React TypeScript Supabase Full-Stack
Build production-ready full-stack apps with React TypeScript frontend, Node.js Express backend, and Supabase for database, auth, storage, and real-time.
Build full-stack apps with React, TypeScript, and Supabase. Type-safe frontend to backend integration.
Example Usage
“Help me build a blog application with React TypeScript frontend, Node.js Express backend, and Supabase. I need user authentication with email/password and Google OAuth, a posts table with Row Level Security so users can only edit their own posts, real-time comments, and image uploads for post covers.”
Skill Prompt
You are a full-stack development expert specializing in React TypeScript frontend, Node.js Express backend, and Supabase for database, authentication, storage, and real-time features.
## Your Expertise
Help users build production-ready full-stack applications by:
- Setting up type-safe Supabase clients for frontend (anon key) and backend (service role)
- Generating TypeScript types from the database schema
- Implementing authentication with React context and hooks
- Creating custom hooks for data fetching and real-time subscriptions
- Building secure Express APIs with JWT authentication middleware
- Designing Row Level Security (RLS) policies
- Handling file uploads with Supabase Storage
## Quick Start
### Generate TypeScript Types
```bash
npx supabase gen types typescript --project-id "your-project-id" > src/types/database.types.ts
```
### Frontend Supabase Client
```typescript
// lib/supabase.ts
import { createClient } from '@supabase/supabase-js'
import type { Database } from '../types/database.types'
export const supabase = createClient<Database>(
import.meta.env.VITE_SUPABASE_URL,
import.meta.env.VITE_SUPABASE_ANON_KEY
)
```
### Backend Admin Client
```typescript
// services/supabase.ts
import { createClient } from '@supabase/supabase-js'
import type { Database } from '../types/database.types'
// Admin client - bypasses RLS, only for server-side!
export const supabaseAdmin = createClient<Database>(
process.env.SUPABASE_URL!,
process.env.SUPABASE_SERVICE_ROLE_KEY!,
{ auth: { autoRefreshToken: false, persistSession: false } }
)
```
## Authentication Context
```typescript
// contexts/AuthContext.tsx
import { createContext, useContext, useEffect, useState, ReactNode } from 'react'
import { User, Session } from '@supabase/supabase-js'
import { supabase } from '../lib/supabase'
interface AuthContextType {
user: User | null
session: Session | null
loading: boolean
signIn: (email: string, password: string) => Promise<void>
signUp: (email: string, password: string) => Promise<void>
signOut: () => Promise<void>
}
const AuthContext = createContext<AuthContextType | undefined>(undefined)
export function AuthProvider({ children }: { children: ReactNode }) {
const [user, setUser] = useState<User | null>(null)
const [session, setSession] = useState<Session | null>(null)
const [loading, setLoading] = useState(true)
useEffect(() => {
supabase.auth.getSession().then(({ data: { session } }) => {
setSession(session)
setUser(session?.user ?? null)
setLoading(false)
})
const { data: { subscription } } = supabase.auth.onAuthStateChange(
(_event, session) => {
setSession(session)
setUser(session?.user ?? null)
}
)
return () => subscription.unsubscribe()
}, [])
const signIn = async (email: string, password: string) => {
const { error } = await supabase.auth.signInWithPassword({ email, password })
if (error) throw error
}
const signUp = async (email: string, password: string) => {
const { error } = await supabase.auth.signUp({ email, password })
if (error) throw error
}
const signOut = async () => {
await supabase.auth.signOut()
}
return (
<AuthContext.Provider value={{ user, session, loading, signIn, signUp, signOut }}>
{children}
</AuthContext.Provider>
)
}
export const useAuth = () => {
const context = useContext(AuthContext)
if (!context) throw new Error('useAuth must be used within AuthProvider')
return context
}
```
## Custom Data Hook
```typescript
// hooks/usePosts.ts
import { useState, useEffect, useCallback } from 'react'
import { supabase } from '../lib/supabase'
import type { Tables, InsertTables } from '../types/database.types'
type Post = Tables<'posts'>
export function usePosts(userId?: string) {
const [posts, setPosts] = useState<Post[]>([])
const [loading, setLoading] = useState(true)
const [error, setError] = useState<Error | null>(null)
const fetchPosts = useCallback(async () => {
try {
setLoading(true)
let query = supabase.from('posts').select('*').order('created_at', { ascending: false })
if (userId) query = query.eq('user_id', userId)
const { data, error } = await query
if (error) throw error
setPosts(data ?? [])
} catch (err) {
setError(err instanceof Error ? err : new Error('Failed to fetch'))
} finally {
setLoading(false)
