Hi, I've had a bug coming and going for a while now, and I can't identify where it comes from. I was hoping you could help me figure that out 😅 I've got two separate projects in supabase:

app-staging

and

app-prod

, each deployed to a separate domain, but sometimes when I click the

login

button in

app-staging

, I get (successfully) logged into

app-prod

... and the weirdest thing is that it's only sometimes - sometimes it logs me into

app-staging

as expected. And it never happens the other way around (thank god!) -

app-prod

login always routes to

app-prod

,

app-staging

login routes sometimes to

app-staging

and sometimes to

app-prod

🤯 I use exclusively Google OAuth to log into the app, and I have created two separate OAuth Client ID's in the Google console - one for each environment. I have already checked the following (multiple times): - I use

supabase.auth.signInWithOAuth({ provider: 'google' })

to login, and each environment has the right instance of supabase (i.e. with the right respective supabase url and anon key) - each Google OAuth Client ID only has one single domain as "Authorized Javascript origins" and as "Authorized redirect URIs" (respectively the staging / prod domain) - in supabase studio, each project has Google auth configured with their respective Client ID and Client Secret (different) - in supabase studio, each project has the right Site URL (different) set in the Authentication URL Configuration - I have tried with different browsers / devices, the same issue occurs Any idea where it could come from or what else I could check / do? Thanks for your help 🙏🏻

I'm having some difficulties understanding RLS. How would I allow SELECT, INSERT, and UPDATE for a specific user and allow ALL for another user on any row. It seems like I need a field for a group or an array of users in the table I'm trying to work with.

nvmd. i found a resource

see attached

I'm implementing

realtime-py

to trigger the event INSERT from the table. So I can not get the data from the table. See the attachment below, how can I fix that?

hi is there any way to do a CASE WHEN ... in the javascript SDK? i'm getting some crazy hallucinations from the AI 😁

I am using auth/sign-in/up via device with limited firewall rules, and I need to allow each address manually, what are domain/ips of services/processes used in auth

Hello good people I am creating a account/password manager app for personal use and to learn supabase/sql skills. Now I am a bit stuck with how I would store the data. Each user will have many accounts, each containing a username or email, and password. How can I do this with SQL I am new to, would a table connected to each user be bad?

I wrote a function called add_or_update_react(p_react TEXT, p_user_id UUID, p_post_id BIGINT). I'm calling it from my Swift client, but all I get is 404s. I think I used to be able to see a reason for 404 failures, but I can't seem to find that anymore. How can I get more information regarding why my function call is failing?

Postgis works in sql editor but not in rpc functions. Can someone help me please?

I'm self-hosting supabase and am starting explore the edge-runtime that recently came out. My organization uses self-signed certs for some things, but it seems there isn't a way to easily accompodate this for edge-runtime. I'm a newbie to rust, and not quite sure what I can do to modify the code to allow for loading system certs, but it seems this might already be on Supabase's radar. https://github.com/supabase/edge-runtime/blob/8ccc554746c346851bf2058c0880fc36d8b97dac/crates/base/src/edge_runtime.rs#L122

Fairly regularly, all of my tables disappear and I see an error in the Table Editor saying there are No Entities. Then, 5 - 15 minutes later, all the tables and data are back. Why does this happen?

I am using sveltekit I create my client like so

ts
createClient<SupabaseSchema>(SUPABASE_URL, SUPABASE_ANON_KEY, { auth: { persistSession: false } })

I confirm a user is logged in like so

ts
    const { data: { user }, error } = await supabase.auth.getUser()
    if (error) throw error;
    if (!user) throw redirect(303, "/login")

I have also tried using

getSession

instead of

getUser

but it always returns null. I've tried all the variations on which way to login / check logged in for users. Just need someone to point me in the direction of the actual correct way to do all this authentication. There's so many conflicting answers on the internet and none of them are working for me

Hello, I want to add users on my private dashboard panel (NEXTJS) and when I create a new user, don't needed to send by email a confirmation, auto confirm the account

A weird issue is happening with my reset password A user enters email to reset password The link in the email redirects to

