DEV Community: Sebastian Ruhleder The latest articles on DEV Community by Sebastian Ruhleder (@sruhleder). https://dev.to/sruhleder https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F612841%2F8433d5a5-6412-4fc1-a463-9290ad7d081a.png DEV Community: Sebastian Ruhleder https://dev.to/sruhleder en Protected Routes with Supabase and Next.js Sebastian Ruhleder Fri, 03 Dec 2021 12:44:02 +0000 https://dev.to/sruhleder/protected-routes-with-supabase-and-nextjs-381k https://dev.to/sruhleder/protected-routes-with-supabase-and-nextjs-381k <p>Some routes of your web application are meant for authenticated users only. For example, a <code>/settings</code> page can only be used if the user is signed in.</p> <p>You could solve this client-side: Once the page renders, you check whether a user is signed in; if they are not, you redirect the user to the sign in page.</p> <p>There is a problem with this, though. The page will start to render, so you either have to prevent everything from rendering until this check is done or you will see a partially rendered page suddenly redirected to the sign in page.</p> <p>Luckily with Next.js, we can do this check server-side. Here's an outline of how we're going to do it:</p> <ul> <li>Write an API route <code>/api/auth</code> to set a cookie based on whether a user signs in or out.</li> <li>Register a listener with Supabase's <code>onAuthStateChange</code> to detect a sign in or sign out and call this API route.</li> <li>Extract a function <code>enforceAuthenticated</code> to protect a route with one line of code.</li> </ul> <h2> Setting an Auth Cookie </h2> <p>Supabase provides a <code>setAuthCookie</code> function defined in <code>@supabase/gotrue-js</code>. This function takes a Next.js (or Express) request and response and sets or removes an auth cookie.</p> <p>To make use of it, we introduce an API route <code>/api/auth</code> and simply call <code>setAuthCookie</code>, passing it the request and response objects.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// pages/api/auth.ts</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">NextApiRequest</span><span class="p">,</span> <span class="nx">NextApiResponse</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">next</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">supabase</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">./../../components/supabaseClient</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">handler</span> <span class="o">=</span> <span class="p">(</span><span class="nx">req</span><span class="p">:</span> <span class="nx">NextApiRequest</span><span class="p">,</span> <span class="nx">res</span><span class="p">:</span> <span class="nx">NextApiResponse</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">supabase</span><span class="p">.</span><span class="nx">auth</span><span class="p">.</span><span class="nx">api</span><span class="p">.</span><span class="nx">setAuthCookie</span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">);</span> <span class="p">};</span> <span class="k">export</span> <span class="k">default</span> <span class="nx">handler</span><span class="p">;</span> </code></pre> </div> <p><code>setAuthCookie</code> behaves like this:</p> <ul> <li>The request <code>req</code> must be <code>POST</code> request.</li> <li>The request body must contain two elements: a <code>session</code> and an <code>event</code>.</li> <li>The <code>session</code> contains session data (as is provided by <code>supabase.auth.session()</code> for example).</li> <li>The <code>event</code> is either <code>SIGNED_IN</code> indicating a sign in or <code>SIGNED_OUT</code> indicating a sign out.</li> </ul> <p>Getting this data is easy.</p> <h2> Updating the Auth Cookie </h2> <p>To keep the auth cookie up to date, we have to listen to changes in the authentication state of Supabase. On every change, we have to call the <code>/api/auth</code> endpoint to update the cookie accordingly.</p> <p>For this, Supabase provides the <code>onAuthStateChange</code> function, which allows us to register a listener. This listener is called whenever a user signs in or out.</p> <p>The following snippet should be used within the <code>App</code> component (usually <code>_app.tsx</code> or <code>_app.jsx</code>).<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="nx">useEffect</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">{</span> <span class="na">data</span><span class="p">:</span> <span class="nx">authListener</span> <span class="p">}</span> <span class="o">=</span> <span class="nx">supabase</span><span class="p">.</span><span class="nx">auth</span><span class="p">.</span><span class="nx">onAuthStateChange</span><span class="p">((</span><span class="nx">event</span><span class="p">,</span> <span class="nx">session</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">updateSupabaseCookie</span><span class="p">(</span><span class="nx">event</span><span class="p">,</span> <span class="nx">session</span><span class="p">);</span> <span class="p">});</span> <span class="k">return</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">authListener</span><span class="p">?.</span><span class="nx">unsubscribe</span><span class="p">();</span> <span class="p">};</span> <span class="p">});</span> <span class="k">async</span> <span class="kd">function</span> <span class="nx">updateSupabaseCookie</span><span class="p">(</span><span class="nx">event</span><span class="p">:</span> <span class="nx">AuthChangeEvent</span><span class="p">,</span> <span class="nx">session</span><span class="p">:</span> <span class="nx">Session</span> <span class="o">|</span> <span class="kc">null</span><span class="p">)</span> <span class="p">{</span> <span class="k">await</span> <span class="nx">fetch</span><span class="p">(</span><span class="dl">'</span><span class="s1">/api/auth</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">method</span><span class="p">:</span> <span class="dl">'</span><span class="s1">POST</span><span class="dl">'</span><span class="p">,</span> <span class="na">headers</span><span class="p">:</span> <span class="k">new</span> <span class="nx">Headers</span><span class="p">({</span> <span class="dl">'</span><span class="s1">Content-Type</span><span class="dl">'</span><span class="p">:</span> <span class="dl">'</span><span class="s1">application/json</span><span class="dl">'</span> <span class="p">}),</span> <span class="na">credentials</span><span class="p">:</span> <span class="dl">'</span><span class="s1">same-origin</span><span class="dl">'</span><span class="p">,</span> <span class="na">body</span><span class="p">:</span> <span class="nx">JSON</span><span class="p">.</span><span class="nx">stringify</span><span class="p">({</span> <span class="nx">event</span><span class="p">,</span> <span class="nx">session</span> <span class="p">}),</span> <span class="p">});</span> <span class="p">}</span> </code></pre> </div> <p>The listener is passed two arguments when the authentication state changes: an <code>event</code> indicating whether the user signed in or out and the current <code>session</code>. This is exactly what the <code>/api/auth</code> endpoint needs to update the auth cookie. Using <code>fetch</code>, we send a simple <code>POST</code> request to it to reflect this change.</p> <p>👉 I recommend extracting this code into a custom hook (which you can call <code>useUpdateAuthCookie</code> for example).</p> <p>Changes in the authentication state in the frontend are now reflected in the auth cookie. Why do we update such a cookie? So we can use it server-side when using functions like <code>getServerSideProps</code>.</p> <h2> Protecting Routes </h2> <p>We can now protect a route by checking the auth cookie in <code>getServerSideProps</code>. If the user is signed in, we simply return; otherwise, we redirect the user to a sign in page. </p> <p>Let's assume this sign in page can be found at <code>/signin</code>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">export</span> <span class="k">async</span> <span class="kd">function</span> <span class="nx">getServerSideProps</span><span class="p">({</span> <span class="nx">req</span> <span class="p">})</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">user</span> <span class="p">}</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">supabase</span><span class="p">.