7ebff31475
Version 3 of the kit: - Radix UI replaced with Base UI (using the Shadcn UI patterns) - next-intl replaces react-i18next - enhanceAction deprecated; usage moved to next-safe-action - main layout now wrapped with [locale] path segment - Teams only mode - Layout updates - Zod v4 - Next.js 16.2 - Typescript 6 - All other dependencies updated - Removed deprecated Edge CSRF - Dynamic Github Action runner
1.8 KiB
1.8 KiB
@kit/supabase — Database & Authentication
Non-Negotiables
- 3 clients:
getSupabaseServerClient()(server, RLS enforced),useSupabase()(client hook, RLS enforced),getSupabaseServerAdminClient()(bypasses RLS, use rarely and only if needed) - NEVER use admin client without manually validating authorization first
- NEVER modify
database.types.tsmanually — regenerate withpnpm supabase:web:typegen - NEVER add manual auth checks when using standard client — trust RLS
- ALWAYS add indexes on foreign keys
- ALWAYS include
account_idin storage paths - Use
Tables<'table_name'>from@kit/supabase/databasefor type references, don't create new types
Skills
/postgres-expert— Schemas, RLS, migrations, query optimization
SQL Helper Functions
public.has_role_on_account(account_id, role?)
public.has_permission(user_id, account_id, permission)
public.is_account_owner(account_id)
public.has_active_subscription(account_id)
public.is_team_member(account_id, user_id)
public.is_super_admin()
Key Imports
| Function | Import |
|---|---|
| Server client | getSupabaseServerClient from @kit/supabase/server-client |
| Client hook | useSupabase from @kit/supabase/hooks/use-supabase |
| Admin client | getSupabaseServerAdminClient from @kit/supabase/server-admin-client |
| Require user | requireUser from @kit/supabase/require-user |
| MFA check | checkRequiresMultiFactorAuthentication from @kit/supabase/check-requires-mfa |
Exemplar
apps/web/app/[locale]/home/(user)/_lib/server/load-user-workspace.ts— server client with RLS