Skip to main content

Overview

The Supabase class provides a PHP interface to interact with Supabase authentication and database operations. It handles environment detection, request formatting, and supports both Windows and Linux platforms. File: supabase.php

Constructor

public function __construct()
Initializes the Supabase client with automatic environment detection. Behavior:
  • Detects production environment (checks for grupomecsa.net in hostname)
  • Loads local configuration in development (local.supabase.php)
  • Sets default Supabase URL and API key
Example: 
require_once 'supabase.php';

$supabase = new Supabase();
Configuration: 
// Default values
$this->url = 'https://awhuzekjpoapamijlvua.supabase.co';
$this->apiKey = 'sb_publishable_G6dRjvRfALqwuYaG1kew7w_Xud8hTgb';

// Override with local.supabase.php in development:
// $supabase_url = 'https://your-project.supabase.co';
// $supabase_key = 'your-anon-key';

Authentication Methods

login()

Authenticate a user with email and password. 
public function login(string $email, string $password): array
Parameters:
email
string
required
User email address
password
string
required
User password
Returns: 
array [
  'access_token' => string,
  'token_type' => 'bearer',
  'expires_in' => int,
  'refresh_token' => string,
  'user' => array
]
Example: 
$supabase = new Supabase();

try {
    $result = $supabase->login('user@grupomecsa.net', 'password123');
    
    $accessToken = $result['access_token'];
    $user = $result['user'];
    
    $_SESSION['token'] = $accessToken;
    $_SESSION['user'] = $user;
    $_SESSION['email'] = $user['email'];
    
    echo "Login successful!";
} catch (Exception $e) {
    echo "Login failed: " . $e->getMessage();
}
User Object: 
[
  'id' => 'uuid',
  'email' => 'user@grupomecsa.net',
  'user_metadata' => [
    'requires_password_change' => false,
    // ... other metadata
  ],
  'created_at' => '2024-01-01T00:00:00Z',
  'updated_at' => '2024-01-01T00:00:00Z'
]

updatePassword()

Update the password for the currently authenticated user. 
public function updatePassword(string $token, string $newPassword): array
Parameters:
token
string
required
User’s access token
newPassword
string
required
New password to set
Returns: 
array [
  'user' => array,
  // Updated user object
]
Example: 
$token = $_SESSION['token'];
$newPassword = 'newSecurePassword123';

try {
    $result = $supabase->updatePassword($token, $newPassword);
    echo "Password updated successfully";
} catch (Exception $e) {
    echo "Error: " . $e->getMessage();
}
The user must be authenticated with a valid token. This method updates the password for the token owner.

resetPasswordChangeFlag()

Reset the requires_password_change flag in user metadata. Admin only. 
public function resetPasswordChangeFlag(string $userId, string $serviceRoleKey): array
Parameters:
userId
string
required
UUID of the user to update
serviceRoleKey
string
required
Service role key (admin privileges)
Returns: 
array [
  'user' => array
  // Updated user object with metadata
]
Example: 
$userId = '550e8400-e29b-41d4-a716-446655440000';
$serviceRoleKey = 'sb_secret_C-Z-MttzHCPnOR1y2Py4rw_VSsTvV_w';

$result = $supabase->resetPasswordChangeFlag($userId, $serviceRoleKey);
Requires service role key which bypasses Row Level Security. Use with caution.

resendConfirmation()

Resend the signup confirmation email to a user. 
public function resendConfirmation(string $email): array
Parameters:
email
string
required
Email address to send confirmation to
Returns: 
array [
  'body' => string,
  'http' => int
]
Example: 
try {
    $result = $supabase->resendConfirmation('user@grupomecsa.net');
    
    if ($result['http'] === 200) {
        echo "Confirmation email sent successfully";
    } else {
        echo "Error sending confirmation";
    }
} catch (Exception $e) {
    echo "Error: " . $e->getMessage();
}
Generate a password recovery link for a user. Admin only. 
public function generateRecoveryLink(string $email, string $redirectTo = ''): string
Parameters:
email
string
required
User email to generate recovery link for
redirectTo
string
URL to redirect to after recovery (optional)
Returns: 
string // Recovery link URL
Example: 
try {
    $recoveryLink = $supabase->generateRecoveryLink(
        'user@grupomecsa.net',
        'https://cms.grupomecsa.net/reset-password'
    );
    
    echo "Recovery link: " . $recoveryLink;
    
    // Send via email
    mail($email, 'Password Recovery', "Click here: $recoveryLink");
    
} catch (Exception $e) {
    echo "Error: " . $e->getMessage();
}
Throws:
  • Exception if the operation fails or service role key is missing
This method requires the $supabase_service_role global variable to be set (typically in local.supabase.php).

