https://supabase.com/ logo
Join Discord
Powered by
Lets say I have a admin dashboard in my SPA that I...
# help
a
Lets say I have a admin dashboard in my SPA that I only want authenticated users to have access to. Can I just assume that the user is authenticated, enable RLS and redirect the user back to a login screen when getting a not authorized error back from supabase? I have only started using supabase / (and client side auth in general) over the weekend. So just wanna hear if I understood it correctly and otherwise told why my approach is wrong 🙂 The alternative I assume would be to constantly do a 
supabase.auth.user()
check
n
Hello @anon_123! This thread has been automatically created from your message in #843999948717555735 a ``few seconds ago``. Pinging @User so that they see this as well! Want to unsubscribe from this thread? Right-click the thread in Discord (or use the ... menu) and select Leave Thread to unsubscribe from future updates. Want to change the title? Use the 
/title
command! We have solved your problem? Click the button below to archive it.
g
Just doing a select won't work unless you know it will never be empty array. There is no error on RLS violation, it just does not return any data (just an empty array). You probably can use .onAuthStateChange to block access to your admin dashboard route, or send the user to somewhere safe on signout. auth.user() just looks up user in the object in memory it is a 1 line function, so no harm in calling as much as you need.
n
schoening (2022-04-11)
a
Thanks @garyaustin yes I noticed that I get back an empty array rather than an error
Another odd thing I noticed: When attempting to create a new user 
await supabase.auth.signUp({ email, password });
with the email / password of an already existing user I also do not get an error. It gives back a user. But that user does not exist inside my db. Why would I not get back an error in that case? Is it to protect the emails by not giving away if the 
signUp
action has failed or not? Or is there another reason?
g
Yes that is reason. People seem split 50/50 on that not returning error, but that is by design. Several discussions on in it on github.
a
Thank you for clarifying 🙂 By the way I just re-read your previous answer: So the 
supabase.auth.user()
does not even do a roundtrip to the server?
g
Copy code
/**
   * Inside a browser context, `user()` will return the user data, if there is a logged in user.
   *
   * For server-side management, you can get a user through `auth.api.getUserByCookie()`
   */
  user(): User | null {
    return this.currentUser
  }

  /**
   * Returns the session data, if there is an active session.
   */
  session(): Session | null {
    return this.currentSession
  }
a
Thanks, I should have checked 😅
PreviousNext
Powered by