seed local supabase media

Author: dnywh

README.md

@@ -145,7 +145,10 @@ Use local Studio, `psql`, or the hosted Supabase dashboard for browsing rows and
 
 - Bucket configuration lives in `supabase/config.toml`
 - Local reset data lives in `supabase/seed.sql`
-- Local placeholder static assets live in `supabase/storage/static/`
+- Local bucket objects live in `supabase/storage/`
+- Local bucket policies are backfilled via SQL migrations so local uploads behave like the hosted project
+- `npm run supabase:reset` rebuilds the database and re-uploads seeded local media
+- `npm run supabase:seed-buckets` re-uploads local bucket media without resetting the database
 
 Keep all local and preview data sanitized. Do not export or commit production data.
 

docs/supabase-local-first.md

@@ -34,6 +34,7 @@ What this does:
 - A PR branch that changes `supabase/**` gets its own Supabase preview branch.
 - That preview branch runs migrations and bucket config from Git.
 - Seed data comes from `supabase/seed.sql`, not from production data.
+- Local bucket objects come from `supabase/storage/`, not from production storage.
 
 ### 2. Require the Supabase PR Check in GitHub
 
@@ -78,6 +79,7 @@ npm install
 cp .env.example .env.local
 npm run supabase:start
 npm run supabase:reset
+npm run supabase:seed-buckets
 npm run supabase:env
 ```
 
@@ -117,10 +119,13 @@ The seed also creates:
 - 3 public listings
 - 1 chat thread
 - 2 chat messages
+- seeded profile avatars and listing photos in local Supabase Storage
 - a sample static bucket object at `static/promo-kit.zip`
 
 The demo data is synthetic and safe to keep in Git.
 
+When `NEXT_PUBLIC_SUPABASE_URL` points at `http://127.0.0.1:54331`, avatar and listing-photo uploads also go to the local Supabase buckets rather than production.
+
 ## Fresh Computer Setup
 
 Use this when setting up Peels on a new machine.
@@ -158,9 +163,10 @@ npm run dev
 2. Make schema changes locally.
 3. Add or edit SQL migrations under `supabase/migrations/`.
 4. Rebuild from scratch with `npm run supabase:reset`.
-5. Run `npm run dev`.
-6. Test the flow locally.
-7. Commit app and migration changes together.
+5. Re-upload only local bucket media with `npm run supabase:seed-buckets` when you do not need a full DB reset.
+6. Run `npm run dev`.
+7. Test the flow locally.
+8. Commit app and migration changes together.
 
 Use local Studio, `psql`, or the hosted dashboard for browsing rows. Use the CLI for schema lifecycle.
 

next.config.js

@@ -57,6 +57,11 @@ const uniqueStorageRemotePatterns = storageRemotePatterns.filter(
     )
 );
 
+const shouldAllowLocalStorageImages =
+  process.env.NEXT_PUBLIC_SUPABASE_URL?.includes("127.0.0.1") ||
+  process.env.NEXT_PUBLIC_SUPABASE_URL?.includes("localhost") ||
+  false;
+
 /** @type {import('next').NextConfig} */
 const nextConfig = {
   // Configure `pageExtensions` to include markdown and MDX files
@@ -69,6 +74,7 @@ const nextConfig = {
     // https://nextjs.org/docs/app/api-reference/components/image#caching-behavior
     // Can be safetly increased as all user-generated imagery use uniques slugs
     minimumCacheTTL: 2678400, // 31 days (default value is `60`, i.e. one minute)
+    dangerouslyAllowLocalIP: shouldAllowLocalStorageImages,
     // Define where remote images can be pulled from
     remotePatterns: uniqueStorageRemotePatterns,
   },

package.json

@@ -10,6 +10,7 @@
     "supabase:status": "supabase status",
     "supabase:env": "supabase status -o env",
     "supabase:reset": "supabase db reset",
+    "supabase:seed-buckets": "supabase seed buckets --yes",
     "supabase:diff": "supabase db diff",
     "format": "prettier --write .",
     "format:check": "prettier --check ."

supabase/config.toml

