Chicken Scratch is a Supabase-backed Next.js application for collecting, reviewing, and publishing student work for the Chicken Scratch zine. The project provides authenticated student workflows, an editorial dashboard, and a public gallery for published pieces.
- Email/password authentication limited to
udel.eduanddtcc.eduaddresses. - Student tools to submit work, revise pieces while eligible, and download signed URLs for uploaded art.
- Editorial dashboard with filtering, assignment, status changes, publication controls, and automatic audit logging.
- Public gallery that signs Supabase Storage URLs for published visual art and renders writing inline.
- Comprehensive Row Level Security (RLS) policies to enforce per-role access.
- Next.js 14 (App Router) with TypeScript
- Tailwind CSS v3 for styling
- Supabase Auth, Postgres, and Storage
- pnpm for dependency management
- Vitest for unit testing
- Node.js 20+
- pnpm 8+
- A Supabase project (self-hosted or cloud)
pnpm installCopy the template and fill in your Supabase project settings:
cp .env.example .env.local| Variable | Description |
|---|---|
NEXT_PUBLIC_SUPABASE_URL |
Supabase project URL |
NEXT_PUBLIC_SUPABASE_ANON_KEY |
Supabase anon key (used client-side) |
SUPABASE_SERVICE_ROLE_KEY |
Service role key (required for registration, seeding, and server-only actions) |
ALLOWED_DOMAINS |
Comma-separated list of permitted signup domains (defaults to UD + DTCC) |
If the service role key is omitted, account registration will be disabled and published art downloads fall back to placeholder text until the key is provided.
Migrations live in supabase/migrations. Apply them in order with the Supabase CLI or SQL editor:
0001_initial_schema.sql0002_rls_policies.sql0003_storage.sql
These files create the schema, helper functions, RLS policies, and the private art storage bucket.
Run the TypeScript seed script to create demo users (student, editor, admin) and a few example submissions:
pnpm seedThe script expects NEXT_PUBLIC_SUPABASE_URL and SUPABASE_SERVICE_ROLE_KEY to be set.
pnpm devThe dev server runs on http://localhost:3000. Sign up with a campus email (e.g. student@udel.edu).
pnpm lint
pnpm typecheck
pnpm testDeploy to Vercel as a Next.js App Router project. Set the same environment variables (NEXT_PUBLIC_SUPABASE_URL, NEXT_PUBLIC_SUPABASE_ANON_KEY, SUPABASE_SERVICE_ROLE_KEY, ALLOWED_DOMAINS) and run the migrations against your production Supabase database. The included supabase/seeds/001_promote_admin.sql snippet promotes an initial admin by email.
- Student uploads land in the private
artbucket underart/{owner_id}/{submission_id}/.... - Signed URLs (valid for seven days) are generated server-side when rendering the public gallery.
- RLS policies ensure students can only modify their own submissions while status is
submittedorneeds_revision, editors/admins can manage everything, and published items are visible anonymously.
- Confirm the
artbucket exists before testing uploads (migration0003_storage.sql). - If uploads fail locally, ensure the service role key is only used server-side and Supabase Storage policies have been applied.
- When adjusting user roles, update
profiles.roleand have users re-authenticate so JWT claims refresh. - For production email, replace the stub in
src/lib/email.tswith a provider such as Resend or SendGrid.
Enjoy building with Chicken Scratch! Contributions and issue reports are welcome.