Changelog

Go here for latest update

Hey everyone,

I'm Stojan a member of the Supabase Auth team, bringing some updates about what's next with @supabase/ssr. This is the recommended package that helps you use the Supabase JavaScript client with SSR frameworks such as NextJS, Remix, SvelteKit and others.

We've been quite busy recently gathering feedback, reviewing common complaints and bugs with the package, and using it in the popular SSR frameworks. We've identified a few areas needing improvement and we've already started implementing them.

The package is still on major version 0, indicating its beta status. We plan to move it to major version 1 in the coming months making it the preferred way of using the Supabase JavaScript library in your favorite SSR framework.

First, we'll extract @supabase/ssr's code from the auth-helpers repository into its own. We’re doing this because:

• @supabase/auth-helpers-x (like for NextJS) is no longer supported by the team, as we expect people to move to @supabase/ssr.
• It's no longer about "auth-helpers," but rather about how you can most effectively and ergonomically use the Supabase Client in various SSR and CSR contexts.
• A standalone repo makes it easier for the community to contribute and for us to track issues.

We're going to release a fairly ground-up reimplementation of the package. This should come as version 0.4.0 around mid-June. We've received a lot of signal in the past months from developers and the community about possible improvements for developer ergonomics and better handling for edge cases.

The reason for this change is because @supabase/ssr is really just a thin layer for cookie management on top of @supabase/supabase-js. We've identified some improvements that reduce odd and difficult-to-diagnose behavior. The new implementation will boast over 90% test coverage, including testing for issues that we’ve seen commonly reported so far.

As part of the new implementation, we are changing the API. The old API will be deprecated when we reach v1.0.0. This is to ensure the best possible experience for both developers and users. For most use cases and happy paths, the deprecated API will continue working during the phase-out, but we encourage switching as soon as possible. Once we release v1.0.0, major version 0 will no longer be maintained.

The change in the API is quite simple, so here’s an example of how it will look like. Instead of defining three cookie access methods get, set and remove like so:

You would need to define two — getAll and setAll cookie access methods like so:

Note that for createBrowserClient nothing needs to be done in most cases, it automatically works with the document.cookie API.

The change should be trivial for most SSR frameworks, and we'll be sure to update the guides to instruct you on how to change your code into this new way of accessing cookies.

Thanks for all your feedback! Feel free to ask any questions below!

Log drains is currently private alpha, and is available for Teams and Enterprise customers. We are still firming up the pricing and documentation, however it will likely involve a flat fee and variable egress usage. This will be announced separately through official channels.

We will be supporting Datadog as our initial provider.

The following destinations are in the works:

1. Elastic/Filebeat
2. Syslog

We are currently onboarding interested customers manually, so please fill out this form to get started: https://forms.supabase.com/logdrains.

We've released a fix to the deployment instructions for the supabase-grafana monitoring application.

If you're ingesting the metrics endpoint into your pre-existing managed infrastructure without using the supabase-grafana app, this change does not affect you. If you're running the supabase-grafana app using the docker-compose mechanism, you are also not affected.

Fly applications launched off the repository between December 10, 2023, and May 16, 2024 are impacted, and will experience:

• Fly application being shut down after periods of inactivity of a few minutes (default Fly.io behaviour)
• Historical data will not be persisted after such a shutdown

The fix to the deployment instructions ensures that a persistent volume is created to store the data on, which prevents loss in case of a machine shutdown or restart. Additionally, autoshutdown behaviour is disabled, in order to prevent the app from being paused due to inactivity.

In order to fix an existing, already deployed Fly application, you can edit its configuration to disable auto_stop_machines, and create a persistent volume, and mount it at /data (similar to the updated deployment instructions). Please note that as the newly created persistent volume will be empty to start, any existing metrics data will not be preserved as part of this change. If doing so is necessary, you can initially mount it at a separate path, copy the data over, and finally mount it at /data.

If you need further help, please reach out to Support via https://supabase.help

Conversational AI assistant in the SQL Editor#

This was previously behind a feature flag but we're now making this available by default, which will replace the existing single prompt UI that you saw previously at the top of the SQL editor. Once again, thank you all so much for the feedback that you've left us - we really appreciate them and they definitely do help in guiding us towards the ideal dashboard experience for everyone. 🙂🙏

We're also aware that the feature preview functionality is missing in the local set up - rest assured we're looking into it and hope to get a fix out soon for everyone!