@@ -91,16 +91,19 @@ file_size_limit = "50MiB"
 public = true
 file_size_limit = "10MiB"
 allowed_mime_types = ["image/png", "image/jpeg", "image/webp"]
+objects_path = "./storage/avatars"
 
 [storage.buckets.listing_avatars]
 public = true
 file_size_limit = "10MiB"
 allowed_mime_types = ["image/png", "image/jpeg", "image/webp"]
+objects_path = "./storage/listing_avatars"
 
 [storage.buckets.listing_photos]
 public = true
 file_size_limit = "50MiB"
 allowed_mime_types = ["image/png", "image/jpeg", "image/webp"]
+objects_path = "./storage/listing_photos"
 
 [storage.buckets.static]
 public = true

supabase/migrations/20260408103800_backfill_storage_object_policies.sql

@@ -0,0 +1,202 @@
+begin;
+
+-- Backfill Storage RLS policies that already exist in the hosted project but
+-- were not captured in the initial public-schema baseline pull.
+
+do $$
+begin
+  if not exists (
+    select 1
+    from pg_policies
+    where schemaname = 'storage'
+      and tablename = 'objects'
+      and policyname = 'Allow authenticated changes 1oj01fe_0'
+  ) then
+    execute $policy$
+      create policy "Allow authenticated changes 1oj01fe_0"
+      on storage.objects
+      for update
+      to authenticated
+      using ((bucket_id = 'avatars') and (auth.role() = 'authenticated'))
+    $policy$;
+  end if;
+
+  if not exists (
+    select 1
+    from pg_policies
+    where schemaname = 'storage'
+      and tablename = 'objects'
+      and policyname = 'Allow authenticated changes 1oj01fe_1'
+  ) then
+    execute $policy$
+      create policy "Allow authenticated changes 1oj01fe_1"
+      on storage.objects
+      for insert
+      to authenticated
+      with check ((bucket_id = 'avatars') and (auth.role() = 'authenticated'))
+    $policy$;
+  end if;
+
+  if not exists (
+    select 1
+    from pg_policies
+    where schemaname = 'storage'
+      and tablename = 'objects'
+      and policyname = 'Allow authenticated deletes 1oj01fe_0'
+  ) then
+    execute $policy$
+      create policy "Allow authenticated deletes 1oj01fe_0"
+      on storage.objects
+      for delete
+      to authenticated
+      using ((bucket_id = 'avatars') and (auth.role() = 'authenticated'))
+    $policy$;
+  end if;
+
+  if not exists (
+    select 1
+    from pg_policies
+    where schemaname = 'storage'
+      and tablename = 'objects'
+      and policyname = 'Allow authenticated list 1oj01fe_0'
+  ) then
+    execute $policy$
+      create policy "Allow authenticated list 1oj01fe_0"
+      on storage.objects
+      for select
+      to authenticated
+      using (bucket_id = 'avatars')
+    $policy$;
+  end if;
+
+  if not exists (
+    select 1
+    from pg_policies
+    where schemaname = 'storage'
+      and tablename = 'objects'
+      and policyname = 'Anyone can view listing avatars'
+  ) then
+    execute $policy$
+      create policy "Anyone can view listing avatars"
+      on storage.objects
+      for select
+      using (bucket_id = 'listing_avatars')
+    $policy$;
+  end if;
+
+  if not exists (
+    select 1
+    from pg_policies
+    where schemaname = 'storage'
+      and tablename = 'objects'
+      and policyname = 'Anyone can view listing photos'
+  ) then
+    execute $policy$
+      create policy "Anyone can view listing photos"
+      on storage.objects
+      for select
+      using (bucket_id = 'listing_photos')
+    $policy$;
+  end if;
+
+  if not exists (
+    select 1
+    from pg_policies
+    where schemaname = 'storage'
+      and tablename = 'objects'
+      and policyname = 'Users can delete their own listing avatars'
+  ) then
+    execute $policy$
+      create policy "Users can delete their own listing avatars"
+      on storage.objects
+      for delete
+      to authenticated
