hi, I want to check the origin of the requests and compare it to my domain so that no one can change the data in my database except people on my site. I learned that you can write it via current_setting('request.headers.origin') I asked ChatGPT to write me such a function, and this is what it gave me:

sql
CREATE OR REPLACE FUNCTION rls_check(origin text)
RETURNS boolean AS $$
BEGIN
   RETURN origin = 'https://******.netlify.app';
END;
$$ LANGUAGE plpgsql;

a function that should return true or false, where the asterisks are my site name, everything is correct there, I took it from the header of the request.

sql
CREATE POLICY my_table_policy ON my_table
   FOR ALL
   TO my_user
   USING (rls_check(current_setting('request.headers.origin')) = true);

this rule in RLS as, I don't really understand sql, but I think that everything is correct here too. I added this code, tried different options, wrote manually, through sql editor nothing helps, I get a 404 error when sending or receiving a request. I think it's the function itself, because when I wrote

RETURN true

everything worked. What am I doing wrong? What could be wrong? What other solutions do you know? Thank you.

I am able to sign in with OAuth with the Twitter provider but when attempting to

auth().getUser()

i receive this error.

my auth setting won't load!

Hey !, Being tired of building auth system for every project, this time I've fortunately discovered Supabase which is great. The issue is that despite pretty clear documentation and couple example projects I haven't found something which would robustly demonstrate using Supabase auth in a cross-platform project, that is: register, login, e-mail activation, forgot password, e-mail / password change, 2FA TOTP handling. Every example that I've found so far, was rather toy which maybe calls Supabase API, but is somewhat incomplete or broken. I am using https://pub.dev/packages/supabase_flutter package and facing couple issues: 1. When using:

onAuthStateChange

during password change not getting

SIGNED_IN

or

PASSWORD_RECOVERY

events. (https://github.com/supabase/supabase/discussions/3360#discussioncomment-3947228) 2. When requesting signUp:

final res = await supabase.auth.signUp(email: email, password: password, emailRedirectTo:
        kIsWeb ? null : 'com.app.scheme://login-callback/');

The:

emailRedirectTo

option seem to be ignored (and default redirectTo option is used in URL instead), despite it being added to whitelist: https://app.supabase.com/project/projectId/auth/url-configuration in Redirect URLs section. 3. How to handle user requesting password change on their phone, but clicking link on a different device, e.g. desktop. Currently account is confirmed, but because:

onAuthStateChange

doesn't seem to be working, I can't notify user about account being somewhat ready... and if redirection issue mentioned in 2. is fixed, then link would be technically incorrect on desktop anyway. One of the options would be to disallow user accepting an e-mail without valid session, but I wasn't sure if such config option is possible. What's the recommended way? I am sure it's mostly me being the issue and please don't take it as a complaint. Project is great, it's just I am struggling to build robust basic workflow. Any hints appreciated.

Hi my question is about how should I make an online/offline system, example: A user is using the website so in the database he will be online, when it closes the website it should be offline.

Hi! I have a quick question - I have something like the following: Channel that listens to postgres inserts to a "messages" table: ` channel .on( 'postgres_changes', { event: 'INSERT', schema: 'public', table: 'messages', filter:

room_id=eq.${roomId}

}, (payload: any) => { console.log('Watching postgres changes: ', payload); } ) ...` and a function for updating messages:

// Get character message to user
export async function getNextMessage(
  roomId: number,
  ...
) {
...
  const nextMsgId = (await getLatestMsgId(client)) + 1;
  const new_msg = {
    id: nextMsgId,
    room_id: roomId,
    recipient_id: userId,
    sender_id: senderId,
    message,
  };
  const res = await client.from('messages_character_to_user').insert(new_msg);
}

Am just trying to run a basic proof of concept script involving these two locally, I am starting up the channel then running the message insertion, it seems like the rows are being added to Postgres DB but am not observing the

console.log('Watching postgres changes: ', payload);

going through, is this expected / what changes would you recommend for testing out realtime functionality locally, for a message-based chat app? Thanks!

