Back to Details

supabase

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Supabase

Supabase

Supabase is an open source Firebase alternative. It provides a dedicated PostgreSQL database, packaged with Authentication, Realtime subscriptions, Storage, and Edge Functions.
Supabase是开源的Firebase替代方案。它提供专属的PostgreSQL数据库,同时集成了身份认证(Authentication)、实时订阅(Realtime subscriptions)、存储(Storage)和边缘函数(Edge Functions)功能。

When to Use

适用场景

  • Rapid Application Development: Get Auth + DB + APIs in 5 minutes.
  • Postgres Power: Unlike Firebase, you have full SQL power (JOINs, aggregation).
  • Realtime: Subscribe to DB changes via WebSockets.
  • Vector/AI: Highly integrated 
    pgvector
    support for AI apps.
  • 快速应用开发:5分钟内搭建好身份认证+数据库+API。
  • PostgreSQL强大功能:与Firebase不同,你可以使用完整的SQL功能(如JOIN、聚合操作)。
  • 实时功能:通过WebSocket订阅数据库变更。
  • 向量/AI支持:深度集成
    pgvector
    ,适用于AI应用。

Quick Start (JS)

快速开始(JS版)

javascript
import { createClient } from "@supabase/supabase-js";

const supabase = createClient("https://xyz.supabase.co", "public-anon-key");

// Listen to changes
const subscription = supabase
  .channel("public:messages")
  .on(
    "postgres_changes",
    { event: "INSERT", schema: "public", table: "messages" },
    (payload) => {
      console.log("New message:", payload);
    },
  )
  .subscribe();
javascript
import { createClient } from "@supabase/supabase-js";

const supabase = createClient("https://xyz.supabase.co", "public-anon-key");

// 监听数据变更
const subscription = supabase
  .channel("public:messages")
  .on(
    "postgres_changes",
    { event: "INSERT", schema: "public", table: "messages" },
    (payload) => {
      console.log("新消息:", payload);
    },
  )
  .subscribe();

Core Concepts

核心概念

Row Level Security (RLS)

行级安全(Row Level Security, RLS)

Supabase exposes the DB directly to the frontend (via PostgREST). RLS is critical to secure data.
sql
CREATE POLICY "Users can see own data" ON "profiles"
FOR SELECT USING (auth.uid() = user_id);
Supabase通过PostgREST直接向前端暴露数据库。RLS是保障数据安全的关键。
sql
CREATE POLICY "Users can see own data" ON "profiles"
FOR SELECT USING (auth.uid() = user_id);

PostgREST

PostgREST

Automatically turns your Database Tables into RESTful APIs.
自动将你的数据库表转换为RESTful API。

Extensions

扩展功能

Supabase makes enabling Postgres extensions easy (PostGIS, pgvector, pg_cron).
Supabase让启用PostgreSQL扩展变得简单(如PostGIS、pgvector、pg_cron)。

Best Practices (2025)

2025年最佳实践

Do:
  • Enable RLS immediately: Never launch without RLS policies.
  • Use Supabase CLI: For local development and migrations. Develop locally, push to prod.
  • Use Generated Types: 
    supabase gen types typescript
    generates accurate TS definitions from your DB schema.
Don't:
  • Don't access 
    service_role
    key in client    : Allows bypassing RLS. Server-side only.
  • Don't put business logic in triggers: Hard to debug. Use Database Webhooks or Edge Functions.
建议做法
  • 立即启用RLS:上线前务必配置RLS策略。
  • 使用Supabase CLI:用于本地开发和迁移。先本地开发,再部署到生产环境。
  • 使用生成的类型定义
    supabase gen types typescript
    可根据你的数据库架构生成准确的TypeScript定义。
禁止做法
  • 不要在客户端使用
    service_role
    密钥    :该密钥可绕过RLS,仅能在服务端使用。
  • 不要在触发器中编写业务逻辑:难以调试,建议使用数据库Webhooks或Edge Functions。

References

参考资料