Supabase Setup

This guide will walk you through setting up Supabase for your Flutter Boilerplate project.

1. Create a Supabase Project

Go to supabase.com and create a new project
Once created, navigate to Settings → API to get your project credentials:
- Project URL (e.g., https://your-project.supabase.co)
- Anon Key (public key for client-side access)

2. Configure Authentication Providers

Go to Dashboard → Authentication → Providers
Enable Google provider:
- Get your Client ID and Client Secret from Google Cloud Console
- Important: Enable Skip nonce check option (required for iOS login)
Enable Apple provider:
- Use your app's bundle identifier as the Client ID (e.g., com.ikramhasan.flutterBoilerplate)

WARNING

Do not use com.example as the project identifier for iOS, as it might not allow you to sign in. Use a proper identifier like com.yourname.

Optional: Enable Account Linking

If you want users to link multiple authentication providers to the same account:

Go to Authentication → Settings
Under User Signups, enable Allow manual linking

3. Database Setup

Create Notes Table

Go to Dashboard → SQL Editor
Copy and run the contents of supabase/notes_schema.sql:

sql

-- WARNING: This schema is for context only and is not meant to be run.
-- Table order and constraints may not be valid for execution.
CREATE TABLE public.notes (
  id uuid NOT NULL DEFAULT gen_random_uuid(),
  userId uuid,
  title text,
  content text,
  createdAt timestamp with time zone NOT NULL DEFAULT now(),
  updatedAt timestamp with time zone DEFAULT now(),
  CONSTRAINT notes_pkey PRIMARY KEY (id),
  CONSTRAINT notes_userId_fkey FOREIGN KEY (userId) REFERENCES auth.users(id)
);

Set Row Level Security (RLS)

In the SQL Editor, run the contents of supabase/notes_rls.sql:

sql

-- Enable RLS
ALTER TABLE public.notes ENABLE ROW LEVEL SECURITY;

-- Policy: allow authenticated users to SELECT only their own notes
CREATE POLICY "notes_select_own" ON public.notes
FOR SELECT
TO authenticated
USING ("userId" = (SELECT auth.uid()));

-- Policy: allow authenticated users to INSERT only rows that set "userId" to themselves
CREATE POLICY "notes_insert_own" ON public.notes
FOR INSERT
TO authenticated
WITH CHECK ("userId" = (SELECT auth.uid()));

-- Policy: allow authenticated users to UPDATE only their own notes and keep "userId" as themselves
CREATE POLICY "notes_update_own" ON public.notes
FOR UPDATE
TO authenticated
USING ("userId" = (SELECT auth.uid()))
WITH CHECK ("userId" = (SELECT auth.uid()));

-- Policy: allow authenticated users to DELETE only their own notes
CREATE POLICY "notes_delete_own" ON public.notes
FOR DELETE
TO authenticated
USING ("userId" = (SELECT auth.uid()));

-- Optional: index for performance
CREATE INDEX IF NOT EXISTS idx_notes_userId ON public.notes ("userId");

Enable Real-time Updates

Run this command to enable real-time synchronization:

sql

ALTER TABLE notes REPLICA IDENTITY FULL;

4. Storage Setup

Create File Bucket

Go to Dashboard → Storage
Create a new bucket called uploads
Enable "Public bucket" option during creation

Set Storage Security Policies

Go to SQL Editor and run the contents of supabase/uploads_rls.sql:

sql

-- 1. Allow users to INSERT (upload) new files
CREATE POLICY "Allow authenticated uploads"
ON storage.objects FOR INSERT
TO authenticated
WITH CHECK (bucket_id = 'uploads');

-- 2. IMPORTANT: Allow users to SELECT (view) the files they are uploading
-- Without this, resumable uploads often throw a 403 when checking chunk status
CREATE POLICY "Allow users to view their own uploads"
ON storage.objects FOR SELECT
TO authenticated
USING (bucket_id = 'uploads');

-- 3. (Optional) Allow updates/upserts
CREATE POLICY "Allow authenticated updates"
ON storage.objects FOR UPDATE
TO authenticated
USING (bucket_id = 'uploads');

5. Update Your Flutter App

Add your Supabase credentials to your Flutter app's environment variables:

txt

// .env
SUPABASE_URL=
SUPABASE_PUBLISHABLE_KEY=

Verification

To verify your setup is working:

Authentication: Try signing in with Google/Apple
Database: Create, read, update, and delete notes
Storage: Upload and download files
Real-time: Open the app in multiple instances and see real-time updates

Troubleshooting

Common Issues

iOS Google Sign-In fails: Ensure "Skip nonce check" is enabled
RLS errors: Verify all policies are created and users are authenticated
Storage upload fails: Check bucket permissions and RLS policies
Real-time not working: Ensure REPLICA IDENTITY FULL is set on tables

Useful SQL Queries

Check if RLS is enabled:

sql

SELECT schemaname, tablename, rowsecurity
FROM pg_tables
WHERE tablename = 'notes';

View current policies:

sql

SELECT * FROM pg_policies WHERE tablename = 'notes';

Supabase Setup ​

1. Create a Supabase Project ​

2. Configure Authentication Providers ​

Enable Google and Apple Sign-In ​

Optional: Enable Account Linking ​

3. Database Setup ​

Create Notes Table ​

Set Row Level Security (RLS) ​

Enable Real-time Updates ​

4. Storage Setup ​

Create File Bucket ​

Set Storage Security Policies ​

5. Update Your Flutter App ​

Verification ​

Troubleshooting ​

Common Issues ​

Useful SQL Queries ​