Wondering what options there are to redirect to /login if the user isn't logged in. I did get it working by checking if the session exists and if not, loading the Auth component. I am using NextJS. However, I am using a Layout wrapper component, so the Auth loads inside of that. I tried doing this outside of the Layout wrapper but once logged in, it loads the site outside of the Layout wrapper and is missing nav, sidebars, etc... So I if I could redirect to a Page that uses a different layout, instead of a component. I thought maybe check the session exists and if not, redirect in the next.config but you can only import the session into an actual component.

hello, I am trying to use the Supabase Auth with Sveltekit. I am having issues with making the equivalent version of " import { supabase } from '$lib/supabaseClient' " in the 0.9 version, Can someone help? 🙂 I made the Supabase client in the src/hooks.server.ts

Hello, I'm investigating migrating our projects S3 and lambda implementation to supabase storage and edge functions. Currently our implementation uploads an mp3 file to and S3 bucket name "shorts". Then we have a lambda that is triggered for uploads to "shorts" with a certain prefix and converts the audio file from an mp3 to a wav and uploads that new file to a different bucket named "shorts-wav". Is their a way to trigger an edge function automatically when a new entry is added to storage in supabase? I saw some small examples of trigger sql functions on file uploads here https://github.com/supabase/supabase/discussions/6540, but I'm not sure how to tie that in to an edge function or something that can convert the audio files vs plsql or SQL. Any guidance on or pointers to docs, videos or other resources would be awesome and greatly appreciated. Thank you for your help!

I need to retrieve the user-id from my Chrome extension. I do this by setting up an API endpoint in my NextJS app. However, when I use

const { data: { user } } = await supabase.auth.getUser()

user is null, even though I'm logged in. I'd appreciate any guidance on what I'm doing wrong. My code (pages/api/userId.js):

import supabase from '../../lib/supabase-browser';

export default async function handler(req, res) {

    const { data: { user } } = await supabase.auth.getUser()
  
    if (user) {
      res.setHeader('Access-Control-Allow-Origin', '*');
      const userId = user.id; // retrieve the userId from Supabase
      res.status(200).json({ userId });
    } else {
      res.status(401).json({ error: 'User not authenticated' });
    }
  }

Hey! Found this list of strings that can be translated for the Auth UI React component: https://github.com/supabase/auth-ui/blob/main/packages/shared/src/localization/en.json. Any idea why it doesn't support the

confirmation_text

for

magic_link

( it's currently

Check your email for the magic link

, would love to be able to translate it as well to my language), or if it's planned any time soon? Thanks a lot, Pavol

where it is highlighted with red is where i add the session and everything is fine but what do i need to do where it is highlighted with green? and from what ive seen the auth.signOut() function removes items from LocalStorage, not sessions

I was following this guide and all was well until I reached one of the final parts. The guide seems to pull the session data out of thin air and I'm not sure how they've done it. Could anyone help me? Here's the guide: https://supabase.com/docs/guides/auth/auth-helpers/nextjs-server-components And this is the line I'm confused about:

ts
const { supabase, session } = useSupabase()

When saving an item to the database with its item id, are we to create different ids for the same item but different authenticated users? It is important to note that i am using the RLS rule that states authenticated users can only access their own data

Getting this error on the latest ver of SvelteKit

TypeError: __vite_ssr_import_0__.createClient is not a function
    at /src/lib/supabaseClient.js:4:24
    at async instantiateModule (file:///home/ev/courvix/pay/node_modules/vite/dist/node/chunks/dep-ca21228b.js:52420:9)

If I create a pro project then delete it 1 day later, do I get a prorated refund on the $25?

I tried the below code from Supabase doc, but I could not understand where accessToken comes from. #Next.js

'use client'

import { createContext, useContext, useState } from 'react'
import { createClient } from '../utils/supabase-browser'

const Context = createContext()

export default function SupabaseProvider({ children }) {
  const [supabase] = useState(() => createClient())

  useEffect(() => {
    const { data: { subscription } } = supabase.auth.onAuthStateChange((event, session) => {
      if (session?.access_token !== accessToken) {
        router.refresh()
      }
    })

    return () => subscription.unsubscribe()
  }, [accessToken])

  return (
    <Context.Provider value={{ supabase }}>
      <>{children}</>
    </Context.Provider>
  )
}

export const useSupabase = () => useContext(Context)

I set-up self-hosted with ssl cert and everything looks fine and working under https with Lets Encrypt certs, but when I tried to use https://supabase.com/docs/guides/database/extensions/pgnet with simple example

select net.http_get('https://news.ycombinator.com') as request_id;

I just got -

SSL peer certificate or SSH remote key was not OK

- Could somebody point me where should I look ? I'm using self-hosted supabase via docker compose with configured nginx as a revers proxy.

