Skip to content

neondatabase-labs/stack-nextjs-neon-rls

BranchesTags

Repository files navigation

Neon RLS + Stack Auth Example (SQL from the Backend)

A quick start Next.js template demonstrating secure user authentication and authorization using Neon RLS with Stack Auth integration. This guide primarily uses SQL from the backend to enforce row-level security policies.

Features

  • Next.js application with TypeScript
  • User authentication powered by Stack Auth
  • Row-level security using Neon RLS
  • Database migrations with Drizzle ORM
  • Ready-to-deploy configuration for Vercel, Netlify, and Render

Prerequisites

  • Neon account with a new project
  • Stack Auth account with a new project
  • Node.js 18+ installed locally

One-Click Deploy

Deploy directly to your preferred hosting platform:

Deploy with Vercel Deploy to Netlify Deploy to Render

Make sure to add your website URL as a Trusted Domain on your Stack Auth project settings.

Stack Auth Trusted Domain

Local Development Setup

Configure Stack Auth

  1. Sign up for a Stack Auth account and create a new project.

  2. Navigate to the project settings and create an API key.

  3. Upon creating the API key, you will receive NEXT_PUBLIC_STACK_PROJECT_ID, NEXT_PUBLIC_STACK_PUBLISHABLE_CLIENT_KEY and STACK_SECRET_SERVER_KEY. Keep these handy for the next steps.

    Stack Auth API Key

Set Up Neon RLS

  1. Open your Neon Console and click "RLS" in your project's settings

  2. Add a new authentication provider

  3. Set the JWKS URL to: https://api.stack-auth.com/api/v1/projects/<project-id>/.well-known/jwks.json

    Replace <project-id> with your Stack Auth project ID

    Neon RLS Add Auth Provider

  4. Follow the steps in the UI to setup the roles for Neon RLS. You should ignore the schema related steps if you're following this guide.

  5. Note down the connection strings for both the neondb_owner role and the authenticated, passwordless role. You'll need both. The neondb_owner role has full privileges and is used for migrations, while the authenticated role will be used by the application and will have its access restricted by RLS.

    Neon RLS Connection Strings

Local Installation

  1. Clone the repository:

    git clone https://github.com/neondatabase-labs/stack-nextjs-neon-rls
cd stack-nextjs-neon-rls

  2. Install dependencies:

    npm install

  3. Create .env file with the following variables:

    NEXT_PUBLIC_STACK_PROJECT_ID=
NEXT_PUBLIC_STACK_PUBLISHABLE_CLIENT_KEY=
STACK_SECRET_SERVER_KEY=

# Database connections
DATABASE_URL=              # neondb_owner role connection
DATABASE_AUTHENTICATED_URL= # authenticated role connection

    Get your Stack Auth keys from your Stack Auth project dashboard.

  4. Set up the database:

    npm run drizzle:generate  # Generate migrations
npm run drizzle:migrate  # Apply migrations

  5. Start the development server:

    npm run dev

  6. Visit http://localhost:3000 to see the application running.

    Neon RLS + Stack Auth Example

Important: Production Setup

  1. Upgrade your Stack Auth project to production mode by navigating to the project settings. Stack Auth Production Mode
  2. Verify that the JWKS URL in your Neon RLS configuration is correctly pointing to your Stack Auth project.

Learn More

Authors

Contributing

Contributions are welcome! Please feel free to submit a Pull Request.

About

A Todo List built with Stack Auth, Next.js and Neon RLS (SQL from the Backend)

Topics

neon-rls

Resources

Readme
Activity
Custom properties

Stars

3 stars

Watchers

8 watching

Forks

2 forks
Report repository

Contributors 2

  •  
  •  

Languages