Hi all, thanks for a great product. I've been looking around for some usage examples with realtime where SECURE_CHANNELS is 'true'. I took a look at the slack clone and there all messages are sent to everyone. Ideally I'd be looking for some docs or examples that show how to limit WS connections to data that is permitted to be seen by that user.

Hmm, i believe when you set RLS on the comments table, the items returned should be filtered to what the user can only see. If there are more items being returned, filter them out server side before returning the data to the frontend

How would you filter out websocket data server side?

// Listen to all changes to user ID 99 var allUserId99Changes = socket .channel('realtime:public:users:id=eq.99') .join() .on('*', payload => { console.log('Change received!', payload) })

Ok, so the standard usage of Realtime relies on provisioning a server? I was under the impression that it was a hosted cloud service that allowed you to connect directly from the realtime-client

Supabase is open source so you can host it on your own server. They also provide cloud hosted server. I don’t think you need to setup your own server to use event filters with web sockets when subscribing to one of your tables.

Ok, sounds like I need to go away and set it up to see what options it provides. I've just been reading the docs and they seem to suggest that anyone can just subscribe to any channel which isn't very safe.

Did you get this working?

I tried a proof of concept a week or 2 ago, and it didn't appear to support it. We've been investigating alternative solutions for our use case, but haven't come up with anything beyond ideas just yet.