تشغيل أي مهارة في Manus بنقرة واحدة

ابدأ الآن

frontend-supabase-auth

النجوم٠

التفرعات٠

آخر تحديث٩ فبراير ٢٠٢٦ في ٠٩:٥٥

Use when implementing authentication, route guards, or user session management

التثبيت

التثبيت باستخدام Codex أو Claude انسخ هذا Prompt والصقه في Codex أو Claude أو مساعد آخر ليراجع صفحة Skill ويثبّتها لك.

تشغيل في Manus

المصدر

NTQ78

NTQ78/Todo-app

فتح مستودع GitHub عرض مستودعات المنشئ

تنزيل

تشغيل في Manus

المهن ذات الصلةSOC

استنادا إلى تصنيف SOC المهني

مطوّرو البرمجياتمهن الحاسوب والرياضيات·SOC 15-1252

SKILL.md

readonly

name	frontend-supabase-auth
description	Use when implementing authentication, route guards, or user session management

Frontend: Supabase Authentication

Authentication is handled entirely through TanStack Router's beforeLoad guards with Supabase session management. Never implement auth checks in components or create custom auth stores.

Core Principles

Route-level authentication only - Use TanStack Router's async beforeLoad
Supabase manages sessions - Never create custom auth stores
Fresh session checks - Always use supabase.auth.getSession() (async)
Preserve redirect paths - Maintain user's intended destination
Security-critical queries - Direct database checks for whitelist/membership

Authentication Pattern

Always check authentication in route files using beforeLoad:

export const Route = createFileRoute("/_protected")({
    beforeLoad: async ({ location }) => {
        // 1. Check for valid session
        const {
            data: { session },
        } = await supabase.auth.getSession();

        if (!session) {
            // 2. Preserve path + search params for post-login redirect
            const redirectPath = `${location.pathname}${location.search ? `?${new URLSearchParams(location.search).toString()}` : ""}`;

            throw redirect({
                to: "/login",
                search: { redirect: redirectPath },
            });
        }

        // 3. Additional checks (whitelist, membership, etc.)
    },
});

Sign Out Pattern

Use Supabase's signOut() method with proper error handling:

const handleSignOut = async () => {
    try {
        const { error } = await supabase.auth.signOut();
        if (error) throw error;

        message.success("Signed out successfully");
        navigate({ to: "/login" });
    } catch (error) {
        console.error("Error signing out:", error);
        message.error("Failed to sign out. Please try again.");
    }
};

Key Rules

beforeLoad is the ONLY security boundary - Components assume access is granted
No cached session data - Always query fresh for security-critical checks
Direct database queries - Use supabase.from() for whitelist/membership verification
Redirect on failure - Never render protected content on auth failure
Async pattern - getSession() must be awaited

Common Patterns

Whitelist Check:

const { data: profile } = await supabase
    .from("profiles")
    .select("whitelisted")
    .eq("id", session.user.id)
    .single();

if (!profile?.whitelisted) {
    throw redirect({ to: "/not-whitelisted" });
}

Membership Guard:

const { data: membership } = await supabase
    .from("organization_members")
    .select("*")
    .eq("user_id", session.user.id)
    .eq("organization_id", organizationId)
    .maybeSingle();

if (!membership) {
    throw redirect({ to: "/access-denied" });
}

Reference

For implementation examples: .claude/skills/frontend-supabase-auth/examples.md For anti-patterns: .claude/skills/frontend-supabase-auth/reference.md

المزيد من هذا المستودع

نفس المستودع

cloudflare-wrangler-cli

NTQ78/Todo-app

Use when deploying Cloudflare Workers, managing R2 storage, or working with Cloudflare infrastructure

2026-02-090

frontend-antd-components

NTQ78/Todo-app

Use when working with ANTD components, theme tokens, icons, forms, or feedback components (message/notification/modal)

2026-02-090

frontend-asset-management

NTQ78/Todo-app

Use when adding, referencing, or serving static assets (images, fonts, videos, 3D models) through the R2 CDN pipeline with type-safe imports

2026-02-090

frontend-code-style

NTQ78/Todo-app

Use when writing or reviewing JavaScript/TypeScript code for style patterns like concise arrows, inline handlers, expression formatting, or when tempted to use eslint-disable

2026-02-090

frontend-environment-variables

NTQ78/Todo-app

Use when working with environment variables in frontend code

2026-02-090

frontend-hotkeys

NTQ78/Todo-app

Use when creating or modifying keyboard shortcuts/hotkeys in frontend code

2026-02-090

Frontend: Supabase Authentication

Authentication is handled entirely through TanStack Router's beforeLoad guards with Supabase session management. Never implement auth checks in components or create custom auth stores.

Core Principles

Route-level authentication only - Use TanStack Router's async beforeLoad

Supabase manages sessions - Never create custom auth stores

Fresh session checks - Always use supabase.auth.getSession() (async)

Preserve redirect paths - Maintain user's intended destination

Security-critical queries - Direct database checks for whitelist/membership

Authentication Pattern

Always check authentication in route files using beforeLoad:

export const Route = createFileRoute("/_protected")({ beforeLoad: async ({ location }) => { // 1. Check for valid session const { data: { session }, } = await supabase.auth.getSession(); if (!session) { // 2. Preserve path + search params for post-login redirect const redirectPath = `${location.pathname}${location.search ? `?${new URLSearchParams(location.search).toString()}` : ""}`; throw redirect({ to: "/login", search: { redirect: redirectPath }, }); } // 3. Additional checks (whitelist, membership, etc.) }, });

Sign Out Pattern

Use Supabase's signOut() method with proper error handling:

const handleSignOut = async () => { try { const { error } = await supabase.auth.signOut(); if (error) throw error; message.success("Signed out successfully"); navigate({ to: "/login" }); } catch (error) { console.error("Error signing out:", error); message.error("Failed to sign out. Please try again."); } };

Key Rules

beforeLoad is the ONLY security boundary - Components assume access is granted

No cached session data - Always query fresh for security-critical checks

Direct database queries - Use supabase.from() for whitelist/membership verification

Redirect on failure - Never render protected content on auth failure

Async pattern - getSession() must be awaited

Common Patterns

Whitelist Check:

const { data: profile } = await supabase .from("profiles") .select("whitelisted") .eq("id", session.user.id) .single(); if (!profile?.whitelisted) { throw redirect({ to: "/not-whitelisted" }); }

Membership Guard:

const { data: membership } = await supabase .from("organization_members") .select("*") .eq("user_id", session.user.id) .eq("organization_id", organizationId) .maybeSingle(); if (!membership) { throw redirect({ to: "/access-denied" }); }

Reference

For implementation examples: .claude/skills/frontend-supabase-auth/examples.md For anti-patterns: .claude/skills/frontend-supabase-auth/reference.md