</span><span class="nx">auth</span><span class="p">.</span><span class="nx">api</span><span class="p">.</span><span class="nx">getUserByCookie</span><span class="p">(</span><span class="nx">req</span><span class="p">);</span> <span class="k">if</span> <span class="p">(</span><span class="o">!</span><span class="nx">user</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="p">{</span> <span class="na">props</span><span class="p">:</span> <span class="p">{},</span> <span class="na">redirect</span><span class="p">:</span> <span class="p">{</span> <span class="na">destination</span><span class="p">:</span> <span class="dl">'</span><span class="s1">/signin</span><span class="dl">'</span> <span class="p">}</span> <span class="p">};</span> <span class="p">}</span> <span class="k">return</span> <span class="p">{</span> <span class="na">props</span><span class="p">:</span> <span class="p">{}</span> <span class="p">};</span> <span class="p">}</span> </code></pre> </div> <p>Depending on how many routes you must protect, it's a good idea to extract this code and reuse it. For my projects, I use a function called <code>enforceAuthenticated</code>. This function takes an optional <code>getServerSideProps</code> function and delegates to it in the case that the user is signed in.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">GetServerSideProps</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">next</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">supabase</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">./supabaseClient</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">enforceAuthenticated</span><span class="p">:</span> <span class="p">(</span><span class="nx">inner</span><span class="p">?:</span> <span class="nx">GetServerSideProps</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nx">GetServerSideProps</span> <span class="o">=</span> <span class="nx">inner</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">return</span> <span class="k">async</span> <span class="nx">context</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">req</span> <span class="p">}</span> <span class="o">=</span> <span class="nx">context</span><span class="p">;</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">user</span> <span class="p">}</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">supabase</span><span class="p">.</span><span class="nx">auth</span><span class="p">.</span><span class="nx">api</span><span class="p">.</span><span class="nx">getUserByCookie</span><span class="p">(</span><span class="nx">req</span><span class="p">);</span> <span class="k">if</span> <span class="p">(</span><span class="o">!</span><span class="nx">user</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="p">{</span> <span class="na">props</span><span class="p">:</span> <span class="p">{},</span> <span class="na">redirect</span><span class="p">:</span> <span class="p">{</span> <span class="na">destination</span><span class="p">:</span> <span class="dl">'</span><span class="s1">/signin</span><span class="dl">'</span> <span class="p">}</span> <span class="p">};</span> <span class="p">}</span> <span class="k">if</span> <span class="p">(</span><span class="nx">inner</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">inner</span><span class="p">(</span><span class="nx">context</span><span class="p">);</span> <span class="p">}</span> <span class="k">return</span> <span class="p">{</span> <span class="na">props</span><span class="p">:</span> <span class="p">{}</span> <span class="p">};</span> <span class="p">};</span> <span class="p">};</span> <span class="k">export</span> <span class="k">default</span> <span class="nx">enforceAuthenticated</span><span class="p">;</span> </code></pre> </div> <p>With this, quickly protecting a route becomes a one-liner:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight tsx"><code><span class="c1">// pages/protected.tsx</span> <span class="k">import</span> <span class="nx">enforceAuthenticated</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">../components/enforceAuthenticated</span><span class="dl">'</span><span class="p">;</span> <span class="k">export</span> <span class="k">default</span> <span class="kd">function</span> <span class="nx">ProtectedPage</span><span class="p">()</span> <span class="p">{</span> <span class="k">return</span> <span class="p">&lt;</span><span class="nt">div</span><span class="p">&gt;</span>Protected Page<span class="p">&lt;/</span><span class="nt">div</span><span class="p">&gt;</span> <span class="p">}</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">getServerSideProps</span> <span class="o">=</span> <span class="nx">enforceAuthenticated</span><span class="p">();</span> </code></pre> </div> <p>When we go to <code>/protected</code> now, we are either redirected to <code>/signin</code> when we are not signed in or the <code>ProtectedPage</code> is rendered.</p> <h2> Recap </h2> <p>Here's what we did:</p> <ul> <li>We created an API route <code>/api/auth</code> which updates an auth cookie based on a session and an event indicating a sign in or sign out.</li> <li>We created a listener in the <code>App</code> component to send every update to the authentication state to the <code>/api/auth</code> endpoint, thereby updating the auth cookie.</li> <li>In our server-side code, we used the <code>getUserByCookie</code> function to determine whether a user is signed in or out. Based on this, we either render the page or redirect the user to a sign in page.</li> <li>We introduced a function <code>enforceAuthenticated</code> to reuse this functionality on as many routes as we want.</li> </ul> <p>If you enjoyed this post, you can <a href="https://twitter.com/SRuhleder">follow me on Twitter</a> 🙏</p> <h2> Credits </h2> <p>When I started out with Supabase, I read:</p> <p><a href="https://dev.to/dabit3/magic-link-authentication-and-route-controls-with-supabase-and-next-js-leo">Magic Link Authentication and Route Controls with Supabase and Next.js</a> by <a href="https://twitter.com/dabit3">Nader Dabit</a></p> <p>It's a great post and the first time I saw the <code>setAuthCookie</code>/<code>getUserByCookie</code> combination. Give it a read, it's an excellent post!</p> supabase nextjs react auth Creating User Profiles on Sign-Up in Supabase Sebastian Ruhleder Wed, 11 Aug 2021 18:16:38 +0000 https://dev.to/sruhleder/creating-user-profiles-on-sign-up-in-supabase-5037 https://dev.to/sruhleder/creating-user-profiles-on-sign-up-in-supabase-5037 <p>Supabase stores authentication-related information (unique ID, email, password, etc.) in the <code>auth.users</code> table when users sign up. The <code>auth</code> schema isn't publicly accessible for security reasons, so you can't store additional information on your users in this table.</p> <p>Depending on what type of application you are building, you might need a <code>profile</code> table containing profile information your users can interact with. In this post, we will:</p> <ul> <li>Create a simple <code>profile</code> table in the <code>public</code> schema.</li> <li>Enable Row-Level Security on it and restrict access for users to their own profile data.</li> <li>Write a database trigger that automatically creates a row for every user on sign-up.</li> </ul> <h2> Creating &amp; Securing a Profile Table </h2> <p>We start by creating a <code>profile</code> table with two columns: <code>id</code> referencing a user ID in the <code>auth.users</code> table, and <code>display_name</code>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">CREATE</span> <span class="k">TABLE</span> <span class="k">public</span><span class="p">.</span><span class="n">profile</span> <span class="p">(</span> <span class="n">id</span> <span class="n">UUID</span> <span class="k">REFERENCES</span> <span class="n">auth</span><span class="p">.