Supabase #help-and-questions

MIME type for .m4a files

Ari

05/17/2023, 3:06 AM

Hi, I am trying to upload a .m4a audio file to a bucket and I get incorrect mime type error. So far I have audio/mpeg as the allowed mime type

pg_idkit support

JoshTheNerd

05/17/2023, 5:08 AM

When will pg_idkit be supported? https://github.com/VADOSWARE/pg_idkit

Supabase version 1.61.0 has additional tables

Jinni

05/17/2023, 5:13 AM

Anyone having an issue with the latest supabase version? Github action currently broke (when diffing generated supabase types). It was seeing additional tables that we did not add. The tables are schema_migrations, extensions and tenants.

the next13 app dir effect re-render when auth sign action

Weykon

05/17/2023, 5:57 AM

I use the new way: createBrowserSupabaseClient createServerSupabaseClient createMiddleSupabaseClient I do not clear whether support this scene : ~~1. when I sign in, run as supabase.auth.signIn (the 'supabase' create from createBrowserSupabaseClient) then the session created. 2. on the client, I got new render by useSupabaseClient(), useUser(), and then I jump [user]/posts, the posts list had not re-render~~ ~~should I add the redirect after I signIn function finished?~~ I had done above problem by create a son component in page.tsx as client component code, then useUser() in this component, it can re-render.

Incomplete API docs

Mrinal Wahal

05/17/2023, 6:21 AM

Can you guys please update this specific doc: https://supabase.com/docs/reference/api/bulk-create-secrets The request payload and details are missing. I need it to programmatically create secrets. It's slightly urgent.

Discord.JS + Supabase

Mashwishi

05/17/2023, 7:41 AM

Copy code

js
const Discord = require("discord.js");
const Supabase = require("supabase");

const intents = [
    Discord.Intents.FLAGS.GUILDS,
    Discord.Intents.FLAGS.GUILD_MESSAGES,
];

const bot = new Discord.Client({ intents });

// Create a Supabase client
const supabase = new Supabase(process.env.SUPABASE_URL, process.env.SUPABASE_KEY);

//....

i am trying to create a very simple discord.js powered bot and i am trying to connect it with supabase...

Copy code

json
  "dependencies": {
    "discord.js": "^13.6.0",
    "supabase": "^1.61.0"
  },

this is the only thing i have installed like what i said a simple discord bot i just need to connect it. Node version: v16.20.0 Error:

Copy code

mashwishi@mac ****** % npm start                  

> ******@1.0.0 start
> node bot.js

node:internal/modules/cjs/loader:1029
  throw err;
  ^

Error: Cannot find module 'supabase'
Require stack:
- /Users/mashwishi/Documents/******/bot.js
    at Function.Module._resolveFilename (node:internal/modules/cjs/loader:1026:15)
    at Function.Module._load (node:internal/modules/cjs/loader:871:27)
    at Module.require (node:internal/modules/cjs/loader:1098:19)
    at require (node:internal/modules/cjs/helpers:108:18)
    at Object.<anonymous> (/Users/mashwishi/Documents/MechiDiscord/bot.js:2:18)
    at Module._compile (node:internal/modules/cjs/loader:1196:14)
    at Object.Module._extensions..js (node:internal/modules/cjs/loader:1250:10)
    at Module.load (node:internal/modules/cjs/loader:1074:32)
    at Function.Module._load (node:internal/modules/cjs/loader:909:12)
    at Function.executeUserEntryPoint [as runMain] (node:internal/modules/run_main:81:12) {
  code: 'MODULE_NOT_FOUND',
  requireStack: [ '/Users/mashwishi/Documents/******/bot.js' ]

User management example: preventing the client from getting a list of all users

Crembo

05/17/2023, 7:54 AM

Hi folks, I'm trying to learn supabase and I'm going through the samples - the one that involves user management ( https://github.com/supabase/supabase/tree/master/examples/user-management ) seems to have an opening where a malicious actor could just get an enumeration of every single user that has signed up to the site. Is there a way to allow selecting individual rows, but to disallow just

select * from table

https://cdn.discordapp.com/attachments/1108301577527251005/1108301577774698536/image.png▾

Accessing files in private bucket without signed URLs & simple RLS

Waldemar

05/17/2023, 8:14 AM

I can't wrap my head around how to best allow access to a private bucket. We have Agent and Client users who authenticate via Magiclink to work together on a Order. Adding files (e.g.

