Show HN: Bknd – Firebase alternative that embeds into any React stack

Similar to Firebase it's multi-strategy based. You can use a combo of email/password or OAuth/OIDC (internally using https://github.com/panva/oauth4webapi) – currently there are 2 pre-configured (Google, Github), but it's easy to extend, so requests are welcome.

On the Authorization side, you can create roles and attach permissions to it. Those roles then get attached to users.

Claims are transported via JWT, you can configure its lifetime, secret and hashing. Currently it's stateless, meaning the token is not checked in a session store. But if there is demand, I'd prioritize adding this. I'm mainly exactly looking for feedback to prioritize next additions.

Hope this helps.

> (I haven't used a system like that. I'm intrigued by the idea of a backend that's just a database but it weirds me out not to have to write a layer that says who can read what. Exposing the database that nakedly feels super dangerous.)

In my (closed) product that exposes the database to the frontend, the "exposure" part has, effectively, row-level access control.[1]

[1] Also role-based using groups. I additionally mark the read-only queries as read-only and these are executed on a read-only replica.

Sources here if you ae curious: https://github.com/bknd-io/bknd/tree/main/app/src/auth

Core auth feature progress is tracked here: https://github.com/bknd-io/bknd/issues/6

Broken (missing) auth is pretty common with Firebase/Supabase. It's a developer mistake that could happen in any kind of back-end, but I think that traditional back-end frameworks usually have better conventions that make the mistake less likely.

Yeah, I've never understood this. I can't think of any operation where I wouldn't want some backend logic in between. Firebase rules don't cut it.

It does.. I know postgrest is like this though

I think the project is saying, in cases where you are deploying the Frontend with server side serving, then you can include this. Given projects like NextJS have a server side serving for react server-side-rendering and for APIs this project uses the server side to add additional services as mentioned in the post.

bknd would be the "backend part" of your application, managing the schema, exposing REST APIs to access it, secure it, handling media uploads.

The database (postgres, libsql, d1, etc.) is hosted as usual. Fullstack frameworks like Next.js, Remix, Astro, etc. would run bknd on the server side exclusively.

But I see the issue. I should've written "inside your fullstack app" – my bad!

Yes, e.g. you can fully host it on Cloudflare using Workers, D1 and R2. There is an example in the repo and CLI starter to get started quickly (`npx bknd create -i cloudflare`)

Yes it can, a lot of people just choose a React fullstack framework, and it integrates specifically well inside those – so it's just a focus. But it can also be deployed using Docker, Bun, Node or Cloudflare Workers. There's an integrated SDK for TypeScript, but since it's all just REST APIs, it'll work with any stack.

Not familiar with Zero, but it looks interesting, will check it out.

Thanks a lot Cam! :)