ashkanahmadi

Sorry I don’t think reads update the index. My bad.

Postgres has no issues with 1m or 10m rows as long as things are set up properly. Do not index things if they don’t need to be indexed really since every read and write has to update the index and that can slow down the table if you have 10m rows with a lot of reads and writes per second. You asked if it makes sense. That depends on your db structure. Do you really need 10m rows? Is it a large application? For example I have a coupon code table with 1m rows (unique codes) and it has no issues with almost no latency but if you have 10m rows with a lot of pieces like triggers, db functions, etc then you might need to ask in the Postgres subreddit for more specialized advice. With RLS, just allow the minimum the user needs to achieve something (see, update, etc).

Thanks for sharing. Good to know. I have a few edge functions but not so much traffic to worry about it yet. I'm still on the free plan. Thanks

> you should not be running your migrations scripts manually in the Supabase Dashboard Wait, people do that? 🤣 what’s the point of migrations if someone runs them manually?

Thanks for sharing. Good to know. Luckily, my OCD has prevented me from having this issue since i have to check things 10 times before I feel comfortable enough to publish stuff haha

why do you think it's AI generated?

Perfectly fine. There is no way around it. Make sure your tables have proper RLS set up. If you dont know anything about RLS, check out this video: https://www.youtube.com/watch?v=vZT1Qx2xUCo

I’ve heard that recaptcha isn’t EU/GDPR compliant and should be avoided and since I operate in the EU, I’m not sure I can use it

Thank you. Create clear and straight forward. I noticed that Turstile is web-only since it loads external JS to render and solve the challenge. Do you know any alternative for a mobile app?

I've never used Turnstile. Is it free and easy to implement?

Thanks for sharing. I'm bookmarking this. > Turns out: Supabase Auth allows direct access to /auth/v1/signup using the public anon key. Obviously the JS SDK calls API routes for everything. Every table you create by default has an API route. You can use Bruno (or any other HTTP client) to do all operations without needing the JS SDK. I use it to test things before putting it into code. These are some of the endpoints: ``` Confirm user: /auth/v1/verify { "email": "email-to-confirm-here@test.com", "token": "123456", "type": "email" } Log in: /auth/v1/token?grant_type=password { "email": "email@gmail.com", "password": "password" } Recover/Reset password (sends out the password reset confirmation) /auth/v1/recover { "email": "email@gmail.com" } Get a ticket and all the order data based on ticket ID /rest/v1/tickets?select=*,orders(*)&id=eq.9b623012-41b7-4d7b-ba6b-021aa1292fd8 ``` You can always see what URL any Supabase request is calling using by console logging the request without `await`. For example: ``` const query = supabase.from..select(....) console.log(query) // query.url will have the full URL on Supabase ```

Good info. Also, worth mentioning that unless you have tens of thousands of rows and a LOT of traffic, indexing doesn't do a much better job than having no index at all. There is no point in having an index if you are adding 5 rows in a week and have 500 rows in total!!

30+ like 35 or like 3500?! Postgres can handle 100+ tables with no issues depending on your indexes, table structure, etc. You won't face any issues anytime soon

Where would I paste the data though?

How would I copy paste? copy the data on Excel and then where to paste?

How do I do that? Genuine question.

My recommendation is using different for branches for different app versions. This is what I have: - dev-1.3.0 - main-1.3.0 - dev-1.2.0 - main-1.2.0 …etc Your git has to match your app version. When you introduce any breaking changes or you want to force upgrade, you go to the previous git versions and push out an update that forces the users to update. Do this when you make any major changes to the app (like upgrade or add native libraries) or when you make breaking changes to the db where the previous versions would be incompatible. For example, I had a few versions in production but I had to refactor parts of the db but after changing the db, the previous versions wouldn’t be working anymore so I followed these steps: 1. Make the changes in local and test on staging but do not push to production db. Have everything ready for “supabase db push” 2. Have all your changes ready. If there is a new version, make sure it’s submitted to the App Store but you have to push it manually 3. Have an update check every time the app opens to check if there is any update available. If there is, force a pop up that forces the user to restart the app. 4. If you want to force users to upgrade, the go to each branch version and push out the update to enable that pop up to force to go to the App Store to upgrade. If it seems complicated, let me know to explain it better

Makes sense 👍

Thanks for sharing. Why not use something like Neon if you wanted the database without the auth part?

