Supabase ripped out, replaced with Postgres + JWT + Docker in one commit

Diabolarius swapped the entire Supabase dependency for a self-hosted stack -- Postgres 16, `jsonwebtoken`, `bcrypt`, Docker Compose -- in a single 41-file commit. The most interesting part is a 533-line PostgREST-style query-builder shim that keeps existing route handlers working without rewriting them all.

infrastructurecompliance

The motivation looks like data-sovereignty or compliance: the author's domain is flightright.de and the commit explicitly drops every cloud-managed Supabase dependency. A docker-compose.yml wires frontend, backend, and Postgres together. New endpoints handle signup, login, and profile management. The auth.users table is replaced by a public.users table; RLS and the handle_new_user trigger are gone.

backend/src/lib/db.ts is the piece that makes the migration tractable without touching every route. It implements a PostgREST-style query builder -- .from("table").select().eq().in() chaining -- backed by the pg pool. An identifier sanitizer and a hand-rolled parser for PostgREST or= filter strings are in there too. Existing Supabase-shaped handler code calls the same API it always did.

But there are real problems. getUserFromRequest on the frontend is gutted to return null -- an SSR auth regression. The frontend/package-lock.json is deleted, breaking reproducible installs. The JWT secret is hardcoded as changeme-local-dev-secret-min-32-chars in docker-compose.yml. Email uniqueness relies on app-layer lowercasing rather than a case-insensitive constraint. And there's no data migration from existing Supabase deployments -- this is a clean-install-only change.

So what Worth a look if you need to run Mike in an environment where Supabase is off the table. The `db.ts` query-builder shim is the main thing of value -- it shows one workable pattern for keeping Supabase-shaped code alive while decoupling from the hosted service. Adopt it with eyes open: it's bespoke, has no upstream support, and you'd be maintaining it. Skip the SSR auth and package-lock deletions; fix those if you cherry-pick anything.

View this fork on GitHub →

Spotted something wrong? Or know the PR text has fresher detail than the writeup above?

Commits in this thread

1 commit from Diabolarius/mike, oldest first. Source extracted verbatim from the harvested git log.

SHA Subject Author Date
6b8283a5 Mike The Bullshit LegalAI Andreas E 2026-05-05 ↗ GitHub
Co-authored-by: Copilot <copilot@github.com>

Capture this thread into my fork

Download a single Markdown prompt that tells Claude how to port every commit above into your working tree — adapting paths and structure to match your repo. Run it via claude -p < capture-thread-147.md from inside the repo you want the changes in.

⬇ Download capture-thread-147.md