Database Methods

getData()

Retrieve all records from a table. 
public function getData(string $table, ?string $token = null): array
Parameters:
table
string
required
Table name to query
token
string
Access token for authentication (optional, uses API key if not provided)
Returns: 
array // Array of records
Example: 
$token = $_SESSION['token'];

// Get all employees
$employees = $supabase->getData('Empleados', $token);

foreach ($employees as $emp) {
    echo $emp['nombre'] . ' - ' . $emp['rol'] . '<br>';
}

// Get without token (uses API key - subject to RLS)
$publicData = $supabase->getData('public_content');
Query URL: 
GET /rest/v1/{table}?select=*
By default, queries use the cms schema. The method selects all columns (select=*).

insertData()

Insert a new record into a table. 
public function insertData(string $table, array $data, ?string $token = null): array
Parameters:
table
string
required
Table name to insert into
data
array
required
Data object to insert (associative array)
token
string
Access token for authentication (optional)
Returns: 
array // Inserted record (if Prefer: return=representation)
Example: 
$token = $_SESSION['token'];

$newEmployee = [
    'nombre' => 'Juan Pérez',
    'email' => 'juan.perez@grupomecsa.net',
    'rol' => 'ventas',
    'departamento' => 'Ventas',
    'activo' => true,
    'sistemas_acceso' => ['CMS']
];

try {
    $result = $supabase->insertData('Empleados', $newEmployee, $token);
    echo "Employee created with ID: " . $result['id'];
} catch (Exception $e) {
    echo "Error: " . $e->getMessage();
}
Request: 
POST /rest/v1/{table}
Content-Type: application/json

{data}

Private Methods

_request()

Core method for making authenticated REST API requests. 
private function _request(
    string $method, 
    string $path, 
    ?array $body = null, 
    ?string $token = null, 
    string $schema = 'cms'
): array
Parameters:
  • $method - HTTP method (GET, POST, PATCH, PUT, DELETE)
  • $path - API endpoint path
  • $body - Request body (optional)
  • $token - Access token (optional, uses API key if not provided)
  • $schema - Schema profile (default: ‘cms’)
Headers: 
[
    "apikey: {apikey}",
    "Authorization: Bearer {token}",
    "Content-Type: application/json",
    "Accept-Profile: {schema}",
    "Content-Profile: {schema}"
]
Platform Detection:
  • Windows: Uses curl.exe via shell_exec()
  • Linux: Uses PHP curl_* functions

_execute_auth_request()

Execute authentication-specific requests. 
private function _execute_auth_request(
    string $url, 
    string $method, 
    ?array $data = null, 
    array $headers = []
): array
Returns: 
[
    'body' => string,  // Response body
    'http' => int      // HTTP status code
]
Used by:
  • login()
  • resendConfirmation()
  • generateRecoveryLink()

Configuration Functions

The config/supabase.php file provides helper functions:

supabase_request()

Make a request using the publishable API key. 
function supabase_request(
    string $method, 
    string $path, 
    ?array $body = null, 
    array $headers = []
): array
Example: 
$result = supabase_request('GET', 'Empleados?select=*');

supabase_request_service()

Make a request using the service role key (bypasses RLS). 
function supabase_request_service(
    string $method, 
    string $path, 
    ?array $body = null, 
    array $headers = []
): array
Example: 
// Admin operation - bypasses Row Level Security
$result = supabase_request_service(
    'PATCH', 
    'Empleados?id=eq.' . $id,
    ['rol' => 'administrador']
);
Service role requests bypass all Row Level Security policies. Use only for admin operations.

