Building modern web applications that handle data efficiently while providing excellent user experiences has never been more accessible. The combination of Supabase and Next.js creates a powerful, scalable foundation for full-stack applications that can grow with your needs. This comprehensive guide will walk you through creating a complete CRUD (Create, Read, Update, Delete) application from scratch, incorporating authentication, real-time features, and production-ready deployment strategies.
What You’ll Learn in This Guide
By the end of this tutorial, you’ll have built a fully functional web application featuring:
- User authentication with secure session management
- Complete CRUD operations for managing data
- Real-time updates across multiple users
- Responsive design with modern UI components
- Production deployment with proper security configurations
This guide assumes basic knowledge of JavaScript and React, but provides detailed explanations for Supabase-specific concepts and Next.js patterns.
Why Supabase + Next.js Is the Perfect Stack for Modern Apps
The combination of Supabase and Next.js addresses common development challenges while maintaining flexibility and performance. Supabase provides a complete backend solution with minimal configuration, while Next.js offers optimized React development with built-in features like server-side rendering and API routes. Together, they eliminate the complexity of backend setup while delivering enterprise-grade capabilities.
This stack is particularly valuable for startups and developers who need to ship quickly without sacrificing scalability or security. The open-source nature of both tools ensures long-term viability and community support.
Understanding the Tech Stack
What Is Supabase? – The Open Source Firebase Alternative
Supabase is an open-source Backend-as-a-Service (BaaS) platform that provides essential backend services including:
- PostgreSQL Database: Full-featured relational database with JSON support
- Authentication: Built-in user management with multiple providers
- Real-time Subscriptions: Live data updates using WebSockets
- Storage: File upload and management system
- Edge Functions: Serverless functions for custom logic
Unlike proprietary alternatives, Supabase runs on standard PostgreSQL, ensuring data portability and avoiding vendor lock-in. The platform generates REST and GraphQL APIs automatically based on your database schema.
Why Choose Next.js for Your Frontend?
Next.js extends React with production-ready features that streamline development:
- File-based Routing: Automatic route generation from folder structure
- Server-Side Rendering (SSR): Improved SEO and initial load performance
- Static Site Generation (SSG): Pre-built pages for optimal performance
- API Routes: Backend functionality within the same codebase
- Image Optimization: Automatic image processing and lazy loading
Key Benefits of Combining Supabase with Next.js
The synergy between these technologies creates several advantages:
- Rapid Development: Auto-generated APIs and built-in authentication reduce boilerplate code
- Type Safety: TypeScript support across the entire stack
- Scalability: Both platforms handle growth automatically
- Developer Experience: Excellent tooling and documentation
- Cost Efficiency: Generous free tiers for development and small applications
Project Setup and Tooling
Setting Up a New Next.js Project
Create a new Next.js application with TypeScript support:
npx create-next-app@latest my-crud-app --typescript --tailwind --eslint --app
cd my-crud-app
This command creates a modern Next.js project with the App Router, TypeScript configuration, and Tailwind CSS for styling.
Installing and Configuring Supabase Client SDK
Install the Supabase JavaScript client library:
npm install @supabase/supabase-js
Create a Supabase client configuration file at lib/supabase.ts:
import { createClient } from '@supabase/supabase-js'
const supabaseUrl = process.env.NEXT_PUBLIC_SUPABASE_URL!
const supabaseAnonKey = process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!
export const supabase = createClient(supabaseUrl, supabaseAnonKey)
Environment Variables: Keeping Secrets Safe
Create a .env.local file in your project root:
NEXT_PUBLIC_SUPABASE_URL=your_supabase_project_url
NEXT_PUBLIC_SUPABASE_ANON_KEY=your_supabase_anon_key
These variables are prefixed with NEXT_PUBLIC_ to make them available in the browser. Never expose service role keys in client-side code.
