Forem: Rodrigo Mansueli The latest articles on Forem by Rodrigo Mansueli (@mansueli). https://forem.com/mansueli https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F1026086%2F7e28277d-e59f-49af-8807-b334888a8c75.png Forem: Rodrigo Mansueli https://forem.com/mansueli en Secure Your Supabase Auth with email_guard Rodrigo Mansueli Fri, 31 Oct 2025 11:16:27 +0000 https://forem.com/supabase/secure-your-supabase-auth-with-emailguard-3mam https://forem.com/supabase/secure-your-supabase-auth-with-emailguard-3mam <p>Building a secure authentication system is not just about strong passwords. It starts with checking the quality of user signups in your <a href="http://supabase.com/" rel="noopener noreferrer">Supabase.com</a> project. Disposable email addresses often lead to spam accounts, abuse, and fake users that fill up your database. Also, Gmail's flexible rules (like dots and <code>+tags</code>) let people make many accounts from one email.</p> <p>Meet <strong>email_guard</strong>, a Trusted Language Extension (TLE) for PostgreSQL. It works well with Supabase Auth hooks to:</p> <ul> <li> <strong>Block disposable email domains</strong> with a big, auto-updated list.</li> <li> <strong>Normalize Gmail addresses</strong> to stop duplicate signups (by removing dots and <code>+tags</code>).</li> <li> <strong>Offer easy installation</strong> that fits in any schema.</li> </ul> <p>When you use this with Supabase's own security tools, like <a href="https://supabase.com/docs/guides/auth/passwords" rel="noopener noreferrer">leaked password protection</a>, you build strong protection against bad signups and abuse.</p> <h2> Why You Need email_guard for Supabase Authentication Security </h2> <h3> The Problem: Disposable Emails and Gmail Tricks </h3> <p><strong>Disposable email services</strong> (like mailinator.com or guerrillamail.com) let anyone make short-term emails. These are good for tests, but often used to:</p> <ul> <li>Make spam or bot accounts.</li> <li>Skip limits on trials or rates.</li> <li>Avoid bans by making new accounts fast.</li> </ul> <p><strong>Gmail addressing quirks</strong> are tricky too. These all go to the same inbox:</p> <ul> <li><code>john.doe@gmail.com</code></li> <li><code>j.o.h.n.d.o.e@gmail.com</code></li> <li><code>johndoe+promo@gmail.com</code></li> <li><code>johndoe+whatever@gmail.com</code></li> </ul> <p>Without fixing this, a user can make many accounts by adding dots or <code>+tags</code>. This breaks rules for one account per person and can cheat referral programs or trials.</p> <h3> The Solution: Smart Email Validation at Signup in Supabase </h3> <p>The <code>email_guard</code> TLE gives you:</p> <ol> <li> <strong>A blocklist for disposable domains</strong> with over 20,000 known ones (updated weekly).</li> <li> <strong>Gmail normalization</strong> that removes dots and <code>+tags</code>, and sets the domain to <code>gmail.com</code>.</li> <li> <strong>A helper for Supabase Auth hooks</strong> that checks before creating a user.</li> </ol> <p>All this runs in PostgreSQL, so it is fast, safe, and clear. For more on Supabase auth, see the <a href="https://supabase.com/docs/guides/auth" rel="noopener noreferrer">Supabase Auth docs</a>.</p> <h2> Understanding Trusted Language Extensions (TLE) in Supabase </h2> <p>Before installation, let's quickly explain what a Trusted Language Extension is and why it helps.</p> <h3> What is a TLE? </h3> <p>A <strong>Trusted Language Extension (TLE)</strong> is a PostgreSQL add-on written in a safe language (like PL/pgSQL or PL/Python). You can install it without special admin rights. This is key for hosted setups like Supabase, where you lack full access.</p> <p>TLEs come from <a href="https://database.dev" rel="noopener noreferrer">database.dev</a>, the package manager for PostgreSQL. This makes them:</p> <ul> <li> <strong>Easy to install</strong> with the Supabase CLI.</li> <li> <strong>Version-controlled</strong> for safe updates.</li> <li> <strong>Flexible</strong> to place in any schema.</li> <li> <strong>Safe for production</strong>.</li> </ul> <p>Learn more in Supabase's <a href="https://supabase.com/blog/pg-tle" rel="noopener noreferrer">Trusted Language Extensions for Postgres blog post</a> or the <a href="https://supabase.com/docs/guides/database/extensions" rel="noopener noreferrer">extensions docs</a>.</p> <h3> Why Use TLEs for Security in Supabase? </h3> <p>With security logic in a TLE:</p> <ul> <li> <strong>It runs in the database</strong>, near your data.</li> <li> <strong>It stays the same</strong> for all apps and calls.</li> <li> <strong>You can check it</strong> with version history.</li> <li> <strong>It cannot be skipped</strong> by app code.</li> </ul> <p>This is great for auth checks, data rules, and policies.</p> <h2> Step 1: Installing the TLE Infrastructure on Supabase </h2> <p>Before adding <code>email_guard</code>, set up the <code>pg_tle</code> extension (already on Supabase) and the <code>dbdev</code> tool for easy install.</p> <h3> A. Set Up dbdev and Supabase CLI (If Needed) </h3> <p>If not done yet:</p> <ol> <li> <strong>Install dbdev CLI</strong>: Follow the <a href="https://supabase.github.io/dbdev/getting-started/" rel="noopener noreferrer">dbdev getting started guide</a>.</li> <li> <strong>Install Supabase CLI</strong>: Check the <a href="https://supabase.com/docs/guides/cli" rel="noopener noreferrer">Supabase CLI docs</a>.</li> <li> <strong>Link your project</strong>: Run <code>supabase link</code> to connect to your Supabase database.</li> </ol> <p>Supabase has <code>pg_tle</code> ready, so create it:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">CREATE</span> <span class="n">EXTENSION</span> <span class="n">IF</span> <span class="k">NOT</span> <span class="k">EXISTS</span> <span class="n">pg_tle</span><span class="p">;</span> </code></pre> </div> <h3> B. Generate the Migration with dbdev </h3> <p>Use dbdev to get the latest <code>email_guard</code> (version 0.3.1 or newer) in your migrations:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>dbdev add <span class="se">\</span> <span class="nt">-o</span> ./supabase/migrations/ <span class="se">\</span> <span class="nt">-v</span> 0.3.1 <span class="se">\</span> <span class="nt">-s</span> extensions <span class="se">\</span> package <span class="se">\</span> <span class="nt">-n</span> mansueli@email_guard </code></pre> </div> <p><strong>What this does:</strong></p> <ul> <li>Makes a new migration file in <code>./supabase/migrations/</code>.</li> <li>Puts the extension in the <code>extensions</code> schema (good for Supabase).</li> <li>Uses version 0.3.1 (change for new versions).</li> </ul> <p>Adjust the <code>-o</code> path if your folder is different.</p> <h3> C. Apply the Migration </h3> <p>Push to your Supabase database:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>supabase db push </code></pre> </div> <p>Done! The extension is installed with the full blocklist.</p> <p>For more on managing extensions, see <a href="https://supabase.com/docs/guides/database/extensions" rel="noopener noreferrer">Supabase database extensions docs</a>.</p> <h2> Step 2: Understanding What You Just Installed </h2> <p>The <code>email_guard</code> extension adds objects in your schema (like <code>extensions</code>):</p> <h3> Table: disposable_email_domains </h3> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="c1">-- Holds over 20,000 disposable email domains</span> <span class="k">CREATE</span> <span class="k">TABLE</span> <span class="n">extensions</span><span class="p">.</span><span class="n">disposable_email_domains</span> <span class="p">(</span> <span class="k">domain</span> <span class="nb">text</span> <span class="k">PRIMARY</span> <span class="k">KEY</span><span class="p">,</span> <span class="k">CONSTRAINT</span> <span class="n">disposable_email_domains_domain_lowercase</span> <span class="k">CHECK</span> <span class="p">(</span><span class="k">domain</span> <span class="o">=</span> <span class="k">lower</span><span class="p">(</span><span class="k">domain</span><span class="p">))</span> <span class="p">);</span> </code></pre> </div> <p>It fills with domains like:</p> <ul> <li><code>mailinator.com</code></li> <li><code>guerrillamail.com</code></li> <li><code>10minutemail.com</code></li> <li>And many more.</li> </ul> <h3> Function: normalize_email(text) </h3> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="c1">-- Example: normalize_email('J.o.h.n.Doe+promo@gmail.com')</span> <span class="c1">-- Returns: 'johndoe@gmail.com'</span> <span class="k">SELECT</span> <span class="n">extensions</span><span class="p">.</span><span class="n">normalize_email</span><span class="p">(</span><span class="s1">'J.o.h.n.Doe+promo@gmail.com'</span><span class="p">);</span> </code></pre> </div> <p><strong>What it does:</strong></p> <ul> <li>Makes lowercase.</li> <li>For Gmail/Googlemail: <ul> <li>Removes dots from the start.</li> <li>Cuts after <code>+</code> (and the <code>+</code>).</li> <li>Sets domain to <code>gmail.com</code>.</li> </ul> </li> <li>For others: Just lowercase.</li> </ul> <h3> Function: is_disposable_email_domain(text) </h3> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="c1">-- Check if a domain is disposable</span> <span class="k">SELECT</span> <span class="n">extensions</span><span class="p">.</span><span class="n">is_disposable_email_domain</span><span class="p">(</span><span class="s1">'mailinator.com'</span><span class="p">);</span> <span class="c1">-- true</span> <span class="k">SELECT</span> <span class="n">extensions</span><span class="p">.</span><span class="n">is_disposable_email_domain</span><span class="p">(</span><span class="s1">'gmail.com'</span><span class="p">);</span> <span class="c1">-- false</span> </code></pre> </div> <p><strong>Smart check:</strong></p> <ul> <li>Looks at parent domains (e.g., <code>sub.mailinator.com</code> matches).</li> <li>Fast with index.</li> </ul> <h3> Function: is_disposable_email(text) </h3> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="c1">-- Easy check for full emails</span> <span class="k">SELECT</span> <span class="n">extensions</span><span class="p">.</span><span class="n">is_disposable_email</span><span class="p">(</span><span class="s1">'user@guerrillamail.com'</span><span class="p">);</span> <span class="c1">-- true</span> </code></pre> </div> <h3> Hook Helper: hook_prevent_disposable_and_enforce_gmail_uniqueness(jsonb) </h3> <p>This is the key part! For Supabase Auth hooks, it:</p> <ol> <li> <strong>Checks disposable domains</strong> → Sends 403 error if yes.</li> <li> <strong>Normalizes Gmail</strong> → Checks if the same normalized email exists.</li> <li> <strong>Sends 409 error</strong> if duplicate.</li> <li> <strong>Allows</strong> phone signups or non-email.</li> </ol> <h2> Step 3: Wire Up the Supabase Auth Hook for Email Validation </h2> <p>Now, connect it to signups.</p> <h3> Navigate to Auth Hooks in Dashboard </h3> <ol> <li>Go to your <a href="https://supabase.com/dashboard" rel="noopener noreferrer">Supabase Dashboard</a>.</li> <li>Pick your project.</li> <li>Go to <strong>Authentication</strong> → <strong>Hooks</strong>.</li> <li>Turn on <strong>Before User Created</strong>.</li> </ol> <h3> Configure the Hook </h3> <p>Pick:</p> <ul> <li> <strong>Hook Type</strong>: <code>Postgres Function</code>.</li> <li> <strong>Schema</strong>: <code>extensions</code> (or your choice).</li> <li> <strong>Function</strong>: <code>hook_prevent_disposable_and_enforce_gmail_uniqueness</code>.</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fcdn.hashnode.com%2Fres%2Fhashnode%2Fimage%2Fupload%2Fv1730300100000%2Fauth-hook-setup.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fcdn.hashnode.com%2Fres%2Fhashnode%2Fimage%2Fupload%2Fv1730300100000%2Fauth-hook-setup.png" alt="Supabase Auth Hook Configuration for email_guard" width="800" height="400"></a></p> <p>Done! The hook is on. See <a href="https://supabase.com/docs/guides/auth/auth-hooks" rel="noopener noreferrer">Supabase Auth Hooks docs</a> for details.</p> <h3> What Happens During Signup </h3> <p>When signing up, the hook checks first:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// Try with disposable email</span> <span class="nx">supabase</span><span class="p">.</span><span class="nx">auth</span><span class="p">.</span><span class="nf">signUp</span><span class="p">({</span> <span class="na">email</span><span class="p">:</span> <span class="dl">'</span><span class="s1">test@mailinator.com</span><span class="dl">'</span><span class="p">,</span> <span class="na">password</span><span class="p">:</span> <span class="dl">'</span><span class="s1">secure_password_123</span><span class="dl">'</span> <span class="p">})</span> <span class="c1">// ❌ Error: { message: "Disposable email addresses are not allowed", status: 403 }</span> <span class="c1">// Try with duplicate Gmail</span> <span class="c1">// If johndoe@gmail.com exists</span> <span class="nx">supabase</span><span class="p">.</span><span class="nx">auth</span><span class="p">.</span><span class="nf">signUp</span><span class="p">({</span> <span class="na">email</span><span class="p">:</span> <span class="dl">'</span><span class="s1">j.o.h.n.d.o.e+test@gmail.com</span><span class="dl">'</span><span class="p">,</span> <span class="na">password</span><span class="p">:</span> <span class="dl">'</span><span class="s1">secure_password_123</span><span class="dl">'</span> <span class="p">})</span> <span class="c1">// ❌ Error: { message: "A user with this normalized email already exists", status: 409 }</span> <span class="c1">// Valid email</span> <span class="nx">supabase</span><span class="p">.</span><span class="nx">auth</span><span class="p">.</span><span class="nf">signUp</span><span class="p">({</span> <span class="na">email</span><span class="p">:</span> <span class="dl">'</span><span class="s1">alice@example.com</span><span class="dl">'</span><span class="p">,</span> <span class="na">password</span><span class="p">:</span> <span class="dl">'</span><span class="s1">secure_password_123</span><span class="dl">'</span> <span class="p">})</span> <span class="c1">// ✅ User created</span> </code></pre> </div> <h2> Step 4: Testing Your email_guard Setup on Supabase </h2> <p>Check if it works.</p> <h3> Test 1: Check Disposable Email Detection </h3> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="c1">-- True</span> <span class="k">SELECT</span> <span class="n">extensions</span><span class="p">.</span><span class="n">is_disposable_email</span><span class="p">(</span><span class="s1">'user@mailinator.com'</span><span class="p">);</span> <span class="o">//</span> <span class="k">False</span> <span class="k">SELECT</span> <span class="n">extensions</span><span class="p">.</span><span class="n">is_disposable_email</span><span class="p">(</span><span class="s1">'user@gmail.com'</span><span class="p">);</span> </code></pre> </div> <h3> Test 2: Test Gmail Normalization </h3> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="c1">-- All return 'johndoe@gmail.com'</span> <span class="k">SELECT</span> <span class="n">extensions</span><span class="p">.</span><span class="n">normalize_email</span><span class="p">(</span><span class="s1">'John.Doe@gmail.com'</span><span class="p">);</span> <span class="k">SELECT</span> <span class="n">extensions</span><span class="p">.</span><span class="n">normalize_email</span><span class="p">(</span><span class="s1">'j.o.h.n.d.o.e@googlemail.com'</span><span class="p">);</span> <span class="k">SELECT</span> <span class="n">extensions</span><span class="p">.</span><span class="n">normalize_email</span><span class="p">(</span><span class="s1">'johndoe+promo@gmail.com'</span><span class="p">);</span> </code></pre> </div> <h3> Test 3: Simulate the Hook </h3> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="c1">-- Disposable reject</span> <span class="k">SELECT</span> <span class="n">extensions</span><span class="p">.</span><span class="n">hook_prevent_disposable_and_enforce_gmail_uniqueness</span><span class="p">(</span> <span class="s1">'{"user": {"email": "test@guerrillamail.com"}}'</span><span class="p">::</span><span class="n">jsonb</span> <span class="p">);</span> <span class="c1">-- Error: "Disposable email addresses are not allowed"</span> <span class="o">//</span> <span class="n">Gmail</span> <span class="n">duplicate</span> <span class="p">(</span><span class="k">after</span> <span class="n">adding</span> <span class="n">test</span> <span class="k">user</span><span class="p">)</span> <span class="k">SELECT</span> <span class="n">extensions</span><span class="p">.</span><span class="n">hook_prevent_disposable_and_enforce_gmail_uniqueness</span><span class="p">(</span> <span class="s1">'{"user": {"email": "j.o.h.n.d.o.e+test@gmail.com"}}'</span><span class="p">::</span><span class="n">jsonb</span> <span class="p">);</span> <span class="c1">-- Error: "A user with this normalized email already exists"</span> </code></pre> </div> <h2> Step 5: Combining with Supabase's Built-in Protections </h2> <p><code>email_guard</code> is stronger with Supabase features.</p> <h3> Leaked Password Protection </h3> <p>Supabase checks against <a href="https://haveibeenpwned.com/" rel="noopener noreferrer">HaveIBeenPwned</a>. Turn it on in <strong>Dashboard → Authentication → Password Protection</strong>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// Leaked password</span> <span class="nx">supabase</span><span class="p">.</span><span class="nx">auth</span><span class="p">.</span><span class="nf">signUp</span><span class="p">({</span> <span class="na">email</span><span class="p">:</span> <span class="dl">'</span><span class="s1">alice@example.com</span><span class="dl">'</span><span class="p">,</span> <span class="na">password</span><span class="p">:</span> <span class="dl">'</span><span class="s1">password123</span><span class="dl">'</span> <span class="c1">// Leaked</span> <span class="p">})</span> <span class="c1">// ❌ Error: { message: "Password has been leaked", status: 422 }</span> </code></pre> </div> <h2> Keeping the Blocklist Current in email_guard </h2> <p><code>email_guard</code> updates itself.</p> <h3> How Updates Work </h3> <p>A GitHub workflow:</p> <ol> <li> <strong>Runs every week</strong> (Mondays).</li> <li> <strong>Gets new list</strong> from <a href="https://github.com/disposable-email-domains/disposable-email-domains" rel="noopener noreferrer">disposable-email-domains repo</a>.</li> <li> <strong>Makes upgrade script</strong> if changed.</li> <li> <strong>Updates version</strong> (e.g., 0.3.1 to 0.3.2).</li> <li> <strong>Saves changes</strong> auto.</li> </ol> <h3> Upgrading to the Latest Version </h3> <p>For new version:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Make upgrade migration</span> dbdev add <span class="se">\</span> <span class="nt">-o</span> ./supabase/migrations/ <span class="se">\</span> <span class="nt">-v</span> 0.3.2 <span class="se">\ </span> <span class="c"># New</span> <span class="nt">-s</span> extensions <span class="se">\</span> package <span class="se">\</span> <span class="nt">-n</span> mansueli@email_guard <span class="c"># Apply</span> supabase db push </code></pre> </div> <p>It adds new domains and keeps data. Watch releases on <a href="https://github.com/mansueli/tle/tree/master/email_guard" rel="noopener noreferrer">GitHub repo</a>.</p> <h2> Advanced Usage &amp; Customization for Supabase email_guard </h2> <h3> Custom Domain Blocking </h3> <p>Block extra domains:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="c1">-- Add one</span> <span class="k">INSERT</span> <span class="k">INTO</span> <span class="n">extensions</span><span class="p">.</span><span class="n">disposable_email_domains</span> <span class="p">(</span><span class="k">domain</span><span class="p">)</span> <span class="k">VALUES</span> <span class="p">(</span><span class="s1">'suspicious-domain.com'</span><span class="p">)</span> <span class="k">ON</span> <span class="n">CONFLICT</span> <span class="k">DO</span> <span class="k">NOTHING</span><span class="p">;</span> <span class="c1">-- Remove one</span> <span class="k">DELETE</span> <span class="k">FROM</span> <span class="n">extensions</span><span class="p">.</span><span class="n">disposable_email_domains</span> <span class="k">WHERE</span> <span class="k">domain</span> <span class="o">=</span> <span class="s1">'some-domain.com'</span><span class="p">;</span> </code></pre> </div> <h3> Checking Existing Users </h3> <p>Audit users:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="c1">-- Find disposable</span> <span class="k">SELECT</span> <span class="n">id</span><span class="p">,</span> <span class="n">email</span> <span class="k">FROM</span> <span class="n">auth</span><span class="p">.</span><span class="n">users</span> <span class="k">WHERE</span> <span class="n">extensions</span><span class="p">.</span><span class="n">is_disposable_email</span><span class="p">(</span><span class="n">email</span><span class="p">);</span> <span class="c1">-- Find Gmail duplicates</span> <span class="k">WITH</span> <span class="n">normalized</span> <span class="k">AS</span> <span class="p">(</span> <span class="k">SELECT</span> <span class="n">id</span><span class="p">,</span> <span class="n">email</span><span class="p">,</span> <span class="n">extensions</span><span class="p">.</span><span class="n">normalize_email</span><span class="p">(</span><span class="n">email</span><span class="p">)</span> <span class="k">AS</span> <span class="n">normalized_email</span> <span class="k">FROM</span> <span class="n">auth</span><span class="p">.</span><span class="n">users</span> <span class="k">WHERE</span> <span class="n">email</span> <span class="k">ILIKE</span> <span class="s1">'%@gmail.com'</span> <span class="k">OR</span> <span class="n">email</span> <span class="k">ILIKE</span> <span class="s1">'%@googlemail.com'</span> <span class="p">)</span> <span class="k">SELECT</span> <span class="n">normalized_email</span><span class="p">,</span> <span class="n">array_agg</span><span class="p">(</span><span class="n">email</span><span class="p">)</span> <span class="k">AS</span> <span class="n">duplicate_emails</span><span class="p">,</span> <span class="k">count</span><span class="p">(</span><span class="o">*</span><span class="p">)</span> <span class="k">AS</span> <span class="n">duplicate_count</span> <span class="k">FROM</span> <span class="n">normalized</span> <span class="k">GROUP</span> <span class="k">BY</span> <span class="n">normalized_email</span> <span class="k">HAVING</span> <span class="k">count</span><span class="p">(</span><span class="o">*</span><span class="p">)</span> <span class="o">&gt;</span> <span class="mi">1</span><span class="p">;</span> </code></pre> </div> <h3> Custom Hook Logic </h3> <p>Make your own hook:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">CREATE</span> <span class="k">OR</span> <span class="k">REPLACE</span> <span class="k">FUNCTION</span> <span class="k">public</span><span class="p">.</span><span class="n">my_custom_signup_hook</span><span class="p">(</span><span class="n">event</span> <span class="n">jsonb</span><span class="p">)</span> <span class="k">RETURNS</span> <span class="n">jsonb</span> <span class="k">LANGUAGE</span> <span class="n">plpgsql</span> <span class="k">AS</span> <span class="err">$$</span> <span class="k">DECLARE</span> <span class="n">user_email</span> <span class="nb">text</span><span class="p">;</span> <span class="k">BEGIN</span> <span class="n">user_email</span> <span class="p">:</span><span class="o">=</span> <span class="n">event</span><span class="o">-&gt;</span><span class="s1">'user'</span><span class="o">-&gt;&gt;</span><span class="s1">'email'</span><span class="p">;</span> <span class="n">IF</span> <span class="n">extensions</span><span class="p">.</span><span class="n">is_disposable_email</span><span class="p">(</span><span class="n">user_email</span><span class="p">)</span> <span class="k">THEN</span> <span class="n">RAISE</span> <span class="n">EXCEPTION</span> <span class="s1">'Nice try! No disposable emails here.'</span> <span class="k">USING</span> <span class="n">HINT</span> <span class="o">=</span> <span class="s1">'Please use a permanent email address'</span><span class="p">,</span> <span class="n">ERRCODE</span> <span class="o">=</span> <span class="s1">'P0001'</span><span class="p">;</span> <span class="k">END</span> <span class="n">IF</span><span class="p">;</span> <span class="c1">-- Add custom rules</span> <span class="k">RETURN</span> <span class="n">event</span><span class="p">;</span> <span class="k">END</span><span class="p">;</span> <span class="err">$$</span><span class="p">;</span> </code></pre> </div> <h2> Performance Considerations for email_guard in Supabase </h2> <h3> Benchmarking </h3> <p>Functions are fast:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="c1">-- Domain check: ~0.1ms</span> <span class="k">SELECT</span> <span class="n">extensions</span><span class="p">.</span><span class="n">is_disposable_email_domain</span><span class="p">(</span><span class="s1">'mailinator.com'</span><span class="p">);</span> <span class="c1">-- Normalize: ~0.05ms</span> <span class="k">SELECT</span> <span class="n">extensions</span><span class="p">.</span><span class="n">normalize_email</span><span class="p">(</span><span class="s1">'j.o.h.n.d.o.e+test@gmail.com'</span><span class="p">);</span> <span class="c1">-- Full hook: ~1-2ms</span> </code></pre> </div> <h3> Index Optimization </h3> <p>Extension adds index on <code>auth.users(email)</code>. For big databases:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="c1">-- Partial index for Gmail</span> <span class="k">CREATE</span> <span class="k">INDEX</span> <span class="n">IF</span> <span class="k">NOT</span> <span class="k">EXISTS</span> <span class="n">users_gmail_normalized_idx</span> <span class="k">ON</span> <span class="n">auth</span><span class="p">.</span><span class="n">users</span> <span class="p">(</span><span class="n">extensions</span><span class="p">.</span><span class="n">normalize_email</span><span class="p">(</span><span class="n">email</span><span class="p">))</span> <span class="k">WHERE</span> <span class="n">email</span> <span class="k">ILIKE</span> <span class="s1">'%@gmail.com'</span> <span class="k">OR</span> <span class="n">email</span> <span class="k">ILIKE</span> <span class="s1">'%@googlemail.com'</span><span class="p">;</span> </code></pre> </div> <h2> Troubleshooting email_guard on Supabase </h2> <h3> Hook Not Triggering </h3> <p><strong>Check setup:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">SELECT</span> <span class="o">*</span> <span class="k">FROM</span> <span class="n">supabase_functions</span><span class="p">.</span><span class="n">hooks</span> <span class="k">WHERE</span> <span class="n">hook_name</span> <span class="o">=</span> <span class="s1">'before_user_created'</span><span class="p">;</span> </code></pre> </div> <p><strong>Check rights:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">GRANT</span> <span class="k">EXECUTE</span> <span class="k">ON</span> <span class="k">FUNCTION</span> <span class="n">extensions</span><span class="p">.</span><span class="n">hook_prevent_disposable_and_enforce_gmail_uniqueness</span><span class="p">(</span><span class="n">jsonb</span><span class="p">)</span> <span class="k">TO</span> <span class="n">supabase_auth_admin</span><span class="p">;</span> </code></pre> </div> <h3> False Positives </h3> <p>If wrong block:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">DELETE</span> <span class="k">FROM</span> <span class="n">extensions</span><span class="p">.</span><span class="n">disposable_email_domains</span> <span class="k">WHERE</span> <span class="k">domain</span> <span class="o">=</span> <span class="s1">'legitimate-domain.com'</span><span class="p">;</span> </code></pre> </div> <p>Report to <a href="https://github.com/disposable-email-domains/disposable-email-domains" rel="noopener noreferrer">blocklist repo</a>.</p> <h3> Migration Conflicts </h3> <p>Use different schema:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>dbdev add <span class="se">\</span> <span class="nt">-o</span> ./supabase/migrations/ <span class="se">\</span> <span class="nt">-v</span> 0.3.1 <span class="se">\</span> <span class="nt">-s</span> email_guard <span class="se">\</span> package <span class="se">\</span> <span class="nt">-n</span> mansueli@email_guard </code></pre> </div> <p>Update hook to <code>email_guard.hook_prevent_disposable_and_enforce_gmail_uniqueness</code>.</p> <h2> Security Best Practices for Supabase Authentication </h2> <h3> Defense in Depth </h3> <p>Add layers:</p> <ol> <li> <strong>Verify emails</strong>: Make users confirm.</li> <li> <strong>CAPTCHA</strong>: Use hCaptcha on forms.</li> <li> <strong>Rate limits</strong>: Stop many tries per IP.</li> <li> <strong>Review accounts</strong>: Flag odd patterns.</li> </ol> <h3> Monitoring </h3> <p>Track blocks:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">CREATE</span> <span class="k">TABLE</span> <span class="n">IF</span> <span class="k">NOT</span> <span class="k">EXISTS</span> <span class="n">blocked_signups</span> <span class="p">(</span> <span class="n">id</span> <span class="n">uuid</span> <span class="k">DEFAULT</span> <span class="n">gen_random_uuid</span><span class="p">()</span> <span class="k">PRIMARY</span> <span class="k">KEY</span><span class="p">,</span> <span class="n">email</span> <span class="nb">text</span> <span class="k">NOT</span> <span class="k">NULL</span><span class="p">,</span> <span class="n">reason</span> <span class="nb">text</span> <span class="k">NOT</span> <span class="k">NULL</span><span class="p">,</span> <span class="n">created_at</span> <span class="n">timestamptz</span> <span class="k">DEFAULT</span> <span class="n">now</span><span class="p">()</span> <span class="p">);</span> <span class="c1">-- Log in hook (add yourself)</span> </code></pre> </div> <h3> Privacy Considerations </h3> <ul> <li> <strong>Avoid logging full emails</strong>.</li> <li> <strong>Hash data</strong> for stats.</li> <li> <strong>Follow GDPR/CCPA</strong> for stored info.</li> </ul> <h2> Conclusion: Building a Secure Foundation with email_guard on Supabase </h2> <p>Authentication is the door to your app. Secure it with layers. The <code>email_guard</code> TLE gives a simple way to block disposable emails and stop Gmail duplicates in Supabase.</p> <p>With Supabase tools like leaked password checks, email verification, and rate limits, you get a strong system that:</p> <ul> <li>✅ <strong>Blocks bad signups</strong> auto.</li> <li>✅ <strong>Stops abuse</strong> without work.</li> <li>✅ <strong>Grows with your app</strong>.</li> <li>✅ <strong>Updates weekly</strong>.</li> </ul> <p>It runs in the database, so it is clear, checked, and hard to skip.</p> <h3> Next Steps </h3> <ol> <li> <strong>Install the extension</strong> as shown.</li> <li> <strong>Turn on the auth hook</strong> in dashboard.</li> <li> <strong>Test</strong> with disposable and Gmail tests.</li> <li> <strong>Watch logs</strong> for blocks.</li> <li> <strong>Update</strong> when new versions come.</li> </ol> <p>For more, see:</p> <ul> <li><a href="https://github.com/mansueli/tle/tree/master/email_guard" rel="noopener noreferrer">email_guard GitHub repository</a></li> <li><a href="https://supabase.com/docs/guides/auth/auth-hooks" rel="noopener noreferrer">Supabase Auth Hooks documentation</a></li> <li><a href="https://supabase.com/blog/pg-tle" rel="noopener noreferrer">Trusted Language Extensions blog post</a></li> <li><a href="https://database.dev" rel="noopener noreferrer">database.dev package registry</a></li> </ul> <p>Check my previous posts: <a href="https://blog.mansueli.com/building-user-authentication-with-username-and-password-using-supabase" rel="noopener noreferrer">Building User Authentication with Username and Password Using Supabase</a> and <a href="https://blog.mansueli.com/streamlining-postgresql-function-management-with-supabase" rel="noopener noreferrer">Streamlining PostgreSQL Function Management with Supabase</a>.</p> supabase postgres auth security Building Secure API Key Management with Supabase, KSUID & PostgreSQL Rodrigo Mansueli Thu, 21 Aug 2025 15:39:25 +0000 https://forem.com/supabase/building-secure-api-key-management-with-supabase-ksuid-postgresql-inj https://forem.com/supabase/building-secure-api-key-management-with-supabase-ksuid-postgresql-inj <p>Managing API keys seems easy at first, but it involves many choices. You need keys that are secure, fast to check, easy to use, and simple to sort. This guide shows how to build secure API key management with <a href="http://supabase.com/" rel="noopener noreferrer">Supabase.com</a>. We use PostgreSQL and KSUID to meet these needs.