contract.pdf

) to Order works fine via

createSignedUploadUrl

, which doesn't need further authentication on client side or any RLS, from what I understood. All objects are saved in the root of the private bucket with random Names, which are then linked by various tables, such as Order. Overall in our project, at first I tried to use RLS, which got quite complex and split our RBAC / business logic betweeen SQL and JS, so I moved everything to server-side JS. So I'd like to avoid or use only simple RLS for downloading files too. To achieve that, as of now I'm thinking to also use signed URLs (

createSignedUrls

), however, I wonder if I can at least access (download) the files without always making an extra call to

createSignedUrls

every time I need to show fiels to the users. So far the simplest way I found is to add this policy:

Copy code

CREATE POLICY "Give authenticated users access to entire bucket" ON "storage"."objects" WITH CHECK ((bucket_id = 'my_protected_bucket'::text) AND (role() = 'authenticated'::text));

But I understand that it is bad security, since now any authenticated user can see (list) all files (objects) from the entire

my_protected_bucket

... There is no information on my users (i.e. metadata etc.) that links them directly to the files in Storage. The only link at the moment is (pseudocode):

user.email

order.client_email

order_files.order_id / order_files.storage_path

storage.objects

Any thoughts what else I can try? Or do you think using

createSignedUrls

best option for me after all and it's not that bad to call it all the time? Thanks!

Supabase 502 Error at Random

Hollyqui

05/17/2023, 8:53 AM

Since earlier this morning we've been getting 502 (cors) errors "randomly", meaning that about half of our requests get 502, the other half is successful. We made no changes to the code and everything was working fine until ~7h ago (2am British Time). Does anyone have the same problems/know what's causing this?

"item_cursor already in use" - db trigger on statement

Rares | Foton • Teeps

05/17/2023, 9:26 AM

Copy code

DECLARE
  rarity numeric;
  item_row RECORD;
  item_cursor CURSOR FOR
    SELECT *
    FROM item_attributes
    WHERE collection_id IS NOT NULL;

BEGIN
  OPEN item_cursor;
  
  LOOP
    FETCH item_cursor INTO item_row;
    EXIT WHEN NOT FOUND;

    SELECT COUNT(*) * 100 / (
      SELECT COUNT(*)
      FROM item_attributes AS t3
      WHERE t3.collection_id = item_row.collection_id 
        AND t3.collection_attribute_id = item_row.collection_attribute_id
    ) INTO rarity
    FROM item_attributes AS t2
    WHERE t2.collection_id = item_row.collection_id 
      AND t2.layer_value = item_row.layer_value 
      AND t2.collection_attribute_id = item_row.collection_attribute_id;
      
    UPDATE item_attributes AS t1
    SET trait_rarity = rarity
    WHERE CURRENT OF item_cursor;

    UPDATE items AS t1
    SET average_trait_rarity = (
      SELECT SUM(trait_rarity) / COUNT(trait_rarity)
      FROM item_attributes AS t2
      WHERE t2.item_id = t1.id
    )
    WHERE collection_id IS NOT NULL;
  END LOOP;

  CLOSE item_cursor;
  
  RETURN NEW;
END

Updating deno in edge functions

monks1975

05/17/2023, 9:45 AM

Hi, when I deploy my edge functions my debug output shows a different deno version than the one I've recently upgraded to: jonathanh@jons-imac-work firstpass-supabase % supabase functions deploy classify-text --debug Version 1.30.3 is already installed Bundling classify-text Deploying classify-text (script size: 1.728MB) I've updated to 1.33.3 but deploying edge functions doesn't seem to be using this version.

worker thread panicked - Edge functions local dev

NatoNathan

05/17/2023, 10:01 AM

i'm geting this error when i try to invoke a function when serving them localy with

supabase functions serve --no-verify-jwt --env-file .env --import-map ./supabase/functions/import_map.json --debug

