You need to aware of this about Supabase

Рет қаралды 4,298

6 ай бұрын

In this video I am going to talk about thing that you should know if you are using supabase.
Doc: app.eraser.io/workspace/F1twP...
Support the channel : 🙏🌸
- donate 🌻: / dailywebcoding
Follow me: 👇
- Discord: / discord
- Github: github.com/Chensokheng

Пікірлер: 23

@abdullahislam 6 ай бұрын

Nice man. That's why in nextjs i run all my supabase code from a "use server" file so the code always gets executed from the server (without using service key). But I'm going to make sure from this video that even if the db url ever did get exposed - they don't mess with it. Thanks

@dave-7117 6 ай бұрын

Lol. That's the same for every single service deployed. If your user has the things needed for Auth, he can do whatever he is allowed to do. If you are worried, make sure to set the correct policies..

@DailyWebCoding 6 ай бұрын

Thank for the summary the video 🙂.

@raheemudheen6384 3 ай бұрын

bro,i have doubt, is someone know my supabase key,is it enough to access the supabase project,and the database??

@user-yx7gm6jq2l 4 ай бұрын

Nice info.. can u try self hosted supabase and review?

@AlimamiHD 3 ай бұрын

Thank you for those edge cases ❤

@muyiwajohnson6486 5 ай бұрын

Good video, makes alot of sense

@henriqueramos9576 6 ай бұрын

They could just add some allowed urls to acces our supabase

@DailyWebCoding 6 ай бұрын

Hopefully they have this feature

@4surajgo 6 ай бұрын

Nice video man. Just one question is there a way in supabase to check if a user is already registered with an email. When sign up using email and password. I checked every where couldn't find it. WOuld appreciate if you could help on this query

@NiznArtworks 6 ай бұрын

What do you need it for? Pretty sure the signUp function throws an error if you try to sign up with an existing email

@4surajgo 6 ай бұрын

@@NiznArtworks Unfortunately it does not i am using the new ssr package it does not throw error and as the auth table cannot be read from unauthenticated users it always sends a 201 response but does not create a new user in the auth.users supabase table with the same email

@NiznArtworks 6 ай бұрын

@@4surajgo You're right, signing up with the same email actually returns a response which looks like a successfull sign up. I think this changed, it used to throw an error. However, it's considered a security issue if you show the User, that there's already an account registered to that Email. Because then someone could check if certain accounts with certain emails exist and try to bruteforce the password for example. But i do think that supabase should throw a generic error in that case, otherwise there's no way to handle that in the frontend

@NiznArtworks 6 ай бұрын

@@4surajgo Supabase not returning an error is intended behaviour because of security concerns. But the User Data returned by the signUp function is actually not real data. So after calling the signUp function you can use the supabase.auth.admin.getUserById function to check if the user exists or not. If it does not exist, no user has been created and you can show an error in your UI. But i still wouldn't recommend to tell the user, that an account with that email already exists. Also keep in mind that you need a supabase client created with the service key to have access to the supabase.auth.admin functions. So dont expose this to the frontend