-
supabase
The open source Firebase alternative. Supabase gives you a dedicated Postgres database to build your web, mobile, and AI applications.
That can be solved with RLS. The JWT usually contains the application user id(Customer) and assuming Document has an ownerId column, the SELECT policy for Document would contain the `ownerId = auth.uid()`[1] condition - this would ensure customers can't access documents that they don't own.
This looks more fit to be discussed in. https://github.com/supabase/supabase/discussions. I'd recommend opening a discussion there.
[1]: `auth.uid()` is just a wrapper over the `current_setting('request.jwt.claims', true)` mentioned in https://postgrest.org/en/stable/api.html#accessing-request-h...
-
CodeRabbit
CodeRabbit: AI Code Reviews for Developers. Revolutionize your code reviews with AI. CodeRabbit offers PR summaries, code walkthroughs, 1-click suggestions, and AST-based analysis. Boost productivity and code quality across all major languages with each PR.
-
protobuf-rules-gen
This is an experimental protoc plugin that generates Firebase Rules for Cloud Firestore based on Google's Protocol Buffer format. This allows you to easily validate your data in a platform independent manner.
A long time ago, I was the PM on Firestore security rules, which was intended to solve both of those issues.
https://github.com/FirebaseExtended/protobuf-rules-gen was the closest we got: declaring types as protobufs (because Google, of course) and then generating both security rules to guarantee validity as well as client types that would match. I wanted to add proto annotations to do additional validity (e.g. add a regex to validate the phone number string was correct, do length checks on strings, etc.).
The short answer is that backend rules engines, either in their own DSL or bolted on to e.g. SQL, are pretty tough to get right, and have a super steep learning curve. IMO, AWS API Gateway with Lambda Authorizers get this most correct.
-
crystal
🔮 Graphile's Crystal Monorepo; home to Grafast, PostGraphile, pg-introspection, pg-sql2 and much more! (by graphile)
I've personally found Postgraphile to be fantastic. Nicer to use than Hasura and fully OSS: https://github.com/graphile/postgraphile/
-
-
Using thin-backend has been one of the most delightful experiences I've had making an SPA with a simple backend. The developer experience with the generated TypeScript types is particularly great, the DB migrations remind me of Prisma, and knowing I have a standard Postgres db under the hood is comforting. It isn't a large or complex app, but Marc has been super responsive to bugs and feature suggestions so it has been fun to iterate on. You can find the code at https://github.com/ianobermiller/colorcal.
-
And there are still some sites that host it for you for free (limited), but you can always self host it yourself...
https://parseplatform.org
-
With regards to authorization – have y'all looked any at Open Policy Agent[1]? I think it could potentially be a good fit for the Supabase stack to implement policies not just in the database but also the gateway and potentially other components as well.
It'd be super cool to be able to implement custom policies in rego code that could be re-used in several parts of the stack, and tested/verified/evolved independently from the stack.
[1]: https://www.openpolicyagent.org/
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
