Supabase 프로젝트: 테이블 + RLS + Auth

1. supabase.com → New project
2. Name: my-saas
3. Database password: 강력한 패스워드 (저장!)
4. Region: Northeast Asia (ap-northeast-1) — 서울에 가장 가까움
5. 생성 완료 (~2분)

pnpm add -D supabase

# 로그인 + 프로젝트 연결
pnpm supabase login
pnpm supabase init
pnpm supabase link --project-ref xxxxx

# 마이그레이션 디렉토리 생성
mkdir -p supabase/migrations

-- supabase/migrations/20260429000001_init.sql

-- users 확장
create table public.users (
  id uuid primary key references auth.users(id) on delete cascade,
  email text unique not null,
  name text,
  created_at timestamptz default now()
);

-- subscriptions
create table public.subscriptions (
  id uuid primary key default gen_random_uuid(),
  user_id uuid not null references public.users(id) on delete cascade,
  plan text not null check (plan in ('free','pro','team')),
  stripe_customer_id text,
  stripe_subscription_id text,
  current_period_end timestamptz,
  created_at timestamptz default now()
);
create index idx_subs_user on public.subscriptions(user_id);

-- generations
create table public.generations (
  id uuid primary key default gen_random_uuid(),
  user_id uuid not null references public.users(id) on delete cascade,
  prompt text not null,
  result text,
  tokens_used int default 0,
  created_at timestamptz default now()
);
create index idx_gens_user on public.generations(user_id, created_at desc);

-- 자동 user 생성 트리거
create function public.handle_new_user()
returns trigger as $$
begin
  insert into public.users (id, email, name)
  values (new.id, new.email, new.raw_user_meta_data->>'name');
  return new;
end;
$$ language plpgsql security definer;

create trigger on_auth_user_created
after insert on auth.users
for each row execute function public.handle_new_user();

-- supabase/migrations/20260429000002_rls.sql

alter table public.users enable row level security;
alter table public.subscriptions enable row level security;
alter table public.generations enable row level security;

-- users: 본인만 select/update
create policy "users select own" on public.users
for select using (auth.uid() = id);

create policy "users update own" on public.users
for update using (auth.uid() = id);

-- subscriptions: 본인만 select (insert는 webhook이 service role로)
create policy "subs select own" on public.subscriptions
for select using (auth.uid() = user_id);

-- generations: CRUD all owned
create policy "gens all own" on public.generations
for all using (auth.uid() = user_id);

pnpm supabase db push    # 원격 DB에 적용

# 또는 로컬 개발
pnpm supabase start      # 로컬 Docker
pnpm supabase db reset   # 로컬 초기화

1. Supabase Dashboard → Authentication → Providers → Google
2. Google Cloud Console:
   - APIs & Services → OAuth consent screen
   - Credentials → OAuth client ID (Web application)
   - Authorized redirect URI:
     https://xxxxx.supabase.co/auth/v1/callback
3. Client ID + Secret을 Supabase에 입력
4. Site URL: https://mysaas.com
   Redirect URLs: https://mysaas.com/auth/callback

pnpm supabase gen types typescript \
  --project-id xxxxx \
  --schema public \
  > src/types/database.ts

// 사용
import type { Database } from '@/types/database'

type Generation = Database['public']['Tables']['generations']['Row']
type GenerationInsert = Database['public']['Tables']['generations']['Insert']

# .env.local
NEXT_PUBLIC_SUPABASE_URL=https://xxxxx.supabase.co
NEXT_PUBLIC_SUPABASE_ANON_KEY=eyJ...
SUPABASE_SERVICE_ROLE_KEY=eyJ...  # 서버 전용