PR: https://github.com/supabase/supabase/pull/23142

Link: https://supabase.com/dashboard/project/_/sql

A step towards slightly more contextual error messages#

A topic that came up in one of our discussions internally was regarding self-serviceability, and we realised that our error messages could do a much better job than just informing users what the error is about - especially when their errors from Postgres directly and the messages could be slightly cryptic for those not familiar with Postgres (yet 😉). The PR linked here is just a small idea and example for what we plan to do with error messages in the future, by giving users more context about the errors like possible solutions and links to relevant documentation. Hopefully this will make using the dashboard slightly more easier 🙂

PR: https://github.com/supabase/supabase/pull/23135

Link: https://supabase.com/dashboard/project/_/editor

Other improvements and bug fixes#

Branching

• Disable branch reset while branch is initializing (PR)

Database

• Allow searching for schema and tables when creating indexes (PR)
• Allow SQL language for writing database functions (PR)

Here’s everything we shipped during our GA week:

Day 1 - Supabase is officially launching into General Availability (GA)#

Supabase has moved to General Availability (GA) with over 1 million databases under management and over 2,500 databases launched daily. We’ve been production ready for years and now we are fully confident that we can help every customer become successful, from weekend projects to enterprise initiatives at organizations like Mozilla, 1Password, and PwC.

Full announcement | Video announcement | X space

Day 2 - Supabase Functions now supports AI models#

Supabase Functions has added a native API that makes it easy to run AI models within your functions while removing nasty cold starts. You can use the gte-small embedding model to generate text embeddings or bring your own Ollama server to tap into many more embedding models and Large Language Models (LLMs) like Llama3 and Mistral. Soon we’ll provide hosted Ollama servers so you won’t have to manage them yourselves for a more seamless experience.

Blog post | Video announcement | X space

Day 3 - Supabase Auth now supports Anonymous sign-ins#

Supabase Auth heard your requests and went to work building anonymous sign-ins which enable you to create temporary users that have yet to sign up for your application. This lowers the friction for visitors to use your application while making it easy to convert them to permanent users once they’re hooked.

Blog post | Video announcement | X space

Day 4 - Supabase Storage now supports the S3 protocol#

Supabase Storage already has standard and resumable uploads and now supports the industry standard S3 protocol enabling multipart upload and compatibility with a myriad of tools such as AWS CLI, Clickhouse, and Airbyte for a wide array of use cases.

Blog post | Video announcement | X space

Day 5 - Supabase Security & Performance Advisor#

Supabase has managed over 1 million databases over the last four years and has seen all manner of use cases with common pitfalls that we’re helping our customers address with our Security, Performance, and Index Advisors. These Advisors will help to surface and fix insecure database configurations and recommend database and query optimizations to keep your database secure and performant for your mission critical workloads.

Blog post | Video announcement | X space

GA Week Hackathon Winners#

We are delighted that so many high quality projects were submitted but in the end there could only be one Best Overall Project. The decision wasn’t easy but the Supabase panel of judges chose vdbs (vision database SQL) for the honorific. Congratulations 👏 to @xavimonp who will receive the prize of Apple AirPods.

Full list of winners | All the submissions

One more thing from GA Week#

Just kidding, there’s always more than one. Here’s more awesome things we shipped:

• Supabase on the AWS Marketplace
• Database branching is now Publicly Available
• Supabase Bootstrap: the fastest way to launch a new project
• Supabase Swift officially supported
• Oriole, table storage extension for Postgres, joins Supabase
• Fly Postgres, a managed offering from Supabase, is available to everyone for testing
• Supabase GA Week meetups in 27 cities around the world
• Join our upcoming Meetup in SF at the a16z office with friends from Ollama and Fly.io

Community Highlights#

• Changing Databases 5 Times in 48 Hours Boosted Our Launch to 35,000 Views [Article]
• Crazy new Supabase feature: Understand and learn about anonymous users [Video]
• Support unstructured data in Postgres with JSON columns [Video]
• Build an AI-powered blogging platform (Next.js, Langchain & CopilotKit) [Article]
• How to Secure Your Supabase Database and Storage [Blog post]
• Self-host Protomaps PMTiles on Supabase Storage [Video]
• Supabase Realtime - How to deal with multiplayers in Next.js [Blog post]
• The Hard Parts of Building an Application, Made Easy with Supabase [Article]

You can now use JSR packages in your Edge Functions. JSR is a modern package registry for JavaScript and TypeScript created by the Deno team. With JSR support, you can use the latest versions of popular Deno packages like Oak.

