Supabase Production Hardening Kit
Rate limiting, per-user limits, private storage, and an immutable audit log. The layer that stops your Supabase app being abused.
Get it on Gumroad — €19 Instant download
➜ tree what-you-get/
- ├── ✓ Rate limiting in pure Postgres (no Redis), atomic and race-safe
- ├── ✓ A trigger that caps rows-per-user, enforced in the database
- ├── ✓ A private storage bucket with signed-URL-only, owner-scoped access
- └── ✓ An append-only audit log that cannot be updated or deleted
Four things every Supabase app needs before real users hit it, and that are easy to get wrong: a tampered client cannot spam your tables, exceed a free-tier cap, read another user’s files, or rewrite its own audit trail. Four independent migrations plus client helpers, taken from a production app.
Most tutorials stop at “it works.” This is the layer that stops it from being abused.