chore: update versions (#2571)

This PR was opened by the [Changesets
release](https://github.com/changesets/action) GitHub action. When
you're ready to do a release, you can merge this and the packages will
be published to npm automatically. If you're not ready to do a release
yet, that's fine, whenever you add more changesets to main, this PR will
be updated.


# Releases
## @nhost/apollo@6.0.8

### Patch Changes

-   @nhost/nhost-js@3.0.8

## @nhost/react-apollo@9.0.3

### Patch Changes

-   @nhost/apollo@6.0.8
-   @nhost/react@3.2.3

## @nhost/react-urql@6.0.3

### Patch Changes

-   @nhost/react@3.2.3

## @nhost/graphql-js@0.1.8

### Patch Changes

- 407feea: fix: replace `jwt-decode` with `jose` to decode access tokens
in a non browser environment

## @nhost/nextjs@2.1.5

### Patch Changes

-   @nhost/react@3.2.3

## @nhost/nhost-js@3.0.8

### Patch Changes

-   Updated dependencies [407feea]
    -   @nhost/graphql-js@0.1.8

## @nhost/react@3.2.3

### Patch Changes

-   @nhost/nhost-js@3.0.8

## @nhost/vue@2.2.3

### Patch Changes

-   @nhost/nhost-js@3.0.8

## @nhost/dashboard@1.8.3

### Patch Changes

-   @nhost/react-apollo@9.0.3
-   @nhost/nextjs@2.1.5

## @nhost-examples/cli@0.1.9

### Patch Changes

-   @nhost/nhost-js@3.0.8

## @nhost-examples/codegen-react-apollo@0.1.17

### Patch Changes

-   @nhost/react@3.2.3
-   @nhost/react-apollo@9.0.3

## @nhost-examples/codegen-react-query@0.1.18

### Patch Changes

-   @nhost/react@3.2.3

## @nhost-examples/codegen-react-urql@0.0.14

### Patch Changes

-   @nhost/react@3.2.3
-   @nhost/react-urql@6.0.3

## @nhost-examples/multi-tenant-one-to-many@2.0.7

### Patch Changes

-   @nhost/nhost-js@3.0.8

## @nhost-examples/nextjs@0.1.19

### Patch Changes

-   @nhost/react@3.2.3
-   @nhost/react-apollo@9.0.3
-   @nhost/nextjs@2.1.5

## @nhost-examples/node-storage@0.0.11

### Patch Changes

-   @nhost/nhost-js@3.0.8

## @nhost-examples/nextjs-server-components@0.2.5

### Patch Changes

-   @nhost/nhost-js@3.0.8

## @nhost-examples/react-apollo@0.3.3

### Patch Changes

-   @nhost/react@3.2.3
-   @nhost/react-apollo@9.0.3

## @nhost-examples/react-gqty@1.0.7

### Patch Changes

-   @nhost/react@3.2.3

## @nhost-examples/vue-apollo@0.2.4

### Patch Changes

-   @nhost/nhost-js@3.0.8
-   @nhost/apollo@6.0.8
-   @nhost/vue@2.2.3

## @nhost-examples/vue-quickstart@0.0.16

### Patch Changes

-   @nhost/apollo@6.0.8
-   @nhost/vue@2.2.3

Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>

.github/workflows/gen_schedule_update_deps.yaml

@@ -0,0 +1,82 @@
+---
+name: "gen: update depenendencies"
+on:
+  schedule:
+    - cron: '0 2 1 * *'
+
+jobs:
+  run:
+    runs-on: ubuntu-latest
+
+    permissions:
+      id-token: write
+      contents: write
+      pull-requests: write
+
+    steps:
+    - name: Check out repository
+      uses: actions/checkout@v4
+      with:
+        fetch-depth: 0
+
+    - name: Configure aws
+      uses: aws-actions/configure-aws-credentials@v4
+      with:
+        role-to-assume: arn:aws:iam::${{ secrets.AWS_PRODUCTION_CORE_ACCOUNT_ID }}:role/github-actions-nhost-be
+        aws-region: eu-central-1
+
+    - uses: nixbuild/nix-quick-install-action@v26
+      with:
+        nix_version: 2.16.2
+        nix_conf: |
+          experimental-features = nix-command flakes
+          sandbox = false
+          access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
+          substituters = https://cache.nixos.org/?priority=40 s3://nhost-nix-cache?region=eu-central-1&priority=50
+          trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= ${{ secrets.NIX_CACHE_PUB_KEY }}
+
+    - name: Cache nix store
+      uses: actions/cache@v4
+      with:
+        path: /nix
+        key: nix-update-deps-${{ hashFiles('flakes.nix', 'flake.lock') }}
+
+    - name: Update nix flakes
+      run: nix flake update
+
+    - name: Update dependencies
+      run: |
+        nix develop -c bash -c "
+          pnpm dedupe
+          pnpm update -r
+          pnpm dedupe
+        "
+
+    - name: Create Pull Request
+      uses: peter-evans/create-pull-request@v6
+      with:
+        token: ${{ secrets.GITHUB_TOKEN }}
+        commit-message: Update dependencies
+        committer: GitHub <noreply@github.com>
+        author: ${{ github.actor }} <${{ github.actor }}@users.noreply.github.com>
+        signoff: false
+        branch: automated/update-deps
+        delete-branch: true
+        title: '[Scheduled] Update dependencies'
+        body: |
+          Dependencies updated
+
+          Note - If you see this PR and the checks haven't run, close and reopen the PR. See https://github.com/peter-evans/create-pull-request/blob/main/docs/concepts-guidelines.md#triggering-further-workflow-runs
+        labels: |
+          dependencies
+        draft: false
+
+    - name: "Cache nix store on s3"
+      run: |
+        echo ${{ secrets.NIX_CACHE_PRIV_KEY }} > cache-priv-key.pem
+        nix build .\#devShells.x86_64-linux.default
+        nix store sign --key-file cache-priv-key.pem --all
+        nix copy --to s3://nhost-nix-cache\?region=eu-central-1 .\#devShells.x86_64-linux.default
+
+    - run: rm cache-priv-key.pem
+      if: always()

SECURITY.md

@@ -0,0 +1,7 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+At Nhost, we take security vulnerabilities seriously and appreciate the assistance of the community in bringing any issues to our attention. If you discover a security vulnerability, please use the GitHub Security Advisory ["Report a Vulnerability"](https://github.com/nhost/nhost/security/advisories/new) tab.
+
+Once you have submitted the report, we will promptly conduct a thorough investigation within 72 hours. In case we need further information, we may contact you for additional details. Rest assured that addressing the reported vulnerability in a timely manner is our top priority.

dashboard/CHANGELOG.md

@@ -1,5 +1,83 @@
 # @nhost/dashboard
 
+## 1.8.3
+
+### Patch Changes
+
+- @nhost/react-apollo@9.0.3
+- @nhost/nextjs@2.1.5
+
+## 1.8.2
+
+### Patch Changes
+
+- 6df4f02: fix: use custom error toast and show correct message when sending an invite
+
+## 1.8.1
+
+### Patch Changes
+
+- @nhost/react-apollo@9.0.2
+- @nhost/nextjs@2.1.4
+
+## 1.8.0
+
+### Minor Changes
+
+- 713d53c: feat: add catch-all route for workspace/project - useful for documentation
+
+### Patch Changes
+
+- 3db2999: fix: refresh table list after running SQL using the editor
+- 3c4dd55: fix: handle `Error` objects properly in the `ErrorToast` component
+- 92b434e: fix: resolve an issue where the checkbox in the data-grid header did not select all rows
+  - @nhost/react-apollo@9.0.1
+  - @nhost/nextjs@2.1.3
+
+## 1.7.0
+
+### Minor Changes
+
+- 0d8d0eb: Update docs and dashboard references
+
+## 1.6.9
+
+### Patch Changes
+
+- @nhost/react-apollo@9.0.0
+- @nhost/nextjs@2.1.2
+
+## 1.6.8
+
+### Patch Changes
+
+- @nhost/react-apollo@8.0.1
+- @nhost/nextjs@2.1.1
+
+## 1.6.7
+
+### Patch Changes
+
+- 5ef5189: fix: update `@apollo/client` to `3.9.4` to fix a cache bug
+
+## 1.6.6
+
+### Patch Changes
+
+- 3ba485e: fix: added discord.com to connect-src
+- e5bab6a: chore: update dependencies
+- Updated dependencies [b19ffed]
+- Updated dependencies [e5bab6a]
+  - @nhost/nextjs@2.1.0
+  - @nhost/react-apollo@8.0.0
+
+## 1.6.5
+
+### Patch Changes
+
+- ba73bb4: fix: update ErrorToast component to show the internal graphql error
+- d5337ff: fix: utilize accumulator in the creation of validation schema within data grid utils
+
 ## 1.6.4
 
 ### Patch Changes

dashboard/next.config.js

@@ -4,10 +4,10 @@ const withBundleAnalyzer = require('@next/bundle-analyzer')({
 });
 const { version } = require('./package.json');
 