Designing the Database with Supabase
Creating Tables and Relationships in Supabase
Navigate to your Supabase dashboard and create a new table for your CRUD application. For this example, we’ll create a “posts” table:
CREATE TABLE posts (
id UUID DEFAULT gen_random_uuid() PRIMARY KEY,
title VARCHAR(255) NOT NULL,
content TEXT,
author_id UUID REFERENCES auth.users(id),
created_at TIMESTAMP WITH TIME ZONE DEFAULT NOW(),
updated_at TIMESTAMP WITH TIME ZONE DEFAULT NOW()
);
-- Create an index for better query performance
CREATE INDEX posts_author_id_idx ON posts(author_id);
Auto-Generated APIs: Let Supabase Do the Heavy Lifting
Supabase automatically generates REST and GraphQL APIs based on your database schema. Once you create the table, endpoints become immediately available:
GET /rest/v1/posts- Retrieve all postsPOST /rest/v1/posts- Create a new postPATCH /rest/v1/posts?id=eq.{id}- Update a specific postDELETE /rest/v1/posts?id=eq.{id}- Delete a specific post
Configuring Row-Level Security (RLS) for Better Control
Enable Row-Level Security to ensure users can only access their own data:
-- Enable RLS on the posts table
ALTER TABLE posts ENABLE ROW LEVEL SECURITY;
-- Policy for users to read their own posts
CREATE POLICY "Users can read own posts" ON posts
FOR SELECT USING (auth.uid() = author_id);
-- Policy for users to insert their own posts
CREATE POLICY "Users can insert own posts" ON posts
FOR INSERT WITH CHECK (auth.uid() = author_id);
-- Policy for users to update their own posts
CREATE POLICY "Users can update own posts" ON posts
FOR UPDATE USING (auth.uid() = author_id);
-- Policy for users to delete their own posts
CREATE POLICY "Users can delete own posts" ON posts
FOR DELETE USING (auth.uid() = author_id);
Building the User Interface
Planning the App Layout and Navigation
Create a clean, responsive layout with navigation. Design your component structure:
components/
├── Layout.tsx
├── Navigation.tsx
├── PostCard.tsx
├── PostForm.tsx
└── LoadingSpinner.tsx
Creating Pages with Next.js File-Based Routing
Organize your pages using the App Router structure:
app/
├── page.tsx (home page)
├── login/
│ └── page.tsx
├── dashboard/
│ └── page.tsx
├── posts/
│ ├── page.tsx
│ ├── new/
│ │ └── page.tsx
│ └── [id]/
│ └── edit/
│ └── page.tsx
└── layout.tsx
Adding Tailwind CSS or Another UI Framework for Styling
Tailwind CSS was included during project setup. Create a consistent design system with utility classes:
// components/Button.tsx
interface ButtonProps {
children: React.ReactNode
variant?: 'primary' | 'secondary' | 'danger'
onClick?: () => void
disabled?: boolean
}
export function Button({ children, variant = 'primary', onClick, disabled }: ButtonProps) {
const baseClasses = 'px-4 py-2 rounded-md font-medium transition-colors'
const variantClasses = {
primary: 'bg-blue-600 text-white hover:bg-blue-700',
secondary: 'bg-gray-200 text-gray-900 hover:bg-gray-300',
danger: 'bg-red-600 text-white hover:bg-red-700'
}
return (
<button
className={`${baseClasses} ${variantClasses[variant]} ${disabled ? 'opacity-50 cursor-not-allowed' : ''}`}
onClick={onClick}
disabled={disabled}
>
{children}
</button>
)
}
User Authentication with Supabase
Enabling Email/Password Authentication
In your Supabase dashboard, navigate to Authentication > Settings and enable email authentication. Configure your site URL and redirect URLs for production deployment.
