## Python and Supabase Guide


The guide will cover various topics related to Supabase. The guide will follow the basic todo app structure. 
To get started fresh:
- Create a new project on Supabase and call it whatever you want.
- Copy the public URL and public API key to a .env file in the current directory

In practise this would almost cerainly be done using JavaScript, but the API's are very similar and the guide I found for this was good.

In [5]:
from dotenv import load_dotenv
import os
load_dotenv()

# os.environ["PROJECT_URL"]
# os.environ["API_KEY"]

True

### 1. <ins>Creating Tables</ins> 

Creating tables with Supabase is easy, but allows for fine grain control with PostgreSQL commands. The simplest way to create a table is to navigate to the `Table Editor` and click the button to create a new table. Alternatively, navigate to the `SQL Editor` and create tables directly with SQL commands. The Supabase UI has tonnes of example SQL snippets to help get started.


### 2. <ins>CRUD</ins>

In [6]:
from supabase import create_client

supabase = create_client(os.environ["PROJECT_URL"], os.environ["API_KEY"])
supabase

<supabase.client.Client at 0x7f3889c23940>

Selecting data

In [13]:
all_todos = supabase.table("todos").select("*").execute()

In [14]:
all_todos.data

[{'id': 1, 'created_at': '2022-12-15T17:32:39.464557+00:00', 'name': 'item 1'}]

In [15]:
certain_todos = supabase.table("todos").select("name, id").eq("id", 1).execute()

In [16]:
certain_todos.data

[{'name': 'item 1', 'id': 1}]

Inserting data

In [19]:
import arrow

In [20]:
created_at = arrow.now().shift(days=-1).datetime

In [21]:
ins = supabase.table("todos").insert({"name": "item 2"}).execute()
ins = supabase.table("todos").insert({"name": "item 3", "created_at": str(created_at)}).execute()

In [22]:
all_todos = supabase.table("todos").select("*").execute()
all_todos.data

[{'id': 1, 'created_at': '2022-12-15T17:32:39.464557+00:00', 'name': 'item 1'},
 {'id': 2, 'created_at': '2022-12-15T17:52:30.597217+00:00', 'name': 'test'},
 {'id': 3, 'created_at': '2022-12-15T17:55:29.049731+00:00', 'name': 'item 2'},
 {'id': 4, 'created_at': '2022-12-14T17:55:04.423448+00:00', 'name': 'item 3'}]

Updating data

In [23]:
upd = supabase.table("todos").update({"name": "item 4 updated"}).eq("id", 2).execute()

In [24]:
all_todos = supabase.table("todos").select("*").execute()
all_todos.data

[{'id': 1, 'created_at': '2022-12-15T17:32:39.464557+00:00', 'name': 'item 1'},
 {'id': 3, 'created_at': '2022-12-15T17:55:29.049731+00:00', 'name': 'item 2'},
 {'id': 4, 'created_at': '2022-12-14T17:55:04.423448+00:00', 'name': 'item 3'},
 {'id': 2,
  'created_at': '2022-12-15T17:52:30.597217+00:00',
  'name': 'item 4 updated'}]

Deleting data

In [25]:
de = supabase.table("todos").delete().eq("id", 2).execute()

In [26]:
all_todos = supabase.table("todos").select("*").execute()
all_todos.data

[{'id': 1, 'created_at': '2022-12-15T17:32:39.464557+00:00', 'name': 'item 1'},
 {'id': 3, 'created_at': '2022-12-15T17:55:29.049731+00:00', 'name': 'item 2'},
 {'id': 4, 'created_at': '2022-12-14T17:55:04.423448+00:00', 'name': 'item 3'}]

### 3. <ins>Authentication and Authorization</ins>

In [31]:
email = "benjaminvh1997@gmail.com"
password = "password"

# user = supabase.auth.sign_up(email=email, password=password)

# this will send a confirmation link to the email provided - you need to click on it to confirm the account. 
# if there is not a website tied to the email, the link will still work, but you will see a 404 error page

