Skip to content

Commit

Permalink
general cleanup
Browse files Browse the repository at this point in the history
  • Loading branch information
@kiwicopple
kiwicopple committed Aug 24, 2023
1 parent c80850a commit f559b07
Show file tree
Hide file tree
Showing 5 changed files with 125 additions and 58 deletions.
3 changes: 1 addition & 2 deletions apps/docs/pages/guides/auth/row-level-security.mdx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,8 +23,7 @@ You can use RLS to create [Policies](https://www.postgresql.org/docs/current/sql

## Policies

Policies are easy to understand once you get the hang of them. Each policy is attached to a table, and the policy is executed every time a table is accessed.
You can just think of them as adding a `WHERE` clause to every query. For example a policy like this ...
Policies are easy to understand once you get the hang of them. Each policy is attached to a table, and the policy is executed every time a table is accessed. You can just think of them as adding a `WHERE` clause to every query. For example a policy like this ...

```sql
create policy "Individuals can view their own todos."
Expand Down
19 changes: 4 additions & 15 deletions apps/docs/pages/guides/storage.mdx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,24 +6,13 @@ export const meta = {
description: 'Use Supabase to store and serve files.',
subtitle: 'Use Supabase to store and serve files.',
sidebar_label: 'Overview',
tocVideo: 'J9mTPY8rIXE',
}

Supabase Storage makes it simple to store and serve large files.
Supabase Storage makes it simple to store and serve large files, providing a robust framework for file access controls.

## Concepts
## Features

### Files

Files can be any sort of media file. This includes images, GIFs, and videos. It is best practice to store files outside of your database because of their sizes. For security, HTML files are returned as plain text.

### Folders

Folders are a way to organize your files (just like on your computer). There is no right or wrong way to organize your files. You can store them in whichever folder structure suits your project.

### Buckets

Buckets are distinct containers for files and folders. You can think of them like "super folders". Generally you would create distinct buckets for different Security and Access Rules. For example, you might keep all video files in a "video" bucket, and profile pictures in an "avatar" bucket.
You can use Supabase Storage to store images, videos, documents, and any other file type. It provides includes a global CDN to reduce latency, serving your files from over 285 cities globally. Supabase Storage includes a built-in image resizer, so you can resize and compress your media files on the fly.

## Examples

Expand Down Expand Up @@ -81,6 +70,6 @@ export const integrations = [
},
]

export const Page = ({ children }) => <Layout meta={meta} children={children} />
export const Page = ({ children }) => <Layout meta={meta} children={children} hideToc={true} />

export default Page
117 changes: 80 additions & 37 deletions apps/docs/pages/guides/storage/access-control.mdx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,25 @@ export const meta = {
tocVideo: '4ERX__Y908k',
}

Supabase Storage is integrated with your [Postgres Database](/docs/guides/database). This means that you can use the same [Row Level Security Policies](/docs/guides/auth#policies) for managing access to your files. Supabase Storage stores metadata in the `objects` and `buckets` table in the storage schema.
Supabase Storage is designed to work perfectly with [Postgres Row Level Security](/docs/guides/database/postgres/row-level-security) (RLS).

You can use RLS to create [Policies](https://www.postgresql.org/docs/current/sql-createpolicy.html) that are incredibly powerful and flexible, allowing you to write complex SQL rules which fit your unique business needs.

## Policies

Policies are just SQL, and they're easy once you get the hang of them. For example, here is a Policy that allows public access to any files in a bucket called "my_bucket_id".

