Building Production-Grade Web Applications with Supabase
A comprehensive guide to database design, security, real-time data, storage, multi-tenancy, and more
1. Auflage
Erschienen am 18. März 2025
534 Seiten
978-1-83763-526-9 (ISBN)
Beschreibung
No detailed description available for "Building Production-Grade Web Applications with Supabase".
Alle Preise
Weitere Details
Weitere Ausgaben
Personen
Lorenz David :
David Lorenz is a web software architect and lecturer who began programming at age 11. Before completing university in 2014, he had built a CRM system that automated an entire company and worked with numerous agencies through his own company. In 2015, he secured his first employment as a senior web developer, where he played a pioneering role in using cutting-edge technology and was an early adopter of progressive web apps. In 2017, he became the leading frontend architect and team lead for one of the largest projects at Mercedes-Benz.io, involving massive-scale architecture. Today, David provides valuable insights and guidance to clients across various industries, using his extensive experience and exceptional problem-solving abilities.
David Lorenz is a web software architect and lecturer who began programming at age 11. Before completing university in 2014, he had built a CRM system that automated an entire company and worked with numerous agencies through his own company. In 2015, he secured his first employment as a senior web developer, where he played a pioneering role in using cutting-edge technology and was an early adopter of progressive web apps. In 2017, he became the leading frontend architect and team lead for one of the largest projects at Mercedes-Benz.io, involving massive-scale architecture. Today, David provides valuable insights and guidance to clients across various industries, using his extensive experience and exceptional problem-solving abilities.
Inhalt
- Cover
- Title Page
- opyright and Credits
- Dedications
- Foreword
- Contributors
- Table of Contents
- Part 1: Creating the Foundations of the Ticket System App
- Chapter 1: Unveiling the Inner Workings of Supabase and Introducing the Book's Project
- Technical requirements (and some preamble)
- Understanding why Supabase is the stack you want
- Demystifying the inner workings of Supabase with Postgres
- Access logic within a route
- Access logic as a central service
- How Supabase handles access control
- How the access system works under the hood
- Supabase Studio - the convenient web dashboard
- Supabase Auth (GoTrue) - the authentication handler
- PostgREST - a REST and GraphQL API for your database
- Realtime - elevating the user experience
- Storage - simple and scalable object storage
- Image Proxy - helping to transform images on the fly
- Edge Functions - completing the optimization stack
- pg-meta - an internal helper service for the database
- Kong - the overarching service orchestrator
- Introducing the production-grade ticket system project
- Summary
- Chapter 2: Setting Up Supabase with Next.js
- Technical requirements
- Getting ready with Next.js
- Installing the Supabase CLI
- Running your first Supabase instance on your machine
- Initializing a new local Supabase instance
- Starting your first Supabase instance
- Managing multiple local Supabase instances
- Option 1 - the start-stop technique
- Option 2 - change ports
- Connecting to Supabase with the Supabase JavaScript client
- Initializing and testing the base Supabase JavaScript client within Next.js
- Understanding the base Supabase client
- Using the Supabase client with Pages Router and App Router
- Connecting directly to the database
- Using Supabase with TypeScript
- Connecting Supabase to other frameworks
- Nuxt 3
- Python
- Summary
- Chapter 3: Creating the Ticket Management Pages, Layout, and Components
- Technical requirements
- Setting up Pico.css with Next.js
- Building the login form
- Visualizing the Ticket Management UI
- Creating a shared UI layout with navigation elements
- Designing the Ticket List page
- Constructing the Ticket Details page
- Adding the comments section to the ticket details
- Implementing a page to create a new ticket
- Implementing a user overview
- Enhancing the navigation component
- Summary
- Part 2: Adding Multi-Tenancy and Learning RLS
- Chapter 4: Adding Authentication and Application Protection
- Technical requirements
- Adding authentication protection with Supabase
- Creating users
- Preparing the middleware for authentication
- Implementing the login functionality in our app
- Protecting access to the Ticket Management system
- Adding a log out button
- Logging out using the frontend
- Logging out using the backend
- Understanding server authentication
- Enhancing the password login
- Authenticating with magic links
- Sending magic links with signInWithOtp() on the frontend
- Why I usually don't use signInWithOtp()
- Understanding a server-only magic link flow
- Implementing a server-only magic link flow with custom email content
- Adding password recovery
- Learning about the Site URL and redirect URLs
- How to configure site and redirect URLs
- Optional knowledge: adapting built-in templates
- Summary
- Chapter 5: Crafting Multi-Tenancy through Database and App Design
- Technical requirements
- What kind of multi-tenancy do we need?
