DEV Community: acetrondi The latest articles on DEV Community by acetrondi (@acetrondi). https://dev.to/acetrondi https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F1094922%2Fc04b90b4-b26c-4742-85c2-96bac8eec21e.png DEV Community: acetrondi https://dev.to/acetrondi en Using Supabase SMS-Hook to Send Custom Authentication Messages in India acetrondi Thu, 10 Oct 2024 12:29:51 +0000 https://dev.to/acetrondi/using-supabase-sms-hook-to-send-custom-authentication-messages-in-india-4nj7 https://dev.to/acetrondi/using-supabase-sms-hook-to-send-custom-authentication-messages-in-india-4nj7 <p><strong>Given the limited support for local SMS providers in Supabase, the platform has introduced an auth hook that allows users to integrate their own local SMS or email providers for sending OTPs. This feature offers flexibility for those seeking to implement custom authentication solutions.</strong><br> Follow these steps to set up a custom SMS hook for authentication in your Supabase project:</p> <p><strong>1. Access the Hooks Dashboard</strong></p> <ul> <li>Navigate to your Supabase project dashboard</li> <li>Go to <a href="https://supabase.com/dashboard/project/_/auth/hooks" rel="noopener noreferrer">https://supabase.com/dashboard/project/_/auth/hooks</a> </li> </ul> <p><strong>2. Initiate Hook Creation</strong></p> <ul> <li>Click the "Add a new hook" button</li> <li>Select "Send SMS hook" from the options</li> </ul> <p><strong>3. Configure Hook Settings</strong></p> <ul> <li>Toggle on "Enable Send SMS hook"</li> <li>For Hook type, choose "HTTPS"</li> </ul> <p><strong>4. Set Up the Endpoint</strong></p> <ul> <li>In the URL endpoint field, enter: <code>https://project_ref_id.supabase.co/functions/v1/sms-hook</code> </li> <li>Replace <code>project_ref_id</code> with your actual Supabase project reference ID</li> </ul> <p><strong>5. Generate and Save the Secret</strong></p> <ul> <li>Click on "Generate secret"</li> <li>Copy the generated secret and store it securely</li> </ul> <p><strong>6. Create the Hook</strong></p> <ul> <li>Click "Create" to complete the setup</li> </ul> <h1> Implementing the SMS Hook Edge Function in Supabase </h1> <p><strong>After setting up the custom SMS hook in your Supabase dashboard, the next step is to create and deploy an edge function that will handle the SMS sending logic. Follow these steps to implement the <code>sms-hook</code> function:</strong></p> <h2> Prerequisites </h2> <ul> <li>Supabase CLI installed</li> <li>Docker Desktop installed</li> </ul> <h2> Steps </h2> <p><strong>1. Set Up Your Local Environment</strong></p> <p>a. Log in to Supabase CLI:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> npx supabase login </code></pre> </div> <p>b. List your Supabase projects:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> npx supabase projects list </code></pre> </div> <p>c. Link your local setup to your Supabase project:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> npx supabase link --project-ref your-project-id </code></pre> </div> <p><strong>2. Create the SMS Hook Function</strong></p> <p>Create a new function named "sms-hook":<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> npx supabase functions new sms-hook </code></pre> </div> <p><strong>3. Implement the Function Logic</strong></p> <p>Open the <code>index.ts</code> file located at <code>functions/sms-hook/index.ts</code> and replace its content with the following code:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code> <span class="k">import</span> <span class="p">{</span> <span class="nx">Webhook</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">https://esm.sh/standardwebhooks@1.0.0</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">readAll</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">https://deno.land/std/io/read_all.ts</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="o">*</span> <span class="k">as</span> <span class="nx">base64</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">https://denopkg.com/chiefbiiko/base64/mod.ts</span><span class="dl">"</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">sendTextMessage</span> <span class="o">=</span> <span class="k">async </span><span class="p">(</span> <span class="nx">messageBody</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">toNumber</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="p">):</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="kr">any</span><span class="o">&gt;</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">username</span> <span class="o">=</span> <span class="nx">Deno</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">"</span><span class="s2">TEXT_GURU_USERNAME</span><span class="dl">"</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">password</span> <span