You need to aware of this about Supabase

Рет қаралды 5,706

Күн бұрын

Пікірлер: 25

@abdullahislam 11 ай бұрын

Nice man. That's why in nextjs i run all my supabase code from a "use server" file so the code always gets executed from the server (without using service key). But I'm going to make sure from this video that even if the db url ever did get exposed - they don't mess with it. Thanks

@dave-7117 11 ай бұрын

Lol. That's the same for every single service deployed. If your user has the things needed for Auth, he can do whatever he is allowed to do. If you are worried, make sure to set the correct policies..

@DailyWebCoding 11 ай бұрын

Thank for the summary the video 🙂.

@raheemudheen6384 8 ай бұрын

bro,i have doubt, is someone know my supabase key,is it enough to access the supabase project,and the database??

@AlimamiHD 8 ай бұрын

Thank you for those edge cases ❤

@bioburden 3 ай бұрын

The initial diagram you showed with the user going directly to Supabase is incorrect. They will go through the REST API just like your site and just like any REST API in the world that doesn't require auth.

@chensokheng6700 3 ай бұрын

Yes I missed the rest API label on the arrow from user to supabase 😅

@Muyiwamighty 10 ай бұрын

Good video, makes alot of sense

@Nomoflatland 11 ай бұрын

They could just add some allowed urls to acces our supabase

@DailyWebCoding 11 ай бұрын

Hopefully they have this feature

@johnyap-r7o 8 ай бұрын

Nice info.. can u try self hosted supabase and review?

@4surajgo 11 ай бұрын

Nice video man. Just one question is there a way in supabase to check if a user is already registered with an email. When sign up using email and password. I checked every where couldn't find it. WOuld appreciate if you could help on this query

@NiznArtworks 11 ай бұрын

What do you need it for? Pretty sure the signUp function throws an error if you try to sign up with an existing email

@4surajgo 11 ай бұрын

@@NiznArtworks Unfortunately it does not i am using the new ssr package it does not throw error and as the auth table cannot be read from unauthenticated users it always sends a 201 response but does not create a new user in the auth.users supabase table with the same email

@NiznArtworks 11 ай бұрын

@@4surajgo You're right, signing up with the same email actually returns a response which looks like a successfull sign up. I think this changed, it used to throw an error. However, it's considered a security issue if you show the User, that there's already an account registered to that Email. Because then someone could check if certain accounts with certain emails exist and try to bruteforce the password for example. But i do think that supabase should throw a generic error in that case, otherwise there's no way to handle that in the frontend

@NiznArtworks 11 ай бұрын

@@4surajgo Supabase not returning an error is intended behaviour because of security concerns. But the User Data returned by the signUp function is actually not real data. So after calling the signUp function you can use the supabase.auth.admin.getUserById function to check if the user exists or not. If it does not exist, no user has been created and you can show an error in your UI. But i still wouldn't recommend to tell the user, that an account with that email already exists. Also keep in mind that you need a supabase client created with the service key to have access to the supabase.auth.admin functions. So dont expose this to the frontend