How to use:

For local development, you will need to update Supabase CLI for the version v1.166.1 or above.

Edge Functions also supports using NPM and deno.land/x packages. If you are already using them, no changes are needed.

Other improvements and bug fixes#

We've been focusing on improving existing features on the dashboard and fixing some issues over the past week, so while we've got nothing shiny to shout out about, here's still a list of things that we've shipped! 🙂 As always, feel free to let us know if there's something that you guys really want to see in the dashboard - we'll see how we can make it happen 😉

General

• Feedback widget will not clear its contents when closing until explicitly cleared or submitted [PR]

Table Editor

• Reinstate link button for foreign keys in table editor side panel [PR]
• Fix creating foreign key on new column after changing column's name [PR]

SQL Editor

• Set column width of results to be relative to column content length [PR]

Authentication

• Added Create policy CTA under each table for convenience [PR]

Storage

• Added file size validation against project's upload limit when uploading files in dashboard [PR]

Database

• Query performance: Fix searching via role and query [PR]
• Query performance: Add db inspect docs link for visibility to aid in helping identify potential Postgres issues [PR]
• Enumerated types: clean up form field when reopening create enumerated type panel [PR]
• Tables: Add ellipses to table descriptions to prevent odd wrapping for long descriptions [PR]

Supabase GA Week just wrapped up but the shipping doesn't! This just summarises what have been shipped over the last week - and more 😉

Auth support for anonymous sign-ins#

Supabase Auth now supports anonymous sign-ins, which can be used to create temporary users who haven’t signed up for your application yet! This lowers the friction for new users to try out your product since they don’t have to provide any signup credentials.

Read more about this here

PR: https://github.com/supabase/supabase/issues/21813

Link: https://supabase.com/dashboard/project/_/settings/auth

Storage support for S3 protocol#

Supabase Storage is now officially an S3-Compatible Storage Provider, and now you can use any S3 client to interact with your buckets and files: upload with TUS, serve them with REST, and manage them with the S3 protocol.

Read more about this here

PR: https://github.com/supabase/supabase/issues/22620

Link: http://supabase.com/dashboard/project/_/settings/storage

3 new advisors to your database#

We've added a Security Advisor, a Performance Advisor and a bonus Index Advisor as tools that can help improve your database, more specifically:

• Security Advisor: for detecting insecure database configuration
• Performance Advisor: for suggesting database optimizations
• Index Advisor: for suggesting indexes on slow-running queries

Read more about them here!

PR: https://github.com/supabase/supabase/issues/22842

Link: http://supabase.com/dashboard/project/_/database/security-advisor

4 new database foreign data wrappers#

We've added support for data wrappers with Auth0, Cognito, Microsoft SQL Server, and Redis! Connect to these external data sources and query them directly from your database.

PR: https://github.com/supabase/supabase/pull/22289

Link: https://supabase.com/dashboard/project/_/database/wrappers

Updating of some projects pages to more appropriate sections#

We've renamed and shifted a couple of pages within a project to sections which we believe are more appropriate and relevant. These include:

• Column Priveleges: Shifted from Auth section to Database section
• Database Replications: Renamed to Publications within the Database section
• Query Performance Reports: Shifted from Reports section to Database section

We've also added more appropriate sections within the Database section in hopes to make things easier to find!

PR: https://github.com/supabase/supabase/issues/22835

Link: https://supabase.com/dashboard/project/_

An option to submit a request to delete your account#

If comes the day that you'd no longer want to use Supabase anymore (hopefully not!) and want to be removed from our systems entirely, feel free to submit a request to delete your account through the account preferences page.

PR: https://github.com/supabase/supabase/pull/22486

Link: [https://supabase.com/dashboard/account/me](https://supabase.com/dashboard/account/me

Other improvements and bug fixes#

General

• Added project connection instructions for Vite [PR]

Join us for a Special Announcement April 15-19#

We’re making a Special Announcement on April 15th with a few more surprises throughout the week. Claim your ticket today so you don’t miss out and enter for a chance to win a set of AirPods Max.

Claim your ticket

Increased Supavisor connection pooler limits#

We’ve increased the Supavisor client connection limits, the number of concurrent clients that can connect to your project’s pooler, for projects on Small, Medium, Large, and XL compute instances while pricing remains unchanged.