Creating Signup and Login Forms
Create authentication forms with proper validation:
// components/AuthForm.tsx
'use client'
import { useState } from 'react'
import { supabase } from '@/lib/supabase'
interface AuthFormProps {
mode: 'login' | 'signup'
}
export function AuthForm({ mode }: AuthFormProps) {
const [email, setEmail] = useState('')
const [password, setPassword] = useState('')
const [loading, setLoading] = useState(false)
const [error, setError] = useState<string | null>(null)
const handleSubmit = async (e: React.FormEvent) => {
e.preventDefault()
setLoading(true)
setError(null)
const { error } = mode === 'login'
? await supabase.auth.signInWithPassword({ email, password })
: await supabase.auth.signUp({ email, password })
if (error) {
setError(error.message)
}
setLoading(false)
}
return (
<form onSubmit={handleSubmit} className="space-y-4">
<div>
<label htmlFor="email" className="block text-sm font-medium text-gray-700">
Email
</label>
<input
id="email"
type="email"
value={email}
onChange={(e) => setEmail(e.target.value)}
required
className="mt-1 block w-full rounded-md border-gray-300 shadow-sm"
/>
</div>
<div>
<label htmlFor="password" className="block text-sm font-medium text-gray-700">
Password
</label>
<input
id="password"
type="password"
value={password}
onChange={(e) => setPassword(e.target.value)}
required
className="mt-1 block w-full rounded-md border-gray-300 shadow-sm"
/>
</div>
{error && (
<div className="text-red-600 text-sm">{error}</div>
)}
<button
type="submit"
disabled={loading}
className="w-full bg-blue-600 text-white py-2 px-4 rounded-md hover:bg-blue-700 disabled:opacity-50"
>
{loading ? 'Loading...' : mode === 'login' ? 'Sign In' : 'Sign Up'}
</button>
</form>
)
}
Managing Sessions and Protecting Routes
Create a custom hook for authentication state management:
// hooks/useAuth.ts
'use client'
import { useEffect, useState } from 'react'
import { User } from '@supabase/supabase-js'
import { supabase } from '@/lib/supabase'
export function useAuth() {
const [user, setUser] = useState<User | null>(null)
const [loading, setLoading] = useState(true)
useEffect(() => {
// Get initial session
supabase.auth.getSession().then(({ data: { session } }) => {
setUser(session?.user ?? null)
setLoading(false)
})
// Listen for auth changes
const { data: { subscription } } = supabase.auth.onAuthStateChange((event, session) => {
setUser(session?.user ?? null)
setLoading(false)
})
return () => subscription.unsubscribe()
}, [])
return { user, loading }
}
Implementing Create Functionality
Creating a Form to Add New Records
Build a reusable form component for creating posts:
// components/PostForm.tsx
'use client'
import { useState } from 'react'
import { supabase } from '@/lib/supabase'
import { useAuth } from '@/hooks/useAuth'
interface PostFormData {
title: string
content: string
}
export function PostForm({ onSuccess }: { onSuccess?: () => void }) {
const { user } = useAuth()
const [formData, setFormData] = useState<PostFormData>({
title: '',
content: ''
})
const [loading, setLoading] = useState(false)
const [error, setError] = useState<string | null>(null)
const handleSubmit = async (e: React.FormEvent) => {
e.preventDefault()
if (!user) return
setLoading(true)
setError(null)
const { error } = await supabase
.from('posts')
.insert([
{
title: formData.title,
content: formData.content,
author_id: user.id
}
])
if (error) {
setError(error.message)
} else {
setFormData({ title: '', content: '' })
onSuccess?.()
}
setLoading(false)
}
return (
<form onSubmit={handleSubmit} className="space-y-4">
<div>
<label htmlFor="title" className="block text-sm font-medium text-gray-700">
Title
</label>
<input
id="title"
type="text"
value={formData.title}
onChange={(e) => setFormData({ ...formData, title: e.target.value })}
required
className="mt-1 block w-full rounded-md border-gray-300 shadow-sm"
/>
</div>
<div>
<label htmlFor="content" className="block text-sm font-medium text-gray-700">
Content
</label>
<textarea
id="content"
value={formData.content}
onChange={(e) => setFormData({ ...formData, content: e.target.value })}
rows={4}
className="mt-1 block w-full rounded-md border-gray-300 shadow-sm"
/>
</div>
{error && (
<div className="text-red-600 text-sm">{error}</div>
)}
<button
type="submit"
disabled={loading}
className="bg-blue-600 text-white py-2 px-4 rounded-md hover:bg-blue-700 disabled:opacity-50"
>
{loading ? 'Creating...' : 'Create Post'}
</button>
</form>
)
}
Submitting Data to Supabase
The form above demonstrates the basic pattern for inserting data into Supabase. Key points:
- Always validate user authentication before operations
- Include proper error handling for network issues
- Reset form state after successful submission
- Use loading states to provide user feedback
Handling Form Validation and Errors
