I think all current providers were already available when the Studio was opensourced

How can i prevent delete http request by auto-generated rest api from

view

? I create only select only policy, so rows in referenced table cannot be deleted by table autogenerate http api But, deleting rows from view autogenerate http api is working

add a policy for DELETE that just says

false

I cannot make policy for a view. And, Making delete policy always false on referenced table is not preventing deleting rows from view autogenerated api.

I’m using Discord as the sole authentication method, so I wanted users to be able to view each other’s avatars & usernames; Do you know if there is a guide somewhere on using views in this context?

Oh, it's through a view. I think (never checked) that you can make a view that calls a SECURITY INVOKER function and that will honor the RLS. See: https://www.benburwell.com/posts/row-level-security-postgresql-views/

No idea about a guide, but if you can write a SELECT that returns the right data (and nothing more - we are talking about security boundaries here) then I can help you with making a secure view out of that.

but: I have zero experience with 3rd party auth, so I'm probably not the best guide here 😉

Well what I got so far is to use a function & trigger to clone the row into a public one, then dropping the email property of the object (leaving only the avatar, username, & isEmailVerified properties)

sql
begin
  -- Insert/Update clone of identity_data:
  insert into public.identities (id, identity_data)
  values (new.id, new.identity_data)
  ON CONFLICT (id) DO UPDATE 
    SET id = excluded.id, 
        identity_data = excluded.identity_data;

  -- Drop email property of identity_data object:
  UPDATE public.identities
    SET identity_data = identity_data::jsonb #- '{email}';

  return new;
end;

The only issue I see with this is that if trying to drop the email fails for whatever reason it'll leave their email in there, do you know if it's possible to drop the jsonb property before inserting/updating the row? So it looks like just adding

::jsonb #- '{email}';

to the ends of where you're setting the data works, this seems much better as there isn't a period where the email is just sitting there in the public table, thank you very much for the help ktosiek :)

Hello everyone! 👋 I am trying to understand how to upgrade my PostgreSQL database (hosted by Supabase) to the latest PG version. I am currently on 12.x and would like to upgrade to the latest.

Is that managed automatically by Supabase, or are users expected to manually upgrade their DB?

Does someone use supabase cli in local with Auth? I can't figure out how Auth would work if I can't set a dumb password or setup a mocked smtp

Been trying to figure out the same thing. If there was a way to see all of the emails that should be getting sent this would be simple but I haven't found a way as of yet

what I ended up figuring out is that locally you can just call

supabase.auth.signUp

and that will let you locally create a user with a pass

Han. I can live with that for the moment. But indeed, it would be nice to have a log somewhere to retrieve the magic link 😉

Hi, i’m using the cli to manage migration. I added a trigger on Insert on table auth.users and i cant see it in the migration after commit. Is this normal?

is there a way i can completely "factory reset" my database to its original state like when you create a new project?

I have a question

let's say I don't want to install SupaBase in my JS project

is it right for me to make the calls using axios

and adding my apikey to every request.

?

can that work and is that the right thing?

Thank you

@User it can work, the libraries are not magic - gotrue and postgrest APIs shouldn't be very hard to use without them

no idea how much work is done in the storage and realtime client libraries

but, why would you do that?

Hmmmm, that is true. Thank you so much.

Still on the issue of using axios over the supabase lib. Let's say a new users bearer token has expired. When the user comes back to login (using axios), there is no bearer token returned when logged in, just the columns in the auth table. How do I authenticate every request since my tables have policies and I need the apikey and bearer token to carry out transactions on my db