So im doing reverse proxy for my supabase in docker and when in the web in default project on screen "Connecting to Default Project" and in the Dev Tools console its saying: ``GET https://web.example/api/profile/permissions 404``

Hi, I'm using the supabase js client on a Next.js app but I have 2 main concerns with this approach: - DB errors are exposed to the users (leaks info about data structure, constraints etc) - The anon key is exposed to the users (attackers can use my anon key to query the DB schema or even mess up with tables without RLS) So I tried to move all the Supabase client requests on the server (using API routes) but I quickly ran into an issue which was the following: calling

supabase.auth.signIn

doesn't persist any session since the request is made server side. Can you provide guidance on the steps I should take to make this work ? Is it even possible to use the supabase client only server side ? Thanks

I have a stored procedure / function on the public schema and I'd like to check if the email of a row is equal to auth.email() but unfortunately I get an error saying

access to auth schema denied

. I tried to create the function on the auth schema instead but then I can't call the procedure using the supabase client since

supabase.rpc('my_function')

is looking for public.my_function instead of auth.my_function

Hey there, I'm currently trying to set a

full_name_regex

constraint so there are no spaces before and after, one space between, and only letters. This works on my front end but for some reason always fails on my database insert.

ALTER TABLE profiles
ADD CONSTRAINT full_name_regex CHECK (full_name ~* '^\b(?!.*?\s{2})[A-Za-z ]{3,25}\b$');

Here is an example playground for this regex https://regex101.com/r/vb1KqW/2

I came to see this thread : https://discord.com/channels/839993398554656828/1047574193031610368 but my question is when the user opens the email and clicks on the link then that token is sent to the browser, not to my app, I guess there is a redirect after the link is clicked from the email, and that redirect is supposed to be create new password? I don't understand the logic here. Is there any specific thing I am missing? I have created a page where the user can type new password and that is sent through the API call with the auth token, but how does this work with reset password.

In the Auth Providers page for a project, in the section for the Apple provider, it states: "Apple secrets will self expire every 6 months. You will need to regenerate before the 6 months elapses otherwise your users using Apple Login will no longer be able to log back in." I want to automate this, but I don't see a way to set the secret key for the Apple provider programmatically. Is there a currently a way to accomplish that? If not, is it on the roadmap to provide this ability?

Is it possible to create a role that if the user has that role he can see a specific column in a table. But however if he doesn't have the role return another column

I accidentally deleted the "schema_migrations" table. I tried to recreate it like so: What else do I need to do to recover this?

$ npx supabase db remote commit
Applying migration 20230301210435_remote_commit.sql...
Error: ERROR: extension "supautils" is not available (SQLSTATE 0A000)
At statement 17: --
-- Name: supautils; Type: EXTENSION; Schema: -; Owner: -
--

CREATE EXTENSION IF NOT EXISTS "supautils" WITH SCHEMA "extensions"
Try rerunning the command with --debug to troubleshoot the error.

I have items that are "owned" by users. Users can trade or buy items off other users. Whats the best way to handle RLS for this if an item has text column "owner". If the new owner buys an item, I need to switch the owner ID but the new owner has no relation to the item at first. Would I just have to use the service key?

Moreover, when you trigger sending a magic link or password recovery, it doesn't seem to do anything, but it says "email sent".

I would like to allow users to sort projects, I have table called Projects I Display projects like this: User1 |1. ProjectName| |2. ProjectName| |3. ProjectName| |4. ProjectName| User2 |1. ProjectName| |2. ProjectName| |3. ProjectName| |4. ProjectName| Those projects have relation with user, what is the best approach on ordering them? I see many problems with adding a column "order" into projects table. I think attaching a array of project id's into user table is the best approach but I'm not an expert. Any thoughts?

Is there a way to use an email code instead of a link for the user to reset their password

I'm looking at the new Query Performance report page and I'm seeing that there is a query being called about 100 times per minute. The

Role

field says

supabase_admin

and

Time Consumed

says

46.9%

. Here is the query:

sql
with pub as (
    select
      concat_ws(
        $5,
        case when bool_or(pubinsert) then $6 else $7 end,
        case when bool_or(pubupdate) then $8 else $9 end,
        case when bool_or(pubdelete) then $10 else $11 end
      ) as w2j_actions,
      coalesce(
        string_agg(
          realtime.quote_wal2json(format($12, schemaname, tablename)::regclass),
          $13
        ) filter (where ppt.tablename is not null),
        $14
      ) w2j_add_tables
    from
      pg_publication pp
      left join pg_publication_tables ppt
        on pp.pubname = ppt.pubname
    where
      pp.pubname = $1
    group by
      pp.pubname
    limit $15
  ),
  w2j as (
    select
      x.*, pub.w2j_add_tables
    from
      pub,
      pg_logical_slot_get_changes(
        $2, $16, $3,
        $17, $18,
        $19, $20,
        $21, $22,
        $23, $24,
        $25, $26,
        $27, pub.w2j_actions,
        $28, pub.w2j_add_tables
      ) x
  )
  select
    xyz.wal,
    xyz.is_rls_enabled,
    xyz.subscription_ids,
    xyz.errors

