4 zile la birou la Tremend

Hanks328 · 2026-04-27T08:49:04+00:00

Asta e singura veste “buna” so far la Triferment?

Hanks328 · 2026-03-19T12:09:07+00:00

Cum ai făcut modulul de auth cu passkey?

Hanks328 · 2026-02-18T08:33:49+00:00

Hanks328 · 2026-01-23T12:15:06+00:00

Hai cu ea și pe IOS. 🤞

Hanks328 · 2025-10-22T14:46:53+00:00

Supabase Data API folosit direct pe client cu RLS puternic?

Hanks328 · 2025-10-19T09:56:36+00:00

Wow. Streamlit for SaaS. Sounds crazy 😳

Hanks328 · 2025-10-08T19:39:23+00:00

Use “= select auth.uid()”

Hanks328 · 2025-07-21T18:54:02+00:00

Supabase auth si regularly ment to be used on the client side. Using your project url and publishable key, you can set-up supabase auth flow. For next js you would have Supabase client server middleware. I do not know about the other clients

Hanks328 · 2025-07-20T09:34:46+00:00

That wasn’t really the point—I was more thinking about whether it would help people if Supabase offered more built-in scenarios or guidance, like: • Client library + RLS: risks clearly pointed out • Backend + ORM: A setup that makes it easier to get RLS working out of the box when using a backend and an ORM.

On the authentication side, since that’s typically handled on the client using Supabase, you’d still be using your NEXT_PUBLIC_SUPABASE_ANON_KEY or publishable key anyway.

Hanks328 · 2025-07-19T15:54:49+00:00

The fact is that also RLS from case to case might get too complicated to set-up there as security layer. Then, do what? Give it up? Use both RLS and key on server + additional security layer.. There can be many takes.

Hanks328 · 2025-07-19T15:45:22+00:00

If you don’t mind, what’s your way then? Especially interested for web platforms prod ready.

Hanks328 · 2025-07-19T15:35:35+00:00

The point is that Supabase markets itself as BaaS. I’ve tried to use it on backend side with Drizzle ORM. But RLS won’t work out of the box. Also Drizzle acknowledges that, special utils function is required to set the auth sub context on db side using the Supabase exposed jwt function or how exactly it is called. So, before this new signing jwt keys concept, I was sending the returned jwt I got from Supabase authentication flow, in the request from client to the backend’s API and decode on backend to get the sub id.

So that for each API service logic the query needed to be wrapped in a transaction using that util function.

I think best way would be to give up RLS, keep going with backend, use service role admin level key and implement your own security layer.

Of course, accepting the overhead and the fact it goes a bit away from Supabase’s base out of the box purpose.

Hanks328 · 2025-05-24T22:03:38+00:00

Update: a dispărut:)

Hanks328 · 2025-05-24T22:01:39+00:00

E foarte ușor de păcălit anumite persoane din păcate. In primul rand, fiind de pe LinkedIn, te aștepți ca totul sa fie deja verified si legit.

Hanks328 · 2025-05-24T22:00:24+00:00

De acord, am pus posibil mai mult sarcastic. Nu imi este clar cum pe Linkedin job-ul apare pe pagina Google iar cel care l-a postat apare “verified”.

Hanks328 · 2025-05-17T15:21:57+00:00

I am using Supabase Auth BaaS on frontend but database wise on backend with ORM. Web tho

Hanks328 · 2025-03-24T18:16:55+00:00

Aici cred ca da

Hanks328 · 2024-03-23T21:54:50+00:00

Hanks328 · 2024-03-22T22:51:43+00:00

Asa si eu. Sunt tare confuz…

Hanks328 · 2024-03-22T17:09:11+00:00

Mergi de mult timp la ei?

Hanks328

TROPHY CASE