Announcement

Conversational AI assistant now available in SQL Editor#

Introducing a conversational AI assistant in the SQL Editor to help you write and iterate on your queries. This is currently under a feature preview and can be enabled with instructions here.

Announcement

Supavisor pooler port 6543 is transaction-mode only#

We’re simplifying Supavisor connection pooler ports and modes so that port 6543 is only transaction mode and port 5432 continues to be only session mode. If you have pool mode set to session we recommend you switch to pooler port 5432 and set the mode to transaction.

Pull request

Migration to v2 platform architecture#

You may have noticed improved performance from your database over the last couple of weeks. We made some architectural changes to free up resources for your Postgres instance by removing Storage, Realtime, and Pgbouncer from your instance and each are replaced with an equivalent multi-tenant solution, including our new Supavisor connection pooler.

Announcement

Implementing semantic image search with Amazon Bedrock and Supabase Vector#

In this post we'll be creating a Python project to implement semantic image search featuring Amazon Bedrock and Amazon Titan’s multimodal model to embed images and Supabase Vecs client library for managing embeddings in your Supabase database with the pgvector extension.

Blog post

Quick Product Announcements#

• [Postgres Tooling] vector (pgvector) upgraded to v0.6.2 enables faster HNSW index builds using more parallel workers [Commit]
• [Postgres Tooling] pg_cron upgraded to v1.6.2 enables sub-minute schedules [Pull request]

Made With Supabase#

• location-tRacer - Supabase Realtime live location sharing app [GitHub]
• Talk to your docs - An example agent providing help on your GitHub documentation [GitHub]
• Feedbase - Open-source solution for collecting feedback & communicating updates [GitHub]
• Wacky Wordcraft - Create wacky stories with some help from AI [Twitter]
• Capgo - Instant updates for Capacitor apps. Ship updates, fixes, changes, and features within minutes [Website]

Community Highlights#

• Building an Investor List App with Novu and Supabase [Blog post]
• 3 reasons you should use Postgres Functions and Transactions [Video]
• Add image support to Flutter web application with Supabase Storage [Video]
• How to set up a secure Supabase project [Blog post]
• Dynamic Role and Permission Management in Supabase: Enhancing Security and Flexibility [Blog post]
• Simulate Supabase Postgres RLS (Row Level Security) [Blog post]
• Monitor Supabase databases and Edge Functions [Blog post]

Update#

Discussion has been updated with solution chosen.

Realtime Authorization for Broadcast and Presence is now available in Public Beta.

See the official documentation.

Overview#

This post explains how authorization works for Realtime Broadcast and Realtime Presence.

This allows you (the developer) to control access to Realtime Channels. We use Postgres Row Level Security to manage access. Developers create Policies which allow or deny access for your users.

Usage#

Creating Realtime Policies#

Using Studio’s SQL editor you can set RLS rules against the table realtime.messages which will define the rules for your users.

Since you are using RLS policies you can do more complex examples.

In a scenario where you have a schema with a table for rooms and one that creates an association between rooms and users.

We'll use this example schema to be showcase RLS policies limiting Realtime functionality

We can build more complex RLS rules using this information:

Testing Authorization#

Now to test it we can use a quick deno script by creating a index.ts

This will return an error with the message You do not have permissions to read from this Topic

But if we change our code to pass along an authenticated user, then we will be able to connect and receive / send messages.

Do not forget that RLS policies can use other tables in them so this will give you all the flexibility you need to better fit your use case but be aware of the performance impact of heavy RLS queries or non-indexed fields.

Migrating from Public Channels#

On connect, you need to send in the configuration that the channel will be private: true

Client library#

We’re working on the next version actively so we can provide a good developer experience.

Please check the latest next version at https://www.npmjs.com/package/@supabase/realtime-js?activeTab=versions

This library as changed the configuration settings to add private: true on channel connect to determine if the user will be connecting an RLS checked channel.

How it works#

Connection context#

When you connect with Realtime we set a connection configuration with your JWT, Topic and Headers using the following query:

This query is only run when you connect to a topic.

We’re also providing a new function to easily fetch the realtime.topic configuration with

Applying RLS Policies#

To achieve RLS checks on your Realtime connection we created a new table in the realtime schema to which you will be able to write RLS rules against it to control your topics extensions.

You won’t see any entries recorded in this table as we rollback the changes made to test out RLS policies to avoid creating clutter in your database.