In [34]:
# session = supabase.auth.sign_in(email=email, password=password + "1") # this will fail because the password is incorrect
session = supabase.auth.sign_in(email=email, password=password)
print(session)
# sign out to end the session
supabase.auth.sign_out()

access_token='eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJhdXRoZW50aWNhdGVkIiwiZXhwIjoxNjcxMTMxMzg1LCJzdWIiOiJhNzQ4ZTQzZC1mMmI2LTQ4NTItOGI3NS0xYmE1ZDgzOTk1NWUiLCJlbWFpbCI6ImJlbmphbWludmgxOTk3QGdtYWlsLmNvbSIsInBob25lIjoiIiwiYXBwX21ldGFkYXRhIjp7InByb3ZpZGVyIjoiZW1haWwiLCJwcm92aWRlcnMiOlsiZW1haWwiXX0sInVzZXJfbWV0YWRhdGEiOnt9LCJyb2xlIjoiYXV0aGVudGljYXRlZCIsImFhbCI6ImFhbDEiLCJhbXIiOlt7Im1ldGhvZCI6InBhc3N3b3JkIiwidGltZXN0YW1wIjoxNjcxMTI3Nzg1fV0sInNlc3Npb25faWQiOiI0NTNlYmM2YS03YjA0LTRjYmEtOWY3NC1lNTg3OWExZDVjMzcifQ.fHk9SO2GNDSmN1arULXfXqHlmDxESfe5XCblvxaa9pA' token_type='bearer' expires_at=1671131386 expires_in=3600 provider_token=None refresh_token='on1iuCYedgyZgRIFFAHH-w' user=User(app_metadata={'provider': 'email', 'providers': ['email']}, aud='authenticated', created_at=datetime.datetime(2022, 12, 15, 18, 5, 27, 355707, tzinfo=datetime.timezone.utc), id=UUID('a748e43d-f2b6-4852-8b75-1ba5d839955e'), user_metadata={}, identities=[Identity(id='a748e43d-f2b6-4852-8b75-1ba5d839955e', user_

#### 3.1 <ins>Row Level Security</ins>

RLS provides a way to authorize what actions a user can perform on a table. This is done by creating a policy on the table. The policy is a function that returns a boolean value. The function is passed the user's session and the row being operated on. The function can then return true or false depending on the user's permissions. 

#### 3.2 <ins>Policies</ins>

Creating a policy is done by navigating to the `SQL Editor` and creating a function. The function must return a boolean value and take two parameters. The first parameter is the user's session and the second is the row being operated on. The function can then return true or false depending on the user's permissions. As an example:
```
CREATE POLICY "Enable select for authenticated users only" ON "public"."todos"
AS PERMISSIVE FOR SELECT
TO authenticated
USING (true)
```


In [44]:
# create the client again
supabase = create_client(os.environ["PROJECT_URL"], os.environ["API_KEY"])

# try to read while not authenticated
all_todos = supabase.table("todos").select("*").execute()
print("Data before auth: ", all_todos.data)

# now log in
session = supabase.auth.sign_in(email=email, password=password)
# set the auth state on the client
supabase.postgrest.auth(session.access_token)

# try to read while authenticated
all_todos = supabase.table("todos").select("*").execute()
print("Data after auth: ", all_todos.data)

# sign out to end the session
supabase.auth.sign_out()

Data before auth:  []
Data after auth:  [{'id': 1, 'created_at': '2022-12-15T17:32:39.464557+00:00', 'name': 'item 1'}, {'id': 3, 'created_at': '2022-12-15T17:55:29.049731+00:00', 'name': 'item 2'}, {'id': 4, 'created_at': '2022-12-14T17:55:04.423448+00:00', 'name': 'item 3'}]


### 4. <ins>Storage</ins>

Supabase allows for storage of arbitrary files. This includes images, videos, music and more. Storage works via a "Bucket" which is a container for files. The bucket can be configured to allow public access or to require authentication. To create a bucket, navigate to the `Storage` tab and click the button to create a new bucket. The bucket can then be accessed via the API or the UI. We can again enable RLS to restrict access to the bucket.

In my project I created a bucket called "image-bucket", made the bucket public for convenience and just put two random images in there.

In [48]:
# create the client again
supabase = create_client(os.environ["PROJECT_URL"], os.environ["API_KEY"])

resp = supabase.storage().from_("image-bucket").get_public_url("image1.png")
print(resp)

https://mrhuocbmpxrsltbqmmvn.supabase.co/storage/v1/object/public/image-bucket/image1.png


In [55]:
# can also upload a file
resp = supabase.storage().from_("image-bucket").upload("uploaded_image.png", "./Screenshot from 2022-12-15 14-17-12.png", {
    "content-type": "image/png"
})


### 5. <ins>Edge Functions</ins>

Supabase edge functions are TypeScript functions that run on the edge of the Supabase network. They can be used to perform actions on the database or storage. Edge functions are created by navigating to the `Edge Functions` tab and clicking the button to create a new function. The function can then be edited in the UI or in a local editor. The function can then be deployed to the Supabase network.

In [60]:
func = supabase.functions()

resp = await func.invoke("my-edge-function", invoke_options={"body":{"name": "Benjamin"}})
resp

{'data': b'{"message":"Hello Benjamin!"}', 'error': None}