@supabase/server 0.1.0-alpha.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Supabase
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,305 @@
+# @supabase/server
+
+[![License](https://img.shields.io/npm/l/nx.svg?style=flat-square)](./LICENSE)
+[![Package](https://img.shields.io/npm/v/@supabase/server)](https://www.npmjs.com/package/@supabase/server)
+[![pkg.pr.new](https://pkg.pr.new/badge/supabase/server)](https://pkg.pr.new/~/supabase/server)
+
+Server-side utilities for Supabase. Handles auth, client creation, and context injection so you write business logic, not boilerplate.
+
+```ts
+import { withSupabase } from '@supabase/server'
+
+export default {
+  fetch: withSupabase({ allow: 'user' }, async (_req, ctx) => {
+    const { data } = await ctx.supabase.from('todos').select()
+    return Response.json(data)
+  }),
+}
+```
+
+One import. One line of config. Auth is validated, clients are scoped, CORS is handled. Your handler only runs on successful auth.
+
+## Installation
+
+```bash
+# Deno
+import { withSupabase } from "npm:@supabase/server";
+
+# npm
+pnpm add @supabase/server
+```
+
+## Quick Start
+
+### Authenticated endpoint
+
+```ts
+export default {
+  fetch: withSupabase({ allow: 'user' }, async (_req, ctx) => {
+    // ctx.supabase — RLS-scoped to the authenticated user
+    // ctx.supabaseAdmin — bypasses RLS (service role)
+    // ctx.userClaims — user identity from JWT (id, email, role)
+    // ctx.claims — JWT claims
+    // ctx.authType — which auth mode matched
+
+    const { data } = await ctx.supabase.from('todos').select()
+    return Response.json(data)
+  }),
+}
+```
+
+### Public endpoint (no auth)
+
+```ts
+export default {
+  fetch: withSupabase({ allow: 'always' }, async (_req, _ctx) => {
+    return Response.json({ status: 'ok' })
+  }),
+}
+```
+
+### API key protected
+
+```ts
+export default {
+  fetch: withSupabase({ allow: 'secret' }, async (_req, ctx) => {
+    const { data } = await ctx.supabaseAdmin.from('config').select()
+    return Response.json(data)
+  }),
+}
+```
+
+### Dual auth (user or service)
+
+```ts
+export default {
+  fetch: withSupabase({ allow: ['user', 'secret'] }, async (req, ctx) => {
+    const userId = ctx.userClaims?.id ?? (await req.json()).user_id
+    const { data } = await ctx.supabaseAdmin
+      .from('reports')
+      .select()
+      .eq('user_id', userId)
+    return Response.json(data)
+  }),
+}
+```
+
+## Auth Modes
+
+| Mode               | Credential            | Use case                                            |
+| ------------------ | --------------------- | --------------------------------------------------- |
+| `"user"` (default) | Valid JWT             | Authenticated user endpoints                        |
+| `"public"`         | Valid publishable key | Client-facing, key-validated endpoints              |
+| `"secret"`         | Valid secret key      | Server-to-server, internal calls                    |
+| `"always"`         | None                  | Open endpoints, wrappers that handle their own auth |
+
+Array syntax (`allow: ["user", "secret"]`) accepts multiple auth methods — first match wins.
+
+Named key validation: `allow: "public:web_app"` validates against a specific named key in `SUPABASE_PUBLISHABLE_KEYS`.
+
+## Context
+
+Every handler receives a `SupabaseContext`:
+
+```ts
+interface SupabaseContext {
+  supabase: SupabaseClient // RLS-scoped (user or anon depending on auth)
+  supabaseAdmin: SupabaseClient // Bypasses RLS
+  userClaims: UserClaims | null // JWT-derived identity (for full User, call supabase.auth.getUser())
+  claims: JWTClaims | null // Present when auth is JWT
+  authType: Allow // Which auth mode matched
+}
+```
+
+`supabase` is always the safe client — it respects RLS. When `authType` is `"user"`, it's scoped to that user's permissions. Otherwise, it's initialized as anonymous.
+
+`supabaseAdmin` always bypasses RLS. Use it for operations that need full database access.
+
+## Config
+
+```ts
+withSupabase(
+  {
+    allow: 'user', // who can call this function
+    cors: false, // disable CORS (default: supabase-js CORS headers)
+    env: { url: '...' }, // env overrides (optional)
+  },
+  handler,
+)
+```
+
+`cors` defaults to the standard [supabase-js CORS headers](https://supabase.com/docs/guides/functions/cors). Pass a `Record<string, string>` to set custom headers, or `false` to disable CORS handling (e.g. when using a framework that handles CORS separately).
+
+```ts
+withSupabase(
+  {
+    allow: 'user',
+    cors: {
+      'Access-Control-Allow-Origin': 'https://myapp.com',
+      'Access-Control-Allow-Headers': 'authorization, content-type',
+    },
+  },
+  handler,
+)
+```
+
+`env` overrides environment variable resolution. Defaults to reading `SUPABASE_URL`, `SUPABASE_PUBLISHABLE_KEYS`, `SUPABASE_SECRET_KEYS`, and `SUPABASE_JWKS` from the runtime environment.
+
+## Framework Adapters
+
+### Hono
+
+```ts
+import { Hono } from 'hono'
+import { withSupabase } from '@supabase/server/adapters/hono'
+
+const app = new Hono()
+
+app.get('/todos', withSupabase({ allow: 'user' }), async (c) => {
+  const { supabase: sb } = c.var.supabaseContext
+  const { data } = await sb.from('todos').select()
