@aethex.os/supabase

v1.0.1

Published

10 days ago

Supabase client factories and Express auth middleware — admin client, user client, and Bearer token authentication for Node.js servers

0High
0Medium
0Low

mrpiglr

supabase auth express middleware jwt bearer node aethex

@aethex.os/supabase

Supabase client factories and Express auth middleware — stop copy-pasting the same Supabase boilerplate across every project.

Install

npm install @aethex.os/supabase @supabase/supabase-js

Client factories

import { createAdminClient, createUserClient, configFromEnv } from "@aethex.os/supabase";

const config = configFromEnv();
// reads SUPABASE_URL, SUPABASE_ANON_KEY, SUPABASE_SERVICE_ROLE from process.env

const adminClient = createAdminClient(config);   // service role — full access
const userClient  = createUserClient(config, accessToken); // scoped to user's RLS

Or pass config directly:

const config = {
  url: "https://xxxx.supabase.co",
  anonKey: "...",
  serviceRoleKey: "...",
};

Express middleware

import express from "express";
import { requireAuth, configFromEnv } from "@aethex.os/supabase";

const app = express();
const config = configFromEnv();

// Protects all routes below
app.use(requireAuth(config));

app.get("/me", (req, res) => {
  // req.user   → { id, email, role, metadata }
  // req.supabase      → user-scoped client (respects RLS)
  // req.supabaseAdmin → service-role client
  res.json(req.user);
});

Optionally load profile columns alongside auth:

app.use(requireAuth(config, "user_type, primary_arm, full_name"));
// req.user.role     → profile.user_type
// req.user.metadata → full profile row

Manual token verification

import { authenticateToken, extractBearerToken } from "@aethex.os/supabase";

const token = extractBearerToken(req.headers.authorization);
if (!token) return res.status(401).json({ error: "No token" });

const { user, adminClient, userClient, error } = await authenticateToken(token, config);
if (!user) return res.status(401).json({ error });

TypeScript augmentation

Extend Express.Request with the user type:

declare global {
  namespace Express {
    interface Request {
      user?: import("@aethex.os/supabase").AuthenticatedUser;
    }
  }
}

API

| Export | Description | |--------|-------------| | createAdminClient(config) | Service-role Supabase client (bypasses RLS) | | createUserClient(config, token) | User-scoped Supabase client (respects RLS) | | configFromEnv() | Read config from environment variables | | authenticateToken(token, config, select?) | Verify Bearer token, returns user + clients | | extractBearerToken(header) | Parse Authorization: Bearer <token> | | requireAuth(config, select?) | Express middleware — guards routes, attaches req.user |

Part of the @aethex.os toolkit.

Published

Vulnerabilities

Links

Maintainers

Keywords

Readme

@aethex.os/supabase

Install

Client factories

Express middleware

Manual token verification

TypeScript augmentation

API