Copy code

sh
serving the request with /home/deno/functions/webhook-voice-answer
DEBUG Opening cache /root/.cache/deno/dep_analysis_cache_v1...
DEBUG FileFetcher::fetch() - specifier: file:///home/deno/_shared/home/deno/functions/webhook-voice-answer/index.ts
worker thread panicked No such file or directory (os error 2)
Error: channel closed
    at async UserWorker.fetch (ext:sb_user_workers/user_workers.js:50:21)
    at async Server.<anonymous> (file:///home/deno/main/index.ts:102:16)
    at async Server.#respond (https://deno.land/std@0.182.0/http/server.ts:220:24)
DEBUG max duration reached for the worker. terminating the worker. (duration 1m0s)
failed to send the halt execution signal
failed to send the halt execution signal

Here is the function at

functions/webhook-voice-answer/index.ts

Copy code

ts
import { serve } from 'https://deno.land/std@0.168.0/http/server.ts';

console.log('Hello from Functions!');

serve(async (req) => {
  const { name } = await req.json();
  const data = {
    message: `Hello ${name}!`,
  };

  return new Response(
    JSON.stringify(data),
    { headers: { 'Content-Type': 'application/json' } },
  );
});

it happens to all functions

How to get the authenticated users profile?

TheRien

05/17/2023, 11:41 AM

I'm using a separate

public.profiles

table as suggested by Supabase: https://supabase.com/docs/guides/auth/managing-user-data Now I can get the authenticated user by doing

supabase.auth.getUser()

, but that doesn't give me the associated profile. My policies are such that users can view other profiles as well, so doing

supabase.from('profiles').select()

does't work either. Of course I can combine the two as such:

Copy code

const uid = (await supabase.auth.getUser()).data.user.id;
const profile = await supabase.from('profiles').select().eq('id', uid);

But that requires two API-calls and I'd logically prefer one. Is there any way of doing that? My preference would be something like

supabase.auth.getUser('profiles(name)')

, like providing relations in the selection of

getUser

Database client error where a certain trigger exists

akub

05/17/2023, 12:12 PM

Hi, i have a weird problem, i created myself a function that sends a request to a provided webhook with url and authentication keys taken from the database, it looks something like this:

Copy code

send_http_request('SOME_URL', 'POST', 'null', 'API_ROUTE_SECRET', '1000');

SOME_URL and API_ROUTE_SECRET is taken from envs table inside, and the function is just a copy of supabase functions http_request. The issue is that if i have a trigger that runs this function, the whole database freezes and doesn't send back anything anywhere. It throws internal server error on getting current user and Database client error on insert where the trigger should run the function. Am i missing something? The whole database breaks, it is unusable.

https://cdn.discordapp.com/attachments/1108366333227302943/1108366333613187194/image.png▾

https://cdn.discordapp.com/attachments/1108366333227302943/1108366334401728552/image.png▾

subscribe.. unsubscribes

Muphet

05/17/2023, 12:15 PM

i have a single channel, it tracks both presence and single event through broadcasts. because i cannot broadcast message without subscribing, i need to resubscribe from component even tho parent is already subscribed. this secondary subscription actually triggers unsubscribe. how do i actually broadcast without subscribing? or do i have to store channel in global state and then call methods on it to avoid secondary subscription?

Generating types from the cloud solution

YANN

05/17/2023, 12:41 PM

Hello there, I was curious if we are somehow able to get generated types when working with the cloud solution ? A way to do it would be to dump the cloud database to seed it locally and generate the types from the CLI but I dont even know if you can dump the db using the cloud solution

Not allowed to set up network restrictions; please contact Supabase support.

mdc405

05/17/2023, 1:00 PM

How can I configure my API token to allow my CLI to configure network restrictions? This error happens when I run

supabase network-restrictions --project-ref {ref} get --experimental

I'm ultimately doing this to try to unban my IP - as I tried several times to access my db with the wrong password and now I think my IP is banned?

Get magic link from dashboard or SQL CLI

enti

05/17/2023, 1:04 PM

Is there a way to get the magic link for a specific user from the supabase dashboard or SQL CLI?