</span><span class="n">users</span> <span class="k">NOT</span> <span class="k">NULL</span><span class="p">,</span> <span class="n">display_name</span> <span class="nb">TEXT</span> <span class="k">NULL</span><span class="p">,</span> <span class="k">PRIMARY</span> <span class="k">KEY</span> <span class="p">(</span><span class="n">id</span><span class="p">)</span> <span class="p">);</span> </code></pre> </div> <p>Supabase uses <a href="https://supabase.io/docs/postgrest/server/about">PostgREST</a> to access the Postgres database via its API (i.e., the <code>supabase</code> API you use in your client application). By default, a table in the <code>public</code> schema can be accessed without restriction.</p> <p>However, in our case, we want to restrict access on this table so that users can only select and update data that belongs to them. We are going to use <a href="https://www.postgresql.org/docs/9.5/ddl-rowsecurity.html">Row-Level Security</a> for this.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">ALTER</span> <span class="k">TABLE</span> <span class="k">public</span><span class="p">.</span><span class="n">profile</span> <span class="n">ENABLE</span> <span class="k">ROW</span> <span class="k">LEVEL</span> <span class="k">SECURITY</span><span class="p">;</span> </code></pre> </div> <p>When Row-Level Security is enabled for a table, all access to this table must be allowed by a row security policy. The idea here is: "Everything is forbidden unless explicitly allowed."</p> <p>The first row security policy we introduce allows a user to <code>SELECT</code> their own profile data:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">CREATE</span> <span class="n">POLICY</span> <span class="nv">"Can only view own profile data."</span> <span class="k">ON</span> <span class="k">public</span><span class="p">.</span><span class="n">profile</span> <span class="k">FOR</span> <span class="k">SELECT</span> <span class="k">USING</span> <span class="p">(</span> <span class="n">auth</span><span class="p">.</span><span class="n">uid</span><span class="p">()</span> <span class="o">=</span> <span class="n">id</span> <span class="p">);</span> </code></pre> </div> <p>The second row security policy allows a user to <code>UPDATE</code> their own profile data:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">CREATE</span> <span class="n">POLICY</span> <span class="nv">"Can only update own profile data."</span> <span class="k">ON</span> <span class="k">public</span><span class="p">.</span><span class="n">profile</span> <span class="k">FOR</span> <span class="k">UPDATE</span> <span class="k">USING</span> <span class="p">(</span> <span class="n">auth</span><span class="p">.</span><span class="n">uid</span><span class="p">()</span> <span class="o">=</span> <span class="n">id</span> <span class="p">);</span> </code></pre> </div> <p>The idea behind these policies is to specifically grant rights to <code>SELECT</code> or <code>UPDATE</code> rows where the <code>id</code> is set to the authenticated user's unique ID. Since <code>id</code> is the primary key of the <code>profile</code> table, this effectively leaves only one row: the user's own profile data.</p> <p>If you want to know how to handle public and private access, I recommend reading the page <a href="https://supabase.io/docs/guides/auth/managing-user-data">Managing User Data</a> from the Supabase documentation.</p> <h2> Automatically Creating Profiles on Sign-Up </h2> <p>When a user signs up or signs in with a Third-Party provider (e.g. Twitter, GitHub, Google, etc.), a new row is inserted into the <code>auth.users</code> table. Ideally, we want to create a new profile at the same time. An easy way to do so is to use <a href="https://www.postgresql.org/docs/9.1/sql-createtrigger.html">triggers</a>.</p> <p>The following statement creates a trigger called <code>create_profile_on_signup</code> that calls the function <code>create_profile_for_new_user()</code> whenever a new row is inserted into the <code>auth.users</code> table:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">CREATE</span> <span class="k">TRIGGER</span> <span class="n">create_profile_on_signup</span> <span class="k">AFTER</span> <span class="k">INSERT</span> <span class="k">ON</span> <span class="n">auth</span><span class="p">.</span><span class="n">users</span> <span class="k">FOR</span> <span class="k">EACH</span> <span class="k">ROW</span> <span class="k">EXECUTE</span> <span class="k">PROCEDURE</span> <span class="k">public</span><span class="p">.</span><span class="n">create_profile_for_new_user</span><span class="p">();</span> </code></pre> </div> <p>The function <code>create_profile_for_new_user()</code> simply inserts a new row into our <code>profile</code> table:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">CREATE</span> <span class="k">FUNCTION</span> <span class="k">public</span><span class="p">.</span><span class="n">create_profile_for_new_user</span><span class="p">()</span> <span class="k">RETURNS</span> <span class="k">TRIGGER</span> <span class="k">AS</span> <span class="err">$$</span> <span class="k">BEGIN</span> <span class="k">INSERT</span> <span class="k">INTO</span> <span class="k">public</span><span class="p">.</span><span class="n">profile</span> <span class="p">(</span><span class="n">id</span><span class="p">)</span> <span class="k">VALUES</span> <span class="p">(</span><span class="k">NEW</span><span class="p">.</span><span class="n">id</span><span class="p">);</span> <span class="k">RETURN</span> <span class="k">NEW</span><span class="p">;</span> <span class="k">END</span><span class="p">;</span> <span class="err">$$</span> <span class="k">LANGUAGE</span> <span class="n">plpgsql</span> <span class="k">SECURITY</span> <span class="k">DEFINER</span><span class="p">;</span> </code></pre> </div> <p>The <a href="https://www.postgresql.org/docs/current/plpgsql-trigger.html"><code>NEW</code> keyword</a> refers to a variable holding the new database row (i.e., the one that was just inserted into the <code>auth.users</code> table).</p> <p>There's one thing missing, though: The <code>display_name</code> isn't set. Technically, this isn't a problem, as the column is nullable. For Third-Party logins, however, we can access certain metadata that allows us to prefill this column with a sensible value.</p> <p>The <code>auth.users</code> table has a <code>JSONB</code> column called <code>raw_user_meta_data</code> containing information on the user depending on the Third-Party provider used for signing in. For example, it <a href="https://github.com/supabase/gotrue/pull/127#issuecomment-876525074">usually contains a <code>user_name</code> field</a>.</p> <p>Making use of this, we can prefill the <code>display_name</code> with this username like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">CREATE</span> <span class="k">FUNCTION</span> <span class="k">public</span><span class="p">.</span><span class="n">create_profile_for_new_user</span><span class="p">()</span> <span class="k">RETURNS</span> <span class="k">TRIGGER</span> <span class="k">AS</span> <span class="err">$$</span> <span class="k">BEGIN</span> <span class="k">INSERT</span> <span class="k">INTO</span> <span class="k">public</span><span class="p">.</span><span class="n">profile</span> <span class="p">(</span><span class="n">id</span><span class="p">,</span> <span class="n">display_name</span><span class="p">)</span> <span class="k">VALUES</span> <span class="p">(</span> <span class="k">NEW</span><span class="p">.</span><span class="n">id</span><span class="p">,</span> <span class="k">NEW</span><span class="p">.</span><span class="n">raw_user_meta_data</span> <span class="o">-&gt;&gt;</span> <span class="s1">'user_name'</span> <span class="p">);</span> <span class="k">RETURN</span> <span class="k">NEW</span><span class="p">;</span> <span class="k">END</span><span class="p">;</span> <span class="err">$$</span> <span class="k">LANGUAGE</span> <span class="n">plpgsql</span> <span class="k">SECURITY</span> <span class="k">DEFINER</span><span class="p">;</span> </code></pre> </div> <p>Now, whenever a user signs up, a new <code>profile</code> is created with its <code>display_name</code> set to the username used with the Third-Party provider or to <code>NULL</code> when you use Supabase's sign in (here you can fill it from within the client application).