Supabase ripped out, replaced with Postgres + JWT + Docker in one commit
Diabolarius swapped the entire Supabase dependency for a self-hosted stack -- Postgres 16, `jsonwebtoken`, `bcrypt`, Docker Compose -- in a single 41-file commit. The most interesting part is a 533-line PostgREST-style query-builder shim that keeps existing route handlers working without rewriting them all.
The motivation looks like data-sovereignty or compliance: the author's domain is flightright.de and the commit explicitly drops every cloud-managed Supabase dependency. A docker-compose.yml wires frontend, backend, and Postgres together. New endpoints handle signup, login, and profile management. The auth.users table is replaced by a public.users table; RLS and the handle_new_user trigger are gone.
backend/src/lib/db.ts is the piece that makes the migration tractable without touching every route. It implements a PostgREST-style query builder -- .from("table").select().eq().in() chaining -- backed by the pg pool. An identifier sanitizer and a hand-rolled parser for PostgREST or= filter strings are in there too. Existing Supabase-shaped handler code calls the same API it always did.
But there are real problems. getUserFromRequest on the frontend is gutted to return null -- an SSR auth regression. The frontend/package-lock.json is deleted, breaking reproducible installs. The JWT secret is hardcoded as changeme-local-dev-secret-min-32-chars in docker-compose.yml. Email uniqueness relies on app-layer lowercasing rather than a case-insensitive constraint. And there's no data migration from existing Supabase deployments -- this is a clean-install-only change.
Spotted something wrong? Or know the PR text has fresher detail than the writeup above?