Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Storage Auth #141

Closed
kiwicopple opened this issue Mar 27, 2021 · 2 comments
Closed

Storage Auth #141

kiwicopple opened this issue Mar 27, 2021 · 2 comments

Comments

@kiwicopple
Copy link
Member

Chore

Describe the chore

Not sure we are passing in the JWT headers to the storage API? like this

return new PostgrestClient(this.restUrl, {

Additional context

If we do this, should we also set the owner of the file? This would make RLS policies easier

@kiwicopple
Copy link
Member Author

Looks like the API accepts the owner: https://github.com/supabase/storage-api/blob/79283f89c7f6c200f4317983c5e7111b79d9c171/src/schemas/object.ts#L9

So if the user is logged in, perhaps we can send the UUID here:

const formData = new FormData()

Also, I see that the StorageClient gets the Auth headers here but what happens if a user isn't logged in, and then they log in. The headers for Storage aren't updated right?

@phamhieu
Copy link
Member

Instead of using storage variable, I convert it into getter method. Whenever user gets storage client, it will have the latest auth headers.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants