https://supabase.com/ logo
Join Discord
Powered by
Hey! Whenever I try to INSERT into my DB via BASH ...
# help
d
Hey! Whenever I try to INSERT into my DB via BASH instead of the Javascript method, I get row level security issues. Could I get some help with this?
s
This means you have row level security turned on on the table and your request isn't getting pass the rule you setup
d
Hey! Thanks for helping. What is strange is when I use the javascript method to .insert(), it works fine
I switched the toggle in the UI from Javascript to Bash, copied the request, replaced the SUPABASE_KEY with my key and it is now failing to pass RLS
to be specific, replacing it with 
process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY
s
What does your rule look like?
d
Sure.
s
So your user is required to be logged in, you will have to do a user log in with bash first, it will return a token and you will need to use that token with all INSERT requests from bash
d
Ah ok. I actually converted the bash request to 
fetch
in javascript. Therefore I can access the token right? Where should I include it?
Thanks for this help
I converted the request with https://kigiri.github.io/fetch/
s
How are you logging in? are you using email/password login or a social auth?
d
magic links
So as part of the request, I send off the user_id by doing 
supabase.auth.user().id
since I have a user_id column in the table i am posting to
s
So in your API section under User Management, look at Log in With Magic Link Via Email
Once you've done that, it should return a json object with 
access_token
d
Oh ok. Do I need to do this even if I am already signed in?
s
You aren't signed in in your bash session
You are signed in in JavaScript/browser session
d
Ah yes. I am using Next for the first time so I get confused between Browser side/server side
but if I have access to 
supabase.auth.session().access_token
i dont need to login again right?
And once I have this access token, where should I include it?
s
Wait why are you doing bash stuff on the server side?
You can use the same supabase library on the server side
d
Ok so I am using Next JS. I am using evervault.com to intercept my request and encrypt certain fields. To do this, I am doing using the 
fetch
method which I got by converting the BASH request using https://kigiri.github.io/fetch/. It populates and encrypts the field in the database but only with RLS off
When I am making the request, I have access to 
supabase.auth
so that means I also have the access token by doing 
supabase.auth.session().access_token
I am wondering where I should include this so that I can pass the RLS
s
Under the API section again, you should see your table there, click on your table and look for the Insert rows section
d
Yep. That is where I got the Bash request once I toggled from Javascript to Bash. 🙂
s
You will need to replace the 
SUPABASE_KEY
with the 
access_token
d
Ok
is the Authorization the field that takes the access_token ?
s
yeah
d
It works
👑
s
I'm almost certain we could make it easier by using the supabase library itself instead of the curl calls
d
Lesson. RLS requires some sort of way to identify which user is making the request. I did not include it, so it is impossible RLS would pass
s
But we can look into that a next time
d
Sure! I am using evervault.com which intercepts the requests and encrypts fields I filter to encrypt
So for example "phone-number"
then using the evervault sdk it automatically decrypts them when a user is viewing their profile
that way I dont store any plaintext data but the user sees their data as normal
now that this is working, that is great! thanks
took like 5 minutes to setup with supabase + evervault so thanks for that
s
Yeah since you are doing this server side you could just use your 
service_key
with a new instance of the Supabase library to bypass all RLS and insert into the table after the encryption is done
d
Ah ok. Yeah that would work if I used the evervault sdk to encrypt but I am using their product Relay which just generates another URL for me to hit
and then it forwards the request to supabase database
with the data encryped
if I used evervault.encrypt(data), then yeah, the supabase sdk would be better
going to consider that
thanks
s
No problem, happy to help.
d
Hey! You mentioned the secret key. Where do you put the secret key to override RLS when using the supabase javascript methods?
`service_key`*
Ah I got it, thanks
PreviousNext
Powered by