--- ...shortened for character limit

I can tell this has to do with replication, but I can't figure out why it's being called so often. This query is being run while there are currently 3 or so active users. For reference, I set up a custom publication to stream data for three tables to a separate server, but the data in those tables only change once per day. Another thing I noticed that could be related is the Realtime logs are showing this log three times per second:

Billing metrics: [:realtime, :connections]

Any help for why this is happening?

So I have a separate table ``public.users`` with a ``username`` column and I'm primarily using OAuth (google) login. Is there a way, during initial sign up, to make the user submit a ``username`` to the ``users`` table? Should I sign the user in, and THEN prompt for a username? How would I handle closing the tab, changing URL paths, etc.

I have the following tables:

CREATE TABLE project (
  "id" "uuid" DEFAULT "extensions"."uuid_generate_v4"() NOT NULL,
  ...
)

CREATE TABLE project_user (
  "id" "uuid" DEFAULT "extensions"."uuid_generate_v4"() NOT NULL,
  "user_id" "uuid" NOT NULL,
  "project_id" "uuid" NOT NULL
)

CREATE TABLE interview (
  "id" "uuid" DEFAULT "extensions"."uuid_generate_v4"() NOT NULL,
  "project_id" "uuid" NOT NULL,
)

CREATE TABLE interview_question (
  "id" "uuid" DEFAULT "extensions"."uuid_generate_v4"() NOT NULL,
  "interview_id" "uuid" NOT NULL,
)

Essentially, users are added to projects in the project_user table. I'd like to add RLS to ensure that users can only SELECT / INSERT / UPDATE / DELETE interview questions if they can access the top level project table. Would it be possible to either send a new header value that shows what project the user is currently on and use that to reference the

project_user

table? Alternatively, would it be better (or more secure) to write an RLS command that does some joins to make sure that the

interview_question

is accessible by that

user

by seeing if there's an entry in the

project_user

table based on

interview_question

->

interview

->

project

?

I've set up my own logical replication alongside the supabase realtime replication. My publication is set up to stream all changes from four tables to another postgres database hosted locally (not set up with supabase). The local database is hosted on a server with 128gb of memory so I've set up the config to allow the database to be highly performant. However, the replication will work perfectly for a couple hours then get blasted with the following error logs:

2023-03-01 22:01:08.075 MST [742391] LOG:  logical replication apply worker for subscription "supabase_gis_subscription" has started
2023-03-01 22:01:08.076 MST [585675] LOG:  background worker "logical replication worker" (PID 634943) exited with exit code 1
2023-03-01 22:01:09.078 MST [742391] ERROR:  could not start WAL streaming: ERROR:  cannot read from logical replication slot "supabase_gis_subscription"
DETAIL:  This slot has been invalidated because it exceeded the maximum reserved size.

There are probably 100 of these logs. The only thing that happened is about 400 rows were updated on one of the publication tables. Those changes occurred over the course of about 10 minutes, so I can't imagine that was too much for the server to handle. Any help?

Hello everyone, could you please explain where is this function store in the architecture diagram? How does Supabase save Edge function metadata in this function store. (where in the source code)

I have two different operations for insertion in two related tables, first inserting in one and then using its id as foreign key and inserting data in second table in one api, but if insertion in second table fails I need to rollback first table insertion too, How do I achieve this? Im using supabasejs in my nodejs server.

Greetings everyone, hope all of you are doing well. When i tried to use supabase auth helpers library with my nextjs project, i get the following error: error - SyntaxError: Unexpected token 'export' /Users/mdaminuzzaman/Public/Work/Freelancer/NewsEngine/db-nextjs/node_modules/next/server.js:1 export { NextRequest } from 'next/dist/server/web/spec-extension/request' ^^^^^^ SyntaxError: Unexpected token 'export' at Object.compileFunction (node:vm:352:18) at wrapSafe (node:internal/modules/cjs/loader:1033:15) at Module._compile (node:internal/modules/cjs/loader:1069:27) at Object.Module._extensions..js (node:internal/modules/cjs/loader:1159:10) at Module.load (node:internal/modules/cjs/loader:981:32) at Function.Module._load (node:internal/modules/cjs/loader:822:12) at Module.require (node:internal/modules/cjs/loader:1005:19) at require (node:internal/modules/cjs/helpers:102:18) at Object. (/Users/mdaminuzzaman/Public/Work/Freelancer/NewsEngine/db-nextjs/node_modules/@supabase/auth-helpers-nextjs/dist/index.js:40:21) at Module._compile (node:internal/modules/cjs/loader:1105:14) { page: '/tools/generator' Please help me with this why this is happening.