</p> <p>In this post, you will learn a simple pattern with Supabase, PostgreSQL, and KSUID (via the pg_idkit extension). By the end, you get SQL code to add to your database. You also get workflows to create, check, and list API keys. This setup is optimized for Supabase users, with tips on the Supabase CLI and JavaScript client. It helps with secure API key management in Supabase.</p> <p>For more on secrets in Supabase, see previous posts on <a href="https://supabase.com/blog/supabase-vault" rel="noopener noreferrer">Supabase Vault</a>. If you work with PostgreSQL extensions, check out <a href="https://supabase.com/blog/pg-tle" rel="noopener noreferrer">Trusted Language Extensions for Postgres</a> which is used on this blog post.</p> <h2> Overview: A Simple Way to Manage API Keys </h2> <p>We make API keys that look like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>[KSUID][SECRET] </code></pre> </div> <ul> <li>The KSUID is a short ID that sorts by time. We use it as the row ID.</li> <li>The SECRET is a random string shown once to the user.</li> <li>In the database, we store: <ul> <li>The KSUID (as id),</li> <li>A salted hash of the secret,</li> <li>A random salt,</li> <li>The last 4 characters for the dashboard,</li> <li>The client_id (UUID) to link to a Supabase user (see <a href="https://supabase.com/docs/guides/auth" rel="noopener noreferrer">Supabase Auth docs</a>),</li> <li>And a name for the key label.</li> </ul> </li> </ul> <p>To check a key: Split it into KSUID and secret. Find the row by KSUID (fast with index). Compute the hash and compare. This is quick: one lookup and one hash.</p> <p>This method keeps your Supabase API key management secure and efficient.</p> <h2> Step 1: Install pg_idkit Extension with dbdev and Supabase CLI </h2> <p>The pg_idkit extension gives KSUID functions like gen_random_ksuid_microsecond(). We install it as a Trusted Language Extension (TLE) using dbdev CLI to generate a migration. Then, use Supabase CLI to apply it. This fits well with Supabase workflows for installing PostgreSQL extensions in Supabase.</p> <h3> A. Set Up dbdev and Supabase CLI </h3> <p>If you do not have dbdev CLI, install it. Follow the <a href="https://supabase.github.io/dbdev/getting-started/" rel="noopener noreferrer">dbdev installation docs</a>. For Supabase CLI, see the <a href="https://supabase.com/docs/guides/cli" rel="noopener noreferrer">Supabase CLI docs</a>. Link your local project to your Supabase database.</p> <p>Note: On Supabase, the pg_tle extension is already installed. This meets the prerequisite.</p> <h3> B. Generate Migration File with dbdev </h3> <p>Run this command to create a migration file for pg_idkit version 0.0.4 in the extensions schema:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>dbdev add <span class="nt">-o</span> <span class="s2">"./supabase/migrations/"</span> <span class="nt">-v</span> 0.0.4 <span class="nt">-s</span> extensions package <span class="nt">-n</span> kiwicopple@pg_idkit </code></pre> </div> <ul> <li>This makes a SQL file in your migrations folder.</li> <li>Adjust the path if your migrations folder is different.</li> </ul> <p>For more details, see the <a href="https://supabase.github.io/dbdev/install-a-package/" rel="noopener noreferrer">dbdev install a package docs</a>.</p> <h3> C. Apply the Migration with Supabase CLI </h3> <p>Push the migration to your Supabase database:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>supabase db push </code></pre> </div> <p>This applies the extension. Now you can use functions like:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">SELECT</span> <span class="n">gen_random_ksuid_microsecond</span><span class="p">();</span> </code></pre> </div> <p>For more on extensions, see <a href="https://supabase.com/docs/guides/database/extensions" rel="noopener noreferrer">Supabase Database Extensions docs</a>.</p> <h2> Step 2: Set Up the Table Schema </h2> <p>Use this SQL in your Supabase SQL editor or a migration file. It creates the api_keys table with KSUID as the primary key.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">CREATE</span> <span class="n">EXTENSION</span> <span class="n">IF</span> <span class="k">NOT</span> <span class="k">EXISTS</span> <span class="n">pgcrypto</span><span class="p">;</span> <span class="k">CREATE</span> <span class="k">TABLE</span> <span class="n">api_keys</span> <span class="p">(</span> <span class="n">id</span> <span class="nb">TEXT</span> <span class="k">PRIMARY</span> <span class="k">KEY</span> <span class="k">DEFAULT</span> <span class="n">gen_random_ksuid_microsecond</span><span class="p">(),</span> <span class="c1">-- KSUID as ID (27 chars)</span> <span class="n">client_id</span> <span class="n">UUID</span> <span class="k">NOT</span> <span class="k">NULL</span> <span class="k">REFERENCES</span> <span class="n">auth</span><span class="p">.</span><span class="n">users</span><span class="p">(</span><span class="n">id</span><span class="p">)</span> <span class="k">ON</span> <span class="k">DELETE</span> <span class="k">CASCADE</span><span class="p">,</span> <span class="n">name</span> <span class="nb">TEXT</span> <span class="k">NOT</span> <span class="k">NULL</span><span class="p">,</span> <span class="c1">-- user label</span> <span class="n">secret_hash</span> <span class="n">BYTEA</span> <span class="k">NOT</span> <span class="k">NULL</span><span class="p">,</span> <span class="c1">-- digest(secret || salt)</span> <span class="n">salt</span> <span class="n">BYTEA</span> <span class="k">NOT</span> <span class="k">NULL</span> <span class="k">DEFAULT</span> <span class="n">gen_random_bytes</span><span class="p">(</span><span class="mi">16</span><span class="p">),</span> <span class="c1">-- auto salt</span> <span class="n">last4</span> <span class="nb">TEXT</span> <span class="k">NOT</span> <span class="k">NULL</span><span class="p">,</span> <span class="c1">-- last 4 chars of secret for UI</span> <span class="n">created_at</span> <span class="n">TIMESTAMPTZ</span> <span class="k">DEFAULT</span> <span class="n">now</span><span class="p">()</span> <span class="p">);</span> <span class="c1">-- Index for fast per-user listing, ordered by KSUID (time-sortable)</span> <span class="k">CREATE</span> <span class="k">INDEX</span> <span class="n">api_keys_client_id_idx</span> <span class="k">ON</span> <span class="n">api_keys</span> <span class="p">(</span><span class="n">client_id</span><span class="p">,</span> <span class="n">id</span> <span class="k">DESC</span><span class="p">);</span> </code></pre> </div> <p>Notes:</p> <ul> <li>KSUIDs sort by time and are 27 characters long.</li> <li>We link to auth.users for Supabase auth.</li> <li>Use the Supabase CLI to push this as a migration: supabase migration new create_api_keys_table, add the SQL, then supabase db push.</li> </ul> <h2> Step 3: Create an API Key Server-Side </h2> <p>This function creates a key. It takes client_id and name, generates everything, and returns the full key once.</p> <p>Add this in a migration or SQL editor:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">CREATE</span> <span class="k">OR</span> <span class="k">REPLACE</span> <span class="k">FUNCTION</span> <span class="n">create_api_key</span><span class="p">(</span><span class="n">client_id</span> <span class="n">UUID</span><span class="p">,</span> <span class="n">key_name</span> <span class="nb">TEXT</span><span class="p">)</span> <span class="k">RETURNS</span> <span class="nb">TEXT</span> <span class="k">AS</span> <span class="err">$$</span> <span class="k">DECLARE</span> <span class="n">ksuid_prefix</span> <span class="nb">TEXT</span> <span class="p">:</span><span class="o">=</span> <span class="n">gen_random_ksuid_microsecond</span><span class="p">();</span> <span class="n">secret</span> <span class="nb">TEXT</span> <span class="p">:</span><span class="o">=</span> <span class="n">encode</span><span class="p">(</span><span class="n">gen_random_bytes</span><span class="p">(</span><span class="mi">16</span><span class="p">),</span> <span class="s1">'base32'</span><span class="p">);</span> <span class="c1">-- random secret</span> <span class="n">salt_val</span> <span class="n">BYTEA</span> <span class="p">:</span><span class="o">=</span> <span class="n">gen_random_bytes</span><span class="p">(</span><span class="mi">16</span><span class="p">);</span> <span class="n">full_key</span> <span class="nb">TEXT</span> <span class="p">:</span><span class="o">=</span> <span class="n">ksuid_prefix</span> <span class="o">||</span> <span class="n">secret</span><span class="p">;</span> <span class="k">BEGIN</span> <span class="k">INSERT</span> <span class="k">INTO</span> <span class="n">api_keys</span> <span class="p">(</span><span class="n">id</span><span class="p">,</span> <span class="n">client_id</span><span class="p">,</span> <span class="n">name</span><span class="p">,</span> <span class="n">secret_hash</span><span class="p">,</span> <span class="n">salt</span><span class="p">,</span> <span class="n">last4</span><span class="p">)</span> <span class="k">VALUES</span> <span class="p">(</span> <span class="n">ksuid_prefix</span><span class="p">,</span> <span class="n">client_id</span><span class="p">,</span> <span class="n">key_name</span><span class="p">,</span> <span class="n">digest</span><span class="p">(</span><span class="n">secret</span> <span class="o">||</span> <span class="n">salt_val</span><span class="p">,</span> <span class="s1">'sha256'</span><span class="p">),</span> <span class="n">salt_val</span><span class="p">,</span> <span class="k">right</span><span class="p">(</span><span class="n">secret</span><span class="p">,</span> <span class="mi">4</span><span class="p">)</span> <span class="p">);</span> <span class="k">RETURN</span> <span class="n">full_key</span><span class="p">;</span> <span class="c1">-- show this to the user once</span> <span class="k">END</span><span class="p">;</span> <span class="err">$$</span> <span class="k">LANGUAGE</span> <span class="n">plpgsql</span><span class="p">;</span> </code></pre> </div> <p>The database makes the secret. Show it once in your app.</p> <h2> Step 4: Verify API Keys with Supabase Edge Functions </h2> <p>To check keys, use a Supabase Edge Function. This is fast and secure. Create one with the Supabase CLI:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>supabase functions new verify-api-key </code></pre> </div> <p>Edit functions/verify-api-key/index.ts with Supabase JS:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">createClient</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">https://esm.sh/@supabase/supabase-js@2</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">supabase</span> <span class="o">=</span> <span class="nf">createClient</span><span class="p">(</span><span class="nx">Deno</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">SUPABASE_URL</span><span class="dl">'</span><span class="p">)</span><span class="o">!</span><span class="p">,</span> <span class="nx">Deno</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">SUPABASE_SERVICE_ROLE_KEY</span><span class="dl">'</span><span class="p">)</span><span class="o">!</span><span class="p">);</span> <span class="nx">Deno</span><span class="p">.</span><span class="nf">serve</span><span class="p">(</span><span class="k">async </span><span class="p">(</span><span class="nx">req</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">full_key</span> <span class="p">}</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">req</span><span class="p">.</span><span class="nf">json</span><span class="p">();</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">data</span><span class="p">,</span> <span class="nx">error</span> <span class="p">}</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">supabase</span><span class="p">.</span><span class="nf">rpc</span><span class="p">(</span><span class="dl">'</span><span class="s1">verify_api_key</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="nx">full_key</span> <span class="p">});</span> <span class="k">if </span><span class="p">(</span><span class="nx">error</span> <span class="o">||</span> <span class="o">!</span><span class="nx">data</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="k">new</span> <span class="nc">Response</span><span class="p">(</span><span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Invalid key</span><span class="dl">'</span> <span class="p">}),</span> <span class="p">{</span> <span class="na">status</span><span class="p">:</span> <span class="mi">401</span> <span class="p">});</span> <span class="p">}</span> <span class="k">return</span> <span class="k">new</span> <span class="nc">Response</span><span class="p">(</span><span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">({</span> <span class="na">client_id</span><span class="p">:</span> <span class="nx">data</span> <span class="p">}),</span> <span class="p">{</span> <span class="na">status</span><span class="p">:</span> <span class="mi">200</span> <span class="p">});</span> <span class="p">});</span> </code></pre> </div> <p>Deploy it: supabase functions deploy verify-api-key.</p> <p>The verify_api_key function (add to DB):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">CREATE</span> <span class="k">OR</span> <span class="k">REPLACE</span> <span class="k">FUNCTION</span> <span class="n">verify_api_key</span><span class="p">(</span><span class="n">full_key</span> <span class="nb">TEXT</span><span class="p">)</span> <span class="k">RETURNS</span> <span class="n">UUID</span> <span class="k">AS</span> <span class="err">$$</span> <span class="k">DECLARE</span> <span class="n">ksuid_prefix</span> <span class="nb">TEXT</span> <span class="p">:</span><span class="o">=</span> <span class="k">left</span><span class="p">(</span><span class="n">full_key</span><span class="p">,</span> <span class="mi">27</span><span class="p">);</span> <span class="n">secret</span> <span class="nb">TEXT</span> <span class="p">:</span><span class="o">=</span> <span class="n">substr</span><span class="p">(</span><span class="n">full_key</span><span class="p">,</span> <span class="mi">28</span><span class="p">);</span> <span class="n">stored_hash</span> <span class="n">BYTEA</span><span class="p">;</span> <span class="n">stored_salt</span> <span class="n">BYTEA</span><span class="p">;</span> <span class="n">key_owner</span> <span class="n">UUID</span><span class="p">;</span> <span class="k">BEGIN</span> <span class="k">SELECT</span> <span class="n">secret_hash</span><span class="p">,</span> <span class="n">salt</span><span class="p">,</span> <span class="n">client_id</span> <span class="k">INTO</span> <span class="n">stored_hash</span><span class="p">,</span> <span class="n">stored_salt</span><span class="p">,</span> <span class="n">key_owner</span> <span class="k">FROM</span> <span class="n">api_keys</span> <span class="k">WHERE</span> <span class="n">id</span> <span class="o">=</span> <span class="n">ksuid_prefix</span><span class="p">;</span> <span class="n">IF</span> <span class="k">NOT</span> <span class="k">FOUND</span> <span class="k">THEN</span> <span class="k">RETURN</span> <span class="k">NULL</span><span class="p">;</span> <span class="k">END</span> <span class="n">IF</span><span class="p">;</span> <span class="n">IF</span> <span class="n">digest</span><span class="p">(</span><span class="n">secret</span> <span class="o">||</span> <span class="n">stored_salt</span><span class="p">,</span> <span class="s1">'sha256'</span><span class="p">)</span> <span class="o">=</span> <span class="n">stored_hash</span> <span class="k">THEN</span> <span class="k">RETURN</span> <span class="n">key_owner</span><span class="p">;</span> <span class="c1">-- valid: return owner id</span> <span class="k">ELSE</span> <span class="k">RETURN</span> <span class="k">NULL</span><span class="p">;</span> <span class="c1">-- invalid</span> <span class="k">END</span> <span class="n">IF</span><span class="p">;</span> <span class="k">END</span><span class="p">;</span> <span class="err">$$</span> <span class="k">LANGUAGE</span> <span class="n">plpgsql</span><span class="p">;</span> </code></pre> </div> <p>This is efficient: one index lookup and one hash. See <a href="https://supabase.com/docs/guides/functions" rel="noopener noreferrer">Supabase Functions docs</a> for more.</p> <h2> Step 5: List Keys for Your Dashboard </h2> <p>This function lists keys, sorted by time.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">CREATE</span> <span class="k">OR</span> <span class="k">REPLACE</span> <span class="k">FUNCTION</span> <span class="n">list_api_keys</span><span class="p">(</span> <span class="n">client_id</span> <span class="n">UUID</span><span class="p">,</span> <span class="n">limit_count</span> <span class="nb">INT</span> <span class="k">DEFAULT</span> <span class="mi">50</span><span class="p">,</span> <span class="n">offset_count</span> <span class="nb">INT</span> <span class="k">DEFAULT</span> <span class="mi">0</span> <span class="p">)</span> <span class="k">RETURNS</span> <span class="k">TABLE</span><span class="p">(</span><span class="n">id</span> <span class="nb">TEXT</span><span class="p">,</span> <span class="n">name</span> <span class="nb">TEXT</span><span class="p">,</span> <span class="n">last4</span> <span class="nb">TEXT</span><span class="p">,</span> <span class="n">created_at</span> <span class="n">TIMESTAMPTZ</span><span class="p">)</span> <span class="k">AS</span> <span class="err">$$</span> <span class="k">BEGIN</span> <span class="k">RETURN</span> <span class="n">QUERY</span> <span class="k">SELECT</span> <span class="n">id</span><span class="p">,</span> <span class="n">name</span><span class="p">,</span> <span class="n">last4</span><span class="p">,</span> <span class="n">created_at</span> <span class="k">FROM</span> <span class="n">api_keys</span> <span class="k">WHERE</span> <span class="n">client_id</span> <span class="o">=</span> <span class="n">list_api_keys</span><span class="p">.</span><span class="n">client_id</span> <span class="k">ORDER</span> <span class="k">BY</span> <span class="n">id</span> <span class="k">DESC</span> <span class="k">LIMIT</span> <span class="n">limit_count</span> <span class="k">OFFSET</span> <span class="n">offset_count</span><span class="p">;</span> <span class="k">END</span><span class="p">;</span> <span class="err">$$</span> <span class="k">LANGUAGE</span> <span class="n">plpgsql</span><span class="p">;</span> </code></pre> </div> <p>Call it from your app with Supabase JS:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="p">{</span> <span class="nx">data</span><span class="p">,</span> <span class="nx">error</span> <span class="p">}</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">supabase</span><span class="p">.</span><span class="nf">rpc</span><span class="p">(</span><span class="dl">'</span><span class="s1">list_api_keys</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">client_id</span><span class="p">:</span> <span class="nx">user</span><span class="p">.</span><span class="nx">id</span> <span class="p">});</span> </code></pre> </div> <h2> How Your App Uses These in Supabase </h2> <h3> Create a Key </h3> <ul> <li>App calls: <code>const { data } = await supabase.rpc('create_api_key', { client_id: user.id, key_name: 'My Key' });</code> </li> <li>Show data once to the user.</li> </ul> <h3> Verify a Key </h3> <ul> <li>Send full_key to your Edge Function.</li> <li>If it returns client_id, allow access.</li> </ul> <h3> List Keys </h3> <ul> <li>Use the list function in your dashboard.</li> </ul> <h2> Additional Notes on Security and Choices </h2> <ul> <li>You cannot get back secrets. This is safer.</li> <li>Add revocation: Include revoked_at in the table and check in verify_api_key.</li> <li>For rate limits, log usage after verify succeeds.</li> </ul> <p>This setup makes secure API key management in Supabase simple and fast.</p> <p>Ready to try? Start with the Supabase CLI and build your own.</p> postgres supabase api programming Building a Slack Bot for AI-Powered Conversations with Supabase Rodrigo Mansueli Tue, 10 Oct 2023 13:38:09 +0000 https://forem.com/supabase/building-a-slack-bot-for-ai-powered-conversations-with-supabase-dcj https://forem.com/supabase/building-a-slack-bot-for-ai-powered-conversations-with-supabase-dcj <p>In today's tech-driven world, integrating AI into your communication tools can enhance productivity and user experiences. Slack, a widely used team collaboration platform, allows developers to create custom bots that automate tasks and provide intelligent responses. In this blog post, we'll guide you through the process of building a Slack bot that harnesses the power of AI, specifically Hugging Face and OpenAI, using the Supabase platform.</p> <p><strong>Prerequisites</strong>:</p> <p>Before we dive into the code, you'll need a few things:</p> <ol> <li><p><strong>Supabase Account</strong>: Ensure you have an account on <a href="http://supabase.com/">Supabase</a>.</p></li> <li><p><strong>Slack Workspace</strong>: You'll require access to a Slack workspace where you can create and install the bot.</p></li> <li><p><strong>API Keys</strong>: Obtain API keys for Hugging Face and OpenAI.</p></li> </ol> <p><strong>Creating the Slack Bot Manifest</strong>:</p> <p>To begin, you need to define the bot's characteristics in a manifest file (<code>manifest.yaml</code>). This file specifies the bot's display name, features, OAuth configuration, and settings. Here's an example manifest for your Slack AI bot:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">display_information</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">SlackAI</span> <span class="na">features</span><span class="pi">:</span> <span class="na">bot_user</span><span class="pi">:</span> <span class="na">display_name</span><span class="pi">:</span> <span class="s">SlackAI</span> <span class="na">always_online</span><span class="pi">:</span> <span class="kc">false</span> <span class="na">oauth_config</span><span class="pi">:</span> <span class="na">scopes</span><span class="pi">:</span> <span class="na">bot</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">app_mentions:read</span> <span class="pi">-</span> <span class="s">chat:write</span> <span class="pi">-</span> <span class="s">im:write</span> <span class="pi">-</span> <span class="s">channels:history</span> <span class="pi">-</span> <span class="s">commands</span> <span class="na">settings</span><span class="pi">:</span> <span class="na">org_deploy_enabled</span><span class="pi">:</span> <span class="kc">false</span> <span class="na">socket_mode_enabled</span><span class="pi">:</span> <span class="kc">false</span> <span class="na">token_rotation_enabled</span><span class="pi">:</span> <span class="kc">false</span> </code></pre> </div> <p>We'll interact with the Slack bot using custom webhooks. For detailed instructions, refer to our previous post on <a href="https://blog.mansueli.com/automating-webhooks-supabase-postgresql-guide">Deploying and Debugging Custom Webhooks on Supabase &amp; PostgreSQL</a>.</p> <p><strong>Setting Secrets on Supabase CLI</strong>:</p> <p>You'll need to securely store sensitive information, such as API keys, on Supabase using the CLI. Here's how to do it:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Set OpenAI API Key</span> supabase <span class="nt">--project-ref</span> nacho_slacker secrets <span class="se">\</span> <span class="nb">set </span><span class="nv">OPEN_AI</span><span class="o">=</span>sk-FB9ZJJbluyN4CH0luSQkwG0t6ZZG3wSQ6SFyBj3k8JZDRKSt <span class="c"># Set Hugging Face API Key</span> supabase <span class="nt">--project-ref</span> nacho_slacker secrets <span class="se">\</span> <span class="nb">set </span><span class="nv">HUGGINGFACE_TOKEN</span><span class="o">=</span>hf_rSji7SZZuZwN8ZW53tN4CH0TKRtFCN6Cai <span class="c"># Set Bot OAuth Token</span> supabase <span class="nt">--project-ref</span> nacho_slacker secrets <span class="se">\</span> <span class="nb">set </span><span class="nv">SLACK_TOKEN</span><span class="o">=</span>xoxb-3882900064320-6000640064577-QDr8Nk637kw6nachoR7bDu9 </code></pre> </div> <h3> <strong>Edge Functions: The Soul of Your Slack Bot</strong> </h3> <p>In this section, we'll explore two critical Edge Functions, namely <code>slack_ai_mentions.ts</code> and <code>consume_job.ts</code>. These functions play vital roles in your Slack bot's functionality.</p> <ol> <li> <code>slack_ai_mentions.ts</code>: This Edge Function sets up an HTTP server using Deno to listen for Slack events. When the bot receives an app mention, it processes the text adding it into a Queue System in Postgres, which will process the requests and send them back to the user. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">serve</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">https://deno.land/std@0.197.0/http/server.ts</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">WebClient</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">https://deno.land/x/slack_web_api@6.7.2/mod.js</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">SupabaseClient</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">https://esm.sh/@supabase/supabase-js@2</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">slack_bot_token</span> <span class="o">=</span> <span class="nx">Deno</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">"</span><span class="s2">SLACK_TOKEN</span><span class="dl">"</span><span class="p">)</span> <span class="o">??</span> <span class="dl">""</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">bot_client</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">WebClient</span><span class="p">(</span><span class="nx">slack_bot_token</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">supabase_url</span> <span class="o">=</span> <span class="nx">Deno</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">"</span><span class="s2">SUPABASE_URL</span><span class="dl">"</span><span class="p">)</span> <span class="o">??</span> <span class="dl">""</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">service_role</span> <span class="o">=</span> <span class="nx">Deno</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">"</span><span class="s2">SUPABASE_SERVICE_ROLE_KEY</span><span class="dl">"</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">supabase</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">SupabaseClient</span><span class="p">(</span><span class="nx">supabase_url</span><span class="p">,</span> <span class="nx">service_role</span><span class="p">);</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="s2">`Slack URL verification function up and running!`</span><span class="p">);</span> <span class="nf">serve</span><span class="p">(</span><span class="k">async </span><span class="p">(</span><span class="nx">req</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">try</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">req_body</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">req</span><span class="p">.</span><span class="nf">json</span><span class="p">();</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">(</span><span class="nx">req_body</span><span class="p">,</span> <span class="kc">null</span><span class="p">,</span> <span class="mi">2</span><span class="p">));</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">token</span><span class="p">,</span> <span class="nx">challenge</span><span class="p">,</span> <span class="kd">type</span><span class="p">,</span> <span class="nx">event</span> <span class="p">}</span> <span class="o">=</span> <span class="nx">req_body</span><span class="p">;</span> <span class="k">if </span><span class="p">(</span><span class="kd">type</span> <span class="o">==</span> <span class="dl">'</span><span class="s1">url_verification</span><span class="dl">'</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="k">new</span> <span class="nc">Response</span><span class="p">(</span><span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">({</span> <span class="nx">challenge</span> <span class="p">}),</span> <span class="p">{</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="dl">'</span><span class="s1">Content-Type</span><span class="dl">'</span><span class="p">:</span> <span class="dl">'</span><span class="s1">application/json</span><span class="dl">'</span> <span class="p">},</span> <span class="na">status</span><span class="p">:</span> <span class="mi">200</span><span class="p">,</span> <span class="p">});</span> <span class="p">}</span> <span class="k">else</span> <span class="k">if </span><span class="p">(</span><span class="nx">event</span><span class="p">.</span><span class="kd">type</span> <span class="o">==</span> <span class="dl">'</span><span class="s1">app_mention</span><span class="dl">'</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">user</span><span class="p">,</span> <span class="nx">text</span><span class="p">,</span> <span class="nx">channel</span><span class="p">,</span> <span class="nx">ts</span> <span class="p">}</span> <span class="o">=</span> <span class="nx">event</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">url_path</span> <span class="o">=</span> <span class="nx">text</span><span class="p">.</span><span class="nf">toLowerCase</span><span class="p">()</span> <span class="p">.</span><span class="nf">includes</span><span class="p">(</span><span class="dl">'</span><span class="s1">code</span><span class="dl">'</span><span class="p">)</span> <span class="p">?</span> <span class="dl">'</span><span class="s1">/code</span><span class="dl">'</span> <span class="p">:</span> <span class="dl">'</span><span class="s1">/general</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">error</span> <span class="p">}</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">supabase</span><span class="p">.</span><span class="k">from</span><span class="p">(</span><span class="dl">'</span><span class="s1">job_queue</span><span class="dl">'</span><span class="p">).</span><span class="nf">insert</span><span class="p">({</span> <span class="na">http_verb</span><span class="p">:</span> <span class="dl">'</span><span class="s1">POST</span><span class="dl">'</span><span class="p">,</span> <span class="na">payload</span><span class="p">:</span> <span class="p">{</span> <span class="nx">user</span><span class="p">,</span> <span class="nx">text</span><span class="p">,</span> <span class="nx">channel</span><span class="p">,</span> <span class="nx">ts</span> <span class="p">},</span> <span class="na">url_path</span><span class="p">:</span> <span class="nx">url_path</span> <span class="p">});</span> <span class="k">if </span><span class="p">(</span><span class="nx">error</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="nx">error</span><span class="p">);</span> <span class="k">return</span> <span class="k">new</span> <span class="nc">Response</span><span class="p">(</span><span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="nx">error</span><span class="p">.</span><span class="nx">message</span> <span class="p">}),</span> <span class="p">{</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="dl">'</span><span class="s1">Content-Type</span><span class="dl">'</span><span class="p">:</span> <span class="dl">'</span><span class="s1">application/json</span><span class="dl">'</span> <span class="p">},</span> <span class="na">status</span><span class="p">:</span> <span class="mi">400</span><span class="p">,</span> <span class="p">});</span> <span class="p">}</span> <span class="k">await</span> <span class="nf">post</span><span class="p">(</span><span class="nx">channel</span><span class="p">,</span> <span class="nx">ts</span><span class="p">,</span> <span class="s2">`Taking a look and will get back to you shortly!`</span><span class="p">);</span> <span class="k">return</span> <span class="k">new</span> <span class="nc">Response</span><span class="p">(</span><span class="dl">''</span><span class="p">,</span> <span class="p">{</span> <span class="na">status</span><span class="p">:</span> <span class="mi">200</span> <span class="p">});</span> <span class="p">}</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">error</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="k">new</span> <span class="nc">Response</span><span class="p">(</span><span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="nx">error</span><span class="p">.