Add Supabase as IdP to TS Examples (#138)

* chore: Add Encore Supabase example files and configurations

* chore: Add package-lock.json to .gitignore and update README.md

* Delete ts/supabase/frontend/.env and delete supabase project

* Update .gitignore

* Update package.json

Remove Clek module

* Update package.json

Remove supabase ssr module

* chore: Update .gitignore and package.json

* Update ts/supabase/README.md

Co-authored-by: Simon Johansson <[email protected]>

* Update ts/supabase/README.md

Co-authored-by: Simon Johansson <[email protected]>

* Update ts/supabase/README.md

Co-authored-by: Simon Johansson <[email protected]>

* Update ts/supabase/README.md

Co-authored-by: Simon Johansson <[email protected]>

* Update ts/supabase/README.md

Co-authored-by: Simon Johansson <[email protected]>

---------

Co-authored-by: Simon Johansson <[email protected]>

Author: leofmarciano

ts/supabase/.gitignore

@@ -0,0 +1,6 @@
+encore.gen.go
+encore.gen.cue
+/.encore
+/encore.gen
+node_modules
+package-lock.json

ts/supabase/README.md

@@ -0,0 +1,134 @@
+# Supabase React SDK + Encore App Example
+
+This is an example of how to implement user authentication using [Supabase](https://supabase.com/) together with an Encore app, and make a API call to an Encore backend!
+
+
+## Cloning the example
+
+### Prerequisite: Installing Encore
+
+If this is the first time you're using Encore, you first need to install the CLI that runs the local development
+environment. Use the appropriate command for your system:
+
+- **macOS:** `brew install encoredev/tap/encore`
+- **Linux:** `curl -L https://encore.dev/install.sh | bash`
+- **Windows:** `iwr https://encore.dev/install.ps1 | iex`
+
+When you have installed Encore, run to clone this example:
+
+```bash
+encore app create my-app --example=ts/supabase
+```
+
+## Supabase Credentials
+
+1. Create a Supabase account if you haven't already. Then, create a new project in the Supabase dashboard.
+
+2. Go to the *Project Settings* > *API* page for your project. Copy the "Project URL" and "Project API Key".
+
+3. In `frontend/.env` file, replace the values for `VITE_SUPABASE_URL` and `VITE_SUPABASE_ANON_KEY` with the values from your Supabase dashboard.
+
+4. The `service_role` is sensitive and should not be hardcoded in your code/config. Instead, you should store that as an [Encore secret](https://encore.dev/docs/primitives/secrets).
+
+From your terminal (inside your Encore app directory), run:
+
+```shell
+$ encore secret set SUPABASE_KEY --type prod,dev,local
+```
+NOTE: This will use the same `service_role` for both development and production environments. You might want to create separate Supabase project for your different environments. 
+
+5. We also need to set the "Project URL" (same as above) as an Encore secret to be able to access it in our backend:
+
+```shell
+$ encore secret set SUPABASE_URL --type prod,dev,local
+```
+
+
+## Developing locally
+
+Run your Encore backend:
+
+```bash
+encore run
+```
+
+In a different terminal window, run the React frontend using [Vite](https://vitejs.dev/):
+
+```bash
+cd frontend
+npm run dev
+```
+
+Open [http://localhost:5173](http://localhost:5173) in your browser to see the result.
+
+### Encore's Local Development Dashboard
+
+While `encore run` is running, open [http://localhost:9400/](http://localhost:9400/) to view Encore's local developer dashboard.
+Here you can see the request you just made and a view a trace of the response.
+
+### Generating a request client
+
+Keep the contract between the backend and frontend in sync by regenerating the request client whenever you make a change
+to an Encore endpoint.
+
+```bash
+npm run gen # Deployed Encore staging environment
+# or
+npm run gen:local # Locally running Encore backend
+```
+
+## Deployment
+
+### Encore
+
+Deploy your backend to a staging environment in Encore's free development cloud:
+
+```bash
+git add -A .
+git commit -m 'Commit message'
+git push encore
+```
+
+Then head over to the [Cloud Dashboard](https://app.encore.dev) to monitor your deployment and find your production URL.
+
+From there you can also see metrics, traces, connect your app to a
+GitHub repo to get automatic deploys on new commits, and connect your own AWS or GCP account to use for deployment.
+
+### React on Vercel
+
+1. Create a repo and push the project to GitHub.
+2. Create a new project on Vercel and point it to your GitHub repo.
+3. Select `frontend` as the root directory for the Vercel project.
+
+## CORS configuration
+
+If you are running into CORS issues when calling your Encore API from your frontend then you may need to specify which
+origins are allowed to access your API (via browsers). You do this by specifying the `global_cors` key in the `encore.app`
+file, which has the following structure:
+
+```js
+global_cors: {
+  // allow_origins_without_credentials specifies the allowed origins for requests
+  // that don't include credentials. If nil it defaults to allowing all domains
+  // (equivalent to ["*"]).
+  "allow_origins_without_credentials": [
+    "<ORIGIN-GOES-HERE>"
+  ],
+        
+  // allow_origins_with_credentials specifies the allowed origins for requests
+  // that include credentials. If a request is made from an Origin in this list
+  // Encore responds with Access-Control-Allow-Origin: <Origin>.
+  //
+  // The URLs in this list may include wildcards (e.g. "https://*.example.com"
+  // or "https://*-myapp.example.com").
+  "allow_origins_with_credentials": [
+    "<DOMAIN-GOES-HERE>"
+  ]
+}
+```
+
+More information on CORS configuration can be found here: https://encore.dev/docs/develop/cors
+
+## Author
+
+This example was created by leofmarciano.