Implement client-side validation with libraries like Zod for type safety:
npm install zod
import { z } from 'zod'
const postSchema = z.object({
title: z.string().min(1, 'Title is required').max(255, 'Title too long'),
content: z.string().optional()
})
// Validate before submission
const validation = postSchema.safeParse(formData)
if (!validation.success) {
setError(validation.error.issues[0].message)
return
}
Reading Data from Supabase
Fetching Data Using Supabase’s JavaScript Client
Create a custom hook for fetching posts:
// hooks/usePosts.ts
'use client'
import { useEffect, useState } from 'react'
import { supabase } from '@/lib/supabase'
interface Post {
id: string
title: string
content: string
created_at: string
updated_at: string
}
export function usePosts() {
const [posts, setPosts] = useState<Post[]>([])
const [loading, setLoading] = useState(true)
const [error, setError] = useState<string | null>(null)
useEffect(() => {
fetchPosts()
}, [])
const fetchPosts = async () => {
try {
const { data, error } = await supabase
.from('posts')
.select('*')
.order('created_at', { ascending: false })
if (error) throw error
setPosts(data || [])
} catch (err) {
setError(err instanceof Error ? err.message : 'An error occurred')
} finally {
setLoading(false)
}
}
return { posts, loading, error, refetch: fetchPosts }
}
Displaying Data with React Components
Create a component to display the list of posts:
// components/PostList.tsx
'use client'
import { usePosts } from '@/hooks/usePosts'
import { LoadingSpinner } from './LoadingSpinner'
export function PostList() {
const { posts, loading, error } = usePosts()
if (loading) return <LoadingSpinner />
if (error) return <div className="text-red-600">Error: {error}</div>
if (posts.length === 0) return <div className="text-gray-500">No posts found</div>
return (
<div className="space-y-4">
{posts.map((post) => (
<div key={post.id} className="bg-white p-6 rounded-lg shadow">
<h3 className="text-lg font-semibold mb-2">{post.title}</h3>
{post.content && (
<p className="text-gray-600 mb-4">{post.content}</p>
)}
<div className="text-sm text-gray-400">
Created: {new Date(post.created_at).toLocaleDateString()}
</div>
</div>
))}
</div>
)
}
Adding Loading States and Error Handling
Implement comprehensive loading and error states throughout your application:
// components/LoadingSpinner.tsx
export function LoadingSpinner() {
return (
<div className="flex justify-center items-center p-8">
<div className="animate-spin rounded-full h-8 w-8 border-b-2 border-blue-600"></div>
</div>
)
}
// components/ErrorBoundary.tsx
'use client'
import { Component, ReactNode } from 'react'
interface Props {
children: ReactNode
}
interface State {
hasError: boolean
error?: Error
}
export class ErrorBoundary extends Component<Props, State> {
constructor(props: Props) {
super(props)
this.state = { hasError: false }
}
static getDerivedStateFromError(error: Error): State {
return { hasError: true, error }
}
render() {
if (this.state.hasError) {
return (
<div className="text-center p-8">
<h2 className="text-xl font-semibold text-red-600 mb-2">Something went wrong</h2>
<p className="text-gray-600">Please refresh the page and try again.</p>
</div>
)
}
return this.props.children
}
}
Updating Records in the App
Creating Editable Forms for Existing Data
Build an edit form that can be pre-populated with existing data:
// components/EditPostForm.tsx
'use client'
import { useState, useEffect } from 'react'
import { supabase } from '@/lib/supabase'
interface EditPostFormProps {
postId: string
onSuccess?: () => void
}
export function EditPostForm({ postId, onSuccess }: EditPostFormProps) {
const [formData, setFormData] = useState({
title: '',
content: ''
})
const [loading, setLoading] = useState(false)
const [error, setError] = useState<string | null>(null)
useEffect(() => {
fetchPost()
}, [postId])
const fetchPost = async () => {
const { data, error } = await supabase
.from('posts')
.select('title, content')
.eq('id', postId)
.single()
if (error) {
setError(error.message)
} else {
setFormData({
title: data.title || '',
content: data.content || ''
})
}
}
const handleUpdate = async (e: React.FormEvent) => {
e.preventDefault()
setLoading(true)
setError(null)
const { error } = await supabase
.from('posts')
.update({
title: formData.title,
content: formData.content,
updated_at: new Date().toISOString()
})
.eq('id', postId)
if (error) {
setError(error.message)
} else {
onSuccess?.()
}
setLoading(false)
}
return (
<form onSubmit={handleUpdate} className="space-y-4">
<div>
<label htmlFor="title" className="block text-sm font-medium text-gray-700">
Title
</label>
<input
id="title"
type="text"
value={formData.title}
onChange={(e) => setFormData({ ...formData, title: e.target.value })}
required
className="mt-1 block w-full rounded-md border-gray-300 shadow-sm"