</span><span class="nx">message</span> <span class="p">}),</span> <span class="p">{</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="dl">'</span><span class="s1">Content-Type</span><span class="dl">'</span><span class="p">:</span> <span class="dl">'</span><span class="s1">application/json</span><span class="dl">'</span> <span class="p">},</span> <span class="na">status</span><span class="p">:</span> <span class="mi">400</span><span class="p">,</span> <span class="p">});</span> <span class="p">}</span> <span class="p">});</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">post</span><span class="p">(</span><span class="nx">channel</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">thread_ts</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">message</span><span class="p">:</span> <span class="kr">string</span><span class="p">):</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="k">void</span><span class="o">&gt;</span> <span class="p">{</span> <span class="k">try</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">result</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">bot_client</span><span class="p">.</span><span class="nx">chat</span><span class="p">.</span><span class="nf">postMessage</span><span class="p">({</span> <span class="na">channel</span><span class="p">:</span> <span class="nx">channel</span><span class="p">,</span> <span class="na">thread_ts</span><span class="p">:</span> <span class="nx">thread_ts</span><span class="p">,</span> <span class="na">text</span><span class="p">:</span> <span class="nx">message</span><span class="p">,</span> <span class="p">});</span> <span class="nx">console</span><span class="p">.</span><span class="nf">info</span><span class="p">(</span><span class="nx">result</span><span class="p">);</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">e</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="s2">`Error posting message: </span><span class="p">${</span><span class="nx">e</span><span class="p">}</span><span class="s2">`</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <ol> <li> <code>consume_job.ts</code>: This Edge Function manages tasks related to AI model interactions. It handles requests from the slack_ai_mentions.ts file and communicates with either Hugging Face or OpenAI to generate text responses. The blog post provides detailed instructions on installing and configuring this Edge Function. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">serve</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">https://deno.land/std@0.197.0/http/server.ts</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">WebClient</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">https://deno.land/x/slack_web_api@6.7.2/mod.js</span><span class="dl">"</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">slack_bot_token</span> <span class="o">=</span> <span class="nx">Deno</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">"</span><span class="s2">SLACK_TOKEN</span><span class="dl">"</span><span class="p">)</span> <span class="o">??</span> <span class="dl">""</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">bot_client</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">WebClient</span><span class="p">(</span><span class="nx">slack_bot_token</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">hf_token</span> <span class="o">=</span> <span class="nx">Deno</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">"</span><span class="s2">HUGGINGFACE_TOKEN</span><span class="dl">"</span><span class="p">)</span> <span class="o">??</span> <span class="dl">""</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">openai_api_key</span> <span class="o">=</span> <span class="nx">Deno</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">"</span><span class="s2">OPEN_AI</span><span class="dl">"</span><span class="p">)</span> <span class="o">??</span> <span class="dl">""</span><span class="p">;</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">"</span><span class="s2">Function that will handle the tasks!</span><span class="dl">"</span><span class="p">);</span> <span class="nf">serve</span><span class="p">(</span><span class="k">async </span><span class="p">(</span><span class="nx">req</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">payload</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">req</span><span class="p">.</span><span class="nf">json</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">url</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">URL</span><span class="p">(</span><span class="nx">req</span><span class="p">.</span><span class="nx">url</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">method</span> <span class="o">=</span> <span class="nx">req</span><span class="p">.</span><span class="nx">method</span><span class="p">;</span> <span class="c1">// Extract the last part of the path as the command</span> <span class="kd">const</span> <span class="nx">command</span> <span class="o">=</span> <span class="nx">url</span><span class="p">.</span><span class="nx">pathname</span><span class="p">.</span><span class="nf">split</span><span class="p">(</span><span class="dl">"</span><span class="s2">/</span><span class="dl">"</span><span class="p">).</span><span class="nf">pop</span><span class="p">();</span> <span class="k">try</span> <span class="p">{</span> <span class="kd">let</span> <span class="nx">generated_text</span> <span class="o">=</span> <span class="dl">''</span><span class="p">;</span> <span class="k">if </span><span class="p">(</span><span class="nx">command</span> <span class="o">==</span> <span class="dl">"</span><span class="s2">general</span><span class="dl">"</span><span class="p">)</span> <span class="p">{</span> <span class="nx">generated_text</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">getGeneratedTextFromHuggingFace</span><span class="p">(</span><span class="nx">payload</span><span class="p">);</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="nx">generated_text</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">getGeneratedTextFromChatGPT</span><span class="p">(</span><span class="nx">payload</span><span class="p">);</span> <span class="p">}</span> <span class="k">await</span> <span class="nf">post</span><span class="p">(</span><span class="nx">payload</span><span class="p">.</span><span class="nx">channel</span><span class="p">,</span> <span class="nx">payload</span><span class="p">.</span><span class="nx">ts</span><span class="p">,</span> <span class="s2">`Thanks for asking: </span><span class="p">${</span><span class="nx">generated_text</span><span class="p">}</span><span class="s2">`</span><span class="p">);</span> <span class="k">return</span> <span class="k">new</span> <span class="nc">Response</span><span class="p">(</span><span class="dl">'</span><span class="s1">ok</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="dl">"</span><span class="s2">Content-Type</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">application/json</span><span class="dl">"</span> <span class="p">},</span> <span class="na">status</span><span class="p">:</span> <span class="mi">200</span> <span class="p">},</span> <span class="p">);</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">error</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="nx">error</span><span class="p">);</span> <span class="k">return</span> <span class="k">new</span> <span class="nc">Response</span><span class="p">(</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="nx">error</span><span class="p">.</span><span class="nx">message</span> <span class="p">}),</span> <span class="p">{</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="dl">"</span><span class="s2">Content-Type</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">application/json</span><span class="dl">"</span> <span class="p">},</span> <span class="na">status</span><span class="p">:</span> <span class="mi">500</span><span class="p">,</span> <span class="p">},</span> <span class="p">);</span> <span class="p">}</span> <span class="p">});</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">post</span><span class="p">(</span> <span class="nx">channel</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">thread_ts</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">message</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="p">):</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="k">void</span><span class="o">&gt;</span> <span class="p">{</span> <span class="k">try</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">result</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">bot_client</span><span class="p">.</span><span class="nx">chat</span><span class="p">.</span><span class="nf">postMessage</span><span class="p">({</span> <span class="na">channel</span><span class="p">:</span> <span class="nx">channel</span><span class="p">,</span> <span class="na">thread_ts</span><span class="p">:</span> <span class="nx">thread_ts</span><span class="p">,</span> <span class="na">text</span><span class="p">:</span> <span class="nx">message</span><span class="p">,</span> <span class="p">});</span> <span class="nx">console</span><span class="p">.</span><span class="nf">info</span><span class="p">(</span><span class="nx">result</span><span class="p">);</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">e</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="s2">`Error posting message: </span><span class="p">${</span><span class="nx">e</span><span class="p">}</span><span class="s2">`</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">getGeneratedTextFromHuggingFace</span><span class="p">(</span><span class="nx">payload</span><span class="p">)</span> <span class="p">{</span> <span class="kd">let</span> <span class="nx">huggingface_url</span> <span class="o">=</span> <span class="dl">""</span><span class="p">;</span> <span class="kd">let</span> <span class="nx">body_content</span> <span class="o">=</span> <span class="dl">""</span><span class="p">;</span> <span class="nx">huggingface_url</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">https://api-inference.huggingface.co/models/mistralai/Mistral-7B-Instruct-v0.1</span><span class="dl">"</span><span class="p">;</span> <span class="nx">body_content</span> <span class="o">=</span> <span class="s2">`[INST] </span><span class="p">${</span><span class="nx">payload</span><span class="p">.</span><span class="nx">text</span><span class="p">}</span><span class="s2"> [/INST]`</span><span class="p">;</span> <span class="nx">body_content</span> <span class="o">=</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">({</span> <span class="dl">"</span><span class="s2">inputs</span><span class="dl">"</span><span class="p">:</span> <span class="nx">body_content</span> <span class="p">},</span> <span class="kc">null</span><span class="p">,</span> <span class="mi">2</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">huggingface_response</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">fetch</span><span class="p">(</span><span class="nx">huggingface_url</span><span class="p">,</span> <span class="p">{</span> <span class="na">method</span><span class="p">:</span> <span class="dl">"</span><span class="s2">POST</span><span class="dl">"</span><span class="p">,</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="dl">"</span><span class="s2">Content-Type</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">application/json</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">Authorization</span><span class="dl">"</span><span class="p">:</span> <span class="s2">`Bearer </span><span class="p">${</span><span class="nx">hf_token</span><span class="p">}</span><span class="s2">`</span><span class="p">,</span> <span class="p">},</span> <span class="na">body</span><span class="p">:</span> <span class="nx">body_content</span><span class="p">,</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">huggingface_data</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">huggingface_response</span><span class="p">.</span><span class="nf">json</span><span class="p">();</span> <span class="k">if </span><span class="p">(</span><span class="nx">huggingface_data</span><span class="p">.</span><span class="nx">error</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="nx">huggingface_data</span><span class="p">.</span><span class="nx">error</span><span class="p">);</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">Error</span><span class="p">(</span><span class="nx">huggingface_data</span><span class="p">.</span><span class="nx">error</span><span class="p">.</span><span class="nx">message</span><span class="p">);</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">generated_text</span> <span class="o">=</span> <span class="nx">huggingface_data</span><span class="p">[</span><span class="mi">0</span><span class="p">]</span> <span class="p">.</span><span class="nx">generated_text</span><span class="p">.</span><span class="nf">split</span><span class="p">(</span><span class="dl">"</span><span class="s2">[/INST]</span><span class="dl">"</span><span class="p">);</span> <span class="k">return</span> <span class="nx">generated_text</span><span class="p">.</span><span class="nx">length</span> <span class="o">&gt;</span> <span class="mi">1</span> <span class="p">?</span> <span class="nx">generated_text</span><span class="p">[</span><span class="mi">1</span><span class="p">]</span> <span class="p">:</span> <span class="nx">generated_text</span><span class="p">[</span><span class="mi">0</span><span class="p">];</span> <span class="p">}</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">getGeneratedTextFromChatGPT</span><span class="p">(</span><span class="nx">payload</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">headers</span> <span class="o">=</span> <span class="p">{</span> <span class="dl">"</span><span class="s2">Content-Type</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">application/json</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">Authorization</span><span class="dl">"</span><span class="p">:</span> <span class="s2">`Bearer </span><span class="p">${</span><span class="nx">openai_api_key</span><span class="p">}</span><span class="s2">`</span><span class="p">,</span> <span class="p">};</span> <span class="kd">const</span> <span class="nx">openai_url</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">https://api.openai.com/v1/chat/completions</span><span class="dl">"</span><span class="p">;</span> <span class="kd">let</span> <span class="nx">body_content</span> <span class="o">=</span> <span class="p">{</span> <span class="dl">"</span><span class="s2">model</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">gpt-3.5-turbo</span><span class="dl">"</span><span class="p">,</span> <span class="c1">// Replace with the name of the chat model you want to use</span> <span class="dl">"</span><span class="s2">messages</span><span class="dl">"</span><span class="p">:</span> <span class="p">[</span> <span class="p">{</span> <span class="dl">"</span><span class="s2">role</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">system</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">content</span><span class="dl">"</span><span class="p">:</span> <span class="s2">`You are a detail-oriented, helpful, and eager to please assistant.`</span> <span class="p">},</span> <span class="p">{</span> <span class="dl">"</span><span class="s2">role</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">user</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">content</span><span class="dl">"</span><span class="p">:</span> <span class="nx">payload</span><span class="p">.</span><span class="nx">text</span> <span class="p">}</span> <span class="p">]</span> <span class="p">};</span> <span class="kd">const</span> <span class="nx">body_content_text</span> <span class="o">=</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">(</span><span class="nx">body_content</span><span class="p">,</span> <span class="kc">null</span><span class="p">,</span> <span class="mi">2</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">openai_response</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">fetch</span><span class="p">(</span><span class="nx">openai_url</span><span class="p">,</span> <span class="p">{</span> <span class="na">method</span><span class="p">:</span> <span class="dl">"</span><span class="s2">POST</span><span class="dl">"</span><span class="p">,</span> <span class="na">headers</span><span class="p">:</span> <span class="nx">headers</span><span class="p">,</span> <span class="na">body</span><span class="p">:</span> <span class="nx">body_content_text</span><span class="p">,</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">openai_data</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">openai_response</span><span class="p">.</span><span class="nf">json</span><span class="p">();</span> <span class="k">if </span><span class="p">(</span><span class="nx">openai_data</span><span class="p">.</span><span class="nx">error</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="nx">openai_data</span><span class="p">.</span><span class="nx">error</span><span class="p">);</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">Error</span><span class="p">(</span><span class="nx">openai_data</span><span class="p">.</span><span class="nx">error</span><span class="p">.</span><span class="nx">message</span><span class="p">);</span> <span class="p">}</span> <span class="k">return</span> <span class="nx">openai_data</span><span class="p">.</span><span class="nx">choices</span><span class="p">[</span><span class="mi">0</span><span class="p">].</span><span class="nx">message</span><span class="p">.</span><span class="nx">content</span><span class="p">.</span><span class="nf">trim</span><span class="p">();</span> <span class="p">}</span> </code></pre> </div> <p>These Edge Functions are essential components of the Slack bot, allowing it to seamlessly integrate with external AI services and provide intelligent responses in real-time.</p> <p><strong>Deploying Edge Functions</strong>:</p> <p>Next, you'll deploy these two Edge Functions using Supabase CLI:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>supabase functions deploy consume_job <span class="se">\</span> <span class="nt">--project-ref</span> nacho_slacker <span class="nt">--no-verify-jwt</span> supabase functions deploy slack_ai_mentions <span class="se">\</span> <span class="nt">--project-ref</span> nacho_slacker <span class="nt">--no-verify-jwt</span> </code></pre> </div> <h2> Storing Secrets Securely in Vault </h2> <p>To ensure the security of sensitive information, it's crucial to utilize Vault for secret management. Here's a step-by-step guide to adding <code>service_role</code> and <code>consumer_function</code> to Vault:</p> <ol> <li><p>Add <code>service_role</code> by using the <code>service_role</code> key found in the <a href="https://supabase.green/dashboard/project/_/settings/api">Supabase dashboard</a>.</p></li> <li> <p>Incorporate <code>consumer_function</code> into Vault by utilizing the URL of the Edge Function <code>consume_job</code> from the <a href="https://supabase.green/dashboard/project/_/functions">Supabase dashboard</a>.</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--14gXvd4R--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://cdn.hashnode.com/res/hashnode/image/upload/v1696800578158/5cae0a7f-5fdc-4c49-9aca-6f4727ac3d42.png%2520align%3D%2522center%2522" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--14gXvd4R--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://cdn.hashnode.com/res/hashnode/image/upload/v1696800578158/5cae0a7f-5fdc-4c49-9aca-6f4727ac3d42.png%2520align%3D%2522center%2522" alt="" width="" height=""></a></p> </li> </ol> <h2> Configuring Slack Apps </h2> <p>For your bot to seamlessly interact with Slack, you'll need to configure Slack Apps:</p> <ol> <li><p>Navigate to the Slack Apps page.</p></li> <li><p>Under "Event Subscriptions," add the URL of the <code>slack_ai_mentions</code> function and click to verify the URL.</p></li> <li><p>The Edge function will respond, confirming that everything is set up correctly.</p></li> <li><p>Add <code>app-mention</code> in the events the bot will subscribe to.</p></li> </ol> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--UH9liDM1--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://cdn.hashnode.com/res/hashnode/image/upload/v1696800471362/73b86a1d-3b7a-4014-9411-493ef023a947.png%2520align%3D%2522center%2522" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--UH9liDM1--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://cdn.hashnode.com/res/hashnode/image/upload/v1696800471362/73b86a1d-3b7a-4014-9411-493ef023a947.png%2520align%3D%2522center%2522" alt="" width="" height=""></a></p> <h2> Installing DBDEV and Supa_Queue </h2> <p>To enhance your Supabase project's capabilities, consider installing the <code>supabase-dbdev</code> and <code>supa_queue</code> extensions. Here's how you can do it:</p> <h3> Installing <code>supabase-dbdev</code> </h3> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="c1">-- Install supabase-dbdev</span> <span class="k">create</span> <span class="n">extension</span> <span class="n">if</span> <span class="k">not</span> <span class="k">exists</span> <span class="n">http</span> <span class="k">with</span> <span class="k">schema</span> <span class="n">extensions</span><span class="p">;</span> <span class="k">create</span> <span class="n">extension</span> <span class="n">if</span> <span class="k">not</span> <span class="k">exists</span> <span class="n">pg_tle</span><span class="p">;</span> <span class="k">select</span> <span class="n">pgtle</span><span class="p">.</span><span class="n">uninstall_extension_if_exists</span><span class="p">(</span><span class="s1">'supabase-dbdev'</span><span class="p">);</span> <span class="k">drop</span> <span class="n">extension</span> <span class="n">if</span> <span class="k">exists</span> <span class="nv">"supabase-dbdev"</span><span class="p">;</span> <span class="k">select</span> <span class="n">pgtle</span><span class="p">.</span><span class="n">install_extension</span><span class="p">(</span> <span class="s1">'supabase-dbdev'</span><span class="p">,</span> <span class="n">resp</span><span class="p">.</span><span class="n">contents</span> <span class="o">-&gt;&gt;</span> <span class="s1">'version'</span><span class="p">,</span> <span class="s1">'PostgreSQL package manager'</span><span class="p">,</span> <span class="n">resp</span><span class="p">.</span><span class="n">contents</span> <span class="o">-&gt;&gt;</span> <span class="s1">'sql'</span> <span class="p">)</span> <span class="k">from</span> <span class="n">http</span><span class="p">(</span> <span class="p">(</span> <span class="s1">'GET'</span><span class="p">,</span> <span class="s1">'https://api.database.dev/rest/v1/'</span> <span class="o">||</span> <span class="s1">'package_versions?select=sql,version'</span> <span class="o">||</span> <span class="s1">'&amp;package_name=eq.supabase-dbdev'</span> <span class="o">||</span> <span class="s1">'&amp;order=version.desc'</span> <span class="o">||</span> <span class="s1">'&amp;limit=1'</span><span class="p">,</span> <span class="n">array</span><span class="p">[</span> <span class="p">(</span><span class="s1">'apiKey'</span><span class="p">,</span> <span class="s1">'YOUR_DATABASE_DEV_API_KEY_HERE'</span><span class="p">)::</span><span class="n">http_header</span> <span class="p">],</span> <span class="k">null</span><span class="p">,</span> <span class="k">null</span> <span class="p">)</span> <span class="p">)</span> <span class="n">x</span><span class="p">,</span> <span class="k">lateral</span> <span class="p">(</span> <span class="k">select</span> <span class="p">((</span><span class="n">row_to_json</span><span class="p">(</span><span class="n">x</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="s1">'content'</span><span class="p">)</span> <span class="o">#&gt;&gt;</span> <span class="s1">'{}'</span><span class="p">)::</span><span class="n">json</span> <span class="o">-&gt;</span> <span class="mi">0</span> <span class="p">)</span> <span class="n">resp</span><span class="p">(</span><span class="n">contents</span><span class="p">);</span> <span class="k">create</span> <span class="n">extension</span> <span class="nv">"supabase-dbdev"</span><span class="p">;</span> <span class="k">select</span> <span class="n">dbdev</span><span class="p">.</span><span class="n">install</span><span class="p">(</span><span class="s1">'supabase-dbdev'</span><span class="p">);</span> <span class="k">drop</span> <span class="n">extension</span> <span class="n">if</span> <span class="k">exists</span> <span class="nv">"supabase-dbdev"</span><span class="p">;</span> <span class="k">create</span> <span class="n">extension</span> <span class="nv">"supabase-dbdev"</span><span class="p">;</span> </code></pre> </div> <h3> Installing the <code>supa_queue</code> Extension </h3> <p>To further empower your Supabase project, consider installing the <code>supa_queue</code> extension. This extension offers a robust queue system for efficiently managing tasks and processes. Here's how you can install it:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="c1">-- Install supa_queue</span> <span class="k">select</span> <span class="n">dbdev</span><span class="p">.</span><span class="n">install</span><span class="p">(</span><span class="s1">'mansueli-supa_queue'</span><span class="p">);</span> <span class="k">create</span> <span class="n">extension</span> <span class="nv">"mansueli-supa_queue"</span> <span class="k">version</span> <span class="s1">'1.0.3'</span><span class="p">;</span> </code></pre> </div> <p><strong>Note</strong>: The <code>supa_queue</code> extension is a Trusted Language Extension available at <a href="https://database.dev/mansueli/supa_queue">https://database.dev/mansueli/supa_queue</a>. It was created based on a previous post we published about <a href="https://blog.mansueli.com/building-a-queue-system-with-supabase-and-postgresql">building a simple &amp; robust queue system for PostgreSQL</a>. This extension enables you to implement a powerful queue system in your Supabase project, which can prove invaluable for managing asynchronous tasks and background processing.</p> <h2> Installing and Interacting with Your Slack Bot </h2> <p>Now that your Slack bot is ready to roll, it's time to integrate it into your Slack workspace and start interacting with it in two different contexts: one for general use with the Hugging Face model and another for code-related inquiries using the ChatGPT model.</p> <h3> Installing Your Bot to Slack </h3> <ol> <li><p><strong>Add Your Bot to Slack</strong>: Navigate to your Slack workspace and access the "Apps" section. Search for your bot's name (e.g., "SlackAI") and add it to your workspace.</p></li> <li><p><strong>Authorize Bot Permissions</strong>: Ensure you authorize the necessary permissions for your bot, including sending messages, interacting with users, and reading messages.</p></li> <li><p><strong>Place Your Bot in a Channel</strong>: Choose a Slack channel where you'd like your bot to operate. Invite your bot to join the channel by mentioning it (e.g., <code>@SlackAI</code>).</p></li> </ol> <h3> General Use with Hugging Face Model </h3> <p>In this context, you can utilize the Hugging Face model for general conversations and inquiries. Mention your bot in the channel and ask a question or initiate a conversation. For example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="o">@</span><span class="n">SlackAI</span> <span class="n">How</span><span class="s1">'s the weather today? </span></code></pre> </div> <p>Your bot, powered by the Hugging Face model, will respond with intelligent insights or answers.</p> <h3> Code-Related Inquiries with ChatGPT Model </h3> <p>When you have code-related questions or need assistance with technical matters, you can invoke the ChatGPT model. Mention your bot again in the channel and frame your inquiry:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="o">@</span><span class="n">SlackAI</span> <span class="n">Can</span> <span class="n">you</span> <span class="n">help</span> <span class="n">me</span> <span class="k">with</span> <span class="n">this</span> <span class="n">Python</span> <span class="n">code</span> <span class="n">snippet</span><span class="o">?</span> </code></pre> </div> <p>Your bot will be ready to assist with coding-related queries, making your team's technical discussions more efficient.</p> <h2> Conclusion </h2> <p>In this comprehensive exploration of creating a powerful Slack bot with AI capabilities using Supabase, you've gained the knowledge and tools to elevate your team's communication and productivity. By seamlessly integrating AI models and efficient queue management into your Slack bot, you've unlocked a world of automation and intelligent responses.</p> <p>As you continue to refine and expand your bot's functionalities, consider these top-performing articles for further insights and optimizations:</p> <ol> <li><p><a href="https://blog.mansueli.com/using-custom-claims-testing-rls-with-supabase">Using Custom Claims &amp; Testing RLS with Supabase</a>: Dive deep into custom claims and role-level security with Supabase to enhance your application's data security.</p></li> <li><p><a href="https://blog.mansueli.com/supabase-user-self-deletion-empower-users-with-edge-functions">Supabase User Self-Deletion: Empower Users with Edge Functions</a>: Learn how to implement user self-deletion features using Supabase Edge Functions, empowering users with control over their accounts.</p></li> <li><p><a href="https://blog.mansueli.com/creating-customized-i18n-ready-authentication-emails-using-supabase-edge-functions-postgresql-and-resend">Creating Customized i18n-Ready Authentication Emails using Supabase Edge Functions, PostgreSQL, and Resend</a>: Dive into internationalization and create personalized authentication emails with Supabase Edge Functions and PostgreSQL.</p></li> <li><p><a href="https://blog.mansueli.com/testing-supabase-edge-functions-with-deno-test">Testing Supabase Edge Functions with Deno Test</a>: Explore best practices for testing your Supabase Edge Functions using Deno, ensuring robust functionality.</p></li> </ol> <p>These articles complement your journey to master Supabase and Slack bot development, offering valuable insights and strategies for enhancing your applications. Experimentation and customization are key to tailoring your bot to meet your project's specific needs.</p> <h2> References </h2> <p>For additional guidance and resources, consider exploring these valuable references:</p> <ul> <li><p><a href="https://supabase.com/docs">Supabase Official Documentation</a>: Access the official documentation for Supabase to explore the platform's capabilities and features.</p></li> <li><p><a href="https://www.postgresql.org/docs/">PostgreSQL Official Documentation</a>: Dive into the official documentation of PostgreSQL, the powerful database system at the core of Supabase.</p></li> <li><p><a href="https://deno.land/manual">Deno Documentation</a>: Explore Deno documentation for insights into this secure runtime for JavaScript and TypeScript.</p></li> </ul> <p>Building a Slack bot infused with AI capabilities offers an exciting opportunity to automate tasks and deliver intelligent responses, ultimately streamlining your team's interactions and fostering a more engaging work environment. Enjoy the journey of experimenting with various AI models and expanding your bot's functionalities!</p> <p><a href="http://supabase.com?utm_source=devto&amp;utm_medium=referral&amp;utm%5C_term=devtocta" class="ltag_cta ltag_cta--branded">🚀 Learn more about Supabase</a> </p> ai supabase edgefunction slack Easy Deployment and Rollback of PostgreSQL Functions with Supabase Rodrigo Mansueli Tue, 03 Oct 2023 16:55:00 +0000 https://forem.com/supabase/easy-deployment-and-rollback-of-postgresql-functions-with-supabase-onk https://forem.com/supabase/easy-deployment-and-rollback-of-postgresql-functions-with-supabase-onk <p>In the realm of database management, version control, and deployment are crucial. Efficiently deploying and managing database functions is vital for maintaining the integrity of your data-driven applications. While database migrations, as detailed in <a href="https://supabase.com/docs/reference/cli/supabase-migration">Supabase's migration guide</a>, are ideal for long-term projects, there are scenarios, such as prototyping and rapid development, where you need more flexibility.