-
 const cspHeader = `
     default-src 'self' *.nhost.run ws://*.nhost.run nhost.run ws://nhost.run;
     script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.segment.com js.stripe.com;
+    connect-src 'self' *.nhost.run ws://*.nhost.run nhost.run ws://nhost.run discord.com;
     style-src 'self' 'unsafe-inline';
     img-src 'self' blob: data: avatars.githubusercontent.com s.gravatar.com *.nhost.run nhost.run;
     font-src 'self' data:;
@@ -18,7 +18,7 @@ const cspHeader = `
     frame-src 'self' js.stripe.com;
     block-all-mixed-content;
     upgrade-insecure-requests;
-`
+`;
 
 module.exports = withBundleAnalyzer({
   reactStrictMode: true,
@@ -40,7 +40,7 @@ module.exports = withBundleAnalyzer({
         headers: [
           {
             key: 'X-Frame-Options',
-            value: 'SAMEORIGIN'
+            value: 'SAMEORIGIN',
           },
           {
             key: 'Content-Security-Policy',
@@ -48,7 +48,7 @@ module.exports = withBundleAnalyzer({
           },
         ],
       },
-    ]
+    ];
   },
   async redirects() {
     return [

dashboard/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nhost/dashboard",
-  "version": "1.6.4",
+  "version": "1.8.3",
   "private": true,
   "scripts": {
     "preinstall": "npx only-allow pnpm",
@@ -19,7 +19,7 @@
     "e2e": "pnpm install-browsers && pnpm playwright test"
   },
   "dependencies": {
-    "@apollo/client": "^3.8.9",
+    "@apollo/client": "^3.9.4",
     "@codemirror/lang-sql": "^6.5.5",
     "@emotion/cache": "^11.11.0",
     "@emotion/react": "^11.11.3",
@@ -33,8 +33,8 @@
     "@heroicons/react": "^1.0.6",
     "@hookform/resolvers": "^3.3.4",
     "@mui/base": "5.0.0-beta.31",
-    "@mui/material": "^5.15.4",
-    "@mui/system": "^5.15.4",
+    "@mui/material": "^5.15.7",
+    "@mui/system": "^5.15.7",
     "@mui/x-date-pickers": "^5.0.20",
     "@nhost/nextjs": "workspace:*",
     "@nhost/react-apollo": "workspace:*",
@@ -43,24 +43,24 @@
     "@stripe/stripe-js": "^1.54.2",
     "@tailwindcss/forms": "^0.5.7",
     "@tanstack/react-query": "^4.36.1",
-    "@tanstack/react-table": "^8.11.6",
-    "@tanstack/react-virtual": "^3.0.1",
+    "@tanstack/react-table": "^8.11.7",
+    "@tanstack/react-virtual": "^3.0.2",
     "@uiw/codemirror-theme-github": "^4.21.21",
     "@uiw/react-codemirror": "^4.21.21",
     "analytics-node": "^6.2.0",
     "bcryptjs": "^2.4.3",
     "clsx": "^1.2.1",
     "date-fns": "^2.30.0",
+    "framer-motion": "^10.18.0",
     "generate-password": "^1.7.1",
     "graphiql": "^3.1.0",
     "graphql": "16.8.1",
     "graphql-request": "^6.1.0",
-    "framer-motion": "^10.17.9",
     "graphql-tag": "^2.12.6",
     "graphql-ws": "^5.14.3",
     "just-kebab-case": "^4.2.0",
     "lodash.debounce": "^4.0.8",
-    "next": "^14.0.4",
+    "next": "^14.1.0",
     "next-seo": "^6.4.0",
     "node-pg-format": "^1.3.5",
     "pluralize": "^8.0.0",
@@ -68,9 +68,9 @@
     "react-children-utilities": "^2.10.0",
     "react-dom": "18.2.0",
     "react-error-boundary": "^4.0.12",
-    "react-hook-form": "^7.49.3",
+    "react-hook-form": "^7.50.0",
     "react-hot-toast": "^2.4.1",
-    "react-intersection-observer": "^9.5.3",
+    "react-intersection-observer": "^9.5.4",
     "react-is": "18.2.0",
     "react-loading-skeleton": "^2.2.0",
     "react-markdown": "^9.0.1",
@@ -85,13 +85,13 @@
     "slugify": "^1.6.6",
     "stripe": "^10.17.0",
     "tailwind-merge": "^1.14.0",
-    "utility-types": "^3.10.0",
+    "utility-types": "^3.11.0",
     "validator": "^13.11.0",
     "yup": "^1.3.3",
     "yup-password": "^0.2.2"
   },
   "devDependencies": {
-    "@babel/core": "^7.23.7",
+    "@babel/core": "^7.23.9",
     "@faker-js/faker": "^7.6.0",
     "@graphql-codegen/cli": "^3.3.1",
     "@graphql-codegen/typescript": "^3.0.4",
@@ -106,34 +106,34 @@
     "@storybook/addon-postcss": "^2.0.0",
     "@storybook/builder-webpack5": "^6.5.16",
     "@storybook/manager-webpack5": "^6.5.16",
-    "@storybook/react": "^6.5.16",
+    "@storybook/react": "^7.6.15",
     "@storybook/testing-library": "^0.2.2",
     "@tailwindcss/typography": "^0.5.10",
     "@testing-library/dom": "^9.3.4",
     "@testing-library/jest-dom": "^5.17.0",
-    "@testing-library/react": "^14.1.2",
+    "@testing-library/react": "^14.2.0",
     "@testing-library/user-event": "^14.5.2",
     "@types/ace": "^0.0.48",
     "@types/bcryptjs": "^2.4.6",
     "@types/jest": "^29.5.11",
     "@types/lodash.debounce": "^4.0.9",
-    "@types/node": "^16.18.70",
+    "@types/node": "^16.18.78",
     "@types/pluralize": "^0.0.30",
-    "@types/react": "^18.2.47",
+    "@types/react": "^18.2.50",
     "@types/react-dom": "^18.2.18",
     "@types/react-table": "^7.7.19",
     "@types/shell-quote": "^1.7.5",
     "@types/testing-library__jest-dom": "^5.14.9",
     "@types/validator": "^13.11.8",
-    "@typescript-eslint/eslint-plugin": "^6.18.1",
-    "@typescript-eslint/parser": "^6.18.1",
+    "@typescript-eslint/eslint-plugin": "^6.20.0",
+    "@typescript-eslint/parser": "^6.20.0",
     "@vitejs/plugin-react": "^4.2.1",
     "@vitest/coverage-v8": "^0.32.4",
-    "autoprefixer": "^10.4.16",
+    "autoprefixer": "^10.4.17",
     "babel-loader": "^8.3.0",
     "babel-plugin-transform-remove-console": "^6.9.4",
     "csstype": "^3.1.3",
-    "dotenv": "^16.3.1",
+    "dotenv": "^16.4.1",
     "encoding": "^0.1.13",
     "eslint": "^8.56.0",
     "eslint-config-airbnb": "19.0.4",
@@ -145,7 +145,7 @@
     "eslint-plugin-react": "^7.33.2",
     "eslint-plugin-react-hooks": "^4.6.0",
     "jsdom": "^22.1.0",
-    "lint-staged": "^15.2.0",
+    "lint-staged": "^15.2.1",
     "msw": "^1.3.2",
     "msw-storybook-addon": "^1.10.0",
     "node-fetch": "^3.3.2",
@@ -161,7 +161,7 @@
     "ts-node": "^10.9.2",
     "tsconfig-paths-webpack-plugin": "^4.1.0",
     "vite": "^5.0.12",
-    "vite-tsconfig-paths": "^4.2.3",
+    "vite-tsconfig-paths": "^4.3.1",
     "vitest": "^0.32.4"
   },
   "browserslist": {

