Integrating With Supabase Auth

1
import { createClient } from 'npm:@supabase/supabase-js@2'
2
3
Deno.serve(async (req: Request) => {
4
  const supabaseClient = createClient(
5
    Deno.env.get('SUPABASE_URL') ?? '',
6
    Deno.env.get('SUPABASE_ANON_KEY') ?? '',
7
    // Create client with Auth context of the user that called the function.
8
    // This way your row-level-security (RLS) policies are applied.
9
    {
10
      global: {
11
        headers: { Authorization: req.headers.get('Authorization')! },
12
      },
13
    }
14
  );
15
16
  //...
17
})

1
Deno.serve(async (req: Request) => {
2
  // ...
3
  const authHeader = req.headers.get('Authorization')!
4
  const token = authHeader.replace('Bearer ', '')
5
  const { data } = await supabaseClient.auth.getUser(token)
6
  // ...
7
})

1
import { createClient } from 'npm:@supabase/supabase-js@2'
2
3
Deno.serve(async (req: Request) => {
4
  // ...
5
  // This query respects RLS - users only see rows they have access to
6
  const { data, error } = await supabaseClient.from('profiles').select('*');
7
8
  if (error) {
9
    return new Response('Database error', { status: 500 })
10
  }
11
12
  // ...
13
})

1
// Follow this setup guide to integrate the Deno language server with your editor:
2
// https://deno.land/manual/getting_started/setup_your_environment
3
// This enables autocomplete, go to definition, etc.
4
5
import { createClient } from 'npm:supabase-js@2'
6
// New approach (v2.95.0+)
7
import { corsHeaders } from 'jsr:@supabase/supabase-js@2/cors'
8
// For older versions:
9
// import { corsHeaders } from '../_shared/cors.ts'
10
11
console.log(`Function "select-from-table-with-auth-rls" up and running!`)
12
13
Deno.serve(async (req: Request) => {
14
  // This is needed if you're planning to invoke your function from a browser.
15
  if (req.method === 'OPTIONS') {
16
    return new Response('ok', { headers: corsHeaders })
17
  }
18
19
  try {
20
    const SUPABASE_PUBLISHABLE_KEYS = JSON.parse(Deno.env.get('SUPABASE_PUBLISHABLE_KEYS')!)
21
    // Create a Supabase client with the Auth context of the logged in user.
22
    const supabaseClient = createClient(
23
      // Supabase API URL - env var exported by default.
24
      Deno.env.get('SUPABASE_URL') ?? '',
25
      // Supabase API PUBLISHABLE KEY - env var exported by default.
26
      Deno.env.get(SUPABASE_PUBLISHABLE_KEYS['default']) ?? '',
27
      // Create client with Auth context of the user that called the function.
28
      // This way your row-level-security (RLS) policies are applied.
29
      {
30
        global: {
31
          headers: { Authorization: req.headers.get('Authorization')! },
32
        },
33
      }
34
    )
35
36
    // First get the token from the Authorization header
37
    const token = req.headers.get('Authorization').replace('Bearer ', '')
38
39
    // Now we can get the session or user object
40
    const {
41
      data: { user },
42
    } = await supabaseClient.auth.getUser(token)
43
44
    // And we can run queries in the context of our authenticated user
45
    const { data, error } = await supabaseClient.from('users').select('*')
46
    if (error) throw error
47
48
    return new Response(JSON.stringify({ user, data }), {
49
      headers: { ...corsHeaders, 'Content-Type': 'application/json' },
50
      status: 200,
51
    })
52
  } catch (error) {
53
    return new Response(JSON.stringify({ error: error.message }), {
54
      headers: { ...corsHeaders, 'Content-Type': 'application/json' },
55
      status: 400,
56
    })
57
  }
58
})
59
60
// To invoke:
61
// curl -i --location --request POST 'http://localhost:54321/functions/v1/select-from-table-with-auth-rls' \
62
//   --header 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZS1kZW1vIiwicm9sZSI6ImFub24ifQ.625_WdcF3KHqz5amU0x2X5WWHP-OEs_4qj0ssLNHzTs' \
63
//   --header 'Content-Type: application/json' \
64
//   --data '{"name":"Functions"}'