Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Storage Auth #141

Closed
kiwicopple opened this issue Mar 27, 2021 · 2 comments
Closed

Storage Auth #141

kiwicopple opened this issue Mar 27, 2021 · 2 comments

Comments

@kiwicopple
Copy link
Member

Chore

Describe the chore

Not sure we are passing in the JWT headers to the storage API? like this

supabase-js/src/SupabaseClient.ts

Line 161 in 8749488

return new PostgrestClient(this.restUrl, {

Additional context

If we do this, should we also set the owner of the file? This would make RLS policies easier
@kiwicopple
Copy link
Member Author

Looks like the API accepts the owner: https://github.com/supabase/storage-api/blob/79283f89c7f6c200f4317983c5e7111b79d9c171/src/schemas/object.ts#L9

So if the user is logged in, perhaps we can send the UUID here:

supabase-js/src/lib/storage/StorageApi.ts

Line 109 in 8749488

const formData = new FormData()

Also, I see that the StorageClient gets the Auth headers here but what happens if a user isn't logged in, and then they log in. The headers for Storage aren't updated right?

phamhieu added a commit that referenced this issue Mar 29, 2021
@phamhieu
fix: retrieving storage client using getter method #141
bcd1c90
@phamhieu
Copy link
Member

Instead of using storage variable, I convert it into getter method. Whenever user gets storage client, it will have the latest auth headers.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@phamhieu @kiwicopple