#Supabase server-routes RLS authentication

Hello,

1. I am using supabase as part of my application
2. I am making all calls to supabase tables from server-side routes
3. I am adding in RLS to each of my tables. From the documentation I read that supabase will automatically send the JWT of the logged in user on CRUD requests to tables to validate the RLS rules. How does this happen if I am using supabase in server-routes where there is no client context?

Did you get any answers from this in the end?

@dim moth so from my testing / understanding:

1. Since supabase is setting cookies under the top level domain, the server routes will receive all cookies when requested.
2. Nuxt is using nitro which wraps h3 for the web server powering server routes, which gives you the event argument passed to each route handler
3. Inside of the event object you have the headers property.
4. You pass the event object to supabase when initializing its objects and it will get the token from there and I guess unencode it to get the user information

export default defineEventHandler(async (event) => {
  const user = await serverSupabaseUser(event)
  const client = await serverSupabaseClient(event)

Oh nice, so for each user that’s calling this from their own device it’s doing the decoding for them on the server against their cookies. So it send only what they’re allowed to accessto (rls comes in to play here too)

The ‘what they’re allowed access to’ is entirely dependent on how you setup the rls. But you will have their auth.id there available so very easy to just define the policy you need

You can DM me if you want help on the rls policy I just built a tester to really learn all about it and finished with my schema for all tables

Yep, I think I’ll need a hand getting my head around it all - usually just focus on the front end side of things so learning this world and have plenty of simple questions 😂 I’ve managed to get triggers working with user registration & I need to try & have a go at testing my current RLS setup with another user but I decided that I want nuxt to be running this server side instead as I’ll be hitting the end points from an iOS app aswell as a web app

sure lemme know