Nice man. That's why in nextjs i run all my supabase code from a "use server" file so the code always gets executed from the server (without using service key). But I'm going to make sure from this video that even if the db url ever did get exposed - they don't mess with it. Thanks
Lol. That's the same for every single service deployed. If your user has the things needed for Auth, he can do whatever he is allowed to do. If you are worried, make sure to set the correct policies..
The initial diagram you showed with the user going directly to Supabase is incorrect. They will go through the REST API just like your site and just like any REST API in the world that doesn't require auth.
Nice video man. Just one question is there a way in supabase to check if a user is already registered with an email. When sign up using email and password. I checked every where couldn't find it. WOuld appreciate if you could help on this query
@@NiznArtworks Unfortunately it does not i am using the new ssr package it does not throw error and as the auth table cannot be read from unauthenticated users it always sends a 201 response but does not create a new user in the auth.users supabase table with the same email
@@4surajgo You're right, signing up with the same email actually returns a response which looks like a successfull sign up. I think this changed, it used to throw an error. However, it's considered a security issue if you show the User, that there's already an account registered to that Email. Because then someone could check if certain accounts with certain emails exist and try to bruteforce the password for example. But i do think that supabase should throw a generic error in that case, otherwise there's no way to handle that in the frontend
@@4surajgo Supabase not returning an error is intended behaviour because of security concerns. But the User Data returned by the signUp function is actually not real data. So after calling the signUp function you can use the supabase.auth.admin.getUserById function to check if the user exists or not. If it does not exist, no user has been created and you can show an error in your UI. But i still wouldn't recommend to tell the user, that an account with that email already exists. Also keep in mind that you need a supabase client created with the service key to have access to the supabase.auth.admin functions. So dont expose this to the frontend
Nice man.
That's why in nextjs i run all my supabase code from a "use server" file so the code always gets executed from the server (without using service key). But I'm going to make sure from this video that even if the db url ever did get exposed - they don't mess with it. Thanks
Lol. That's the same for every single service deployed. If your user has the things needed for Auth, he can do whatever he is allowed to do. If you are worried, make sure to set the correct policies..
Thank for the summary the video 🙂.
bro,i have doubt, is someone know my supabase key,is it enough to access the supabase project,and the database??
Thank you for those edge cases ❤
The initial diagram you showed with the user going directly to Supabase is incorrect. They will go through the REST API just like your site and just like any REST API in the world that doesn't require auth.
Yes I missed the rest API label on the arrow from user to supabase 😅
They could just add some allowed urls to acces our supabase
Hopefully they have this feature
Good video, makes alot of sense
Nice info.. can u try self hosted supabase and review?
Nice video man.
Just one question is there a way in supabase to check if a user is already registered with an email. When sign up using email and password.
I checked every where couldn't find it.
WOuld appreciate if you could help on this query
What do you need it for? Pretty sure the signUp function throws an error if you try to sign up with an existing email
@@NiznArtworks Unfortunately it does not i am using the new ssr package it does not throw error and as the auth table cannot be read from unauthenticated users it always sends a 201 response but does not create a
new user in the auth.users supabase table with the same email
@@4surajgo You're right, signing up with the same email actually returns a response which looks like a successfull sign up. I think this changed, it used to throw an error. However, it's considered a security issue if you show the User, that there's already an account registered to that Email. Because then someone could check if certain accounts with certain emails exist and try to bruteforce the password for example. But i do think that supabase should throw a generic error in that case, otherwise there's no way to handle that in the frontend
@@4surajgo Supabase not returning an error is intended behaviour because of security concerns. But the User Data returned by the signUp function is actually not real data. So after calling the signUp function you can use the supabase.auth.admin.getUserById function to check if the user exists or not. If it does not exist, no user has been created and you can show an error in your UI. But i still wouldn't recommend to tell the user, that an account with that email already exists. Also keep in mind that you need a supabase client created with the service key to have access to the supabase.auth.admin functions. So dont expose this to the frontend
these policies should be set automatically on any table creation
By default the policy is enabled. But you have to setup otherwise no one can do anything actions to your table
Very good video 💚🖤
Thank you 😁
Lmao literally the same with every backend/api/database out there - stop acting like you know what ur talking about
I don’t get it. Did I say it is different?? Have you watch the video ?? Do you get my message from the video ?? If no should watch again. Lol
bro,i have doubt, is someone know my supabase key,is it enough to access the supabase project,and the database??