Look into Neon. They also give you a Postgres db. You can use any auth

The RLS is just a database `IF` condition for the action. The RLS is for bringing the condition to the database level out of the frontend. There is nothing magical or hard about it. It can get complicated but it's an easy concept. Think of RLS as an `if` statement inside a loop. The database will go through every single row and if the `if` condition returns true, it will allow it to go through (whether it's SELECT or INSERT or UPDATE or DELETE).

Thanks a lot. I ended up doing this which seemed the most efficient way to do it. No instead of having all the user_id columns in all my tables referencing the auth.users.id, all of them reference the profiles.id column and only profiles.id references the auth.users.id column.

The issue isn’t Supabase. The issue is that the web development industry is so huge and complex that it’s impossible for one person to know everything. You don’t know what you don’t know and that’s usually okay. But moving forward, if you have an edge functions that sends out the welcome email, create a log table that holds your custom logs from edge functions and if an email goes out (or doesn’t) make a record so that you don’t need to guess “is this function really working or no?” You can just take a quick look to get your answer

You should run `supabase db push` to push and run the new migrations you have that are not present on remote. Always run `supabase migrations up` to run the new migrations in local, `db push` to run it on remote. NEVER run `migrations up` on production. Also, word of caution: when you work with a team, make sure ONLY 1 person can push anything to production (whether backend or frontend). Like this, tasks are very clear and you wouldn't accidentally try to push to production while the other person has already pushed it to production!!

That sounds good. However, I already see an issue (just based on your comment, I obviously do not know the whole db structure): > The issue was that the database constraint was still expecting 'pro', so inserts with 'premium' was silently failing You shouldn't hardcode values in your table. You should use a separate table with all your subscription types and names, and just use a reference to their `id`. Like this, even if you change the name from Premium to Potato, nothing would break. In general, it's best to deal with ids rather than names since ids are less likely to change than names. I have a table called `logs` with a few columns like `message`, `http_code`, `meta_data`, `route`, `type`, .... In my edge functions, I always log everything especially if something fails. For example, if an insert fails, you can usually get the error message in `error`. Then I check if there is an error and if yes, I log it. Then I go through the log once every couple of days to ensure things aren't failing and if they are failing, I can see where or how or why. I have managed to catch a lot of silent failures very quickly just by looking at my custom logs table. Example (pseudo-code, not from actual function): ``` const { data, error } = await supabaseAdmin.from('some_table').insert(some_stuff) if (error) { await supabaseAdmin.from('logs').insert({ http_code: 500, // or whatever you think the error might be message: 'Failed to insert into some_table', route: 'edge-function:my-edge-function', meta_data: error }) return new Response(JSON.stringify( { success:false } )) } ``` > I fixed it by writing a migration to update the constraint and then ran the migration on the database. Then I generated the Supabase types and initialized my client with createClient<Database>, so the linter can catch this kind of mismatch That's great practice and it's good that you ran a migration to track changes instead of making manual changes to the db directly.

Thanks for sharing. Can you provide more info like what exactly happened, and what caused it and how you solved it. Just in case so that I can keep it in mind and know what to look for and what to do in case it happens. Thanks

You can just downgrade to a version before 2.71.1. I already posted a comment explaining check it out if you want

It's an issue with the JWT. Starting from around v2.71.1 Supabase implemented the new asymmetrical JWT: https://github.com/supabase/cli/issues/4726 What I ended up doing was downgrade to a version below that so everything is how it was before the new JWT. I'm using v2.62 on local at the moment and you can do that too (you dont need to make any change on remote production Supabase): How to install a specific version: Mac/Linux: You cannot install a specific version with Homebrew. We need to use the GitHub releases 1. Make sure that Supabase isn't installed. Run `brew info supabase`. If you get any info, you need to run `brew uninstall supabase` 1. Go to this link: https://github.com/supabase/cli/releases/tag/v2.62.10 1. If you have Mac M1 or more, download the `supabase_darwin_arm64.tar.gz` file 1. Open terminal and go to the folder that has the downloaded file: ```bash # 1) Go where the downloaded file is, for example: cd ~/Downloads # 2) Extract tar -xzf supabase_darwin_arm64.tar.gz # 3) Find the extracted binary (in case it’s inside a folder) BIN="$(find . -maxdepth 3 -type f -name supabase -print -quit)" echo "$BIN" # 4) Make it executable chmod +x "$BIN" # 5) Install it to /usr/local/bin/supabase sudo mkdir -p /usr/local/bin sudo mv "$BIN" /usr/local/bin/supabase sudo chmod +x /usr/local/bin/supabase ``` WINDOWS: you can install a specific version with Scoop: ``` scoop install supabase@<VERSION> # Example: scoop install supabase@2.62.10 ```

