feat: add Supabase backend infrastructure and setup documentation

Author: HackStyx

backend/SUPABASE_SETUP.md

@@ -0,0 +1,61 @@
+# Supabase Setup Guide
+
+This guide will help you set up your Supabase project for the Portfolio Tracker application.
+
+## 1. Create a Supabase Project
+
+1. Go to [https://supabase.com/](https://supabase.com/) and sign up or log in
+2. Click "New Project" and follow the steps to create a new project
+3. Choose a name for your project and set a secure database password
+4. Select a region closest to you
+5. Wait for your project to be created (this may take a few minutes)
+
+## 2. Create Database Tables
+
+1. In your Supabase dashboard, go to the "SQL Editor" section
+2. Create a new query
+3. Copy and paste the contents of the `supabase-schema.sql` file into the editor
+4. Click "Run" to execute the SQL and create the tables
+
+## 3. Set Up API Access
+
+1. In your Supabase dashboard, go to the "Settings" section
+2. Click on "API" in the sidebar
+3. Under "Project API keys", copy the "anon" public key
+4. Also copy the "URL" value from the "Project URL" section
+
+## 4. Configure Environment Variables
+
+Update your `.env` file with the Supabase URL and key:
+
+```
+SUPABASE_URL=your_project_url
+SUPABASE_KEY=your_anon_key
+FINNHUB_API_KEY=your_finnhub_api_key
+PORT=5000
+```
+
+## 5. Test the Connection
+
+Run the initialization script to test your connection:
+
+```bash
+npm run init-db
+```
+
+If successful, you should see a message confirming the connection to Supabase.
+
+## 6. Row Level Security (Optional but Recommended)
+
+For production environments, you should set up Row Level Security (RLS) policies in Supabase:
+
+1. Go to the "Authentication" section, then "Policies"
+2. For each table, create appropriate RLS policies based on your requirements
+
+## 7. Additional Configuration
+
+- Consider setting up Supabase Auth if you want to add user authentication
+- Set up automated backups for your database
+- Configure CORS settings if needed
+
+For more information, refer to the [Supabase documentation](https://supabase.com/docs). 

backend/add-user-id-migration.sql

@@ -0,0 +1,48 @@
+-- Migration to add user_id columns for user-specific data isolation
+-- Run this in your Supabase SQL Editor
+
+-- Add user_id column to stocks table
+ALTER TABLE stocks 
+ADD COLUMN IF NOT EXISTS user_id UUID REFERENCES auth.users(id) ON DELETE CASCADE;
+
+-- Add user_id column to watchlists table  
+ALTER TABLE watchlists 
+ADD COLUMN IF NOT EXISTS user_id UUID REFERENCES auth.users(id) ON DELETE CASCADE;
+
+-- Create indexes for better performance
+CREATE INDEX IF NOT EXISTS idx_stocks_user_id ON stocks(user_id);
+CREATE INDEX IF NOT EXISTS idx_watchlists_user_id ON watchlists(user_id);
+
+-- Add RLS (Row Level Security) policies
+-- Enable RLS on both tables
+ALTER TABLE stocks ENABLE ROW LEVEL SECURITY;
+ALTER TABLE watchlists ENABLE ROW LEVEL SECURITY;
+
+-- Create policy for stocks table - users can only see their own stocks
+CREATE POLICY "Users can view own stocks" ON stocks
+  FOR SELECT USING (auth.uid() = user_id);
+
+CREATE POLICY "Users can insert own stocks" ON stocks
+  FOR INSERT WITH CHECK (auth.uid() = user_id);
+
+CREATE POLICY "Users can update own stocks" ON stocks
+  FOR UPDATE USING (auth.uid() = user_id);
+
+CREATE POLICY "Users can delete own stocks" ON stocks
+  FOR DELETE USING (auth.uid() = user_id);
+
+-- Create policy for watchlists table - users can only see their own watchlist items
+CREATE POLICY "Users can view own watchlist" ON watchlists
+  FOR SELECT USING (auth.uid() = user_id);
+
+CREATE POLICY "Users can insert own watchlist items" ON watchlists
+  FOR INSERT WITH CHECK (auth.uid() = user_id);
+
+CREATE POLICY "Users can update own watchlist items" ON watchlists
+  FOR UPDATE USING (auth.uid() = user_id);
+
+CREATE POLICY "Users can delete own watchlist items" ON watchlists
+  FOR DELETE USING (auth.uid() = user_id);
+
+-- Note: After running this migration, existing data will have NULL user_id
+-- You may want to clean up existing data or assign it to a specific user 

