Proof of Concept: Supabase as a Firebase alternative

[vontell]

Firebase is lacking some core features for bringing this project to the next steps, such as domain-based security rules, user authentication, proper typing and validation, lack of being backed by a real DB such as SQL or Mongo, and the ability to add backend functions on top of the data.

Before considering our own large backend server, let's see if Supabase can serve as a good alternative to Firebase. Goals for this prototype:

• See how the setup works - is it easy to understand?
• Just demonstrate reading and writing to a SQL database
• (Stretch) See how the user account creation and authentication works
• Do they support security rules so just our site and interact with the database?

[tomporvaz]

@kdmonroe I heard this experiment well. I am closing this issue, but I would like to document your findings here. Could you share your findings here?

[kdmonroe]

Supabase met the requirements for this Proof of Concept, successfully replacing Firebase's core operations with a real SQL-backed database, flexible security, and easy authentication. Next steps include refining the data schema (to include fields like verified), integrating user roles, and enhancing security policies for production.

1. Ease of Setup:

   • Setting up Supabase was straightforward. I was able to initialize the project, configure the database, and set up tables using a test JSON dataset in the project.
   • Configuring Row-Level Security (RLS) for broad access was simple. This will allow us to configure access for any DB operations.

2. Database Operations:

   • The map markers displayed successfully using data from Supabase, confirming that read operations worked well. However, I couldn't click on features to get pop-ups due to missing fields (verified) in the test data.
   • Tonight I was provided the updated Firebase data - so I can retry this.

3. User Account Creation and Authentication (Stretch Goal):

   • I successfully implemented user creation and authentication using a Supabase template for a to-do app (nextjs-slack-clone). This allowed us to verify that Supabase's authentication system can meet our needs for user management - but I did not implement in Phlask yet. This can be a next step (should we choose to move forward).

4. Security Rules:

   • I set up broad RLS policies (USING (true)) to allow public read and insert access for testing purposes. Supabase also supports more granular domain-based security, which could be useful as we move towards production.

[vontell]

Regarding @kdmonroe's analysis above, I'd say we should vote on whether to move onto the next step which would be to actually productionize and integrate supabase into the project and remove all remnants of Firebase. This is obviously a version 2.1 task, but would be great to start planning it. @gcardonag @RNR1 what do you two think?