chat! by random-nickname274 · Pull Request #171 · Very-cool-guy/Very-cool-guy.github.io

random-nickname274 · 2026-05-22T17:24:57Z

Used supabase. But , just incase, i can see user-agents in logs.
So it's better to change my projectURL and publishableKey to your one (supabase is free)

random-nickname274 · 2026-05-22T17:36:57Z

forgot , sql script for supabase and needs to allow "anonymous auth" in settings, so anyone can send message

create table if not exists public.discussion_posts (
  id bigint generated always as identity primary key,
  message text not null check (char_length(message) between 1 and 100),
  created_at timestamptz not null default now()
);

alter table public.discussion_posts enable row level security;

create policy "read posts"
on public.discussion_posts
for select
to authenticated
using (true);

create policy "anon insert"
on public.discussion_posts
for insert
to authenticated
with check (
  coalesce((auth.jwt() ->> 'is_anonymous'), 'false') = 'true'
  and char_length(message) between 1 and 100
);

random-nickname274 · 2026-05-22T17:45:02Z

oh wait , no.
i forgot about xss injection. Let me fix

Pyromantis · 2026-05-22T17:59:33Z

holy peak

Sebiches1234 · 2026-05-22T18:31:19Z

wait real time chat??

peak

Very-cool-guy · 2026-05-22T21:56:20Z

sorry, i dont know shi about databases and stuff

Very-cool-guy · 2026-05-23T00:24:54Z

can you tell me how it works

OttersMeep · 2026-05-23T00:36:35Z

I'll explain the SQl snippet first

create table if not exists public.discussion_posts (
  id bigint generated always as identity primary key,
  message text not null check (char_length(message) between 1 and 100),
  created_at timestamptz not null default now()
);

alter table public.discussion_posts enable row level security;

create policy "read posts"
on public.discussion_posts
for select
to authenticated
using (true);

create policy "anon insert"
on public.discussion_posts
for insert
to authenticated
with check (
  coalesce((auth.jwt() ->> 'is_anonymous'), 'false') = 'true'
  and char_length(message) between 1 and 100
);

The first bit checks if a table exists called public_discussion_posts, and if it doesn't it makes one.
Then, the line beginning alter table makes it so all access is controlled by policies
The block after that states that any authenticated user can read the rows of the table (which is the data)
The block after that seems to possibly have an error but I'm not an SQL person, but anyways it states that only anonymous authenticated users can insert rows.
The one thing I'd caution against is old messages are currently permanent, and that means once 500MB are sent on the free plan, the database will enter read-only mode.

OttersMeep · 2026-05-23T00:39:18Z

the rest of it is just stuff for sending and receiving messages, so assuming you control the supabase server and don't do something malicious, it should be fine. To change it you'd just edit the line
const sb = supabase.createClient("https://otogrqqghwctefdzojuc.supabase.co","sb_publishable_B5HeLDyN4AmZYANoUTRWcw_myXJg_Um");

Very-cool-guy · 2026-05-23T00:46:42Z

whos controlling the supa server :O

OttersMeep · 2026-05-23T00:48:13Z

If you choose to merge, you should control it- letting anyone else do so allows them to display anything they want on the website

random-nickname274 · 2026-05-23T05:18:54Z

whos controlling the supa server :O

Currently it's mine, but it's better if you setup your own. It's not hard, i can send step-by-step tutorial on what to do, if needed.

How OttersMeep said, i can control what messages appears and for example just do thousands lines of glitchy text, that will make site crash for everyone(i won't , but it's still better if site functions won't depend on another person)
SQL script prevents users from sending message having more than 100 symbols, but owner of supabase can bypass it.

Very-cool-guy · 2026-05-23T05:25:52Z

thats, great

random-nickname274 · 2026-05-23T05:37:24Z

thats, great

-- creates table for discussion , each message limited by 100 symbols
create table if not exists public.discussion_posts (
  id bigint generated always as identity primary key,
  message text not null check (char_length(message) between 1 and 500),
  created_at timestamptz not null default now()
);
-- just for security, all acces is denied by default, if not allowed by policy
alter table public.discussion_posts enable row level security;

-- policy that gives acces to reading
drop policy if exists "read posts" on public.discussion_posts;
create policy "read posts"
on public.discussion_posts
for select to authenticated
using (true);
-- policy that gives acces to sending comment
drop policy if exists "anon insert" on public.discussion_posts;
create policy "anon insert"
on public.discussion_posts
for insert to authenticated
with check (
  (auth.jwt() ->> 'is_anonymous') = 'true'
);

-- clean up , to prevent more than 100 messages
create or replace function public.limit_posts() returns trigger as $$
begin
  delete from public.discussion_posts 
  where id not in (select id from public.discussion_posts order by created_at desc limit 100);
  return null;
end; $$ language plpgsql security definer set search_path = public;

create trigger limit_posts_trigger after insert on public.discussion_posts
for each statement execute function public.limit_posts();

little updated SQL script, to prevent any more than 100 messages (will show only 100 latest messages)

random-nickname274 · 2026-05-23T13:07:58Z

just for reference

so step by step instruction :

register on https://supabase.com
create project
in main page of project copy this two (project url and publishable key). Replace mine one's with your in script that i put in index.html

then go to authentication -> singin/providers -> Allow anonymous sign-ins and then "save"
go to SQL editor and run script i sent.

it's should work after that

Very-cool-guy · 2026-05-23T13:34:10Z

i dont see authentication

random-nickname274 · 2026-05-23T13:38:17Z

i dont see authentication

it's should be on this page of project

random-nickname274 · 2026-05-23T13:39:13Z

chat!

a370353

fixed xss injection

5363ab8

Conversation

random-nickname274 commented May 22, 2026

Uh oh!

random-nickname274 commented May 22, 2026

Uh oh!

random-nickname274 commented May 22, 2026

Uh oh!

Pyromantis commented May 22, 2026

Uh oh!

Sebiches1234 commented May 22, 2026

Uh oh!

Very-cool-guy commented May 22, 2026

Uh oh!

Very-cool-guy commented May 23, 2026

Uh oh!

OttersMeep commented May 23, 2026

Uh oh!

OttersMeep commented May 23, 2026

Uh oh!

Very-cool-guy commented May 23, 2026

Uh oh!

OttersMeep commented May 23, 2026

Uh oh!

random-nickname274 commented May 23, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Very-cool-guy commented May 23, 2026

Uh oh!

random-nickname274 commented May 23, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

random-nickname274 commented May 23, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Very-cool-guy commented May 23, 2026

Uh oh!

random-nickname274 commented May 23, 2026

Uh oh!

random-nickname274 commented May 23, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

5 participants

random-nickname274 commented May 23, 2026 •

edited

Loading

random-nickname274 commented May 23, 2026 •

edited

Loading

random-nickname274 commented May 23, 2026 •

edited

Loading