Threads
Loading user profile...
I'm still using RLS policies for fundamental restrictions (e.g. restrict access to entities from user's own organization) which would not work via service account. But I agree that without *any* RLS policies, access via service role is sufficient.
[https://www.nuvix.in/docs](https://www.nuvix.in/docs) => 404, u/Illustrious-Mail-587 fyi. Only linked in the website footer, I think.
Nested queries, filtering, aggregations, ... basically everything that PostgREST provides compared to direct DB access.
*"A pgTAP test in CI catches any new table missing the policy:",* see my linked post. But it's really not a major pain point for me right now.
But you can include/exclude schemas from the Data API too in Supabase; that's not my problem. How does Nuvix allow per-user row access control?
I thought about it, but the PostgREST via supabase-js is just too convenient to give up on it in favour of raw SQL or a separate ORM.
After the initial \~5 lines of code, it's a single line of setup per table which is not complicated for me. That being said: My main points are the ones below. RLS complexity is not a pain point for me personally.
RLS setup is okay, but these days I simply [restrict PostgREST API access to my backend service only](https://www.reddit.com/r/Supabase/comments/1r8v3yx/how_to_prevent_clientside_access_to_postgrest_api/). My feedback on your project pretty much matches [this comment](https://www.reddit.com/r/Supabase/comments/1nlpnou/comment/nf7yzcn/) on one of your previous posts: >I have read a lot of your posts to try and get an understanding of what you’re building and have just had a look at your web app. I applaud your confidence and ability to attempt something like this, but as an experienced engineer just want to share some advice. You said that you’re 18 and have been building this for 8 months. Systems like this require large teams and sometimes several years to provide what you’re promising. After visiting your app, you have a very long way to go. I suspect that it has mainly been vibe coded? I am not against this but when you are taking peoples hard earned money and they are trusting you with hosting their BE, and all of the risks that come with that, it is absolutely essential that you do not take any shortcuts. Your posts talk about extensive research etc, but as an inexperienced, one man team, 8 months into a project, this just absolutely cannot be the case. Your app is not responsive and does not really follow and accessibility patterns. These are the basics that people expect before they even give your platform a seconds thought. Remember, you are asking people to the security and availability of their BE in your hands. Please take a step back and work on the basics before even considering launching. tldr; I would not use Nuvix because I would not trust a single-developer organization with the backbone of the software I'm building. Supabase is valued at $5B and has extensive resources and a community (like this sub). Nuvix's value proposition would need to be a lot bigger to justify that it doesn't have any of that.
Thanks! I saw the snippets/ dir, but wasn't aware it is synced. Regardless of that, it means that you need to be careful when using any kind of secrets in temporary scripts.
It depends on how the security mechanism works. I would still recommend reaching out to your client's cybersec people. Even if you can trick their system today, a new iteration could still try to click that button.
Am I understanding correctly that a service in your client's infrastructure opens links in emails and then even opens links within the website behind the original link? I would talk to the client and ask for explicit instructions. I haven't heard of this kind of scanning approach yet, but Supabase is not the only auth provider sending one-time use links. It also seems that clicking links in websites while the user is authenticated bears some risk. E.g. the website could contain any kind of other link that would randomly(?) be clicked and cause all sorts of problems. If talking to the client is not an option, maybe you could modify the redirect page to not expose a link, but rather a button which redirects on click, or - if the security tool would also click that button (wtf, actually), you could add a captcha.
My dashboard and app work; I can only imagine that the infrastructure changes could be the cause of your issues. Can you share the failing code and resulting error messages or behaviour?
[https://status.supabase.com/incidents/z3qp8rln72pl](https://status.supabase.com/incidents/z3qp8rln72pl) Also, my dashboard says: "Scheduled maintenance is in progress - Follow the [status page](https://status.supabase.com/) for updates"
It is, and new migrations get timestamp prefixed by default
Thanks; haven't tried downgrading yet. Also disabled JWT verification via config.toml to prevent error "Key for the ES256 algorithm must be of type CryptoKey. Received an instance of Uint8Array"
Thanks. The issue luckily only affects my local setup. My setup: DB trigger calls edge function, using Supabase service role key from vault in auth header. I expected this (now: legacy) behavior to remain robust until the final sunsetting of the legacy keys in late 2026.