</p> <h2> Recap </h2> <ul> <li>The <code>auth.users</code> table stores authentication-related information.</li> <li>You can't access or modify this table from within your application for (obvious) security reasons.</li> <li>We created a <code>profile</code> table with two columns <code>id</code> and <code>display_name</code>.</li> <li>We enabled Row-Level Security for this table and restricted access for users to their own data.</li> <li>We created a trigger and function to automatically insert a new row into <code>profile</code> when a new row is inserted into <code>auth.users</code> table.</li> <li>When a user signs up or signs in with a Third-Party provider, a new row is inserted into <code>auth.users</code>.</li> </ul> <h2> References </h2> <ul> <li>I can highly recommend the <a href="https://github.com/vercel/nextjs-subscription-payments">Next.js Subscription Payments Starter</a>, which uses this idea <a href="https://github.com/vercel/nextjs-subscription-payments/blob/main/schema.sql#L22">here</a>.</li> </ul> supabase postgres webdev Using React Query with Supabase Sebastian Ruhleder Tue, 10 Aug 2021 18:54:35 +0000 https://dev.to/sruhleder/using-react-query-with-supabase-a03 https://dev.to/sruhleder/using-react-query-with-supabase-a03 <p>If you are using Supabase in React, it's a good idea to combine it with <a href="https://react-query.tanstack.com">React Query</a>. Let's first have a look at how you fetch data in Supabase.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="p">{</span> <span class="nx">data</span><span class="p">,</span> <span class="nx">error</span> <span class="p">}</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">supabase</span> <span class="p">.</span><span class="k">from</span><span class="p">(</span><span class="dl">'</span><span class="s1">todo</span><span class="dl">'</span><span class="p">)</span> <span class="p">.</span><span class="nx">select</span><span class="p">(</span><span class="dl">'</span><span class="s1">id, name</span><span class="dl">'</span><span class="p">)</span> <span class="p">.</span><span class="nx">eq</span><span class="p">(</span><span class="dl">'</span><span class="s1">done</span><span class="dl">'</span><span class="p">,</span> <span class="kc">false</span><span class="p">);</span> </code></pre> </div> <p>This call queries the <code>todo</code> table, selecting the <code>id</code> and <code>name</code> columns and filters for those to-dos that are not <code>done</code>. If <code>error</code> is not null, something went wrong, and <code>data</code> is <code>null</code>. Otherwise, data is an array of objects representing the rows that matched the query.</p> <p>Since a potential error is returned, the promise we await here never rejects. But the query function we use in <code>useQuery</code> is supposed to either resolve data or throw an error. If we simply wrap the query from above in a <code>useQuery</code> call, React Query cannot detect if the call failed:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// ⛔️ silently swallows a potential 'error'</span> <span class="nx">useQuery</span><span class="p">(</span> <span class="p">[</span><span class="dl">'</span><span class="s1">open-todos</span><span class="dl">'</span><span class="p">],</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="nx">supabase</span> <span class="p">.</span><span class="k">from</span><span class="p">(</span><span class="dl">'</span><span class="s1">todo</span><span class="dl">'</span><span class="p">)</span> <span class="p">.</span><span class="nx">select</span><span class="p">(</span><span class="dl">'</span><span class="s1">id, name</span><span class="dl">'</span><span class="p">)</span> <span class="p">.</span><span class="nx">eq</span><span class="p">(</span><span class="dl">'</span><span class="s1">done</span><span class="dl">'</span><span class="p">,</span> <span class="kc">false</span><span class="p">)</span> <span class="p">);</span> </code></pre> </div> <p>To write a <code>useQuery</code>-conform query function, we can explicitly throw an error if one occurs:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">useQuery</span><span class="p">(</span> <span class="p">[</span><span class="dl">'</span><span class="s1">open-todos</span><span class="dl">'</span><span class="p">],</span> <span class="k">async</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">data</span><span class="p">,</span> <span class="nx">error</span> <span class="p">}</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">supabase</span> <span class="p">.</span><span class="k">from</span><span class="p">(</span><span class="dl">'</span><span class="s1">todo</span><span class="dl">'</span><span class="p">)</span> <span class="p">.</span><span class="nx">select</span><span class="p">(</span><span class="dl">'</span><span class="s1">id, name</span><span class="dl">'</span><span class="p">)</span> <span class="p">.</span><span class="nx">eq</span><span class="p">(</span><span class="dl">'</span><span class="s1">done</span><span class="dl">'</span><span class="p">,</span> <span class="kc">false</span><span class="p">);</span> <span class="k">if</span> <span class="p">(</span><span class="nx">error</span><span class="p">)</span> <span class="p">{</span> <span class="k">throw</span> <span class="k">new</span> <span class="nb">Error</span><span class="p">(</span><span class="s2">`</span><span class="p">${</span><span class="nx">error</span><span class="p">.</span><span class="nx">message</span><span class="p">}</span><span class="s2">: </span><span class="p">${</span><span class="nx">error</span><span class="p">.</span><span class="nx">details</span><span class="p">}</span><span class="s2">`</span><span class="p">);</span> <span class="p">}</span> <span class="k">return</span> <span class="nx">data</span><span class="p">;</span> <span class="p">}</span> <span class="p">);</span> </code></pre> </div> <p>Since all calls to Supabase follow the same pattern, we can introduce a small function to reuse this explicit handling of errors:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">function</span> <span class="nx">useOpenTodos</span><span class="p">()</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">useQuery</span><span class="p">(</span> <span class="p">[</span><span class="dl">'</span><span class="s1">open-todos</span><span class="dl">'</span><span class="p">],</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="nx">supabase</span> <span class="p">.</span><span class="k">from</span><span class="p">(</span><span class="dl">'</span><span class="s1">todo</span><span class="dl">'</span><span class="p">)</span> <span class="p">.</span><span class="nx">select</span><span class="p">(</span><span class="dl">'</span><span class="s1">id, name</span><span class="dl">'</span><span class="p">)</span> <span class="p">.</span><span class="nx">eq</span><span class="p">(</span><span class="dl">'</span><span class="s1">done</span><span class="dl">'</span><span class="p">,</span> <span class="kc">false</span><span class="p">)</span> <span class="p">.</span><span class="nx">then</span><span class="p">(</span><span class="nx">handleSupabaseError</span><span class="p">)</span> <span class="p">.</span><span class="nx">then</span><span class="p">(({</span> <span class="nx">data</span> <span class="p">})</span> <span class="o">=&gt;</span> <span class="nx">data</span><span class="p">)</span> <span class="p">);</span> <span class="p">}</span> <span class="kd">function</span> <span class="nx">handleSupabaseError</span><span class="p">({</span> <span class="nx">error</span><span class="p">,</span> <span class="p">...</span><span class="nx">rest</span> <span class="p">})</span> <span class="p">{</span> <span class="k">if</span> <span class="p">(</span><span class="nx">error</span><span class="p">)</span> <span class="p">{</span> <span class="k">throw</span> <span class="nx">error</span><span class="p">;</span> <span class="p">}</span> <span class="k">return</span> <span class="nx">rest</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <p>This way, you don't have to write the same boilerplate for every <code>supabase</code> call and can effectively make use of the benefits of React Query's data management.