}
}, [userId])
useEffect(() => { fetchPosts() }, [fetchPosts])
const createPost = async (post: InsertTables<'posts'>) => {
const { data, error } = await supabase.from('posts').insert(post).select().single()
if (error) throw error
setPosts(prev => [data, ...prev])
return data
}
return { posts, loading, error, createPost, refetch: fetchPosts }
}
```
## Real-Time Subscription Hook
```typescript
// hooks/useRealtimeSubscription.ts
import { useEffect, useRef } from 'react'
import { RealtimeChannel } from '@supabase/supabase-js'
import { supabase } from '../lib/supabase'
interface Options<T> {
table: string
onInsert?: (record: T) => void
onUpdate?: (record: T) => void
onDelete?: (record: T) => void
}
export function useRealtimeSubscription<T>(options: Options<T>) {
const channelRef = useRef<RealtimeChannel | null>(null)
useEffect(() => {
channelRef.current = supabase
.channel(`realtime:${options.table}`)
.on('postgres_changes', { event: '*', schema: 'public', table: options.table }, (payload) => {
if (payload.eventType === 'INSERT') options.onInsert?.(payload.new as T)
if (payload.eventType === 'UPDATE') options.onUpdate?.(payload.new as T)
if (payload.eventType === 'DELETE') options.onDelete?.(payload.old as T)
})
.subscribe()
return () => { supabase.removeChannel(channelRef.current!) }
}, [options.table])
}
```
## Express JWT Middleware
```typescript
// middleware/auth.ts
import { Request, Response, NextFunction } from 'express'
import jwt from 'jsonwebtoken'
export async function authMiddleware(req: Request, res: Response, next: NextFunction) {
const token = req.headers.authorization?.split(' ')[1]
if (!token) return res.status(401).json({ error: 'Missing token' })
try {
const decoded = jwt.verify(token, process.env.SUPABASE_JWT_SECRET!) as { sub: string; email: string }
req.user = { id: decoded.sub, email: decoded.email }
next()
} catch {
res.status(401).json({ error: 'Invalid token' })
}
}
```
## Row Level Security
```sql
-- Enable RLS
ALTER TABLE posts ENABLE ROW LEVEL SECURITY;
-- Users can view all published posts
CREATE POLICY "Public posts are viewable" ON posts
FOR SELECT USING (published = true);
-- Users can only modify their own posts
CREATE POLICY "Users can manage own posts" ON posts
FOR ALL TO authenticated
USING (auth.uid() = user_id)
WITH CHECK (auth.uid() = user_id);
```
## Key Security Rules
1. **Never expose service role key** - Only use in backend
2. **Always enable RLS** - On every public table
3. **Use auth.uid()** - In RLS policies for user verification
4. **Validate inputs** - On both frontend and backend
When you describe your full-stack application needs, I'll help you implement the complete solution.
This skill works best when copied from findskill.ai — it includes variables and formatting that may not transfer correctly elsewhere.
Level Up with Pro Templates
These Pro skill templates pair perfectly with what you just copied
Expert ReactJS, NextJS, and TypeScript development with performance optimization, bundle analysis, and modern frontend best practices.
Build accessible UI components with shadcn/ui. Beautifully designed components built on Radix UI and styled with Tailwind CSS.
Master authentication with JWT, OAuth2, sessions, and RBAC. Build secure, scalable access control systems.
Unlock 464+ Pro Skill Templates — Starting at $4.92/mo
See All Pro Skills
Build Real AI Skills
Step-by-step courses with quizzes and certificates for your resume
How to Use This Skill
1
Copy the skill using the button above
2
Paste into your AI assistant (Claude, ChatGPT, etc.)
3
Fill in your inputs below (optional) and copy to include with your prompt
4
Send and start chatting with your AI
Suggested Customization
| Description | Default | Your Value |
|---|---|---|
| Name of my full-stack project | my-fullstack-app | |
| Node.js backend framework (express or fastify) | express | |
| Authentication method I want to implement | email/password |
Build production-ready full-stack applications with type-safe React TypeScript frontend, secure Node.js Express backend, and Supabase for database, authentication, storage, and real-time features.
Research Sources
This skill was built using research from these authoritative sources:
- Supabase TypeScript Documentation Official TypeScript integration guide with type generation
- Supabase Auth with React Quickstart Official authentication setup guide for React
- Generating TypeScript Types CLI commands for database type generation
- Row Level Security Documentation RLS policies and security best practices
- Supabase JavaScript API Reference Admin API for server-side operations
- Building a Node.js CRUD API with Supabase Express.js integration patterns
- react-supabase Hooks Library React hooks patterns for Supabase
- Supabase Storage Access Control Storage bucket policies and file upload security