- Designing the database for multi-tenancy
- Planning our database
- Creating the tenants table
- Designing the users table
- Designing the permission structure
- Committing your database state (if you don't seed it, you lose it)
- Making our Next.js application tenant-aware
- Enhancing the middleware to safeguard dynamic routes
- Fixing all static routes in the application
- Making the login tenant-based
- Summary
- Chapter 6: Enforcing Tenant Permissions with RLS and Handling Tenant Domains
- Technical requirements
- Learning to work with RLS
- Fetching tenant data with the restrictive Supabase client
- Defining RLS policies to access tenants based on permissions
- Creating a permission-based RLS policy
- Understanding and solving RLS implications
- Shrinking RLS policies based on the implications
- Learning about RLS implications
- Minimizing RLS complexity with custom claims
- Extending app_metadata with tenant permissions
- Keeping custom claims in sync with the table data
- Making the authentication process tenant-based
- Preventing password login on a foreign tenant
- Preventing the magic link login for foreign tenants
- Rejecting to visit invalid and forbidden tenant URLs when signed in
- Matching a tenant per domain instead of per path
- Adding custom domains via the hosts file
- Mapping domains in our application
- Bringing back localhost with mapped domains
- Summary
- Chapter 7: Adding Tenant-Based Signups, including Google Login
- Technical requirements
- Understanding the impact of disabling signups
- Disabling signups generally
- Disabling specific signup methods
- Implementing the registration page
- Processing the registration with a Route Handler
- Reading and validating the form data
- Rejecting registration
- Handling account creation
- Adding the service user and permission rows
- Sending the activation email
- Redirecting the user to a success page
- Enabling OAuth/Sign-in with Google
- Obtaining Google OAuth credentials
- Configuring our Supabase instance with the OAuth credentials
- Adding a "Sign in with Google" option triggering the OAuth process
- Solving the crypto/HTTPS security problem
- Building a verification route to finalize the registration
- Dealing with invalid user registration
- Summary
- Part 3: Managing Tickets and Interactions
- Chapter 8: Implementing Dynamic Ticket Management
- Technical requirements
- Creating the tickets table in the database
- Creating tickets and using triggers
- Implementing the ticket creation logic
- Using triggers to derive and set the user ID
- Improving loading behavior after adding a ticket
- Enforcing checks on the database columns
- Viewing the ticket details
- Caching the author's name with a trigger
- Improving the date and status view
- Listing and filtering tickets
- Enabling paging
- Sorting tickets
- Creating a ticket filter
- Deleting tickets
- Summary
- Chapter 9: Creating a User List with RPCs and Setting Ticket Assignees
- Technical requirements
- Adding a user list with an RPC
- Ensuring there are enough users to test
- Enhancing the table structure
- Fetching the users with an RPC
- Using the function with an RPC
- Allowing the setting and editing of an assignee to a ticket
- Adding assignee columns in the tickets table
- Creating the trigger function to cache the name
- Adding an assignee at ticket creation
- Showing the assignee in the details
- Updating the assignee
- Summary
- Chapter 10: Enhancing Interactivity with Realtime Comments
- Technical requirements
- Creating the comments table
- Adding a trigger to set the tenant automatically
- Adding and optimizing RLS policies
- Creating RLS helper functions
- Creating the policies
- Implementing comment creation
- Listing existing comments from the server
- Implementing Realtime comments
- Enabling Realtime and subscribing to it
- Updating the UI with Realtime data
- Triggering impersonated real-time updates with the Table Editor
- Embracing additional Realtime insights and learning about potential pitfalls
- Summary
- Chapter 11: Adding, Securing, and Serving File Uploads with Supabase Storage
- Technical requirements
- Creating and understanding Storage buckets
- Examining public buckets
- Exploring files within a bucket programmatically
- Learning how a basic RLS policy can be added to your bucket
- Understanding private buckets and revising our bucket choice
- Choosing a private or a public bucket?
- Enabling the addition of comments with file attachments
- Preparing the UI with file upload possibility
- Uploading files to storage
- Connecting uploaded files with the written comment
- Showing the connected files
- Serving image attachments directly in the UI
- Using Image Transformations
- Building a pseudo-CDN for private buckets
- Using the pseudo-CDN inside our UI
- Writing RLS policies directly on buckets and objects table
- Diving into advanced storage restrictions
- Summary
- Part 4: Diving Deeper into Security and Advanced Features
- Chapter 12: Avoiding Unwanted Data Manipulation and Undisclosed Exposures
- Technical requirements
- Understanding PostgREST's OpenAPI Schema exposure
- Preventing schema exposure
- Removing schemas from usage via API
- Specifically exposing a schema to the API
- Being careful with current_user usage and understanding auth.role()
- Generating new Anonymous Keys, Service Role Keys, and database passwords
- Benefiting from Supabase Vault
- Creating secrets in the Vault and reading them
- Using the secret in the business logic/within your application
- Utilizing silent resets to avoid data manipulation
- Enabling column-level security/working with roles
- Understanding security on views and manually created tables
- Changing the max_rows configuration
- Understanding safe-guarded API updates or deletion
- Adding middleware inside Postgres for each API request
- Adding middleware for PostgREST
- Using the Security Advisor
- Allowing a listing of IPs for database connections
- Enforcing SSL on direct database connections
- Summary
- Chapter 13: Adding Supabase Superpowers and Reviewing Production Hardening Tips
- Technical requirements
- Making sense of search_path
- Comprehending search path in Postgres
- Grasping the importance of extra_search_path
- Familiarizing yourself with database extensions
- Installing an extension in the default extensions schema
- Installing extensions in their own schema
- Using the programmatic installation of extensions versus using the UI
- Adding an AI-based semantic ticket search
- Deciding on an embeddings provider
- Creating the embeddings column in the table
- Creating embeddings with OpenAI
- Comparing embeddings to find matching search results
- Using anonymous sign-ins
- Transforming external APIs into tables with foreign data wrappers
- Using webhooks
- Creating webhooks with dynamic URLs per environment
- Understanding Edge Functions
- Understanding when to use Edge Functions
- Creating an Edge Function that runs for new rows
- Triggering the Edge Function
- Using cronjobs to notify about due tickets
- Using pg_jsonschema for JSON data integrity
- Testing the database with pgTAP
- Setting the auth.storageKey to avoid migration problems
- Extending supabase.ts with custom typings
- Improving RLS and query performance
- Identifying database performance problems and bloat
- Working with complex table joins
- Reviewing the underestimated benefit of using an external database client
- Understanding migrations
- Utilizing database branching
- Disabling GraphQL or PostgREST (if you don't need it)
- Using a dead-end built-in mailing setup
- Retrieving table data with the REST API and cURL
- Summary
- Index
- Other Books You May Enjoy
