Firebase vs Supabase vs Convex
Firestore (NoSQL), PostgreSQL z RLS, reaktywny Convex, self-host PocketBase — jak wybrać BaaS dla projektu w 2024.
6 platform BaaS — porównanie
Firebase, Supabase, Convex, PocketBase, Appwrite i Nhost — baza danych, open-source, self-hosting, realtime i auth.
| Platforma | Baza danych | Open-source | Self-host | Realtime | Kiedy |
|---|---|---|---|---|---|
| Firebase | Firestore (NoSQL) | Nie | Nie | Tak (Native) | Google ecosystem, NoSQL, mobile |
| Supabase | PostgreSQL | Tak | Tak | Tak (Postgres) | SQL devs, RLS, open-source |
| Convex | Własna (reaktywna) | Nie | Nie | Tak (reactive) | TypeScript-native, reactive queries |
| PocketBase | SQLite | Tak | Tak | SSE | Self-host, single binary, small teams |
| Appwrite | MariaDB | Tak | Tak | Tak | Self-host, multi-platform, team permissions |
| Nhost | PostgreSQL (Hasura) | Tak | Tak | GraphQL subscriptions | GraphQL fans, Hasura ecosystem |
Często zadawane pytania
Co to jest BaaS (Backend as a Service) i dlaczego Firebase i Supabase dominują?
BaaS (Backend as a Service): gotowy backend dla frontendu. Auth, database, storage, realtime — bez własnego serwera. Cel: szybki prototyp, startup MVP, małe/średnie projekty. Firebase (Google, 2011 -> Google 2014): pierwszy masowy BaaS. NoSQL (Firestore), Realtime Database, Auth, Storage, Functions, Hosting, Analytics. Billion-dollar ecosystem. Supabase (2020): 'open-source Firebase alternative'. PostgreSQL jako baza. Row Level Security (RLS). REST i Realtime. Auth (GoTrue). Edge Functions (Deno). Storage (S3-compatible). Dlaczego te dwa dominują: Firebase — największa adopcja, Google Trust, Firebase Studio (2024). Supabase — PostgreSQL (SQL devs home), open-source, lepszy DX dla relacyjnych danych, pricing. Inne BaaS: Appwrite — open-source self-host. PocketBase — SQLite-based, self-host, single binary. Nhost — Hasura + Next.js. Convex — reactive queries, TypeScript-native. Pocketbase — minimal BaaS w Go. AWS Amplify — AWS ecosystem. Kiedy BaaS vs własny backend: BaaS: MVP, solo dev, startup speed. Własny: complex business logic, custom infra, cost at scale. Hybrid: BaaS + edge functions dla custom logic.
Firebase Firestore — model danych, zapytania i reguły bezpieczeństwa?
Firestore: document-oriented NoSQL baza. Kolekcje zawierają dokumenty. Dokumenty zawierają pola. Subcollections — zagnieżdżone kolekcje. Struktura: users/{userId}/orders/{orderId}. CRUD: addDoc(collection(db, 'users'), data). setDoc(doc(db, 'users', id), data). updateDoc. deleteDoc. getDoc, getDocs. Queries: query(collection(db, 'orders'), where('status', '==', 'active'), orderBy('createdAt', 'desc'), limit(10)). Composite indexes — automatyczne dla prostych. Złożone: firebase deploy --only firestore:indexes. Realtime listeners: onSnapshot(docRef, (doc) => {...}) — live updates. onSnapshot(query, (snapshot) => {...}). Real-time sync między klientami. Limits: 1 write per second per document. Max document size: 1MB. No full-text search (użyj Algolia/Typesense). Offline persistence: enableIndexedDbPersistence(db). Optimistic UI. Security Rules: match /users/{userId} {allow read, write: if request.auth.uid == userId}. match /posts/{postId} {allow read: if resource.data.published == true. allow write: if request.auth != null}. request.auth.token.email_verified. request.resource.data vs resource.data. Validation: allow create: if request.resource.data.title is string. Firebase SDK v9 (modular): tree-shakeable. import {doc, getDoc} from 'firebase/firestore'. React: react-firebase-hooks library. useDocumentData, useCollectionData. onAuthStateChanged.
Supabase — PostgreSQL, Row Level Security i Edge Functions?
