book

Building Production-Grade Web Applications with Supabase

Name: Building Production-Grade Web Applications with Supabase
Author: David Lorenz
ISBN: 9781837630684

by David Lorenz

August 2024

Intermediate to advanced

534 pages

13h 12m

English

Packt Publishing

Read now

Unlock full access

Building Production-Grade Web Applications with Supabase
ForewordContributorsAbout the authorAbout the reviewers
Preface
Who this book is forWhat this book coversTo get the most out of this bookDownload the example code filesConventions usedGet in touchJoin Us on DiscordShare Your ThoughtsDownload a free PDF copy of this book
Part 1:Creating the Foundations of the Ticket System App
Chapter 1: Unveiling the Inner Workings of Supabase and Introducing the Book’s Project
Technical requirements (and some preamble)Understanding why Supabase is the stack you wantDemystifying the inner workings of Supabase with PostgresAccess logic within a routeAccess logic as a central serviceHow Supabase handles access controlHow the access system works under the hoodSupabase Studio – the convenient web dashboardSupabase Auth (GoTrue) – the authentication handlerPostgREST – a REST and GraphQL API for your databaseRealtime – elevating the user experienceStorage – simple and scalable object storageImage Proxy – helping to transform images on the flyEdge Functions – completing the optimization stackpg-meta – an internal helper service for the databaseKong – the overarching service orchestratorIntroducing the production-grade ticket system projectSummary
Chapter 2: Setting Up Supabase with Next.js
Technical requirementsGetting ready with Next.jsInstalling the Supabase CLIRunning your first Supabase instance on your machineInitializing a new local Supabase instanceStarting your first Supabase instanceManaging multiple local Supabase instancesOption 1 – the start-stop techniqueOption 2 – change portsConnecting to Supabase with the Supabase JavaScript clientInitializing and testing the base Supabase JavaScript client within Next.jsUnderstanding the base Supabase clientUsing the Supabase client with Pages Router and App RouterConnecting directly to the databaseUsing Supabase with TypeScriptConnecting Supabase to other frameworksNuxt 3PythonSummary
Chapter 3: Creating the Ticket Management Pages, Layout, and Components
Technical requirementsSetting up Pico.css with Next.jsBuilding the login formVisualizing the Ticket Management UICreating a shared UI layout with navigation elementsDesigning the Ticket List pageConstructing the Ticket Details pageAdding the comments section to the ticket detailsImplementing a page to create a new ticketImplementing a user overviewEnhancing the navigation componentSummary
Part 2: Adding Multi-Tenancy and Learning RLS
Chapter 4: Adding Authentication and Application Protection
Technical requirementsAdding authentication protection with SupabaseCreating usersPreparing the middleware for authenticationImplementing the login functionality in our appProtecting access to the Ticket Management systemAdding a log out buttonLogging out using the frontendLogging out using the backendUnderstanding server authenticationEnhancing the password loginAuthenticating with magic linksSending magic links with signInWithOtp() on the frontendWhy I usually don’t use signInWithOtp()Understanding a server-only magic link flowImplementing a server-only magic link flow with custom email contentAdding password recoveryLearning about the Site URL and redirect URLsHow to configure site and redirect URLsOptional knowledge: adapting built-in templatesSummary
Chapter 5: Crafting Multi-Tenancy through Database and App Design
Technical requirementsWhat kind of multi-tenancy do we need?Designing the database for multi-tenancyPlanning our databaseCreating the tenants tableDesigning the users tableDesigning the permission structureCommitting your database state (if you don’t seed it, you lose it)Making our Next.js application tenant-awareEnhancing the middleware to safeguard dynamic routesFixing all static routes in the applicationMaking the login tenant-basedSummary
Chapter 6: Enforcing Tenant Permissions with RLS and Handling Tenant Domains
Technical requirementsLearning to work with RLSFetching tenant data with the restrictive Supabase clientDefining RLS policies to access tenants based on permissionsCreating a permission-based RLS policyUnderstanding and solving RLS implicationsShrinking RLS policies based on the implicationsLearning about RLS implicationsMinimizing RLS complexity with custom claimsExtending app_metadata with tenant permissionsKeeping custom claims in sync with the table dataMaking the authentication process tenant-basedPreventing password login on a foreign tenantPreventing the magic link login for foreign tenantsRejecting to visit invalid and forbidden tenant URLs when signed inMatching a tenant per domain instead of per pathAdding custom domains via the hosts fileMapping domains in our applicationBringing back localhost with mapped domainsSummary