dashboard/src/components/dataGrid/DataGridHeader/DataGridHeader.tsx

@@ -96,45 +96,52 @@ export default function DataGridHeader<T extends object>({
             }}
             key={column.id}
           >
-            <Dropdown.Trigger
-              className={twMerge(
-                'focus:outline-none motion-safe:transition-colors',
-              )}
-              disabled={
-                column.isDisabled ||
-                column.id === 'selection' ||
-                (column.disableSortBy && !onRemoveColumn)
-              }
-              hideChevron
-            >
+            {column.id === 'selection' ? (
               <span
                 {...headerProps}
                 className="relative grid w-full grid-flow-col items-center justify-between p-2"
               >
                 {column.render('Header')}
-
-                {allowSort && (
-                  <Box component="span" sx={{ color: 'text.primary' }}>
-                    {column.isSorted && !column.isSortedDesc && (
-                      <ArrowUpIcon className="h-3 w-3" />
-                    )}
-
-                    {column.isSorted && column.isSortedDesc && (
-                      <ArrowDownIcon className="h-3 w-3" />
-                    )}
-                  </Box>
-                )}
               </span>
-
-              {allowResize && !column.disableResizing && (
+            ) : (
+              <Dropdown.Trigger
+                className={twMerge(
+                  'focus:outline-none motion-safe:transition-colors',
+                )}
+                disabled={
+                  column.isDisabled || (column.disableSortBy && !onRemoveColumn)
+                }
+                hideChevron
+              >
                 <span
-                  {...column.getResizerProps({
-                    onClick: (event: Event) => event.stopPropagation(),
-                  })}
-                  className="absolute top-0 bottom-0 -right-0.5 z-10 h-full w-1.5 group-hover:bg-slate-900 group-hover:bg-opacity-20 group-active:bg-slate-900 group-active:bg-opacity-20 motion-safe:transition-colors"
-                />
-              )}
-            </Dropdown.Trigger>
+                  {...headerProps}
+                  className="relative grid w-full grid-flow-col items-center justify-between p-2"
+                >
+                  {column.render('Header')}
+
+                  {allowSort && (
+                    <Box component="span" sx={{ color: 'text.primary' }}>
+                      {column.isSorted && !column.isSortedDesc && (
+                        <ArrowUpIcon className="h-3 w-3" />
+                      )}
+
+                      {column.isSorted && column.isSortedDesc && (
+                        <ArrowDownIcon className="h-3 w-3" />
+                      )}
+                    </Box>
+                  )}
+                </span>
+
+                {allowResize && !column.disableResizing && (
+                  <span
+                    {...column.getResizerProps({
+                      onClick: (event: Event) => event.stopPropagation(),
+                    })}
+                    className="absolute -right-0.5 bottom-0 top-0 z-10 h-full w-1.5 group-hover:bg-slate-900 group-hover:bg-opacity-20 group-active:bg-slate-900 group-active:bg-opacity-20 motion-safe:transition-colors"
+                  />
+                )}
+              </Dropdown.Trigger>
+            )}
 
             <Dropdown.Content
               menu

dashboard/src/components/ui/v2/ErrorToast/ErrorToast.tsx

@@ -5,7 +5,7 @@ import { XIcon } from '@/components/ui/v2/icons/XIcon';
 import { useCurrentWorkspaceAndProject } from '@/features/projects/common/hooks/useCurrentWorkspaceAndProject';
 import { getToastBackgroundColor } from '@/utils/constants/settings';
 import { copy } from '@/utils/copy';
-import { type ApolloError } from '@apollo/client';
+import type { ApolloError } from '@apollo/client';
 import { useUserData } from '@nhost/nextjs';
 import { AnimatePresence, motion } from 'framer-motion';
 import { useRouter } from 'next/router';
@@ -20,6 +20,44 @@ interface ErrorDetails {
   error: any;
 }
 
+const getInternalErrorMessage = (
+  error: Error | ApolloError | undefined,
+): string | null => {
+  if (!error) {
+    return null;
+  }
+
+  if (error.name === 'ApolloError') {
+    // @ts-ignore
+    const internalError = error.graphQLErrors?.[0]?.extensions?.internal as {
+      error: { message: string };
+    };
+    return internalError?.error?.message || null;
+  }
+
+  if (error instanceof Error) {
+    return error.message;
+  }
+
+  return null;
+};
+
+const errorToObject = (error: ApolloError | Error) => {
+  if (error.name === 'ApolloError') {
+    return error;
+  }
+
+  if (error instanceof Error) {
+    return {
+      name: error.name,
+      message: error.message,
+      stack: error.stack,
+    };
+  }
+
+  return {};
+};
+
 export default function ErrorToast({
   isVisible,
   errorMessage,
@@ -28,7 +66,7 @@ export default function ErrorToast({
 }: {
   isVisible: boolean;
   errorMessage: string;
-  error: ApolloError;
+  error: ApolloError | Error;
   close: () => void;
 }) {
   const userData = useUserData();
@@ -43,10 +81,10 @@ export default function ErrorToast({
       userId: userData?.id || 'local',
       url: asPath,
     },
-    error,
+    error: errorToObject(error),
   };
 
-  const msg = error?.graphQLErrors?.at(0)?.message || errorMessage;
+  const msg = getInternalErrorMessage(error) || errorMessage;
 
   return (
     <AnimatePresence>

dashboard/src/features/authentication/settings/components/AllowedEmailSettings/AllowedEmailSettings.tsx

@@ -130,7 +130,7 @@ export default function AllowedEmailDomainsSettings() {
               loading: formState.isSubmitting,
             },
           }}
-          docsLink="https://docs.nhost.io/authentication#allowed-emails-and-domains"
+          docsLink="https://docs.nhost.io/guides/auth/overview#allowed-emails-and-domains"
           switchId="enabled"
           showSwitch
           className={twMerge(

dashboard/src/features/authentication/settings/components/AllowedRedirectURLsSettings/AllowedRedirectURLsSettings.tsx

@@ -105,7 +105,7 @@ export default function AllowedRedirectURLsSettings() {
               loading: formState.isSubmitting,
             },
           }}
-          docsLink="https://docs.nhost.io/authentication#allowed-redirect-urls"
+          docsLink="https://docs.nhost.io/guides/auth/overview#allowed-redirect-urls"
           className="grid grid-flow-row px-4 lg:grid-cols-5"
         >
           <Input

dashboard/src/features/authentication/settings/components/AppleProviderSettings/AppleProviderSettings.tsx

@@ -141,7 +141,7 @@ export default function AppleProviderSettings() {
               loading: formState.isSubmitting,
             },
           }}
-          docsLink="https://docs.nhost.io/authentication/sign-in-with-apple"
+          docsLink="https://docs.nhost.io/guides/auth/social/sign-in-apple"
           docsTitle="how to sign in users with Apple"
           icon={
             theme.palette.mode === 'dark'

dashboard/src/features/authentication/settings/components/BlockedEmailSettings/BlockedEmailSettings.tsx

@@ -136,7 +136,7 @@ export default function BlockedEmailSettings() {
               loading: formState.isSubmitting,
             },
           }}
-          docsLink="https://docs.nhost.io/authentication#blocked-emails-and-domains"
+          docsLink="https://docs.nhost.io/guides/auth/overview#allowed-emails-and-domains"
           switchId="enabled"
           showSwitch
           className={twMerge(

dashboard/src/features/authentication/settings/components/ClientURLSettings/ClientURLSettings.tsx

@@ -99,7 +99,7 @@ export default function ClientURLSettings() {
               loading: formState.isSubmitting,
             },
           }}
-          docsLink="https://docs.nhost.io/authentication#client-url"
+          docsLink="https://docs.nhost.io/guides/auth/overview#client-url"
           className="grid grid-flow-row lg:grid-cols-5"
         >
           <Input

dashboard/src/features/authentication/settings/components/DisableNewUsersSettings/DisableNewUsersSettings.tsx

@@ -89,7 +89,7 @@ export default function DisableNewUsersSettings() {
         <SettingsContainer
           title="Disable New Users"
           description="If set, newly registered users are disabled and won't be able to sign in."
-          docsLink="https://docs.nhost.io/authentication#disable-new-users"
+          docsLink="https://docs.nhost.io/guides/auth/overview#disable-new-users"
           switchId="disabled"
           showSwitch
           slotProps={{

dashboard/src/features/authentication/settings/components/DiscordProviderSettings/DiscordProviderSettings.tsx

@@ -111,7 +111,7 @@ export default function DiscordProviderSettings() {
               loading: formState.isSubmitting,
             },
           }}
-          docsLink="https://docs.nhost.io/platform/authentication/sign-in-with-discord"
+          docsLink="https://docs.nhost.io/guides/auth/social/sign-in-discord"
           docsTitle="how to sign in users with Discord"
           icon="/assets/brands/discord.svg"
           switchId="enabled"

dashboard/src/features/authentication/settings/components/EmailAndPasswordSettings/EmailAndPasswordSettings.tsx

@@ -104,7 +104,7 @@ export default function EmailAndPasswordSettings() {
         <SettingsContainer
           title="Email and Password"
           description="Allow users to sign in with email and password."
-          docsLink="https://docs.nhost.io/authentication/sign-in-with-email-and-password"
+          docsLink="https://docs.nhost.io/guides/auth/sign-in-email-password"
           docsTitle="how to sign in users with email and password"
           className="grid grid-flow-row"
           showSwitch

dashboard/src/features/authentication/settings/components/FacebookProviderSettings/FacebookProviderSettings.tsx

@@ -111,7 +111,7 @@ export default function FacebookProviderSettings() {
               loading: formState.isSubmitting,
             },
           }}
-          docsLink="https://docs.nhost.io/platform/authentication/sign-in-with-facebook"
+          docsLink="https://docs.nhost.io/guides/auth/social/sign-in-facebook"
           docsTitle="how to sign in users with Facebook"
           icon="/assets/brands/facebook.svg"
           switchId="enabled"

dashboard/src/features/authentication/settings/components/GitHubProviderSettings/GitHubProviderSettings.tsx