/>
</div>
<div>
<label htmlFor="content" className="block text-sm font-medium text-gray-700">
Content
</label>
<textarea
id="content"
value={formData.content}
onChange={(e) => setFormData({ ...formData, content: e.target.value })}
rows={4}
className="mt-1 block w-full rounded-md border-gray-300 shadow-sm"
/>
</div>
{error && (
<div className="text-red-600 text-sm">{error}</div>
)}
<button
type="submit"
disabled={loading}
className="bg-blue-600 text-white py-2 px-4 rounded-md hover:bg-blue-700 disabled:opacity-50"
>
{loading ? 'Updating...' : 'Update Post'}
</button>
</form>
)
}
Populating Forms with Existing Values
The edit form above demonstrates how to pre-populate forms with existing data. Key considerations:
- Fetch data when the component mounts
- Handle loading states while fetching
- Provide fallback values for optional fields
- Validate data before populating form fields
Submitting Updates to Supabase and Reflecting Changes
Updates follow a similar pattern to creates, but use the update() method with a filter condition. Always include an updated_at timestamp for audit trails.
Deleting Records Safely
Creating Delete Buttons with Confirmation
Implement safe deletion with user confirmation:
// components/DeleteButton.tsx
'use client'
import { useState } from 'react'
import { supabase } from '@/lib/supabase'
interface DeleteButtonProps {
postId: string
onSuccess?: () => void
}
export function DeleteButton({ postId, onSuccess }: DeleteButtonProps) {
const [showConfirm, setShowConfirm] = useState(false)
const [loading, setLoading] = useState(false)
const handleDelete = async () => {
setLoading(true)
const { error } = await supabase
.from('posts')
.delete()
.eq('id', postId)
if (error) {
console.error('Delete error:', error.message)
} else {
onSuccess?.()
}
setLoading(false)
setShowConfirm(false)
}
if (showConfirm) {
return (
<div className="space-x-2">
<span className="text-sm text-gray-600">Are you sure?</span>
<button
onClick={handleDelete}
disabled={loading}
className="text-red-600 hover:text-red-800 text-sm disabled:opacity-50"
>
{loading ? 'Deleting...' : 'Yes, Delete'}
</button>
<button
onClick={() => setShowConfirm(false)}
className="text-gray-600 hover:text-gray-800 text-sm"
>
Cancel
</button>
</div>
)
}
return (
<button
onClick={() => setShowConfirm(true)}
className="text-red-600 hover:text-red-800 text-sm"
>
Delete
</button>
)
}
Performing Deletion via Supabase
Supabase deletions are straightforward but require proper filtering to ensure users can only delete their own records. Row-Level Security policies handle this automatically.
Handling UI Feedback After Deletion
Provide immediate feedback after deletion:
- Remove the item from the UI optimistically
- Show success messages or toast notifications
- Handle errors gracefully with rollback if needed
- Update any counters or related data
Real-Time Features with Supabase
Enabling Real-Time Subscriptions
Supabase provides real-time capabilities through PostgreSQL’s replication features. Enable real-time updates for your posts:
// hooks/useRealtimePosts.ts
'use client'
import { useEffect, useState } from 'react'
import { supabase } from '@/lib/supabase'
interface Post {
id: string
title: string
content: string
created_at: string
updated_at: string
}
export function useRealtimePosts() {
const [posts, setPosts] = useState<Post[]>([])
const [loading, setLoading] = useState(true)
useEffect(() => {
// Fetch initial data
fetchPosts()
// Set up real-time subscription
const subscription = supabase
.channel('posts')
.on('postgres_changes',
{ event: 'INSERT', schema: 'public', table: 'posts' },
(payload) => {
setPosts(current => [payload.new as Post, ...current])
}
)
.on('postgres_changes',
{ event: 'UPDATE', schema: 'public', table: 'posts' },
(payload) => {
setPosts(current =>
current.map(post =>
post.id === payload.new.id ? payload.new as Post : post
)
)
}
)
.on('postgres_changes',
{ event: 'DELETE', schema: 'public', table: 'posts' },
(payload) => {
setPosts(current =>
current.filter(post => post.id !== payload.old.id)
)
}
)
.subscribe()
return () => {
subscription.unsubscribe()
}
}, [])
const fetchPosts = async () => {
const { data } = await supabase
.from('posts')
.select('*')
.order('created_at', { ascending: false })
setPosts(data || [])
setLoading(false)
}
return { posts, loading }
}
Listening for Data Changes
Real-time subscriptions listen for specific database events:
INSERT: New records addedUPDATE: Existing records modifiedDELETE: Records removed*: All changes (use sparingly for performance)
Auto-Updating the UI Without Manual Refresh
The real-time hook above automatically updates the UI when data changes occur. This creates a collaborative experience where multiple users see changes instantly without page refreshes.