+      using (bucket_id = 'listing_avatars')
+    $policy$;
+  end if;
+
+  if not exists (
+    select 1
+    from pg_policies
+    where schemaname = 'storage'
+      and tablename = 'objects'
+      and policyname = 'Users can delete their own listing photos'
+  ) then
+    execute $policy$
+      create policy "Users can delete their own listing photos"
+      on storage.objects
+      for delete
+      to authenticated
+      using (bucket_id = 'listing_photos')
+    $policy$;
+  end if;
+
+  if not exists (
+    select 1
+    from pg_policies
+    where schemaname = 'storage'
+      and tablename = 'objects'
+      and policyname = 'Users can update their own listing avatars'
+  ) then
+    execute $policy$
+      create policy "Users can update their own listing avatars"
+      on storage.objects
+      for update
+      to authenticated
+      using (bucket_id = 'listing_avatars')
+      with check (auth.role() = 'authenticated')
+    $policy$;
+  end if;
+
+  if not exists (
+    select 1
+    from pg_policies
+    where schemaname = 'storage'
+      and tablename = 'objects'
+      and policyname = 'Users can update their own listing photos'
+  ) then
+    execute $policy$
+      create policy "Users can update their own listing photos"
+      on storage.objects
+      for update
+      to authenticated
+      using (bucket_id = 'listing_photos')
+      with check (auth.role() = 'authenticated')
+    $policy$;
+  end if;
+
+  if not exists (
+    select 1
+    from pg_policies
+    where schemaname = 'storage'
+      and tablename = 'objects'
+      and policyname = 'Users can upload their own listing avatars'
+  ) then
+    execute $policy$
+      create policy "Users can upload their own listing avatars"
+      on storage.objects
+      for insert
+      to authenticated
+      with check ((bucket_id = 'listing_avatars') and (auth.role() = 'authenticated'))
+    $policy$;
+  end if;
+
+  if not exists (
+    select 1
+    from pg_policies
+    where schemaname = 'storage'
+      and tablename = 'objects'
+      and policyname = 'Users can upload their own listing photos'
+  ) then
+    execute $policy$
+      create policy "Users can upload their own listing photos"
+      on storage.objects
+      for insert
+      to authenticated
+      with check ((bucket_id = 'listing_photos') and (auth.role() = 'authenticated'))
+    $policy$;
+  end if;
+end
+$$;
+
+commit;

supabase/seed.sql

@@ -132,7 +132,7 @@ values
   (
     '2c9ae20c-2469-4e60-84b3-39268697717c',
     'Avery',
-    null,
+    'demo/skate.jpg',
     false,
     'http://127.0.0.1:3000',
     'local-seed',
@@ -144,7 +144,7 @@ values
   (
     '9a0c62fc-bf50-4f45-ba6c-5b9051c2712a',
     'Riley',
-    null,
+    'demo/sunflowers.jpg',
     false,
     'http://127.0.0.1:3000',
     'local-seed',
@@ -189,11 +189,11 @@ values
     extensions.st_setsrid(extensions.st_makepoint(151.1569, -33.9110), 4326)::extensions.geography,
     array['Fruit and vegetable scraps', 'Coffee grounds', 'Tea leaves', 'Egg shells'],
     array['Plastic bags', 'Meat', 'Dairy'],
-    array[]::text[],
+    array['demo/garden.jpg', 'demo/caddy.jpg', 'demo/tumbler.jpg'],
     array['https://www.peels.app/about'],
     true,
     'community',
-    null,
+    'demo/farm.jpg',
     -33.9110,
     151.1569,
     'AU',
@@ -208,11 +208,11 @@ values
     extensions.st_setsrid(extensions.st_makepoint(151.1645, -33.9063), 4326)::extensions.geography,
     array['Coffee grounds', 'Fruit scraps'],
     array['Packaging', 'Glass'],
-    array[]::text[],
+    array['demo/wheelbarrow.jpg'],
     array['https://www.peels.app/faq'],
     true,
     'business',
-    null,
+    'demo/brewery.jpg',
     -33.9063,
     151.1645,
     'AU',