backend/clean-database.js

@@ -0,0 +1,39 @@
+require('dotenv').config();
+const supabase = require('./src/config/supabase');
+
+async function cleanDatabase() {
+  try {
+    console.log('Cleaning database...');
+    
+    // Delete all records from stocks table
+    const { error: stocksError } = await supabase
+      .from('stocks')
+      .delete()
+      .neq('id', 0); // This will delete all records
+    
+    if (stocksError) {
+      console.error('Error deleting stocks:', stocksError);
+    } else {
+      console.log('Successfully deleted all stocks');
+    }
+    
+    // Delete all records from watchlists table
+    const { error: watchlistsError } = await supabase
+      .from('watchlists')
+      .delete()
+      .neq('id', 0); // This will delete all records
+    
+    if (watchlistsError) {
+      console.error('Error deleting watchlists:', watchlistsError);
+    } else {
+      console.log('Successfully deleted all watchlists');
+    }
+    
+    console.log('Database cleaning completed');
+  } catch (error) {
+    console.error('Error cleaning database:', error);
+  }
+}
+
+// Run the cleaning
+cleanDatabase(); 

backend/fix-rls-policies.sql

@@ -0,0 +1,43 @@
+-- Fix RLS policies to work with backend API authentication
+-- Run this in your Supabase SQL Editor
+
+-- Drop existing policies
+DROP POLICY IF EXISTS "Users can view own stocks" ON stocks;
+DROP POLICY IF EXISTS "Users can insert own stocks" ON stocks;
+DROP POLICY IF EXISTS "Users can update own stocks" ON stocks;
+DROP POLICY IF EXISTS "Users can delete own stocks" ON stocks;
+
+DROP POLICY IF EXISTS "Users can view own watchlist" ON watchlists;
+DROP POLICY IF EXISTS "Users can insert own watchlist items" ON watchlists;
+DROP POLICY IF EXISTS "Users can update own watchlist items" ON watchlists;
+DROP POLICY IF EXISTS "Users can delete own watchlist items" ON watchlists;
+
+-- Create new policies that work with backend API
+-- For stocks table
+CREATE POLICY "Users can view own stocks" ON stocks
+  FOR SELECT USING (user_id IS NOT NULL);
+
+CREATE POLICY "Users can insert own stocks" ON stocks
+  FOR INSERT WITH CHECK (user_id IS NOT NULL);
+
+CREATE POLICY "Users can update own stocks" ON stocks
+  FOR UPDATE USING (user_id IS NOT NULL);
+
+CREATE POLICY "Users can delete own stocks" ON stocks
+  FOR DELETE USING (user_id IS NOT NULL);
+
+-- For watchlists table
+CREATE POLICY "Users can view own watchlist" ON watchlists
+  FOR SELECT USING (user_id IS NOT NULL);
+
+CREATE POLICY "Users can insert own watchlist items" ON watchlists
+  FOR INSERT WITH CHECK (user_id IS NOT NULL);
+
+CREATE POLICY "Users can update own watchlist items" ON watchlists
+  FOR UPDATE USING (user_id IS NOT NULL);
+
+CREATE POLICY "Users can delete own watchlist items" ON watchlists
+  FOR DELETE USING (user_id IS NOT NULL);
+
+-- Note: This approach relies on the backend to properly set user_id
+-- The backend authentication middleware ensures only authenticated users can access the API 

backend/init-db.js

@@ -0,0 +1,33 @@
+require('dotenv').config();
+const supabase = require('./src/config/supabase');
+
+async function initializeDatabase() {
+  try {
+    console.log('Testing connection to Supabase...');
+    
+    // Test connection by fetching version
+    const { data, error } = await supabase.from('stocks').select('*').limit(1);
+    
+    if (error) {
+      console.error('Error connecting to Supabase:', error);
+      console.log('Please make sure:');
+      console.log('1. Your Supabase URL and API key are correct in .env');
+      console.log('2. You have created the "stocks" and "watchlists" tables in Supabase');
+      console.log('3. You have proper permissions set up');
+      process.exit(1);
+    }
+    
+    console.log('Successfully connected to Supabase!');
+    console.log('Tables should be created in the Supabase dashboard.');
+    console.log('Make sure you have the following tables:');
+    console.log('1. stocks - with columns: id, name, ticker, shares, buy_price, current_price, target_price, is_in_watchlist, last_updated');
+    console.log('2. watchlists - with columns: id, name, ticker, target_price, current_price, last_updated, created_at, updated_at');
+    
+  } catch (error) {
+    console.error('Error initializing database:', error);
+    process.exit(1);
+  }
+}
+
+// Run the initialization
+initializeDatabase(); 

