Checking to see if anyone has implemented magic link authentication from a chrome extension or how would someone do it.

Hey, looking at supabase's pricing. The $25/month plan includes 8gb of database "space" and 100GB of database "storage". What is the difference between the two?

What are you using to protect your routes? There's no default built in to protect routes.

I want to make a row level policy in my bucket

avatars

to allow users to INSERT and UPDATE a file named

{id}.png

where

{id}

is their user id. Example

44451f44-bdc7-43ba-a6c2-f06495c99380.png

should be able to be updated and inserted by a user with id

44451f44-bdc7-43ba-a6c2-f06495c99380

.

Hi all, I have`rooms` and

participations

tables. This

participations

has both

room_id

and

user_id

. When a user enters a room, a new row is added. You get the idea, right? I have this function:

create or replace function is_participating(param_room_id uuid)
returns boolean as $$
  select exists
    (
      select 1
      from participations
      where room_id = param_room_id
        and user_id = auth.uid()
        and (role = 'admin' or role = 'user')
        and status = 'granted'
    );
$$ language sql;

But when I use this function for

create policy "Can view participations of rooms where they already participate." on participations for select using (is_participating(room_id));

it falls into infinite recursive loop. What's the smart way to deal with this?

Hello, I am new to backend dev and also I am coming from firebase and I am trying to understand some features in Supabase. In Firebase, to ensure a user is accessing their own data there are security rules that can be added. In Supabase, I've found RLS when I've read it, it feels like it is similar as Security rules in Firebase but I am totally not sure? If they are not similar, how to make sure on Supabase is accessing their own data and not everyone's else. P.S: I am using authentication from some third party service.

I have an app that uses websocket to build a channel like room where users can join it and it has to send the websocket request to all the other users. It seems a bit slow (not noticeable) TLDR: I would like to know what's the difference b/w websockets vs supabase realtime? is realtime significantly faster than websockets?

Lower importance question, but wondering if I can get a cleaner implementation. Per https://supabase.com/docs/reference/javascript/select#query-foreign-tables I am able to successfully access data across a join table by doing something like this as an example:

const { data, error } = await supabase.from('countries').select(`
    name,
    country_capitals (
      city (
        name
      )
  `)

However, the data returned is:

{
  "name": "USA",
  "country_capitals": [
    {
      "city": {
        "name": "Chicago"
      }
    },
    {
      "city": {
        "name": "New York"
      }
    }
  ]
}

Is there a way to just return the data directly without the join table nesting? Like:

"name": "USA",
  "capitals": ["Chicago", "New York"

etc... I know I can do the transformation on the frontend, but seems cleaner if there is just a better way of requesting the data from the SDK

Hello, I'm having trouble getting started linking the auth to my vue3 site. The browser says: Uncaught Error: supabaseUrl is required. at new SupabaseClient (SupabaseClient.ts:66:29) at createClient (index.ts:21:10) at supabase.js:6:25 but I have a .env file (I've tried changing it to .env.local also) linked to my supabase.js file with a Url and anon key (tried with both double and single quotes ('', "")).

Hi there! I'm starting a new project where I'd like to show the content of my database rows as seen here: a row contains the image, the number of downloads and the date it was created; but I'd like the list of tiles to update whenever one row is added. I looked into maybe using RealTime? I read that I could use websockets to listen to postgresql notify but I'm not really sure which route to take. Has anyone had a project needing this type of setup? All advice would be amazing ❤️ Thanks!

Hi there! I am trying to implement the custom SMTP but it does not seem to be sending messages. If I put these settings into MS Outlook it works. It might have something to do with encryption methods, but I can not seem to find a setting like that on the dashboard. Any ideas? Thanks in advance.

Can I host my react build artifacts (so HTML, CSS, JS) in Supabase storage for public consumption instead of having to use vercel or another web hosting provider?

Hello, potential noob question here. I'm trying to use my API to query supabase. To do this, I need to pass the auth JWT token from the client to the API first. Upon researching the safety of this method, I came across this SO post: https://stackoverflow.com/questions/32722952/is-it-safe-to-put-a-jwt-into-the-url-as-a-query-parameter-of-a-get-request. The top answer mentions the conditions in which this method is safe to do. Does supabase implement these, subsequently making passing the token via query parameter ok? If this is not the correct method, how should this be done? If possible, via method that still involves the API, and not doing client-supabase query directly.

Hi! I'm new to supabase; but been a PostgreSQL user for 15+ years (!). Am enjoying Supabase and am building some apps with it. I'm a heavy user of many esoteric PG features and use psql a lot. However, after a couple of typos I've become unable to connect to port 5432 from my laptop. I can still connect to port 6543. I'm guessing my IP has been banned due to the auth errors. Can I reset this somehow? Or how long do I need to wait? I wouldn't be able to have something like this happen in a production environment.