class="o">=</span> <span class="nx">Deno</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">"</span><span class="s2">TEXT_GURU_PASSWORD</span><span class="dl">"</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">source</span> <span class="o">=</span> <span class="nx">Deno</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">"</span><span class="s2">SMS_HEADER</span><span class="dl">"</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">tempId</span> <span class="o">=</span> <span class="nx">Deno</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">"</span><span class="s2">SMS_TEMPLATE_ID</span><span class="dl">"</span><span class="p">);</span> <span class="kd">const</span> <span class="na">url</span><span class="p">:</span> <span class="kr">string</span> <span class="o">=</span> <span class="s2">`https://www.textguru.in/api/v22.0/?username=</span><span class="p">${</span><span class="nx">username</span><span class="p">}</span><span class="s2">&amp;password=</span><span class="p">${</span><span class="nx">password</span><span class="p">}</span><span class="s2">&amp;source=</span><span class="p">${</span><span class="nx">source</span><span class="p">}</span><span class="s2">&amp;dmobile=</span><span class="p">${</span><span class="nx">toNumber</span><span class="p">}</span><span class="s2">&amp;dlttempid=</span><span class="p">${</span><span class="nx">tempId</span><span class="p">}</span><span class="s2">&amp;message=</span><span class="p">${</span><span class="nx">messageBody</span><span class="p">}</span><span class="s2">`</span><span class="p">;</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">"</span><span class="s2">url:</span><span class="dl">"</span><span class="p">,</span> <span class="nx">url</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">response</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">fetch</span><span class="p">(</span><span class="nx">url</span><span class="p">,</span> <span class="p">{</span> <span class="na">method</span><span class="p">:</span> <span class="dl">"</span><span class="s2">POST</span><span class="dl">"</span><span class="p">,</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="dl">"</span><span class="s2">Content-Type</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">application/x-www-form-urlencoded</span><span class="dl">"</span><span class="p">,</span> <span class="p">},</span> <span class="p">});</span> <span class="k">return</span> <span class="nx">response</span><span class="p">;</span> <span class="p">};</span> <span class="nx">Deno</span><span class="p">.</span><span class="nf">serve</span><span class="p">(</span><span class="k">async </span><span class="p">(</span><span class="nx">req</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">payload</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">req</span><span class="p">.</span><span class="nf">text</span><span class="p">();</span> <span class="c1">// Paste the earlier copied base64 secret here and remove the first "v1,whsec_" from the copied base64 secret</span> <span class="kd">const</span> <span class="nx">base64_secret</span> <span class="o">=</span> <span class="nx">Deno</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">"</span><span class="s2">SEND_SMS_HOOK_SECRET</span><span class="dl">"</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">headers</span> <span class="o">=</span> <span class="nb">Object</span><span class="p">.</span><span class="nf">fromEntries</span><span class="p">(</span><span class="nx">req</span><span class="p">.</span><span class="nx">headers</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">wh</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Webhook</span><span class="p">(</span><span class="nx">base64_secret</span><span class="p">);</span> <span class="k">try</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">user</span><span class="p">,</span> <span class="nx">sms</span> <span class="p">}</span> <span class="o">=</span> <span class="nx">wh</span><span class="p">.</span><span class="nf">verify</span><span class="p">(</span><span class="nx">payload</span><span class="p">,</span> <span class="nx">headers</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">messageBody</span> <span class="o">=</span> <span class="s2">`Dear Customer, Your Verification Code For Company name Is </span><span class="p">${</span><span class="nx">sms</span><span class="p">.</span><span class="nx">otp</span><span class="p">}</span><span class="s2">. Please do Not share this Code with anyone.`</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">response</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">sendTextMessage</span><span class="p">(</span> <span class="nx">messageBody</span><span class="p">,</span> <span class="nx">user</span><span class="p">.