N
Nuxt6mo ago
abd

Supabase server-routes RLS authentication

Hello, 1. I am using supabase as part of my application 2. I am making all calls to supabase tables from server-side routes 3. I am adding in RLS to each of my tables. From the documentation I read that supabase will automatically send the JWT of the logged in user on CRUD requests to tables to validate the RLS rules. How does this happen if I am using supabase in server-routes where there is no client context?
6 Replies
Scripted Pixels
Scripted Pixels6mo ago
Did you get any answers from this in the end?
abd
abdOP6mo ago
@Scripted Pixels so from my testing / understanding: 1. Since supabase is setting cookies under the top level domain, the server routes will receive all cookies when requested. 2. Nuxt is using nitro which wraps h3 for the web server powering server routes, which gives you the event argument passed to each route handler 3. Inside of the event object you have the headers property. 4. You pass the event object to supabase when initializing its objects and it will get the token from there and I guess unencode it to get the user information 
export default defineEventHandler(async (event) => {
  const user = await serverSupabaseUser(event)
  const client = await serverSupabaseClient(event)
export default defineEventHandler(async (event) => {
  const user = await serverSupabaseUser(event)
  const client = await serverSupabaseClient(event)
Scripted Pixels
Scripted Pixels6mo ago
Oh nice, so for each user that’s calling this from their own device it’s doing the decoding for them on the server against their cookies. So it send only what they’re allowed to accessto (rls comes in to play here too)
abd
abdOP6mo ago
The ‘what they’re allowed access to’ is entirely dependent on how you setup the rls. But you will have their auth.id there available so very easy to just define the policy you need You can DM me if you want help on the rls policy I just built a tester to really learn all about it and finished with my schema for all tables
Scripted Pixels
Scripted Pixels6mo ago
Yep, I think I’ll need a hand getting my head around it all - usually just focus on the front end side of things so learning this world and have plenty of simple questions 😂 I’ve managed to get triggers working with user registration & I need to try & have a go at testing my current RLS setup with another user but I decided that I want nuxt to be running this server side instead as I’ll be hitting the end points from an iOS app aswell as a web app
abd
abdOP6mo ago
sure lemme know
Want results from more Discord servers?
Add your server