Pagination and Search Functionality
Adding Server-Side or Client-Side Pagination
Implement efficient pagination for large datasets:
// hooks/usePaginatedPosts.ts
'use client'
import { useState, useEffect } from 'react'
import { supabase } from '@/lib/supabase'
const POSTS_PER_PAGE = 10
export function usePaginatedPosts() {
const [posts, setPosts] = useState<Post[]>([])
const [loading, setLoading] = useState(false)
const [currentPage, setCurrentPage] = useState(1)
const [totalCount, setTotalCount] = useState(0)
useEffect(() => {
fetchPosts()
}, [currentPage])
const fetchPosts = async () => {
setLoading(true)
const from = (currentPage - 1) * POSTS_PER_PAGE
const to = from + POSTS_PER_PAGE - 1
const { data, error, count } = await supabase
.from('posts')
.select('*', { count: 'exact' })
.range(from, to)
.order('created_at', { ascending: false })
if (!error) {
setPosts(data || [])
setTotalCount(count || 0)
}
setLoading(false)
}
const totalPages = Math.ceil(totalCount / POSTS_PER_PAGE)
return {
posts,
loading,
currentPage,
totalPages,
setCurrentPage
}
}
Implementing Search Filters for Large Datasets
Add search functionality with full-text search:
// Enable full-text search on your posts table
// Run this SQL in your Supabase dashboard:
// ALTER TABLE posts ADD COLUMN search_vector tsvector;
// CREATE INDEX posts_search_idx ON posts USING gin(search_vector);
const searchPosts = async (query: string) => {
const { data, error } = await supabase
.from('posts')
.select('*')
.textSearch('search_vector', query)
.order('created_at', { ascending: false })
return { data, error }
}
Optimizing Queries for Performance
Follow these best practices for optimal query performance:
- Use database indexes on frequently queried columns
- Limit the number of columns selected with
select() - Implement proper pagination with
range() - Use
count: 'exact'only when necessary - Cache frequently accessed data
- Consider using Supabase’s built-in caching mechanisms
Deploying the App to Production
Choosing a Hosting Platform (e.g., Vercel)
Deploy your Next.js application to Vercel for optimal performance:
npm install -g vercel
vercel
Vercel automatically detects Next.js applications and configures optimal deployment settings including:
- Edge runtime for API routes
- Automatic image optimization
- Global CDN distribution
- Serverless function execution
Setting Up Production Environment Variables
Configure environment variables in your hosting platform:
NEXT_PUBLIC_SUPABASE_URL=your_production_supabase_url
NEXT_PUBLIC_SUPABASE_ANON_KEY=your_production_anon_key
For Vercel, add these through the dashboard or CLI:
vercel env add NEXT_PUBLIC_SUPABASE_URL
vercel env add NEXT_PUBLIC_SUPABASE_ANON_KEY
Securing Your Supabase Project Before Launch
Before going live, implement these security measures:
- Configure Auth Settings: Set proper redirect URLs and site URLs
- Review RLS Policies: Ensure all tables have appropriate row-level security
- Enable API Rate Limiting: Protect against abuse and DoS attacks
- Set Up Monitoring: Enable database performance monitoring and set up alerts for unusual activity
- Configure CORS Settings: Restrict API access to your domain only
- Review Database Permissions: Ensure the anonymous key has minimal required permissions
- Enable Audit Logging: Track all database changes for security compliance
- Set Up Backup Policies: Configure automated backups with appropriate retention periods
Additional security checklist:
-- Revoke unnecessary permissions
REVOKE ALL ON ALL TABLES IN SCHEMA public FROM anon;
REVOKE ALL ON ALL TABLES IN SCHEMA public FROM authenticated;
-- Grant only necessary permissions
GRANT SELECT, INSERT, UPDATE, DELETE ON posts TO authenticated;
GRANT USAGE ON SEQUENCE posts_id_seq TO authenticated;
Advanced Tips and Best Practices
Using Supabase Functions for Complex Logic
Implement server-side logic with Supabase Edge Functions for operations that require server-side processing:
// supabase/functions/process-post/index.ts
