Strapi Upload Provider for Supabase Storage
This provider was based on Strapi's official AWS S3 Provider but adapted for Supabase's Storage API
Links
Installation
# using yarn
yarn add strapi-provider-upload-supabase-storage
# using npm
npm install strapi-provider-upload-supabase-storage --save
Configuration
-
provider
defines the name of the provider -
providerOptions
is passed down during the construction of the provider. (ex:supabase.createClient(apiUrl, apiKey, options)
). Complete list of options -
actionOptions
is passed directly to the parameters to each method respectively. You can find the complete list of upload/ uploadStream options. There are currently no options for delete.
Provider Configuration
./config/plugins.js
or ./config/plugins.ts
for TypeScript projects:
module.exports = ({ env }) => ({
// ...
upload: {
config: {
provider: 'strapi-provider-upload-supabase-storage',
providerOptions: {
apiKey: env('SUPABASE_API_KEY'),
apiUrl: env('SUPABASE_API_URL'),
bucket: {
name: 'strapi-uploads',
public: true
},
},
actionOptions: {
upload: {},
uploadStream: {},
},
},
},
// ...
});
Security Middleware Configuration
Due to the default settings in the Strapi Security Middleware you will need to modify the contentSecurityPolicy
settings to properly see thumbnail previews in the Media Library. You should replace strapi::security
string with the object bellow instead as explained in the middleware configuration documentation.
./config/middlewares.js
module.exports = ({ env }) => [
// ...
{
name: 'strapi::security',
config: {
contentSecurityPolicy: {
useDefaults: true,
directives: {
'connect-src': ["'self'", 'https:'],
'img-src': [
"'self'",
'data:',
'blob:',
env('SUPABASE_API_URL'),
],
'media-src': [
"'self'",
'data:',
'blob:',
env('SUPABASE_API_URL'),
],
upgradeInsecureRequests: null,
},
},
},
},
// ...
];
Bucket Privacy
This provider allows you to configure your Bucket
to be private. However, doing so will mean that the url returned to Strapi won't be publically accessible. This will break things like asset thumbnails in Strapi's Media Library as you won't be able to reference your assets from any public frontend. While you'll still be able to delete these assets from Strapi, any other read/write actions will need to be authenticated with Supabase and satisfy the Bucket
's Security Policy.