```sql
create policy "Public Access"
on storage.objects
for select -- Allow read access
to anon, authenticated -- Allow access to anonymous and authenticated users
using ( bucket_id = 'my_bucket_id' ); -- Identify the bucket
```

## Metadata storage

Supabase Storage stores metadata in the `objects` and `buckets` table in the storage schema.

To allow read access to files, the RLS policy must allow users to `SELECT` the `objects` table and for uploading a new object, the RLS policy must grant users access to `INSERT` into the `objects` table and so on. The mapping between the different API calls and the database permissions required is documented in the [Reference docs](/docs/reference/javascript/storage-createbucket).

Expand All @@ -18,95 +36,120 @@ Storage buckets are private by default. For private buckets, you can access obje

For public buckets, you can access the assets directly without a token or an Authorisation header. The [getPublicUrl](/docs/reference/javascript/storage-from-getpublicurl) helper method returns the full public URL for an asset. This calls the `/object/public/` API endpoint internally. While no authorization is required for accessing objects in a public bucket, proper [access control](#access-control) is required for other operations like uploading, deleting objects from public buckets as well. Public buckets also tend to have [better performance](/docs/guides/storage-cdn#public-vs-private-buckets).

<details className="cursor-default">
<summary className="cursor-pointer">Advanced: reverse proxy</summary>

The URLs returned are proxied through the API Proxy. They are prefixed by <code>/storage/v1</code>.

For example, on the hosted Platform they will be
The URLs returned are proxied through the API Proxy. They are prefixed by <code>/storage/v1</code>. For example, on the hosted Platform they will be:

<code>https://[project_ref].supabase.co/storage/v1/object/public/[id]</code>

You can access the storage API directly with the same endpoint. See the <a href="https://supabase.github.io/storage-api">API docs</a> for a full list of operations available.

</details>

## Helper functions

Supabase Storage provides SQL helper functions which you can use in your database queries and
policies.
Supabase Storage provides SQL helper functions which you can use in your database queries and RLS policies.

### `storage.filename()`

Returns the name of a file.
Returns the name of a file. For example, if your file is stored in `public/subfolder/avatar.png` it would return: `'avatar.png'`

**Usage**

This example demonstates how you would allow any user to download a file called `favicon.ico`:

```sql
select storage.filename(name)
from storage.objects;
create policy "Allow authenticated uploads"
on storage.objects
for select
to public
using (
storage.filename(name)) = 'favicon.ico'
);
```

For example, if your file is stored in `public/subfolder/avatar.png` it would return:
### `storage.foldername()`

`'avatar.png'`
Returns an array path, with all of the subfolders that a file belongs to. For example, if your file is stored in `public/subfolder/avatar.png` it would return: `[ 'public', 'subfolder' ]`

### `storage.foldername()`
**Usage**

Returns an array path, with all of the subfolders that a file belongs to.
This example demonstates how you would allow authenticated users to upload files to a folder called `private`:

```sql
select storage.foldername(name)
from storage.objects;
create policy "Allow authenticated uploads"
on storage.objects
for insert
to authenticated
with check (
storage.foldername(name))[1] = 'private'
);
```

For example, if your file is stored in `public/subfolder/avatar.png` it would return:
### `storage.extension()`

`[ 'public', 'subfolder' ]`
Returns the extension of a file. For example, if your file is stored in `public/subfolder/avatar.png` it would return: `'png'`

### `storage.extension()`
**Usage**

Returns the extension of a file.
This example demonstates how you would allow restrict uploads to only PNG files inside a bucket called `cats`:

```sql
select storage.extension(name)
from storage.objects;
create policy "Only allow PNG uploads"
on storage.objects
for insert
to authenticated
with check (
bucket_id = 'cats' and storage.extension(name) = 'png'
);
```

For example, if your file is stored in `public/subfolder/avatar.png` it would return:

`'png'`
## Usage

---
Row Level Security is extremely versatile, since it simply uses SQL to express access rules for your data. You can learn more about RLS in the [Database docs](/docs/guides/database/postgres/row-level-security).

## Policy examples
### Allowing public access to a bucket

### Allow public access to a bucket
Allow public access to any files in the "public" bucket:

