Merge branch 'supabase:master' into master

README.md

@@ -12,9 +12,9 @@
 - [x] Hosted Postgres Database. [Docs](https://supabase.com/docs/guides/database)
 - [x] Authentication and Authorization. [Docs](https://supabase.com/docs/guides/auth)
 - [x] Auto-generated APIs.
-  - [x] REST. [Docs](https://supabase.com/docs/guides/api#rest-api-overview)
-  - [x] GraphQL. [Docs](https://supabase.com/docs/guides/api#graphql-api-overview)
-  - [x] Realtime subscriptions. [Docs](https://supabase.com/docs/guides/api#realtime-api-overview)
+  - [x] REST. [Docs](https://supabase.com/docs/guides/api)
+  - [x] GraphQL. [Docs](https://supabase.com/docs/guides/graphql)
+  - [x] Realtime subscriptions. [Docs](https://supabase.com/docs/guides/realtime)
 - [x] Functions.
   - [x] Database Functions. [Docs](https://supabase.com/docs/guides/database/functions)
   - [x] Edge Functions [Docs](https://supabase.com/docs/guides/functions)

apps/docs/components/Navigation/NavigationMenu/NavigationMenu.constants.ts

@@ -791,15 +791,18 @@ export const api: NavMenuConstant = {
       name: 'Guides',
       url: '/guides/api',
       items: [
-        { name: 'Creating API routes', url: '/guides/api/creating-routes', items: [] },
-        { name: 'How API Keys work', url: '/guides/api/api-keys', items: [] },
-        { name: 'Securing your API', url: '/guides/api/securing-your-api', items: [] },
+        { name: 'Creating API routes', url: '/guides/api/creating-routes' },
+        { name: 'How API Keys work', url: '/guides/api/api-keys' },
+        { name: 'Securing your API', url: '/guides/api/securing-your-api' },
+        {
+          name: 'Debugging performance issues',
+          url: '/guides/api/rest/debugging-performance',
+        },
         {
           name: 'Querying joins and nested tables',
           url: '/guides/api/joins-and-nesting',
-          items: [],
         },
-        { name: 'Using custom schemas', url: '/guides/api/using-custom-schemas', items: [] },
+        { name: 'Using custom schemas', url: '/guides/api/using-custom-schemas' },
       ],
     },
   ],
@@ -1565,7 +1568,7 @@ export const reference_python_v2 = {
   parent: '/reference',
 }
 
-export const reference_swift_v0 = {
+export const reference_swift_v1 = {
   icon: 'reference-swift',
   title: 'swift',
   url: 'guides/reference/swift',

apps/docs/components/Navigation/NavigationMenu/NavigationMenu.tsx

@@ -147,10 +147,10 @@ const menus: Menu[] = [
     type: 'reference',
   },
   {
-    id: 'reference_swift_v0',
+    id: 'reference_swift_v1',
     path: '/reference/swift',
     commonSectionsFile: 'common-client-libs-sections.json',
-    specFile: 'supabase_swift_v0.yml',
+    specFile: 'supabase_swift_v1.yml',
     type: 'reference',
   },
   {

apps/docs/docs/ref/python/introduction.mdx

@@ -13,11 +13,8 @@ hideTitle: true
 </div>
 
 <div className="max-w-xl">
-  This reference documents every object and method available in the
-  [supabase-py](https://github.com/supabase-community/supabase-py) library from the Supabase
-  community. You can use `supabase-py` to interact with your Postgres database, listen to database
-  changes, invoke Deno Edge Functions, build login and user management functionality, and manage
-  large files.
+  {/* prettier-ignore */}
+  <p>This reference documents every object and method available in the [supabase-py](https://github.com/supabase-community/supabase-py) library from the Supabase community. You can use `supabase-py` to test with your Postgres database, listen to database changes, invoke Deno Edge Functions, build login and user management functionality, and manage large files.</p>
 </div>
 
 <div className="max-w-xl bg-slate-300 px-4 py-2 rounded-md">

apps/docs/internals/files/reference-lib.mjs

@@ -11,7 +11,7 @@ const clientLibFiles = [
   { fileName: 'supabase_dart_v1', label: 'dart', version: 'v1', versionSlug: false },
   { fileName: 'supabase_py_v2', label: 'python', version: 'v2', versionSlug: false },
   { fileName: 'supabase_csharp_v0', label: 'csharp', version: 'v0', versionSlug: false },
-  { fileName: 'supabase_swift_v0', label: 'swift', version: 'v0', versionSlug: false },
+  { fileName: 'supabase_swift_v1', label: 'swift', version: 'v1', versionSlug: false },
   { fileName: 'supabase_kt_v0', label: 'kotlin', version: 'v0', versionSlug: false },
 ]
 

