Hi does the cloud hosted Supabase Postgres DB allow for some level of Sync? I have a local (or on edge) PG instance and want to setup a sync on a few tables with the hosted Supabase PG. For example Table 1 on Edge PG needs to Sync with Table 1 (Read Only) on Supabase PG and Table 2 on Supabase needs to sync with Table 2 (Read Only) on Edge PG. Something similar to this extension: https://github.com/ankane/pgsync

According to the docs everything seems to be in order but when trying to enable a new policy for only authenticated users it doesnt seem to work at all. Allowed operation is set to all, Target roles is set to authenticated, USING expression and WITH CHECK expression are both set to true. Console logging the session object does return a valid session.

export async function getServerSideProps() {
  let { data } = await supabase
    .from("products")
    .select("*")
    .eq("product_is_active", true);
  return {
    props: {
      products: data,
    },
  };
}

This does not return any data at all. Posting to the same table using:

const { data, error } = await supabase.from("products").insert([{ product_name: name, product_category: category }]);

returns "new row violates row-level security policy for table \"products\""

How to create a policy only for users with role 'admin' or 'owner', so they can insert/delete/update photos in my bucket 'photos/public', but users with role 'authenticated' can't do this queries?

I'm having trouble coming up with a way to provide API access to my users. I've started my project by creating a supabase realtime client. In development I'm using the godmode key but how will I provide user's access? Ideally I would generate a key for each user and store it so they can access services via their own code. I saw this: https://github.com/supabase/storage-api/issues/81#issuecomment-1228507294 but it's not clear to me how that would work with realtime (Or any of the supabase api). My client uses realtime to communicate with other clients. In addition, they will need to read and write some tables using RLS. POSTing email/pass to get a JWT seems wrong, and I would like users to have multiple API keys.

Hi, I saw some posts about working with OneSignal in React Native CLI app. Otherwise, I am curious about what is the best option for Push Notifications. Actually, at the beginning, I don't know how I am going to implement that in my application. This is basically, Social Media Application. I'll appreciate for any advice.

I would like to run edge functions unit tests with a logged in user. how to do it? what information is consumed/needed by the edge function to enable appropriate claims? and where/how do i get this information for automated unit tests? Here is the RLS for the public.profile table

-- table public.profile
alter table public.profile enable row level security;
drop policy if exists "RLS for public.profile" ON public.profile;
create policy "RLS for public.profile"
on public.profile
for all using (
  auth.uid()::text = user_uid
);

I invoke the unit test with

deno test --allow-net --allow-env --allow-read --import-map ./functions/import_map.json ./functions/profile/profile.test.ts

the supabase client gets instantiated so

const supabaseClient = createClient(
  Deno.env.get("SUPABASE_URL"),
  Deno.env.get("SUPABASE_ANON_KEY"),
);

but this is using a ANON key. how does this get overwritten by a logged in user? Please let me know if you need more information to help. thanks

I'm following this guide [here](https://supabase.com/blog/storage-v3-resumable-uploads) but it's not working and oddly I'm receiving a different error today than I did yesterday. I'm using https://{projectID}.supabase.co/storage/v1/upload/resumable as my endpoint. Yesterday I was receiving an error about a duplicate file existing (although it didn't). Today it's telling me "Route POST:/upload/resumable not found", as the upload endpoint doesn't even exist anymore. Is this the right endpoint? If this feature is still in early access, and if the problem is I don't have access, could I get access?

Hello. I'm building a simple login page which should redirect to a third-party app once the user signs in, and I'm using the Auth UI react component for it. I managed to set it up in a VERY simple react application:

import { createClient } from '@supabase/supabase-js'
import { ThemeSupa } from '@supabase/auth-ui-shared'
import { Auth } from '@supabase/auth-ui-react'

const supabase = createClient(
  import.meta.env.VITE_SUPABASE_URL,
  import.meta.env.VITE_SUPABASE_ANON_KEY
)