ts/supabase/admin/admin.ts

@@ -0,0 +1,57 @@
+import { api } from "encore.dev/api";
+import log from "encore.dev/log";
+import { getAuthData } from "~encore/auth";
+
+// Welcome to Encore!
+//
+// To run it this starter, execute "encore run" in your favorite shell.
+
+// ==================================================================
+
+// Endpoint that responds with a hardcoded value.
+// To call it, run in your terminal:
+//
+//	curl --header "Authorization: dummy-token" http://localhost:4000/admin
+//
+export const getDashboardData = api(
+  {
+    expose: true, // Is publicly accessible
+    auth: true, // Auth handler validation is required
+    method: "GET",
+    path: "/admin",
+  },
+  async (): Promise<DashboardData> => {
+    const userID = getAuthData()!.userID;
+    log.info("Data requested by user", { userID });
+
+    return { value: userID };
+  },
+);
+
+interface DashboardData {
+  value: string;
+}
+
+// ==================================================================
+
+// Encore comes with a built-in development dashboard for
+// exploring your API, viewing documentation, debugging with
+// distributed tracing, and more. Visit your API URL in the browser:
+//
+//     http://localhost:9400
+//
+
+// ==================================================================
+
+// Next steps
+//
+// 1. Deploy your application to the cloud
+//
+//     git add -A .
+//     git commit -m 'Commit message'
+//     git push encore
+//
+// 2. To continue exploring Encore with TypeScript, check out one of these topics:
+//
+//    Building a REST API:   https://encore.dev/docs/tutorials/rest-api
+//    Services and APIs:   https://encore.dev/docs/ts/primitives/services-and-apis