+  return c.json(data)
+})
+
+app.get('/health', (c) => c.json({ status: 'ok' }))
+
+export default { fetch: app.fetch }
+```
+
+The adapter does not handle CORS — use `hono/cors` for that. Per-route auth works naturally by applying the middleware to specific routes.
+
+## Primitives
+
+For when you need more control than `withSupabase` provides — multiple routes with different auth, custom response headers, or building your own wrapper.
+
+All primitives are available from `@supabase/server/core`.
+
+```ts
+import {
+  verifyAuth,
+  createContextClient,
+  createAdminClient,
+} from '@supabase/server/core'
+```
+
+### verifyAuth
+
+Extracts credentials from a Request and validates against the allow config.
+
+```ts
+const { data: auth, error } = await verifyAuth(req, { allow: 'user' })
+if (error) {
+  return Response.json({ error: error.message }, { status: error.status })
+}
+```
+
+### verifyCredentials
+
+Low-level — works with raw credentials instead of a Request. Used by SSR adapters and custom auth flows.
+
+```ts
+const credentials = { token: myToken, apikey: null }
+const { data: auth, error } = await verifyCredentials(credentials, {
+  allow: 'user',
+})
+```
+
+### createContextClient / createAdminClient
+
+```ts
+const supabase = createContextClient(auth.token) // user-scoped, RLS applies
+const supabase = createContextClient() // anonymous, RLS as anon
+const supabaseAdmin = createAdminClient() // bypasses RLS
+```
+
+### createSupabaseContext
+
+Full context assembly from a Request — `verifyAuth` + client creation in one call.
+
+```ts
+const { data: ctx, error } = await createSupabaseContext(req, { allow: 'user' })
+```
+
+### resolveEnv
+
+Resolves environment variables with optional overrides.
+
+```ts
+const { data: env, error } = resolveEnv({
+  url: process.env.NEXT_PUBLIC_SUPABASE_URL,
+})
+```
+
+### Example: custom multi-route handler
+
+```ts
+import { verifyAuth, createContextClient } from '@supabase/server/core'
+
+export default {
+  fetch: async (req) => {
+    const url = new URL(req.url)
+
+    if (url.pathname === '/health') {
+      return Response.json({ status: 'ok' })
+    }
+
+    if (url.pathname === '/todos') {
+      const { data: auth, error } = await verifyAuth(req, { allow: 'user' })
+      if (error)
+        return Response.json({ error: error.message }, { status: error.status })
+
+      const supabase = createContextClient(auth.token)
+      const { data } = await supabase.from('todos').select()
+      return Response.json(data)
+    }
+
+    return new Response('Not found', { status: 404 })
+  },
+}
+```
+
+## Environment Variables
+
+Automatically available in Supabase Edge Functions:
+
+| Variable                    | Format                                                        | Description                           |
+| --------------------------- | ------------------------------------------------------------- | ------------------------------------- |
+| `SUPABASE_URL`              | `https://<ref>.supabase.co`                                   | Your project URL                      |
+| `SUPABASE_PUBLISHABLE_KEYS` | `{"default":"sb_publishable_...","web":"sb_publishable_..."}` | Publishable API keys (named)          |
+| `SUPABASE_SECRET_KEYS`      | `{"default":"sb_secret_...","web":"sb_secret_..."}`           | Secret API keys (named)               |
+| `SUPABASE_JWKS`             | `{"keys":[...]}` or `[...]`                                   | JSON Web Key Set for JWT verification |
+
+Also supported (for local dev, self-hosted, or other runtimes):
+
+| Variable                   | Format               | Description            |
+| -------------------------- | -------------------- | ---------------------- |
+| `SUPABASE_PUBLISHABLE_KEY` | `sb_publishable_...` | Single publishable key |
+| `SUPABASE_SECRET_KEY`      | `sb_secret_...`      | Single secret key      |
+
+When both singular and plural forms are set, plural takes priority.
+
+For other environments, pass overrides via the `env` config option or `resolveEnv()`.
+
+## Exports
+
+| Export                           | What's in it                                                                                                      |
+| -------------------------------- | ----------------------------------------------------------------------------------------------------------------- |
+| `@supabase/server`               | `withSupabase`, `createSupabaseContext`                                                                           |
+| `@supabase/server/core`          | `verifyAuth`, `verifyCredentials`, `extractCredentials`, `createContextClient`, `createAdminClient`, `resolveEnv` |
+| `@supabase/server/wrappers`      | `verifyWebhookSignature`                                                                                          |
+| `@supabase/server/adapters/hono` | `withSupabase` (Hono middleware)                                                                                  |
+
+## Development
+
+```bash
+pnpm install
+pnpm dev
+```
+
+## Contributing
+
+See [CONTRIBUTING.md](CONTRIBUTING.md) for development workflow, commit conventions, and release process.
+
+## License
+
+MIT