backend/src/config/supabase.js

@@ -0,0 +1,16 @@
+const { createClient } = require('@supabase/supabase-js');
+require('dotenv').config();
+
+const SUPABASE_URL = process.env.SUPABASE_URL;
+const SUPABASE_KEY = process.env.SUPABASE_KEY;
+
+if (!SUPABASE_URL || !SUPABASE_KEY) {
+  console.warn('SUPABASE_URL or SUPABASE_KEY environment variables are not set. Some features will be limited.');
+}
+
+const supabase = createClient(
+  SUPABASE_URL || 'https://example.supabase.co',
+  SUPABASE_KEY || 'demo-key'
+);
+
+module.exports = supabase; 

backend/src/middleware/auth.js

@@ -0,0 +1,55 @@
+const { createClient } = require('@supabase/supabase-js');
+
+// Debug environment variables
+console.log('🔍 Auth Middleware Environment Check:', {
+  hasSupabaseUrl: !!process.env.SUPABASE_URL,
+  hasSupabaseKey: !!process.env.SUPABASE_KEY,
+  supabaseUrl: process.env.SUPABASE_URL ? 'Set' : 'Missing',
+  supabaseKey: process.env.SUPABASE_KEY ? 'Set' : 'Missing'
+});
+
+// Create Supabase client for auth verification
+const supabase = createClient(
+  process.env.SUPABASE_URL,
+  process.env.SUPABASE_KEY
+);
+
+const authenticateUser = async (req, res, next) => {
+  try {
+    console.log('🔍 Auth Middleware Debug:', {
+      url: req.url,
+      method: req.method,
+      hasAuthHeader: !!req.headers.authorization,
+      authHeaderPreview: req.headers.authorization ? `${req.headers.authorization.substring(0, 30)}...` : 'No header'
+    });
+
+    const authHeader = req.headers.authorization;
+    
+    if (!authHeader || !authHeader.startsWith('Bearer ')) {
+      console.log('❌ No valid auth header found');
+      return res.status(401).json({ error: 'No token provided' });
+    }
+
+    const token = authHeader.substring(7); // Remove 'Bearer ' prefix
+    console.log('🔑 Token extracted, length:', token.length);
+    
+    // Verify the JWT token with Supabase
+    const { data: { user }, error } = await supabase.auth.getUser(token);
+    
+    if (error || !user) {
+      console.error('❌ Token verification failed:', error);
+      return res.status(401).json({ error: 'Invalid token' });
+    }
+
+    console.log('✅ User authenticated:', user.id);
+    
+    // Add user to request object
+    req.user = user;
+    next();
+  } catch (error) {
+    console.error('❌ Auth middleware error:', error);
+    res.status(500).json({ error: 'Authentication failed' });
+  }
+};
+
+module.exports = { authenticateUser }; 

backend/supabase-schema.sql

@@ -0,0 +1,32 @@
+-- Create stocks table
+CREATE TABLE IF NOT EXISTS stocks (
+  id SERIAL PRIMARY KEY,
+  name TEXT NOT NULL,
+  ticker TEXT NOT NULL,
+  shares FLOAT NOT NULL DEFAULT 0,
+  buy_price FLOAT NOT NULL DEFAULT 0,
+  current_price FLOAT NOT NULL DEFAULT 0,
+  target_price FLOAT NOT NULL DEFAULT 0,
+  is_in_watchlist BOOLEAN NOT NULL DEFAULT false,
+  last_updated TIMESTAMP WITH TIME ZONE DEFAULT CURRENT_TIMESTAMP,
+  created_at TIMESTAMP WITH TIME ZONE DEFAULT CURRENT_TIMESTAMP,
+  updated_at TIMESTAMP WITH TIME ZONE DEFAULT CURRENT_TIMESTAMP
+);
+
+-- Create watchlists table
+CREATE TABLE IF NOT EXISTS watchlists (
+  id SERIAL PRIMARY KEY,
+  name TEXT NOT NULL,
+  ticker TEXT NOT NULL,
+  target_price DECIMAL(10, 2) NOT NULL,
+  current_price DECIMAL(10, 2),
+  last_updated TIMESTAMP WITH TIME ZONE,
+  created_at TIMESTAMP WITH TIME ZONE DEFAULT CURRENT_TIMESTAMP,
+  updated_at TIMESTAMP WITH TIME ZONE DEFAULT CURRENT_TIMESTAMP
+);
+
+-- Create indexes for better performance
+CREATE INDEX IF NOT EXISTS idx_stocks_ticker ON stocks(ticker);
+CREATE INDEX IF NOT EXISTS idx_watchlists_ticker ON watchlists(ticker);
+
+-- Note: Run this script in the Supabase SQL Editor