Supabase is an open source Firebase alternative. Start your project with a Postgres database, Authentication, instant APIs, Edge Functions, Realtime subscriptions, and Storage.

Supabase

Can i create policies for functions? How can protect it if not?

There is no RLS policy directly on functions.  But they will honor RLS of tables, unless you override with "security definer"
Remember RLS policy is just an extra query, so you can implement whatever extra policy checking you want in the function itself, including using auth.uid() etc.