package/dist/adapters/hono/index.cjs

@@ -0,0 +1,24 @@
+Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
+const require_create_supabase_context = require('../../create-supabase-context-DNWor6i_.cjs');
+let hono_http_exception = require("hono/http-exception");
+let hono_factory = require("hono/factory");
+
+//#region src/adapters/hono/middleware.ts
+function withSupabase(config) {
+	return (0, hono_factory.createMiddleware)(async (c, next) => {
+		if (c.var.supabaseContext) {
+			await next();
+			return;
+		}
+		const { data: ctx, error } = await require_create_supabase_context.createSupabaseContext(c.req.raw, config);
+		if (error) throw new hono_http_exception.HTTPException(error.status, {
+			message: error.message,
+			cause: error
+		});
+		c.set("supabaseContext", ctx);
+		await next();
+	});
+}
+
+//#endregion
+exports.withSupabase = withSupabase;

package/dist/adapters/hono/index.d.cts

@@ -0,0 +1,11 @@
+import { l as WithSupabaseConfig, o as SupabaseContext } from "../../types-DNh3Z1O1.cjs";
+import * as hono_types0 from "hono/types";
+
+//#region src/adapters/hono/middleware.d.ts
+declare function withSupabase(config?: Omit<WithSupabaseConfig, 'cors'>): hono_types0.MiddlewareHandler<{
+  Variables: {
+    supabaseContext: SupabaseContext;
+  };
+}, string, {}, Response>;
+//#endregion
+export { withSupabase };

package/dist/adapters/hono/index.d.mts

@@ -0,0 +1,11 @@
+import { l as WithSupabaseConfig, o as SupabaseContext } from "../../types-BLM5-qA8.mjs";
+import * as hono_types0 from "hono/types";
+
+//#region src/adapters/hono/middleware.d.ts
+declare function withSupabase(config?: Omit<WithSupabaseConfig, 'cors'>): hono_types0.MiddlewareHandler<{
+  Variables: {
+    supabaseContext: SupabaseContext;
+  };
+}, string, {}, Response>;
+//#endregion
+export { withSupabase };

