Threads
Loading user profile...
The user is experiencing a high number of requests to Supabase when navigating their app, with 320 requests in 15 minutes, including 80 auth requests. They suspect caching issues with their Data Access Layer (DAL) and are seeking advice on reducing the request count.
The user is experiencing an issue where the authenticated user data is not being retrieved in a library function. Despite being logged in, the `getClaims()` call returns null in the `stripeDBSync()` function, which is intended to sync data with Stripe's API.
The user kkats is experiencing an issue after migrating to new API keys. They disabled the legacy JWT keys and updated their .env.local file with the new publishable key, but they encounter an error indicating that the project's URL and Key are required to create a Supabase client. They are seeking help to resolve this issue.
But is there a way to cache fetching data from supabase in my DAL? Im using the new Nextjs 16 'use cache' but queries are not cached. Probably because of supabase create client which has cookies forcing the request to always be fynamic. Here is an example of one of my fetching functions: ``` const getSubscriptionByUserIdCached = async (user_id: string, fieldString: string, authenticated: boolean) => { 'use cache: private'; cacheLife('minutes'); cacheTag(`user-subscription-${user_id}`); if (!authenticated) throw new UnauthorizedError("User not authorized"); const supabase = await createClient(); const { data, error } = await supabase .from("subscription") .select(fieldString as "*") .eq("user_id", user_id) .maybeSingle(); if (error) { console.error(`[ERROR][DAL][Subscription_getSubscriptionByUserId] User: ${user_id} |`, error); throw new InfraError("Failed to retrieve subscription"); } return data; }; getSubscriptionByUserId = async (user_id: string, fields?: string[]) => { const fieldString = fields?.length ? fields.join(",") : "*"; return getSubscriptionByUserIdCached(user_id, fieldString, this.authenticated); }; ```
The webhook route does not creata a supa client. It calls a function which uses my DAL which is the thing that creates a supa client
Yea I will not disable RLS simply for this one use case. Im just wondering if there is a way to handle this without disabling it
ok, thanks a ton!
and then i dont have to care about updating stripe, I can simply query any table + the stripe schema tables to get what I want
So to get this stright, youre saying simply go with the sync engine, add a "customer_id" on my user table. Then derive all i need by joining stuff
ok this doesnt look half as bad. What about edge function invocation? We are doing our MVP on vercel and I dont wanna bankrupt the thing from now.
Also now that I think about it I would still need to keep track of the `supabase auth user id` and `stripe customer id` mapping no?
Im just a bit afraid of usage and storage limits if the stripe schema syncs all the time. Also not sure how to cache stuff that way + I would still need something custom to track usage per month
My main issue is that im not even sure I need to be storing all these data for a user. Simply knowing on which plan he is is enough for me. Currently im simply fetching from the subscription data from stripe api on every event from my webhook and syncing my DB, and every time I need something I check my DB.
No I cannot view them.
In the docs https://nextjs.org/docs/app/guides/data-security#data-access-layer they mention DAL should do authorization
Yea I see
I also don’t have edge functions, how would they be used here?
Do you btw use it ?
Yea that also confused me, the only official document implies it is a replacement but in the github and here they separate them
I just don’t get why it is mentioned that it’s not a replacement so frequently when I’m doing the exact same thing with my custom sync logic. I don’t see the difference in use case
Oh yea that was my question too, I see these things mentioned separately but isn’t that what im already doing? Syncing subscription statuses, payments, etc.
But doesn’t that cover all the cases for what I’d use stripe for?
But in the docs it says it can see anything that select can see. I do not have a delete policy.
I guess correlation != causation is true lmao
Yea in my mind the OS should have nothing to do with it but it just happened as I switched so it was a bad correlation
Ok 2.91.1 solved the issue. Thanks a ton for catching this I was losing my mind.
Will do, thank you anyways!