</span><span class="nx">phone</span><span class="p">,</span> <span class="p">);</span> <span class="c1">// You can edit further code as the response coming from your sms provider</span> <span class="k">if </span><span class="p">(</span><span class="nx">response</span><span class="p">.</span><span class="nx">statusText</span> <span class="o">===</span> <span class="dl">"</span><span class="s2">OK</span><span class="dl">"</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="k">new</span> <span class="nc">Response</span><span class="p">(</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">({</span> <span class="na">message</span><span class="p">:</span> <span class="dl">"</span><span class="s2">SMS sent successfully.</span><span class="dl">"</span> <span class="p">}),</span> <span class="p">{</span> <span class="na">status</span><span class="p">:</span> <span class="mi">200</span><span class="p">,</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="dl">"</span><span class="s2">Content-Type</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">application/json</span><span class="dl">"</span><span class="p">,</span> <span class="p">},</span> <span class="p">},</span> <span class="p">);</span> <span class="p">}</span> <span class="k">return</span> <span class="k">new</span> <span class="nc">Response</span><span class="p">(</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="p">{</span> <span class="na">http_code</span><span class="p">:</span> <span class="nx">response</span><span class="p">.</span><span class="nx">status</span><span class="p">,</span> <span class="na">message</span><span class="p">:</span> <span class="s2">`Failed to send SMS: </span><span class="p">${</span><span class="nx">response</span><span class="p">.</span><span class="nx">message</span><span class="p">}</span><span class="s2">. More info: </span><span class="p">${</span><span class="nx">response</span><span class="p">.</span><span class="nx">more_info</span><span class="p">}</span><span class="s2">`</span><span class="p">,</span> <span class="p">},</span> <span class="p">}),</span> <span class="p">{</span> <span class="na">status</span><span class="p">:</span> <span class="nx">response</span><span class="p">.</span><span class="nx">status</span><span class="p">,</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="dl">"</span><span class="s2">Content-Type</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">application/json</span><span class="dl">"</span><span class="p">,</span> <span class="p">},</span> <span class="p">},</span> <span class="p">);</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">error</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="k">new</span> <span class="nc">Response</span><span class="p">(</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="p">{</span> <span class="na">http_code</span><span class="p">:</span> <span class="mi">500</span><span class="p">,</span> <span class="na">message</span><span class="p">:</span> <span class="s2">`Failed to send sms: </span><span class="p">${</span><span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">(</span><span class="nx">error</span><span class="p">)}</span><span class="s2">`</span><span class="p">,</span> <span class="p">},</span> <span class="p">}),</span> <span class="p">{</span> <span class="na">status</span><span class="p">:</span> <span class="mi">500</span><span class="p">,</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="dl">"</span><span class="s2">Content-Type</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">application/json</span><span class="dl">"</span><span class="p">,</span> <span class="p">},</span> <span class="p">},</span> <span class="p">);</span> <span class="p">}</span> <span class="p">});</span> </code></pre> </div> <p><strong>4. Deploy the Function</strong></p> <p>Deploy the <code>sms-hook</code> function using the following command:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> npx supabase functions deploy sms-hook --no-verify-jwt </code></pre> </div> <p><strong>5. Enable Phone Authentication</strong></p> <p>Remember to enable the phone provider from Authentication Providers in your Supabase Dashboard.</p> <h2> Important Notes </h2> <ul> <li>Make sure to replace placeholders like <code>your-project-id</code> with your actual Supabase project details.</li> <li>The <code>SEND_SMS_HOOK_SECRET</code> should be set as an environment variable, using the secret you generated earlier (remove the <code>v1,whsec_</code> prefix).</li> <li>You'll need to set up environment variables for <code>TEXT_GURU_USERNAME</code>, <code>TEXT_GURU_PASSWORD</code>, <code>SMS_HEADER</code>, and <code>SMS_TEMPLATE_ID</code> according to your SMS provider's requirements.