package/dist/adapters/hono/index.mjs

@@ -0,0 +1,23 @@
+import { t as createSupabaseContext } from "../../create-supabase-context-BrSIe29v.mjs";
+import { HTTPException } from "hono/http-exception";
+import { createMiddleware } from "hono/factory";
+
+//#region src/adapters/hono/middleware.ts
+function withSupabase(config) {
+	return createMiddleware(async (c, next) => {
+		if (c.var.supabaseContext) {
+			await next();
+			return;
+		}
+		const { data: ctx, error } = await createSupabaseContext(c.req.raw, config);
+		if (error) throw new HTTPException(error.status, {
+			message: error.message,
+			cause: error
+		});
+		c.set("supabaseContext", ctx);
+		await next();
+	});
+}
+
+//#endregion
+export { withSupabase };

package/dist/core/index.cjs

@@ -0,0 +1,9 @@
+Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
+const require_verify_auth = require('../verify-auth-6a1UPrFz.cjs');
+
+exports.createAdminClient = require_verify_auth.createAdminClient;
+exports.createContextClient = require_verify_auth.createContextClient;
+exports.extractCredentials = require_verify_auth.extractCredentials;
+exports.resolveEnv = require_verify_auth.resolveEnv;
+exports.verifyAuth = require_verify_auth.verifyAuth;
+exports.verifyCredentials = require_verify_auth.verifyCredentials;

package/dist/core/index.d.cts

@@ -0,0 +1,3 @@
+import "../types-DNh3Z1O1.cjs";
+import { a as extractCredentials, i as verifyCredentials, n as createContextClient, o as resolveEnv, r as verifyAuth, t as createAdminClient } from "../create-admin-client-BZ_3qcxI.cjs";
+export { createAdminClient, createContextClient, extractCredentials, resolveEnv, verifyAuth, verifyCredentials };

package/dist/core/index.d.mts

@@ -0,0 +1,3 @@
+import "../types-BLM5-qA8.mjs";
+import { a as extractCredentials, i as verifyCredentials, n as createContextClient, o as resolveEnv, r as verifyAuth, t as createAdminClient } from "../create-admin-client-CSX-Q_Fv.mjs";
+export { createAdminClient, createContextClient, extractCredentials, resolveEnv, verifyAuth, verifyCredentials };

package/dist/core/index.mjs

@@ -0,0 +1,3 @@
+import { a as createAdminClient, i as createContextClient, n as verifyCredentials, o as resolveEnv, r as extractCredentials, t as verifyAuth } from "../verify-auth-DxUT0XoT.mjs";
+
+export { createAdminClient, createContextClient, extractCredentials, resolveEnv, verifyAuth, verifyCredentials };

package/dist/create-admin-client-BZ_3qcxI.d.cts

@@ -0,0 +1,60 @@
+import { i as Credentials, n as AllowWithKey, r as AuthResult, s as SupabaseEnv } from "./types-DNh3Z1O1.cjs";
+import { SupabaseClient } from "@supabase/supabase-js";
+
+//#region src/errors.d.ts
+declare class EnvError extends Error {
+  readonly status = 500;
+  readonly code: string;
+  constructor(message: string, code?: string);
+}
+declare class AuthError extends Error {
+  readonly status: number;
+  readonly code: string;
+  constructor(message: string, code?: string, status?: number);
+}
+//#endregion
+//#region src/core/resolve-env.d.ts
+declare function resolveEnv(overrides?: Partial<SupabaseEnv>): {
+  data: SupabaseEnv;
+  error: null;
+} | {
+  data: null;
+  error: EnvError;
+};
+//#endregion
+//#region src/core/extract-credentials.d.ts
+declare function extractCredentials(request: Request): Credentials;
+//#endregion
+//#region src/core/verify-credentials.d.ts
+interface VerifyCredentialsOptions {
+  allow: AllowWithKey | AllowWithKey[];
+  env?: Partial<SupabaseEnv>;
+}
+declare function verifyCredentials(credentials: Credentials, options: VerifyCredentialsOptions): Promise<{
+  data: AuthResult;
+  error: null;
+} | {
+  data: null;
+  error: AuthError;
+}>;
+//#endregion
+//#region src/core/verify-auth.d.ts
+interface VerifyAuthOptions {
+  allow: AllowWithKey | AllowWithKey[];
+  env?: Partial<SupabaseEnv>;
+}
+declare function verifyAuth(request: Request, options: VerifyAuthOptions): Promise<{
+  data: AuthResult;
+  error: null;
+} | {
+  data: null;
+  error: AuthError;
+}>;
+//#endregion
+//#region src/core/create-context-client.d.ts
+declare function createContextClient(token?: string | null, env?: Partial<SupabaseEnv>, keyName?: string | null): SupabaseClient;
+//#endregion
+//#region src/core/create-admin-client.d.ts
+declare function createAdminClient(env?: Partial<SupabaseEnv>, keyName?: string | null): SupabaseClient;
+//#endregion
+export { extractCredentials as a, EnvError as c, verifyCredentials as i, createContextClient as n, resolveEnv as o, verifyAuth as r, AuthError as s, createAdminClient as t };