function App() {
  return (
    <div className="flex items-center justify-center h-screen">
      <div className="container max-w-sm p-6 grid place-items-center">
        <h1 className="text-4xl pb-4">
          My app
        </h1>
        <Auth
          supabaseClient={supabase}
          appearance={{
            theme: ThemeSupa,
            variables: {
              default: {
                colors: {
                  brandAccent: `pink`,
                },
              },
            },
          }}
          providers={['google']}
          redirectTo="https://example.org/"
          theme="dark"
        />
      </div>
    </div>
  )
}

export default App

As you can see, the redirectTo parameter is set to "https://example.org", just for testing. https://example.org has also been added among the allowed redirects in the Supabase Auth configuration page. And yet, when I sign in through the app it does nothing. Signing in with Google redirects instead to the default website URL (which is not what specified in redirectTo). Am I mistaking what redirectTo actually does? (I could find no documentation about it). Maybe it is because I am running the app locally? I saw several posts about this issue but none has a solution provided.

I am trying to follow https://supabase.com/blog/transparent-column-encryption-with-postgres guide and implement One Key ID per Row with Nonce Support I am able to create new encrypted new rows from the SQL editor but got stuck with 2 problems : 1.when I am trying to retrive data from the decrypted_XXXX table it says the relation of this table does not exists. 2. When I am trying to create new row from an edge function using Supabase admin role I get an error of "permission denied for view valid_key" even with no rls rules and did not find any mention for it anywhere 😦

I want to run my project on a server for testing, so, what i need to deploy? what dependencies should be installed? and what should I do to upload correctly?

Hi, i had executed the following instruction:

sql
create table if not exists public.location (
    cap text primary key,
    coordinate geography(POINT) not null
);

create or replace function nearby_locations(lat float, long float)
returns setof record
language sql
as $$
  select cap, st_astext(coordinate) as coordinate, st_distance(coordinate, st_point(long, lat)::geography) as dist_meters
  from public.location;
$$;

dart
void callRPC() async {
  final data = await supabase.rpc('nearby_locations', params: {
    'lat': 43.1891251,
    'long': 13.510635,
  });

  print(data);
// [{cap: ..., coordinate: ..., dist_meters: 4430219.90138175}]
}

What is

4430219.90138175

? How can i format in meter, i know that the difference between this coordinate from me is 10 km, how can we get back 10.000 meters? Thanks so much.

Hi There, These seem to be very tricky to get right I've tried

var channel = supabase.Realtime.Channel("realtime", "public", "countries", "id", "id=eq.200");

channel.OnMessage += (sender, args) =>
{
    Debug.WriteLine(args.Response.Payload);
};

await channel.Subscribe();

And it flat out didn't work, so I eventually managed to get this approach working

supabase.Realtime.Connect().OnMessage += (sender, args) => { Debug.Log($"Something changed on the server");};
                     channel = supabase.Realtime.Channel("realtime", "public", "people", "id", result.Result.User.Id);
                     
                     channel.OnUpdate += (object sender, PostgresChangesEventArgs e) =>
                     {
                         LiveProfile = e.Response.Model<UserProfile>();
                         Debug.Log($">>>>>>>>{LiveProfile.email} has been updated ");

                     };
                     
                     await channel.Subscribe();

Which seemed to work But then every now & then I see that the realtime logs record that realtime gets shut down because noone is logged in

Stop tenant mytenantthing because of no connected users

So I make sure that I login in via the api (obviously I'm logged in on the dash) and it still doesn't 'wake-up' the realtime stuff. any pointers on how to get this working reliably would be appreciated.

I got a notification in my Supabase dashboard saying the

PKCE

auth flow is available for my project. Can this be used to access

session

and database data inside

getStaticProps

and

getServerSideProps

without using the

serverClient

from

auth-helpers

?

You would likely need to grant permission to that schema for role

authenticated

I've seen a lot of tutorials that showed me how to secure my self hosted setup using only nignx or candy, but I use NPM. I was able to succesfully secure the supabase studio with https and password auth. I currently have port forwarded the api on my vm, but I need https to use the api on my website in production. With this method the api only works on localhost. I've seen that you need diffrent rules on diffrent paths for the api and NPM has a feature for that, but I can't get my head around it. Any help?