</li> <li>This implementation uses TextGuru as the SMS provider. You may need to adjust the <code>sendTextMessage</code> function if you're using a different provider.</li> </ul> <p>By following these steps, you'll have successfully implemented and deployed a custom SMS hook for authentication in your Supabase project.</p> postgres supabase smshook msg91 How to create API keys in Supabase for roles other than "anon" and "service"? acetrondi Sun, 04 Jun 2023 06:32:29 +0000 https://dev.to/acetrondi/how-to-create-api-keys-in-supabase-for-roles-other-than-anon-and-service-1j7f https://dev.to/acetrondi/how-to-create-api-keys-in-supabase-for-roles-other-than-anon-and-service-1j7f <h4> <strong>If you're reading this post, you may already be familiar with Supabase. However, for those who are new, let me provide a brief introduction.</strong> </h4> <p>Supabase is an alternative to Firebase that utilizes PostgreSQL as its database and offers various features, including authentication, real-time capabilities, and storage.</p> <p>To get started with Supabase, follow these steps:</p> <ol> <li> <p>Obtain the JWT key from the Supabase dashboard or through this <a href="https://app.supabase.com/project/_/settings/api" rel="noopener noreferrer">link</a>.<br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F3wo4ekl59vutdk41uaj0.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F3wo4ekl59vutdk41uaj0.png" alt="Obtain Jwt token/secret from supabase dashboard" width="800" height="181"></a></p> <blockquote> <p>Never disclose your Jwt secret/token in public</p> </blockquote> </li> <li><p>Create a role in your SQL editor:<br> </p></li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">CREATE</span> <span class="k">ROLE</span> <span class="n">your_role</span><span class="p">;</span> <span class="k">GRANT</span> <span class="n">your_role</span> <span class="k">TO</span> <span class="n">authenticator</span><span class="p">;</span> <span class="c1">-- grant role privileges here </span> </code></pre> </div> <p>3.Visit <a href="//jwt.io">jwt.io</a> and populate the payload field with the following information:</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F8lqc2tm48hby2mespnv6.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F8lqc2tm48hby2mespnv6.png" alt="Enter data in payload field" width="800" height="309"></a><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"iss"</span><span class="p">:</span><span class="w"> </span><span class="s2">"supabase"</span><span class="p">,</span><span class="w"> </span><span class="nl">"ref"</span><span class="p">:</span><span class="w"> </span><span class="s2">"project ref id"</span><span class="p">,</span><span class="w"> </span><span class="nl">"role"</span><span class="p">:</span><span class="w"> </span><span class="s2">"your_role"</span><span class="p">,</span><span class="w"> </span><span class="nl">"exp"</span><span class="p">:</span><span class="w"> </span><span class="mi">2001128702</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <blockquote> <p>Replace ref with your project reference ID from <a href="https://app.supabase.com/project/_/settings/general" rel="noopener noreferrer">Dashboard</a></p> </blockquote> <p>4.In the "Verify Signature" field, enter the JWT Token/Secret obtained in step 1.</p> <blockquote> <p>Note: Default algorithm for JWT token is "HS256"<br> </p> </blockquote> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="err">//Header</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"alg"</span><span class="p">:</span><span class="w"> </span><span class="s2">"HS256"</span><span class="p">,</span><span class="w"> </span><span class="nl">"typ"</span><span class="p">:</span><span class="w"> </span><span class="s2">"JWT"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F4yh3pwcdqov93ofa6b0a.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F4yh3pwcdqov93ofa6b0a.png" alt="Enter your Jwt token in Verify Signature" width="800" height="298"></a></p> <p>5.The "Encoded/Token" field will display the newly generated token. Copy this token and include it in your REST API or client code and requests as <code>Authorization: Bearer new_generated_token</code>. This token will have all the privileges you gave to your_role role from sql editor in supabase dashboard.</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fo3xrap35p2h89ohclyv3.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fo3xrap35p2h89ohclyv3.png" alt="Fetch/Copy newly generated token from the Encoded field" width="800" height="377"></a></p> <blockquote> <p><strong>Note: Please exercise caution when assigning sensitive data as this role will have the privileges you grant it.</strong></p> </blockquote> <p><em>Peace!</em></p> supabase postgressql postgrest rest