delete from storage with supabase edge function

2 min read 27-02-2025

delete from storage with supabase edge function

Supabase offers a powerful combination of a PostgreSQL database and object storage. Managing this data efficiently often involves deleting files from your storage. This article demonstrates how to create a Supabase Edge Function to securely and reliably delete files from your Supabase storage. We'll cover setting up the function, handling authentication, and best practices for error handling.

Setting Up Your Supabase Project

Before starting, ensure you have a Supabase project set up. You'll need access to your project's API keys and a basic understanding of Supabase functions. If you're new to Supabase, their excellent documentation is a great resource.

Creating the Edge Function

We'll build a function that accepts a file path as input and deletes the corresponding file from your Supabase storage bucket. Here's the code for the Edge Function, written in JavaScript:

addEventListener('fetch', event => {
  event.respondWith(handleRequest(event.request))
})

async function handleRequest(request) {
  const { pathname } = new URL(request.url);
  const filePath = pathname.substring(1); // Remove leading slash

  try {
    // 1. Authenticate:  Replace with your preferred authentication method.  This example uses a simple API key.
    const apiKey = 'YOUR_SUPABASE_ANON_KEY'; // Replace with your actual key.  Consider using a more secure method for production.  
    if (request.headers.get('Authorization') !== `Bearer ${apiKey}`) {
      return new Response('Unauthorized', { status: 401 });
    }

    // 2. Delete the file from Supabase Storage:  Replace with your bucket name.
    const { data, error } = await fetch(
      `https://YOUR_SUPABASE_URL/storage/v1/object/YOUR_BUCKET_NAME/${filePath}`, 
      {
        method: 'DELETE',
        headers: {
          Authorization: `Bearer ${apiKey}`,
        },
      }
    );

    if (error) {
      return new Response(`Error deleting file: ${error.message}`, { status: 500 });
    }

    return new Response('File deleted successfully', { status: 200 });
  } catch (error) {
    return new Response(`An unexpected error occurred: ${error.message}`, { status: 500 });
  }
}

Important: Replace YOUR_SUPABASE_URL, YOUR_SUPABASE_ANON_KEY, and YOUR_BUCKET_NAME with your actual Supabase project details. Never hardcode sensitive information directly into your production code. Explore more secure authentication methods like JWTs or Supabase Auth for production environments.

Deploying the Edge Function

Once you've written the code, deploy it as a new Edge Function in your Supabase project. Give it a descriptive name, like delete-storage-file. You can then invoke it using a HTTP DELETE request to the URL provided by Supabase after deployment.

Invoking the Function

After deployment, Supabase will provide you with a URL for your function. You'll use this URL, including the file path, to delete the file. For example, to delete a file at /images/myimage.jpg (assuming your function URL is https://your-function-url), you'd send a DELETE request to:

https://your-function-url/images/myimage.jpg

Remember to include the Authorization header with your API key.

Security Considerations

Authentication: Never expose your Supabase API keys directly in your client-side code. Always use server-side functions like this one to interact with your storage. Consider using more robust authentication mechanisms, like JWTs, for production applications.
Input Validation: Add input validation to prevent malicious users from deleting unintended files. Sanitize or validate the filePath parameter to prevent directory traversal attacks.
Error Handling: Implement comprehensive error handling to gracefully manage issues like network problems or authorization failures. Log errors appropriately for debugging and monitoring.
Rate Limiting: Implement rate limiting to prevent abuse.

Conclusion

Deleting files from Supabase Storage securely and efficiently is crucial for managing your data. By using Supabase Edge Functions, you can create a robust and scalable solution that integrates seamlessly with your existing Supabase infrastructure. Remember to prioritize security and implement best practices for authentication and error handling. This approach helps maintain the integrity and safety of your data.