English
РусскийEnglish
Enter the grand hallGet answerHallsTarot, Lenormand, runes, dreams, MoonDayQuick daily signOraclesVoices and reading schoolsLibraryCards, symbols, dreambookShopFormats, scrolls, and giftsHowMechanics, briefly
InstallSearch
All real data checks
database

supabase

Supabase production data

Verification of real tables, RLS, service key, rate limits, reading records, finance events, and archive access.

Supabase Postgres, RLS policies, service role API.

required env

NEXT_PUBLIC_SUPABASE_URLNEXT_PUBLIC_SUPABASE_ANON_KEYSUPABASE_SERVICE_ROLE_KEYRATE_LIMIT_STORE

optional env

SERVER_SEAL_SECRETSERVER_SEAL_KEY_ID

Migrations

Production Supabase must include all repository migrations. Do not run live payments on an old schema.

  • reading_records exists and has constraints.
  • finance_events exists for accounting.
  • rate_limits works in durable mode.

Access

Public anon key is used only on the client, service role only on the server.

  • SUPABASE_SERVICE_ROLE_KEY is absent from the client bundle.
  • RLS does not block legitimate access to the user's own archive.
  • Admin endpoints require admin/accounting token or session cookie.

Risks

  • Service role key accidentally reaches public code.
  • RLS too strict: user cannot see their scroll.
  • RLS too loose: cross-user access becomes possible.

Pre-launch QA

  • Check /api/readings/health with real Supabase.
  • Create a paid reading and open it from account archive.
  • Check access recovery by email.
AccountArchive and purchasesPrivacyPublic rulesData deletionDeletion rights