To be fair I never learned how to handle package.json so that could contribute. How can I downgrade to 2.91.1
Hm my bad then it was showing in the vscode tooltip
I upgraded to 2.92 and now I get this upon building
``` Code generation for chunk item errored An error occurred while generating the chunk item [project]/node_modules/@supabase/supabase-js/dist/index.mjs [app-client] (ecmascript) <locals> Caused by: - the chunking context (unknown) does not support external modules (request: node:module) Debug info: - An error occurred while generating the chunk item [project]/node_modules/@supabase/supabase-js/dist/index.mjs [app-client] (ecmascript) <locals> - Execution of <EcmascriptModuleLocalsChunkItem as EcmascriptChunkItem>::content_with_async_module_info failed - Execution of *EcmascriptChunkItemContent::new failed - Execution of EcmascriptModuleContent::new failed - the chunking context (unknown) does not support external modules (request: node:module) Import traces: Server Component: ./node_modules/@supabase/supabase-js/dist/index.mjs ./node_modules/@supabase/ssr/dist/module/createServerClient.js ./src/lib/supabase/server.ts ./src/components/generic/Header.tsx ./src/app/layout.tsx Client Component Browser: ./node_modules/@supabase/supabase-js/dist/index.mjs [Client Component Browser] ./node_modules/@supabase/ssr/dist/module/createBrowserClient.js [Client Component Browser] ./src/lib/supabase/client.ts [Client Component Browser] ./src/hooks/use-current-user-name.ts [Client Component Browser] Client Component SSR: ./node_modules/@supabase/supabase-js/dist/index.mjs [Client Component SSR] ./node_modules/@supabase/ssr/dist/module/createBrowserClient.js [Client Component SSR] ./src/lib/supabase/client.ts [Client Component SSR] ./src/hooks/use-current-user-name.ts [Client Component SSR] ./src/components/generic/current-user-avatar.tsx [Client Component SSR] ./src/components/generic/AvatarMenu.tsx [Client Component SSR] ./src/components/generic/AvatarMenu.tsx [Server Component] ./src/components/generic/Header.tsx [Server Component] ./src/app/layout.tsx [Server Component] ```
Yea I am having trouble with dependency version because I did have the affected version
how can I update ?
After some investigating it looks like I even have a session correctly after exchanging the code for session using ```supabase.auth.exchangeCodeForSession(code)``` and also in supabase however when checking with ```const { data } = await supabase.auth.getClaims()``` or getUser() I get null. The code has not changed at all, only my OS.
Yea for the CLI I was looking at the wrong thing. However I cannot really find or isolate what could be cause issues with signing in. Everything up to supabase calling back to my app with the code works just fine. After that there is no error and also no session.
I get their differences, I still am not sure which one should be used for protecting routes (Doing autorization) ?
As a sidenote, would you recommend an ORM or can I just stick to creating queries in server components ?
I see, nevertheless, it worked. That was the issue. Thank you very much for the to-the-point fast explanation and help
id rather do it now with no data than later
Can i investigate to see if I messed more things up ? Or do you have any other queries to reset everything else too just to make sure ?
so highly likely its this
Pretty sure public schema was deleted and this one I created myself too
Yes I have suspicions that I messed some stuff up yesterday I was messing with deleting rows and Im pretty sure I ruined the schemas as well
I dont care as I dont really have any data so id rather start over with my migrations
so is there a way to revert everything ?
Does supabase db reset --link reset everything ?
yea but I dont really wanna go with ORMs unless its the standard practice.
let { data: user, error } = await supabase .from('user') .select('username') console.log("ERROR:", error); --> ERROR: { code: '42501', details: null, hint: null, message: 'permission denied for schema public' }
Could be related: https://discord.com/channels/839993398554656828/1409892722474614814/1440810178847965405
my public.users id is the UUID from the auth.user. I create public.user rows with a trigger when a new auth.user is created. This is the trigger in case it helps: ``` CREATE OR REPLACE FUNCTION public.handle_new_user() RETURNS trigger LANGUAGE plpgsql SECURITY DEFINER SET search_path = public, pg_catalog AS $$ DECLARE generated_username text; attempt int := 0; max_attempts int := 5; BEGIN -- Generate username attempts LOOP attempt := attempt + 1; -- Example format: user_ab12f3 (prefix + 6 hex chars) generated_username := 'user_' || substr(md5(random()::text || clock_timestamp()::text), 1, 6); -- Try to insert. If id already exists, do nothing but update email (keeps idempotency). BEGIN INSERT INTO public.user(id, email, username) VALUES (NEW.id, NEW.email, generated_username) ON CONFLICT (id) DO UPDATE SET email = EXCLUDED.email RETURNING username INTO generated_username; -- Insert succeeded (or existed). Exit loop. EXIT; EXCEPTION WHEN unique_violation THEN -- If username uniqueness is enforced by a constraint on username, handle collisions by retrying -- If the conflict was on id, ON CONFLICT above prevents error; this block catches username collisions. IF attempt >= max_attempts THEN RAISE EXCEPTION 'Could not generate unique username after % attempts', max_attempts; END IF; -- Otherwise continue loop to try another username END; END LOOP; RETURN NEW; END; $$; CREATE TRIGGER on_auth_user_created AFTER INSERT ON auth.users FOR EACH ROW EXECUTE FUNCTION public.handle_new_user(); ``` Kinda big but the bulk of this is just generating a random username on row insert. From the API Gateway I can see the following: ``` id: <currently logged in user id> status 403 method GET path /rest/v1/user search ?select=username user_agent node apikey <my publishable key> role authenticated ```
Yea I tried to avoid that and instead have a "status" column to autoset it to "disabled" or "deleted" instead of cascade delete. Do you think its better to get rid of the public user too ?
Thank you <:supafire:979110896762757121>
Yea basically thats what I wanted to emulate. That the user is created anew on next login so I can test my trigger. Good to know