apps/docs/layouts/SiteLayout.tsx

@@ -98,9 +98,9 @@ const levelsData = {
     icon: '/docs/img/icons/menu/reference-python',
     name: 'Python Reference v2.0',
   },
-  reference_swift_v0: {
+  reference_swift_v1: {
     icon: '/docs/img/icons/menu/reference-swift',
-    name: 'Swift Reference v0.0',
+    name: 'Swift Reference v1.0',
   },
   reference_kotlin_v0: {
     icon: '/docs/img/icons/menu/reference-kotlin',

apps/docs/package.json

@@ -57,7 +57,6 @@
     "@supabase/supabase-js": "^2.38.2",
     "common": "*",
     "config": "*",
-    "dat.gui": "^0.7.9",
     "framer-motion": "^6.5.1",
     "github-slugger": "^2.0.0",
     "gray-matter": "^4.0.3",

apps/docs/pages/guides/api/rest/debugging-performance.mdx

@@ -0,0 +1,115 @@
+import Layout from '~/layouts/DefaultGuideLayout'
+
+export const meta = {
+  id: 'debugging-performance',
+  title: 'Debugging performance issues',
+  description: 'Debug slow-running queries using the Postgres execution planner.',
+  subtitle: 'Debug slow-running queries using the Postgres execution planner.',
+}
+
+`explain()` is a method that provides the Postgres `EXPLAIN` execution plan of a query. It is a powerful tool for debugging slow queries and understanding how Postgres will execute a given query. This feature is applicable to any query, including those made through `rpc()` or write operations.
+
+## Enabling `explain()`
+
+`explain()` is disabled by default to protect sensitive information about your database structure and operations. We recommend using `explain()` in a non-production environment. Run the following SQL to enable `explain()`:
+
+{/* prettier-ignore */}
+```sql
+-- enable explain
+alter role authenticator 
+set pgrst.db_plan_enabled to 'true';
+
+-- reload the config
+notify pgrst, 'reload config';
+```
+
+## Using `explain()`
+
+To get the execution plan of a query, you can chain the `explain()` method to a Supabase query:
+
+{/* prettier-ignore */}
+```ts
+const { data, error } = await supabase
+  .from('countries')
+  .select()
+  .explain()
+```
+
+### Example data
+
+To illustrate, consider the following setup of a `countries` table:
+
+{/* prettier-ignore */}
+```sql
+create table countries (
+  id int8 primary key,
+  name text
+);
+
+insert into countries
+  (id, name)
+values
+  (1, 'Afghanistan'),
+  (2, 'Albania'),
+  (3, 'Algeria');
+```
+
+### Expected response
+
+The response would typically look like this:
+
+{/* prettier-ignore */}
+```markdown
+Aggregate  (cost=33.34..33.36 rows=1 width=112)
+  ->  Limit  (cost=0.00..18.33 rows=1000 width=40)
+        ->  Seq Scan on countries  (cost=0.00..22.00 rows=1200 width=40)
+```
+
+By default, the execution plan is returned in TEXT format. However, you can also retrieve it as JSON by specifying the `format` parameter.
+
+## Production use with pre-request protection
+
+If you need to enable `explain()` in a production environment, ensure you protect your database by restricting access to the `explain()` feature. You can do so by using a pre-request function that filters requests based on the IP address:
+
+{/* prettier-ignore */}
+```sql
+create or replace function filter_plan_requests()
+returns void as $$
+declare
+  headers   json := current_setting('request.headers', true)::json;
+  client_ip text := coalesce(headers->>'cf-connecting-ip', '');
+  accept    text := coalesce(headers->>'accept', '');
+  your_ip   text := '123.123.123.123'; -- replace this with your IP
+begin
+  if accept like 'application/vnd.pgrst.plan%' and client_ip != your_ip then
+    raise insufficient_privilege using
+      message = 'Not allowed to use application/vnd.pgrst.plan';
+  end if;
+end; $$ language plpgsql;
+alter role authenticator set pgrst.db_pre_request to 'filter_plan_requests';
+notify pgrst, 'reload config';
+```
+
+Replace `'123.123.123.123'` with your actual IP address.
+
+## Disabling explain
+
+To disable the `explain()` method after use, execute the following SQL commands:
+
+{/* prettier-ignore */}
+```sql
+-- disable explain
+alter role authenticator 
+set pgrst.db_plan_enabled to 'false';
+
+-- if you used the above pre-request
+alter role authenticator 
+set pgrst.db_pre_request to '';
+
+-- reload the config
+notify pgrst, 'reload config';
+```
+
+export const Page = ({ children }) => <Layout meta={meta} children={children} />
+
+export default Page

apps/docs/pages/guides/api/rest/generating-types.mdx

@@ -4,20 +4,12 @@ export const meta = {
   id: 'generating-types',
   title: 'Generating Types',
   description: 'How to generate types for your API and Supabase libraries.',
-  video: 'https://www.youtube.com/v/7CqlTU9aOR4',
+  subtitle: 'How to generate types for your API and Supabase libraries.',
+  tocVideo: '/7CqlTU9aOR4',
 }
 
 Supabase APIs are generated from your database, which means that we can use database introspection to generate type-safe API definitions.
 
