You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I am Trying to upload files in supabase buckets. I am not using supabase AUth I have my own token creation system and user table.
Now I have setup RLS policy all the buckets as shown below
CREATE POLICY "anon can do 1x24yub_0" ON "storage"."objects" FOR INSERT TO "anon" WITH CHECK ((("bucket_id" = 'fontuploads'::"text") AND ("split_part"("name", '/'::"text", 1) = "public"."get_org_id"())));
CREATE POLICY "anon can do 1x24yub_1" ON "storage"."objects" FOR SELECT TO "anon" USING ((("bucket_id" = 'fontuploads'::"text") AND ("split_part"("name", '/'::"text", 1) = "public"."get_org_id"())));
CREATE POLICY "anon can do 1x24yub_2" ON "storage"."objects" FOR DELETE TO "anon" USING ((("bucket_id" = 'fontuploads'::"text") AND ("split_part"("name", '/'::"text", 1) = "public"."get_org_id"())));
CREATE POLICY "anon can do 1x24yub_3" ON "storage"."objects" FOR UPDATE TO "anon" USING ((("bucket_id" = 'fontuploads'::"text") AND ("split_part"("name", '/'::"text", 1) = "public"."get_org_id"())));
The get_org_id() function is designed to handle the custom Header passed from the Frontend using below function
I tried to see of the RLS policy is enabled or not for storage shcema and found out that storage.buckets has the RLS disabled.
When I tried to enable using the query
ALTER TABLE storage.buckets
ENABLE ROW LEVEL SECURITY;
it gave me below error
Error: Failed to run sql query: ERROR: 42501: must be owner of table buckets
Can anyone help me?
OR Please suggest me a better way to handle this so that I can only allow upload to buckets with org_id folder names by thhe users with org_id encoded in the token>
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Supabase
Uh oh!
There was an error while loading. Please reload this page.
-
I am Trying to upload files in supabase buckets. I am not using supabase AUth I have my own token creation system and user table.
Now I have setup RLS policy all the buckets as shown below
CREATE POLICY "anon can do 1x24yub_0" ON "storage"."objects" FOR INSERT TO "anon" WITH CHECK ((("bucket_id" = 'fontuploads'::"text") AND ("split_part"("name", '/'::"text", 1) = "public"."get_org_id"())));
CREATE POLICY "anon can do 1x24yub_1" ON "storage"."objects" FOR SELECT TO "anon" USING ((("bucket_id" = 'fontuploads'::"text") AND ("split_part"("name", '/'::"text", 1) = "public"."get_org_id"())));
CREATE POLICY "anon can do 1x24yub_2" ON "storage"."objects" FOR DELETE TO "anon" USING ((("bucket_id" = 'fontuploads'::"text") AND ("split_part"("name", '/'::"text", 1) = "public"."get_org_id"())));
CREATE POLICY "anon can do 1x24yub_3" ON "storage"."objects" FOR UPDATE TO "anon" USING ((("bucket_id" = 'fontuploads'::"text") AND ("split_part"("name", '/'::"text", 1) = "public"."get_org_id"())));
The get_org_id() function is designed to handle the custom Header passed from the Frontend using below function
export const supabaseAuthClient = () => {
const userSession = userSessionStore();
return createClient(supabaseUrl, supabaseAnonKey, {
global: {
headers: {
'Authorization': userSession?.session?.token ?
${userSession?.session.token}: ''}
}
});
};
Where the userSession?.session.token is my custom token.
The get_org_id function decodes the authtoken and gets org_id encoded in the token. THe token is generated with below function
def create_jwt_token(user):
payload = {
"sub":user["id"],
"app_metadata":{
"org_id":user["org_id"],
"is_active":user["is_active"],
"is_super_admin":user["is_super_admin"]
However when I try to upload image, it gives below error
{
"statusCode": "403",
"error": "Unauthorized",
"message": "signature verification failed"
}
I tried to see of the RLS policy is enabled or not for storage shcema and found out that storage.buckets has the RLS disabled.
When I tried to enable using the query
ALTER TABLE storage.buckets
ENABLE ROW LEVEL SECURITY;
it gave me below error
Error: Failed to run sql query: ERROR: 42501: must be owner of table buckets
Can anyone help me?
OR Please suggest me a better way to handle this so that I can only allow upload to buckets with org_id folder names by thhe users with org_id encoded in the token>
Beta Was this translation helpful? Give feedback.
All reactions