Hello, the raw SQL I have is:

SELECT operators
  FROM interactions
  WHERE operators @> '[{"supabase_user_id": "a9afe17f-5bb9-4082-aaff-40bb1992a009"}]' 
  OR reviewers @> '[{"supabase_user_id": "a9afe17f-5bb9-4082-aaff-40bb1992a009"}]'
  OR clients @> '[{"supabase_user_id": "a9afe17f-5bb9-4082-aaff-40bb1992a009"}]'

It would be great if someone could suggest to me that way I can achieve the same by using the serverSupabaseClient api. I tried this:

const queryConditions = {
      'operators': {
        '@>': [{ supabase_user_id: 'a9afe17f-5bb9-4082-aaff-40bb1992a009' }]
      }
    }

    const { data, error } = await client
    .from('interactions')
    .select('operators')
    .match(queryConditions)

But it does not work.

I want to allow a user of my app to change the "organization logo". This is how I went about it, but I don't think it's the best way to do it so I'm looking for suggestions for improvements. 1. I made a bucket named "organization" that only allows 'image/png' < 50kb. 2. I use Uppy to upload an image to this bucket. I always rename the file to "logo.png" before uploading. I set the

x-upsert

header to

true

to make it overwrite any existing "logo.png" file. 3. When the upload completes, I use Supabase Javascript CLI to download the image, and then I create an object URL from it:

const { data, error } = await supabase.storage.from('organization').download('logo.png')
if (!error && data) {
  orgLogoSrc.value = URL.createObjectURL(data)
}

This all works, but sometimes the logo doesn't refresh to the new one. It seems very random too, as sometimes it works and sometimes it doesn't. I'm not sure why, because I'm creating a unique object URL each time, so I think the

.download()

call is returning the wrong image data. I would like to keep the name of the file a static "logo.png" while avoiding these issues if possible. I know I can create a unique name each time but I'm trying to keep things as simple as possible. If I have a random, unique name for the organization logo then I would have some extra steps such as deleting the old files and determining what the name is (I'd have to store it in the db or something). This has to be a common scenario and I'm sure there's a better way to go about doing this. I'm looking for what the best practice is to accomplish this.

Give me a high level view of this. I want to invite users. Users would also be able to invite other users. Once a user gets an invitation, he can then proceed to create a profile. I would also want to get email notifications of user invitations. Basically, anyone who signs up first, will need to get approval from me. After I've approved, the user can use the app. I'm using Next.js and supabase for this project. Thanks

I'm trying to create a SECURITY DEFINER function which runs potentially dangerous (user provided) code. This is a business requirement. For this, I've thought of defining a readonly role, so that it's at least a bit more secure. The issue is, I can't seem to be able to change the owner of the function. Here's my current approach: GRANT readonly TO postgres; GRANT USAGE ON SCHEMA public TO readonly; GRANT USAGE ON SCHEMA private TO readonly; GRANT USAGE ON ALL SEQUENCES IN SCHEMA public TO readonly; GRANT USAGE ON ALL SEQUENCES IN SCHEMA private TO readonly; ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT ON TABLES TO readonly; ALTER DEFAULT PRIVILEGES IN SCHEMA private GRANT SELECT ON TABLES TO readonly; ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT USAGE ON SEQUENCES TO readonly; ALTER DEFAULT PRIVILEGES IN SCHEMA private GRANT USAGE ON SEQUENCES TO readonly; CREATE OR REPLACE FUNCTION private.run_script(a_data JSONB, a_params JSONB) RETURNS TEXT SECURITY DEFINER AS $$ $$ language plv8; GRANT EXECUTE ON FUNCTION private.run_script(a_data JSONB, a_params JSONB) TO readonly; ALTER FUNCTION private.run_script(a_data JSONB, a_params JSONB) OWNER TO readonly; It fails with the following: Failed to run sql query: permission denied for schema private Any ideas on how to manage it? The private schema is one I created for functions I don't want to be exposed by the API, maybe I missed giving some permissions to postgres when I created it? I can run the above if I try to change the owner to postgres however (which I guess it already is, so it might not prove anything). Thanks for the help!