/update-password

And my

hooks.server.ts

marks the user has not being logged in, so redirects them to

/login

But after that redirect to the login page, if I go back to

/update-password

manually via the search bar, it says that I'm logged in and lets me update my password just fine. It's almost like it takes half a second to login the user, enough time to fool the hook into thinking they aren't logged in Here's is the relevant code

hooks.server.ts

ts
 
    // Supabase setup
    event.locals.supabase = createSupabaseServerClient<SupabaseSchema>({
        supabaseUrl: PUBLIC_SUPABASE_URL,
        supabaseKey: PUBLIC_SUPABASE_ANON_KEY,
        event
    });
    event.locals.getSession = async () => {
        const { data: { session } } = await event.locals.supabase.auth.getSession();
        return session;
    };

        // Unimportant code
        event.locals.profile = new Profile(event.locals.supabase)
    if (noLoginRoutes.includes(event.url.pathname)) return await resolve(event);

        // This is where the request is checked to see if they are logged in or not
        if (!await event.locals.getSession()) { console.log("not logged in"); throw redirect(303, "/login") } 

    return await resolve(event);

reset-password/+page.server.ts

ts
        const { data, error } = await locals.supabase.auth.resetPasswordForEmail(email, {
            redirectTo: url.origin + "/update-password"
        });

        if (error) return fail(500, { error: { message: error.message } })

The

update-password

route works a-ok, the main issue lies in the hook Should I just allow users that aren't logged in to update passwords, add a 1 or 2 second timeout before checking if they are logged in (terrible idea probably) or figure out why the hook is falsely thinking a user isn't logged in when they are?

I always start with a tested and deployed function. It worked. when I tried to test a newly created function it started erroring out. Moreover, the tested functions which I had working before? that's erroring out too. see attached logs.

I have a select like this:

js
const guild_result = await supabase.from('user_guild').select(`
        guild_id,
        enabled,
        guild (
            guild_name,
            icon
        )
    `);

And it returns a structure like:

js
[
  {
    guild_id: '',
    enabled: false,
    guild: {
      guild_name: '',
      icon: ''
    }
  }
]

Is possible for it to return

js
[
  {
    guild_id: '',
    enabled: false,
    guild_name: '',
    icon: ''
  }
]

I'm currently building an app that requires a lot of reads to the DB. (NEXT js) Currently the calls are exposed on the client, so i'm thinking it'd be nice to either: 1. continue to expose the direct DB calls but have some supabase settings somehow to rate limit requests. 2. proxy my requests through the NEXTjs backend I wonder if (1) is possible? Ideally i'd prefer (2) so that my calls aren't exposed, but this increases my bandwidth usage (I'm currently on netlify), so i'm wondering, how do people usually deal with this? I was also thinking about proxying the requests through NEXT's backend but through a netlify edge function (because netlify's edge functions have a much higher cap compared to their serverless functions), but i haven't really tried edge yet. I remember one thing to be concerned about tho is the distance b/n the server and the DB. Is it a good idea to use netlify's edge functions for DB calls?

We have a nextjs app and React native app. Note we don't use the SDK for any of them and they have different redirect URLs and Google SSO works for both. For the nextJS app it works fine with this code const handleTwitterLogin = () => { const baseUrl = process.env.NEXT_PUBLIC_SUPABASE_URL; window.location.href = `${baseUrl}/auth/v1/authorize?provider=twitter&redirect_to=${encodeURIComponent(window.location.href)}`; }; For our mobile apps, it correctly opens the mobile browser with the correct URL including the redirect URL. But after I sign in it redirects me to twitters own sign-in to the twitter homepage. Code: const handleTwitterLogin = () => { const supabaseUrl = config[config.currentEnv].supabaseUrl; const authUrl = `${supabaseUrl}/auth/v1/authorize?provider=twitter&redirect_to=xxxx`; Linking.openURL(authUrl); }; URL after redirect: https://twitter.com/login/error?username_or_email=xxxx%40gmail.com&redirect_after_login=https%3A%2F%2Fapi.twitter.com%2Foauth%2Fauthenticate%3Foauth_token%3DxxxxxxAAABnLYXAAABh-ty-TE in the DB Auth I only see Redirecting to external provider { "component": "api", "level": "info", "method": "GET", "msg": "Redirecting to external provider", "path": "/authorize", "provider": "twitter", "referer": "", "remote_addr": "xxxxx", "time": "2023-05-05T10:44:56Z", "timestamp": "2023-05-05T10:44:56Z" }

Nevermind I'm an idiot this can be done using the admin client storing in app_metadata

I'm creating a function that I'd like to have different behaviour based on whether the executor is a logged in user, or if it's a scheduled job executing via the service_role. I think both of these will return true for

IF session_user = 'authenticator'

, how can I know what the invoker is?