</p> react supabase reactquery webdev How to Migrate Supabase Databases with Flyway & GitHub Actions Sebastian Ruhleder Mon, 09 Aug 2021 21:24:56 +0000 https://dev.to/sruhleder/how-to-migrate-supabase-databases-with-flyway-github-actions-2ani https://dev.to/sruhleder/how-to-migrate-supabase-databases-with-flyway-github-actions-2ani <p>Completely built on open-source technology, <a href="https://supabase.io" rel="noopener noreferrer">Supabase</a> is an upcoming alternative to Google's Firebase. One distinct difference between Supabase and Firebase is the way they persist and manage data. While Firebase uses Firestore, a NoSQL document database you can only configure via a web interface, Supabase uses a Postgres database under the hood.</p> <p>When you set up a project, Supabase provides an in-built SQL console you can use to execute SQL statements on the project's database quickly. With a new project, it's tempting to whip up some <code>CREATE TABLE</code> statements and have at it.</p> <p>And if you are experimenting with Supabase, feel free to use Supabase's SQL console. After all, it works quite well and is, hands down, the fastest way to get cooking. But if you are working on a project that will see the light of production, consider using a tool like Flyway to migrate your database schema more reliably.</p> <p>In this post, we will set up a GitHub Action to execute Flyway migrations against a Supabase database whenever changes are pushed to a repository. This allows you to store your migrations alongside your code and always keep your database in sync with your business logic.</p> <h2> Finding the Database Connection Info </h2> <p>You need a database host, port, username, password, and database name to run Flyway. In Supabase, you can find this information by clicking on "Settings" and then "Database."</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F5yjs44rsstgnmhf2627v.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F5yjs44rsstgnmhf2627v.png" alt="Sidebar menu of Supabase, showing the Settings menu open, with Database selected"></a></p> <p>On the <em>Database Settings</em> page, you will find a box titled "Connection info" with all the information you need. For security reasons, the database password is not listed here. When you created the project, Supabase prompted you to enter it.</p> <h2> Creating a Simple Flyway Migration </h2> <p>A Flyway migration is nothing more than an SQL file. Since migrations are used to version control your database schema, these files must adhere to certain naming conventions. Flyway has a great introduction to <a href="https://flywaydb.org/documentation/concepts/migrations.html#sql-based-migrations" rel="noopener noreferrer">naming SQL-based migrations</a>.</p> <p>For our purposes, we will create a <code>profile</code> table with three columns: <code>user_id</code> referencing the ID of a registered user, <code>username</code>, and <code>email</code>.</p> <p>Let's create a file called <code>V1__create_table_profile.sql</code> in a directory <code>migrations</code>. The <code>migrations</code> directory should be placed in the root directory of our repository:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="c1">-- migrations/V1__create_table_profile.sql</span> <span class="k">CREATE</span> <span class="k">TABLE</span> <span class="k">public</span><span class="p">.</span><span class="n">profile</span> <span class="p">(</span> <span class="n">user_id</span> <span class="n">uuid</span> <span class="k">REFERENCES</span> <span class="n">auth</span><span class="p">.</span><span class="n">users</span> <span class="k">NOT</span> <span class="k">NULL</span> <span class="k">PRIMARY</span> <span class="k">KEY</span><span class="p">,</span> <span class="n">username</span> <span class="nb">TEXT</span> <span class="k">NULL</span><span class="p">,</span> <span class="n">email</span> <span class="nb">TEXT</span> <span class="k">NULL</span> <span class="p">);</span> </code></pre> </div> <p>If you want to change the location of these migrations, make sure to change the GitHub workflow configuration below accordingly.</p> <h2> Writing a GitHub Action to Run Flyway </h2> <p>Whenever we push changes to the migrations in the <code>migrations</code> directory, we want a GitHub Action to run them against our Supabase database.</p> <p>In our repository, create a file called <code>.github/workflows/migrate.yml</code> with the following content:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">name</span><span class="pi">:</span> <span class="s1">'</span><span class="s">Migrate</span><span class="nv"> </span><span class="s">database</span><span class="nv"> </span><span class="s">schema'</span> <span class="na">on</span><span class="pi">:</span> <span class="na">push</span><span class="pi">:</span> <span class="na">branches</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">main</span> <span class="na">jobs</span><span class="pi">:</span> <span class="na">migrate-database</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Run Flyway migrations</span> <span class="na">runs-on</span><span class="pi">:</span> <span class="s">ubuntu-20.04</span> <span class="na">env</span><span class="pi">:</span> <span class="na">SUPABASE_HOST</span><span class="pi">:</span> <span class="s">db.YOUR_SUPABASE_DATABASE_HOST.supabase.co</span> <span class="na">SUPABASE_PORT</span><span class="pi">:</span> <span class="m">5432</span> <span class="na">SUPABASE_USER</span><span class="pi">:</span> <span class="s">postgres</span> <span class="na">SUPABASE_DB</span><span class="pi">:</span> <span class="s">postgres</span> <span class="na">steps</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">actions/checkout@v2</span> <span class="pi">-</span> <span class="na">run</span><span class="pi">:</span> <span class="pi">&gt;-</span> <span class="s">docker run --rm</span> <span class="s">--volume ${{ github.workspace }}/migrations:/flyway/sql:ro</span> <span class="s">flyway/flyway:7.12.1-alpine</span> <span class="s">-url="jdbc:postgresql://${{ env.SUPABASE_HOST }}:${{ env.SUPABASE_PORT }}/${{ env.SUPABASE_DB }}?sslmode=require"</span> <span class="s">-user="${{ env.SUPABASE_USER }}"</span> <span class="s">-password="${{ secrets.SUPABASE_PASS }}"</span> <span class="s">migrate</span> </code></pre> </div> <p>The first line defines the workflow's name:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">name</span><span class="pi">:</span> <span class="s1">'</span><span class="s">Migrate</span><span class="nv"> </span><span class="s">database</span><span class="nv"> </span><span class="s">schema'</span> </code></pre> </div> <p>Then, we define the event that will trigger this workflow. Here, the workflow will only run when someone pushes changes to <code>main</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">on</span><span class="pi">:</span> <span class="na">push</span><span class="pi">:</span> <span class="na">branches</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">main</span> </code></pre> </div> <p>The job <code>migrate-database</code> defines four environment variables: <code>SUPABASE_HOST</code>, <code>SUPABASE_PORT</code>, <code>SUPABASE_USER</code>, <code>SUPABASE_DB</code>. Make sure to change them according to the connection info you found on the <em>Database Settings</em> page in Supabase.</p> <p>This job first checks the repository out and then executes a <code>docker</code> command. This command uses the <code>flyway:flyway</code> image to first mount the <code>migrations</code> directory to the container and then run the migrations against the database configured via the environment variables.</p> <p>Since the database password is a secret, we are using an <a href="https://docs.github.com/en/actions/reference/encrypted-secrets" rel="noopener noreferrer">encrypted secret</a> to access it:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="s">-password="${{ secrets.SUPABASE_PASS }}"</span> </code></pre> </div> <p>Make sure to create a secret <code>SUPABASE_PASS</code> containing the database password in your repository settings.