Boog
ACL Challenges with Nuxt 3 and Supabase in Server-Rendered Context
Issue Overview
When using Nuxt 3 with Supabase, implementing Access Control List (ACL) checks in a server-rendered context presents significant challenges:
1. Server-Side Rendering (SSR) Limitations:
- Cannot reliably perform ACL checks during SSR as the JWT (stored client-side) is not available.
- Example:
if (!canCreate('asset')) throw createError('Access Denied')
doesn't work in server-side setup.
2. Inconsistent Behavior:
- ACL works fine with client-side navigation.
- Issues arise on full page reloads of ACL-gated pages.
3. Security Concerns:
- Relying solely on client-side checks is insufficient.
- Users could potentially bypass by directly accessing URLs or forcing page reloads.
4. RLS Limitations:
- Supabase Row Level Security (RLS) effectively blocks direct DB access.
- However, RLS doesn't directly expose itself to the client UI for ACL purposes.
A teammate summed it up by: Yeah but it’s flaky at best. Stuff works fine so long as you navigate to ACL gated pages 100% in client context. If you do something like a full page reload on an ACL gated page, it acts up.
I can’t do a if (!canCreate('asset')) throw createError('Access Denied') type of check in the /asset/upload page setup context because the data to do that isn’t available in server rendering context.
Question for the Community
How are others handling ACL in Nuxt 3 applications with Supabase while maintaining SSR? Are there any recommended patterns or best practices emerging to address this issue?2 replies
Odd situation with Nuxt hosting and site accessibility
Hey everyone. First post on this Discord. We have a Nuxt app (an intranet, small company app) that we have deployed through Digital Ocean. We love it. It works flawlessly, except one issue. Anyone on Verizon Wireless can't access it. From in our out of their company, from all over our state, you can access and use the app in any situation except if you are on a VZW network, not on WI-FI. It's not a DNS issue either.
We looked into Digital Ocean, but the firewall isn't even turned on at all. Digital Ocean uses CloudFlare, but there's no interface for that even. So we really are kind of stuck there.
In the odd scenario that we may have to try a different host, everything that Nuxt and Nitro suggest has less than ideal pricing options (pay per user, large fees for a small project, etc) and generally uses some kind of edge network (CDN). What do people do on here for hosting? Any advice?
17 replies