Is there a way to invoke an edge function as a GET Request and not as a POST REquest? Something like the following won't work:

await useSupabaseClient().functions.invoke(
  `get-ticket-information/${props.ticketId}`,
  {
    headers: {
      method: 'GET',
    },
  }
)

Hey Guys, our users are currently unable to login, we're getting a 502 "An invalid response was received from the upstream server" error. This happens on Prod and Dev environments, with all OAuth-Providers and Username/Password login. We are in the Frankfurt region. In the auth logs, we see that a supabase-table migration tried to update the "phone" fields, but that it couldn't be updated because we're using these fields in a Postgres-View. Please help ASAP 🙂

Does any one know if can have multiple copies of local environment on different computer and how to keep them in sync with remote?

Hi everyone, From my understanding, on the platform is possible to have multiple database by having multiple projects which is great. But it looks like on the self-hosted version is not possible to do that except by editing the code. Is that correct or do I miss something? And do you have some steps where I can use multiple DB ? Thanks

I have successfully configured the OAuth app in GCP as described by the instructions and have enabled the Google provider in the Supabase console. Despite this, when I execute this code:

const { error } = await supabaseClient.auth.signInWithOAuth({
      provider: "google",
      options: { redirectTo },
    });

I am redirect to a page that tells me the

provider is not enabled

with a

400

code. How can I debug this or move forward?

Hi, I'm struggling to find from the doc, how to download w/ transformation a file from a public bucket?

For example, I have a table that stores the user nickname, emergency email, and emergency contact phone number. I want to allow people to search by user nickname, but should not be able to view that user's emergency email and emergency contact. How can I do that?

So I have this query:

const { data:user, error } = await supabase
        .from(this.TABLE_NAME)
        .select(`*,
            deck:aw-decks(*,
                cards:aw-deck-cards(card:card_id(*))
            ) 
        `)
        .eq('id',userID)
        .maybeSingle()

Which is returning this data:

{
  "id": 1,
  "created_at": "2022-09-10T01:37:22.741861+00:00",
  "username": "Lothar",
  "hero": 77,
  "deck_id": 1,
  "deck": {
    "id": 1,
    "name": "Alpha Starter",
    "cards": [
      {
        "card": {
          "id": 1,
          "name": "Ancient",
          "type": 0,
          "cost": 1,
          "key": "ancient",
          "attack": 2,
          "attackType": 2,
          "attackSlots": 5,
          "defense": 2,
          "defenseType": 2,
          "boonType": null,
          "statType": null
        }
      }
    ]
  }
}

Just wondering if there's a way to format the query so that I can instead get the cards object as this (basically without the sublevel

card

):

"cards": [
            {
                    "id": 1,
                    "name": "Ancient",
                    "type": 0,
                    "cost": 1,
                    "key": "ancient",
                    "attack": 2,
                    "attackType": 2,
                    "attackSlots": 5,
                    "defense": 2,
                    "defenseType": 2,
                    "boonType": null,
                    "statType": null
            }
        ]

Thanks!

for example i have a users table with - id - username - realname - avatarurl - birthday and i only want to make the id, username and realname public. is this possible?

I'm trying to set the password for a test user I've made, the only way I have found to do this is using password reset. I'm using Auth UI for login and password reset, copy pasted from the docs. But when trying to reset my password in my prod URL I get an error stating I've got NEXT_PUBLIC_SUPABASE_URL and NEXT_PUBLIC_SUPABASE_ANON_KEY in my .env. Haven't used them anywhere but it seems from the supabase docs that they just somehow ...magically work?

js
import { Auth, ThemeSupa } from '@supabase/auth-ui-react'
import { useUser, useSupabaseClient } from '@supabase/auth-helpers-react'
import { useEffect, useState } from 'react'

const LoginPage = () => {
  const supabaseClient = useSupabaseClient()
  const user = useUser()
  console.log("User is", user)
  if (!user)
    return (
      <Auth
        appearance={{ theme: ThemeSupa }}
        supabaseClient={supabaseClient}

      />
    )

  return (
    <>
      <p>Userdata is:</p>
      <pre>{JSON.stringify(user, null, 2)}</pre>
    </>
  )
}

export default LoginPage

Hey people, I currently have a Nuxt 3 app that is using the module and I am currently looking to generate my database TS types. I am using the CLI tool and running

npx supabase gen types typescript --db-url xxx.supabase.co

But it seems to keep returning this error

Error: URL is not a valid Supabase connection string: cannot parse "xxx.supabase.co": failed to parse as DSN (invalid dsn)

Any ideas on what I might be doing wrong?