</p> <p>Commit everything and push your changes to your repository. Once the workflow has been executed, your database schema has been updated and you should see a new <code>profile</code> table in your database.</p> <h2> Recap </h2> <p>Why should I use Flyway?</p> <ul> <li>Changes to your database schema become repeatable. This is useful when setting up new environments (either on supabase.io or locally).</li> <li>Your database schema evolves alongside your application.</li> <li>How your database looks like is co-located with the code interacting with it.</li> </ul> <p>What we did:</p> <ul> <li>Retrieved the database connection info from the <em>Database Settings</em> page in the Supabase UI.</li> <li>Created a simple Flyway SQL migration called <code>migrations/V1__create_table_profile.sql</code>, which creates a <code>profile</code> table.</li> <li>Added a GitHub workflow with one job called <code>migrate-database</code> that uses Flyway to run all migrations in the <code>migrations</code> directory against a Supabase database.</li> </ul> supabase postgres github flyway Hide useQuery Sebastian Ruhleder Mon, 12 Apr 2021 16:57:19 +0000 https://dev.to/sruhleder/hide-usequery-1aod https://dev.to/sruhleder/hide-usequery-1aod <p>I always wrap <a href="https://react-query.tanstack.com/guides/queries">React Query</a>'s <code>useQuery</code> hook in a custom hook and never use it directly within a component. To see why, let's have a look at an example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">function</span> <span class="nx">TodoList</span><span class="p">()</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">{</span> <span class="na">data</span><span class="p">:</span> <span class="nx">todos</span> <span class="o">=</span> <span class="p">[]</span> <span class="p">}</span> <span class="o">=</span> <span class="nx">useQuery</span><span class="p">(</span> <span class="p">[</span><span class="dl">'</span><span class="s1">todos</span><span class="dl">'</span><span class="p">],</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="nx">fetchTodos</span><span class="p">()</span> <span class="p">);</span> <span class="k">return</span> <span class="p">(</span> <span class="o">&lt;</span><span class="nx">ul</span><span class="o">&gt;</span> <span class="p">{</span><span class="nx">todos</span><span class="p">.</span><span class="nx">map</span><span class="p">(</span><span class="nx">todo</span> <span class="o">=&gt;</span> <span class="p">(</span> <span class="o">&lt;</span><span class="nx">li</span><span class="o">&gt;</span><span class="p">{</span><span class="nx">todo</span><span class="p">}</span><span class="o">&lt;</span><span class="sr">/li</span><span class="err">&gt; </span> <span class="p">)}</span> <span class="o">&lt;</span><span class="sr">/ul</span><span class="err">&gt; </span> <span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>The <code>TodoList</code> component is quite simple: It fetches a list of to-dos from our backend and renders them within an unordered list. By using <code>useQuery</code> directly, this component has to:</p> <ul> <li>specify a unique query key,</li> <li>be aware of the <code>fetchTodos()</code> function,</li> <li>and provide a sensible initial value <code>[]</code> while the request hasn't completed yet.</li> </ul> <p>The component is intended to render a to-do list, yet it is responsible for very technical decisions like these. In contrast, let's encapsulate the use of <code>useQuery</code> in a custom hook:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">function</span> <span class="nx">TodoList</span><span class="p">()</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">todos</span> <span class="o">=</span> <span class="nx">useTodos</span><span class="p">();</span> <span class="k">return</span> <span class="p">(</span> <span class="o">&lt;</span><span class="nx">ul</span><span class="o">&gt;</span> <span class="p">{</span><span class="nx">todos</span><span class="p">.</span><span class="nx">map</span><span class="p">(</span><span class="nx">todo</span> <span class="o">=&gt;</span> <span class="p">(</span> <span class="o">&lt;</span><span class="nx">li</span><span class="o">&gt;</span><span class="p">{</span><span class="nx">todo</span><span class="p">}</span><span class="o">&lt;</span><span class="sr">/li</span><span class="err">&gt; </span> <span class="p">)}</span> <span class="o">&lt;</span><span class="sr">/ul</span><span class="err">&gt; </span> <span class="p">);</span> <span class="p">}</span> <span class="kd">function</span> <span class="nx">useTodos</span><span class="p">()</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">{</span> <span class="na">data</span><span class="p">:</span> <span class="nx">todos</span> <span class="o">=</span> <span class="p">[]</span> <span class="p">}</span> <span class="o">=</span> <span class="nx">useQuery</span><span class="p">(</span> <span class="p">[</span><span class="dl">'</span><span class="s1">todos</span><span class="dl">'</span><span class="p">],</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="nx">fetchTodos</span><span class="p">()</span> <span class="p">);</span> <span class="k">return</span> <span class="nx">todos</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <p>By introducing a custom <code>useTodos()</code> hook, we:</p> <ul> <li>provide a layer abstraction by separating what we want to do (<em>get a list of to-dos</em>) from how we do it (<em>by using React Query</em>),</li> <li>make the list of to-dos reusable throughout our application,</li> <li>make it possible to easily switch React Query for a different library later on,</li> <li>and improve the readability of our <code>TodoList</code> component.</li> </ul> <p>The choice of a sensible query key, how a resource is fetched, and the configuration of <code>useQuery</code>'s options are implementation details that should always be hidden from components that only want to consume the resource managed by it.</p> <p>I've used this pattern for quite a while, both in personal projects and at work. It has served me tremendously well. The pattern ties in with and is a concrete instance of <a href="https://twitter.com/kyleshevlin">Kyle Shevlin</a>'s great post <a href="https://kyleshevlin.com/use-encapsulation">useEncapsulation</a>, which I can highly recommend for a more general view on this topic.</p> react query tutorial javascript Effective Query Keys in React Query Sebastian Ruhleder Mon, 12 Apr 2021 12:33:26 +0000 https://dev.to/sruhleder/effective-query-keys-in-react-query-1gco https://dev.to/sruhleder/effective-query-keys-in-react-query-1gco <p>In <a href="https://react-query.tanstack.com/overview">React Query</a>, every query uses a query key to identify the data it manages. For example, the following query uses the query key <code>['todos']</code> to identify a list of to-dos:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="p">{</span> <span class="na">data</span><span class="p">:</span> <span class="nx">todos</span> <span class="p">}</span> <span class="o">=</span> <span class="nx">useQuery</span><span class="p">([</span><span class="dl">'</span><span class="s1">todos</span><span class="dl">'</span><span class="p">],</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="nx">fetchTodos</span><span class="p">());</span> </code></pre> </div> <p>In this post, we will have a look at:</p> <ol> <li>The basic requirements a query key <em>must</em> fulfill.</li> <li>How to <em>invalidate</em> the cache based on a (partial) query key.</li> <li>My <em>personal flavor</em> of writing query keys; a few rules of thumb I have used in the past.</li> <li>How query keys work <em>under the hood</em>.