeout_milliseconds:=0 > ) AS id > FROM app_config_data > WHERE name = 'API_KEY' > LIMIT 1 > ) > SELECT id INTO http_id FROM response; #2: Now i am trying to get the response data like this. > SELECT * INTO http_res > FROM net.http_collect_response(request_id:=http_id, async:=false); #ISSUES: a) when calling the function from client API i get this error: "canceling statement due to statement timeout" b) when calling the function directly from DB, then i get html page and when rendering it (see screenshot) c) when removing the "async:=false" from "http_collect_response", then i get this error: Failed to run sql query: request matching request_id not found e) i tested the function with this public pi as well: https://dummyjson.com/products/1 (removed Authorization header for test) What am i doing wrong?

Hey! I was wondering if it was possible to send an image to a Supabase function and have it then upload it to a storage bucket. I don't see a format option in the web UI builder for file types except JSON. Thanks in advance!

Hey there, I'm building a web app with NextJS and Supabase. I tried to implement a twitter auth flow to my app but I always get the following:

{
  "message": "No API key found in request",
  "hint": "No `apikey` request header or url param was found."
}

My configuration seems to be alright so I don't really know why such behaviour appears.