Chapter 7: Adding Tenant-Based Signups, including Google Login
Technical requirementsUnderstanding the impact of disabling signupsDisabling signups generallyDisabling specific signup methodsImplementing the registration pageProcessing the registration with a Route HandlerReading and validating the form dataRejecting registrationHandling account creationAdding the service user and permission rowsSending the activation emailRedirecting the user to a success pageEnabling OAuth/Sign-in with GoogleObtaining Google OAuth credentialsConfiguring our Supabase instance with the OAuth credentialsAdding a “Sign in with Google” option triggering the OAuth processSolving the crypto/HTTPS security problemBuilding a verification route to finalize the registrationDealing with invalid user registrationSummary
Part 3: Managing Tickets and Interactions
Chapter 8: Implementing Dynamic Ticket Management
Technical requirementsCreating the tickets table in the databaseCreating tickets and using triggersImplementing the ticket creation logicUsing triggers to derive and set the user IDImproving loading behavior after adding a ticketEnforcing checks on the database columnsViewing the ticket detailsCaching the author’s name with a triggerImproving the date and status viewListing and filtering ticketsEnabling pagingSorting ticketsCreating a ticket filterDeleting ticketsSummary
Chapter 9: Creating a User List with RPCs and Setting Ticket Assignees
Technical requirementsAdding a user list with an RPCEnsuring there are enough users to testEnhancing the table structureFetching the users with an RPCUsing the function with an RPCAllowing the setting and editing of an assignee to a ticketAdding assignee columns in the tickets tableCreating the trigger function to cache the nameAdding an assignee at ticket creationShowing the assignee in the detailsUpdating the assigneeSummary
Chapter 10: Enhancing Interactivity with Realtime Comments
Technical requirementsCreating the comments tableAdding a trigger to set the tenant automaticallyAdding and optimizing RLS policiesCreating RLS helper functionsCreating the policiesImplementing comment creationListing existing comments from the serverImplementing Realtime commentsEnabling Realtime and subscribing to itUpdating the UI with Realtime dataTriggering impersonated real-time updates with the Table EditorEmbracing additional Realtime insights and learning about potential pitfallsSummary
Chapter 11: Adding, Securing, and Serving File Uploads with Supabase Storage
Technical requirementsCreating and understanding Storage bucketsExamining public bucketsExploring files within a bucket programmaticallyLearning how a basic RLS policy can be added to your bucketUnderstanding private buckets and revising our bucket choiceChoosing a private or a public bucket?Enabling the addition of comments with file attachmentsPreparing the UI with file upload possibilityUploading files to storageConnecting uploaded files with the written commentShowing the connected filesServing image attachments directly in the UIUsing Image TransformationsBuilding a pseudo-CDN for private bucketsUsing the pseudo-CDN inside our UIWriting RLS policies directly on buckets and objects tableDiving into advanced storage restrictionsSummary
Part 4: Diving Deeper into Security and Advanced Features
Chapter 12: Avoiding Unwanted Data Manipulation and Undisclosed Exposures
Technical requirementsUnderstanding PostgREST’s OpenAPI Schema exposurePreventing schema exposureRemoving schemas from usage via APISpecifically exposing a schema to the APIBeing careful with current_user usage and understanding auth.role()Generating new Anonymous Keys, Service Role Keys, and database passwordsBenefiting from Supabase VaultCreating secrets in the Vault and reading themUsing the secret in the business logic/within your applicationUtilizing silent resets to avoid data manipulationEnabling column-level security/working with rolesUnderstanding security on views and manually created tablesChanging the max_rows configurationUnderstanding safe-guarded API updates or deletionAdding middleware inside Postgres for each API requestAdding middleware for PostgRESTUsing the Security AdvisorAllowing a listing of IPs for database connectionsEnforcing SSL on direct database connectionsSummary
Chapter 13: Adding Supabase Superpowers and Reviewing Production Hardening Tips
Technical requirementsMaking sense of search_pathComprehending search path in PostgresGrasping the importance of extra_search_pathFamiliarizing yourself with database extensionsInstalling an extension in the default extensions schemaInstalling extensions in their own schemaUsing the programmatic installation of extensions versus using the UIAdding an AI-based semantic ticket searchDeciding on an embeddings providerCreating the embeddings column in the tableCreating embeddings with OpenAIComparing embeddings to find matching search resultsUsing anonymous sign-insTransforming external APIs into tables with foreign data wrappersUsing webhooksCreating webhooks with dynamic URLs per environmentUnderstanding Edge FunctionsUnderstanding when to use Edge FunctionsCreating an Edge Function that runs for new rowsTriggering the Edge FunctionUsing cronjobs to notify about due ticketsUsing pg_jsonschema for JSON data integrityTesting the database with pgTAPSetting the auth.storageKey to avoid migration problemsExtending supabase.ts with custom typingsImproving RLS and query performanceIdentifying database performance problems and bloatWorking with complex table joinsReviewing the underestimated benefit of using an external database clientUnderstanding migrationsUtilizing database branchingDisabling GraphQL or PostgREST (if you don’t need it)Using a dead-end built-in mailing setupRetrieving table data with the REST API and cURLSummary
Index
Why subscribe?
Other Books You May EnjoyPackt is searching for authors like youShare Your ThoughtsDownload a free PDF copy of this book

Content preview from Building Production-Grade Web Applications with Supabase

6 Enforcing Tenant Permissions with RLS and Handling Tenant Domains

In the previous chapter, you made your Next.js application tenant-aware and implemented the necessary database structure for multi-tenancy. However, we cannot consider it tenant-based yet as the application isn’t loading any specific tenant data or checking user-to-tenant permissions – it’s just that the structure allows multi-tenancy.

Gear up to bring the application to another level as you’ll make the application tenant-based in this chapter. Here, you’ll explore the implementation of row-level security (RLS) policies for simple and secure access to user-bound data, as well as navigate the nuances of RLS dependencies, refine your policies, and introduce custom claims for a ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 9781837630684

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

Building Production-Grade Web Applications with Supabase

by David Lorenz

6

Enforcing Tenant Permissions with RLS and Handling Tenant Domains

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.