delete from storage with supabase edge function

Breiz Heurope

3 min read

·

09-03-2025

1

0

Share

Supabase offers a powerful combination of its database and storage services. Managing data within this ecosystem efficiently often involves using Edge Functions for serverless operations. This article will guide you through deleting files from Supabase storage using an Edge Function, offering a secure and scalable solution. We'll cover setting up the function, handling authentication, and best practices for error handling.

Setting Up Your Supabase Edge Function

Before we begin, ensure you have a Supabase project set up and have the Supabase CLI installed. We'll create a new Edge Function dedicated to file deletion.

1. Create a new Edge Function: Use the Supabase CLI to create a new function. Choose a descriptive name, such as deleteFile.

   supabase functions create deleteFile
   

2. Choose a runtime: Select a runtime environment appropriate for your needs (e.g., Node.js).

3. Write the function code: Replace the default function code with the following (Node.js example):

import { createClient } from '@supabase/supabase-js';

export async function handler(event) {
  const { filePath } = event.body;

  if (!filePath) {
    return new Response("Missing filePath parameter.", { status: 400 });
  }

  // Replace with your Supabase URL and ANON KEY
  const supabaseUrl = 'YOUR_SUPABASE_URL';
  const supabaseAnonKey = 'YOUR_SUPABASE_ANON_KEY';
  const supabase = createClient(supabaseUrl, supabaseAnonKey); //Consider using service role key for production

  try {
    const { data, error } = await supabase.storage.from('your-bucket-name').remove([filePath]);

    if (error) {
      console.error("Error deleting file:", error);
      return new Response(JSON.stringify({ error: error.message }), { status: 500 });
    }

    return new Response(JSON.stringify({ message: 'File deleted successfully' }));
  } catch (error) {
    console.error("Unexpected error:", error);
    return new Response(JSON.stringify({ error: 'An unexpected error occurred' }), { status: 500 });
  }
}

Remember to replace YOUR_SUPABASE_URL, YOUR_SUPABASE_ANON_KEY, and your-bucket-name with your actual values. Using an anonymous key is fine for development, but for production environments, a service role key is strongly recommended for enhanced security.

4. Deploy the function: Use the Supabase CLI to deploy your newly created function.

   supabase functions deploy
   

Handling Authentication and Authorization

For production applications, using anonymous keys is a security risk. Implementing proper authentication is crucial. You should integrate your function with Supabase Auth. This allows you to verify the user's identity before allowing file deletion.

Here's how you might modify the code to incorporate authentication:

// ... (previous code) ...

const { data: authData, error: authError } = await supabase.auth.api.getUser(event.headers.authorization);

if (authError || !authData.user) {
    return new Response("Unauthorized", { status: 401 });
}


// ... (rest of the code) ...

This enhanced version checks for an authorization header, typically including a JWT (JSON Web Token). If the token is invalid or missing, it returns a 401 Unauthorized response. You might add more refined authorization checks based on user roles or permissions.

Error Handling and Best Practices

Robust error handling is vital. The example above includes basic error handling, but you should consider:

• Specific error messages: Provide more detailed error messages based on the type of error encountered (e.g., file not found, permission denied).
• Logging: Log errors to your Supabase logs for debugging and monitoring purposes.
• Input validation: Sanitize and validate the filePath parameter to prevent injection attacks.
• Rate limiting: Implement rate limiting to prevent abuse of your function.

Testing Your Edge Function

After deploying, you can test your Edge Function using tools like curl or Postman. You will need to send a POST request to the function's URL, including the filePath in the request body:

curl -X POST -H "Content-Type: application/json" -d '{"filePath": "path/to/your/file.txt"}' <YOUR_FUNCTION_URL>

Conclusion

Using Supabase Edge Functions provides an efficient and scalable method for managing Supabase Storage. By implementing proper authentication and comprehensive error handling, you can create a robust and secure solution for deleting files from your storage bucket. Remember to prioritize security and always use appropriate authentication mechanisms in production environments. This approach allows you to keep your storage management logic close to your data, optimizing performance and security.