Supabase database: managed PostgreSQL. Pełny SQL. Relacje, JOINy, indeksy, transakcje. supabase-js: const {data, error} = await supabase.from('users').select('*'). .eq('id', userId).single(). INSERT: supabase.from('posts').insert({title, content}). UPDATE: supabase.from('posts').update({title}).eq('id', id). DELETE: supabase.from('posts').delete().eq('id', id). Realtime: supabase.channel('posts').on('postgres_changes', {event: 'INSERT', schema: 'public', table: 'posts'}, payload => {...}).subscribe(). Row Level Security (RLS): PostgreSQL-native security. CREATE POLICY 'Users can view own profile' ON users USING (auth.uid() = id). auth.uid() — Supabase auth function. RLS per table, per operation (SELECT/INSERT/UPDATE/DELETE). Bez RLS wszystko publiczne (enable via supabase). Auth: supabase.auth.signUp({email, password}). signInWithPassword, signInWithOAuth, signOut. Session auto-refresh. SSR: createServerClient (supabase-ssr). Edge Functions: Deno runtime. supabase functions new my-function. serve(async (req) => new Response(JSON.stringify(data))). Integracja z database. Secrets: supabase secrets set MY_KEY=value. Storage: supabase.storage.from('avatars').upload(path, file). getPublicUrl(path). Transform images on-the-fly. Vector: pgvector extension — AI embeddings. supabase.rpc('match_documents', {query_embedding, match_count}). Supabase + Next.js: @supabase/ssr package. SSR-compatible auth. Server Components support.
Firebase Auth vs Supabase Auth vs Clerk — wybór systemu autentykacji?
Firebase Auth: email/password, Google, Apple, Facebook, GitHub, phone (SMS). Custom tokens. Anonymous auth. Multi-factor (TOTP w Firebase v9). createUserWithEmailAndPassword, signInWithEmailAndPassword. onAuthStateChanged — user state. ID tokens (JWT). Supabase Auth (GoTrue): email/password, magic link, OTP, OAuth providers. Phone auth (Twilio). supabase.auth.signUp, signIn, signInWithOAuth. getSession(), getUser(). JWT customization. Hooks: send_email hook. RLS integracja przez auth.uid(). Clerk: hosted auth UI components. Pre-built: SignIn, SignUp, UserButton, UserProfile. Organizations + multi-tenant. Webhooks, metadata. RBAC wbudowane. Integracja Next.js: ClerkProvider, useUser(), useAuth(). clerkMiddleware. Bez wbudowanego database — używaj z własnym backendem. Auth0/Okta: enterprise. SSO, SAML, compliance. Drogi. Better-Auth: nowa (2024), open-source, framework-agnostic. Plugins: 2FA, organization, passkey. Kiedy co: Firebase Auth — Firebase ecosystem. Supabase Auth — Supabase database z RLS. Clerk — szybkie UI, organizacje, Next.js DX. Auth.js (NextAuth) — własna kontrola, custom adapters. Shared considerations: email deliverability (własny SMTP). Social providers (app credentials). Token expiry, refresh strategy.
Convex i PocketBase — nowe podejście do BaaS w 2024?
Convex: reactive backend TypeScript-native (2022). Funkcje zamiast REST API. const messages = useQuery(api.messages.list). useMutation(api.messages.send). Reactive: auto-update gdy data się zmienia. Bez WebSocket management. Schema: defineTable({text: v.string(), author: v.id('users')}). Validator (v.string, v.number, v.id, v.array). Type-safe end-to-end (TypeScript przez wszystko). Scheduled jobs: internalMutation + scheduler.runAfter. Search: ctx.db.query('messages').withSearchIndex('by_text', q => q.search('text', query)). Convex vs Firebase vs Supabase: Convex — reactive, TypeScript-first, funkcje. Firebase — dojrzały ekosystem, NoSQL. Supabase — PostgreSQL, SQL devs. PocketBase: open-source, single binary (Go). SQLite database. Embedded admin UI. REST API automatyczny. Realtime via SSE. Auth built-in. Self-host: ./pocketbase serve. Idealny dla: hobbist projects, small teams, self-hosted. PocketBase + React: pocketbase npm package. pb.collection('posts').getFullList(). pb.authStore. Appwrite: open-source (PHP, 2019). Multi-platform SDK. Team/permissions system. Functions (různé runtimes). Self-host lub Cloud. Nhost: Hasura (GraphQL) + PostgreSQL + Auth + Storage. GraphQL jako API layer. GitHub Actions deployment. Kiedy self-host BaaS: data residency wymagania. Cost control at scale. Full customization. Privacy regulations (GDPR).
Powiązane artykuły
Skontaktuj się z nami
Porozmawiajmy o Twoim projekcie. Bezpłatna wycena w ciągu 24 godzin.
Wyślij zapytanie
Telefon
+48 790 814 814
Pon-Pt: 9:00 - 18:00
adam@fotz.pl
Odpowiadamy w ciągu 24h
Adres
Plac Wolności 16
61-739 Poznań
Godziny pracy
Wolisz porozmawiać?
Zadzwoń teraz i porozmawiaj z naszym specjalistą o Twoim projekcie.
Zadzwoń teraz