Backend Configuration

The Blogify backend is a FastAPI application that serves as a secure bridge between the Next.js frontend and the Supabase PostgreSQL database. It handles data persistence, business logic, and JWT verification.

Environment Setup

The backend requires several environment variables to communicate with Supabase and handle cross-origin requests. Create a .env file in the /backend directory based on the provided .env.example.

Required Variables

| Variable | Description | Source | | :--- | :--- | :--- | | SUPABASE_URL | Your Supabase project URL. | Project Settings > API | | SUPABASE_SERVICE_ROLE_KEY | The secret service role key for admin access. | Project Settings > API | | SUPABASE_JWT_SECRET | Used by the backend to verify user tokens. | Project Settings > API | | ALLOWED_ORIGINS | Comma-separated list of allowed frontend URLs. | e.g., http://localhost:3000 |

Security Note: Never commit your .env file. The SUPABASE_SERVICE_ROLE_KEY bypasses Row Level Security (RLS) and should only be used server-side.

Supabase Integration

The backend interacts with Supabase in two ways: through the Python client for database operations and via JWT verification for request authorization.

Database Configuration

The database.py file initializes the Supabase client using the service role key. This allows the FastAPI routers to perform CRUD operations on the posts and users tables.

# backend/APP/database.py
from supabase import create_client
from .config import settings

supabase = create_client(settings.SUPABASE_URL, settings.SUPABASE_SERVICE_ROLE_KEY)

Authentication Middleware

The backend validates the identity of the user by inspecting the Authorization header on protected routes. The auth.py module uses PyJWT and the SUPABASE_JWT_SECRET to decode the token sent by the Next.js frontend.

Usage in Routers: To protect a route, use the get_current_user dependency:

from fastapi import Depends
from .auth import get_current_user

@router.post("/posts")
async def create_new_post(current_user: dict = Depends(get_current_user)):
    # Only authenticated users can reach this block
    ...

CORS Settings

Since the frontend (Next.js) and backend (FastAPI) typically run on different ports or domains, Cross-Origin Resource Sharing (CORS) must be configured in main.py.

In development, you will usually allow http://localhost:3000. In production, you must update the ALLOWED_ORIGINS in your environment variables to match your Vercel deployment URL.

# backend/APP/main.py
app.add_middleware(
    CORSMiddleware,
    allow_origins=settings.ALLOWED_ORIGINS.split(","),
    allow_credentials=True,
    allow_methods=["*"],
    allow_headers=["*"],
)

Running the Backend

1. Install Dependencies

Ensure you have Python 3.9+ installed, then install the required packages:

cd backend
pip install -r requirements.txt

2. Start the Server

Run the FastAPI server using Uvicorn. By default, it will listen on port 8000.

uvicorn APP.main:app --reload

3. Verify Connection

Once started, you can access the interactive API documentation at:

• Swagger UI: http://127.0.0.1:8000/docs
• ReDoc: http://127.0.0.1:8000/redoc

Deployment Configuration

When deploying to platforms like Railway or Render:

1. Set the PORT environment variable (usually 8000).
2. Set ALLOWED_ORIGINS to your production frontend URL (e.g., https://your-blogify-app.vercel.app).
3. Ensure the start command points to the entry point: uvicorn APP.main:app --host 0.0.0.0 --port $PORT.