Thanks for clarifying! I think I may just go for endpoints on my existing server/API as I do not need asynchronous queues for now.
[https://github.com/supabase/cli/issues/1338](https://github.com/supabase/cli/issues/1338) \- closed now, but has new comments after closing [https://github.com/supabase/cli/issues/3047](https://github.com/supabase/cli/issues/3047) [Edge Function development tips](https://supabase.com/docs/guides/functions/development-tips#organizing-your-edge-functions) recommend shared *import\_map.json*, but that has been legacy for a while now. More details here: [https://www.reddit.com/r/Supabase/comments/1jaey5r/struggling\_with\_edge\_functions/](https://www.reddit.com/r/Supabase/comments/1jaey5r/struggling_with_edge_functions/) Concerning the Deno VS Code extension: I remember that the "denoland" extension used to show multiple errors in non-Deno projects and slow down the display of TS types, but I can't find the corresponding bug reports. This of course is of course only loosely related to Supabase, but it added to the subpar experience.
Not sure if I understand: Is there a way to use Supabase Queues to replace edge functions for my use case? Also, there doesn't seem to a concept called "Supabase workers". Maybe you mean background tasks in functions, but those do not directly apply to my use cases.
Not sure what you mean with "server date". Can you provide a specific use case?
You have to tell us what exactly is not working and how the code is executed. Is this from a single file? If so, "is pending" and "error" would be assigned multiple times which would cause compiler errors (in TS), and the last third seems to have nothing to do with Supabase. Also, you're not returning "data" from within "queryFn" which probably is the problem.
The advertised vibe coding platform even mentions Supabase in the placeholder text :D
"ci_pico" is halloucinated btw. There is no such plan.
You need provide at least some basic Information if you expect help, like logs, and ideally code samples. I.e. I'm not sure how a DB timeout is mentioned when supabase-js does not directly connect to the DB. Supabase itself works for me and just seems fine overall: https://status.supabase.com/
I haven't used Identity Linking myself, but it should prevent the scenario you described: [https://supabase.com/docs/guides/auth/auth-identity-linking](https://supabase.com/docs/guides/auth/auth-identity-linking) If you observed to separate accounts created for the same email address, it could be worth creating a bug ticket.
It seems there is only the single homepage you linked and any other content including docs is requires signing in. It would be great so at least be able to access the documentation. It is not even clear how your solution would integrate with one's Supabase projects. Concerning your fourth point on your roadmap: Supabase already provides performance and security advisors. As another user already pointed out, I am not sure which benefits your solution would provide compared to using MCP with any compatible client and the option to switch LLMs.
Übersetz das am besten mal auf Englisch; das Sub ist englischsprachig. Concerning Supabase and scaling: Why do you assume it's too expensive and bad in terms of performance? What are the expected metrics for your app and where do you expect bottlenecks?
Thanks! The Supabase staffer's comment mentions "\[their\] *DPA incorporates Standard Contractual Clauses approved for international transfers by the European Commission".* Regardless of this and regardless of DPF, GDPR compliance usually also involves implementing custom documentation on your own end. I wish that Supabase would provide more guidance in this regard. I think a lot of Supabase users would appreciate some hands-on insights concerning self-hosting. Last time I checked (1-2 years ago), the consensus had been that while all components are technically FOSS, the actual deployment and operations where barely documented, making the process tedious.
[According to Supabase's Head of Growth](https://github.com/orgs/supabase/discussions/2341#discussioncomment-8406956), signing their [DPA](https://supabase.com/legal/dpa) would provide a way of becoming GDPR-compliant outside of the DPF. I don't have the necessary background to validate this statement; happy to hear your thoughts and insights.
I very rarely have any issues generating migration from changes performed in my local setup.
10 minutes is quite long, and without watching all of it, it's probably not clear which particular link you are talking about. My suggestion is to edit your post and 1. add the link to the video 2. describe what exactly you tried already 3. describe where you see the error 4. add anymore information, e.g. log output
When you mention as specific tutorial that is very relevant to your problem, you need to share that tutorial.
As I wrote: no need for these features.
I see some room for improvement with the current offering, but I'm not missing any of the features you mentioned for my current use cases. Supabase branding explicitly highlights PostgreSQL ("Supabase - The Postgres development platform"), so I think at least basic SQL skills should be expected.