</p> <p>In this blog post, we'll explore an approach tailored for quick prototyping and agile development—how to easily deploy and rollback PostgreSQL functions using <a href="https://supabase.com">Supabase</a>. Supabase, a powerful open-source alternative to traditional database management systems, simplifies the process of deploying and managing functions in these scenarios.</p> <p>If you're working on more complex workflows or long-term projects, we highly recommend referring to <a href="https://supabase.com/docs/reference/cli/supabase-migration">Supabase's migration guide</a> for optimal version control and deployment practices.</p> <h2> PostgreSQL and Supabase in Modern Web Applications </h2> <p>PostgreSQL, a robust open-source relational database management system (RDBMS), has gained popularity in web development due to its reliability, extensibility, and support for complex data types.</p> <p>Supabase, an open-source platform, offers various tools and services for modern web applications. It leverages PostgreSQL as its core database engine and provides a user-friendly interface for managing data, authentication, and more.</p> <p>We'll explore how Supabase complements PostgreSQL by simplifying function deployment and rollback. You can refer to the <a href="https://www.postgresql.org/docs/">PostgreSQL Documentation</a> to learn more about PostgreSQL.</p> <h2> Tracking Function History in PostgreSQL </h2> <p>When managing a PostgreSQL database, it's essential to track changes made to functions over time. This historical record allows you to review, audit, and revert to previous versions if needed.</p> <p>To facilitate this, we'll create an <code>archive.function_history</code> table that stores crucial information about each function, including its name, arguments, return type, source code, and language settings.</p> <p>Here's the SQL code for creating this table:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">CREATE</span> <span class="k">SCHEMA</span> <span class="n">archive</span><span class="p">;</span> <span class="k">CREATE</span> <span class="k">TABLE</span> <span class="n">archive</span><span class="p">.</span><span class="n">function_history</span> <span class="p">(</span> <span class="n">id</span> <span class="nb">BIGINT</span> <span class="k">GENERATED</span> <span class="k">BY</span> <span class="k">DEFAULT</span> <span class="k">AS</span> <span class="k">IDENTITY</span><span class="p">,</span> <span class="k">schema_name</span> <span class="nb">text</span><span class="p">,</span> <span class="n">function_name</span> <span class="nb">text</span><span class="p">,</span> <span class="n">args</span> <span class="nb">text</span><span class="p">,</span> <span class="n">return_type</span> <span class="nb">text</span><span class="p">,</span> <span class="n">source_code</span> <span class="nb">text</span><span class="p">,</span> <span class="n">lang_settings</span> <span class="nb">text</span><span class="p">,</span> <span class="n">updated_at</span> <span class="n">timestampz</span> <span class="k">DEFAULT</span> <span class="n">now</span><span class="p">(),</span> <span class="k">version</span> <span class="nb">NUMERIC</span> <span class="k">DEFAULT</span> <span class="mi">1</span><span class="p">,</span> <span class="k">CONSTRAINT</span> <span class="n">function_history_pkey</span> <span class="k">PRIMARY</span> <span class="k">KEY</span> <span class="p">(</span><span class="n">id</span><span class="p">)</span> <span class="p">);</span> <span class="c1">--Handling version numbers automatically:</span> <span class="k">CREATE</span> <span class="k">OR</span> <span class="k">REPLACE</span> <span class="k">FUNCTION</span> <span class="n">calculate_version</span><span class="p">()</span> <span class="k">RETURNS</span> <span class="k">TRIGGER</span> <span class="k">AS</span> <span class="err">$$</span> <span class="k">BEGIN</span> <span class="c1">-- Calculate the version number for new rows</span> <span class="k">SELECT</span> <span class="n">COALESCE</span><span class="p">(</span><span class="k">MAX</span><span class="p">(</span><span class="k">version</span><span class="p">),</span> <span class="mi">0</span><span class="p">)</span> <span class="o">+</span> <span class="mi">1</span> <span class="k">INTO</span> <span class="k">NEW</span><span class="p">.</span><span class="k">version</span> <span class="k">FROM</span> <span class="n">archive</span><span class="p">.</span><span class="n">function_history</span> <span class="k">WHERE</span> <span class="k">schema_name</span> <span class="o">=</span> <span class="k">NEW</span><span class="p">.</span><span class="k">schema_name</span> <span class="k">AND</span> <span class="n">function_name</span> <span class="o">=</span> <span class="k">NEW</span><span class="p">.</span><span class="n">function_name</span> <span class="k">AND</span> <span class="n">return_type</span> <span class="o">=</span> <span class="k">NEW</span><span class="p">.</span><span class="n">return_type</span> <span class="k">AND</span> <span class="n">args</span> <span class="o">=</span> <span class="k">NEW</span><span class="p">.</span><span class="n">args</span><span class="p">;</span> <span class="k">RETURN</span> <span class="k">NEW</span><span class="p">;</span> <span class="k">END</span><span class="p">;</span> <span class="err">$$</span> <span class="k">LANGUAGE</span> <span class="n">plpgsql</span><span class="p">;</span> <span class="k">CREATE</span> <span class="k">TRIGGER</span> <span class="n">before_insert_function_history</span> <span class="k">BEFORE</span> <span class="k">INSERT</span> <span class="k">ON</span> <span class="n">archive</span><span class="p">.</span><span class="n">function_history</span> <span class="k">FOR</span> <span class="k">EACH</span> <span class="k">ROW</span> <span class="k">EXECUTE</span> <span class="k">FUNCTION</span> <span class="n">calculate_version</span><span class="p">();</span> </code></pre> </div> <h2> Saving Function History </h2> <h3> The <code>archive.save_function_history</code> Function </h3> <p>To automate recording function changes, we'll create a PostgreSQL function called <code>archive.save_function_history</code>. This function takes parameters such as the function name, arguments, return type, source code, schema name, and language settings.</p> <p>Here's the SQL code for creating the <code>archive.save_function_history</code> function:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">CREATE</span> <span class="k">OR</span> <span class="k">REPLACE</span> <span class="k">FUNCTION</span> <span class="n">archive</span><span class="p">.</span><span class="n">save_function_history</span><span class="p">(</span> <span class="n">function_name</span> <span class="nb">text</span><span class="p">,</span> <span class="n">args</span> <span class="nb">text</span><span class="p">,</span> <span class="n">return_type</span> <span class="nb">text</span><span class="p">,</span> <span class="n">source_code</span> <span class="nb">text</span><span class="p">,</span> <span class="k">schema_name</span> <span class="nb">text</span> <span class="k">default</span> <span class="s1">'public'</span><span class="p">,</span> <span class="n">lang_settings</span> <span class="nb">text</span> <span class="k">default</span> <span class="s1">'plpgsql'</span> <span class="p">)</span> <span class="k">RETURNS</span> <span class="n">void</span> <span class="k">SET</span> <span class="n">search_path</span> <span class="o">=</span> <span class="k">public</span><span class="p">,</span> <span class="n">archive</span> <span class="k">SECURITY</span> <span class="k">DEFINER</span> <span class="k">AS</span> <span class="err">$$</span> <span class="k">BEGIN</span> <span class="k">INSERT</span> <span class="k">INTO</span> <span class="n">archive</span><span class="p">.</span><span class="n">function_history</span> <span class="p">(</span> <span class="k">schema_name</span><span class="p">,</span> <span class="n">function_name</span><span class="p">,</span> <span class="n">args</span><span class="p">,</span> <span class="n">return_type</span><span class="p">,</span> <span class="n">source_code</span><span class="p">,</span> <span class="n">lang_settings</span><span class="p">)</span> <span class="k">VALUES</span> <span class="p">(</span><span class="k">schema_name</span><span class="p">,</span> <span class="n">function_name</span><span class="p">,</span> <span class="n">args</span><span class="p">,</span> <span class="n">return_type</span><span class="p">,</span> <span class="n">source_code</span><span class="p">,</span> <span class="n">lang_settings</span><span class="p">);</span> <span class="k">END</span><span class="p">;</span> <span class="err">$$</span> <span class="k">LANGUAGE</span> <span class="n">plpgsql</span><span class="p">;</span> <span class="c1">-- Protecting the function:</span> <span class="k">REVOKE</span> <span class="k">EXECUTE</span> <span class="k">ON</span> <span class="k">FUNCTION</span> <span class="n">archive</span><span class="p">.</span><span class="n">save_function_history</span> <span class="k">FROM</span> <span class="k">public</span><span class="p">;</span> <span class="k">REVOKE</span> <span class="k">EXECUTE</span> <span class="k">ON</span> <span class="k">FUNCTION</span> <span class="n">archive</span><span class="p">.</span><span class="n">save_function_history</span> <span class="k">FROM</span> <span class="n">anon</span><span class="p">,</span> <span class="n">authenticated</span><span class="p">;</span> </code></pre> </div> <p>This function allows us to easily store a snapshot of a function each time it's modified.</p> <h2> Deploying Functions from Source </h2> <h3> The <code>create_function_from_source</code> Function </h3> <p>Managing functions often involves deploying them from source code. PostgreSQL requires specific syntax for function creation, and Supabase simplifies this with the <code>create_function_from_source</code> function.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">CREATE</span> <span class="k">OR</span> <span class="k">REPLACE</span> <span class="k">FUNCTION</span> <span class="n">create_function_from_source</span><span class="p">(</span> <span class="n">function_text</span> <span class="nb">text</span><span class="p">,</span> <span class="k">schema_name</span> <span class="nb">text</span> <span class="k">default</span> <span class="s1">'public'</span> <span class="p">)</span> <span class="k">RETURNS</span> <span class="nb">text</span> <span class="k">SECURITY</span> <span class="k">DEFINER</span> <span class="k">AS</span> <span class="err">$$</span> <span class="k">DECLARE</span> <span class="n">function_name</span> <span class="nb">text</span><span class="p">;</span> <span class="n">argument_types</span> <span class="nb">text</span><span class="p">;</span> <span class="n">return_type</span> <span class="nb">text</span><span class="p">;</span> <span class="n">function_source</span> <span class="nb">text</span><span class="p">;</span> <span class="n">lang_settings</span> <span class="nb">text</span><span class="p">;</span> <span class="k">BEGIN</span> <span class="c1">-- Execute the function text to create the function</span> <span class="k">EXECUTE</span> <span class="n">function_text</span><span class="p">;</span> <span class="c1">-- Extract function name from function text</span> <span class="k">SELECT</span> <span class="p">(</span><span class="n">regexp_matches</span><span class="p">(</span><span class="n">function_text</span><span class="p">,</span> <span class="s1">'create (or replace )?function (public</span><span class="se">\.</span><span class="s1">)?(</span><span class="se">\w</span><span class="s1">+)'</span><span class="p">,</span> <span class="s1">'i'</span><span class="p">))[</span><span class="mi">3</span><span class="p">]</span> <span class="k">INTO</span> <span class="n">function_name</span><span class="p">;</span> <span class="c1">-- Get function details from the system catalog</span> <span class="k">SELECT</span> <span class="n">pg_get_function_result</span><span class="p">(</span><span class="n">p</span><span class="p">.</span><span class="n">oid</span><span class="p">),</span> <span class="n">pg_get_function_arguments</span><span class="p">(</span><span class="n">p</span><span class="p">.</span><span class="n">oid</span><span class="p">),</span> <span class="n">p</span><span class="p">.</span><span class="n">prosrc</span><span class="p">,</span> <span class="n">l</span><span class="p">.</span><span class="n">lanname</span> <span class="k">INTO</span> <span class="n">return_type</span><span class="p">,</span> <span class="n">argument_types</span><span class="p">,</span> <span class="n">function_source</span><span class="p">,</span> <span class="n">lang_settings</span> <span class="k">FROM</span> <span class="n">pg_proc</span> <span class="n">p</span> <span class="k">JOIN</span> <span class="n">pg_namespace</span> <span class="n">n</span> <span class="k">ON</span> <span class="n">n</span><span class="p">.</span><span class="n">oid</span> <span class="o">=</span> <span class="n">p</span><span class="p">.</span><span class="n">pronamespace</span> <span class="k">JOIN</span> <span class="n">pg_language</span> <span class="n">l</span> <span class="k">ON</span> <span class="n">l</span><span class="p">.</span><span class="n">oid</span> <span class="o">=</span> <span class="n">p</span><span class="p">.</span><span class="n">prolang</span> <span class="k">WHERE</span> <span class="n">n</span><span class="p">.</span><span class="n">nspname</span> <span class="o">=</span> <span class="k">schema_name</span> <span class="k">AND</span> <span class="n">p</span><span class="p">.</span><span class="n">proname</span> <span class="o">=</span> <span class="n">function_name</span><span class="p">;</span> <span class="c1">-- Save function history</span> <span class="n">PERFORM</span> <span class="n">archive</span><span class="p">.</span><span class="n">save_function_history</span><span class="p">(</span><span class="n">function_name</span><span class="p">,</span> <span class="n">argument_types</span><span class="p">,</span> <span class="n">return_type</span><span class="p">,</span> <span class="n">function_text</span><span class="p">,</span> <span class="k">schema_name</span><span class="p">,</span> <span class="n">lang_settings</span><span class="p">);</span> <span class="k">RETURN</span> <span class="s1">'Function created successfully.'</span><span class="p">;</span> <span class="n">EXCEPTION</span> <span class="k">WHEN</span> <span class="n">others</span> <span class="k">THEN</span> <span class="n">RAISE</span> <span class="n">EXCEPTION</span> <span class="s1">'Error creating function: %'</span><span class="p">,</span> <span class="n">sqlerrm</span><span class="p">;</span> <span class="k">END</span><span class="p">;</span> <span class="err">$$</span> <span class="k">LANGUAGE</span> <span class="n">plpgsql</span><span class="p">;</span> <span class="c1">-- Protecting the function:</span> <span class="k">REVOKE</span> <span class="k">EXECUTE</span> <span class="k">ON</span> <span class="k">FUNCTION</span> <span class="n">create_function_from_source</span> <span class="k">FROM</span> <span class="k">public</span><span class="p">;</span> <span class="k">REVOKE</span> <span class="k">EXECUTE</span> <span class="k">ON</span> <span class="k">FUNCTION</span> <span class="n">create_function_from_source</span> <span class="k">FROM</span> <span class="n">anon</span><span class="p">,</span> <span class="n">authenticated</span><span class="p">;</span> </code></pre> </div> <p>This function takes the function's SQL source code and schema name as parameters, creating the function within the database. It's a powerful tool for dynamic function creation.</p> <p>Here's an example of deploying a function using <code>create_function_from_source</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">SELECT</span> <span class="n">create_function_from_source</span><span class="p">(</span> <span class="err">$$</span> <span class="c1">-- Note that you can just paste the function below:</span> <span class="k">CREATE</span> <span class="k">OR</span> <span class="k">REPLACE</span> <span class="k">FUNCTION</span> <span class="k">public</span><span class="p">.</span><span class="n">convert_to_uuid</span><span class="p">(</span><span class="n">input_value</span> <span class="nb">text</span><span class="p">)</span> <span class="k">RETURNS</span> <span class="n">uuid</span> <span class="k">AS</span> <span class="err">$</span><span class="k">function</span><span class="err">$</span> <span class="k">DECLARE</span> <span class="n">hash_hex</span> <span class="nb">text</span><span class="p">;</span> <span class="k">BEGIN</span> <span class="c1">-- Return null if input_value is null or an empty string</span> <span class="n">IF</span> <span class="n">input_value</span> <span class="k">IS</span> <span class="k">NULL</span> <span class="k">OR</span> <span class="k">NULLIF</span><span class="p">(</span><span class="n">input_value</span><span class="p">,</span> <span class="s1">''</span><span class="p">)</span> <span class="k">IS</span> <span class="k">NULL</span> <span class="k">THEN</span> <span class="k">RETURN</span> <span class="k">NULL</span><span class="p">;</span> <span class="k">END</span> <span class="n">IF</span><span class="p">;</span> <span class="n">hash_hex</span> <span class="p">:</span><span class="o">=</span> <span class="k">substring</span><span class="p">(</span><span class="n">encode</span><span class="p">(</span><span class="n">digest</span><span class="p">(</span><span class="n">input_value</span><span class="p">::</span><span class="n">bytea</span><span class="p">,</span> <span class="s1">'sha512'</span><span class="p">),</span> <span class="s1">'hex'</span><span class="p">),</span> <span class="mi">1</span><span class="p">,</span> <span class="mi">36</span><span class="p">);</span> <span class="k">RETURN</span> <span class="p">(</span><span class="k">left</span><span class="p">(</span><span class="n">hash_hex</span><span class="p">,</span> <span class="mi">8</span><span class="p">)</span> <span class="o">||</span> <span class="s1">'-'</span> <span class="o">||</span> <span class="k">right</span><span class="p">(</span><span class="n">hash_hex</span><span class="p">,</span> <span class="mi">4</span><span class="p">)</span> <span class="o">||</span> <span class="s1">'-4'</span> <span class="o">||</span> <span class="k">right</span><span class="p">(</span><span class="n">hash_hex</span><span class="p">,</span> <span class="mi">3</span><span class="p">)</span> <span class="o">||</span> <span class="s1">'-a'</span> <span class="o">||</span> <span class="k">right</span><span class="p">(</span><span class="n">hash_hex</span><span class="p">,</span> <span class="mi">3</span><span class="p">)</span> <span class="o">||</span> <span class="s1">'-'</span> <span class="o">||</span> <span class="k">right</span><span class="p">(</span><span class="n">hash_hex</span><span class="p">,</span> <span class="mi">12</span><span class="p">))::</span><span class="n">uuid</span><span class="p">;</span> <span class="k">END</span><span class="p">;</span> <span class="err">$</span><span class="k">function</span><span class="err">$</span> <span class="k">LANGUAGE</span> <span class="n">plpgsql</span> <span class="k">IMMUTABLE</span> <span class="k">SECURITY</span> <span class="k">DEFINER</span><span class="p">;</span> <span class="c1">-- End of the function above</span> <span class="err">$$</span> <span class="p">);</span> </code></pre> </div> <h2> Rolling Back Functions </h2> <p>Rolling back functions is as crucial as deploying them. Mistakes happen, and being able to revert to a previous version can save valuable time and prevent data corruption.</p> <p>The <code>rollback_function</code> function comes to the rescue. It retrieves the most recent function version from the <code>archive.function_history</code> table and executes it. If no previous version exists, it gracefully handles the situation.</p> <p>Here's the SQL code for creating and using the <code>rollback_function</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">CREATE</span> <span class="k">OR</span> <span class="k">REPLACE</span> <span class="k">FUNCTION</span> <span class="n">rollback_function</span><span class="p">(</span> <span class="n">func_name</span> <span class="nb">text</span><span class="p">,</span> <span class="n">schema_n</span> <span class="nb">text</span> <span class="k">default</span> <span class="s1">'public'</span> <span class="p">)</span> <span class="k">RETURNS</span> <span class="nb">text</span> <span class="k">SECURITY</span> <span class="k">DEFINER</span> <span class="k">AS</span> <span class="err">$$</span> <span class="k">DECLARE</span> <span class="n">function_text</span> <span class="nb">text</span><span class="p">;</span> <span class="k">BEGIN</span> <span class="c1">-- Get the most recent function version from the function_history table</span> <span class="k">SELECT</span> <span class="n">source_code</span> <span class="k">INTO</span> <span class="n">function_text</span> <span class="k">FROM</span> <span class="n">archive</span><span class="p">.</span><span class="n">function_history</span> <span class="k">WHERE</span> <span class="n">function_name</span> <span class="o">=</span> <span class="n">func_name</span> <span class="k">AND</span> <span class="k">schema_name</span> <span class="o">=</span> <span class="n">schema_n</span> <span class="k">ORDER</span> <span class="k">BY</span> <span class="n">updated_at</span> <span class="k">DESC</span> <span class="k">LIMIT</span> <span class="mi">1</span><span class="p">;</span> <span class="c1">-- If no previous version is found, raise an error</span> <span class="n">IF</span> <span class="n">function_text</span> <span class="k">IS</span> <span class="k">NULL</span> <span class="k">THEN</span> <span class="n">RAISE</span> <span class="n">EXCEPTION</span> <span class="s1">'No previous version of function % found.'</span><span class="p">,</span> <span class="n">func_name</span><span class="p">;</span> <span class="k">END</span> <span class="n">IF</span><span class="p">;</span> <span class="c1">-- Add 'or replace' to the function text if it's not already there (case-insensitive search and replace)</span> <span class="n">IF</span> <span class="k">NOT</span> <span class="n">function_text</span> <span class="o">~*</span> <span class="s1">'or replace'</span> <span class="k">THEN</span> <span class="n">function_text</span> <span class="p">:</span><span class="o">=</span> <span class="n">regexp_replace</span><span class="p">(</span><span class="n">function_text</span><span class="p">,</span> <span class="s1">'create function'</span><span class="p">,</span> <span class="s1">'create or replace function'</span><span class="p">,</span> <span class="s1">'i'</span><span class="p">);</span> <span class="k">END</span> <span class="n">IF</span><span class="p">;</span> <span class="c1">-- Drop current version:</span> <span class="k">EXECUTE</span> <span class="n">format</span><span class="p">(</span><span class="s1">'DROP FUNCTION IF EXISTS %I.%I'</span><span class="p">,</span> <span class="n">schema_n</span><span class="p">,</span> <span class="n">func_name</span><span class="p">);</span> <span class="c1">-- Execute the function text to create the function</span> <span class="k">EXECUTE</span> <span class="n">function_text</span><span class="p">;</span> <span class="k">RETURN</span> <span class="s1">'Function rolled back successfully.'</span><span class="p">;</span> <span class="n">EXCEPTION</span> <span class="k">WHEN</span> <span class="n">others</span> <span class="k">THEN</span> <span class="n">RAISE</span> <span class="n">EXCEPTION</span> <span class="s1">'Error rolling back function: %'</span><span class="p">,</span> <span class="n">sqlerrm</span><span class="p">;</span> <span class="k">END</span><span class="p">;</span> <span class="err">$$</span> <span class="k">LANGUAGE</span> <span class="n">plpgsql</span><span class="p">;</span> <span class="c1">-- Protecting the function:</span> <span class="k">REVOKE</span> <span class="k">EXECUTE</span> <span class="k">ON</span> <span class="k">FUNCTION</span> <span class="n">rollback_function</span> <span class="k">FROM</span> <span class="k">public</span><span class="p">;</span> <span class="k">REVOKE</span> <span class="k">EXECUTE</span> <span class="k">ON</span> <span class="k">FUNCTION</span> <span class="n">rollback_function</span> <span class="k">FROM</span> <span class="n">anon</span><span class="p">,</span> <span class="n">authenticated</span><span class="p">;</span> <span class="c1">-- Example of rolling back a function</span> <span class="k">SELECT</span> <span class="n">rollback_function</span><span class="p">(</span><span class="s1">'convert_to_uuid'</span><span class="p">);</span> </code></pre> </div> <h3> Setting up existing functions as the first version </h3> <p>If you are starting with an existing database but want to start versioning from now. You can use this function below to archive all in the public schema.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">CREATE</span> <span class="k">OR</span> <span class="k">REPLACE</span> <span class="k">FUNCTION</span> <span class="n">archive</span><span class="p">.</span><span class="n">setup_function_history</span><span class="p">(</span><span class="k">schema_name</span> <span class="nb">text</span> <span class="k">default</span> <span class="s1">'public'</span><span class="p">)</span> <span class="k">RETURNS</span> <span class="n">VOID</span> <span class="k">AS</span> <span class="err">$$</span> <span class="k">DECLARE</span> <span class="n">function_record</span> <span class="n">record</span><span class="p">;</span> <span class="k">BEGIN</span> <span class="c1">-- Loop through existing functions in the specified schema</span> <span class="k">FOR</span> <span class="n">function_record</span> <span class="k">IN</span> <span class="p">(</span> <span class="k">SELECT</span> <span class="n">n</span><span class="p">.</span><span class="n">nspname</span> <span class="k">AS</span> <span class="k">schema_name</span><span class="p">,</span> <span class="n">p</span><span class="p">.</span><span class="n">proname</span> <span class="k">AS</span> <span class="n">function_name</span><span class="p">,</span> <span class="n">pg_catalog</span><span class="p">.</span><span class="n">pg_get_function_arguments</span><span class="p">(</span><span class="n">p</span><span class="p">.</span><span class="n">oid</span><span class="p">)</span> <span class="k">AS</span> <span class="n">args</span><span class="p">,</span> <span class="n">pg_catalog</span><span class="p">.</span><span class="n">pg_get_function_result</span><span class="p">(</span><span class="n">p</span><span class="p">.</span><span class="n">oid</span><span class="p">)</span> <span class="k">AS</span> <span class="n">return_type</span><span class="p">,</span> <span class="n">pg_catalog</span><span class="p">.</span><span class="n">pg_get_functiondef</span><span class="p">(</span><span class="n">p</span><span class="p">.</span><span class="n">oid</span><span class="p">)</span> <span class="k">AS</span> <span class="n">source_code</span><span class="p">,</span> <span class="n">l</span><span class="p">.</span><span class="n">lanname</span> <span class="k">AS</span> <span class="n">lang_settings</span> <span class="k">FROM</span> <span class="n">pg_catalog</span><span class="p">.</span><span class="n">pg_proc</span> <span class="n">p</span> <span class="k">LEFT</span> <span class="k">JOIN</span> <span class="n">pg_catalog</span><span class="p">.</span><span class="n">pg_namespace</span> <span class="n">n</span> <span class="k">ON</span> <span class="n">n</span><span class="p">.</span><span class="n">oid</span> <span class="o">=</span> <span class="n">p</span><span class="p">.</span><span class="n">pronamespace</span> <span class="k">LEFT</span> <span class="k">JOIN</span> <span class="n">pg_catalog</span><span class="p">.</span><span class="n">pg_language</span> <span class="n">l</span> <span class="k">ON</span> <span class="n">l</span><span class="p">.</span><span class="n">oid</span> <span class="o">=</span> <span class="n">p</span><span class="p">.</span><span class="n">prolang</span> <span class="k">WHERE</span> <span class="n">n</span><span class="p">.</span><span class="n">nspname</span> <span class="o">=</span> <span class="k">schema_name</span> <span class="p">)</span> <span class="n">LOOP</span> <span class="c1">-- Insert information about the function into the history table</span> <span class="n">PERFORM</span> <span class="n">archive</span><span class="p">.</span><span class="n">save_function_history</span><span class="p">(</span> <span class="n">function_record</span><span class="p">.</span><span class="n">function_name</span><span class="p">,</span> <span class="n">function_record</span><span class="p">.</span><span class="n">args</span><span class="p">,</span> <span class="n">function_record</span><span class="p">.</span><span class="n">return_type</span><span class="p">,</span> <span class="n">function_record</span><span class="p">.</span><span class="n">source_code</span><span class="p">,</span> <span class="n">function_record</span><span class="p">.</span><span class="k">schema_name</span><span class="p">,</span> <span class="n">function_record</span><span class="p">.</span><span class="n">lang_settings</span> <span class="p">);</span> <span class="k">END</span> <span class="n">LOOP</span><span class="p">;</span> <span class="k">END</span><span class="p">;</span> <span class="err">$$</span> <span class="k">LANGUAGE</span> <span class="n">plpgsql</span><span class="p">;</span> <span class="k">SELECT</span> <span class="n">archive</span><span class="p">.</span><span class="n">setup_function_history</span><span class="p">();</span> </code></pre> </div> <h2> Conclusion </h2> <p>In conclusion, efficient management of PostgreSQL functions is crucial for web application development. Supabase, with its integration with PostgreSQL and the tools we've explored, offers a streamlined approach to function deployment and rollback.</p> <p>Key takeaways from this blog post include the importance of function history tracking, the creation of the <code>archive.function_history</code> table, the <code>archive.save_function_history</code> function for recording changes, and the convenience of <code>create_function_from_text</code> and</p> <p><code>rollback_function</code> for deployment and rollback.</p> <p>If you found this article valuable, you might also be interested in exploring related topics:</p> <ul> <li><p><a href="https://blog.mansueli.com/rate-limiting-supabase-requests-with-postgresql-and-pgheaderkit">Rate Limiting Supabase Requests with PostgreSQL and pg_headerkit</a>: Learn how to implement rate limiting for Supabase requests.</p></li> <li><p><a href="https://blog.mansueli.com/automating-webhooks-supabase-postgresql-guide">Comprehensive Guide: Deploying and Debugging Custom Webhooks on Supabase &amp; PostgreSQL</a>: Explore techniques for deploying and debugging custom webhooks.</p></li> </ul> <p>We encourage you to explore Supabase and PostgreSQL further to unlock the full potential of efficient database management.</p> <h2> Additional Resources </h2> <p>For further information and exploration, here are some additional resources:</p> <ul> <li><p><a href="https://supabase.com/docs">Supabase Documentation</a></p></li> <li><p><a href="https://www.postgresql.org/docs/">PostgreSQL Documentation</a></p></li> <li><p><a href="https://github.com/supabase/supabase">Supabase GitHub Repository</a></p></li> <li><p><a href="https://www.postgresql.org/">PostgreSQL Official Site</a></p></li> </ul> <p>Feel free to delve deeper into these resources to enhance your understanding of these powerful tools for database management.</p> <p><a href="http://supabase.com?utm_source=devto&amp;utm_medium=referral&amp;utm%5C_term=devtocta" class="ltag_cta ltag_cta--branded">🚀 Learn more about Supabase</a> </p> Configuring Office365 as the SMTP Provider in Supabase Auth: A Comprehensive Guide Rodrigo Mansueli Tue, 26 Sep 2023 14:13:49 +0000 https://forem.com/supabase/configuring-office365-as-the-smtp-provider-in-supabase-auth-a-comprehensive-guide-36lf https://forem.com/supabase/configuring-office365-as-the-smtp-provider-in-supabase-auth-a-comprehensive-guide-36lf <p>Email communication is a crucial aspect of many web applications, including those built on the Supabase platform. Whether it's for account verification, password resets, or general communication within the application, reliable email delivery is essential. In this guide, we will address a common issue: "Sending emails from Supabase Auth via Office365 is not working as expected." We will guide you through the process of configuring Office365 for SMTP authentication to ensure seamless email communication within your Supabase applications.