Supabase + Next (help with DB rules)
I'm currently learning supabase for Nextjs(with NextAuth), just finished trying out RLS and i guess it worked.
However, i'm trying to do something else now which i'm not sure how to do:
The RLS examples that supabase provided were enough if for example a user would like to update/create his own data (something like auth_id = id)
How do i implement a feature though where for example, i have a new table called scoreboard tallying player scores. The scores should only update after some events have occured (e.g. a win or lose event from the frontend) and the user shouldn't be able to tamper with this even if he made requests via postman/curl instead, bypassing the UI. How do i do this?
basic crud operations were simple enough with supabase, even with RLS, i've been stuck with this tho, been trying to google/chatGPT things but all of the solutions i've found required non-trivial SQL code. Is it necessary to learn raw SQL at this point? Or is this something that (maybe) can be done by learning prisma?
1 Reply
Hi. Bit of a noob myself here. Couldn't you just provide any secure key through .env through the web client and check it exists on the server?