Supabase Skills
Client in Nuxt
- •Client:
useSupabaseClient()in composables or pages (with@nuxtjs/supabase). Use for database and storage. - •User:
useSupabaseUser()for current auth user; use in middleware or setup for redirects.
Database
- •Queries: Chain
.from('table'),.select('*')or.select('*, relation(*)'),.eq(),.order(), etc. Prefer explicit.select()with needed columns/relations. - •Joins: Use Postgres relation syntax in select, e.g.
.select('*, block_notes(*, block_note_attachments(*))'). - •Errors: Check
errorfrom{ data, error }; surface in UI or log as appropriate. - •Types: Cast results when needed, e.g.
(data ?? []) as TimeBlockWithNote[].
RLS (Row Level Security)
- •Enable RLS on all public tables:
alter table public.<table> enable row level security; - •Policies: One policy per operation (select/insert/update/delete) or
for allwhen same condition applies. Useusing (...)for read/update/delete andwith check (...)for insert/update. - •Auth: Use
auth.uid()in policy expressions. For “own row” useauth.uid() = user_id(or equivalent column). - •Partner/shared access: Use
exists (select 1 from public.profiles me, public.profiles other where me.id = auth.uid() and ...)to enforce mutual partner relationship before granting read.
Storage
- •Buckets: Create buckets in Supabase dashboard (e.g.
avatars,block-images). Prefer path structure like{user_id}/...oravatars/{user_id}/...so policies can use(storage.foldername(name))[1]or[2]foruser_id. - •Policies: Attach policies to
storage.objectswithbucket_id = 'bucket-name'and path checks viastorage.foldername(name). Useauth.uid()::textwhen comparing to path segments. - •Public read: For public buckets, read is allowed without a select policy; for private buckets, add select policies for owner (and partner if applicable).
Schema and triggers
- •Profiles: Common pattern is a
public.profilestable withid uuid primary key references auth.users(id) on delete cascadeand a trigger onauth.users(e.g.handle_new_user) to insert a row intoprofileson signup. - •Foreign keys: Use
references public.<table>(id) on delete cascadefor dependent tables so deletes propagate.
Project patterns (this repo)
- •Composables: Fetch in composables with
useSupabaseClient()anduseAsyncData; key includes user/date (or other reactive params);watchfor reactivity. - •Schema: Tables in
supabase/schema.sql; storage policies insupabase/storage-policies.sql. Run in Supabase SQL editor after creating buckets.