I appreciate it. My thought process is correct here though? I have never worked in this lack of backend, so I need to maintain data integrity at the postgres level?

Yes it's the most secure

RLS is just an SQL statement? Neat. I thought it had limitations. Thank you

And I am down a rabbit hole of postgres

Hey! Just wanted to ask that const { data, error } = await supabase .from('articles') .select(

id,
                    auth.users (
                        created_by
                    )

) .eq('is_archived', false);

the relation auth.users is not fetched, or simply users is not fetched there is an error

how do I reference auth.users?

Which key are you using to auth with supabase? The anon key wont let you pull from auth

you can't reference

auth.users

since it is in a different schema. the recommended fix is to have a separate table in the public schema that has a trigger setup https://supabase.io/docs/guides/auth/managing-user-data

-- Inserts a row into public.profiles
create or replace function handle_new_user() 
returns trigger as $$
begin
  insert into public.profiles (id)
  values (new.id);
  return new;
end;
$$ language plpgsql security definer;

-- Trigger the function every time a user is created
create trigger on_auth_user_created
  after insert on auth.users
  for each row execute procedure public.handle_new_user();

oh you cant even query auth with the other key? Learned something

I believe it works if your using the other key

Can you clarify what you mean by trigger? A postgres trigger? Nevermind i see it

yup a postgres trigger, I edited my original response

Ill be honest, when I first started toying with supabase, i thought it would only be good for toy projects, because I have always built my own backend to control data. I guess i never fully dove into the power a DBMS. I assume most of these functions running at the DBMS level are an order of magnitude faster than parsing the information on the backend through node.

yup they are a lot faster at the DBMS level than going through a backend API. separate node backend is still much easier to use if you have a lot of logic that needs to be done. syntax for plpgsql is not the easiest to work with

Hey I'm creating an app in NextJS I want to listen to realtime DB using Supabase, I subscribed to all changes in the posts table as mentioned in the docs, but how do I get the data that has been modified?

Has anyone tried any multitenant saas with supabase yet? Toying with ideas on how to set the user authentication up for that

everytime the event fires it gives u a payload and it includes a new property

called new

What is the best way to do an email/password signup with additional fields like person name/team name? I'm able to create the user but not able to update the users table (which itself was updated by a trigger). I wonder if there is a race condition due to which my update isn’t working… gonna try an upsert instead.

No luck.

Does anyone here use lobste.rs and is willing to invite me?

if you are, I'd really appreciate it.

Does anyone know why my reports for my database would be missing data?

there's a few ways to solve this. You can either filter out on the front end. Or you can just not let them see on the backend (you can also do both).

Method #1 - Backend: Enable Row Level Security (RLS) for your table, and then create a policy that only allows users to see items that have the same userid as them. (then on the frontend simply do ``await supabase.from('Your Table').select('*')``)

Method#2 - Frontend: Filter out on the frontend, there's a variety of filters that can be used to do this in different ways. l would use the ``eq`` filter. https://supabase.io/docs/reference/javascript/eq

Javascript
const { data, error } = await supabase
  .from('Your Table')
  .select('*')
  .eq('user-id', user.id)

Also does anyone know how to allow multiple base urls for auth? I'm thinking for development vs production. I'm going to need my base url to be localhost in dev but in production it would be something else.

I also may have a network IP during dev

there are also like preview urls before deploying to the main url