It probably means you don't have access to your table you are looking at in the function you have to meet access on that table also or make your function security definer. You don't show code so hard to know.

How? I can't pass the client instance to the service worker. Do I call

createClient

in the service worker again? I want it to be authenticated as I'm using this for realtime notifications, based on events from postgres

Hello all Sorry for my question if I'm completely off here, but I'm trying to understand where Supabase "sits" as a tool/platform in the stack. I have been reading the docs and seen several Youtube video's so far but I'm confused on the part where the database sit exactly. If I want to self host Supabase on my server, I also need a PostgreSQL database, that's obvious. Does Supabase give me that PostgreSQL database "included" with Supabase? Or do I still need to spin up a PostgreSQL database somewhere else? Can I also use Neon.tech PostgreSQL as database with Supabase? Thanks in advance for helping me to clear this out.

Hello, I was looking into creating RLS rules, in templates is saw rule which had delete only for user who created the row, but we are using supabasejs on server side so all requests on supabase are made by server, so would the rls work in such scenario because the user id wont be there to match?

I'm trying to spin up Supabase locally on a Macbook pro M1. I git cloned the project, made the changes according to the guidelines, but ran into 2 issues. The first one was an error message about the restart policy "unless-stopped" was invalid and had to change to "always". After that, docker compose up could continue but now I got stuck with below error FATA[0000] failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: error mounting "/Users/dev/development/supabase/supabase/docker/volumes/db/data" to rootfs at "/var/lib/postgresql/data": stat /Users/dev/development/supabase/supabase/docker/volumes/db/data: no such file or directory: unknown Im not sure what it is expecting that should existing. That volume should be created from the docker compose no? Or is there some compatibility issue with M1 silicon macbook? Anybody who can help me out?

Are virtual generated columns supported? I'm trying to create a virtual generated column in a table. The SQL editor is simply returning

Invalid SQL query

when testing creating virtual generated fields, but works ok when creating

STORED

variants? Ideally the functionality I'm really after is something similar to:

// Boolean flag for featured posts published within the last 7 days

ALTER TABLE posts ADD COLUMN is_pinned boolean GENERATED ALWAYS AS 
(CASE WHEN published_at IS NULL OR NOT featured THEN FALSE ELSE published_at >= CURRENT_DATE - INTERVAL '7 days' END);

. Below is the code when i console.log(UserId.data) i get user details but when i console.log(user) i get null value

const [vname,setVname] = useState('')
  const [vfile,setVfile] = useState<File |null>(null)
  const [selectedValue, setSelectedValue] =useState({category:'dance'})
  const [open,setOpen] =useState(false)
  const [file_url,setFile_url] = useState<any | null>(null)
  const [user,setUser] = useState<any | null>(null)
  const [downloads,setDownload] =useState<any | null>(null)
  const [dfiles,setDfiles] = useState<any | null>(null)
  const router = useRouter()

  useEffect(()=>{
   User()
   fetchPosts()
  },[])


  const User =useCallback(async()=>{
    const {data:{user}} =  await supabase.auth.getUser()
    if(user){
      const userId = await supabase.from("profiles").select('id').eq('email',user.email)
      setUser(userId.data)
      console.log(user)
    }
  },[])

Supabase gives you the tools to implement MFA for your projects, but there's very little security for your own, actual Supabase account. This is a major concern. We were very excited about using Supabase for our company, but now we're not so sure.

Is there a policy anywhere about priority support for paid accounts when there's an outage? I submitted a "critical" level ticket but the automated reply email says "24-48 hours" which is quite a long time given that my project is completely unavailable on Supabase's end. My app is down and I'd hoped Supabase had a specific support channel to resolve this sort of situation more quickly than a normal support ticket. Any pointers on how I might get this resolved quickly?