</p> <h2> Understanding the Issue </h2> <p>SMTP (Simple Mail Transfer Protocol) serves as the backbone for sending emails from web applications. When integrating GoTrue as an authentication service in Supabase, the platform relies on SMTP to send important email notifications to users. However, some users have reported issues with Office365 not allowing these emails to go through.</p> <p>GoTrue is designed to streamline user authentication and management within Supabase applications. To ensure its features work seamlessly, the underlying email delivery system must be properly configured.</p> <h3> Troubleshooting </h3> <p>If you've encountered the problem of emails not being sent when using Office365 as the SMTP server, you may have noticed the following symptoms:</p> <ul> <li> <strong>Failed Email Delivery</strong>: Emails not reaching their intended recipients.</li> <li> <strong>Authentication Issues</strong>: Error messages indicating authentication problems.</li> <li> <strong>Spam or Non-Delivery</strong>: Emails being marked as spam or not being delivered at all.</li> </ul> <h3> Why Office365 May Block SMTP Authentication </h3> <p>Office365, like many email services, has security measures in place to prevent unauthorized use of its SMTP servers. By default, it may block SMTP authentication for specific mailboxes to protect against misuse. Understanding these security measures is crucial when configuring Office365 for SMTP in GoTrue.</p> <h3> Solution - Configuring Office365 for SMTP Authentication </h3> <p>Now that we've grasped the issue's context and symptoms, let's delve into the solution: configuring Office365 for SMTP authentication.</p> <h3> Step-by-Step Guide </h3> <p><strong>Accessing <a href="http://supabase.com/">Supabase.com</a></strong></p> <p>To begin, visit Supabase.com to learn more about Supabase and its features.</p> <p><strong>Accessing the Office365 Admin Center</strong></p> <p>Next, you'll need to access the <a href="https://learn.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/authenticated-client-smtp-submission#enable-smtp-auth-for-specific-mailboxes">Office365 Admin Center</a>. Follow these steps:</p> <ul> <li> <strong>Log in to your Office365 account</strong> as an administrator.</li> <li>Navigate to the <strong>Admin Center</strong>.</li> </ul> <p><strong>Navigating to Mailbox Settings</strong></p> <p>Once you're in the Admin Center, proceed to find mailbox settings:</p> <ul> <li>Locate and click on the <strong>"Users"</strong> or <strong>"Active users"</strong> option.</li> <li>Select the user whose mailbox settings you want to configure.</li> </ul> <p><strong>Enabling SMTP Authentication</strong></p> <p>SMTP Authentication must be enabled for the selected mailbox. Here's how:</p> <ul> <li>Scroll down to the <strong>"Email apps"</strong> section.</li> <li>Click <strong>"Manage email apps."</strong> </li> <li>Find <strong>"SMTP AUTH (SMTP Authentication)"</strong> and ensure it's enabled.</li> </ul> <h3> Alternative Method: PowerShell </h3> <p>In some cases, you may prefer using PowerShell for this configuration, especially if you need to configure multiple mailboxes. Here's the PowerShell command to enable SMTP authentication. If you never used PowerShell to connect with your Office365 Exchange services, run the following commands:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="n">Set-ExecutionPolicy</span><span class="w"> </span><span class="nx">RemoteSigned</span><span class="w"> </span><span class="nv">$Session</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">New-PSSession</span><span class="w"> </span><span class="nt">-ConfigurationName</span><span class="w"> </span><span class="nx">Microsoft.Exchange</span><span class="w"> </span><span class="nt">-ConnectionUri</span><span class="w"> </span><span class="nx">https://outlook.office365.com/powershell-liveid/</span><span class="w"> </span><span class="nt">-Credential</span><span class="w"> </span><span class="nv">$UserCredential</span><span class="w"> </span><span class="nt">-Authentication</span><span class="w"> </span><span class="nx">Basic</span><span class="w"> </span><span class="nt">-AllowRedirection</span><span class="w"> </span><span class="n">Import-PSSession</span><span class="w"> </span><span class="nv">$Session</span><span class="w"> </span></code></pre> </div> <p>We can set this mailbox to allow SMTP Authentication now:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="n">Set-CASMailbox</span><span class="w"> </span><span class="nt">-Identity</span><span class="w"> </span><span class="err">&lt;</span><span class="nx">MailboxIdentity</span><span class="err">&gt;</span><span class="w"> </span><span class="nt">-SmtpClientAuthenticationDisabled</span><span class="w"> </span><span class="bp">$false</span><span class="w"> </span></code></pre> </div> <p>In the command, replace <code>&lt;MailboxIdentity&gt;</code> with the actual mailbox you want to configure (e.g., <code>support@contoso.com</code>).</p> <p>Using PowerShell provides flexibility and scalability, especially in larger organizations.</p> <h2> Testing the Configuration </h2> <p>With Office365 configured for SMTP authentication, it's essential to test the setup to ensure everything is working as expected. Testing helps verify that email notifications from GoTrue will be reliably delivered to your users.</p> <p>To perform this test, you can use the <code>supabase.auth.admin.inviteUserByEmail</code> method provided by Supabase. This method allows you to send an invitation email to a specified email address. Here's how you can use it in JavaScript:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="p">{</span> <span class="nx">data</span><span class="p">,</span> <span class="nx">error</span> <span class="p">}</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">supabase</span> <span class="p">.</span><span class="nx">auth</span><span class="p">.</span><span class="nx">admin</span><span class="p">.</span><span class="nf">inviteUserByEmail</span><span class="p">(</span><span class="dl">'</span><span class="s1">email@example.com</span><span class="dl">'</span><span class="p">);</span> </code></pre> </div> <p>You can find detailed information about this method in the <a href="https://supabase.com/docs/reference/javascript/auth-admin-inviteuserbyemail">Supabase documentation</a>.</p> <p>By using this method, you can invite a dummy user to your app. If the email is sent successfully, it indicates that your SMTP configuration with Office365 is working correctly. However, if you encounter any errors or issues during this test, you may need to revisit your SMTP configuration settings and consult the troubleshooting tips in the next section to resolve the problem.</p> <p>Testing is a crucial step in ensuring the reliability of your email communication within Supabase applications. Make sure to perform this test as part of your configuration process and periodically to verify ongoing functionality.</p> <h2> Conclusion </h2> <p>In conclusion, configuring Office365 for SMTP authentication is a critical step in ensuring the smooth operation of email notifications within your Supabase applications. We have explored the background context of SMTP, and the integration of GoTrue in Supabase, and addressed the issue of emails not being delivered successfully. By following the step-by-step guide and considering alternative methods like PowerShell, you can overcome these challenges and provide reliable email communication to your users.</p> <p>Remember that proper configuration and regular testing are key to maintaining a robust email system. We encourage you to follow best practices for email configuration and security to ensure the integrity of your email communications.</p> <h2> Additional Resources </h2> <p>For further reading and reference, here are some additional resources:</p> <ul> <li><a href="https://learn.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/authenticated-client-smtp-submission#enable-smtp-auth-for-specific-mailboxes">Office365 Documentation</a></li> <li><a href="http://supabase.com/docs">Supabase Documentation</a></li> </ul> <p>Please note that configurations and settings may change over time, so it's a good practice to refer to the official documentation for the most up-to-date information.</p> <p><a href="http://supabase.com?utm_source=devto&amp;utm_medium=referral&amp;utm%5C_term=devtocta" class="ltag_cta ltag_cta--branded">🚀 Learn more about Supabase</a> </p> smtp office365 authentication supabase Building User Authentication with Username and Password using Supabase Rodrigo Mansueli Tue, 19 Sep 2023 14:01:28 +0000 https://forem.com/supabase/building-user-authentication-with-username-and-password-using-supabase-n4h https://forem.com/supabase/building-user-authentication-with-username-and-password-using-supabase-n4h <p><strong>User authentication is essential for web application security and user management.</strong> <a href="https://supabase.com"><strong>Supabase</strong></a> <strong>is an open-source platform that makes it easy to build secure authentication systems. In this blog post, we will show you how to enhance user login options by enabling users to log in with their username and password or their email and password. You can check this example also on the</strong> <a href="https://github.com/mansueli/supabase-username-login"><strong>GitHub repo</strong></a><strong>.</strong></p> <h2> Prerequisites </h2> <p>Before we embark on this tutorial, it's crucial to have a foundational understanding of web development and Node.js. Familiarity with Next.js, a popular React framework, will also be advantageous. Additionally, you need Node.js and npm (Node Package Manager) installed on your system.</p> <h2> Setting up the Project </h2> <p>To kickstart our journey, let's create a new Next.js project integrated with Supabase. Execute the following command to establish the initial project structure:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npx create-next-app <span class="nt">-e</span> with-supabase username-login </code></pre> </div> <p>This command will generate a Next.js project preconfigured with Supabase support with default authentication and routes.</p> <h2> Configuring Supabase </h2> <p>Before we start coding, let's set up Supabase for our project. You need a Supabase project to get the credentials you need. Make sure you have your Supabase URL and API keys ready. It's important to keep these credentials safe, such as by using environment variables. You can find more information on configuring Supabase in the <a href="https://supabase.com/docs">Supabase documentation</a>.</p> <h2> Tweaking the Sign-In Route </h2> <p>Now, let's closely examine the code responsible for user sign-in. Navigate to the <code>username-login/app/auth/sign-in/route.ts</code> file in your project. We will replace the default code for user authentication as follows:</p> <p>Replace:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="p">{</span> <span class="nx">error</span> <span class="p">}</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">supabase</span><span class="p">.</span><span class="nx">auth</span><span class="p">.</span><span class="nf">signInWithPassword</span><span class="p">({</span> <span class="nx">email</span><span class="p">,</span> <span class="nx">password</span><span class="p">,</span> <span class="p">})</span> </code></pre> </div> <p>With:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="p">{</span> <span class="nx">data</span> <span class="p">}</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">supabase</span><span class="p">.</span><span class="nx">functions</span><span class="p">.</span><span class="nf">invoke</span><span class="p">(</span><span class="dl">'</span><span class="s1">sign-in</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">body</span><span class="p">:</span> <span class="p">{</span> <span class="nx">email</span><span class="p">,</span> <span class="nx">password</span><span class="p">,</span> <span class="p">}</span> <span class="p">});</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">error</span> <span class="p">}</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">supabase</span><span class="p">.</span><span class="nx">auth</span><span class="p">.</span><span class="nf">setSession</span><span class="p">({</span> <span class="na">access_token</span><span class="p">:</span> <span class="nx">data</span><span class="p">.</span><span class="nx">access_token</span><span class="p">,</span> <span class="na">refresh_token</span><span class="p">:</span> <span class="nx">data</span><span class="p">.</span><span class="nx">refresh_token</span> <span class="p">});</span> </code></pre> </div> <p>This code leverages Supabase Edge Functions to handle user sign-in, enabling users to choose between username and password or email for login.</p> <h2> Edge Function for Sign-In </h2> <p>Within the authentication workflow, this edge function plays a pivotal role in managing sign-in requests. This function offers users greater flexibility by enabling them to use their usernames as an alternative login option.</p> <p>To set up the Edge Function for Sign-In, create a Deno script as follows:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">serve</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">https://deno.land/std@0.192.0/http/server.ts</span><span class="dl">'</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">createClient</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">https://esm.sh/@supabase/supabase-js@2</span><span class="dl">'</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">corsHeaders</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">../_shared/cors.ts</span><span class="dl">'</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="s2">`Function "sign-in" is up and running!`</span><span class="p">)</span> <span class="kd">const</span> <span class="nx">options</span> <span class="o">=</span> <span class="p">{</span> <span class="na">auth</span><span class="p">:</span> <span class="p">{</span> <span class="na">flowType</span><span class="p">:</span> <span class="dl">'</span><span class="s1">implicit</span><span class="dl">'</span><span class="p">,</span> <span class="na">autoRefreshToken</span><span class="p">:</span> <span class="kc">false</span><span class="p">,</span> <span class="na">persistSession</span><span class="p">:</span> <span class="kc">false</span><span class="p">,</span> <span class="na">detectSessionInUrl</span><span class="p">:</span> <span class="kc">false</span> <span class="p">}</span> <span class="p">};</span> <span class="nf">serve</span><span class="p">(</span><span class="k">async </span><span class="p">(</span><span class="nx">req</span><span class="p">:</span> <span class="nx">Request</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="c1">// This is needed if you're planning to invoke your function from a browser.</span> <span class="k">if </span><span class="p">(</span><span class="nx">req</span><span class="p">.</span><span class="nx">method</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">OPTIONS</span><span class="dl">'</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="k">new</span> <span class="nc">Response</span><span class="p">(</span><span class="dl">'</span><span class="s1">ok</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">headers</span><span class="p">:</span> <span class="nx">corsHeaders</span> <span class="p">})</span> <span class="p">}</span> <span class="k">try</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">supabaseAdmin</span> <span class="o">=</span> <span class="nf">createClient</span><span class="p">(</span> <span class="nx">Deno</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">SUPABASE_URL</span><span class="dl">'</span><span class="p">)</span> <span class="o">??</span> <span class="dl">''</span><span class="p">,</span> <span class="nx">Deno</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">SUPABASE_SERVICE_ROLE_KEY</span><span class="dl">'</span><span class="p">)</span> <span class="o">??</span> <span class="dl">''</span><span class="p">,</span> <span class="nx">options</span> <span class="p">)</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">email</span><span class="p">,</span> <span class="nx">password</span> <span class="p">}</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">req</span><span class="p">.</span><span class="nf">json</span><span class="p">()</span> <span class="c1">// Create a Supabase client with the Auth context of the logged-in user.</span> <span class="kd">const</span> <span class="nx">supabaseClient</span> <span class="o">=</span> <span class="nf">createClient</span><span class="p">(</span> <span class="c1">// Supabase API URL - env var exported by default.</span> <span class="nx">Deno</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">SUPABASE_URL</span><span class="dl">'</span><span class="p">)</span> <span class="o">??</span> <span class="dl">''</span><span class="p">,</span> <span class="c1">// Supabase API ANON KEY - env var exported by default.</span> <span class="nx">Deno</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">SUPABASE_ANON_KEY</span><span class="dl">'</span><span class="p">)</span> <span class="o">??</span> <span class="dl">''</span><span class="p">,</span> <span class="nx">options</span> <span class="p">)</span> <span class="kd">const</span> <span class="p">{</span> <span class="na">data</span><span class="p">:</span> <span class="nx">profileData</span><span class="p">,</span> <span class="na">error</span><span class="p">:</span> <span class="nx">userError</span> <span class="p">}</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">supabaseAdmin</span> <span class="p">.</span><span class="k">from</span><span class="p">(</span><span class="dl">'</span><span class="s1">profiles</span><span class="dl">'</span><span class="p">)</span> <span class="p">.</span><span class="nf">select</span><span class="p">(</span><span class="dl">'</span><span class="s1">email</span><span class="dl">'</span><span class="p">)</span> <span class="p">.</span><span class="nf">or</span><span class="p">(</span><span class="s2">`username.eq.</span><span class="p">${</span><span class="nx">email</span><span class="p">}</span><span class="s2">,email.eq.</span><span class="p">${</span><span class="nx">email</span><span class="p">}</span><span class="s2">`</span><span class="p">)</span> <span class="p">.</span><span class="nf">limit</span><span class="p">(</span><span class="mi">1</span><span class="p">)</span> <span class="p">.</span><span class="nf">maybeSingle</span><span class="p">();</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">"</span><span class="s2">profileData:</span><span class="dl">"</span> <span class="o">+</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">(</span><span class="nx">profileData</span><span class="p">,</span> <span class="kc">null</span><span class="p">,</span> <span class="mi">2</span><span class="p">))</span> <span class="k">if </span><span class="p">(</span><span class="nx">userError</span><span class="p">)</span> <span class="k">throw</span> <span class="nx">userError</span> <span class="kd">const</span> <span class="p">{</span> <span class="na">data</span><span class="p">:</span> <span class="p">{</span> <span class="nx">session</span> <span class="p">},</span> <span class="nx">error</span> <span class="p">}</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">supabaseClient</span><span class="p">.</span><span class="nx">auth</span><span class="p">.</span><span class="nf">signInWithPassword</span><span class="p">({</span> <span class="na">email</span><span class="p">:</span> <span class="nx">profileData</span><span class="p">.</span><span class="nx">email</span><span class="p">,</span> <span class="na">password</span><span class="p">:</span> <span class="nx">password</span><span class="p">,</span> <span class="p">})</span> <span class="k">if </span><span class="p">(</span><span class="nx">error</span><span class="p">)</span> <span class="k">throw</span> <span class="nx">error</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">"</span><span class="s2">data:</span><span class="dl">"</span> <span class="o">+</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">(</span><span class="nx">session</span><span class="p">,</span> <span class="kc">null</span><span class="p">,</span> <span class="mi">2</span><span class="p">))</span> <span class="k">return</span> <span class="k">new</span> <span class="nc">Response</span><span class="p">(</span><span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">(</span><span class="nx">session</span><span class="p">),</span> <span class="p">{</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="p">...</span><span class="nx">corsHeaders</span><span class="p">,</span> <span class="dl">'</span><span class="s1">Content-Type</span><span class="dl">'</span><span class="p">:</span> <span class="dl">'</span><span class="s1">application/json</span><span class="dl">'</span> <span class="p">},</span> <span class="na">status</span><span class="p">:</span> <span class="mi">200</span><span class="p">,</span> <span class="p">});</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">error</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="k">new</span> <span class="nc">Response</span><span class="p">(</span><span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="nx">error</span> <span class="p">}),</span> <span class="p">{</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="p">...</span><span class="nx">corsHeaders</span><span class="p">,</span> <span class="dl">'</span><span class="s1">Content-Type</span><span class="dl">'</span><span class="p">:</span> <span class="dl">'</span><span class="s1">application/json</span><span class="dl">'</span> <span class="p">},</span> <span class="na">status</span><span class="p">:</span> <span class="mi">400</span><span class="p">,</span> <span class="p">})</span> <span class="p">}</span> <span class="p">})</span> </code></pre> </div> <p>This Deno script handles sign-in requests and allows users to choose between usernames and email for login. It leverages Supabase Edge Functions, enhancing the flexibility of your authentication system.</p> <p>To learn more about testing Supabase Edge Functions, check our dedicated blog post on <a href="https://blog.mansueli.com/testing-supabase-edge-functions-with-deno-test">Testing Supabase Edge Functions with Deno Test</a>.</p> <p>Here's an example structure for the <code>public.profiles</code> table that you can use in your project:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">CREATE</span> <span class="k">TABLE</span> <span class="k">public</span><span class="p">.</span><span class="n">profiles</span> <span class="p">(</span> <span class="n">id</span> <span class="n">uuid</span> <span class="k">NOT</span> <span class="k">NULL</span><span class="p">,</span> <span class="n">updated_at</span> <span class="nb">timestamp</span> <span class="k">with</span> <span class="nb">time</span> <span class="k">zone</span> <span class="k">NULL</span><span class="p">,</span> <span class="n">username</span> <span class="nb">text</span> <span class="k">NULL</span><span class="p">,</span> <span class="n">full_name</span> <span class="nb">text</span> <span class="k">NULL</span><span class="p">,</span> <span class="n">avatar_url</span> <span class="nb">text</span> <span class="k">NULL</span><span class="p">,</span> <span class="n">website</span> <span class="nb">text</span> <span class="k">NULL</span><span class="p">,</span> <span class="n">email</span> <span class="nb">text</span> <span class="k">NULL</span><span class="p">,</span> <span class="k">CONSTRAINT</span> <span class="n">profiles_pkey</span> <span class="k">PRIMARY</span> <span class="k">KEY</span> <span class="p">(</span><span class="n">id</span><span class="p">),</span> <span class="k">CONSTRAINT</span> <span class="n">profiles_username_key</span> <span class="k">UNIQUE</span> <span class="p">(</span><span class="n">username</span><span class="p">),</span> <span class="k">CONSTRAINT</span> <span class="n">profiles_id_fkey</span> <span class="k">FOREIGN</span> <span class="k">KEY</span> <span class="p">(</span><span class="n">id</span><span class="p">)</span> <span class="k">REFERENCES</span> <span class="n">auth</span><span class="p">.</span><span class="n">users</span> <span class="p">(</span><span class="n">id</span><span class="p">)</span> <span class="k">ON</span> <span class="k">DELETE</span> <span class="k">CASCADE</span><span class="p">,</span> <span class="k">CONSTRAINT</span> <span class="n">username_length</span> <span class="k">CHECK</span> <span class="p">(</span><span class="k">char_length</span><span class="p">(</span><span class="n">username</span><span class="p">)</span> <span class="o">&gt;=</span> <span class="mi">3</span><span class="p">)</span> <span class="p">);</span> <span class="k">ALTER</span> <span class="k">TABLE</span> <span class="k">public</span><span class="p">.</span><span class="n">profiles</span> <span class="n">ENABLE</span> <span class="k">ROW</span> <span class="k">LEVEL</span> <span class="k">SECURITY</span><span class="p">;</span> </code></pre> </div> <p>You can read more about creating such a table in <a href="https://supabase.com/docs/guides/auth/managing-user-data#creating-user-tables">Managing User Data</a>.</p> <h2> Conclusion </h2> <p>In this extensive exploration of user authentication with Supabase, we've equipped you with the knowledge and tools to build secure and flexible login systems for your web applications. By enabling users to choose between username and password or email and password login methods, you've enhanced the user experience.</p> <p>As you continue to develop and fine-tune your authentication systems, consider the following articles for further insights and optimizations:</p> <ul> <li><p><a href="https://blog.mansueli.com/automating-webhooks-supabase-postgresql-guide">Comprehensive Guide: Deploying and Debugging Custom Webhooks on Supabase &amp; PostgreSQL</a>: Learn how to automate webhooks for seamless integration into your applications.</p></li> <li><p><a href="https://blog.mansueli.com/creating-customized-i18n-ready-authentication-emails-using-supabase-edge-functions-postgresql-and-resend">Creating Customized i18n-Ready Authentication Emails using Supabase Edge Functions, PostgreSQL, and Resend</a>: Dive into the world of internationalization and create personalized authentication emails.</p></li> <li><p><a href="https://blog.mansueli.com/how-to-boost-supabase-reliability-a-guide-to-using-postgres-foreign-data-wrappers">How to Boost Supabase Reliability: A Guide to Using Postgres Foreign Data Wrappers</a>: Enhance the reliability of your Supabase applications with foreign data wrappers.</p></li> </ul> <p>These articles will complement your journey to master Supabase authentication and take your web development skills to the next level. Experimentation and customization are key to tailoring authentication systems to your specific project needs.</p> <h2> References </h2> <p>For additional guidance and resources, consider exploring these valuable references:</p> <ul> <li><p><a href="https://supabase.com/docs">Supabase Official Documentation</a>: Explore Supabase's official documentation for comprehensive insights into this robust backend platform.</p></li> <li><p><a href="https://www.postgresql.org/docs/">PostgreSQL Official Documentation</a>: Dive into the official documentation of PostgreSQL, the powerful database system at the core of Supabase.</p></li> <li><p><a href="https://nextjs.org/docs">Next.js Documentation</a>: Access Next.js documentation for further information on this popular React framework.</p></li> <li><p><a href="https://deno.land/manual">Deno Documentation</a>: Explore Deno documentation for insights into this secure runtime for JavaScript and TypeScript.</p></li> </ul> <p>With these references and your newfound knowledge, you're well-prepared to create exceptional web applications powered by Supabase. Continue your journey in web development, and don't hesitate to explore additional features and customization options offered by Supabase and PostgreSQL.</p> <p><a href="http://supabase.com?utm_source=devto&amp;utm_medium=referral&amp;utm%5C_term=devtocta" class="ltag_cta ltag_cta--branded">🚀 Learn more about Supabase</a> </p> Rate Limiting Supabase Requests with PostgreSQL and pg_headerkit Rodrigo Mansueli Tue, 05 Sep 2023 12:04:13 +0000 https://forem.com/supabase/rate-limiting-supabase-requests-with-postgresql-and-pgheaderkit-409j https://forem.com/supabase/rate-limiting-supabase-requests-with-postgresql-and-pgheaderkit-409j <h2> Introduction </h2> <p>Rate limiting is a critical aspect of web applications that ensures fair usage of resources and prevents abuse. In this blog post, we'll explore how to implement rate limiting for <a href="https://supabase.com/">Supabase</a> requests using PostgreSQL and the pg_headerkit extension. This article is part of a series on optimizing Supabase performance, and it builds upon our previous guide on <a href="https://blog.mansueli.com/how-to-boost-supabase-reliability-a-guide-to-using-postgres-foreign-data-wrappers">Boosting Supabase Reliability</a>.</p> <p>Supabase, a powerful backend platform built on top of PostgreSQL, relies on PostgreSQL as its underlying database. By leveraging PostgreSQL and pg_headerkit, we can efficiently control the rate at which requests are made to Supabase, ensuring optimal performance and resource allocation.</p> <h2> Prerequisites </h2> <p>Before we dive into the implementation, make sure you have the following prerequisites:</p> <ol> <li><p><strong>Supabase Project</strong>: Ensure you have an existing Supabase project with the necessary API endpoints set up.</p></li> <li><p><strong>PostgreSQL Database</strong>: Use PostgreSQL as your backend database for Supabase. If you haven't set up PostgreSQL with Supabase yet, follow the official documentation to get started.</p></li> <li><p><strong>pg_headerkit</strong>: You will need to install the pg_headerkit library. Find installation instructions and more information on this library at <a href="https://database.dev/burggraf/pg_headerkit">https://database.dev/burggraf/pg_headerkit</a>.</p></li> </ol> <h2> Setting up the Environment </h2> <p>Before we dive into rate limiting, let's ensure we have the necessary prerequisites in place:</p> <ol> <li><p><strong>Supabase Account</strong>: Make sure you have a Supabase account set up.</p></li> <li><p><strong>Database.dev</strong>: Install dbdev using <a href="https://database.dev/installer">https://database.dev/installer</a>.</p></li> </ol> <p>Next, let's install and set up pg_headerkit:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">SELECT</span> <span class="n">dbdev</span><span class="p">.</span><span class="n">install</span><span class="p">(</span><span class="s1">'burggraf-pg_headerkit'</span><span class="p">);</span> <span class="k">CREATE</span> <span class="n">EXTENSION</span> <span class="nv">"burggraf-pg_headerkit"</span> <span class="k">VERSION</span> <span class="s1">'1.0.0'</span><span class="p">;</span> </code></pre> </div> <h2> Creating the Rate Limiting Infrastructure </h2> <p>In this section, we'll dive into the process of creating the essential infrastructure for rate limiting within your Supabase-powered application. Rate limiting is a crucial mechanism that allows you to control the number of requests made to your Supabase endpoints, ensuring fair usage of resources and maintaining system stability.