Skip to content

Week 09 ‐ Devlog

givecoffee edited this page Jun 14, 2026 · 3 revisions

Adversarial testing and aggregation (aka "kicking the tires")

We are building and testing one table at a time, make sure we can isolate any issues. Starting with profiles, let's GET our own profile:

REQUEST #1: GET own profile:

  • Name: Profiles: Get Own
  • Method: GET
  • URL: {{baseUrl}}/rest/v1/profiles?id=eq.{{userId}}
  • Headers: Accept: application/json

200 Status Code received and the profile row contained the display name and other fields. Profile returned correctly. Note the UUID, this is the real auth user created through Supabase, different from the manually seeded ones.

display_name is null because this profile was auto-created by the handle_new_user trigger when you signed up. The trigger fired and created the row with just the UUID, which is exactly what it's supposed to do.

REQUEST #2: PATCH display_name:

  • Name: Profiles: Update Display Name
  • Method: PATCH
  • URL: {{baseUrl}}/rest/v1/profiles?id=eq.{{userId}}
  • Headers: Content-Type: application/json, Prefer: return=representation
  • Body (raw JSON):
{
  "display_name": "Rae"
}

After adding a custom header with the prefer key, we are able to run it and confirm that:

  • display_name is now "Rae"
  • updated_at changed from 09:46 to 10:12 - the update_updated_at trigger fired automatically

The trigger is working through the API, so we can work on spaces.

REQUEST #3: POST new space:

  • Name: Spaces: Create
  • Method: POST
  • URL: {{baseUrl}}/rest/v1/spaces
  • Headers: Content-Type: application/json, Prefer: return=representation
  • Body (raw JSON):
{
  "user_id": "{{userId}}",
  "name": "Rooftop Garden",
  "space_type": "outdoor",
  "description": "Container beds on the roof"
}

When adding the spaceId to the environmental variables, Postman detected the accessToken JWT as a Supabase service role key and although they look similar, they are not the same. This can be dismissed and ensure that you do not click 'Secure All' because it will move the value to the vault and this will break the post-response script. This is because it will auto-update after each sign-in.

REQUEST #4: GET spaces:

  • Name: Spaces: Get All
  • Method: GET
  • URL: {{baseUrl}}/rest/v1/spaces?user_id=eq.{{userId}}
  • Headers: Accept: application/json

REQUEST #5: PATCH space name:

  • Name: Spaces: Update Name
  • Method: PATCH
  • URL: {{baseUrl}}/rest/v1/spaces?id=eq.{{spaceId}}
  • Headers: Content-Type: application/json, Prefer: return=representation
  • Body (raw JSON):
{
  "name": "Rooftop Garden 2026"
}

REQUEST #6: POST new plant:

  • Name: Plants: Create
  • Method: POST
  • URL: {{baseUrl}}/rest/v1/plants
  • Headers: Content-Type: application/json, Prefer: return=representation
  • Body (raw JSON):
{
  "space_id": "{{spaceId}}",
  "user_id": "{{userId}}",
  "common_name": "Pepper",
  "variety": "Jalapeño",
  "planted_date": "2026-06-14",
  "current_stage": "seedling"
}

REQUEST #7: GET plants by space:

  • Name: Plants: Get by Space
  • Method: GET
  • URL: {{baseUrl}}/rest/v1/plants?space_id=eq.{{spaceId}}
  • Headers: Accept: application/json

REQUEST #8: PATCH plant growth stage:

  • Name: Plants: Update Stage
  • Method: PATCH
  • URL: {{baseUrl}}/rest/v1/plants?id=eq.{{plantId}}
  • Headers: Content-Type: application/json, Prefer: return=representation
  • Body (raw JSON):
{
  "current_stage": "vegetative"
}

REQUEST #9: POST new data log:

  • Name: Data Logs: Create
  • Method: POST
  • URL: {{baseUrl}}/rest/v1/data_logs
  • Headers: Content-Type: application/json, Prefer: return=representation
  • Body (raw JSON):
{
  "plant_id": "{{plantId}}",
  "user_id": "{{userId}}",
  "metric_type": "ph",
  "value": 6.5,
  "unit": "pH",
  "notes": "Morning reading"
}

REQUEST #10: GET logs by plant:

  • Name: Data Logs: Get by Plant
  • Method: GET
  • URL: {{baseUrl}}/rest/v1/data_logs?plant_id=eq.{{plantId}}
  • Headers: Accept: application/json

REQUEST #11: PATCH data log (should be blocked):

  • Name: Data Logs: PATCH (append-only proof)
  • Method: PATCH
  • URL: {{baseUrl}}/rest/v1/data_logs?id=eq.9cb521d1-96af-4905-a6c8-2cf0111b4a4f
  • Headers: Content-Type: application/json, Prefer: return=representation
  • Body (raw JSON):
{
  "value": 99.9
}

Returns code 200 with an empty array as expected.

REQUEST #12: POST new task:

  • Name: Tasks: Create
  • Method: POST
  • URL: {{baseUrl}}/rest/v1/tasks
  • Headers: Content-Type: application/json, Prefer: return=representation
  • Body (raw JSON):
{
  "space_id": "{{spaceId}}",
  "user_id": "{{userId}}",
  "plant_id": "{{plantId}}",
  "title": "Water the pepper",
  "due_date": "2026-06-15",
  "status": "pending"
}

REQUEST #13: GET tasks:

  • Name: Tasks: Get All
  • Method: GET
  • URL: {{baseUrl}}/rest/v1/tasks?user_id=eq.{{userId}}
  • Headers: Accept: application/json

REQUEST #14: PATCH task status to complete:

  • Name: Tasks: Complete (trigger verification)
  • Method: PATCH
  • URL: {{baseUrl}}/rest/v1/tasks?id=eq.0d09be0b-59e4-450e-8054-abf864ef6e85
  • Headers: Content-Type: application/json, Prefer: return=representation
  • Body (raw JSON):
{
  "status": "complete"
}
  • status changed to complete
  • completed_at set to 2026-06-14T11:10:59 — set by the trigger, not sent by the client
  • updated_at updated automatically by the update_updated_at trigger

Issues Worked On:

Branches:

Pull Requests:

Notes:

  • All 14 CRUD requests verified across five tables - triggers firing on every PATCH
  • completed_at set automatically on task completion
  • the data_logs append-only policy confirmed returning 200 with an empty array on PATCH

Verification/Screenshots:

GET own userId

GET-own-userId

PATCH displayname

PATCH-displayname

POST spaces

POST-spaces

GET spacesAll

GET-spacesAll

PATCH spaces update name

PATCH-spaces-update-name

POST plants create

POST-plants-create

GET plants by space

GET-plants-by-space

PATCH plant stage

PATCH-plant-stage

POST new log

POST-new-log

GET logs by plant

GET-logs-by-plant

POST new task

POST-new-task

GET all tasks

GET-all-tasks

PATCH task status complete

PATCH-task-status-complete

Clone this wiki locally