2024-01 svelte めも

test

USING

This expression will be added to queries that refer to the table if row-level security is enabled.

Rows for which the expression returns true will be visible. Any rows for which the expression returns false or null will not be visible to the user (in a SELECT), and will not be available for modification (in an UPDATE or DELETE).

Such rows are silently suppressed - no error is reported.

WITH CHECK

This expression will be used in INSERT and UPDATE queries against the table if row-level security is enabled.

Only rows for which the expression evaluates to true will be allowed. An error will be thrown if the expression evaluates to false or null for any of the records inserted or any of the records that result from the update.

Note that this expression is evaluated against the proposed new contents of the row, not the original contents.

CREATE POLICY "Enable update for users based on email" ON "public"."posts"
AS PERMISSIVE FOR UPDATE
TO public
USING (auth.uid() = user_id)
WITH CHECK (auth.uid() = user_id)

gpt くん

The USING clause (auth.uid() = user_id) specifies that users can only update rows where the user_id column matches their auth.uid(). In other words, users can only see and thus update their own posts.

The WITH CHECK clause (auth.uid() = user_id) ensures that upon updating a row, the modified data still satisfies the condition that user_id equals the user's auth.uid(). This is important to ensure that users cannot update a post to change its ownership to another user.

つまり WITH CHECK は更新されたデータについての restriction で、 USING は更新する人の制限なのね

starter kit
https://github.com/one-aalam/svelte-starter-kit/tree/auth-supabase

sample code here: https://kit.svelte.dev/docs/form-actions#anatomy-of-an-action

ちゅうい: const { email, password } = await request.formData() はできない

another good sample code

pointers

• use String(request.formData.get("email")) to force a type; c.f. Number()
• use fail to return an error result

https://joyofcode.xyz/working-with-forms-in-sveltekit#working-with-forms-the-sveltekit-way-using-form-actions

The new ssr package exports two functions for creating a Supabase client. The createBrowserClient function is used in the client, and the createServerClient function is used in the server.

browser と server でそれぞれ client がある

https://github.com/supabase/auth-helpers/issues/713

auth-helpers はつかわない

docs entrypoint
https://supabase.com/docs/guides/auth/server-side/migrating-to-ssr-from-auth-helpers?framework=sveltekit

+layout.svelte: 共通のレイアウト
+layout.ts: load data for the layout like page.ts loads data for the page
+layout.server.ts: load data for the layout on server

+page.svelte: frontend for the page
+page.ts: expose the load function
page.server.ts: load data for the page on the server-side; examples are loading data from DB, using private keys

https://kit.svelte.dev/docs/routing#page

event.locals の typing は app.d.ts をいじる必要あり
https://joyofcode.xyz/sveltekit-authentication-using-cookies#:~:text=could be anything.-,src/app.d.ts,-Copy

hooks.server.ts の type error

I've fixed it by forcing the type CookieSerializeOptions & { path: string }, but CookieSerializeOptions comes from the cookie package so you'll need to install it first pnpm add --save-dev cookie.
then change options to options as CookieSerializeOptions & { path: string }

https://www.reddit.com/r/Supabase/comments/18rkrs5/typescript_error_when_setting_up_auth_hook_in/

こっちかも

this is happening because since SvelteKit 2, path is now a required property when setting cookies. this is how to fix it: { ...options, path: '/' }

こっちだわ

そもそも load ってなんだっけ

Before a +page.svelte component (and its containing +layout.svelte components) can be rendered, we often need to get some data. This is done by defining load functions.

render するために必要なデータをとってくるのが load