</li> </ol> <h2> The Basics </h2> <p>There are some requirements a query key must fulfill:</p> <h3> It must uniquely identify the data managed by the query </h3> <p>React Query uses query keys for caching. Make sure to use query keys that uniquely identify the data you fetch from a server:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">useQuery</span><span class="p">([</span><span class="dl">'</span><span class="s1">todos</span><span class="dl">'</span><span class="p">],</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="nx">fetchTodos</span><span class="p">());</span> <span class="nx">useQuery</span><span class="p">([</span><span class="dl">'</span><span class="s1">users</span><span class="dl">'</span><span class="p">],</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="nx">fetchUsers</span><span class="p">());</span> </code></pre> </div> <h3> It should contain all variables the query function depends on </h3> <p>There are two reasons why:</p> <ol> <li>The variable is necessary to identify the data since it is used to fetch it. The to-dos for two users, who are identified by a <code>userId</code>, can't both use <code>['todos']</code>. A sensible query key would be <code>['todos', userId]</code>.</li> <li> <code>useQuery</code> calls the query function and thereby refetches the data whenever the query key changes. Including a variable in a query key is an easy way to automatically trigger a refetch and keep your data up-to-date.</li> </ol> <h3> It must be serializable </h3> <p>A query key can be a string or an array of strings, numbers, or even nested objects. However, it must be serializable: It cannot contain cyclic objects or functions.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// ok</span> <span class="nx">useQuery</span><span class="p">(</span><span class="dl">'</span><span class="s1">todos</span><span class="dl">'</span><span class="p">,</span> <span class="cm">/* ... */</span><span class="p">);</span> <span class="nx">useQuery</span><span class="p">([</span><span class="dl">'</span><span class="s1">todos</span><span class="dl">'</span><span class="p">,</span> <span class="nx">todoId</span><span class="p">],</span> <span class="cm">/* ... */</span><span class="p">);</span> <span class="nx">useQuery</span><span class="p">([</span><span class="dl">'</span><span class="s1">todos</span><span class="dl">'</span><span class="p">,</span> <span class="nx">todoId</span><span class="p">,</span> <span class="p">{</span> <span class="nx">date</span> <span class="p">}],</span> <span class="cm">/* ... */</span><span class="p">);</span> <span class="c1">// not ok!</span> <span class="nx">useQuery</span><span class="p">([</span><span class="kd">function</span> <span class="p">()</span> <span class="p">{}],</span> <span class="cm">/* ... */</span><span class="p">);</span> </code></pre> </div> <p>Query keys are hashed deterministically, which means the order of the keys in an object does not matter (whereas the order of elements in an array does!). The following two query keys are identical:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">useQuery</span><span class="p">([</span><span class="dl">'</span><span class="s1">todos</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="nx">format</span><span class="p">,</span> <span class="nx">dueToday</span> <span class="p">}],</span> <span class="cm">/* ... */</span><span class="p">);</span> <span class="nx">useQuery</span><span class="p">([</span><span class="dl">'</span><span class="s1">todos</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="nx">dueToday</span><span class="p">,</span> <span class="nx">format</span> <span class="p">}],</span> <span class="cm">/* ... */</span><span class="p">);</span> </code></pre> </div> <p>The following two query keys are not:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">useQuery</span><span class="p">([</span><span class="dl">'</span><span class="s1">todos</span><span class="dl">'</span><span class="p">,</span> <span class="nx">todoId</span><span class="p">],</span> <span class="cm">/* ... */</span><span class="p">);</span> <span class="nx">useQuery</span><span class="p">([</span><span class="nx">todoId</span><span class="p">,</span> <span class="dl">'</span><span class="s1">todos</span><span class="dl">'</span><span class="p">],</span> <span class="cm">/* ... */</span><span class="p">);</span> </code></pre> </div> <h2> Cache Invalidation </h2> <p>You can invalidate queries matching a partial or an exact query key by using the <code>invalidateQueries</code> method of the <code>QueryClient</code>. This method will mark the matched queries as stale and refetch them automatically if they are in use. Let's consider a simple example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">useQuery</span><span class="p">([</span><span class="dl">'</span><span class="s1">todos</span><span class="dl">'</span><span class="p">,</span> <span class="nx">todoId</span><span class="p">],</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="nx">fetchTodo</span><span class="p">(</span><span class="nx">todoId</span><span class="p">));</span> </code></pre> </div> <p>Imagine this hook is used twice on your page: once for <code>todoId = 1</code> and once for <code>todoId = 2</code>. Your query cache will contain two query keys (and the data identified by them): <code>['todos', 1]</code> and <code>['todos', 2]</code>.</p> <p>You can invalidate a specific to-do by using <code>invalidateQueries</code> with an exact query key:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// only invalidate ['todos', 1]</span> <span class="nx">queryClient</span><span class="p">.</span><span class="nx">invalidateQueries</span><span class="p">([</span><span class="dl">'</span><span class="s1">todos</span><span class="dl">'</span><span class="p">,</span> <span class="mi">1</span><span class="p">]);</span> </code></pre> </div> <p>Or, you can invalidate both by using the prefix <code>'todos'</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// invalidate both ['todos', 1] and ['todos', 2]</span> <span class="nx">queryClient</span><span class="p">.</span><span class="nx">invalidateQueries</span><span class="p">([</span><span class="dl">'</span><span class="s1">todos</span><span class="dl">'</span><span class="p">]);</span> <span class="c1">// you can even omit the array around the 'todos' label</span> <span class="c1">// to achieve the same result</span> <span class="nx">queryClient</span><span class="p">.</span><span class="nx">invalidateQueries</span><span class="p">(</span><span class="dl">'</span><span class="s1">todos</span><span class="dl">'</span><span class="p">);</span> </code></pre> </div> <p>Since cache invalidation allows you to use partial query keys to invalidate multiple queries at once, the way you structure your query keys has significant implications on how effectively you can manage data throughout your application.</p> <h2> The Flavor </h2> <p>I've established a set of best practices for myself when defining query keys. This list is by no means comprehensive, and you will find your own rhythm for dealing with query keys. But they might give you a solid foundation.</p> <h3> Go from most descriptive to least descriptive </h3> <p>You should start every query key with a label that identifies the <em>type</em> of data the query manages. For example, if the data describes a to-do (or a list of to-dos), you should start with a label like <code>'todos'</code>. Since partial query matching is prefix-based, this allows you to invalidate cohesive data easily.</p> <p>Then, you should sort the variables within the query key from most descriptive (e.g., a <code>todoId</code>, which directly describes a concrete to-do) to least descriptive (e.g., a <code>format</code>). Again, this allows us to make full use of the prefix-based cache invalidation.</p> <p>Violating this best practice might lead to this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">useQuery</span><span class="p">([</span><span class="dl">'</span><span class="s1">todos</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="nx">format</span> <span class="p">},</span> <span class="nx">todoId</span><span class="p">],</span> <span class="cm">/* ... */</span><span class="p">);</span> <span class="c1">// how do we invalidate a specific todoId irrespective of</span> <span class="c1">// its format?</span> <span class="nx">queryClient</span><span class="p">.