This provider was based on Strapi's official AWS S3 Provider but adapted for Supabase's Storage API
# using yarn
yarn add strapi-provider-upload-supabase-storage
# using npm
npm install strapi-provider-upload-supabase-storage --save
provider
defines the name of the providerproviderOptions
is passed down during the construction of the provider. (ex: supabase.createClient(apiUrl, apiKey, options)
). Complete list of options
actionOptions
is passed directly to the parameters to each method respectively. You can find the complete list of upload/ uploadStream options. There are currently no options for delete../config/plugins.js
or ./config/plugins.ts
for TypeScript projects:
module.exports = ({ env }) => ({
// ...
upload: {
config: {
provider: 'strapi-provider-upload-supabase-storage',
providerOptions: {
apiKey: env('SUPABASE_API_KEY'),
apiUrl: env('SUPABASE_API_URL'),
bucket: {
name: 'strapi-uploads',
public: true
},
},
actionOptions: {
upload: {},
uploadStream: {},
},
},
},
// ...
});
Due to the default settings in the Strapi Security Middleware you will need to modify the contentSecurityPolicy
settings to properly see thumbnail previews in the Media Library. You should replace strapi::security
string with the object bellow instead as explained in the middleware configuration documentation.
./config/middlewares.js
module.exports = ({ env }) => [
// ...
{
name: 'strapi::security',
config: {
contentSecurityPolicy: {
useDefaults: true,
directives: {
'connect-src': ["'self'", 'https:'],
'img-src': [
"'self'",
'data:',
'blob:',
env('SUPABASE_API_URL'),
],
'media-src': [
"'self'",
'data:',
'blob:',
env('SUPABASE_API_URL'),
],
upgradeInsecureRequests: null,
},
},
},
},
// ...
];
This provider allows you to configure your Bucket
to be private. However, doing so will mean that the url returned to Strapi won't be publically accessible. This will break things like asset thumbnails in Strapi's Media Library as you won't be able to reference your assets from any public frontend. While you'll still be able to delete these assets from Strapi, any other read/write actions will need to be authenticated with Supabase and satisfy the Bucket
's Security Policy.