Unable to open connection

Adam Ambrosius

05/17/2023, 2:23 PM

I am unable to use Supabase database with Azure Functions. I know that I need to implement pgbouncer but everything I try doesn't help me and I keep getting the same error. I followed the instructions on https://supabase.com/docs/guides/database/connecting-to-postgres#how-connection-pooling-works and my connection string looks like

User Id=postgres;Password={passowrd};Server={supabase_server};Port=6543;Database=postgres;Pooling=true",

What else do I need to do to use this with serverless functions? I thought these changes were going to dop the connections after each transaction

User of type authenticated not allowed through rls policy `true for authenticated`

zeedee

05/17/2023, 2:32 PM

See image of "Enable select for authenticated user only" the server response when I poll

Copy code

json
{
  "session": {
    "expires_at": 1684337083,
    "expires_in": 3539,
    "token_type": "bearer",
    "access_token": "askdjhflaksdjf",
    "refresh_token": "eM20FtuQtXgYTlKAx5DxgQ",
    "provider_token": null,
    "provider_refresh_token": null,
    "user": {
      "id": "al;sdkfjasdlfkjadsf",
      "aud": "authenticated",
      "email": "zach@email.ca",
      "phone": "",
      "app_metadata": {
        "provider": "email",
        "providers": [
          "email"
        ]
      },
      "user_metadata": {},
      "role": "authenticated",
      "aal": "aal1",
      "amr": [
        {
          "method": "password",
          "timestamp": 1684271098
        }
      ],
      "session_id": "5040ae41-87a3-4ae9-9002-3e59b1003f16"
    }
  },
  "data": []
}

when I change the role permissions to anon, then I get

Copy code

json
//everything else +
 "data": [
    {
      "id": 1,
      "scheduled_at": "2023-05-16T20:45:47.575814+00:00",
      "date_picked_up": null,
      "date_delivered": null,
      "date_billed": null,
      "price_per_tonne": 12,
      "price_per_flat_rate": null,
      "min_tonnage": 44,
      "pickup_destination_id": 1,
      "delivery_destination_id": 2,
      "status": "ordered",
      "active": true,
      "order_document_url": null,
      "delivery_document_url": null,
      "tonnage": null
    }
  ]

i'm curious, because the system says the user is authenticated

https://cdn.discordapp.com/attachments/1108401551791366196/1108401552030445588/image.png▾

Clear guide for external database on self-hosted

TheRien

05/17/2023, 2:36 PM

I'm using supabase in a self-hosted environment and uptil now was just using the postgres-database inside the docker containers. However, I want to separate them now. I'm running Supabase on a VPS (Ubuntu 20.04), but I'm having trouble getting everything configured correctly. Is there a clear guide on how to do this? I find that the supabase documentation isn't clear enough for me

"Cannot connect to the Docker daemon" even though docker is running

Ryan the Temp

05/17/2023, 3:12 PM

I'm trying to follow the cli tutorial, and I get the error when I run "`supabase db remote commit` Docker is running, because if I do

docker -v

I get

Docker version 23.0.5, build bc4487a

I'm on osx

Nuxt3 + supabase issue

formigueiro

05/17/2023, 3:20 PM

Has anyone here ever worked with nuxt + supabase? When refreshing the page and trying to click on the logout button, it does not carry out the entire task of navigating, it seems that there is some cache left? https://cdn.discordapp.com/attachments/1108413722285854750/1108413722571047022/screen-capture.webm

Whitelist the frontend...

holabruno

05/17/2023, 3:33 PM

Hello, I don't see the option 'Additional Allowed Origins' in the project settings / api. How can we whitelist a frontend application url (hosted on vercel). Thanks! #1006358244786196510 #885237287280070708

New row violates row-level security policy for table

Self

05/17/2023, 3:53 PM

Running a testscript locally, with node.js, not in the browser: I have an insert row policy to allow authenticated users, but I get the error

Copy code

Error inserting data: {
  code: '42501',
  details: null,
  hint: null,
  message: 'new row violates row-level security policy for table "xx"'
}

When I switch to the same policy with 'Anon' then it works. It seems the supabase client does not send out the authenticated role/access token ? I have a js file running with node, and I can sign up with email

Copy code

js
const { data:auth, error } = await supabase.auth.signUp({
  email: 'example@email.com',
  password: 'example-password',
})

console.log('Signed in successfully:', auth);

This returns the following, indicating that the user technically is authenticated ?

