mirror of
https://github.com/supabase/agent-skills.git
synced 2026-03-27 10:09:26 +08:00
4ebc6fc771
- Merge feature/supabase-skill - Move realtime/* files to realtime-* prefix in references/ - Remove .claude from git tracking - Update SKILL.md with flat paths - Rebuild AGENTS.md Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
1.8 KiB
1.8 KiB
title, impact, impactDescription, tags
| title | impact | impactDescription | tags |
|---|---|---|---|
| Configure Private Channels with Authentication | CRITICAL | Prevents unauthorized access to real-time messages | realtime, auth, private, rls, security, setAuth |
Configure Private Channels with Authentication
Always use private channels in production. Public channels allow any client to subscribe.
Enable Private Channels
Incorrect:
// Public channel - anyone can subscribe
const channel = supabase.channel('room:123:messages')
Correct:
// Private channel requires authentication
const channel = supabase.channel('room:123:messages', {
config: { private: true },
})
RLS Policies on realtime.messages
Private channels require RLS policies on the realtime.messages table.
Read access (subscribe to channel):
create policy "authenticated_users_can_receive"
on realtime.messages for select
to authenticated
using (true);
Write access (send to channel):
create policy "authenticated_users_can_send"
on realtime.messages for insert
to authenticated
with check (true);
Topic-specific access:
-- Only room members can receive messages
create policy "room_members_can_read"
on realtime.messages for select
to authenticated
using (
extension in ('broadcast', 'presence')
and exists (
select 1 from room_members
where user_id = (select auth.uid())
and room_id = split_part(realtime.topic(), ':', 2)::uuid
)
);
Index RLS Policy Columns
Missing indexes slow channel joins significantly.
create index idx_room_members_user_room
on room_members(user_id, room_id);