we have been trying to move away from google but don’t have any other robust solution to prevent spam that’s why we are stuck with Google :(

welcome!

I am currently working on https://spaidyslabs.com/ it’s a project of my friend. feel free to join or collaborate! :D

( oh and if you find any vulnerabilities which there are a lot please report it don’t exploit it :) )

things were simpler back then 🤧

Thank you for the help <3

no 🤧

I mean yeah I used AI but it’s not entirely vibe coded.

well if a person decide to use this attack small OSS projects server then we are failed as humanity. I shared this article to fight against big tech surveillance if people use it to damage FOSS project I highly discourage that behavior.

What policies are preventing users from inserting data? okay, I just got confused there for a bit actually what’s happening is that I have created a policy on SELECT to prevent other users from accessing data of other users and it looks something like auth.uid() = user_id. iirc the policy to prevent INSERT looks something like this: auth.role() = 'authenticated'::text() so yeah only authenticated users can insert data but that doesn’t guaranty that client/user/browser will insert correct data.

If you are asking this question then you very likely should not be doing what you’re doing. yes, I know that’s why I am asking for suggestions, I don’t have much experience in either supabase or Nextjs but I am learning :)

There are ways to do it safely, but it’s for very very specific circumstances, with very very specific security setups. okay, so what do you suggest I should do. I can’t just shove more policies into the supabase to make it secure I think so the only way to make it secure is to have the server ( vercel ) do all the supabase calls and don’t share the supabase url so that the client can’t just query supabase. but again the reason I am not doing this is that it will require a very big refactor throughout the codebase. ( which I am terrified of T.T )