-<div className="video-container">
-  <iframe
-    src="https://www.youtube-nocookie.com/embed/7CqlTU9aOR4"
-    frameBorder="1"
-    allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture"
-    allowFullScreen
-  ></iframe>
-</div>
-
 ## Generating types using Supabase CLI
 
 The Supabase CLI is a single binary Go application that provides everything you need to setup a local development environment.

apps/docs/pages/guides/auth/phone-login/messagebird.mdx

@@ -92,7 +92,10 @@ In this use scenario we'll be using the user's mobile phone number as an alterna
 Using supabase-js on the client you'll want to use the same `signUp` method that you'd use for email based sign ups, but with the `phone` param instead of the `email param`:
 
 ```js
-const { user, error } = await supabase.auth.signUp({
+const {
+  data: { user, session },
+  error,
+} = await supabase.auth.signUp({
   phone: '+13334445555',
   password: 'some-password',
 })
@@ -138,7 +141,10 @@ The user will now receive an SMS with a 6-digit pin that you will need to receiv
 You should present a form to the user so they can input the 6 digit pin, then send it along with the phone number to `verifyOtp`:
 
 ```js
-const { session, error } = await supabase.auth.verifyOtp({
+const {
+  data: { session },
+  error,
+} = await supabase.auth.verifyOtp({
   phone: '+13334445555',
   token: '123456',
 })
@@ -247,7 +253,7 @@ In this scenario you are granting your user's the ability to login to their acco
 In JavaScript we can use the `signIn` method with a single parameter: `phone`
 
 ```js
-const { user, error } = await supabase.auth.signInWithOtp({
+const { data, error } = await supabase.auth.signInWithOtp({
   phone: '+13334445555',
 })
 ```
@@ -290,7 +296,10 @@ The second step is the same as the previous section, you need to collect the 6-d
 <TabPanel id="js" label="JavaScript">
 
 ```js
-const { session, error } = await supabase.auth.verifyOtp({
+const {
+  data: { session },
+  error,
+} = await supabase.auth.verifyOtp({
   phone: '+13334445555',
   token: '123456',
 })

apps/docs/pages/guides/auth/phone-login/twilio.mdx

@@ -146,7 +146,10 @@ In this scenario we'll be using the user's mobile phone number and a correspondi
 Using supabase-js on the client you'll want to use the same `signUp` method that you'd use for email based sign ups, but with the `phone` param instead of the `email param`:
 
 ```js
-const { user, error } = await supabase.auth.signUp({
+const {
+  data: { user, session },
+  error,
+} = await supabase.auth.signUp({
   phone: '+13334445555',
   password: 'some-password',
 })
@@ -192,7 +195,10 @@ The user will now receive an SMS with a 6-digit pin that you will need to receiv
 You should present a form to the user so they can input the 6 digit pin, then send it along with the phone number to `verifyOtp`:
 
 ```js
-const { session, error } = await supabase.auth.verifyOtp({
+const {
+  data: { session },
+  error,
+} = await supabase.auth.verifyOtp({
   phone: '+13334445555',
   token: '123456',
   type: 'sms',
@@ -302,7 +308,7 @@ In this scenario you are granting your user's the ability to login to their acco
 In JavaScript we can use the `signIn` method with a single parameter: `phone`
 
 ```js
-const { user, error } = await supabase.auth.signInWithOtp({
+const { data, error } = await supabase.auth.signInWithOtp({
   phone: '+13334445555',
 })
 ```
@@ -345,7 +351,10 @@ The second step is the same as the previous section, you need to collect the 6-d
 <TabPanel id="js" label="JavaScript">
 
 ```js
-const { session, error } = await supabase.auth.verifyOtp({
+const {
+  data: { session },
+  error,
+} = await supabase.auth.verifyOtp({
   phone: '+13334445555',
   token: '123456',
   type: 'sms',
@@ -446,7 +455,10 @@ There is no change in the verification process, you should continue to use the `
 
 ```js
 // After receiving a WhatsApp OTP
-const { data, error } = await supabase.auth.verifyOtp({
+const {
+  data: { session },
+  error,
+} = await supabase.auth.verifyOtp({
   phone: '+57336567365',
   token: '123456',
   type: 'sms',