Hello, I have been following the steps here: https://supabase.com/docs/guides/self-hosting/docker#quick-start After I got the self-hosted db setup on Docker, then I set the anon_key to be the same as the one in docker/.env and the url to be 'http://localhost:8000' but when I try to run my Flutter app it says 'Connection Refused'. I already made sure I run 'docker compose up' before I run my flutter app. I can access the studio on 'http://localhost:3000' just fine. Is there anything I missed?

Hi folks, I've setup transparent column encryption following the Supabase tutorial, and I'm now trying to access the decrypted value from my JS client. I understand I could do it by querying the view directly, but I'd like to do it from a join. Is that possible? e.g.

await supabaseClient.from('job_definitions')
.select(`
  id,
  user:user_id(email),
  connection:connection_id(decrypted_access_token)
`).lt('last_synced_at', midnight)

i added an new provider msg91 on gotrue , i am not able to figure out how to test my code

I want to check if the user logged in and not log in in client side (pages)

I have a route

/foo

which always fetches the same data from supabase - no matter if the visitor is logged in or not. The problem: Because I use

supabaseServerClient().auth.getSession()

in the root

layout.tsx

the

/foo

route becomes dynamic - so the data gets unnecessarily re-fetched on every visit. To my understanding the new Next.js cache solves this problem by allowing me to cache the specific fetch in the

/foo

route while keeping the route dynamic. How can I pass the desired cache behavior to the server component supabase client?

Hi, we have Views that use the Auth's table phone field. Recently Supabase created a migration to alter the type of the phone field, this migration fails to execute do to our views. I created two separate timestamped migration to drop and recreated views. However Supabase own migrations are run after our migrations (regardless of timestamp) and local seed.sql. Is there a good way to handle Views? I guess in retrospect the obvious answer is to not depend on anything else than Supabase's primary keys, but duplicating data doesn't feel good.

Hey, this is probably a fairly simple question, but still wanted to make sure I am not firing too many requests or do this in an unclean way. I am trying to add more user data that is stored in different tables, e.g.

usernames

to the provider. E.g. ideally there'd be a

username

profile

object that contains more info about the logged in user, instead of having to rewrite client side queries. How would I add this to the provider code below. Would love to see some examples 🙏

'use client'

import type { Session } from '@supabase/auth-helpers-nextjs'
import { createContext, useContext, useState } from 'react'
import type { TypedSupabaseClient } from '../app/layout'
import { createBrowserClient } from '../utils/supabase-browser'

type MaybeSession = Session | null

type SupabaseContext = {
  supabase: TypedSupabaseClient
  session: MaybeSession
}

// @ts-ignore
const Context = createContext<SupabaseContext>()

export default function SupabaseProvider({
  children,
  session,
}: {
  children: React.ReactNode
  session: MaybeSession
}) {
  const [supabase] = useState(() => createBrowserClient())

  return (
    <Context.Provider value={{ supabase, session }}>
      <>{children}</>
    </Context.Provider>
  )
}

export const useSupabase = () => useContext(Context)

I'm using the

http

extension to make a POST request to an API route on Vercel. The error says

Operation timed out after 5001 milliseconds with 0 bytes received

Is this a limit on the free plan? Or is there something else that could be happening here?

I implement sign in with email and azure, the OnAuthSateChanged is firing when i sign in with email inside the app but when i use the azure login which opens up browser validates user and then reflects back to my app the OnAuthStateChanged doesn't fire up, but the supabase console shows that the user is logged in . I'm using flutter for my app.

only a reboot has fixed this for me i subscribed to the changes every time it shows that it subscribes again, but that's clearly not true because it's not triggering changes for me what's going on? why did it work good for months then now it doesn't?

Hi all, I just used the following and got back the public URL for the image url provided:

const { data } = supabase
  .storage
  .from('public-bucket')
  .getPublicUrl('avatars/myAvatar.png')

However when I try and access this image, I get resource not found. Any ideas? I am using the default policy for the Avatars folder: Avatar images are publicly accessible.

Hey guys, this question is more about architecture and opinions than about the subabase itself. I'm developing a website that helps psychologists manage their appointments and so on. And one of the functions that I want to develop is an automatic mail send to the patient about an appointment. I'm thinking of making 2 edge functions, one schedule that runs hourly, and one to really send an email. The hourly function will only get the appointments from the db that need to send the mail, and will call the second function for each mail. The reason for doing with 2 functions, is that the schedule will only get from db and call the promises for the sender function. That will threat the mail sending logic, this way the first function will not fall out of memory or timeout. I'm don't sure if the edge functions have a time or memory limit. If someone did something similar, please let me know. Thank you all!