```sql
-- 1. Allow public access to any files in the "public" bucket
create policy "Public Access"
on storage.objects for select
to public
using ( bucket_id = 'public' );
```

### Allow logged-in access to a bucket
### Allowing logged-in access to a bucket

Allow logged-in access to any files in the "restricted" bucket:

```sql
-- 1. Allow logged-in access to any files in the "restricted" bucket
create policy "Restricted Access"
on storage.objects for select
to authenticated
using ( bucket_id = 'restricted' );
```

### Allow individual access to a file
### Allowing individual access to a file

Allow a user to access their own files:

```sql
-- 1. Allow a user to access their own files
create policy "Individual user Access"
on storage.objects for select
to authenticated
using ( auth.uid() = owner );
```

---

{/* Finish with a video. This also appears in the Sidebar via the "tocVideo" metadata */}

<div className="video-container">
<iframe
src="https://www.youtube-nocookie.com/embed/4ERX__Y908k"
frameBorder="1"
allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture"
allowFullScreen
></iframe>
</div>

export const Page = ({ children }) => <Layout meta={meta} children={children} />

export default Page
11 changes: 11 additions & 0 deletions apps/docs/pages/guides/storage/image-transformations.mdx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -201,6 +201,17 @@ ENABLE_IMAGE_TRANSFORMATION=true
IMGPROXY_URL=yourinternalimgproxyurl.internal.com
```

{/* Finish with a video. This also appears in the Sidebar via the "tocVideo" metadata */}

<div className="video-container">
<iframe
src="https://www.youtube-nocookie.com/embed/dLqSmxX3r7I"
frameBorder="1"
allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture"
allowFullScreen
></iframe>
</div>

export const Page = ({ children }) => <Layout meta={meta} children={children} />

export default Page
33 changes: 29 additions & 4 deletions apps/docs/pages/guides/storage/quickstart.mdx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,11 +4,29 @@ export const meta = {
id: 'storage-quickstart',
title: 'Storage Quickstart',
description: 'Learn how to use Supabase to store and serve files.',
subtitle: 'Learn how to use Supabase to store and serve files.',
sidebar_label: 'Quickstart',
tocVideo: 'J9mTPY8rIXE',
}

This guide shows the basic functionality of Supabase Storage. Find a full [example application on GitHub](https://github.com/supabase/supabase/tree/master/examples/user-management/nextjs-user-management).

## Concepts

Supabase Storage consists of Files, Folders, and Buckets.

### Files

Files can be any sort of media file. This includes images, GIFs, and videos. It is best practice to store files outside of your database because of their sizes. For security, HTML files are returned as plain text.

### Folders

Folders are a way to organize your files (just like on your computer). There is no right or wrong way to organize your files. You can store them in whichever folder structure suits your project.

### Buckets

Buckets are distinct containers for files and folders. You can think of them like "super folders". Generally you would create distinct buckets for different Security and Access Rules. For example, you might keep all video files in a "video" bucket, and profile pictures in an "avatar" bucket.

<Admonition type="note">

File, Folder, and Bucket names **must follow** [AWS object key naming guidelines](https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html) and avoid use of any other characters.
Expand Down Expand Up @@ -204,11 +222,18 @@ create policy "Public Access"
</TabPanel>
</Tabs>

## See also
---

{/* Finish with a video. This also appears in the Sidebar via the "tocVideo" metadata */}

- [Supabase Storage on GitHub](https://github.com/supabase/storage-api)
- [Swagger API documentation](https://supabase.github.io/storage-api)
- Official [JavaScript](/docs/reference/javascript/storage-createbucket) and [Dart](/docs/reference/dart/storage-createbucket) documentation
<div className="video-container">
<iframe
src="https://www.youtube-nocookie.com/embed/J9mTPY8rIXE"
frameBorder="1"
allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture"
allowFullScreen
></iframe>
</div>

export const Page = ({ children }) => <Layout meta={meta} children={children} />

Expand Down

0 comments on commit f559b07

Please sign in to comment.