I don't want to use RLS policies and would like to manage the authorization stuff on my node-server. For some reason, I didn't find anything helpful on the web regarding best practices so my approach is to create a supabase client on the server with the service role key so that it can bypass the RLS. Is that an adequate approach?

Just look at any node auth tutorial online or permissions tutorial online. You can use the database directly by going to the Settings > Database and scrolling down to the Connection Info section.