postgres-websockets
auth
postgres-websockets | auth | |
---|---|---|
1 | 45 | |
338 | 1,172 | |
- | 3.3% | |
7.2 | 9.4 | |
6 months ago | 1 day ago | |
Haskell | Go | |
BSD 3-clause "New" or "Revised" License | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
postgres-websockets
-
PostgREST – Serve a RESTful API from Any Postgres Database
At work, we've finally replaced a large part of a custom (mostly-)web backend with PostgREST recently, and that's quite a relief: considerably less code to maintain in that project now, and that was a rather awkward code. Something akin to PostgREST's "Embedding with Top-level Filtering" [1] had to be provided for all the tables, with OpenAPI schema and a typed API (Haskell + Servant); I avoided manually writing it all down, but at the cost of poking framework internals, and maintainability suffered. It was particularly annoying that the code doesn't really do anything useful, except for standing between a database and an HTTP client, and simply mimics the database anyway. Whenever a change had to be introduced, it was introduced into the database, the backend, and the frontend simultaneously, so it wasn't even useful for some kind of compatibility.
Now PostgREST handles all that, and only a few less trivial endpoints are handled by a custom backend (including streaming, which I'm considering replacing with postgrest-websocket [2] at some point).
During the switch to PostgREST, the encountered minor issues were those with inherited tables (had to set a bunch of computed/virtual columns [3] in order to "embed" those), and with a bug on filtering using such relations (turned out it was an already-fixed regression [4], so an update helped). Also a couple of helper stored procedures (to use via /rpc/) for updates in multiple tables at once (many-to-many relationships, to edit entities along with their relationships, using fewer requests) were added (though the old custom backend didn't have that), the security policies were set from the beginning, the frontend was rewritten (which allowed to finally switch without adding more work), so it was only left to cleanup the backend.
Not using views, since as mentioned above, database changes usually correspond to frontend changes, and the API doesn't have to be that stable yet.
Happy with it so far.
[1] https://postgrest.org/en/stable/api.html#embedding-with-top-...
[2] https://github.com/diogob/postgres-websockets
[3] https://postgrest.org/en/stable/api.html#computed-virtual-co...
[4] https://github.com/PostgREST/postgrest/issues/2530
auth
-
Supabase Auth now supports Anonymous Sign-ins
Supabase Auth now supports anonymous sign-ins, one of our most-requested features by the community.
-
Supabase – General Availability Week
People keep writing this, doesn't Supabase rely on spinning up additional services to leave, meaning you can't leave to another managed offering?
Off the top of my mind, PostgREST and go-true? https://github.com/supabase/auth
-
If you use Postgres you're "locked" into Postgres: a technology with a laundry list of providers.
If you leave Supabase, you'll lose the fully managed aspect of 99% of the Postgres providers out there, which confirms the pain the parent comment is describing.
-
Ask HN: Microsoft crawls private links – how can this be legal?
> Microsoft scans to check the website contains malware. IMHO the security blunder is a self-implemented magic link.
It's not self-implemented, you can check it out here: https://github.com/supabase/gotrue
> Not password protected if the password is part of the URL.
It's a token that's valid for a couple of minutes – just like a password reset token. Indeed, in the given implementation, it's the very same as the password reset token. If you consider this implementation as "not password protected", any website with a password reset functionality is "not password protected".
-
Supabase Local Dev: migrations, branching, and observability
I hate to be this guy, really. I would like to adopt Supabase in company, but I cannot yet.
I commented on a HN post almost a year ago about how hard is to do custom Auth with Supabase. I still haven't find a good solution about it. For example, LDAP Auth is quite crucial in most enterprise settings, yet I have no idea how to do it with Supabase. I can find a workaround for PostgREST by putting a secondary API written in some other language and fiddling with reverse proxies. But how to do with Supabase, such that all other services (realtime,...) works nicely? Is it so hard to provide a function that accept a custom strategy given the HTTP request data?
I created an issue[0] almost a year ago on Supabase, which was transferred to Gotrue. I even provided some code examples from Laravel. Even if it is not specifically for LDAP, make some API available to do so, please.
[0] https://github.com/supabase/gotrue/issues/904
- T3 Stack Template : Supabase (w/ Auth + DB) and Shadcn-UI Basic Setup
-
Is there complete documentation of the auth REST API anywhere?
Yes there is, it's just not pretty yet: https://github.com/supabase/gotrue/blob/master/openapi.yaml
- How do you implement authentication with nextjs frontend and golang backend?
-
Use base gotrue api instead of auth helper
The gotrue api: https://github.com/supabase/gotrue
-
Securing a nextjs api with supabase auth
Validation happen inside of the GoTrue: https://github.com/supabase/gotrue... but you don't need it on your own, non supabase, server side resources... that's the beauty of JWT. You can validate JWT in any back-end / language, by simply checking the signature against HS256 key.
-
Junior dev. Struggling to understand how the out-of-box Auth component works.
Supabase use gotrue for Auth, you can poke around in the code & read more about it here: https://github.com/supabase/gotrue
What are some alternatives?
postgrest - REST API for any Postgres database
supabase-nextjs-auth - Example project implementing authentication, authorization, and routing with Next.js and Supabase
graphql-api - Write type-safe GraphQL services in Haskell
frank_jwt - JSON Web Token implementation in Rust.
graphql - Haskell GraphQL implementation
jwt - Community maintained clone of https://github.com/dgrijalva/jwt-go
gc-monitoring-wai - a wai application to show `GHC.Stats.GCStats`
supabase - The open source Firebase alternative.
raml - RESTful API Modeling Language (RAML) library for Haskell
core - 🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
simpleconfig
supabase-js - An isomorphic Javascript client for Supabase. Query your Supabase database, subscribe to realtime events, upload and download files, browse typescript examples, invoke postgres functions via rpc, invoke supabase edge functions, query pgvector.