</p> <h3> The <code>request_log</code> Table </h3> <p>We begin with the creation of the <code>request_log</code> table. This table serves as a main component for tracking and monitoring incoming requests. Here's how we set it up:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">CREATE</span> <span class="n">UNLOGGED</span> <span class="k">TABLE</span> <span class="n">request_log</span> <span class="p">(</span> <span class="n">id</span> <span class="nb">BIGINT</span> <span class="k">GENERATED</span> <span class="k">BY</span> <span class="k">DEFAULT</span> <span class="k">AS</span> <span class="k">IDENTITY</span><span class="p">,</span> <span class="n">ip</span> <span class="n">inet</span> <span class="k">NOT</span> <span class="k">NULL</span><span class="p">,</span> <span class="nb">timestamp</span> <span class="n">timestamptz</span> <span class="k">DEFAULT</span> <span class="n">NOW</span><span class="p">()</span> <span class="p">);</span> </code></pre> </div> <p>The <code>request_log</code> table has three essential columns:</p> <ul> <li><p><code>id</code>: A unique identifier for each log entry, automatically generated.</p></li> <li><p><code>ip</code>: This column captures the client's IP address, helping us identify the source of each request.</p></li> <li><p><code>timestamp</code>: It records the exact time each request was made, ensuring accurate tracking.</p></li> </ul> <h3> The <code>register_request</code> Function </h3> <p>With the <code>request_log</code> table in place, we proceed to create the <code>register_request</code> function. This function plays a pivotal role in the rate-limiting process by logging every incoming request and associating it with the client's IP address. Here's how it's defined:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">CREATE</span> <span class="k">OR</span> <span class="k">REPLACE</span> <span class="k">FUNCTION</span> <span class="n">register_request</span><span class="p">(</span><span class="n">ip_in</span> <span class="nb">TEXT</span><span class="p">)</span> <span class="k">RETURNS</span> <span class="n">VOID</span> <span class="k">LANGUAGE</span> <span class="n">plpgsql</span> <span class="k">AS</span> <span class="err">$$</span> <span class="k">BEGIN</span> <span class="k">INSERT</span> <span class="k">INTO</span> <span class="n">request_log</span> <span class="p">(</span><span class="n">ip</span><span class="p">)</span> <span class="k">VALUES</span> <span class="p">(</span><span class="n">inet</span><span class="p">(</span><span class="n">ip_in</span><span class="p">));</span> <span class="k">END</span><span class="p">;</span> <span class="err">$$</span><span class="p">;</span> </code></pre> </div> <p>The <code>register_request</code> function takes the client's IP address as input and inserts a corresponding entry into the <code>request_log</code> table. This action ensures that we have a comprehensive record of all incoming requests, which is essential for rate limiting and analytics.</p> <p>With the infrastructure for tracking requests established, we're now ready to move forward with the rate-limiting implementation. In the following sections, we'll explore how to set rate limits and enforce them effectively.</p> <h2> Cleaning Old Requests </h2> <p>To maintain the efficiency of our system, it's crucial to regularly clean up old request logs. The <code>clean_old_requests</code> function takes care of this task:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">CREATE</span> <span class="k">OR</span> <span class="k">REPLACE</span> <span class="k">FUNCTION</span> <span class="n">clean_old_requests</span><span class="p">()</span> <span class="k">RETURNS</span> <span class="n">VOID</span> <span class="k">LANGUAGE</span> <span class="n">plpgsql</span> <span class="k">AS</span> <span class="err">$$</span> <span class="k">BEGIN</span> <span class="c1">-- Delete request logs older than 12 hours</span> <span class="k">DELETE</span> <span class="k">FROM</span> <span class="n">request_log</span> <span class="k">WHERE</span> <span class="nb">timestamp</span> <span class="o">&lt;</span> <span class="n">NOW</span><span class="p">()</span> <span class="o">-</span> <span class="n">INTERVAL</span> <span class="s1">'12 hours'</span><span class="p">;</span> <span class="k">END</span><span class="p">;</span> <span class="err">$$</span><span class="p">;</span> </code></pre> </div> <p>This function ensures that our database remains clutter-free and retains only the most relevant request data.</p> <h2> Implementing Rate Limiting </h2> <p>Now, let's delve into implementing rate limiting within our Supabase-powered application. Rate limiting is essential to prevent abuse and ensure fair resource allocation. We achieve this through the <code>exceeded_rate_limit</code> and <code>check_rate_limit</code> functions.</p> <h3> The <code>exceeded_rate_limit</code> Function </h3> <p>The <code>exceeded_rate_limit</code> function is responsible for checking if a client has exceeded the rate limit, which in this example is set at 5 requests per minute. Here's how it's defined:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">CREATE</span> <span class="k">OR</span> <span class="k">REPLACE</span> <span class="k">FUNCTION</span> <span class="n">exceeded_rate_limit</span><span class="p">(</span><span class="n">ip_in</span> <span class="nb">TEXT</span><span class="p">)</span> <span class="k">RETURNS</span> <span class="nb">BOOLEAN</span> <span class="k">LANGUAGE</span> <span class="n">plpgsql</span> <span class="k">AS</span> <span class="err">$$</span> <span class="k">DECLARE</span> <span class="n">request_count</span> <span class="nb">INTEGER</span><span class="p">;</span> <span class="k">BEGIN</span> <span class="k">SELECT</span> <span class="k">count</span><span class="p">(</span><span class="o">*</span><span class="p">)</span> <span class="k">INTO</span> <span class="n">request_count</span> <span class="k">FROM</span> <span class="n">request_log</span> <span class="k">WHERE</span> <span class="n">ip</span> <span class="o">=</span> <span class="n">inet</span><span class="p">(</span><span class="n">ip_in</span><span class="p">)</span> <span class="k">AND</span> <span class="nb">timestamp</span> <span class="o">&gt;</span> <span class="n">NOW</span><span class="p">()</span> <span class="o">-</span> <span class="n">INTERVAL</span> <span class="s1">'1 minute'</span><span class="p">;</span> <span class="k">RETURN</span> <span class="n">request_count</span> <span class="o">&gt;=</span> <span class="mi">5</span><span class="p">;</span> <span class="c1">-- limit of 5 requests per minute</span> <span class="k">END</span><span class="p">;</span> <span class="err">$$</span><span class="p">;</span> </code></pre> </div> <p>This function counts the number of requests made by a client within the last minute and returns <code>true</code> if the limit is exceeded.</p> <h3> The <code>check_rate_limit</code> Function </h3> <p>The <code>check_rate_limit</code> function is pivotal for enforcing rate limits. It effectively manages rate limiting by logging the current request using the <code>register_request</code> function and verifying if the rate limit has been surpassed. If the limit is exceeded, it raises an exception:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">CREATE</span> <span class="k">OR</span> <span class="k">REPLACE</span> <span class="k">FUNCTION</span> <span class="n">check_rate_limit</span><span class="p">()</span> <span class="k">RETURNS</span> <span class="n">VOID</span> <span class="k">LANGUAGE</span> <span class="n">plpgsql</span> <span class="k">SET</span> <span class="n">search_path</span> <span class="o">=</span> <span class="k">public</span><span class="p">,</span> <span class="n">hdr</span><span class="p">,</span> <span class="n">extensions</span> <span class="k">SECURITY</span> <span class="k">DEFINER</span> <span class="k">AS</span> <span class="err">$$</span> <span class="k">DECLARE</span> <span class="n">current_ip</span> <span class="nb">TEXT</span> <span class="p">:</span><span class="o">=</span> <span class="n">hdr</span><span class="p">.</span><span class="n">ip</span><span class="p">();</span> <span class="n">request_method</span> <span class="nb">TEXT</span> <span class="p">:</span><span class="o">=</span> <span class="n">current_setting</span><span class="p">(</span><span class="s1">'request.method'</span><span class="p">,</span> <span class="k">TRUE</span><span class="p">);</span> <span class="k">BEGIN</span> <span class="c1">-- Only log non-GET requests because they are run</span> <span class="c1">-- in read-only transactions</span> <span class="n">IF</span> <span class="n">request_method</span> <span class="k">IS</span> <span class="k">NULL</span> <span class="k">OR</span> <span class="n">request_method</span> <span class="o">&lt;&gt;</span> <span class="s1">'GET'</span> <span class="k">THEN</span> <span class="n">PERFORM</span> <span class="n">register_request</span><span class="p">(</span><span class="n">current_ip</span><span class="p">);</span> <span class="k">END</span> <span class="n">IF</span><span class="p">;</span> <span class="c1">-- Check if the rate limit has been exceeded </span> <span class="c1">-- and raise an exception if necessary</span> <span class="n">IF</span> <span class="n">exceeded_rate_limit</span><span class="p">(</span><span class="n">current_ip</span><span class="p">)</span> <span class="k">THEN</span> <span class="n">RAISE</span> <span class="n">EXCEPTION</span> <span class="s1">'Rate limit exceeded'</span><span class="p">;</span> <span class="k">END</span> <span class="n">IF</span><span class="p">;</span> <span class="k">END</span><span class="p">;</span> <span class="err">$$</span><span class="p">;</span> </code></pre> </div> <p>This function is a crucial component of your rate-limiting strategy, ensuring that each incoming request is correctly monitored and preventing clients from exceeding their allocated rate limits. It's important to note that this function primarily focuses on rate limiting for insert operations. While rate limiting for GET requests is possible, it may introduce performance concerns, such as making network requests that insert rate-limiting data.</p> <h2> Configuring pg_headerkit with PostgREST </h2> <p>To seamlessly integrate rate limiting with your Supabase-powered application, configure the <code>pgrst.db_pre_request</code> option to utilize the <code>check_rate_limit</code> function as a <a href="https://postgrest.org/en/stable/references/transactions.html#pre-request">pre-request</a> action within PostgREST:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">ALTER</span> <span class="k">ROLE</span> <span class="n">authenticator</span> <span class="k">SET</span> <span class="n">pgrst</span><span class="p">.</span><span class="n">db_pre_request</span> <span class="o">=</span> <span class="s1">'check_rate_limit'</span><span class="p">;</span> <span class="k">NOTIFY</span> <span class="n">pgrst</span><span class="p">,</span> <span class="s1">'reload config'</span><span class="p">;</span> </code></pre> </div> <p>This configuration ensures that every request made to Supabase undergoes rate limit validation before execution, guaranteeing a fair and controlled usage of resources. Now, we can test the rate limit by sending a few post requests to a table:</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--9OVAWxHo--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://cdn.hashnode.com/res/hashnode/image/upload/v1693688731283/82c0b0a8-7a04-4840-ac2f-584e79cf99a5.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--9OVAWxHo--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://cdn.hashnode.com/res/hashnode/image/upload/v1693688731283/82c0b0a8-7a04-4840-ac2f-584e79cf99a5.png" alt='Console log showing a few requests, then:{"code":"P0001","details":null,"hint":null,"message":"Rate limit exceeded"}%' width="557" height="238"></a></p> <h2> Scheduled Cleanup </h2> <p>Maintaining the performance of your database requires periodic cleanup of old request logs. Schedule the <code>clean_old_requests</code> function to run automatically every midnight:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">SELECT</span> <span class="n">cron</span><span class="p">.</span><span class="n">schedule</span><span class="p">(</span> <span class="s1">'clean_old_requests'</span><span class="p">,</span> <span class="s1">'0 0 * * *'</span><span class="p">,</span> <span class="c1">-- Run every midnight</span> <span class="err">$$</span> <span class="k">SELECT</span> <span class="n">clean_old_requests</span><span class="p">();</span> <span class="err">$$</span> <span class="p">);</span> </code></pre> </div> <p>This automated cleanup process is crucial for keeping your database in an optimal state, free from unnecessary clutter, and ensuring efficient resource management.</p> <h2> Conclusion </h2> <p>In this comprehensive blog post, we've delved into the intricacies of implementing rate limiting for your Supabase-powered applications. Leveraging the power of PostgreSQL and the versatile pg_headerkit extension, we've provided you with a step-by-step guide to ensure fair resource allocation and safeguard your application against abuse.</p> <p>Rate limiting is a fundamental tool in your arsenal to maintain top-notch performance and deliver a consistently excellent user experience. Armed with the knowledge gained from this article, you're now well-prepared to seamlessly integrate rate limiting into your Supabase application.</p> <p>Don't stop here; take the concepts discussed in this post and adapt them to your specific use cases. Experiment, explore, and fine-tune your rate-limiting strategy to perfectly align with your application's unique requirements.</p> <p>If you found this article valuable, you might also be interested in exploring related topics:</p> <ul> <li><p><a href="https://blog.mansueli.com/how-to-boost-supabase-reliability-a-guide-to-using-postgres-foreign-data-wrappers">Boosting Supabase Reliability: A Guide to Using Postgres Foreign Data Wrappers</a>: Learn how to enhance the reliability of your Supabase applications.</p></li> <li><p><a href="https://blog.mansueli.com/exploring-data-relationships-with-supabase-and-postgresql">Exploring Data Relationships with Supabase and PostgreSQL</a>: Dive deeper into understanding data relationships in Supabase.</p></li> <li><p><a href="https://blog.mansueli.com/safeguarding-data-integrity-with-pg-safeupdate-in-postgresql-and-supabase">Safeguarding Data Integrity with pg-safeupdate in PostgreSQL and Supabase</a>: Explore techniques to maintain data integrity in your database.</p></li> </ul> <p>For further information and guidance, consider these valuable references. For any questions, feedback, or assistance, please don't hesitate to reach out to me. We're here to help you on your journey to mastering rate limiting in Supabase.</p> <h2> References </h2> <p>For further information and guidance, consider these valuable references:</p> <ul> <li><p><a href="https://supabase.com/docs">Supabase Official Documentation</a>: Explore Supabase's official documentation for in-depth insights into this powerful backend platform.</p></li> <li><p><a href="https://www.postgresql.org/docs/">PostgreSQL Official Documentation</a>: Dive into the official documentation of PostgreSQL, the robust database system at the core of Supabase.</p></li> <li><p><a href="https://database.dev/burggraf/pg_headerkit">pg_headerkit Extension</a>: For more details on pg_headerkit, visit the official GitHub repository.</p></li> <li><p><a href="https://postgrest.org/">PostgREST Official Documentation</a>: Discover PostgREST's documentation for additional information on this helpful tool.</p></li> </ul> <p><a href="http://supabase.com?utm_source=devto&amp;utm_medium=referral&amp;utm%5C_term=devtocta" class="ltag_cta ltag_cta--branded">🚀 Learn more about Supabase</a> </p> webdev ratelimit api database Comprehensive Guide: Deploying and Debugging Custom Webhooks on Supabase & PostgreSQL Rodrigo Mansueli Tue, 29 Aug 2023 16:18:33 +0000 https://forem.com/supabase/comprehensive-guide-deploying-and-debugging-custom-webhooks-on-supabase-postgresql-5d5h https://forem.com/supabase/comprehensive-guide-deploying-and-debugging-custom-webhooks-on-supabase-postgresql-5d5h <p>In today's dynamic landscape of cutting-edge application development, the role of automation has grown paramount, revolutionizing user experiences and operational efficiency. A domain where automation truly thrives is the seamless integration of webhooks into your application's architecture. Webhooks introduce the power to orchestrate actions triggered by specific events within your database. This automated responsiveness gains exceptional potency when harmonized with a versatile backend service like <a href="http://supabase.com/">Supabase</a> and the robust capabilities of PostgreSQL. This comprehensive article embarks on a journey to unveil the art of creating and debugging PostgreSQL webhooks using the Supabase platform, highlighting the potent synergy that can reshape and optimize your development workflow.</p> <h2> The Nexus of Empowerment: An Alliance of Supabase and PostgreSQL </h2> <p>In the dynamic realm of modern application development, the selection of a backend service extends beyond technical considerations; it's a strategic choice with far-reaching implications for productivity and efficiency. The formidable partnership between Supabase and PostgreSQL presents a compelling proposition. This article delves into the realm of webhooks—automated triggers designed to spring into action in response to specific database events. Our journey involves an in-depth exploration of the intricacies involved in designing and debugging Postgres webhooks, harnessing the capabilities of Supabase to establish a fluid and efficient workflow.</p> <h2> Expanding Horizons: The Webhook Wrapper Function </h2> <p>At the heart of our webhook implementation, a pivotal role is played by the <code>request_wrapper</code> function. This versatile function operates as an intermediary, adroitly handling HTTP methods such as <code>GET</code>, <code>POST</code>, and <code>DELETE</code>. It forges smooth communication channels with external services and APIs, driven by dynamic input parameters encompassing <code>method</code>, <code>url</code>, <code>params</code>, <code>body</code>, and <code>headers</code>. Crafted using the expressive <code>plpgsql</code> language and fortified by the security definer concept for meticulous execution control, this function embodies the quintessence of streamlined automation.</p> <h2> Taking Charge of Your Automation: The Supabase Advantage </h2> <p>While Supabase generously offers webhooks as part of its toolkit, it is worth contemplating the merits of deploying them independently. By taking the reins of deployment, you gain the freedom to expand the timeout window beyond a mere second, granting you greater control over the nature of the requests being executed. This strategic move allows you to tailor the automation to your specific needs, resulting in a more responsive and versatile system.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="c1">-- </span> <span class="c1">-- Webhook wrapper</span> <span class="c1">--</span> <span class="k">CREATE</span> <span class="k">OR</span> <span class="k">REPLACE</span> <span class="k">FUNCTION</span> <span class="n">request_wrapper</span><span class="p">(</span> <span class="k">method</span> <span class="nb">TEXT</span><span class="p">,</span> <span class="n">url</span> <span class="nb">TEXT</span><span class="p">,</span> <span class="n">params</span> <span class="n">JSONB</span> <span class="k">DEFAULT</span> <span class="s1">'{}'</span><span class="p">::</span><span class="n">JSONB</span><span class="p">,</span> <span class="n">body</span> <span class="n">JSONB</span> <span class="k">DEFAULT</span> <span class="s1">'{}'</span><span class="p">::</span><span class="n">JSONB</span><span class="p">,</span> <span class="n">headers</span> <span class="n">JSONB</span> <span class="k">DEFAULT</span> <span class="s1">'{}'</span><span class="p">::</span><span class="n">JSONB</span> <span class="p">)</span> <span class="k">RETURNS</span> <span class="nb">BIGINT</span> <span class="k">SECURITY</span> <span class="k">DEFINER</span> <span class="k">SET</span> <span class="n">search_path</span> <span class="o">=</span> <span class="k">public</span><span class="p">,</span> <span class="n">extensions</span><span class="p">,</span> <span class="n">net</span> <span class="k">LANGUAGE</span> <span class="n">plpgsql</span> <span class="k">AS</span> <span class="err">$$</span> <span class="k">DECLARE</span> <span class="n">request_id</span> <span class="nb">BIGINT</span><span class="p">;</span> <span class="n">timeout</span> <span class="nb">INT</span><span class="p">;</span> <span class="k">BEGIN</span> <span class="n">timeout</span> <span class="p">:</span><span class="o">=</span> <span class="mi">3000</span><span class="p">;</span> <span class="n">IF</span> <span class="k">method</span> <span class="o">=</span> <span class="s1">'DELETE'</span> <span class="k">THEN</span> <span class="k">SELECT</span> <span class="n">net</span><span class="p">.</span><span class="n">http_delete</span><span class="p">(</span> <span class="n">url</span><span class="p">:</span><span class="o">=</span><span class="n">url</span><span class="p">,</span> <span class="n">params</span><span class="p">:</span><span class="o">=</span><span class="n">params</span><span class="p">,</span> <span class="n">headers</span><span class="p">:</span><span class="o">=</span><span class="n">headers</span><span class="p">,</span> <span class="n">timeout_milliseconds</span><span class="p">:</span><span class="o">=</span><span class="n">timeout</span> <span class="p">)</span> <span class="k">INTO</span> <span class="n">request_id</span><span class="p">;</span> <span class="n">ELSIF</span> <span class="k">method</span> <span class="o">=</span> <span class="s1">'POST'</span> <span class="k">THEN</span> <span class="k">SELECT</span> <span class="n">net</span><span class="p">.</span><span class="n">http_post</span><span class="p">(</span> <span class="n">url</span><span class="p">:</span><span class="o">=</span><span class="n">url</span><span class="p">,</span> <span class="n">body</span><span class="p">:</span><span class="o">=</span><span class="n">body</span><span class="p">,</span> <span class="n">params</span><span class="p">:</span><span class="o">=</span><span class="n">params</span><span class="p">,</span> <span class="n">headers</span><span class="p">:</span><span class="o">=</span><span class="n">headers</span><span class="p">,</span> <span class="n">timeout_milliseconds</span><span class="p">:</span><span class="o">=</span><span class="n">timeout</span> <span class="p">)</span> <span class="k">INTO</span> <span class="n">request_id</span><span class="p">;</span> <span class="n">ELSIF</span> <span class="k">method</span> <span class="o">=</span> <span class="s1">'GET'</span> <span class="k">THEN</span> <span class="k">SELECT</span> <span class="n">net</span><span class="p">.</span><span class="n">http_get</span><span class="p">(</span> <span class="n">url</span><span class="p">:</span><span class="o">=</span><span class="n">url</span><span class="p">,</span> <span class="n">params</span><span class="p">:</span><span class="o">=</span><span class="n">params</span><span class="p">,</span> <span class="n">headers</span><span class="p">:</span><span class="o">=</span><span class="n">headers</span><span class="p">,</span> <span class="n">timeout_milliseconds</span><span class="p">:</span><span class="o">=</span><span class="n">timeout</span> <span class="p">)</span> <span class="k">INTO</span> <span class="n">request_id</span><span class="p">;</span> <span class="k">ELSE</span> <span class="n">RAISE</span> <span class="n">EXCEPTION</span> <span class="s1">'Method must be DELETE, POST, or GET'</span><span class="p">;</span> <span class="k">END</span> <span class="n">IF</span><span class="p">;</span> <span class="k">RETURN</span> <span class="n">request_id</span><span class="p">;</span> <span class="k">END</span><span class="p">;</span> <span class="err">$$</span><span class="p">;</span> </code></pre> </div> <h2> Creating a Trigger Function for Automated Insert Events </h2> <p>Imagine a scenario where a new row enters the picture in the <code>orders</code> table. This particular moment sets in motion an automatic process triggered by a special function we've named <code>after_order_insert()</code>. Within this function's code lies a sophisticated logic that effortlessly triggers a call to another function called <code>request_wrapper</code>. This dynamic function orchestrates a <code>POST</code> request that's directed to a specific webhook URL you define. The magic happens as the values from the newly added row come together to form a JSON package—an essential element that shapes the upcoming webhook request.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">CREATE</span> <span class="k">OR</span> <span class="k">REPLACE</span> <span class="k">FUNCTION</span> <span class="n">after_order_insert</span><span class="p">()</span> <span class="k">RETURNS</span> <span class="k">TRIGGER</span> <span class="k">AS</span> <span class="err">$$</span> <span class="k">BEGIN</span> <span class="n">PERFORM</span> <span class="n">request_wrapper</span><span class="p">(</span><span class="s1">'POST'</span><span class="p">,</span> <span class="s1">'your_webhook_url_here'</span><span class="p">,</span> <span class="s1">'{"order_id": '</span> <span class="o">||</span> <span class="k">NEW</span><span class="p">.</span><span class="n">order_id</span> <span class="o">||</span> <span class="s1">', "customer_id": '</span> <span class="o">||</span> <span class="k">NEW</span><span class="p">.</span><span class="n">customer_id</span> <span class="o">||</span> <span class="s1">', "total_amount": '</span> <span class="o">||</span> <span class="k">NEW</span><span class="p">.</span><span class="n">total_amount</span> <span class="o">||</span> <span class="s1">'}'</span><span class="p">);</span> <span class="k">RETURN</span> <span class="k">NEW</span><span class="p">;</span> <span class="k">END</span><span class="p">;</span> <span class="err">$$</span> <span class="k">LANGUAGE</span> <span class="n">plpgsql</span><span class="p">;</span> </code></pre> </div> <h2> Leading the Way with Triggers: Powering Automation for New Inserts </h2> <p>In the dynamic realm of PostgreSQL databases, the birth of triggers stands as a foundational pillar of database event automation. Our carefully crafted trigger, given the name <code>orders_insert_webhook</code>, steps onto the stage. This conductor is designed to harmonize with the rhythm of each fresh row that finds its place in the revered <code>orders</code> table. This invisible maestro then coordinates the execution of the <code>after_order_insert()</code> function as soon as a new data insertion event occurs. The result is a symphony of seamless coordination, allowing webhooks to come to life in response to the emergence of new data.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">CREATE</span> <span class="k">TRIGGER</span> <span class="n">orders_insert_webhook</span> <span class="k">AFTER</span> <span class="k">INSERT</span> <span class="k">ON</span> <span class="n">orders</span> <span class="k">FOR</span> <span class="k">EACH</span> <span class="k">ROW</span> <span class="k">EXECUTE</span> <span class="k">FUNCTION</span> <span class="n">after_order_insert</span><span class="p">();</span> </code></pre> </div> <h2> Exploring Webhook Debugging: A Closer Look </h2> <p>The journey through webhook integration entails not only implementation but also a vital debugging phase. This phase ensures the smooth functioning of your automated processes. At the core of this endeavor lies the <code>net._http_response</code> table—a valuable tool for debugging. This table captures the responses generated by HTTP requests executed through the <code>request_wrapper</code> function. It offers insights into request outcomes, including success, status codes, headers, content, timeouts, error messages, and creation timestamps.</p> <h3> Navigating the Debugging Process: Inside <code>net._http_response</code> </h3> <p>In your PostgreSQL database architecture, the <code>net._http_response</code> table takes on a crucial role. Its design encapsulates essential debugging information, aiding you in refining your automated workflows. This table serves as a repository of records detailing each HTTP request's journey. These insights are invaluable for diagnosing and resolving any issues in your automation processes. From tracking response status and content type to examining headers, content, and possible timeouts, this table becomes your compass in the journey to create robust and efficient automation.</p> <h3> Real-World Insight: Practical Scenarios </h3> <p>To understand the practicality of the <code>net._http_response</code> table, let's consider an example where you've set up a webhook to notify customers upon order fulfillment. As you navigate this process, the <code>net._http_response</code> table becomes your ally.</p> <p><strong>Use Case 1: Checking Request Status</strong></p> <p>To verify request status, execute the following query:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">SELECT</span> <span class="n">id</span><span class="p">,</span> <span class="n">status_code</span><span class="p">,</span> <span class="n">timed_out</span> <span class="k">FROM</span> <span class="n">net</span><span class="p">.</span><span class="n">_http_response</span><span class="p">;</span> </code></pre> </div> <p>This query offers a quick overview of request details, displaying IDs, status codes, and any timeouts.</p> <p><strong>Use Case 2: Exploring Request Details</strong></p> <p>For a comprehensive view of a specific request, use:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">SELECT</span> <span class="o">*</span> <span class="k">FROM</span> <span class="n">net</span><span class="p">.</span><span class="n">_http_response</span> <span class="k">WHERE</span> <span class="n">id</span> <span class="o">=</span> <span class="n">your_request_id_here</span><span class="p">;</span> </code></pre> </div> <p>Replace <code>your_request_id_here</code> with the actual ID of the request. This query provides a detailed examination, including headers, content, and error messages.</p> <p>In the process of webhook debugging, the <code>net._http_response</code> table shines as a guiding light. Its insights empower you to craft and maintain automation processes that endure.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="c1">-- Example: Checking request status</span> <span class="k">SELECT</span> <span class="n">id</span><span class="p">,</span> <span class="n">status_code</span><span class="p">,</span> <span class="n">timed_out</span> <span class="k">FROM</span> <span class="n">net</span><span class="p">.</span><span class="n">_http_response</span><span class="p">;</span> <span class="c1">-- Example: Exploring request details</span> <span class="k">SELECT</span> <span class="o">*</span> <span class="k">FROM</span> <span class="n">net</span><span class="p">.</span><span class="n">_http_response</span> <span class="k">WHERE</span> <span class="n">id</span> <span class="o">=</span> <span class="n">your_request_id_here</span><span class="p">;</span> </code></pre> </div> <h2> Wrapping Up: Your Path to Smarter Automation </h2> <p>As we come to the end of this exploration into the world of automation and efficiency in app development, it's time to reflect on the journey we've taken. Throughout this article, we've teamed up Supabase and PostgreSQL with webhooks—a powerful trio that empowers you to create smarter, more responsive applications.</p> <p>If you're hungry for more insights and want to delve deeper into enhancing your Supabase-powered apps, don't forget to check out some of our previous articles:</p> <ul> <li><p>Wondering how to make your Supabase setup even more reliable? Dive into our guide on <a href="https://blog.mansueli.com/how-to-boost-supabase-reliability-a-guide-to-using-postgres-foreign-data-wrappers">Boosting Supabase Reliability with Postgres Foreign Data Wrappers</a>.</p></li> <li><p>Exploring data relationships in Supabase and PostgreSQL? Learn the ropes with our article on <a href="https://blog.mansueli.com/exploring-data-relationships-with-supabase-and-postgresql">Exploring Data Relationships with Supabase and PostgreSQL</a>.</p></li> <li><p>Need to empower your users with secure password verification? Our insights on <a href="https://blog.mansueli.com/secure-password-verification-and-update-with-supabase-and-postgresql">Secure Password Verification and Update with Supabase and PostgreSQL</a> have got you covered.</p></li> </ul> <p>With these resources at your fingertips, you're well-equipped to take your app development journey to new heights. Remember, the world of coding is full of possibilities, and webhooks are just the beginning. Keep innovating, keep learning, and keep coding!