@@ -113,7 +113,7 @@ export default function GitHubProviderSettings() {
               loading: formState.isSubmitting,
             },
           }}
-          docsLink="https://docs.nhost.io/platform/authentication/sign-in-with-github"
+          docsLink="https://docs.nhost.io/guides/auth/social/sign-in-github"
           docsTitle="how to sign in users with GitHub"
           icon={
             theme.palette.mode === 'dark'

dashboard/src/features/authentication/settings/components/GoogleProviderSettings/GoogleProviderSettings.tsx

@@ -111,7 +111,7 @@ export default function GoogleProviderSettings() {
               loading: formState.isSubmitting,
             },
           }}
-          docsLink="https://docs.nhost.io/platform/authentication/sign-in-with-google"
+          docsLink="https://docs.nhost.io/guides/auth/social/sign-in-google"
           docsTitle="how to sign in users with Google"
           icon="/assets/brands/google.svg"
           switchId="enabled"

dashboard/src/features/authentication/settings/components/GravatarSettings/GravatarSettings.tsx

@@ -113,7 +113,7 @@ export default function GravatarSettings() {
               loading: formState.isSubmitting,
             },
           }}
-          docsLink="https://docs.nhost.io/authentication#gravatar"
+          docsLink="https://docs.nhost.io/guides/auth/overview#gravatar"
           switchId="enabled"
           showSwitch
           className={twMerge(

dashboard/src/features/authentication/settings/components/LinkedInProviderSettings/LinkedInProviderSettings.tsx

@@ -111,7 +111,7 @@ export default function LinkedInProviderSettings() {
               loading: formState.isSubmitting,
             },
           }}
-          docsLink="https://docs.nhost.io/platform/authentication/sign-in-with-linkedin"
+          docsLink="https://docs.nhost.io/guides/auth/social/sign-in-linkedin"
           docsTitle="how to sign in users with LinkedIn"
           icon="/assets/brands/linkedin.svg"
           switchId="enabled"

dashboard/src/features/authentication/settings/components/MFASettings/MFASettings.tsx

@@ -102,7 +102,7 @@ export default function MFASettings() {
               loading: formState.isSubmitting,
             },
           }}
-          docsLink="https://docs.nhost.io/authentication#multi-factor-authentication"
+          docsLink="https://docs.nhost.io/guides/auth/overview#multi-factor-authentication"
           switchId="enabled"
           showSwitch
           className={twMerge(

dashboard/src/features/authentication/settings/components/MagicLinkSettings/MagicLinkSettings.tsx

@@ -97,7 +97,7 @@ export default function MagicLinkSettings() {
               loading: formState.isSubmitting,
             },
           }}
-          docsLink="https://docs.nhost.io/authentication/sign-in-with-magic-link"
+          docsLink="https://docs.nhost.io/guides/auth/sign-in-magic-link"
           docsTitle="how to sign in users with Magic Link"
           switchId="enabled"
           showSwitch

dashboard/src/features/authentication/settings/components/SMSSettings/SMSSettings.tsx

@@ -137,7 +137,7 @@ export default function SMSSettings() {
           }}
           switchId="enabled"
           showSwitch
-          docsLink="https://docs.nhost.io/authentication/sign-in-with-phone-number-sms"
+          docsLink="https://docs.nhost.io/guides/auth/sign-in-phone-number"
           docsTitle="how to sign in users with a phone number (SMS)"
           className={twMerge(
             'grid grid-flow-col grid-cols-2 grid-rows-4 gap-x-3 gap-y-4 px-4 py-2',

dashboard/src/features/authentication/settings/components/SpotifyProviderSettings/SpotifyProviderSettings.tsx

@@ -111,7 +111,7 @@ export default function SpotifyProviderSettings() {
               loading: formState.isSubmitting,
             },
           }}
-          docsLink="https://docs.nhost.io/platform/authentication/sign-in-with-spotify"
+          docsLink="https://docs.nhost.io/guides/auth/social/sign-in-spotify"
           docsTitle="how to sign in users with Spotify"
           icon="/assets/brands/spotify.svg"
           switchId="enabled"

dashboard/src/features/authentication/settings/components/TwitchProviderSettings/TwitchProviderSettings.tsx

@@ -113,7 +113,7 @@ export default function TwitchProviderSettings() {
               loading: formState.isSubmitting,
             },
           }}
-          docsLink="https://docs.nhost.io/platform/authentication/sign-in-with-twitch"
+          docsLink="https://docs.nhost.io/guides/auth/social/sign-in-twitch"
           docsTitle="how to sign in users with Twitch"
           icon={
             theme.palette.mode === 'dark'

dashboard/src/features/authentication/settings/components/WebAuthnSettings/WebAuthnSettings.tsx

@@ -101,7 +101,7 @@ export default function WebAuthnSettings() {
               loading: formState.isSubmitting,
             },
           }}
-          docsLink="https://docs.nhost.io/authentication/sign-in-with-security-keys"
+          docsLink="https://docs.nhost.io/guides/auth/sign-in-webauthn"
           docsTitle="how to sign in users with security keys"
           switchId="enabled"
           showSwitch

dashboard/src/features/authentication/settings/components/WorkOsProviderSettings/WorkOsProviderSettings.tsx

@@ -137,7 +137,7 @@ export default function WorkOsProviderSettings() {
               loading: formState.isSubmitting,
             },
           }}
-          docsLink="https://docs.nhost.io/authentication/sign-in-with-workos"
+          docsLink="https://docs.nhost.io/guides/auth/social/sign-in-workos"
           docsTitle="how to sign in users with WorkOS"
           icon="/assets/brands/workos.svg"
           switchId="enabled"

dashboard/src/features/database/dataGrid/hooks/useRunSQL/useRunSQL.ts

@@ -1,10 +1,12 @@
+import { useDatabaseQuery } from '@/features/database/dataGrid/hooks/useDatabaseQuery';
 import { useCurrentWorkspaceAndProject } from '@/features/projects/common/hooks/useCurrentWorkspaceAndProject';
 import { generateAppServiceUrl } from '@/features/projects/common/utils/generateAppServiceUrl';
 import { getToastStyleProps } from '@/utils/constants/settings';
 import { getHasuraAdminSecret } from '@/utils/env';
 import { parseIdentifiersFromSQL } from '@/utils/sql';
-import toast from 'react-hot-toast';
+import { useRouter } from 'next/router';
 import { useState } from 'react';
+import toast from 'react-hot-toast';
 
 export default function useRunSQL(
   sqlCode: string,
@@ -22,6 +24,14 @@ export default function useRunSQL(
   const [columns, setColumns] = useState<string[]>([]);
   const [rows, setRows] = useState<string[][]>([[]]);
 
+  const router = useRouter();
+
+  const {
+    query: { dataSourceSlug },
+  } = router;
+
+  const { refetch } = useDatabaseQuery([dataSourceSlug as string]);
+
   const appUrl = generateAppServiceUrl(
     currentProject?.subdomain,
     currentProject?.region,
@@ -269,6 +279,9 @@ export default function useRunSQL(
       }
     }
 
+    // refresh the table list after running the sql
+    await refetch();
+
     setLoading(false);
   };
 

dashboard/src/features/database/dataGrid/utils/validationSchemaHelpers/validationSchemaHelpers.ts

@@ -114,7 +114,7 @@ export function createDynamicValidationSchema(
       ['time', 'timetz', 'interval'].includes(column.specificType)
     ) {
       return {
-        ...schema,
+        ...currentSchema,
         [column.id]: createTextValidationSchema(details).matches(
           /^\d{2}:\d{2}(:\d{2})?$/,
           'This is not a valid time (e.g: HH:MM:SS / HH:MM).',
@@ -124,14 +124,14 @@ export function createDynamicValidationSchema(
 
     if (column.type === 'date') {
       return {
-        ...schema,
+        ...currentSchema,
         [column.id]: createDateValidationSchema(details),
       };
     }
 
     if (column.type === 'boolean') {
       return {
-        ...schema,
+        ...currentSchema,
         [column.id]: createBooleanValidationSchema(details),
       };
     }
@@ -141,13 +141,13 @@ export function createDynamicValidationSchema(
       (column.specificType === 'jsonb' || column.specificType === 'json')
     ) {
       return {
-        ...schema,
+        ...currentSchema,
         [column.id]: createJSONValidationSchema(details),
       };
     }
 
     return {
-      ...schema,
+      ...currentSchema,
       [column.id]: createTextValidationSchema(details),
     };
   }, {});

dashboard/src/features/projects/common/components/ChangePlanModal/ChangePlanModal.tsx