import { serve } from "https://deno.land/[email protected]/http/server.ts"
import { createClient } from 'https://esm.sh/@supabase/supabase-js@2'
serve(async (req) => {
try {
const { postId, action } = await req.json()
const supabase = createClient(
Deno.env.get('SUPABASE_URL') ?? '',
Deno.env.get('SUPABASE_SERVICE_ROLE_KEY') ?? ''
)
// Perform complex server-side logic
const { data, error } = await supabase
.from('posts')
.update({ processed: true, processed_at: new Date().toISOString() })
.eq('id', postId)
if (error) throw error
return new Response(JSON.stringify({ success: true }), {
headers: { 'Content-Type': 'application/json' }
})
} catch (error) {
return new Response(JSON.stringify({ error: error.message }), {
status: 400,
headers: { 'Content-Type': 'application/json' }
})
}
})
Error Logging and Monitoring
Implement comprehensive error tracking and monitoring:
// lib/errorTracking.ts
export class ErrorTracker {
static logError(error: Error, context?: Record<string, any>) {
// Log to console in development
if (process.env.NODE_ENV === 'development') {
console.error('Error:', error.message, context)
}
// Send to monitoring service in production
if (process.env.NODE_ENV === 'production') {
// Integration with services like Sentry, LogRocket, etc.
// Example: Sentry.captureException(error, { extra: context })
}
// Log critical errors to Supabase for analysis
if (context?.critical) {
supabase.from('error_logs').insert({
message: error.message,
stack: error.stack,
context: JSON.stringify(context),
timestamp: new Date().toISOString()
})
}
}
static async logUserAction(action: string, userId: string, metadata?: any) {
await supabase.from('user_actions').insert({
action,
user_id: userId,
metadata: JSON.stringify(metadata),
timestamp: new Date().toISOString()
})
}
}
Code Splitting and Lazy Loading in Next.js
Optimize application performance with strategic code splitting:
// Lazy load heavy components
import dynamic from 'next/dynamic'
const HeavyChart = dynamic(() => import('@/components/HeavyChart'), {
loading: () => <div>Loading chart...</div>,
ssr: false // Disable server-side rendering for client-only components
})
// Lazy load entire page sections
const AdminPanel = dynamic(() => import('@/components/AdminPanel'), {
loading: () => <div>Loading admin panel...</div>
})
// Conditional loading based on user permissions
export function Dashboard() {
const { user } = useAuth()
return (
<div>
<h1>Dashboard</h1>
{user?.role === 'admin' && <AdminPanel />}
</div>
)
}
Troubleshooting Common Issues
Authentication Errors and Session Bugs
Common authentication issues and their solutions:
Issue: Users get logged out unexpectedly
// Solution: Implement session refresh
useEffect(() => {
const { data: { subscription } } = supabase.auth.onAuthStateChange((event, session) => {
if (event === 'TOKEN_REFRESHED') {
console.log('Token refreshed successfully')
}
if (event === 'SIGNED_OUT') {
// Clear local state and redirect
router.push('/login')
}
})
return () => subscription.unsubscribe()
}, [])
Issue: Authentication state not persisting across page refreshes
// Solution: Check session on app initialization
export default function RootLayout({ children }: { children: React.ReactNode }) {
const [loading, setLoading] = useState(true)
useEffect(() => {
supabase.auth.getSession().then(() => {
setLoading(false)
})
}, [])
if (loading) return <LoadingSpinner />
return <>{children}</>
}
Database Permissions and RLS Misconfigurations
Issue: Users can’t access their own data
-- Check RLS policies are enabled
SELECT schemaname, tablename, rowsecurity
FROM pg_tables
WHERE schemaname = 'public';
-- Verify policy conditions
SELECT * FROM pg_policies WHERE tablename = 'posts';
-- Test policies manually
SELECT auth.uid(); -- Should return current user ID
Issue: RLS policies too restrictive
-- Create a more permissive policy for debugging
CREATE POLICY "Debug policy" ON posts
FOR ALL USING (true);
-- Remember to remove debug policies in production!