Same in Spain

Your blog failed to explain what is hard to maintain that is specific to Supabase. Your problem isn’t specific to Supabase. Your problem is clearly stated in your own blog: > When we are building, we optimize for velocity. We measure progress by features shipped. We move fast, we push changes quickly, we break things, and we celebrate when we hit "Live". It clearly demonstrates poor project management and planning on your company’s part. It’s this mentality that “just push bro, if it breaks the we will fix it later”.

I never got to reply to your comment. Thanks a lot. Very useful

I'm a bit confused as what you have and what you want to achieve exactly. A user can only do what their role is allowed to do through the RLS. If you dont want the users to update a row, then do not have an UPDATE RLS, or have an RLS that does not apply to them. An RLS is nothing but an `if` statement. It's a condition that is applied to every row in your table. If the function returns `true`, that row is affected (inserted, updated, deleted, ...). If you want the user to change certain columns but not some other columns, then you need the CLS. The CLS is in beta mode but that doesn't mean it's not production ready since RLS and CLS are Postgres features baked into it. They aren't Supabase features. If you explain it a bit clearer, we could help better.

The word "steal" is an extremely negative word in the corporate/business world. Also, there are many grey area legal issues with how you are framing it. I could not figure out what your website really does. The main issue I have is the lack of explanation of how it does what it promises to do. > Discover your competitors’ customers and turn their product frustrations into your next deal. How do you find my competitor's customers?

Typical developer approach 😆

Because they are two different devices. The bouncer at the door scans the tickets. The user is standing at the door showing their ticket. So it’s two different devices

Thanks. I thought of that but about 200 people lining up at the door with their QR ready causing the app to send refetch requests every couple of seconds seems a bit excessive in this case.

That's definitely a valid point. Thanks. So what you are saying is that it's best to have the products table as a real time table so in case availability or prices change, it is reflected automatically and immediately on the frontend, instead of the booked tickets, right?

Seems to be the case, yes. The US servers seem to go down more often (not just Supababse. It seems to be a pattern across all platforms).

Thanks I downgraded to 2.62.10 (I remembered at that time, my CLI had no issues so I will continue with this version until I have free time to look into refactoring my code)

I did review everything but the documentation does not explain how to refactor an existing function with user validation code. It has a very rudimentary example (getting the name from the JSON body) but nothing substantial.

Thanks a lot. I tried that but I got an error about iss not being valid. Since I have to develop a feature asap, I cannot spend more time on this. I had to rollback the cli to version 2.62.10 (something a few months old) so I knew I wouldn't have any issues until I can work on it in the future. A clear dedicated video on YouTube would be very appreciated like a clear step by step showing how to do the whole thing on SB local since I see a lot of people are having an issue with this here on Reddit and on GH Issues. Thanks

Same. For me, it throws an error too

Thanks. I reviewed that in detail and also the code on GitHub but I'm still confused as how to refactor my existing edge functions to use the new asymmetrical JWT verification. I have this code in the beginning of my edge functions but looks like Supabase treats this as legacy code and I cannot tell what I need to replace it with: https://pastebin.com/v1nRVMf0 Do I just wrap the entire body of `Deno.serve` with `AuthMiddleware`? I find the documentation not that helpful in this regard. If you could help me out, that would be great. Thanks a lot

The issue is fixed. I just had to close everything (Supabase, Docker, ...) and restart my Mac completely and relaunch everything from scratch. Now having the line import "@supabase/functions-js/edge-runtime.d.ts" does not cause any issues.

Thank you. The issue is fixed. I just had to close everything (Supabase, Docker, ...) and restart my Mac completely and relaunch everything from scratch. Now having the line `import "@supabase/functions-js/edge-runtime.d.ts"` does not cause any issues.