My storage service is not working suddenly

Hiya, is there a way to execute an SQL query as a specific user Serverside? This is within a remix loader so doesn't run clientside. I want the query to still be subject to my RLS policies.

was wondering if there's a way to do version control on Supabase, like liquibase does? not entirely sure if the database changes in the Realtime channel is the answer to what i am looking for

I've implemented a password change form using

await supabasePublic.auth.update({ password: data.password })

on the front end. I noticed it is no way necessary to provide the old password on the api. Is there any setting to require this? I couldn't find anything. This seems like a common security feature.

Hi I would like to write this sql query in my api but im unsure as to how to convert it

select categories.id, categories.category, categories.image_name, count(item.category_id)
from categories
left join item
on categories.id = item.category_id
group by item.category_id, categories.category , categories.image_name, categories.id
order by categories.id asc

I am trying to upload a file to

avatars/<user_id>

with RLS

select

public read for anons,

insert

and

update

for authenticated if

sql
((bucket_id = 'avatars'::text) AND ((uid())::text = storage.filename(name)))

But update doesn't work. Upload works. TS code for upload (create) only is

ts
await supabase.storage
          .from('avatars')
          .upload(user.id, value.files[0]);

Update with upsert via upload method option returns

json
{
    "statusCode": "42501",
    "error": "",
    "message": "new row violates row-level security policy for table \"objects\""
}

And update with or without upsert returns 404 Thank you!

After coming back to an old project, when I turn on replication for my tables, starting the app fails to make a websocket connection. The following error gets repeatedly logged to the console:

WebSocket connection to 'wss://<xxxx>.supabase.co/realtime/v1/websocket?apikey=<yyyyyy>=1.0.0' failed: 
W3CWebSocket    @ browser.js?eccf:25
connect            @ RealtimeClient.js?6b6d:104
eval            @ RealtimeClient.js?6b6d:94
fulfilled    @ RealtimeClient.js?6b6d:4

Hi, I just wanted to know if magic link authentication works with react native? If so, are there extra steps required to set it up compared to web app?

I have this supabase client setup:

const supabase = createClient(supabaseUrl, supabaseKey, {
  autoRefreshToken: true,
  persistSession: true,
  localStorage: browserStorageInterface,
});

I'm depending on supabase to handle token refresh, but this conflicts with subsequent request to the database. While the token refreshes, a request to the database occurs, but the token is invalidated on request flight. One of these requests returns a 406 (which I believe is the wrong status code). So two things: - Is there a solution to wait for

this._callRefreshToken()

to complete before making subsequent request? - If token is invalid, shouldn't the status code be 401 instead? https://github.com/supabase/supabase/discussions/2284 It seems I'm getting a 406 because I'm using

.single()

. I still think an invalid token should override the error message

I need to send a **POST **request to my api website and the api needs to pass Authorization Bearer token in the header, How can I do that with http extension ?

select status
from
  http_post(
    'https://website.com/api/users/1/',
     '{"status":"active"}',
    'application/json'
  )

Hi, I have two tables:

parents

and

children

. One parent can have many children and each child is assigned to a parent through a

parent_id

column. I created a Database Webhook that triggers an HTTP request to a Supabase Edge Function whenever a DELETE query is run on

parents

. Through a cascading delete, this delete query also deletes all children of that parent. In my Supabase Edge Function though, I only see the now deleted

parent

row as the payload. Is there a way for me to supply not just the

parent

row but also its now-deleted children rows as well? So that the

old_record

supplied to my function would look something like this: { id: "123", children: [ { id: "234" }, { id: "345" }, { id: "456" } ] } ?

I want to serve slash commands for a slackbot directly using edge functions. However, edge functions require authentication headers, which slack doesn't seem to support. Any quick work-arounds for this? I can only think of a proxy server relaying messages with auth tokens injected.

If we start on one domain for our app, and switch to another domain later, how hard is that migration? I can't find any direct answers. What happens with social accounts?

I want to make a SQL query to select symmetric rows for example we have two columns A and B, Select rows which have x,y and y,x existing in the table. A and B are of type uuid return x,y or y,x any

Is there a way to check that a function that returns a bool is false. The function is set to return true or false and I want to pair that with another function and insure the first one is false and the second is true. So that we grant insert access if the first function is false and the second is true.

I am using supabase in a simple express api simply to learn express. I can't seem to throw an error.

javascript
app.get('/api/get-book-by-id/:id', cors(corsOptions), async (req, res) => {
  const {data, error} = await supabase
    .from('books-express')
    .select('*')
    .match({id: req.params.id})

  console.log(error)
  console.log(data)

  if (error)
    res
      .status(404)
      .send({message: `ERROR CODE: ${error.code}: ${error.message}`})

  // res.send(data)
})

I can return

data

with the correct book ID if present but if not I just get an empty array...but errror is

null

surely this should be throwing an error saying no id of x is present