package/dist/create-admin-client-CSX-Q_Fv.d.mts

@@ -0,0 +1,60 @@
+import { i as Credentials, n as AllowWithKey, r as AuthResult, s as SupabaseEnv } from "./types-BLM5-qA8.mjs";
+import { SupabaseClient } from "@supabase/supabase-js";
+
+//#region src/errors.d.ts
+declare class EnvError extends Error {
+  readonly status = 500;
+  readonly code: string;
+  constructor(message: string, code?: string);
+}
+declare class AuthError extends Error {
+  readonly status: number;
+  readonly code: string;
+  constructor(message: string, code?: string, status?: number);
+}
+//#endregion
+//#region src/core/resolve-env.d.ts
+declare function resolveEnv(overrides?: Partial<SupabaseEnv>): {
+  data: SupabaseEnv;
+  error: null;
+} | {
+  data: null;
+  error: EnvError;
+};
+//#endregion
+//#region src/core/extract-credentials.d.ts
+declare function extractCredentials(request: Request): Credentials;
+//#endregion
+//#region src/core/verify-credentials.d.ts
+interface VerifyCredentialsOptions {
+  allow: AllowWithKey | AllowWithKey[];
+  env?: Partial<SupabaseEnv>;
+}
+declare function verifyCredentials(credentials: Credentials, options: VerifyCredentialsOptions): Promise<{
+  data: AuthResult;
+  error: null;
+} | {
+  data: null;
+  error: AuthError;
+}>;
+//#endregion
+//#region src/core/verify-auth.d.ts
+interface VerifyAuthOptions {
+  allow: AllowWithKey | AllowWithKey[];
+  env?: Partial<SupabaseEnv>;
+}
+declare function verifyAuth(request: Request, options: VerifyAuthOptions): Promise<{
+  data: AuthResult;
+  error: null;
+} | {
+  data: null;
+  error: AuthError;
+}>;
+//#endregion
+//#region src/core/create-context-client.d.ts
+declare function createContextClient(token?: string | null, env?: Partial<SupabaseEnv>, keyName?: string | null): SupabaseClient;
+//#endregion
+//#region src/core/create-admin-client.d.ts
+declare function createAdminClient(env?: Partial<SupabaseEnv>, keyName?: string | null): SupabaseClient;
+//#endregion
+export { extractCredentials as a, EnvError as c, verifyCredentials as i, createContextClient as n, resolveEnv as o, verifyAuth as r, AuthError as s, createAdminClient as t };

package/dist/create-supabase-context-BrSIe29v.mjs

@@ -0,0 +1,35 @@
+import { a as createAdminClient, c as EnvError, i as createContextClient, s as AuthError, t as verifyAuth } from "./verify-auth-DxUT0XoT.mjs";
+
+//#region src/create-supabase-context.ts
+async function createSupabaseContext(request, options) {
+	const { data: auth, error } = await verifyAuth(request, {
+		allow: options?.allow ?? "user",
+		env: options?.env
+	});
+	if (error) return {
+		data: null,
+		error
+	};
+	try {
+		const supabase = createContextClient(auth.token, options?.env, auth.keyName);
+		const adminKeyName = auth.authType === "secret" ? auth.keyName : void 0;
+		return {
+			data: {
+				supabase,
+				supabaseAdmin: createAdminClient(options?.env, adminKeyName),
+				userClaims: auth.userClaims,
+				claims: auth.claims,
+				authType: auth.authType
+			},
+			error: null
+		};
+	} catch (e) {
+		return {
+			data: null,
+			error: e instanceof EnvError ? new AuthError(e.message, e.code, 500) : new AuthError("Failed to create Supabase client", "CLIENT_ERROR", 500)
+		};
+	}
+}
+
+//#endregion
+export { createSupabaseContext as t };