ts/supabase/auth/auth.ts

@@ -0,0 +1,97 @@
+import { createClient, SupabaseClient, User } from "@supabase/supabase-js";
+import { APIError, Gateway, Header } from "encore.dev/api";
+import { authHandler, AuthHandler } from "encore.dev/auth";
+import { secret } from "encore.dev/config";
+import log from "encore.dev/log";
+
+/**
+ * Represents the parameters required for authentication.
+ */
+interface AuthenticationParameters {
+  /** The Authorization header containing the bearer token. */
+  authorization: Header<"Authorization">;
+}
+
+/**
+ * Represents the authenticated user data.
+ */
+interface AuthenticatedUserData {
+  userID: string;
+  profileImageUrl: string | null;
+  emailAddress: string | null;
+}
+
+/**
+ * Service for handling Supabase authentication operations.
+ */
+class SupabaseAuthenticationService {
+  private supabaseClient: SupabaseClient;
+
+  /**
+   * Creates a new instance of SupabaseAuthenticationService.
+   * @param url - The Supabase project URL.
+   * @param key - The Supabase API key.
+   */
+  constructor(url: string, key: string) {
+    this.supabaseClient = createClient(url, key);
+  }
+
+  /**
+   * Retrieves a user based on the provided token.
+   * @param token - The authentication token.
+   * @returns A Promise that resolves to the User object.
+   * @throws {APIError} If the token is invalid or the user is not found.
+   */
+  async getUserByToken(token: string): Promise<User> {
+    const { data: { user }, error } = await this.supabaseClient.auth.getUser(token);
+    if (error) throw error;
+    if (!user) throw APIError.unauthenticated("Invalid token");
+    return user;
+  }
+}
+
+/**
+ * Utility class for mapping Supabase User data to AuthenticatedUserData.
+ */
+class AuthenticatedUserDataMapper {
+  /**
+   * Maps a Supabase User object to AuthenticatedUserData.
+   * @param user - The Supabase User object.
+   * @returns The mapped AuthenticatedUserData object.
+   */
+  static mapFromSupabaseUser(user: User): AuthenticatedUserData {
+    return {
+      userID: user.id,
+      profileImageUrl: user.user_metadata?.avatar_url || null,
+      emailAddress: user.email || null,
+    };
+  }
+}
+
+const authenticationService = new SupabaseAuthenticationService(secret("SUPABASE_URL")(), secret("SUPABASE_KEY")());
+
+/**
+ * Supabase authentication handler for Encore.
+ */
+const supabaseAuthHandler: AuthHandler<AuthenticationParameters, AuthenticatedUserData> = authHandler(
+  async (params: AuthenticationParameters): Promise<AuthenticatedUserData | null> => {
+    const token = params.authorization.replace('Bearer ', '');
+
+    if (!token) {
+      return null;
+    }
+
+    try {
+      const user = await authenticationService.getUserByToken(token);
+      return AuthenticatedUserDataMapper.mapFromSupabaseUser(user);
+    } catch (error) {
+      log.error(error);
+      return null;
+    }
+  }
+);
+
+/**
+ * The Encore Gateway instance with Supabase authentication.
+ */
+export const gateway = new Gateway({ authHandler: supabaseAuthHandler });

ts/supabase/encore.app

@@ -0,0 +1,4 @@
+{
+	"id":   "",
+	"lang": "typescript"
+}

ts/supabase/frontend/.gitignore

@@ -0,0 +1,30 @@
+# Logs
+logs
+*.log
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+pnpm-debug.log*
+lerna-debug.log*
+
+#envs
+.env
+.env.local
+.env.dev
+
+node_modules
+dist
+dist-ssr
+*.local
+package-lock.json
+
+# Editor directories and files
+.vscode/*
+!.vscode/extensions.json
+.idea
+.DS_Store
+*.suo
+*.ntvs*
+*.njsproj
+*.sln
+*.sw?

ts/supabase/frontend/index.html

@@ -0,0 +1,13 @@
+<!doctype html>
+<html lang="en">
+  <head>
+    <meta charset="UTF-8" />
+    <link rel="icon" type="image/svg+xml" href="/favicon.ico" />
+    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+    <title>Encore + React</title>
+  </head>
+  <body>
+    <div id="root"></div>
+    <script type="module" src="/src/main.tsx"></script>
+  </body>
+</html>

ts/supabase/frontend/package.json

@@ -0,0 +1,13 @@
+{
+  "name": "encore-ts-supabase-example",
+  "private": true,
+  "version": "0.0.0",
+  "type": "module",
+  "scripts": {
+    "dev": "vite --port 5173 --strictPort",
+    "build": "tsc && vite build",
+    "preview": "vite preview",
+    "gen": "encore gen client {{ENCORE_APP_ID}} --output=./src/lib/client.ts --env=staging",
+    "gen:local": "encore gen client {{ENCORE_APP_ID}} --output=./src/lib/client.ts --env=local"
+  }
+}