Supabase Setup
Configure your Supabase project — database, authentication providers, storage, and Row Level Security.
Supabase Setup
Supabase is the backend for ScaleRocket. It handles your database (PostgreSQL), authentication, file storage, and Edge Functions.
Create a Supabase Project
- Go to supabase.com/dashboard
- Click New project
- Fill in:
- Name — your project name
- Database password — save this somewhere safe
- Region — choose the closest to your users
- Wait for provisioning to finish
Get Your API Keys
Go to Settings > API in your Supabase dashboard. You need three values:
| Key | Where to use | Exposed to client? |
|---|---|---|
| Project URL | All apps | Yes |
| anon public key | All apps | Yes (safe to expose) |
| service_role key | Edge Functions, server-side only | No (keep secret) |
# apps/app/.env.local
VITE_SUPABASE_URL=https://abcdefg.supabase.co
VITE_SUPABASE_ANON_KEY=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...Note: The
anonkey is safe for the client. It works with Row Level Security to restrict access. Theservice_rolekey bypasses RLS — never expose it to the browser.
Database Schema
ScaleRocket includes migrations in supabase/migrations/ that create the following tables:
| Table | Purpose |
|---|---|
profiles | User profile data (linked to auth.users) |
subscriptions | Stripe subscription state per user |
credits | Credit balance and usage tracking |
products | Synced Stripe products |
prices | Synced Stripe prices |
blog_posts | Blog content managed from admin panel |
Push Migrations
Link your project and push the schema:
# Login to Supabase CLI
npx supabase login
# Link to your project (find ref in dashboard URL)
npx supabase link --project-ref your-project-ref
# Push all migrations
npx supabase db pushCreate a New Migration
When you need to change the schema:
npx supabase migration new my_migration_nameThis creates a new file in supabase/migrations/. Write your SQL, then push:
npx supabase db pushConfigure Auth Providers
ScaleRocket supports email/password, Google, and GitHub login out of the box.
Google OAuth
- Go to Google Cloud Console
- Create a new project (or use an existing one)
- Go to APIs & Services > Credentials
- Create an OAuth 2.0 Client ID (Web application)
- Add authorized redirect URI:
https://your-project-ref.supabase.co/auth/v1/callback - Copy the Client ID and Client Secret
- In Supabase dashboard, go to Authentication > Providers > Google
- Enable it, paste the Client ID and Secret, and save
GitHub OAuth
- Go to GitHub Developer Settings
- Click New OAuth App
- Set the authorization callback URL:
https://your-project-ref.supabase.co/auth/v1/callback - Copy the Client ID and Client Secret
- In Supabase dashboard, go to Authentication > Providers > GitHub
- Enable it, paste the Client ID and Secret, and save
Email Settings
In the Supabase dashboard under Authentication > Email Templates, you can customize:
- Confirmation email
- Password reset email
- Magic link email
Note: For production, configure a custom SMTP server under Settings > Authentication > SMTP Settings so emails come from your domain instead of Supabase's default.
Storage Buckets
ScaleRocket uses Supabase Storage for user-uploaded files (avatars, attachments, etc.).
Create a Bucket
- Go to Storage in the Supabase dashboard
- Click New bucket
- Name it (e.g.,
avatars) - Choose Public or Private depending on your needs
Storage Policies
For a public avatars bucket, create a policy that lets authenticated users upload:
-- Allow authenticated users to upload their own avatar
CREATE POLICY "Users can upload own avatar"
ON storage.objects FOR INSERT
TO authenticated
WITH CHECK (
bucket_id = 'avatars' AND
auth.uid()::text = (storage.foldername(name))[1]
);
-- Allow anyone to view avatars
CREATE POLICY "Public avatar access"
ON storage.objects FOR SELECT
TO public
USING (bucket_id = 'avatars');Upload from the Client
// apps/app/src/lib/storage.ts
import { supabase } from "./supabase";
export async function uploadAvatar(userId: string, file: File) {
const filePath = `${userId}/${file.name}`;
const { data, error } = await supabase.storage
.from("avatars")
.upload(filePath, file, { upsert: true });
if (error) throw error;
return data.path;
}Row Level Security
All ScaleRocket tables have RLS enabled by default. This means:
- The
anonkey cannot access any data unless a policy explicitly allows it - Each user can only read/write their own data
- The
service_rolekey bypasses RLS (use only in Edge Functions)
Example RLS policy for the profiles table:
-- Users can read their own profile
CREATE POLICY "Users can view own profile"
ON public.profiles FOR SELECT
USING (auth.uid() = id);
-- Users can update their own profile
CREATE POLICY "Users can update own profile"
ON public.profiles FOR UPDATE
USING (auth.uid() = id);Next Steps
- Configure Stripe for payments
- Set up authentication flows in the dashboard
- Create Edge Functions for your API
Done reading? Mark this page as complete.