</span><span class="nx">invalidateQueries</span><span class="p">([</span><span class="dl">'</span><span class="s1">todos</span><span class="dl">'</span><span class="p">,</span> <span class="cm">/* ??? */</span><span class="p">,</span> <span class="nx">todoId</span><span class="p">]);</span> </code></pre> </div> <h3> Bundle query parameters within an object </h3> <p>Often, I use path and query parameters of the data's URI to guide the query key's layout. Everything on the path gets its own value within the query key, and every attribute-value pair of the query component of a resource is bundled within an object at the end. For example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// path and query parameters</span> <span class="dl">'</span><span class="s1">/resources/{resourceId}/items/{itemId}?format=XML&amp;available</span><span class="dl">'</span> <span class="c1">// query key</span> <span class="p">[</span><span class="dl">'</span><span class="s1">resources</span><span class="dl">'</span><span class="p">,</span> <span class="nx">resourceId</span><span class="p">,</span> <span class="nx">itemId</span><span class="p">,</span> <span class="p">{</span> <span class="nx">format</span><span class="p">,</span> <span class="nx">available</span> <span class="p">}]</span> </code></pre> </div> <h3> Use functions to create query keys </h3> <p>If you reuse a query key, you should define a function that encapsulates its layout and labels. Typos are notoriously hard to debug when invalidating or removing queries, and it's easy to accidentally write <code>['todo']</code> instead of <code>['todos']</code>. For this reason, introduce a central place where you generate your query keys:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">QueryKeys</span> <span class="o">=</span> <span class="p">{</span> <span class="na">todos</span><span class="p">:</span> <span class="p">(</span><span class="nx">todoId</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">[</span><span class="dl">'</span><span class="s1">todos</span><span class="dl">'</span><span class="p">,</span> <span class="nx">todoId</span><span class="p">]</span> <span class="p">};</span> <span class="c1">// ...</span> <span class="nx">useQuery</span><span class="p">(</span><span class="nx">QueryKeys</span><span class="p">.</span><span class="nx">todos</span><span class="p">(</span><span class="nx">todoId</span><span class="p">),</span> <span class="cm">/* ... */</span><span class="p">);</span> <span class="nx">queryClient</span><span class="p">.</span><span class="nx">invalidateQueries</span><span class="p">(</span><span class="nx">QueryKeys</span><span class="p">.</span><span class="nx">todos</span><span class="p">(</span><span class="mi">1</span><span class="p">));</span> </code></pre> </div> <p>(Shoutout to <a href="https://twitter.com/tannerlinsley">Tanner Linsley</a> for <a href="https://twitter.com/tannerlinsley/status/1347951311518486529?s=20">also recommending this</a>. As <a href="https://twitter.com/TkDodo">@TkDodo</a> has pointed out to me, having a single file for this might lead to some <a href="https://twitter.com/TkDodo/status/1347990364477681666?s=20">unfortunate copy-paste bugs</a>. The emphasis here is on using functions to generate query keys, not on having only one file.)</p> <h2> Under the Hood </h2> <p>Reading about rules and best practices is one thing. Understanding why they apply (or should be applied) is another. Let's have a look at <a href="https://github.com/tannerlinsley/react-query/blob/master/src/core/utils.ts#L255">how query keys are hashed</a> in React Query:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="cm">/** * Default query keys hash function. */</span> <span class="k">export</span> <span class="kd">function</span> <span class="nx">hashQueryKey</span><span class="p">(</span><span class="nx">queryKey</span><span class="p">:</span> <span class="nx">QueryKey</span><span class="p">):</span> <span class="nx">string</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">asArray</span> <span class="o">=</span> <span class="nb">Array</span><span class="p">.</span><span class="nx">isArray</span><span class="p">(</span><span class="nx">queryKey</span><span class="p">)</span> <span class="p">?</span> <span class="nx">queryKey</span> <span class="p">:</span> <span class="p">[</span><span class="nx">queryKey</span><span class="p">]</span> <span class="k">return</span> <span class="nx">stableValueHash</span><span class="p">(</span><span class="nx">asArray</span><span class="p">)</span> <span class="p">}</span> <span class="cm">/** * Hashes the value into a stable hash. */</span> <span class="k">export</span> <span class="kd">function</span> <span class="nx">stableValueHash</span><span class="p">(</span><span class="nx">value</span><span class="p">:</span> <span class="nx">any</span><span class="p">):</span> <span class="nx">string</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">JSON</span><span class="p">.</span><span class="nx">stringify</span><span class="p">(</span><span class="nx">value</span><span class="p">,</span> <span class="p">(</span><span class="nx">_</span><span class="p">,</span> <span class="nx">val</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nx">isPlainObject</span><span class="p">(</span><span class="nx">val</span><span class="p">)</span> <span class="p">?</span> <span class="nb">Object</span><span class="p">.</span><span class="nx">keys</span><span class="p">(</span><span class="nx">val</span><span class="p">)</span> <span class="p">.</span><span class="nx">sort</span><span class="p">()</span> <span class="p">.</span><span class="nx">reduce</span><span class="p">((</span><span class="nx">result</span><span class="p">,</span> <span class="nx">key</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">result</span><span class="p">[</span><span class="nx">key</span><span class="p">]</span> <span class="o">=</span> <span class="nx">val</span><span class="p">[</span><span class="nx">key</span><span class="p">]</span> <span class="k">return</span> <span class="nx">result</span> <span class="p">},</span> <span class="p">{}</span> <span class="k">as</span> <span class="nx">any</span><span class="p">)</span> <span class="p">:</span> <span class="nx">val</span> <span class="p">)</span> <span class="p">}</span> </code></pre> </div> <p>First, if the query key is a string, it will be wrapped within an array. That means, <code>'todos'</code> and <code>['todos']</code> are essentially the same query key. Second, the hash of a query key is generated by using <code>JSON.stringify</code>.</p> <p>To achieve a stable hash, the <code>stableValueHash</code> function makes use of the <code>replacer</code> parameter of <code>JSON.stringify</code>. This function is called for every value or key-value pair within the <code>value</code> parameter that needs to be "stringified." In case the value is an object, its keys are sorted. <em>This is the reason why the order of the keys within an object does not matter!</em></p> <p>In most cases, you won't need to consult this code when writing query keys. In fact, if you do, your query keys might be too complex. However, looking under the hood of libraries we use every day is an excellent way to engage with them on a deeper level and provides the occasional Aha! moment.</p> <h2> Summary </h2> <p>Query keys:</p> <ul> <li>must uniquely identify the data they describe,</li> <li>should contain all variables the query function depends on, and</li> <li>must be serializable.</li> </ul> <p>Cache invalidation:</p> <ul> <li>You can invalidate the query cache with the <code>invalidateQueries</code> function of the <code>QueryClient</code>.</li> <li>You can use a partial query key or an exact query key to invalidate the cache. Partial query matching is prefix-based.</li> </ul> <p>Best practices:</p> <ul> <li>Go from most descriptive (e.g., a fixed label like <code>'todos'</code> and a <code>todoId</code>) to least descriptive (e.g., a <code>format</code> or <code>available</code> flag).</li> <li>Bundle query parameters within an object and use the path of your resource to guide the query key's layout.</li> <li>Write functions to generate query keys consistently.</li> </ul> <p>Under the hood:</p> <ul> <li>String query keys are wrapped in an array. <code>'todos'</code> and <code>['todos']</code> are identical query keys.</li> <li>Query keys are hashed (and compared) via their <code>JSON.stringify</code> serialization. Keys in objects are sorted.</li> </ul> react query tutorial webdev