Hi folks I have an RLS policy set up so that only users whos Supabase #help

Hi folks! 👋 I have an RLS policy set up so that o...

eoin

04/19/2022, 8:40 PM

Hi folks! 👋 I have an RLS policy set up so that only users whose

user.uid

is in a

players

array can access a

/game/game.uuid

route. It's working, but the "blocked" route is firing a

request to

/api/game/null

(guessing once RLS is hit) and then throwing

code:22P02, message; invalid input syntax for type uuid: \\\"null\\\"

. It then tries to render the component with no data and fails. Ideal state is that I can handle this more gracefully, add that the

user.uid

doesn't have access to this particular route to state and render an input field for them to enter a code which—if correct—would add their

user.uid

to the original

players

array, therefore meeting the criteria of the policy and providing access. Does anyone know how to better handle this redirect to

/api/game/null

and use it to control state rather than crash out?

Needle

04/19/2022, 8:40 PM

Hello @eoin! This thread has been automatically created from your message in #843999948717555735 a ``few seconds ago``. Pinging @User so that they see this as well! Want to unsubscribe from this thread? Right-click the thread in Discord (or use the ... menu) and select Leave Thread to unsubscribe from future updates. Want to change the title? Use the

/title

command! We have solved your problem? Click the button below to archive it.

eoin

04/19/2022, 9:01 PM

Maybe I'm misunderstanding the expected behavior of blocked RLS policies? Could someone clarify or link docs? I can't see expected responses in the docs.

silentworks

04/20/2022, 2:48 AM

Can you clarify what you mean by blocked RLS policy?

Needle

04/20/2022, 2:48 AM

eoin (2022-04-19)

eoin

04/20/2022, 11:07 AM

Ah, I should've worded that better. I mean: the response due to the conditions of an RLS policy not being met. The "not authorized" result. I'm currently getting that

code:22P02

response, but feel like that may not be correct? And if it is correct, are there guidelines for more gracefully handling it?

eoin

04/22/2022, 12:53 PM

@silentworks let me know if the above clarifies the question. Would love even a gentle nudge in the right direction (by no means expect full answer) so I can try and make more progress on this over the weekend. One thing I was thinking of doing was handling the

/api/game/null

route in my

fetcher.ts

file, but that seems like a super hacky way and I can't actually get it into state on a server route like that (afaik). Thank you! 🙏

silentworks

04/22/2022, 1:09 PM

I'm still confused because in your original message you mention route, but the supabase library itself doesn't do routing.

eoin

04/22/2022, 1:14 PM

Ah, I do a Supabase SELECT on

/game/gameId

and if the current user's ID isn't in the

players

array, then RLS kicks in. So handling the response to that is where I'm currently stuck.

eoin

04/22/2022, 1:15 PM

Now that I re-read the file though, I probably want to handle something in the

if (error)

section?

Copy code

js
import type { NextApiRequest, NextApiResponse } from 'next'
import {
  withAuthRequired,
  supabaseServerClient,
} from '@supabase/supabase-auth-helpers/nextjs'
import supabase from '@/utils/supabase'

export default withAuthRequired(async function ProtectedRoute(
  req: NextApiRequest,
  res: NextApiResponse
) {
  const { user } = await supabase.auth.api.getUserByCookie(req)
  const { data: test_games, error } = await supabaseServerClient({ req, res })
    .from('test_games')
    .select('*')
    .eq('uuid', req.query.gameId)

  if (error) {
    res.send({ message: JSON.stringify(error) })
    return
  }
  res.json(test_games)
})

eoin

04/22/2022, 1:15 PM

The error message in my original message is just that

res.send

then?

eoin

04/22/2022, 1:19 PM

This is my simply

[...game].tsx

file where I fetch the API route above that depends on the Supabase SELECT for it's response:

Copy code

js
import type { NextPage } from 'next'
import Link from 'next/link'
import { useRouter } from 'next/router'
import useSWR from 'swr'
import fetcher from '@/utils/fetcher'

const Game: NextPage = () => {
  const router = useRouter()
  const route = router.query?.game
  const gameId = route ? route[0] : null
  const { data: gameData, error } = useSWR(`/api/game/${gameId}`, fetcher)
  // TODO: Handle error here: Still trying to render HTML below
  if (error) return <div>{error}</div>
  if (!gameData) return <div>loading...</div>

  return (
    <>
      <Link href="/">Home</Link>
      <ul>
        <li>
          <b>Title:</b> {gameData[0].title}
        </li>
        <li>
          <b>ID:</b> {gameData[0].uuid}
        </li>
        <li>
          <b>Share code:</b>
          {gameData[0].share_code}
        </li>
        <li>
          <b>Players:</b> {gameData[0].players}
        </li>
      </ul>
    </>
  )
}

export default Game

The

error

is not getting hit here at all, and instead it's trying to render

gameData[0].title

with the

/api/game/null

redirect I mentioned, therefore crashing the app. Not sure if this helps clarify what I'm trying to do.

silentworks

04/22/2022, 1:22 PM

Can you jump on a call with me on discord?

eoin

04/22/2022, 1:29 PM

I can't right now as I have b2b meetings at work, and this project is on my personal machine 😦 Maybe some time over the weekend or next week if the weekend doesn't suit you? 🙏 Thank you so much for even the offer.

silentworks

04/22/2022, 7:34 PM

Yeah lets get on a call tomorrow or Sunday and try to get this sorted

eoin

04/24/2022, 3:15 PM

Hey sorry for the radio silence here @silentworks. I got my booster Covid vaccine yesterday and it's completely floored me. 🤒 I've done some prep work to better-explain the problem if a call some time during next week would suit you?

silentworks

04/24/2022, 7:56 PM

@eoin no problem, I hope you’ll be back to full health soon. Next week works well for me.

Previous Next