Supabase Integration

Supabase provides authentication, PostgreSQL database, and Row-Level Security for Kinetic Email.

Services Used

Service	Purpose
Auth	User authentication (magic link, Google OAuth, email/password)
Database	PostgreSQL for all persistent data
RLS	Row-level security on all user tables
RPC	Server-side functions (token spending, referrals, etc.)

Client Setup

Frontend Client (`src/lib/supabase.ts`)

import { createClient } from '@supabase/supabase-js';

const supabaseUrl = import.meta.env.VITE_SUPABASE_URL;
const supabaseAnonKey = import.meta.env.VITE_SUPABASE_ANON_KEY;

export const supabase = createClient(supabaseUrl, supabaseAnonKey);

Server-Side Client (API Functions)

Two client types are used:

Service role client (full access, used for admin operations):

const supabase = createClient(
  process.env.SUPABASE_URL,
  process.env.SUPABASE_SERVICE_ROLE_KEY
);

User-authenticated client (used for token spending RPC):

const userClient = createClient(
  process.env.SUPABASE_URL,
  process.env.SUPABASE_ANON_KEY,
  { global: { headers: { Authorization: `Bearer ${userJwt}` } } }
);

The user-authenticated client ensures auth.uid() resolves correctly inside RPC functions while respecting RLS policies.

Key Tables

See Database Architecture for the full schema.

RPC Functions

Function	Purpose
`spend_tokens`	Atomic token deduction
`check_token_balance`	Read-only affordability check
`award_course_completion_tokens`	Course completion bonus
`process_referral`	Referral signup processing
`get_token_transactions`	Transaction history

Services Used​

Client Setup​

Frontend Client (src/lib/supabase.ts)​

Server-Side Client (API Functions)​

Key Tables​

RPC Functions​