Getting an empty array for getting data when RLS policy applied

Hello, I'm running into this issue and can't figure it out how to solve this.
I have an application (frotnend and backend) which interacts with my backend that has multiple edge functions to interact with the supabase client.

So I need RLS policies for all the operations in my database, first trying to apply to a

videos

videos

table (all my other tables has RLS disabled), I want to get all data from this table only if the user is authenticated.
After creating the policy I call my EF from the frontend like this:

 const supabase = await createServerClient()
 const userFilter = userId ? `&user-id=${userId}` : ''
 const { data, error } = await supabase.functions.invoke(
    `user-videos-get?limit=${limit}&page=${page}${userFilter}`,
    {
      method: 'GET',
    }
  )

 const supabase = await createServerClient()
 const userFilter = userId ? `&user-id=${userId}` : ''
 const { data, error } = await supabase.functions.invoke(
    `user-videos-get?limit=${limit}&page=${page}${userFilter}`,
    {
      method: 'GET',
    }
  )

In my edge function I do this:

const token = getSessionToken(req);
const supabaseClient = createSupabaseClient(token);
return getAllUsersVideos(supabaseClient, queryFilters);

const token = getSessionToken(req);
const supabaseClient = createSupabaseClient(token);
return getAllUsersVideos(supabaseClient, queryFilters);

And always get an empty array, I already did a

signIn

signIn

in the frontend side, so I have a session.
If I add the

anon

anon

role to the policy, it is accessible for everyone (even on a incognito window I can get that data), which I don't want to.

What I'm doing wrong or missing here?

Getting an empty array for getting data when RLS policy applied

videos

videos

table (all my other tables has RLS disabled), I want to get all data from this table only if the user is authenticated.
After creating the policy I call my EF from the frontend like this:

 const supabase = await createServerClient()
 const userFilter = userId ? `&user-id=${userId}` : ''
 const { data, error } = await supabase.functions.invoke(
    `user-videos-get?limit=${limit}&page=${page}${userFilter}`,
    {
      method: 'GET',
    }
  )

 const supabase = await createServerClient()
 const userFilter = userId ? `&user-id=${userId}` : ''
 const { data, error } = await supabase.functions.invoke(
    `user-videos-get?limit=${limit}&page=${page}${userFilter}`,
    {
      method: 'GET',
    }
  )

In my edge function I do this:

const token = getSessionToken(req);
const supabaseClient = createSupabaseClient(token);
return getAllUsersVideos(supabaseClient, queryFilters);

const token = getSessionToken(req);
const supabaseClient = createSupabaseClient(token);
return getAllUsersVideos(supabaseClient, queryFilters);

And always get an empty array, I already did a

signIn

signIn

in the frontend side, so I have a session.
If I add the

anon

anon

role to the policy, it is accessible for everyone (even on a incognito window I can get that data), which I don't want to.

What I'm doing wrong or missing here?

Getting an empty array for getting data when RLS policy applied

Getting an empty array for getting data when RLS policy applied

Similar Threads

Similar Threads

Similar Threads