Hey, is there any way to limit the access of a user to specific projects within the organization?

I have a Pro plan, I like the safety of Spend cap but I would like to pay for more storage (8 GB, then $0.125 per GB – as in Pricing). Is that possible? Or is it possible to set a spend cap to e.g. $100/month?

Hey folks, There are some queries I need to run that aren't going to be possible via the supabase-js client, but I'd still like to make use of RLS if at all possible. Any idea how I can do this (assuming I've got a session from supabase-js) using something like pg (node-postgres) to run queries? I expect there's some way of setting the user before I run the query but I'm not sure how it all ties together?

Up until now, everything worked as expected, and whenever a user tried to login through a google integration, both the server and frontend managed to get a user session with ease. As of late, without any code changes, it seems like the frontend immediately finds a google session, yet the backend keeps on receiving a null session for a couple of seconds, until it gets updated and syncs with the frontend. This causes issues regarding user experience. I am assuming this has to do with the supabase side, as like I've said, the code itself didn't get changed. Manual logging in through an email & password automatically syncs, so it seems like the issue is with logging in through an integration. Are there any possible ways to fix this issue? Or is it indeed a supbase-sided issue that requires waiting for them to fix it...?

i created this query

js
  CREATE TABLE urls (
   _id SERIAL PRIMARY KEY,
    slug VARCHAR(255),
    url VARCHAR(255) NOT NULL UNIQUE,
    shortened VARCHAR(255) UNIQUE,
    ip VARCHAR(255) NOT NULL,
    clicks INT NOT NULL DEFAULT 0,
    created_at TIMESTAMP NOT NULL DEFAULT NOW(),
    updated_at TIMESTAMP NOT NULL DEFAULT NOW(),
    user_id INT NOT NULL REFERENCES users(_id) ON DELETE CASCADE
  );

so i would like to add relation to

auth.user

but its not working

i have a "devices" table and has a 1:1 relationship with "phones" table. i need to list all devices with their phones. i do this: supabase .from('devices') .select('*,phones(*)') but the result is a phones array device:{ phones:[] } but I need the only phone that is related, like this: device:{ phones:{} } how can i do that?

I have a chrome extension that is using supabase JS for authentication. Currently I'm manually checking whether the token has expired then refreshing it automatically myself. However it seems that when the access token has expired that it becomes "null" as a type which breaks the checking functionality. I'm looking at the initialization code and there seems to be a "storage" option. What storage option would you use in a chrome extension, chrome.storage.local?

import { createClient } from '@supabase/supabase-js'
import AsyncStorage from "@react-native-async-storage/async-storage";

const supabase = createClient("https://xyzcompany.supabase.co", "public-anon-key", {
  auth: {
    storage: AsyncStorage,
    autoRefreshToken: true,
    persistSession: true,
    detectSessionInUrl: false,
  },
});

The example above is for React Native but what is the optimal implementation for a chrome extension? https://supabase.com/docs/reference/javascript/initializing

If you want to make suggestions for documentation improvement you need to post at supabase/supabase github in issues. This is a user helping user forum and your comment even if seen by an employee won't likely get implemented.

I am working with supabase and sveltekit, I am trying to make it so my reset password page can only be accessed by the links sent to users when the click forgot password. Any help is appreciated.

Anyone have a working example of #Supabase and #Ionic/ #Vue? The example on the Supabase website is outdated and broken. Looking to use Supabase over Firebase and having trouble finding any code examples now that Ionic is at v7, Capacitor v5, Vite, and Supabase v2. Thanks!

I want to check if an logged user exist on mounted.

dart
@override
Stream<bool> onAuthStateChange() async* {
  bool isLoggedIn = false;
  log('====| started |====');

  _goTrueClient.onAuthStateChange.listen((data) {
    log('--auth state--');
    isLoggedIn = data.session == null;
  });

  log('====| ended |====');
  yield isLoggedIn;
}

with the logs, I get following results:

m
====| started |====
====| ended |====

but I don't get --auth state--