</p> <p>Got any thoughts or questions? We'd love to hear from you. Drop a comment below and let's keep the conversation going!</p> <p><a href="http://supabase.com?utm_source=devto&amp;utm_medium=referral&amp;utm%5C_term=devtocta" class="ltag_cta ltag_cta--branded">🚀 Learn more about Supabase</a> </p> postgresql database sql webhook Creating Customized i18n-Ready Authentication Emails using Supabase Edge Functions, PostgreSQL, and Resend Rodrigo Mansueli Tue, 22 Aug 2023 14:26:17 +0000 https://forem.com/supabase/creating-customized-i18n-ready-authentication-emails-using-supabase-edge-functions-postgresql-and-resend-2jc4 https://forem.com/supabase/creating-customized-i18n-ready-authentication-emails-using-supabase-edge-functions-postgresql-and-resend-2jc4 <p>Welcome to another exciting tutorial on building robust applications! Today, we're delving into the world of Supabase, an open-source backend solution that equips developers with a powerful toolkit for creating scalable applications. In this guide, we'll explore how to harness the potential of <a href="https://supabase.com/docs/guides/functions">Supabase Edge Functions</a>, PostgreSQL, and the Resend email service to craft a personalized authentication email system.</p> <h2> Introduction </h2> <p>As the demand for efficient backend solutions continues to grow, Supabase has emerged as a game-changer. Offering features like real-time subscriptions, authentication, and database management, Supabase simplifies complex backend tasks. However, one unique challenge lies in customizing email templates for user engagement. In our previous blog post on <a href="https://blog.mansueli.com/exploring-data-relationships-with-supabase-and-postgresql">Exploring Data Relationships with Supabase and PostgreSQL</a>, we delved into the intricacies of data relationships. Building upon that foundation, we now tackle the challenge of creating a personalized authentication email system that also seamlessly supports i18n localization.</p> <h2> The Significance of i18n Localization in Emails </h2> <p>In today's global landscape, catering to diverse audiences is imperative for enhancing user engagement. Internationalization (i18n) ensures that emails resonate with users across various cultures and languages. By dynamically replacing content based on the user's preferred language, we not only enhance the user experience but also foster a sense of inclusivity.</p> <h2> Prerequisites </h2> <p>Before we dive into the technical intricacies, it's essential to be well-acquainted with Supabase, PostgreSQL, and have a grasp of the basics of Deno if necessary. Setting up your development environment, installing essential tools, and configuring dependencies based on your operating system will establish a solid foundation for a successful implementation.</p> <h2> Establishing a Solid Database Foundation </h2> <p>Our journey begins with the establishment of a robust database foundation. This involves the creation of an email_templates table within an internal schema. This table serves as a pivotal repository, storing vital information such as subject lines, content, languages, and template types.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">CREATE</span> <span class="k">SCHEMA</span> <span class="n">internal</span><span class="p">;</span> <span class="k">CREATE</span> <span class="k">TABLE</span> <span class="n">internal</span><span class="p">.</span><span class="n">email_templates</span> <span class="p">(</span> <span class="n">id</span> <span class="nb">BIGINT</span> <span class="k">GENERATED</span> <span class="k">BY</span> <span class="k">DEFAULT</span> <span class="k">AS</span> <span class="k">IDENTITY</span><span class="p">,</span> <span class="n">subject</span> <span class="nb">TEXT</span> <span class="k">NULL</span><span class="p">,</span> <span class="n">content</span> <span class="nb">TEXT</span> <span class="k">NULL</span><span class="p">,</span> <span class="n">email_language</span> <span class="nb">TEXT</span> <span class="k">NULL</span><span class="p">,</span> <span class="n">email_type</span> <span class="nb">TEXT</span> <span class="k">NULL</span><span class="p">,</span> <span class="k">CONSTRAINT</span> <span class="n">email_templates_pkey</span> <span class="k">PRIMARY</span> <span class="k">KEY</span> <span class="p">(</span><span class="n">id</span><span class="p">)</span> <span class="p">);</span> </code></pre> </div> <p>By crafting this strong foundation, we lay the groundwork for a dynamic and versatile email system. This system will be powered by the forthcoming get_email_template function, which we'll explore in the following sections.</p> <h2> Crafting the Dynamic <code>get_email_template</code> Function </h2> <p>The core of our email system resides within the get_email_template function. This dynamic function retrieves email templates, utilizing inputs such as the template type, link, and language. Importantly, the function seamlessly integrates with the email_templates table, providing personalized email content.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">CREATE</span> <span class="k">OR</span> <span class="k">REPLACE</span> <span class="k">FUNCTION</span> <span class="n">get_email_template</span><span class="p">(</span> <span class="n">template_type</span> <span class="nb">TEXT</span><span class="p">,</span> <span class="n">link</span> <span class="nb">TEXT</span><span class="p">,</span> <span class="k">language</span> <span class="nb">TEXT</span> <span class="k">DEFAULT</span> <span class="s1">'en'</span> <span class="p">)</span> <span class="k">RETURNS</span> <span class="n">JSON</span> <span class="k">SECURITY</span> <span class="k">DEFINER</span> <span class="k">SET</span> <span class="n">search_path</span> <span class="o">=</span> <span class="k">public</span><span class="p">,</span> <span class="n">internal</span> <span class="k">AS</span> <span class="err">$</span><span class="n">BODY</span><span class="err">$</span> <span class="k">DECLARE</span> <span class="n">email_subject</span> <span class="nb">TEXT</span><span class="p">;</span> <span class="n">email_content</span> <span class="nb">TEXT</span><span class="p">;</span> <span class="n">email_json</span> <span class="n">JSON</span><span class="p">;</span> <span class="k">BEGIN</span> <span class="k">SELECT</span> <span class="n">subject</span><span class="p">,</span> <span class="k">REPLACE</span><span class="p">(</span><span class="n">content</span><span class="p">,</span> <span class="s1">'{{LINK}}'</span><span class="p">,</span> <span class="n">link</span><span class="p">)</span> <span class="k">INTO</span> <span class="n">email_subject</span><span class="p">,</span> <span class="n">email_content</span> <span class="k">FROM</span> <span class="n">internal</span><span class="p">.</span><span class="n">email_templates</span> <span class="k">WHERE</span> <span class="n">email_type</span> <span class="o">=</span> <span class="n">template_type</span> <span class="k">AND</span> <span class="n">email_language</span> <span class="o">=</span> <span class="k">language</span><span class="p">;</span> <span class="n">email_json</span> <span class="p">:</span><span class="o">=</span> <span class="n">json_build_object</span><span class="p">(</span><span class="s1">'subject'</span><span class="p">,</span> <span class="n">email_subject</span><span class="p">,</span> <span class="s1">'content'</span><span class="p">,</span> <span class="n">email_content</span><span class="p">);</span> <span class="k">RETURN</span> <span class="n">email_json</span><span class="p">;</span> <span class="k">END</span><span class="p">;</span> <span class="err">$</span><span class="n">BODY</span><span class="err">$</span> <span class="k">LANGUAGE</span> <span class="n">plpgsql</span><span class="p">;</span> <span class="c1">-- Protect this function to be only available to service_role key:</span> <span class="k">REVOKE</span> <span class="k">EXECUTE</span> <span class="k">ON</span> <span class="k">FUNCTION</span> <span class="n">get_email_template</span> <span class="k">FROM</span> <span class="n">anon</span><span class="p">,</span> <span class="n">authenticated</span><span class="p">;</span> </code></pre> </div> <h2> Customizing Email Templates for Common Authentication Scenarios </h2> <p>To enhance user experience and engagement, we'll be customizing email templates for several common authentication scenarios: password recovery, signup confirmation, invitation, and magic link.</p> <p>These templates will be available in three languages: Portuguese, English, and Danish. You can seamlessly integrate these templates into the <code>email_templates</code> table within the internal schema. Below, you'll find the templates for each scenario:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="c1">--</span> <span class="c1">-- Data for Name: email_templates; Type: TABLE DATA; Schema: internal; Owner: postgres</span> <span class="c1">--</span> <span class="k">INSERT</span> <span class="k">INTO</span> <span class="nv">"internal"</span><span class="p">.</span><span class="nv">"email_templates"</span> <span class="p">(</span><span class="nv">"id"</span><span class="p">,</span> <span class="nv">"subject"</span><span class="p">,</span> <span class="nv">"content"</span><span class="p">,</span> <span class="nv">"email_language"</span><span class="p">,</span> <span class="nv">"email_type"</span><span class="p">)</span> <span class="k">VALUES</span> <span class="p">(</span><span class="mi">1</span><span class="p">,</span> <span class="s1">'Din Magisk Link'</span><span class="p">,</span> <span class="s1">'&lt;!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"&gt; &lt;meta http-equiv="Content-Type" content="text/html charset=UTF-8" /&gt; &lt;html lang="da"&gt; &lt;head&gt;&lt;/head&gt; &lt;body style="background-color:#ffffff;font-family:-apple-system,BlinkMacSystemFont,&amp;quot;Segoe UI&amp;quot;,Roboto,Oxygen-Sans,Ubuntu,Cantarell,&amp;quot;Helvetica Neue&amp;quot;,sans-serif"&gt; &lt;table align="center" role="presentation" cellSpacing="0" cellPadding="0" border="0" width="100%" style="max-width:37.5em;margin:0 auto;padding:20px 25px 48px;background-image:url(&amp;quot;/assets/background-image.png&amp;quot;);background-position:bottom;background-repeat:no-repeat, no-repeat"&gt; &lt;tr style="width:100%"&gt; &lt;td&gt; &lt;h1 style="font-size:28px;font-weight:bold;margin-top:48px"&gt;🪄 Din magiske link&lt;/h1&gt; &lt;table style="margin:24px 0" align="center" border="0" cellPadding="0" cellSpacing="0" role="presentation" width="100%"&gt; &lt;tbody&gt; &lt;tr&gt; &lt;td&gt; &lt;p style="font-size:16px;line-height:26px;margin:16px 0"&gt;&lt;a target="_blank" style="color:#FF6363;text-decoration:none" href="{{LINK}}"&gt;👉 Klik her for at logge ind 👈&lt;/a&gt;&lt;/p&gt; &lt;p style="font-size:16px;line-height:26px;margin:16px 0"&gt;Hvis du ikke har anmodet om dette, bedes du ignorere denne e-mail.&lt;/p&gt; &lt;/td&gt; &lt;/tr&gt; &lt;/tbody&gt; &lt;/table&gt; &lt;p style="font-size:16px;line-height:26px;margin:16px 0"&gt;Bedste hilsner,&lt;br /&gt;- Contoso Team&lt;/p&gt; &lt;hr style="width:100%;border:none;border-top:1px solid #eaeaea;border-color:#dddddd;margin-top:48px" /&gt; &lt;p style="font-size:12px;line-height:24px;margin:16px 0;color:#8898aa;margin-left:4px"&gt;Contoso Technologies Inc.&lt;/p&gt; &lt;/td&gt; &lt;/tr&gt; &lt;/table&gt; &lt;/body&gt; &lt;/html&gt; '</span><span class="p">,</span> <span class="s1">'da'</span><span class="p">,</span> <span class="s1">'magiclink'</span><span class="p">);</span> <span class="c1">-- Check the full SQL file and all templates in the GitHub repo</span> <span class="c1">-- https://github.com/mansueli/Supabase-Edge-AuthMailer</span> </code></pre> </div> <p>By offering tailored templates for these scenarios in multiple languages, you ensure that your email communications resonate with a broader audience. This personalization fosters stronger user engagement and interaction.</p> <h2> Developing the Deno Edge Function (index.ts) </h2> <p>In the upcoming section, we'll delve into the development process of the Deno Edge Function responsible for managing authentication email requests. Below, we'll provide an overview of the pivotal steps involved in this process:</p> <ol> <li><p><strong>Initializing Imports and Constants:</strong> We'll commence by importing essential modules and setting up constants that will facilitate the seamless development process.</p></li> <li><p><strong>Creating a Secure Supabase Client:</strong> Learn how to establish a secure connection to Supabase using admin credentials, ensuring authorized access to the required resources.</p></li> <li><p><strong>Handling Incoming HTTP Requests:</strong> Discover the utilization of the <code>serve</code> function to effectively handle incoming HTTP requests, enhancing the overall responsiveness of your system.</p></li> <li><p><strong>Extracting Vital Parameters:</strong> Understand the process of extracting crucial parameters from incoming requests, such as email, authentication type, language, password, and redirection URL.</p></li> <li><p><strong>Generating Secure Authentication Links:</strong> Explore the steps involved in generating secure authentication links using the Supabase admin API, facilitating secure user interactions.</p></li> <li><p><strong>Customizing Redirection Links:</strong> Learn how to customize redirection links to match specific requirements and elevate the user experience.</p></li> <li><p><strong>Invoking</strong> <code>get_email_template</code> Function: Dive into the usage of the Supabase <code>rpc</code> method to invoke the <code>get_email_template</code> function, enabling seamless retrieval of email content.</p></li> <li><p><strong>Integration of Resend API:</strong> Understand the seamless integration of the Resend API, allowing the delivery of personalized and informative emails to users.</p></li> </ol> <p>For the complete code of the Deno Edge Function, refer to the provided <code>index.ts</code> file.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// Importing required libraries</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">serve</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">https://deno.land/std@0.192.0/http/server.ts</span><span class="dl">'</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">createClient</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">https://esm.sh/@supabase/supabase-js@2</span><span class="dl">'</span> <span class="c1">// Defining CORS headers</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">corsHeaders</span> <span class="o">=</span> <span class="p">{</span> <span class="dl">'</span><span class="s1">Access-Control-Allow-Origin</span><span class="dl">'</span><span class="p">:</span> <span class="dl">'</span><span class="s1">*</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">Access-Control-Allow-Headers</span><span class="dl">'</span><span class="p">:</span> <span class="dl">'</span><span class="s1">authorization, x-client-info, apikey, content-type</span><span class="dl">'</span><span class="p">,</span> <span class="p">}</span> <span class="c1">// Log to indicate the function is up and running</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="s2">`Function "auth-mailer" up and running!`</span><span class="p">)</span> <span class="c1">// Creating a Supabase client using environment variables</span> <span class="kd">const</span> <span class="nx">supabaseAdmin</span> <span class="o">=</span> <span class="nf">createClient</span><span class="p">(</span> <span class="nx">Deno</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">SUPABASE_URL</span><span class="dl">'</span><span class="p">)</span> <span class="o">??</span> <span class="dl">''</span><span class="p">,</span> <span class="nx">Deno</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">SUPABASE_SERVICE_ROLE_KEY</span><span class="dl">'</span><span class="p">)</span> <span class="o">??</span> <span class="dl">''</span> <span class="p">)</span> <span class="c1">// Define a server that handles different types of requests</span> <span class="nf">serve</span><span class="p">(</span><span class="k">async </span><span class="p">(</span><span class="nx">req</span><span class="p">:</span> <span class="nx">Request</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="c1">// Handling preflight CORS requests</span> <span class="k">if </span><span class="p">(</span><span class="nx">req</span><span class="p">.</span><span class="nx">method</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">OPTIONS</span><span class="dl">'</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="k">new</span> <span class="nc">Response</span><span class="p">(</span><span class="dl">'</span><span class="s1">ok</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">headers</span><span class="p">:</span> <span class="nx">corsHeaders</span> <span class="p">})</span> <span class="p">}</span> <span class="k">try</span> <span class="p">{</span> <span class="c1">// Destructuring request JSON and setting default values</span> <span class="kd">let</span> <span class="p">{</span> <span class="nx">email</span><span class="p">,</span> <span class="kd">type</span><span class="p">,</span> <span class="nx">language</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">en</span><span class="dl">'</span><span class="p">,</span> <span class="nx">password</span> <span class="o">=</span> <span class="dl">''</span><span class="p">,</span> <span class="nx">redirect_to</span> <span class="o">=</span> <span class="dl">''</span> <span class="p">}</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">req</span><span class="p">.</span><span class="nf">json</span><span class="p">();</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">({</span> <span class="nx">email</span><span class="p">,</span> <span class="kd">type</span><span class="p">,</span> <span class="nx">language</span><span class="p">,</span> <span class="nx">password</span> <span class="p">},</span> <span class="kc">null</span><span class="p">,</span> <span class="mi">2</span><span class="p">));</span> <span class="c1">// Generate a link with admin API call</span> <span class="kd">let</span> <span class="na">linkPayload</span><span class="p">:</span> <span class="kr">any</span> <span class="o">=</span> <span class="p">{</span> <span class="kd">type</span><span class="p">,</span> <span class="nx">email</span><span class="p">,</span> <span class="p">}</span> <span class="c1">// If type is 'signup', add password to the payload</span> <span class="k">if </span><span class="p">(</span><span class="kd">type</span> <span class="o">==</span> <span class="dl">'</span><span class="s1">signup</span><span class="dl">'</span><span class="p">)</span> <span class="p">{</span> <span class="nx">linkPayload</span> <span class="o">=</span> <span class="p">{</span> <span class="p">...</span><span class="nx">linkPayload</span><span class="p">,</span> <span class="nx">password</span><span class="p">,</span> <span class="p">}</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">"</span><span class="s2">linkPayload</span><span class="dl">"</span><span class="p">,</span> <span class="nx">linkPayload</span><span class="p">);</span> <span class="p">}</span> <span class="c1">// Generate the link</span> <span class="kd">const</span> <span class="p">{</span> <span class="na">data</span><span class="p">:</span> <span class="nx">linkResponse</span><span class="p">,</span> <span class="na">error</span><span class="p">:</span> <span class="nx">linkError</span> <span class="p">}</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">supabaseAdmin</span><span class="p">.</span><span class="nx">auth</span><span class="p">.</span><span class="nx">admin</span><span class="p">.</span><span class="nf">generateLink</span><span class="p">(</span><span class="nx">linkPayload</span><span class="p">)</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">"</span><span class="s2">linkResponse</span><span class="dl">"</span><span class="p">,</span> <span class="nx">linkResponse</span><span class="p">);</span> <span class="c1">// Throw error if any occurs during link generation</span> <span class="k">if </span><span class="p">(</span><span class="nx">linkError</span><span class="p">)</span> <span class="p">{</span> <span class="k">throw</span> <span class="nx">linkError</span><span class="p">;</span> <span class="p">}</span> <span class="c1">// Getting the actual link and manipulating the redirect link</span> <span class="kd">let</span> <span class="nx">actual_link</span> <span class="o">=</span> <span class="nx">linkResponse</span><span class="p">.</span><span class="nx">properties</span><span class="p">.</span><span class="nx">action_link</span><span class="p">;</span> <span class="k">if </span><span class="p">(</span><span class="nx">redirect_to</span> <span class="o">!=</span> <span class="dl">''</span><span class="p">)</span> <span class="p">{</span> <span class="nx">actual_link</span> <span class="o">=</span> <span class="nx">actual_link</span><span class="p">.</span><span class="nf">split</span><span class="p">(</span><span class="dl">'</span><span class="s1">redirect_to=</span><span class="dl">'</span><span class="p">)[</span><span class="mi">0</span><span class="p">];</span> <span class="nx">actual_link</span> <span class="o">=</span> <span class="nx">actual_link</span> <span class="o">+</span> <span class="dl">'</span><span class="s1">&amp;redirect_to=</span><span class="dl">'</span> <span class="o">+</span> <span class="nx">redirect_to</span><span class="p">;</span> <span class="p">}</span> <span class="c1">// Log the template data</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">({</span> <span class="dl">"</span><span class="s2">template_type</span><span class="dl">"</span><span class="p">:</span><span class="kd">type</span><span class="p">,</span> <span class="dl">"</span><span class="s2">link</span><span class="dl">"</span><span class="p">:</span> <span class="nx">linkResponse</span><span class="p">,</span> <span class="dl">"</span><span class="s2">language</span><span class="dl">"</span><span class="p">:</span><span class="nx">language</span> <span class="p">},</span> <span class="kc">null</span><span class="p">,</span> <span class="mi">2</span><span class="p">));</span> <span class="c1">// Get the email template</span> <span class="kd">const</span> <span class="p">{</span> <span class="na">data</span><span class="p">:</span> <span class="nx">templateData</span><span class="p">,</span> <span class="na">error</span><span class="p">:</span> <span class="nx">templateError</span> <span class="p">}</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">supabaseAdmin</span><span class="p">.</span><span class="nf">rpc</span><span class="p">(</span><span class="dl">'</span><span class="s1">get_email_template</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="dl">"</span><span class="s2">template_type</span><span class="dl">"</span><span class="p">:</span><span class="kd">type</span><span class="p">,</span> <span class="dl">"</span><span class="s2">link</span><span class="dl">"</span><span class="p">:</span> <span class="nx">actual_link</span><span class="p">,</span> <span class="dl">"</span><span class="s2">language</span><span class="dl">"</span><span class="p">:</span><span class="nx">language</span> <span class="p">});</span> <span class="c1">// Throw error if any occurs during template fetching</span> <span class="k">if </span><span class="p">(</span><span class="nx">templateError</span><span class="p">)</span> <span class="p">{</span> <span class="k">throw</span> <span class="nx">templateError</span><span class="p">;</span> <span class="p">}</span> <span class="c1">// Send the email using resend</span> <span class="kd">const</span> <span class="nx">RESEND_API_KEY</span> <span class="o">=</span> <span class="nx">Deno</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">RESEND_API_KEY</span><span class="dl">'</span><span class="p">)</span> <span class="kd">const</span> <span class="nx">resendRes</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">fetch</span><span class="p">(</span><span class="dl">'</span><span class="s1">https://api.resend.com/emails</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">method</span><span class="p">:</span> <span class="dl">'</span><span class="s1">POST</span><span class="dl">'</span><span class="p">,</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="dl">'</span><span class="s1">Content-Type</span><span class="dl">'</span><span class="p">:</span> <span class="dl">'</span><span class="s1">application/json</span><span class="dl">'</span><span class="p">,</span> <span class="na">Authorization</span><span class="p">:</span> <span class="s2">`Bearer </span><span class="p">${</span><span class="nx">RESEND_API_KEY</span><span class="p">}</span><span class="s2">`</span><span class="p">,</span> <span class="p">},</span> <span class="na">body</span><span class="p">:</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">({</span> <span class="na">from</span><span class="p">:</span> <span class="dl">'</span><span class="s1">rodrigo@mansueli.com</span><span class="dl">'</span><span class="p">,</span> <span class="na">to</span><span class="p">:</span> <span class="nx">email</span><span class="p">,</span> <span class="na">subject</span><span class="p">:</span> <span class="nx">templateData</span><span class="p">.</span><span class="nx">subject</span><span class="p">,</span> <span class="na">html</span><span class="p">:</span> <span class="nx">templateData</span><span class="p">.</span><span class="nx">content</span><span class="p">,</span> <span class="p">}),</span> <span class="p">});</span> <span class="c1">// Handle the response from the resend request</span> <span class="kd">const</span> <span class="nx">resendData</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">resendRes</span><span class="p">.</span><span class="nf">json</span><span class="p">();</span> <span class="k">return</span> <span class="k">new</span> <span class="nc">Response</span><span class="p">(</span><span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">(</span><span class="nx">resendData</span><span class="p">),</span> <span class="p">{</span> <span class="na">status</span><span class="p">:</span> <span class="nx">resendRes</span><span class="p">.</span><span class="nx">status</span><span class="p">,</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="dl">'</span><span class="s1">Content-Type</span><span class="dl">'</span><span class="p">:</span> <span class="dl">'</span><span class="s1">application/json</span><span class="dl">'</span><span class="p">,</span> <span class="p">},</span> <span class="p">})</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">error</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// Handle any other errors</span> <span class="k">return</span> <span class="k">new</span> <span class="nc">Response</span><span class="p">(</span><span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="nx">error</span><span class="p">.</span><span class="nx">message</span> <span class="p">}),</span> <span class="p">{</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="p">...</span><span class="nx">corsHeaders</span><span class="p">,</span> <span class="dl">'</span><span class="s1">Content-Type</span><span class="dl">'</span><span class="p">:</span> <span class="dl">'</span><span class="s1">application/json</span><span class="dl">'</span> <span class="p">},</span> <span class="na">status</span><span class="p">:</span> <span class="mi">400</span><span class="p">,</span> <span class="p">})</span> <span class="p">}</span> <span class="p">})</span> </code></pre> </div> <h2> Addressing Supabase Email Template Behavior </h2> <p>It's essential to acknowledge a particular behavior of Supabase when handling email templates. By default, Supabase removes HTML tags from email templates when using the platform's default templates. The approach we present here allows you to exercise control over the visual presentation of your email content. To effectively include HTML elements in your email templates, you can adhere to standard HTML practices.</p> <h2> Conclusion and Future Enhancements </h2> <p>Congratulations on successfully constructing a personalized authentication email system using Supabase Edge Functions, PostgreSQL, and the Resend service. By harnessing the capabilities of Supabase, you've streamlined the process of delivering tailored authentication emails to your users.</p> <p>While this tutorial covers the foundational aspects, there's always room for growth. Consider expanding the range of email template customization or integrating additional third-party services to elevate user engagement. As you continue exploring Supabase's capabilities, share your insights and enhancements with the open-source community.</p> <p>You can find the complete code used in this article on <a href="https://github.com/mansueli/Supabase-Edge-AuthMailer">GitHub</a>.</p> <h2> Further Learning Resources </h2> <p>For additional learning, we recommend exploring the following resources:</p> <ul> <li><p><a href="https://supabase.io/docs">Official Supabase Documentation</a></p></li> <li><p><a href="https://www.postgresql.org/docs/">PostgreSQL Documentation</a></p></li> <li><p><a href="https://deno.land/">Deno Official Website</a></p></li> <li><p><a href="https://resend.com/docs">Resend API Documentation</a></p></li> </ul> <p><a href="http://supabase.com?utm_source=devto&amp;utm_medium=referral&amp;utm%5C_term=devtocta" class="ltag_cta ltag_cta--branded">🚀 Learn more about Supabase</a> </p> authentication webdev i18n database How to Boost Supabase Reliability: A Guide to Using Postgres Foreign Data Wrappers Rodrigo Mansueli Tue, 15 Aug 2023 15:00:39 +0000 https://forem.com/supabase/how-to-boost-supabase-reliability-a-guide-to-using-postgres-foreign-data-wrappers-43i7 https://forem.com/supabase/how-to-boost-supabase-reliability-a-guide-to-using-postgres-foreign-data-wrappers-43i7 <p>Welcome to this comprehensive guide on enhancing the reliability and isolation of your Supabase project using the power of Foreign Data Wrappers (FDW). In this blog post, we will delve into the strategic implementation of FDWs to connect your project with an independent queue system. By adopting this approach, your Supabase project gains an additional layer of resilience, ensuring that even if your primary system encounters issues, the queue continues to operate seamlessly. This exploration promises to equip you with the knowledge to fortify your application's robustness. In a previous post, we explored <a href="https://blog.mansueli.com/mysql-foreign-data-wrapper-supabase-postgresql-edge-functions">how to create a pseudo FDW to MySQL</a> using an Edge Function as a bridge, now we'll explore using proper Postgres FDW.</p> <h3> <strong>Prerequisites for Implementing FDWs</strong> </h3> <p>To embark on this journey, it's essential to have the following prerequisites in place.</p> <ol> <li><p><strong>Main Supabase Project:</strong> You should have your primary Supabase project set up and operational. This serves as the foundation upon which we'll build the enhanced system.</p></li> <li><p><strong>Foreign Supabase Project:</strong> Similarly, your separate foreign Supabase project needs to be ready. This distinct database will be integrated using the Foreign Data Wrappers approach.</p></li> </ol> <p>Before proceeding, ensure these prerequisites are aligned to make the most of this guide.</p> <p><strong>Exploring the Process:</strong> The process we're about to undertake involves creating a bridge between your main Supabase project and the foreign Supabase project through the magic of Foreign Data Wrappers. This bridge facilitates communication and data sharing between the projects, offering enhanced reliability and isolation.</p> <h3> <strong>Create a User in the Foreign Database:</strong> </h3> <p>In this crucial step, we lay the foundation for secure communication. By creating a dedicated user 'foreign_user' and granting it specific privileges, we establish the necessary credentials to bridge the databases. The use of BYPASSRLS ensures controlled data access.