Supabase Storage con buckets seguros y tablas de metadatos

Clase 14 de 27Curso de lanzamiento y monetización de webs con Lovable

Clase anteriorSiguiente clase

Resumen

Set up secure, scalable Supabase Storage by combining buckets, RLS policies, and a metadata table, while using Lovable to scaffold a clean file and photo gallery. This walkthrough clarifies how user-specific folders work, what to check when uploads fail, and how to extend storage with UI and data you control.

How does Supabase storage work?

Supabase Storage organizes files in buckets. Each user gets a folder named with their user ID, so uploads stay scoped to the right account without exposing other users’ data. You can view items as a list or columns, upload files on a user’s behalf, and create subfolders.

Why use user ID folders for security?

  • Clear separation of data: each user’s files sit under a folder named by their user ID.
  • Predictable paths: the app knows exactly where to find a user’s photos/files after login.
  • Privacy by design: avoids exposing other users’ assets.

What bucket settings and policies matter?

  • Upload limits: restrict file size and total uploads.
  • File type restrictions: allow only safe file types.
  • Public bucket toggle: anyone on the web can access if enabled; better to keep it off for user data.
  • RLS policies: enforce create, read, update, delete access only for the file owner.

Which key vocabulary and examples stand out?

  • Bucket: storage container, e.g., “user photos.”
  • RLS policies: rules that control per-user access to files and tables.
  • User ID folder pattern: each user has a folder named with their ID.
  • S3 bucket: term used in Lovable prompt to match Supabase Storage semantics.
  • File gallery / photo gallery: UI components for uploads and previews.
  • Metadata: extra info like file name, file path, renamed flag, last edited.
  • Real-time: optional instant UI updates on new uploads.

How to add a new bucket and UI with Lovable?

Point Lovable to a working pattern and ask it to replicate it. The instructor requested a new bucket for general files, with the same RLS policies and user ID folder pattern as the existing photos bucket, plus a new file gallery below the photo gallery.

How to prompt Lovable with existing patterns?

  • Reference what already works: “use the same RLS as user photos.”
  • Specify the folder pattern: “use the same user ID folder pattern.”
  • Describe the UI placement: “place a file gallery below the photo gallery.”
  • Give concrete targets: point to pages or components with the desired behavior.

What UI did the file gallery include?

  • Drop zone: drag-and-drop uploads.
  • Consistent design: reused UI patterns from the photo component.
  • Upload feedback: confirmation when the file uploads successfully.
  • Optional real-time: could show the file instantly; a manual refresh also works.

What workflow did the instructor follow?

  • Create a new bucket and apply matching RLS policies.
  • Add a file gallery UI to upload any file type.
  • Test by uploading a safe file (e.g., a PDF/invoice).
  • Refresh to verify the file appears as expected.

Why pair buckets with tables and RLS?

Buckets store files; tables store metadata. By adding a files table (similar to the existing photos table), you can track names, paths, and other attributes that a bucket alone cannot hold. This unlocks richer features and safer queries.

What metadata should the files table track?

  • File name and renamed flag: know original vs. current name.
  • File path: precise location in the bucket.
  • Timestamps: when it was last edited.
  • Relationships: photos or other items connected to the file.
  • Future AI columns: detected content or previews stored as extra metadata.

What should you check when something fails?

  • RLS policies: verify users can access only their data.
  • Table linkage: ensure every upload is tracked in a table with paths and ownership.
  • Bucket settings: confirm size/type restrictions match your needs.
  • Ask in chat mode: request help about S3 storage buckets.
  • Read docs: Supabase documentation explains storage and policies clearly.

What broader concepts are reinforced?

  • Client vs. server: know where code runs and who can access what.
  • Requests and responses: understand how the app talks to storage and tables.
  • Edge functions + storage: with a few functions plus Storage, you can build many app features.

Want more depth or got stuck implementing RLS or metadata? Share your scenario in the comments and ask away.