Copy code

Signed in successfully: {
  session: {
    access_token: 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.....',
    token_type: 'bearer',
    expires_in: 3600,
    refresh_token: 'CP2UbNwqZ2-...',
    user: {
      id: 'xxx',
      aud: 'authenticated',
      role: 'authenticated',
      email: 'mail@example.org',
      email_confirmed_at: '2023-05-17T11:35:16.782073Z',
      phone: '',
      confirmed_at: '2023-05-17T11:35:16.782073Z',
      last_sign_in_at: '2023-05-17T15:49:20.571863874Z',
      app_metadata: [Object],
      user_metadata: {},
      identities: [Array],
      created_at: '2023-05-17T11:35:16.7739Z',
      updated_at: '2023-05-17T15:49:20.573549Z'
    },
    expires_at: 1684342161
  },
  user: {
    id: 'xxxx',
    aud: 'authenticated',
    role: 'authenticated',
    email: 'mail@example.org',
    email_confirmed_at: '2023-05-17T11:35:16.782073Z',
    phone: '',
    confirmed_at: '2023-05-17T11:35:16.782073Z',
    last_sign_in_at: '2023-05-17T15:49:20.571863874Z',
    app_metadata: { provider: 'email', providers: [Array] },
    user_metadata: {},
    identities: [ [Object] ],
    created_at: '2023-05-17T11:35:16.7739Z',
    updated_at: '2023-05-17T15:49:20.573549Z'
  }
}

The user returns null

Copy code

js
    const { data: { user } } = await supabase.auth.getUser()
// returns null
console.log(user)

Is the user signing in incorrectly or why is the authentification token only using the anon user and not the authenticated user ?

Manually sending OTP code

kekington

05/17/2023, 3:58 PM

I need to manually send the OTP code to users. Is there a way to obtain the OTP code that is being sent to the user? I know that I can get the

confirmation_token

from the

users

table but it seems to be hashed.

An idea of how to create tableviews with user info, plus relational stats (counts) or other tables?

SunTzu

05/17/2023, 4:16 PM

Does anyone have any idea to do the above title? For example, have users that can send many messages Is there a way to make it so i have an SQL table view that allows the user data as per, but then with additional columns that count the messages based on the ID matching to the foreign key etc?

Copy code

id email username message_count
1. test@test.com thisuser 123

Uniqueness Constraint on Composite Primary Key

CalculusAce

05/17/2023, 5:17 PM

I have a table, TableA (placeholder), that has 3 columns: user_id, sequence_id, and created_date. The user_id and sequence_id columns are foreign keys (primary keys in other tables) and are defined as a composite primary key of (user_id, sequence_id) on the aforementioned table. I have a requirement that combinations of (user_id, sequence_id) need to be unique to be inserted in that table. To put it another way, if a combination of (user_id, sequence_id) exists in the table, do not insert a new row into the table. I have a Postgres function written to achieve this, which is written as follows: insert into TableA (user_id, sequence_id) values(auth.uid(), seq_id) on conflict (user_id, sequence_id) do nothing seq_id is a variable defined within the function. However, I was getting an error stating that there is no uniqueness constraint defined on (user_id, sequence_id). Given that I have a composite primary key defined as (user_id, sequence_id), I believe there should be a uniqueness constraint applied by default, so this error made little sense to me from a conceptual standpoint. I ended up adding a uniqueness constraint to (user_id, sequence_id) manually through alter table, and I started getting the expected behavior. It didn’t seem possible to work out the issue through editing the table in the dashboard interface from what I tried. I defined TableA through the Supabase dashboard interface, where I specified the composite primary key and even checked the unique checkbox before creating it. I am wondering if this scenario demonstrates a limitation with the way the Supabase dashboard interface implements the SQL behind the scenes to create the table or if I am misunderstanding something about how these constraints work within Postgres? I appreciate any input anyone has on this! Thanks!

Where or how do i get to logflare logs in local env?

ven

05/17/2023, 6:02 PM

After a lot of trial and error we finally got logflare/bigquery enabled and working for our local environment. I can see the pings in BigQuery. But now i am looking at the dashboard and i don't see a way to get to the page/route where i can view and filter my logs. how is this possible? i have the latest cli. am i hallucinating?

Robust realtime lifecycle

tommycox

05/17/2023, 7:18 PM

We want to setup to listen for postgres changes on a table for a long running connection that never goes down. What are the best practices for this? We are seeing in the onError handler a CHANNEL ERROR after some time or event. Right after that our onClosed I saw info on sending a heartbeat message every 30 seconds. Is that required? What about access tokens, do they have to be refreshed? If our onClose handler gets called, can we re-establish our channel subscription from there? How is this best done?