@@ -25,12 +25,12 @@ function Plan({ planName, price, setPlan, planId, selectedPlanId }: any) {
   return (
     <button
       type="button"
-      className="my-4 grid w-full grid-flow-col items-center justify-between gap-2 px-1"
+      className="grid items-center justify-between w-full grid-flow-col gap-2 px-1 my-4"
       onClick={setPlan}
       tabIndex={-1}
     >
       <div className="grid grid-flow-row gap-y-0.5">
-        <div className="grid grid-flow-col items-center justify-start gap-2">
+        <div className="grid items-center justify-start grid-flow-col gap-2">
           <Checkbox
             onChange={setPlan}
             checked={selectedPlanId === planId}
@@ -40,7 +40,7 @@ function Plan({ planName, price, setPlan, planId, selectedPlanId }: any) {
           <Text
             variant="h3"
             component="p"
-            className="self-center text-left font-medium"
+            className="self-center font-medium text-left"
           >
             Upgrade to {planName}
           </Text>
@@ -156,7 +156,7 @@ export function ChangePlanModalWithData({ app, plans, close }: any) {
 
   if (pollingCurrentProject) {
     return (
-      <Box className="mx-auto w-full max-w-xl rounded-lg p-6 text-left">
+      <Box className="w-full max-w-xl p-6 mx-auto text-left rounded-lg">
         <div className="flex flex-col">
           <div className="mx-auto">
             <Image
@@ -179,7 +179,7 @@ export function ChangePlanModalWithData({ app, plans, close }: any) {
           <Button
             variant="outlined"
             color="secondary"
-            className="mx-auto mt-4 w-full max-w-sm"
+            className="w-full max-w-sm mx-auto mt-4"
             onClick={() => {
               if (close) {
                 close();
@@ -196,7 +196,7 @@ export function ChangePlanModalWithData({ app, plans, close }: any) {
   }
 
   return (
-    <Box className="w-full max-w-xl rounded-lg p-6 text-left">
+    <Box className="w-full max-w-xl p-6 text-left rounded-lg">
       <BaseDialog
         open={showPaymentModal}
         onClose={() => setShowPaymentModal(false)}
@@ -241,7 +241,7 @@ export function ChangePlanModalWithData({ app, plans, close }: any) {
             ))}
         </div>
 
-        <div className="mt-2 grid grid-flow-row gap-2">
+        <div className="grid grid-flow-row gap-2 mt-2">
           <Button
             onClick={handleChangePlanClick}
             disabled={!selectedPlan}

dashboard/src/features/projects/permissions/settings/components/PermissionVariableSettings/PermissionVariableSettings.tsx

@@ -138,7 +138,7 @@ export default function PermissionVariableSettings() {
     <SettingsContainer
       title="Permission Variables"
       description="Permission variables are used to define permission rules in the GraphQL API."
-      docsLink="https://docs.nhost.io/graphql/permissions"
+      docsLink="https://docs.nhost.io/guides/api/permissions#permission-variables"
       rootClassName="gap-0"
       className="my-2 px-0"
       slotProps={{ submitButton: { className: 'hidden' } }}

dashboard/src/features/projects/resources/settings/components/ResourcesForm/ResourcesFormFooter.tsx

@@ -79,7 +79,7 @@ export default function ResourcesFormFooter() {
       <Text>
         Learn more about{' '}
         <Link
-          href="https://docs.nhost.io/platform/compute"
+          href="https://docs.nhost.io/platform/compute-resources"
           target="_blank"
           rel="noopener noreferrer"
           underline="hover"

dashboard/src/features/projects/roles/settings/components/RoleSettings/RoleSettings.tsx

@@ -169,7 +169,7 @@ export default function RoleSettings() {
     <SettingsContainer
       title="Default Allowed Roles"
       description="Default Allowed Roles are roles users get automatically when they sign up."
-      docsLink="https://docs.nhost.io/authentication/users#allowed-roles"
+      docsLink="https://docs.nhost.io/guides/auth/users#allowed-roles"
       rootClassName="gap-0"
       className={twMerge(
         'my-2 px-0',

dashboard/src/features/projects/workspaces/components/WorkspaceMembers/WorkspaceMembers.tsx

@@ -7,7 +7,7 @@ import { useIsCurrentUserOwner } from '@/features/projects/common/hooks/useIsCur
 import { PendingWorkspaceMemberInvitation } from '@/features/projects/workspaces/components/PendingWorkspaceMemberInvitation';
 import { WorkspaceMember } from '@/features/projects/workspaces/components/WorkspaceMember';
 import { discordAnnounce } from '@/utils/discordAnnounce';
-import { getErrorMessage } from '@/utils/getErrorMessage';
+import { execPromiseWithErrorToast } from '@/utils/execPromiseWithErrorToast';
 import { triggerToast } from '@/utils/toast';
 import {
   refetchGetWorkspaceMembersQuery,
@@ -52,38 +52,42 @@ function WorkspaceMemberInviteForm({
       return;
     }
 
-    try {
-      await insertWorkspaceMemberInvite({
-        variables: {
-          workspaceMemberInvite: {
-            workspaceId: currentWorkspace.id,
-            email,
-            memberType: 'member',
+    await execPromiseWithErrorToast(
+      async () => {
+        await insertWorkspaceMemberInvite({
+          variables: {
+            workspaceMemberInvite: {
+              workspaceId: currentWorkspace.id,
+              email,
+              memberType: 'member',
+            },
           },
-        },
-      });
-      triggerToast(
-        `Invite to join workspace ${currentWorkspace.name} sent to ${email}.`,
-      );
-    } catch (error) {
-      await discordAnnounce(
-        `Error trying to invite to ${email} to ${currentWorkspace.name} ${error.message}`,
-      );
-      if (
-        error.message ===
-        'Foreign key violation. insert or update on table "workspace_member_invites" violates foreign key constraint "workspace_member_invites_email_fkey"'
-      ) {
-        setWorkspaceInviteError(
-          'You can only invite users that are already registered at Nhost. Ask the person to register an account, then invite them again.',
+        });
+
+        triggerToast(
+          `Invite to join workspace ${currentWorkspace.name} sent to ${email}.`,
         );
+      },
+      {
+        loadingMessage: 'Sending invite...',
+        successMessage: 'The invite has been sent successfully.',
+        errorMessage: `Error trying to invite to ${email} to ${currentWorkspace.name}`,
+        onError: async (error) => {
+          await discordAnnounce(
+            `Error trying to invite to ${email} to ${currentWorkspace.name} ${error.message}`,
+          );
 
-        return;
-      }
-
-      setWorkspaceInviteError(getErrorMessage(error, 'invite'));
-
-      return;
-    }
+          if (
+            error.message ===
+            'Foreign key violation. insert or update on table "workspace_member_invites" violates foreign key constraint "workspace_member_invites_email_fkey"'
+          ) {
+            setWorkspaceInviteError(
+              'You can only invite users that are already registered at Nhost. Ask the person to register an account, then invite them again.',
+            );
+          }
+        },
+      },
+    );
 
     setEmail('');
   };
@@ -130,8 +134,8 @@ export default function WorkspaceMembers() {
   });
 
   return (
-    <div className="mx-auto mt-18 max-w-3xl font-display">
-      <div className="mb-2 grid grid-flow-row gap-1">
+    <div className="max-w-3xl mx-auto mt-18 font-display">
+      <div className="grid grid-flow-row gap-1 mb-2">
         <Text variant="h3">Members</Text>
         <Text color="secondary" className="text-sm">
           People in this workspace can manage all projects listed above.

