Unique Profile Picture
RLSstorageHello! I am new to supabase an backend in general. I have the following (I assume very common) use case: "Users should have a single unique profile picture."
I had the following concern: if I do not enforce that a user can only upload a single profile picture on my backend (supabase), a malicious user would be able to flood my bucket with lots of photos. My main question is: is this an actual issue I should be worried about?
If this is not necessary to take into consideration, could you please tell me why not. If it is important to take this into consideration, how would I go about enforcing it? The folder structure I am using is pfp/{user_id}/avatar.png. One way I thought of enforcing uniqueness was adding a partial unique index to storage.objects where (bucket_id, (storage.foldername(name))[1]) where bucket_id = 'pfp';. However, supabase does not allow me to create a unique index on a supabase owned table and I am also not certain whether this is advisable to begin with.
I am wary of using an Edge Function to handle this because of race conditions.
One other thought I had was using RLS to enforce that the new uploaded file path is always pfp/{user_id}/avatar.png. I believe this will overwrite avatar.png if it already exists. However, I am not sure how this will work with image caching and whether it will update on the user side.
Thank you for reading and the feedback. And happy holidays!
I had the following concern: if I do not enforce that a user can only upload a single profile picture on my backend (supabase), a malicious user would be able to flood my bucket with lots of photos. My main question is: is this an actual issue I should be worried about?
If this is not necessary to take into consideration, could you please tell me why not. If it is important to take this into consideration, how would I go about enforcing it? The folder structure I am using is pfp/{user_id}/avatar.png. One way I thought of enforcing uniqueness was adding a partial unique index to storage.objects where (bucket_id, (storage.foldername(name))[1]) where bucket_id = 'pfp';. However, supabase does not allow me to create a unique index on a supabase owned table and I am also not certain whether this is advisable to begin with.
I am wary of using an Edge Function to handle this because of race conditions.
One other thought I had was using RLS to enforce that the new uploaded file path is always pfp/{user_id}/avatar.png. I believe this will overwrite avatar.png if it already exists. However, I am not sure how this will work with image caching and whether it will update on the user side.
Thank you for reading and the feedback. And happy holidays!
