FeaturesDatabase
Setup
- In Supabase SQL Editor, run this query to add a
profilestable (an extension of the authenticated user to store data like Stripe customer_id, subscription access, etc...):SQL Editor
create table public.profiles ( id uuid not null references auth.users on delete cascade, customer_id text, price_id text, has_access boolean, email text, primary key (id) ); alter table public.profiles enable row level security; - Go to the new
profilestable and add 2 RLS policies:
- Enable read access for authenticated users only
- Enable insert access for authenticated users only
- (Optional) If you want to collect leads with < app-button-lead />, create a new table called
leadsand add a RLS policy with insert access for anyone:SQL Editor
create table public.leads ( id uuid default gen_random_uuid(), email text, created_at timestamp with time zone default timezone('utc'::text, now()) not null, primary key (id) ); alter table public.leads enable row level security;
Setup
- In Firebase, select Firestore from the left-hand side and click Get Started .
- Go to the rules tab and update the security rules for each document to remove public access.
Here is an example:
SQL Editor
service cloud.firestore { match /databases/{database}/documents { // Match any document in the "users" collection match /users/{userId} { // Allow read access only if the request is authenticated allow read: if request.auth != null; // Allow write access only if the request is authenticated and the userId matches the authenticated user's ID allow write: if request.auth != null && request.auth.uid == userId; } // Match any other document in the database match /{document=**} { // Allow read access only if the request is authenticated allow read: if request.auth != null; // Allow write access only if the request is authenticated allow write: if request.auth != null; } } } - (Optional) If you want to collect leads with < app-button-lead />, create a new document called
leads.