dashboard/src/pages/_/_/[...slug].tsx

@@ -0,0 +1,158 @@
+import { AuthenticatedLayout } from '@/components/layout/AuthenticatedLayout';
+import { Container } from '@/components/layout/Container';
+import { RetryableErrorBoundary } from '@/components/presentational/RetryableErrorBoundary';
+import { ActivityIndicator } from '@/components/ui/v2/ActivityIndicator';
+import { Box } from '@/components/ui/v2/Box';
+import { Button } from '@/components/ui/v2/Button';
+import { Input } from '@/components/ui/v2/Input';
+import { List } from '@/components/ui/v2/List';
+import { ListItem } from '@/components/ui/v2/ListItem';
+import { Text } from '@/components/ui/v2/Text';
+import {
+  useGetAllWorkspacesAndProjectsQuery,
+  type GetAllWorkspacesAndProjectsQuery,
+} from '@/utils/__generated__/graphql';
+import { Divider } from '@mui/material';
+import { useUserData } from '@nhost/nextjs';
+import debounce from 'lodash.debounce';
+import Image from 'next/image';
+import { useRouter } from 'next/router';
+import type { ChangeEvent, ReactElement } from 'react';
+import { Fragment, useEffect, useMemo, useState } from 'react';
+
+type Workspace = Omit<
+  GetAllWorkspacesAndProjectsQuery['workspaces'][0],
+  '__typename'
+>;
+
+export default function SelectWorkspaceAndProject() {
+  const user = useUserData();
+  const router = useRouter();
+
+  const { data, loading } = useGetAllWorkspacesAndProjectsQuery({
+    skip: !user,
+  });
+
+  const workspaces: Workspace[] = data?.workspaces || [];
+
+  const projects = workspaces.flatMap((workspace) =>
+    workspace.projects.map((project) => ({
+      workspaceName: workspace.name,
+      projectName: project.name,
+      value: `${workspace.slug}/${project.slug}`,
+    })),
+  );
+
+  const [filter, setFilter] = useState('');
+
+  const handleFilterChange = useMemo(
+    () =>
+      debounce((event: ChangeEvent<HTMLInputElement>) => {
+        setFilter(event.target.value);
+      }, 200),
+    [],
+  );
+
+  useEffect(() => () => handleFilterChange.cancel(), [handleFilterChange]);
+
+  const goToProjectPage = async (project: {
+    workspaceName: string;
+    projectName: string;
+    value: string;
+  }) => {
+    const { slug } = router.query;
+
+    await router.push({
+      pathname: `/${project.value}/${
+        Array.isArray(slug) ? slug.join('/') : slug
+      }`,
+    });
+  };
+
+  const projectsToDisplay = filter
+    ? projects.filter((project) =>
+        project.projectName.toLowerCase().includes(filter.toLowerCase()),
+      )
+    : projects;
+
+  if (loading) {
+    return (
+      <div className="flex w-full justify-center">
+        <ActivityIndicator
+          delay={500}
+          label="Loading workspaces and projects..."
+        />
+      </div>
+    );
+  }
+
+  return (
+    <Container>
+      <div className="mx-auto grid max-w-[760px] grid-flow-row gap-4 py-6 sm:py-14">
+        <Text variant="h2" component="h1" className="">
+          Select a Project
+        </Text>
+
+        <div>
+          <div className="mb-2 flex w-full">
+            <Input
+              placeholder="Search..."
+              onChange={handleFilterChange}
+              fullWidth
+              autoFocus
+            />
+          </div>
+          <RetryableErrorBoundary>
+            {projectsToDisplay.length === 0 ? (
+              <Box className="h-import py-2">
+                <Text variant="subtitle2">No results found.</Text>
+              </Box>
+            ) : (
+              <List className="h-import overflow-y-auto">
+                {projectsToDisplay.map((project, index) => (
+                  <Fragment key={project.value}>
+                    <ListItem.Root
+                      className="grid grid-flow-col justify-start gap-2  py-2.5"
+                      secondaryAction={
+                        <Button
+                          variant="borderless"
+                          color="primary"
+                          onClick={() => goToProjectPage(project)}
+                        >
+                          Select
+                        </Button>
+                      }
+                    >
+                      <ListItem.Avatar>
+                        <span className="inline-block h-6 w-6 overflow-hidden rounded-md">
+                          <Image
+                            src="/logos/new.svg"
+                            alt="Nhost Logo"
+                            width={24}
+                            height={24}
+                          />
+                        </span>
+                      </ListItem.Avatar>
+                      <ListItem.Text
+                        primary={project.projectName}
+                        secondary={`${project.workspaceName} / ${project.projectName}`}
+                      />
+                    </ListItem.Root>
+
+                    {index < projects.length - 1 && <Divider component="li" />}
+                  </Fragment>
+                ))}
+              </List>
+            )}
+          </RetryableErrorBoundary>
+        </div>
+      </div>
+    </Container>
+  );
+}
+
+SelectWorkspaceAndProject.getLayout = function getLayout(page: ReactElement) {
+  return (
+    <AuthenticatedLayout title="Select a Project">{page}</AuthenticatedLayout>
+  );
+};

dashboard/src/tests/testUtils.tsx

@@ -29,6 +29,7 @@ import { Toaster } from 'react-hot-toast';
 const emotionCache = createEmotionCache();
 
 process.env = {
+  TEST_MODE: 'true',
   NODE_ENV: 'development',
   NEXT_PUBLIC_NHOST_PLATFORM: 'false',
   NEXT_PUBLIC_ENV: 'dev',

dashboard/src/utils/execPromiseWithErrorToast/execPromiseWithErrorToast.tsx

@@ -29,6 +29,7 @@ export default async function execPromiseWithErrorToast(
     const result = await call();
 
     toast.dismiss(loadingToastId);
+
     toast.success(successMessage, {
       style: toastStyle.style,
       ...toastStyle.success,

docs/CHANGELOG.md

@@ -1,5 +1,39 @@
 # @nhost/docs
 
+## 2.6.0
+
+### Minor Changes
+
+- dc23dc0: fix: docs run references
+
+## 2.5.0
+
+### Minor Changes
+
+- 0d8d0eb: Update docs and dashboard references
+
+### Patch Changes
+
+- 41617b9: feat: added elevated permissions docs
+- 7db095f: chore: added a note about disk performance and CDN information
+
+## 2.4.0
+
+### Minor Changes
+
+- 791b729: fix: remove auth method
+
+## 2.3.0
+
+### Minor Changes
+
+- d3d1424: feat: Add support for authenticated download of files
+
+### Patch Changes
+
+- e5bab6a: chore: update dependencies
+- 2ae5ea8: fix: indicate that custom domains for postgres doesn't require configuration
+
 ## 2.2.0
 
 ### Minor Changes

docs/guides/ai/local-development.mdx

@@ -9,19 +9,19 @@ If you are using the Nhost CLI for local development, as of [v0.12.0](https://gi
 
 <Steps>
   <Step title="Configuring the Service">
-    Follow the steps highlighed in the ["Enabling Service"](enabling-service) guide and don't forget to add the relevant secrets to your `.secrets` file.
+    Follow the steps highlighed in the [Enabling Service](enabling-service) guide and don't forget to add the relevant secrets to your `.secrets` file.
   </Step>
   <Step title="Start nhost">
     Run `nhost up`:
 
-    ![nhost up](/images/guides/ai/local_development/nhost_up.png)
+    ![nhost up](/images/guides/ai/local-development/nhost_up.png)
 
     After starting the service the first thing you will notice is that there is a new `ai` service running.
   </Step>
   <Step title="Commit metadata changes">
     As you start the AI service metadata changes may be proposed:
 
-    ![git status](/images/guides/ai/local_development/git_status.png)
+    ![git status](/images/guides/ai/local-development/git_status.png)
 
     We strongly recommmend you to commit them to your git repository so they can be deployed alongside your application.
   </Step>
@@ -32,11 +32,11 @@ If you are using the Nhost CLI for local development, as of [v0.12.0](https://gi
 
 If you add [auto-embeddings](/guides/ai/auto-embeddings) configuration locally and want to synchronize them with the cloud we recommend inserting them using a migration rather than with the auto-embeddings UI:
 
-![migration](/images/guides/ai/local_development/migration.png)
+![migration](/images/guides/ai/local-development/migration.png)
 
 And then running `nhost up` to download the updated metadata. Afterwards you should see both database migrations and functions' metadata changes in your local project:
 
-![git status](/images/guides/ai/local_development/git_status_functions.png)
+![git status](/images/guides/ai/local-development/git_status_functions.png)
 
 Pushing them to your deployment branch will also deploy them to your cloud project.
 