Debugging API and Network Calls
Implement comprehensive API debugging:
// lib/debugApi.ts
export function debugSupabaseCall(operation: string, table: string, data?: any) {
if (process.env.NODE_ENV === 'development') {
console.group(`🔍 Supabase ${operation} on ${table}`)
console.log('Data:', data)
console.log('User:', supabase.auth.getUser())
console.log('Session:', supabase.auth.getSession())
console.groupEnd()
}
}
// Usage in API calls
const { data, error } = await supabase
.from('posts')
.insert(postData)
debugSupabaseCall('INSERT', 'posts', postData)
if (error) {
console.error('Supabase error:', {
message: error.message,
details: error.details,
hint: error.hint,
code: error.code
})
}
Network debugging checklist:
- Verify API keys are correctly set
- Check browser network tab for failed requests
- Validate request payloads match expected schema
- Confirm CORS settings allow your domain
- Test API calls directly in Supabase dashboard
Conclusion
Recap: What You Built and Learned
Throughout this comprehensive guide, you’ve built a full-featured CRUD application that demonstrates the power of combining Supabase with Next.js. Your application now includes:
- Complete Authentication System: Secure user registration, login, and session management
- Full CRUD Operations: Create, read, update, and delete functionality with proper error handling
- Real-time Features: Live updates across multiple users without page refreshes
- Responsive Design: Mobile-friendly interface with modern UI components
- Security Implementation: Row-level security policies and proper data access controls
- Production Deployment: Scalable hosting with proper environment configuration
The skills you’ve developed extend beyond this specific project. You now understand how to leverage Backend-as-a-Service platforms to accelerate development while maintaining professional-grade security and performance standards.
Next Steps: Expand Your App with More Features
Consider these enhancements to further develop your application:
User Experience Improvements:
- Implement user profiles with avatar uploads
- Add email notifications for important actions
- Create a dark mode toggle with user preferences
- Implement offline functionality with service workers
Advanced Features:
- Build a commenting system for posts
- Add rich text editing with libraries like TipTap or Quill
- Implement file uploads and image handling
- Create administrative dashboards for content management
Performance Optimizations:
- Implement infinite scrolling for large datasets
- Add client-side caching with React Query or SWR
- Optimize images with Next.js Image component
- Implement progressive web app (PWA) features
Integration Opportunities:
- Connect with external APIs for enhanced functionality
- Implement social media sharing capabilities
- Add analytics tracking with privacy-focused solutions
- Integrate payment processing for premium features
Resources to Keep Learning Supabase and Next.js
Continue your development journey with these valuable resources:
Official Documentation:
- Supabase Documentation - Comprehensive guides and API references
- Next.js Documentation - Latest features and best practices
- React Documentation - Core concepts and advanced patterns
Community Resources:
- Supabase GitHub Repository - Source code and issue tracking
- Next.js Examples - Real-world implementation patterns
- Supabase Discord Community - Active community support and discussions
Advanced Learning:
- PostgreSQL Mastery: Deepen your database knowledge for complex queries and optimizations
- TypeScript Proficiency: Leverage advanced type features for better code quality
- Testing Strategies: Implement comprehensive testing with Jest, React Testing Library, and Playwright
- DevOps Practices: Learn CI/CD pipelines, monitoring, and infrastructure as code
The combination of Supabase and Next.js provides a solid foundation for building modern web applications. As you continue developing, focus on understanding the underlying technologies and principles rather than just following tutorials. This approach will serve you well as you tackle increasingly complex projects and contribute to the vibrant web development ecosystem.
Remember that building great applications is an iterative process. Start with a solid foundation like the one you’ve created here, then gradually add features and optimizations based on user feedback and performance metrics. The skills you’ve learned will continue to evolve with the rapidly changing landscape of web development, but the fundamental principles of creating user-focused, secure, and performant applications remain constant.
