Supabase is an open source Firebase alternative. Start your project with a Postgres database, Authentication, instant APIs, Edge Functions, Realtime subscriptions, and Storage.

Supabase

how to i secure the database from the client side if i am not authenticating users? is this possible? all i have to do is check the network tab to see the PostgREST url and i can make requests as if i was in the browser

Just creating a thread to keep it organised instead of spamming the general channel

If you want to prevent access to tables by unauthorized users you have to put on  RLS with a policy or put them in a schema not set up for access by the API.  There is no way to have browser access that is not public info with out auth, jwt tokens, or another server in front of API.  You can lock down tables and use a security definer RPC function to limit what is accessed to what the function does.