docs/guides/auth/elevated-permissions.mdx

@@ -0,0 +1,92 @@
+---
+title: Elevated Permissions
+sidebarTitle: Elevated Permissions
+description: Require extra permissions to perform critical operations
+icon: unlock
+---
+
+In some scenarios you may want to add an extra layer of security to perform certain actions or view certain data. For instance, you may wish to allow users to view their profile information after authenticating but you may want to require users to confirm changes to their profile by performing an extra validation step with a [security key](sign-in-webauthn).
+
+![overview-flow](/images/guides/auth/elevated-permissions/overview.png)
+
+This is accomplished by adding the claim `x-hasura-auth-elevated: $user-id` to the access token in response to the extra security challenge. With this new claim in mind you can start writing permissions that require this extra step.
+
+It is important to keep in mind the claim is added to the access token so, for as long as you have that access token, you will have elevated access. Once the access token is renewed (due to expiration or any other reason), the claim will be lost and a new security challenge will be required to add it back.
+
+# API Endpoints and SDK components
+
+To implement this functionality [auth](/product/authentication) [0.26.0](https://github.com/nhost/hasura-auth/releases/tag/0.26.0) introduces the new endpoint [/elevate/webauthn](/reference/auth/elevate-webauthn). This endpoint works the same way as [/signin/webauthn](/reference/auth/sign-in-using-email-via-fido2-webauthn-authentication) but it requires an Authorization header with a valid token to add the elevated claim to.
+
+In addition, a few methods and components have also been added to simplify it's usage:
+
+- [nhost.auth.elevateEmailSecurityKey](/reference/javascript/auth/elevate-email-security-key)
+- [React - useElevateSecurityKeyEmail](/reference/react/use-elevate-security-key-email)
+- [Next.js - useElevateSecurityKeyEmail](/reference/nextjs/use-elevate-security-key-email)
+- [Vue - useElevateSecurityKeyEmail](/reference/vue/use-elevate-security-key-email)
+
+# Protecting Hasura data
+
+You can use the claim `x-hasura-auth-elevated` in exactly the same way you would normally use `X-Hasura-User-Id` for added security. For instance, the following permissions would allow users to see their data without any extra security:
+
+![example-select-permissions](/images/guides/auth/elevated-permissions/select.png)
+
+While the following permissions would require them first to elevate their access in order to update them:
+
+![example-update-permissions](/images/guides/auth/elevated-permissions/update.png)
+
+# Protecting Auth data
+
+Some user information needs to be changed via hasura-auth's API rather than via graphql mutations. These endpoints are:
+
+- [/user/password](/reference/auth/set-a-new-password) for changing passwords
+- [/user/email/change](/reference/auth/change-the-current-users-email) for changing emails
+- [/user/mfa](/reference/auth/activatedeactivate-multi-factor-authentication) for enabling or disabling MFA
+- [/user/webauthn/add](/reference/auth/initialize-adding-of-a-new-webauthn-security-key-device-browser) for adding security keys
+- [/pat](/reference/auth/create-personal-access-token-pat) for PAT creation
+
+To protect these endpoints and require the elevated claim you can use the following configuration option:
+
+```toml
+[auth.elevatedPrivileges]
+mode = 'required'
+```
+
+The mode can be one of `disabled` (default), `required`, `recommended`.
+
+In `disabled` mode the elevated claim isn't required in any of the options above. This is the default behavior.
+
+In `required` mode, all of the endpoints above will require an access token with the elevated claim. There is only one exception to this rule. If the user has no security key, adding the first security key won't require the elevated claim. However, as the rest of the endpoints do require it, the user won't be able to perform any changes until it adds a security key and gets an access token with the elevated claim. Adding extra security keys after the first one has been added will require the elevated claim. Removing security keys always requires the elevated claim.
+
+In `recommended` mode, the elevated claim is only required if the user has a security key configured. If a user doesn't have a security key the elevated claim won't be required to perform the actions described above. If the user has one or more keys the elevated claims will be required. This mode provides flexibility for the users to choose if they want the extra security or not.
+
+<Warning>
+If you are allowing users to perform changes to auth data directly by performing graphql mutations (i.e. deleting security keys), don't forget to update the permissions to match the desired behavior.
+</Warning>
+
+## Example
+
+To demonstrate this functionality we have implemented them in our [react-apollo](https://react-apollo.example.nhost.io) ([source](https://github.com/nhost/nhost/tree/main/examples/react-apollo)) and [vue-apollo](https://vue-apollo.example.nhost.io) ([source](https://github.com/nhost/nhost/tree/main/examples/vue-apollo)) examples.
+
+### Secret Notes
+
+To demonstrate how the elevated claim can work for permissions you can check the "Secret Notes" example. In this example, we are allowing users to see their secret notes by giving the `select` permissions `notes.user_id eq X-Hasura-User-Id`
+
+![view secret notes](/images/guides/auth/elevated-permissions/secret_notes_view.png)
+
+However, we are requiring elevated permissions to `insert`, `update` and `delete` with the permissions `notes.user_id eq x-hasura-auth-elevated`. In our example we automatically initiate the elevation process if the claim isn't already present:
+
+![add secret notes](/images/guides/auth/elevated-permissions/secret_notes_add.png)
+
+Note that after elevating permissions the secret note is added and the elevated claim persists until there is a token refreshed.
+
+![after adding secret notes](/images/guides/auth/elevated-permissions/secret_notes_added.png)
+
+### Updating profile information
+
+In addition, to demonstrate the new `auth.elevatedPrivileges` setting, we have set it to `required` in this example requiring elevated access to perform certain changes. For instance, if you try to change your password you will first have to elevate your access:
+
+![change password](/images/guides/auth/elevated-permissions/password.png)
+
+After elevating access the password is changed:
+
+![password changed](/images/guides/auth/elevated-permissions/password_changed.png)

docs/guides/auth/overview.mdx

@@ -0,0 +1,111 @@
+---
+title: Overview
+description: Learn about Nhost Auth
+icon: hand-wave
+---
+
+Nhost Auth is a ready-to-use authentication service seamlessly integrated with the [GraphQL API](/product/graphql) and its [Permission System](/guides/api/permissions) from Hasura. This allows you to easily add user authentication to your application without having to build and maintain your own authentication system.
+
+## Supported Methods
+
+<CardGroup cols={4}>
+  <Card title="Email and Password" icon="square-1" href="/guides/auth/sign-in-email-password">
+  </Card>
+  <Card title="Magic Link" icon="square-2" href="/guides/auth/sign-in-magic-link">
+  </Card>
+  <Card title="Phone Number (SMS)" icon="square-3" href="/guides/auth/sign-in-phone-number">
+  </Card>
+  <Card title="Security Keys (WebAuthn)" icon="square-4" href="/guides/auth/sign-in-webauthn">
+  </Card>
+  <Card title="Elevated Permissions" icon="square-5" href="/guides/auth/elevated-permissions">
+  </Card>
+</CardGroup>
+
+### OAuth Providers
+
+<CardGroup cols={4}>
+  <Card title="Apple" icon="square-1" href="/guides/auth/social/sign-in-apple">
+  </Card>
+  <Card title="Discord" icon="square-2" href="/guides/auth/social/sign-in-discord">
+  </Card>
+  <Card title="Facebook" icon="square-3" href="/guides/auth/social/sign-in-facebook">
+  </Card>
+  <Card title="GitHub" icon="square-4" href="/guides/auth/social/sign-in-github">
+  </Card>
+  <Card title="Google" icon="square-5" href="/guides/auth/social/sign-in-google">
+  </Card>
+  <Card title="Linkedin" icon="square-6" href="/guides/auth/social/sign-in-linkedin">
+  </Card>
+  <Card title="Spotify" icon="square-7" href="/guides/auth/social/sign-in-spotify">
+  </Card>
+  <Card title="Twitch" icon="square-8" href="/guides/auth/social/sign-in-twitch">
+  </Card>
+  <Card title="WorkOS" icon="square-9" href="/guides/auth/social/sign-in-workos">
+  </Card>
+</CardGroup>
+
+## Client URL
+
+Client URL is the URL of your frontend application. The Client URL is used to redirect the user in certain auth workflows like signing in or resetting a password.
+
+## Allowed Redirect URLs
+
+Allowed Redirect URLs are the URLs of your frontend application that users are allowed to be redirected to on specific auth workflows. This is useful if you have multiple applications using the same Nhost backend or if you want to redirect users to a specific URL after certain authentication workflows.
+
+As an example, for a staging project, you can set the Client URL to `https://staging.example.com` and Allowed Redirect URLs to `https://*.vercel.app`. This way, the user can be redirected to any Vercel deployment of your frontend application.
+
+## Allowed Emails and Domains
+
+Allowed Emails and Domains are used to restrict what email adresses and domains are valid when signing up and signing in.
+
+If both allowed emails and allowed domains are set a user can only sign up if their email address matches one of the allowed emails or one of the allowed domains.
+
+## Blocked Emails and Domains
+
+Blocked Emails and Domains are used to block specific email addresses and domains from signing up and signing in.
+
+Note that even if a user's email address matches any allowed email or domain, they will still be blocked if their email address matches any blocked email or domain.
+
+## Multi-factor Authentication
+
+By enabling Multi-Factor Authentication (MFA), you can allow users to verify their identity using a second factor during the sign-in process. We currently support Authenticator Apps (TOTP) for MFA.
+
+A user can enable MFA for their account by scanning a QR code with their Authenticator App. After that, they will be prompted to enter a code generated by their Authenticator App during the sign-in process.
+
+## Gravatar
+
+If Gravatar is enabled, Nhost Auth will use the user's email address to fetch their Gravatar profile picture. If the user doesn't have a Gravatar profile picture, a default image will be used.
+
+There are two options for Gravatars.
+
+<Steps>
+  <Step title="Default Image">
+
+If the user doesn't have a Gravatar profile picture, a default image will be used. You can choose between the following options:
+
+- `404`: Do not load any image if none is associated with the email hash, instead return an HTTP 404 (File Not Found) response.
+- `mp`: (mystery-person) a simple, cartoon-style silhouetted outline of a person (does not vary by email hash).
+- `identicon`: a geometric pattern based on an email hash.
+- `monsterid`: a generated 'monster' with different colors, faces, etc.
+- `wavatar`: generated faces with differing features and backgrounds.
+- `retro`: awesome generated, 8-bit arcade-style pixelated faces.
+- `robohash`: a generated robot with different colors, faces, etc.
+- `blank`: a transparent PNG image.
+
+</Step>
+
+<Step title="Rating">
+
+Gravatar images are rated by default. You can choose between the following options:
+
+- `g`: suitable for display on all websites with any audience type.
+- `pg`: may contain rude gestures, provocatively dressed individuals, lesser swear words or mild violence.
+- `r`: may contain such things as harsh profanity, intense violence, nudity, or hard drug use.
+- `x`: may contain hardcore sexual imagery or extremely disturbing violence.
+
+</Step>
+</Steps>
+
+## Disable New Users
+
+If set, newly registered users are disabled and won't be able to sign in. This is useful if you want to manually approve new users before they can sign in.