supabase_raw_curl()

Low-level cURL wrapper for custom requests. 
function supabase_raw_curl(
    string $method, 
    string $path, 
    string $key, 
    ?array $body = null, 
    array $extraHeaders = []
): array
Returns: 
[
    'http' => int,      // HTTP status code
    'body' => string,   // Raw response body
    'json' => ?array,   // Decoded JSON (if valid)
    'error' => ?string  // Error message (if failed)
]
Example: 
$result = supabase_raw_curl(
    'GET',
    'Empleados?rol=eq.ventas',
    $supabase_key,
    null,
    ['Accept-Profile: public']
);

if ($result['http'] === 200) {
    $employees = $result['json'];
} else {
    echo "Error: " . $result['error'];
}

Environment Variables

$supabase_url = getenv('SUPABASE_URL') ?: 'default_url';
$supabase_key = getenv('SUPABASE_KEY') ?: 'default_key';
$supabase_service_role = getenv('SUPABASE_SERVICE_ROLE') ?: 'default_service_key';
$supabase_schema = 'cms';
Recommended .env setup: 
SUPABASE_URL=https://your-project.supabase.co
SUPABASE_KEY=your-anon-key
SUPABASE_SERVICE_ROLE=your-service-role-key

Error Handling

Common Error Codes

HTTP CodeMeaningCommon Cause
401UnauthorizedInvalid or expired token
403ForbiddenInsufficient permissions / RLS policy violation
404Not FoundTable or record doesn’t exist
422UnprocessableInvalid data format or constraint violation
500Server ErrorSupabase service error

Error Response Format

[
    'code' => '42501',
    'message' => 'new row violates row-level security policy',
    'details' => null,
    'hint' => null
]

Try-Catch Pattern

try {
    $result = $supabase->login($email, $password);
    
    if (!isset($result['access_token'])) {
        throw new Exception('Login failed: No token received');
    }
    
    $_SESSION['token'] = $result['access_token'];
    
} catch (Exception $e) {
    error_log('Login error: ' . $e->getMessage());
    
    http_response_code(401);
    echo json_encode([
        'success' => false,
        'error' => 'Authentication failed'
    ]);
}

Platform Compatibility

Windows (XAMPP/WAMP)

  • Uses curl.exe via shell_exec()
  • Includes --ssl-no-revoke flag for SSL issues
  • Writes request body to temp files

Linux (Production)

  • Uses native PHP curl_* functions
  • Standard SSL verification
  • Direct JSON encoding

Detection

$isWindows = (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN');

Complete Usage Example

<?php
require_once 'supabase.php';

session_start();

$supabase = new Supabase();

// Step 1: Authenticate
if (!isset($_SESSION['token'])) {
    try {
        $auth = $supabase->login('admin@grupomecsa.net', 'admin123');
        $_SESSION['token'] = $auth['access_token'];
        $_SESSION['user'] = $auth['user'];
    } catch (Exception $e) {
        die('Login failed: ' . $e->getMessage());
    }
}

$token = $_SESSION['token'];

// Step 2: Fetch data
$employees = $supabase->getData('Empleados', $token);

echo "<h2>Employees</h2>";
foreach ($employees as $emp) {
    echo "<p>{$emp['nombre']} - {$emp['rol']}</p>";
}

// Step 3: Insert new record
$newEmployee = [
    'nombre' => 'María García',
    'email' => 'maria@grupomecsa.net',
    'rol' => 'mercadeo',
    'activo' => true
];

$result = $supabase->insertData('Empleados', $newEmployee, $token);
echo "<p>New employee created: {$result['nombre']}</p>";

// Step 4: Admin operation - Generate recovery link
if ($_SESSION['user']['email'] === 'admin@grupomecsa.net') {
    try {
        $recoveryLink = $supabase->generateRecoveryLink(
            'user@grupomecsa.net',
            'https://cms.grupomecsa.net/reset'
        );
        echo "<p>Recovery link: <a href='$recoveryLink'>Reset Password</a></p>";
    } catch (Exception $e) {
        echo "<p>Error: {$e->getMessage()}</p>";
    }
}
?>