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">CREATE</span> <span class="k">USER</span> <span class="n">foreign_user</span> <span class="k">WITH</span> <span class="n">PASSWORD</span> <span class="s1">'password'</span> <span class="n">BYPASSRLS</span><span class="p">;</span> <span class="k">GRANT</span> <span class="k">SELECT</span><span class="p">,</span> <span class="k">INSERT</span><span class="p">,</span> <span class="k">UPDATE</span><span class="p">,</span> <span class="k">DELETE</span> <span class="k">ON</span> <span class="k">ALL</span> <span class="n">TABLES</span> <span class="k">IN</span> <span class="k">SCHEMA</span> <span class="k">public</span> <span class="k">TO</span> <span class="n">foreign_user</span><span class="p">;</span> <span class="k">GRANT</span> <span class="k">USAGE</span><span class="p">,</span> <span class="k">SELECT</span> <span class="k">ON</span> <span class="k">ALL</span> <span class="n">SEQUENCES</span> <span class="k">IN</span> <span class="k">SCHEMA</span> <span class="k">public</span> <span class="k">TO</span> <span class="n">foreign_user</span><span class="p">;</span> </code></pre> </div> <h3> <strong>Configuration in the Main Database:</strong> </h3> <p>This step involves configuring your main Supabase database to communicate with the foreign server. We set up a new schema 'queue' to house the imported foreign data. Additionally, we establish a foreign server named 'foreign_server,' specifying connection details like host, port, and dbname. The user mapping ensures secure authentication, while the IMPORT FOREIGN SCHEMA command integrates the foreign schema into your main database.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">CREATE</span> <span class="n">EXTENSION</span> <span class="n">postgres_fdw</span><span class="p">;</span> <span class="k">CREATE</span> <span class="k">SCHEMA</span> <span class="n">queue</span><span class="p">;</span> <span class="k">ALTER</span> <span class="k">DEFAULT</span> <span class="k">PRIVILEGES</span> <span class="k">IN</span> <span class="k">SCHEMA</span> <span class="n">queue</span> <span class="k">GRANT</span> <span class="k">ALL</span> <span class="k">ON</span> <span class="n">TABLES</span> <span class="k">TO</span> <span class="n">postgres</span><span class="p">;</span> <span class="k">CREATE</span> <span class="n">SERVER</span> <span class="n">foreign_server</span> <span class="k">FOREIGN</span> <span class="k">DATA</span> <span class="n">WRAPPER</span> <span class="n">postgres_fdw</span> <span class="k">OPTIONS</span> <span class="p">(</span><span class="k">host</span> <span class="s1">'db.foreign.supabase.co'</span><span class="p">,</span> <span class="n">port</span> <span class="s1">'5432'</span><span class="p">,</span> <span class="n">dbname</span> <span class="s1">'postgres'</span><span class="p">);</span> <span class="k">CREATE</span> <span class="k">USER</span> <span class="n">MAPPING</span> <span class="k">FOR</span> <span class="n">postgres</span> <span class="n">SERVER</span> <span class="n">foreign_server</span> <span class="k">OPTIONS</span> <span class="p">(</span><span class="k">user</span> <span class="s1">'foreign_user'</span><span class="p">,</span> <span class="n">password</span> <span class="s1">'password'</span><span class="p">);</span> <span class="n">IMPORT</span> <span class="k">FOREIGN</span> <span class="k">SCHEMA</span> <span class="k">public</span> <span class="k">FROM</span> <span class="n">SERVER</span> <span class="n">foreign_server</span> <span class="k">INTO</span> <span class="n">queue</span><span class="p">;</span> <span class="k">ALTER</span> <span class="n">SERVER</span> <span class="n">foreign_server</span> <span class="k">OPTIONS</span> <span class="p">(</span><span class="n">fetch_size</span> <span class="s1">'50000'</span><span class="p">);</span> </code></pre> </div> <p><strong>Explaining fetch_size Adjustment:</strong> The <code>ALTER SERVER</code> command with the <code>fetch_size</code> option plays a vital role in optimizing data retrieval. By setting the fetch size to '50000,' we dictate how many rows of data the server fetches in a single request. Larger fetch sizes can enhance data retrieval efficiency, especially when dealing with substantial datasets.</p> <p><strong>Enhancing Queue Reliability:</strong> This approach not only boosts the reliability of your main Supabase project but also increases the robustness of your queue system. To understand more about creating a queue system using Supabase and PostgreSQL, refer to the article <a href="https://blog.mansueli.com/building-a-queue-system-with-supabase-and-postgresql">Building a Queue System with Supabase and PostgreSQL</a>.</p> <h3> <strong>Conclusion</strong> </h3> <p>By meticulously following these steps, you pave the way for a robust, interconnected Supabase ecosystem. The integration of Foreign Data Wrappers fosters reliability, ensuring that the queue system remains resilient even in the face of challenges.</p> <p>Don't hesitate to explore the <a href="https://supabase.com/docs/guides/database/extensions">Supabase documentation</a>, which offers a wealth of knowledge on database extensions and their applications.</p> <p><a href="http://supabase.com?utm_source=devto&amp;utm_medium=referral&amp;utm%5C_term=devtocta" class="ltag_cta ltag_cta--branded">🚀 Learn more about Supabase</a> </p> Integrating Password + Email Sign-in for magic-link users with Supabase and PostgreSQL Rodrigo Mansueli Tue, 01 Aug 2023 13:53:35 +0000 https://forem.com/supabase/integrating-password-email-sign-in-for-magic-link-users-with-supabase-and-postgresql-2i15 https://forem.com/supabase/integrating-password-email-sign-in-for-magic-link-users-with-supabase-and-postgresql-2i15 <p>In the realm of web development, the popularity of backend-as-a-service (BaaS) platforms has soared due to their convenience and time-saving abilities. One such platform that has garnered attention is <a href="http://supabase.com/">Supabase</a>, an open-source BaaS alternative. Supabase offers developers an array of features, including authentication, database management, and more. In this comprehensive guide, we will explore how to enable password + email sign-in for users who initially started with magic links in Supabase. This integration empowers users to effortlessly transition from magic links to password-based authentication.</p> <h3> Prerequisites </h3> <p>Before diving into this step-by-step tutorial, ensure you have the following prerequisites in place:</p> <ol> <li><p><strong>Deno</strong>: Deno is a secure runtime for JavaScript and TypeScript. Visit the official website for instructions on installing Deno.</p></li> <li><p><strong>Supabase Account</strong>: Create a free <a href="http://supabase.com/">Supabase</a> account if you haven't done so already. You'll require your Supabase URL and anonymous key for authentication.</p></li> <li><p><strong>PostgreSQL</strong>: Ensure you have PostgreSQL installed or set up a PostgreSQL database using Supabase.</p></li> </ol> <p>To maximize your understanding of this tutorial, it's beneficial to have a basic grasp of Supabase, PostgreSQL, and HTTP requests.</p> <h2> Setting Up the Database </h2> <p>Let's begin by assuming you have one of the web <a href="https://supabase.com/docs/guides/getting-started/tutorials/with-nextjs">app templates</a> with a <code>public.profile</code> table. We'll specifically add a new column to the "profiles" table to indicate whether existing users are using magic links.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="c1">-- Setting the profiles table to indicate that existing users were using magic links</span> <span class="k">ALTER</span> <span class="k">TABLE</span> <span class="k">public</span><span class="p">.</span><span class="n">profiles</span> <span class="k">ADD</span> <span class="k">COLUMN</span> <span class="n">auth_options</span> <span class="nb">text</span><span class="p">[]</span> <span class="k">DEFAULT</span> <span class="n">ARRAY</span><span class="p">[</span><span class="s1">'magiclink'</span><span class="p">]::</span><span class="nb">text</span><span class="p">[]</span> <span class="k">NULL</span><span class="p">;</span> </code></pre> </div> <h2> Implementing the Edge Function </h2> <p>The edge function plays a pivotal role in this integration as it verifies the user's authentication method (magic link or password) and updates the necessary information accordingly. Below is the Deno code for the edge function:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">serve</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">https://deno.land/std@0.192.0/http/server.ts</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">createClient</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">https://esm.sh/@supabase/supabase-js@2</span><span class="dl">"</span><span class="p">;</span> <span class="c1">// CORS headers for allowing requests from any origin</span> <span class="kd">const</span> <span class="nx">corsHeaders</span> <span class="o">=</span> <span class="p">{</span> <span class="dl">"</span><span class="s2">Access-Control-Allow-Origin</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">*</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">Access-Control-Allow-Headers</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">authorization, x-client-info, apikey, content-type</span><span class="dl">"</span><span class="p">,</span> <span class="p">};</span> <span class="nx">serve</span><span class="p">(</span><span class="k">async</span> <span class="p">(</span><span class="nx">req</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if</span> <span class="p">(</span><span class="nx">req</span><span class="p">.</span><span class="nx">method</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">OPTIONS</span><span class="dl">'</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="k">new</span> <span class="nx">Response</span><span class="p">(</span><span class="dl">'</span><span class="s1">ok</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">headers</span><span class="p">:</span> <span class="nx">corsHeaders</span> <span class="p">});</span> <span class="p">}</span> <span class="c1">// Creating a Supabase client with the provided authorization token</span> <span class="kd">const</span> <span class="nx">supabaseClient</span> <span class="o">=</span> <span class="nx">createClient</span><span class="p">(</span> <span class="nx">Deno</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="kd">get</span><span class="p">(</span><span class="dl">"</span><span class="s2">SUPABASE_URL</span><span class="dl">"</span><span class="p">)</span> <span class="o">??</span> <span class="dl">""</span><span class="p">,</span> <span class="nx">Deno</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="kd">get</span><span class="p">(</span><span class="dl">"</span><span class="s2">SUPABASE_ANON_KEY</span><span class="dl">"</span><span class="p">)</span> <span class="o">??</span> <span class="dl">""</span><span class="p">,</span> <span class="p">{</span> <span class="na">global</span><span class="p">:</span> <span class="p">{</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="na">Authorization</span><span class="p">:</span> <span class="nx">req</span><span class="p">.</span><span class="nx">headers</span><span class="p">.</span><span class="kd">get</span><span class="p">(</span><span class="dl">"</span><span class="s2">Authorization</span><span class="dl">"</span><span class="p">)</span><span class="o">!</span> <span class="p">}</span> <span class="p">},</span> <span class="na">auth</span><span class="p">:</span> <span class="p">{</span> <span class="na">autoRefreshToken</span><span class="p">:</span> <span class="kc">false</span><span class="p">,</span> <span class="na">persistSession</span><span class="p">:</span> <span class="kc">false</span><span class="p">,</span> <span class="na">detectSessionInUrl</span><span class="p">:</span> <span class="kc">false</span> <span class="p">}</span> <span class="p">}</span> <span class="p">);</span> <span class="c1">// Getting the user information from the provided authorization token</span> <span class="kd">const</span> <span class="p">{</span> <span class="na">data</span><span class="p">:</span> <span class="p">{</span> <span class="nx">user</span> <span class="p">},</span> <span class="na">error</span><span class="p">:</span> <span class="nx">userError</span> <span class="p">}</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">supabaseClient</span><span class="p">.</span><span class="nx">auth</span><span class="p">.</span><span class="nx">getUser</span><span class="p">();</span> <span class="k">if</span> <span class="p">(</span><span class="nx">userError</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nx">error</span><span class="p">(</span><span class="dl">"</span><span class="s2">User error</span><span class="dl">"</span><span class="p">,</span> <span class="nx">userError</span><span class="p">);</span> <span class="k">return</span> <span class="k">new</span> <span class="nx">Response</span><span class="p">(</span><span class="nx">JSON</span><span class="p">.</span><span class="nx">stringify</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="nx">userError</span><span class="p">.</span><span class="nx">message</span> <span class="p">}),</span> <span class="p">{</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="p">...</span><span class="nx">corsHeaders</span><span class="p">,</span> <span class="dl">"</span><span class="s2">Content-Type</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">application/json</span><span class="dl">"</span> <span class="p">},</span> <span class="na">status</span><span class="p">:</span> <span class="mi">400</span><span class="p">,</span> <span class="p">});</span> <span class="p">}</span> <span class="c1">// Getting the current authentication options for the user from the profiles table</span> <span class="kd">const</span> <span class="p">{</span> <span class="na">data</span><span class="p">:</span> <span class="nx">auth_options</span><span class="p">,</span> <span class="na">error</span><span class="p">:</span> <span class="nx">authError</span> <span class="p">}</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">supabaseClient</span><span class="p">.</span><span class="k">from</span><span class="p">(</span><span class="dl">'</span><span class="s1">profiles</span><span class="dl">'</span><span class="p">).</span><span class="nx">select</span><span class="p">(</span><span class="dl">'</span><span class="s1">auth_options</span><span class="dl">'</span><span class="p">).</span><span class="nx">eq</span><span class="p">(</span><span class="dl">'</span><span class="s1">id</span><span class="dl">'</span><span class="p">,</span> <span class="nx">user</span><span class="p">.</span><span class="nx">id</span><span class="p">);</span> <span class="k">if</span> <span class="p">(</span><span class="nx">authError</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nx">error</span><span class="p">(</span><span class="dl">"</span><span class="s2">Auth options error</span><span class="dl">"</span><span class="p">,</span> <span class="nx">authError</span><span class="p">);</span> <span class="k">return</span> <span class="k">new</span> <span class="nx">Response</span><span class="p">(</span><span class="nx">JSON</span><span class="p">.</span><span class="nx">stringify</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="nx">authError</span><span class="p">.</span><span class="nx">message</span> <span class="p">}),</span> <span class="p">{</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="p">...</span><span class="nx">corsHeaders</span><span class="p">,</span> <span class="dl">"</span><span class="s2">Content-Type</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">application/json</span><span class="dl">"</span> <span class="p">},</span> <span class="na">status</span><span class="p">:</span> <span class="mi">400</span><span class="p">,</span> <span class="p">});</span> <span class="p">}</span> <span class="c1">// Checking if the user already has password-based authentication</span> <span class="k">if</span> <span class="p">(</span><span class="nx">auth_options</span><span class="p">[</span><span class="mi">0</span><span class="p">].</span><span class="nx">auth_options</span><span class="p">.</span><span class="nx">includes</span><span class="p">(</span><span class="dl">"</span><span class="s2">password</span><span class="dl">"</span><span class="p">))</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nx">error</span><span class="p">(</span><span class="dl">"</span><span class="s2">Password update not allowed for users with password-based authentication</span><span class="dl">"</span><span class="p">);</span> <span class="k">return</span> <span class="k">new</span> <span class="nx">Response</span><span class="p">(</span><span class="nx">JSON</span><span class="p">.</span><span class="nx">stringify</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="dl">"</span><span class="s2">Password update not allowed for users with password-based authentication</span><span class="dl">"</span> <span class="p">}),</span> <span class="p">{</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="p">...</span><span class="nx">corsHeaders</span><span class="p">,</span> <span class="dl">"</span><span class="s2">Content-Type</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">application/json</span><span class="dl">"</span> <span class="p">},</span> <span class="na">status</span><span class="p">:</span> <span class="mi">400</span><span class="p">,</span> <span class="p">});</span> <span class="p">}</span> <span class="c1">// Creating a separate Supabase client with the service role key for administrative tasks</span> <span class="kd">const</span> <span class="nx">supabaseAdmin</span> <span class="o">=</span> <span class="nx">createClient</span><span class="p">(</span> <span class="nx">Deno</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="kd">get</span><span class="p">(</span><span class="dl">"</span><span class="s2">SUPABASE_URL</span><span class="dl">"</span><span class="p">)</span> <span class="o">??</span> <span class="dl">""</span><span class="p">,</span> <span class="nx">Deno</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="kd">get</span><span class="p">(</span><span class="dl">"</span><span class="s2">SUPABASE_SERVICE_ROLE_KEY</span><span class="dl">"</span><span class="p">)</span> <span class="o">??</span> <span class="dl">""</span><span class="p">,</span> <span class="p">{</span> <span class="na">auth</span><span class="p">:</span> <span class="p">{</span> <span class="na">autoRefreshToken</span><span class="p">:</span> <span class="kc">false</span><span class="p">,</span> <span class="na">persistSession</span><span class="p">:</span> <span class="kc">false</span><span class="p">,</span> <span class="na">detectSessionInUrl</span><span class="p">:</span> <span class="kc">false</span> <span class="p">}</span> <span class="p">}</span> <span class="p">);</span> <span class="c1">// Updating the user's password using the administrative client</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">newPassword</span> <span class="p">}</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">req</span><span class="p">.</span><span class="nx">json</span><span class="p">();</span> <span class="kd">const</span> <span class="p">{</span> <span class="na">error</span><span class="p">:</span> <span class="nx">updateError</span> <span class="p">}</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">supabaseAdmin</span><span class="p">.</span><span class="nx">auth</span><span class="p">.</span><span class="nx">admin</span><span class="p">.</span><span class="nx">updateUserById</span><span class="p">(</span><span class="nx">user</span><span class="p">.</span><span class="nx">id</span><span class="p">,</span> <span class="p">{</span> <span class="na">password</span><span class="p">:</span> <span class="nx">newPassword</span> <span class="p">});</span> <span class="k">if</span> <span class="p">(</span><span class="nx">updateError</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nx">error</span><span class="p">(</span><span class="dl">"</span><span class="s2">Update error</span><span class="dl">"</span><span class="p">,</span> <span class="nx">updateError</span><span class="p">);</span> <span class="k">return</span> <span class="k">new</span> <span class="nx">Response</span><span class="p">(</span><span class="nx">JSON</span><span class="p">.</span><span class="nx">stringify</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="nx">updateError</span><span class="p">.</span><span class="nx">message</span> <span class="p">}),</span> <span class="p">{</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="p">...</span><span class="nx">corsHeaders</span><span class="p">,</span> <span class="dl">"</span><span class="s2">Content-Type</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">application/json</span><span class="dl">"</span> <span class="p">},</span> <span class="na">status</span><span class="p">:</span> <span class="mi">400</span><span class="p">,</span> <span class="p">});</span> <span class="p">}</span> <span class="c1">// Updating the authentication options for the user in the profiles table</span> <span class="kd">const</span> <span class="nx">updatedAuthOptions</span> <span class="o">=</span> <span class="p">[...</span><span class="nx">auth_options</span><span class="p">[</span><span class="mi">0</span><span class="p">].</span><span class="nx">auth_options</span><span class="p">];</span> <span class="k">if</span> <span class="p">(</span><span class="o">!</span><span class="nx">updatedAuthOptions</span><span class="p">.</span><span class="nx">includes</span><span class="p">(</span><span class="dl">"</span><span class="s2">password</span><span class="dl">"</span><span class="p">))</span> <span class="p">{</span> <span class="nx">updatedAuthOptions</span><span class="p">.</span><span class="nx">push</span><span class="p">(</span><span class="dl">"</span><span class="s2">password</span><span class="dl">"</span><span class="p">);</span> <span class="p">}</span> <span class="kd">const</span> <span class="p">{</span> <span class="na">error</span><span class="p">:</span> <span class="nx">updateAuthOptionsError</span> <span class="p">}</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">supabaseClient</span><span class="p">.</span><span class="k">from</span><span class="p">(</span><span class="dl">'</span><span class="s1">profiles</span><span class="dl">'</span><span class="p">).</span><span class="nx">update</span><span class="p">({</span> <span class="na">auth_options</span><span class="p">:</span> <span class="nx">updatedAuthOptions</span> <span class="p">});</span> <span class="k">if</span> <span class="p">(</span><span class="nx">updateAuthOptionsError</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nx">error</span><span class="p">(</span><span class="dl">"</span><span class="s2">Update auth options error</span><span class="dl">"</span><span class="p">,</span> <span class="nx">updateAuthOptionsError</span><span class="p">);</span> <span class="k">return</span> <span class="k">new</span> <span class="nx">Response</span><span class="p">(</span><span class="nx">JSON</span><span class="p">.</span><span class="nx">stringify</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="nx">updateAuthOptionsError</span><span class="p">.</span><span class="nx">message</span> <span class="p">}),</span> <span class="p">{</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="p">...</span><span class="nx">corsHeaders</span><span class="p">,</span> <span class="dl">"</span><span class="s2">Content-Type</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">application/json</span><span class="dl">"</span> <span class="p">},</span> <span class="na">status</span><span class="p">:</span> <span class="mi">400</span><span class="p">,</span> <span class="p">});</span> <span class="p">}</span> <span class="c1">// Returning a success message if everything went smoothly</span> <span class="k">return</span> <span class="k">new</span> <span class="nx">Response</span><span class="p">(</span> <span class="nx">JSON</span><span class="p">.</span><span class="nx">stringify</span><span class="p">({</span> <span class="na">message</span><span class="p">:</span> <span class="dl">"</span><span class="s2">Password updated successfully</span><span class="dl">"</span> <span class="p">}),</span> <span class="p">{</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="p">...</span><span class="nx">corsHeaders</span><span class="p">,</span> <span class="dl">"</span><span class="s2">Content-Type</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">application/json</span><span class="dl">"</span> <span class="p">},</span> <span class="na">status</span><span class="p">:</span> <span class="mi">200</span><span class="p">,</span> <span class="p">},</span> <span class="p">);</span> <span class="p">});</span> </code></pre> </div> <h2> Testing the Integration </h2> <p>To ensure the seamless functioning of our integration, let's conduct some tests encompassing various scenarios:</p> <ol> <li><p>Test with a user who has been using magic links and now wants to set a password.</p></li> <li><p>Test with a user who already has a password set to ensure password updates are not allowed for such users.</p></li> </ol> <h2> Conclusion </h2> <p>Congratulations on successfully integrating password + email sign-in with Supabase and PostgreSQL! This integration provides users with the flexibility to switch from magic links to password-based authentication effortlessly, enhancing the overall user experience. By harnessing the power of Supabase's open-source backend-as-a-service capabilities and PostgreSQL's robustness, you can build secure and user-friendly applications more efficiently.</p> Safeguarding Data Integrity with pg-safeupdate in PostgreSQL and Supabase Rodrigo Mansueli Tue, 25 Jul 2023 19:40:58 +0000 https://forem.com/supabase/safeguarding-data-integrity-with-pg-safeupdate-in-postgresql-and-supabase-2bgd https://forem.com/supabase/safeguarding-data-integrity-with-pg-safeupdate-in-postgresql-and-supabase-2bgd <p>Maintaining data integrity is of paramount importance when developing web applications that rely on PostgreSQL as the underlying database. Accidental data modifications can lead to severe consequences, compromising the reliability and accuracy of the application. In this blog post, we will explore how PostgreSQL's <code>pg-safeupdate</code> extension, in conjunction with <a href="http://supabase.com/">Supabase.com</a>, a versatile backend-as-a-service platform, can be a powerful tool to ensure data safety and integrity.</p> <h3> <strong>What is pg-safeupdate?</strong> </h3> <p><code>pg-safeupdate</code> plays a crucial role in PostgreSQL, aiming to mitigate the risks linked with unintended data updates. Its primary goal is to prevent update queries lacking a WHERE clause, which can inadvertently update all rows in a table. Enforcing the presence of a WHERE clause, <code>pg-safeupdate</code> ensures explicit and targeted updates, significantly reducing the risk of accidental data alterations.</p> <h3> <strong>Enabling the Extension</strong> </h3> <p>Enabling <code>pg-safeupdate</code> can be done at two levels: on a per-connection basis or for all connections to the database. To enable it for a specific connection, you can use the following SQL command:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">LOAD</span> <span class="s1">'safeupdate'</span><span class="p">;</span> </code></pre> </div> <p>For broader applications, you can enable <code>pg-safeupdate</code> for all connections to the database with the following command:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">ALTER</span> <span class="k">DATABASE</span> <span class="n">my_app_db</span> <span class="k">SET</span> <span class="n">session_preload_libraries</span> <span class="o">=</span> <span class="s1">'safeupdate'</span><span class="p">;</span> </code></pre> </div> <p>The choice between the two methods depends on the specific use case and the desired level of data protection.</p> <h3> <strong>How pg-safe update Works:</strong> </h3> <p>Once <code>pg-safeupdate</code> is enabled, it actively monitors all update queries issued against the database. If an update query is detected without a WHERE clause, indicating an attempt to update all rows in the affected table, <code>pg-safeupdate</code> it intervenes and returns an error message. This prompt reminds developers to include a WHERE clause, ensuring that updates are precise, deliberate, and confined to specific rows.</p> <p><strong>Usage Example:</strong> To better understand the functioning of <code>pg-safeupdate</code>, let's consider a real-world example involving a <code>inventory</code> table. This table contains columns such as <code>product_id</code>, <code>product_name</code>, <code>quantity</code>, and <code>price_per_unit</code>. Without <code>pg-safeupdate</code>, an unintentional update query might look like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">LOAD</span> <span class="s1">'safeupdate'</span><span class="p">;</span> <span class="k">UPDATE</span> <span class="n">inventory</span> <span class="k">SET</span> <span class="n">quantity</span> <span class="o">=</span> <span class="mi">100</span><span class="p">;</span> </code></pre> </div> <p>This query updates the <code>quantity</code> for all products to 100, which is certainly not what we intended. However, with <code>pg-safeupdate</code> enabled, the query will be intercepted, and an error message will be returned:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="n">ERROR</span><span class="p">:</span> <span class="k">UPDATE</span> <span class="n">requires</span> <span class="n">a</span> <span class="k">WHERE</span> <span class="n">clause</span><span class="p">.</span> </code></pre> </div> <p>To proceed with the update, we must provide a WHERE clause that specifies the <code>product_id</code> of the product we want to modify:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">UPDATE</span> <span class="n">inventory</span> <span class="k">SET</span> <span class="n">quantity</span> <span class="o">=</span> <span class="mi">100</span> <span class="k">WHERE</span> <span class="n">product_id</span> <span class="o">=</span> <span class="s1">'ABC123'</span><span class="p">;</span> </code></pre> </div> <p>This updated query now precisely modifies the quantity of the product with the <code>product_id</code> of 'ABC123', ensuring data integrity.</p> <p><strong>Real-world Use Cases:</strong> In real-world scenarios, <code>pg-safeupdate</code> becomes a powerful safeguard against accidental data alterations. It prevents catastrophic data corruption in production environments, where unintended updates could lead to substantial financial losses or erode user trust. Additionally, during development and testing, <code>pg-safeupdate</code> ensures that database changes are deliberate, minimizing debugging efforts caused by unintentional data modifications.</p> <p><strong>Comparisons with Alternative Methods:</strong> While several methods exist for ensuring data integrity, <code>pg-safeupdate</code> stands out for its simplicity and effectiveness. Database triggers can achieve similar outcomes, but they might require more complex configurations and can be less transparent. Application-level constraints depend on the application code's correctness, which introduces a higher risk of human error. In contrast, <code>pg-safeupdate</code> offers a direct and efficient approach to enforcing update restrictions.</p> <p><strong>Conclusion:</strong> In the world of web applications, data integrity is non-negotiable. PostgreSQL's <code>pg-safeupdate</code> extension, in collaboration with Supabase, presents a formidable solution to mitigate the risks of accidental data updates. Mandating the use of WHERE clauses in update queries <code>pg-safeupdate</code> ensures that updates are intentional and specific. When combined with Supabase's features, developers can create robust and reliable web applications, safeguarding data from inadvertent modifications.</p> <p><strong>Additional Tips and Best Practices:</strong></p> <ul> <li><p>Enable <code>pg-safeupdate</code> during development and testing phases to catch unintended updates early in the development process.</p></li> <li><p>Always include a WHERE clause in update queries, even when the extension is not enabled, as a best practice for data safety.</p></li> <li><p>Consider enabling <code>pg-safeupdate</code> for all connections in production environments to enforce strict update restrictions consistently.</p></li> </ul> postgres sql database webdev