RLS issues

xamarot · 2022-12-04T11:01:09.285Z

Don't understand how this is supposed to work. Using the standard "profiles" table created by the SQL template provided by the Supabase web admin. From what I can tell it should use the "auth" state of the supabase client to do inserts restrictred by uuid, but it won't let me update any column with RLS on, regardless of being logged in or not. I have a "CHECK EXPRESSION" saying ``` (uid() = id) ``` on my profile table. But I can't get it to work while RLS is on.

X

xamarotOP•12/4/22, 11:03 AM

It doesn't seeem to throw an error, either, whoch is weird

S

SupaBotAPP•12/4/22, 11:03 AM

S

silentworks•12/4/22, 11:04 AM

Can you provide more info and context on what you have? show screenshots where possible and code examples.

B

bummzack•12/4/22, 11:05 AM

I think it should be

auth.uid()

auth.uid()

, at least that's what I've been using everywhere

Bbummzack I think it should be `auth.uid()` , at least that's what I've been using everywh...

S

silentworks•12/4/22, 11:06 AM

Its the same as

uid()

uid()

uid()

uid() in this case.

X

xamarotOP•12/4/22, 11:06 AM

Sure, this is the code i use for register https://pastebin.com/FtTwKhhQ

Pastebin

import supabase from '../../lib/core/data/supabase'; const formDat...

Pastebin.com is the number one paste tool since 2002. Pastebin is a website where you can store text online for a set period of time.

S

silentworks•12/4/22, 11:06 AM

Paste the code here please, just use three backticks `

X

xamarotOP•12/4/22, 11:07 AM

aight

X

xamarotOP•12/4/22, 11:07 AM

import supabase from '../../lib/core/data/supabase';
 
        const formData = await request.formData();
        const email = formData.get('email').trim();
        const username = formData.get('username').trim();
        const password = formData.get('password').trim();
        const password_confirm = formData.get('password_confirm').trim();
 
        const { data, error } = await supabase.auth.signUp({
            email: email,
            password: password
        });
 
        const { error: signInError } = await supabase.auth.signInWithPassword({ email, password });
 
        console.dir(signInError);
 
        if (data) {
            await createProfile(username, data.user?.email as string, data.user?.id);
        }
 
        if (data.session) {
            cookies.set('session', data.session.access_token, {
                path: '/',
                httpOnly: true,
                sameSite: 'strict',
                secure: process.env.NODE_ENV == 'production',
                maxAge: 60 * 60 * 24 * 30
            });
            throw redirect(302, '/');
        } else {
            return invalid(400, { message: error?.message, username, email });
        }
    }
};
 
// this function does not insert anything into the profiles table
async function createProfile(username: string, email: string, user_id?: string) {
    if (!user_id) return;
    console.dir(user_id);
 
    const { error } = await supabase
        .from('profiles')
        .update({ id: user_id, username: username, email: email, updated_at: new Date() })
        .eq('id', user_id);
 
    console.dir(error);
}

import supabase from '../../lib/core/data/supabase';
 
        const formData = await request.formData();
        const email = formData.get('email').trim();
        const username = formData.get('username').trim();
        const password = formData.get('password').trim();
        const password_confirm = formData.get('password_confirm').trim();
 
        const { data, error } = await supabase.auth.signUp({
            email: email,
            password: password
        });
 
        const { error: signInError } = await supabase.auth.signInWithPassword({ email, password });
 
        console.dir(signInError);
 
        if (data) {
            await createProfile(username, data.user?.email as string, data.user?.id);
        }
 
        if (data.session) {
            cookies.set('session', data.session.access_token, {
                path: '/',
                httpOnly: true,
                sameSite: 'strict',
                secure: process.env.NODE_ENV == 'production',
                maxAge: 60 * 60 * 24 * 30
            });
            throw redirect(302, '/');
        } else {
            return invalid(400, { message: error?.message, username, email });
        }
    }
};
 