package/dist/create-supabase-context-DNWor6i_.cjs

@@ -0,0 +1,40 @@
+const require_verify_auth = require('./verify-auth-6a1UPrFz.cjs');
+
+//#region src/create-supabase-context.ts
+async function createSupabaseContext(request, options) {
+	const { data: auth, error } = await require_verify_auth.verifyAuth(request, {
+		allow: options?.allow ?? "user",
+		env: options?.env
+	});
+	if (error) return {
+		data: null,
+		error
+	};
+	try {
+		const supabase = require_verify_auth.createContextClient(auth.token, options?.env, auth.keyName);
+		const adminKeyName = auth.authType === "secret" ? auth.keyName : void 0;
+		return {
+			data: {
+				supabase,
+				supabaseAdmin: require_verify_auth.createAdminClient(options?.env, adminKeyName),
+				userClaims: auth.userClaims,
+				claims: auth.claims,
+				authType: auth.authType
+			},
+			error: null
+		};
+	} catch (e) {
+		return {
+			data: null,
+			error: e instanceof require_verify_auth.EnvError ? new require_verify_auth.AuthError(e.message, e.code, 500) : new require_verify_auth.AuthError("Failed to create Supabase client", "CLIENT_ERROR", 500)
+		};
+	}
+}
+
+//#endregion
+Object.defineProperty(exports, 'createSupabaseContext', {
+  enumerable: true,
+  get: function () {
+    return createSupabaseContext;
+  }
+});

package/dist/index.cjs

@@ -0,0 +1,52 @@
+Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
+const require_verify_auth = require('./verify-auth-6a1UPrFz.cjs');
+const require_create_supabase_context = require('./create-supabase-context-DNWor6i_.cjs');
+let _supabase_supabase_js_cors = require("@supabase/supabase-js/cors");
+
+//#region src/cors.ts
+function buildCorsHeaders(config) {
+	if (config === false) return {};
+	if (typeof config === "object") return config;
+	return _supabase_supabase_js_cors.corsHeaders;
+}
+function addCorsHeaders(response, config) {
+	if (config === false) return response;
+	const corsHeaders = buildCorsHeaders(config);
+	const newResponse = new Response(response.body, response);
+	for (const [key, value] of Object.entries(corsHeaders)) newResponse.headers.set(key, value);
+	return newResponse;
+}
+
+//#endregion
+//#region src/with-supabase.ts
+function withSupabase(config, handler) {
+	return async (req) => {
+		if (config.cors !== false && req.method === "OPTIONS") return new Response(null, {
+			status: 204,
+			headers: buildCorsHeaders(config.cors)
+		});
+		const { data: ctx, error } = await require_create_supabase_context.createSupabaseContext(req, config);
+		if (error) return Response.json({
+			error: error.message,
+			code: error.code
+		}, {
+			status: error.status,
+			headers: config.cors !== false ? buildCorsHeaders(config.cors) : {}
+		});
+		const response = await handler(req, ctx);
+		if (config.cors !== false) return addCorsHeaders(response, config.cors);
+		return response;
+	};
+}
+
+//#endregion
+exports.AuthError = require_verify_auth.AuthError;
+exports.EnvError = require_verify_auth.EnvError;
+exports.createAdminClient = require_verify_auth.createAdminClient;
+exports.createContextClient = require_verify_auth.createContextClient;
+exports.createSupabaseContext = require_create_supabase_context.createSupabaseContext;
+exports.extractCredentials = require_verify_auth.extractCredentials;
+exports.resolveEnv = require_verify_auth.resolveEnv;
+exports.verifyAuth = require_verify_auth.verifyAuth;
+exports.verifyCredentials = require_verify_auth.verifyCredentials;
+exports.withSupabase = withSupabase;