// this function does not insert anything into the profiles table
async function createProfile(username: string, email: string, user_id?: string) {
    if (!user_id) return;
    console.dir(user_id);
 
    const { error } = await supabase
        .from('profiles')
        .update({ id: user_id, username: username, email: email, updated_at: new Date() })
        .eq('id', user_id);
 
    console.dir(error);
}

import supabase from '../../lib/core/data/supabase';
 
        const formData = await request.formData();
        const email = formData.get('email').trim();
        const username = formData.get('username').trim();
        const password = formData.get('password').trim();
        const password_confirm = formData.get('password_confirm').trim();
 
        const { data, error } = await supabase.auth.signUp({
            email: email,
            password: password
        });
 
        const { error: signInError } = await supabase.auth.signInWithPassword({ email, password });
 
        console.dir(signInError);
 
        if (data) {
            await createProfile(username, data.user?.email as string, data.user?.id);
        }
 
        if (data.session) {
            cookies.set('session', data.session.access_token, {
                path: '/',
                httpOnly: true,
                sameSite: 'strict',
                secure: process.env.NODE_ENV == 'production',
                maxAge: 60 * 60 * 24 * 30
            });
            throw redirect(302, '/');
        } else {
            return invalid(400, { message: error?.message, username, email });
        }
    }
};
 
// this function does not insert anything into the profiles table
async function createProfile(username: string, email: string, user_id?: string) {
    if (!user_id) return;
    console.dir(user_id);
 
    const { error } = await supabase
        .from('profiles')
        .update({ id: user_id, username: username, email: email, updated_at: new Date() })
        .eq('id', user_id);
 
    console.dir(error);
}

import supabase from '../../lib/core/data/supabase';
 
        const formData = await request.formData();
        const email = formData.get('email').trim();
        const username = formData.get('username').trim();
        const password = formData.get('password').trim();
        const password_confirm = formData.get('password_confirm').trim();
 
        const { data, error } = await supabase.auth.signUp({
            email: email,
            password: password
        });
 
        const { error: signInError } = await supabase.auth.signInWithPassword({ email, password });
 
        console.dir(signInError);
 
        if (data) {
            await createProfile(username, data.user?.email as string, data.user?.id);
        }
 
        if (data.session) {
            cookies.set('session', data.session.access_token, {
                path: '/',
                httpOnly: true,
                sameSite: 'strict',
                secure: process.env.NODE_ENV == 'production',
                maxAge: 60 * 60 * 24 * 30
            });
            throw redirect(302, '/');
        } else {
            return invalid(400, { message: error?.message, username, email });
        }
    }
};
 
// this function does not insert anything into the profiles table
async function createProfile(username: string, email: string, user_id?: string) {
    if (!user_id) return;
    console.dir(user_id);
 
    const { error } = await supabase
        .from('profiles')
        .update({ id: user_id, username: username, email: email, updated_at: new Date() })
        .eq('id', user_id);
 
    console.dir(error);
}

B

bummzack•12/4/22, 11:08 AM

You're using

update

update

, where you probably want

insert

insert

instead? Or are you creating the profile entries with a

trigger

trigger

, then updating them?

X

xamarotOP•12/4/22, 11:08 AM

Yes, there's a trigger on signup

S

silentworks•12/4/22, 11:08 AM

I'm going to guess you have signup confirmation on, which would mean your user cannot sign in right after signing up and hence this function would fail.

X

xamarotOP•12/4/22, 11:09 AM

No, it's off

S

silentworks•12/4/22, 11:09 AM

And you can verify the user is signed in?

X

xamarotOP•12/4/22, 11:10 AM

The session seems to get set properly and all so I would think so, yes

S

silentworks•12/4/22, 11:10 AM

Also is this SvelteKit? are you doing this on the server side? if yes then there is no state kept of the user being signed in, so when you call the createProfile function there is no user available

X

xamarotOP•12/4/22, 11:11 AM

Oh yeah, that's right. I got an error now though saying "new row violates row-level security policy for table "profiles""

X

xamarotOP•12/4/22, 11:11 AM

and yes its sveltekit

X

xamarotOP•12/4/22, 11:12 AM

and yes its in an endpoint on the server side

S

silentworks•12/4/22, 11:12 AM

I'm gonna say just use the

@supabase/auth-helpers-sveltekit

@supabase/auth-helpers-sveltekit

@supabase/auth-helpers-sveltekit

@supabase/auth-helpers-sveltekit to save yourself the hassle of setting this all up by yourself

S

silentworks•12/4/22, 11:12 AM

It will take care of the handling of the user being signed in on the server side and store the cookie for you too

X

xamarotOP•12/4/22, 11:13 AM

ahhh i've seen that one around, i'll try it. thank you!

Similar Threads

Similar Threads

Similar Threads