docs/guides/auth/users.mdx

@@ -0,0 +1,155 @@
+---
+title: Users
+description: Learn about Users managed by Nhost Auth
+icon: users
+---
+
+## Creating Users
+
+Users are created using the sign-up or sign-in flows described under [Supported Methods](/guides/auth/overview#supported-methods).
+
+- **Avoid** creating users directly via GraphQL or the database, unless you are [importing users](#import-users) from an external system.
+- **Avoid** modifying the database schema for the `auth.users` table.
+- **Avoid** modifying the GraphQL root queries or fields for any of the tables in the `auth` schema.
+
+You're allowed to:
+
+- Add and remove your GraphQL relationships for the `users` table and other tables in the `auth` schema.
+- Create, edit and delete permissions for the `users` table and other tables in the `auth` schema.
+
+## Roles
+
+Each user has one **default role** and a list of **allowed roles**. These roles are used to resolve permissions for requests to [GraphQL](/graphql/permissions) and [Storage](/storage#permissions).
+
+When the user makes a request, only one role is used to resolve permissions. The default role is used if no role is explicitly specified. Users can only make requests using the default role or one of the allowed roles.
+
+### Default Role
+
+The default role is used when no role is specified in the request. By default, users' default role is `user`.
+
+You can change what the default role for new users should be at **Settings -> Roles and Permissions**.
+
+### Allowed Roles
+
+Allowed roles are roles the user is allowed to use when making a request. Usually, you would change the role from `user` (the default role) to some other role because you want to use a different role to resolve permissions for a particular request.
+
+By default, users have two allowed roles:
+
+- `user` (default)
+- `me`
+
+You can change the default role for new users at **Settings -> Roles and Permissions**.
+
+#### Assign Allowed Roles
+
+It's possible to give users a subset of allowed roles during signup.
+
+**Example:** Only set the `user` role (exclude the `me` role) for the user's allowed roles:
+
+```js
+await nhost.auth.signUp({
+  email: 'joe@example.com',
+  password: 'secret-password'
+  options: {
+    allowedRoles: ['user']
+  }
+})
+```
+
+### Set Role for GraphQL Requests
+
+When no role is specified, the user's default role will be used:
+
+```js
+await nhost.graphql.request(QUERY, {})
+```
+
+If you want to make a GraphQL request using a specific role, you can do so by using the `x-hasura-role` header, like this:
+
+```js
+await nhost.graphql.request(
+  QUERY,
+  {},
+  {
+    headers: {
+      'x-hasura-role': 'me'
+    }
+  }
+)
+```
+
+If the request is not part of the user's allowed roles, the request will fail.
+
+## Metadata
+
+You can store custom information about the user in the `metadata` column of the `users` table. The `metadata` column is of type JSONB so any JSON data can be stored.
+
+**Example:** Add metadata to a user during sign-up:
+
+```js
+await nhost.auth.signUp({
+  email: 'joe@example.com',
+  password: 'secret-password',
+  options: {
+    metadata: {
+      birthYear: 1989,
+      town: 'Stockholm',
+      likes: ['Postgres', 'GraphQL', 'Hasura', 'Authentication', 'Storage', 'Serverless Functions']
+    }
+  }
+})
+```
+
+## Get User Information using GraphQL
+
+**Example:** Get all users.
+
+```graphql
+query {
+  users {
+    id
+    displayName
+    email
+    metadata
+  }
+}
+```
+
+**Example:** Get a single user.
+
+```graphql
+query {
+  user(id: "<user-id>") {
+    id
+    displayName
+    email
+    metadata
+  }
+}
+```
+
+## Import Users
+
+If you have users in a different system, you can import them into Nhost. When importing users you should insert the users directly into the database instead of using the authentication endpoints (`/signup/email-password`) to avoid sending unnecessary transactional emails.
+
+### GraphQL
+
+Make a GraphQL request to insert a user like this:
+
+```graphql
+mutation insertUser($user: users_insert_input!) {
+  insertUser(object: $user) {
+    id
+  }
+}
+```
+
+### SQL
+
+Connect directly to the database and insert a user like this:
+
+```sql
+INSERT INTO auth.users (id, email, display_name, password_hash, ..) VALUES ('<user-id>', '<email>', '<display-name>', '<password-hash>', ..);
+```
+
+Passwords are hashed using [bcrypt](https://en.wikipedia.org/wiki/Bcrypt).

docs/guides/cli/configuration-overlays.mdx

@@ -1,6 +1,6 @@
 ---
 title: Configuration Overlays
-description: description
+description: Learn how to use Configuration Overlays
 icon: circles-overlap
 ---
 

docs/guides/cli/local-development.mdx

@@ -1,6 +1,6 @@
 ---
 title: Local Development
-description: description
+description: Learn how to start a development instance of Nhost 
 icon: code
 ---
 

docs/guides/cli/migrate-config.mdx

@@ -1,6 +1,6 @@
 ---
-title: Migrate Existing Projects
-description: description
+title: Migrate to Nhost Config
+description: Learn how to migrate old projects to use the new configuration file
 icon: arrow-down-to-bracket
 ---
 

docs/guides/cli/multiple-projects.mdx

@@ -1,6 +1,6 @@
 ---
-title: 'Running multiple projects at the same time'
-description: 'description'
+title: 'Running Multiple Projects'
+description: Learn how to run multiple Nhost projects locally
 icon: clone
 ---
 

docs/guides/cli/seeds.mdx

@@ -1,6 +1,6 @@
 ---
 title: 'Seeds'
-description: description
+description: Learn about using seeds to populate your local database
 icon: peapod
 ---
 

docs/guides/database/configuring-postgres.mdx

@@ -12,78 +12,41 @@ Postgres configuration can be tweaked to customize the **runtime behavior**, **p
   Postgres.
 </Warning>
 
-### Available Settings
-
-The following `CUE` schema contains all postgres settings available in `nhost.toml`.
-
-```cue schema
-#Postgres: {
-    version: string | *"14.6-20230705-1"
-
-    // Resources for the service, optional
-    resources?: #Resources & {
-        replicas: 1
-    }
-
-    // postgres settings of the same name in camelCase, optional
-    settings?: {
-        jit:                           "off"  | "on" | *"on"
-        maxConnections:                int32  | *100
-        sharedBuffers:                 string | *"128MB"
-        effectiveCacheSize:            string | *"4GB"
-        maintenanceWorkMem:            string | *"64MB"
-        checkpointCompletionTarget:    number | *0.9
-        walBuffers:                    int32  | *-1
-        defaultStatisticsTarget:       int32  | *100
-        randomPageCost:                number | *4.0
-        effectiveIOConcurrency:        int32  | *1
-        workMem:                       string | *"4MB"
-        hugePages:                     string | *"try"
-        minWalSize:                    string | *"80MB"
-        maxWalSize:                    string | *"1GB"
-        maxWorkerProcesses:            int32  | *8
-        maxParallelWorkersPerGather:   int32  | *2
-        maxParallelWorkers:            int32  | *8
-        maxParallelMaintenanceWorkers: int32  | *2
-        walLevel:                      string | *"replica"
-        maxWalSenders:                 int32 | *10
-        maxReplicationSlots:           int32 | *10
-    }
-}
-```
-
 ### Configuration Example
 
 To configure your Postgres instance, simply add the relevant settings under `[postgres.settings]` in your project's `nhost.toml` file.
 
 ```toml nhost.toml
 [postgres]
-version = '14.6-20230925-1'
+version = '14-20230312-1'
 
 [postgres.resources.compute]
-cpu = 1000
-memory = 2048
+cpu = 2000
+memory = 4096
+
+[postgres.resources.storage]
+capacity = 20
 
 [postgres.settings]
-jit = "off"
+jit = 'off'
 maxConnections = 100
-sharedBuffers = '256MB'
-effectiveCacheSize = '768MB'
+sharedBuffers = '128MB'
+effectiveCacheSize = '4GB'
 maintenanceWorkMem = '64MB'
 checkpointCompletionTarget = 0.9
-walBuffers = -1
+walBuffers = '-1'
 defaultStatisticsTarget = 100
-randomPageCost = 1.1
-effectiveIOConcurrency = 200
-workMem = '1310kB'
-hugePages = 'off'
+randomPageCost = 4.0
+effectiveIOConcurrency = 1
+workMem = '4MB'
+hugePages = 'try'
 minWalSize = '80MB'
 maxWalSize = '1GB'
 maxWorkerProcesses = 8
 maxParallelWorkersPerGather = 2
 maxParallelWorkers = 8
 maxParallelMaintenanceWorkers = 2
-walLevel = "replica"
+walLevel = 'replica'
 maxWalSenders = 10
 maxReplicationSlots = 10
 ```

docs/guides/database/performance.mdx

@@ -16,6 +16,8 @@ In case your Postgres service is not meeting your performance expectations, you
 
 4. Evaluate the usage of indexes in your database. Identify queries that could benefit from additional indexes and strategically add them to improve query performance.
 
+5. Increase the disk size to increase [disk performance](/platform/compute-resources#disk-performance). Keep in mind increasing the disk size isn't reversible and increasing the memory of the service may yield better results. This is mostly useful when your data is very volatile and the postgres cache can't work effectively. Only attempt to increase disk for performance reasons if your reads and writes are very high and increasing memory isn't effective.
+
 By implementing these steps, you can effectively address performance concerns and enhance the overall performance of your Postgres service.
 
 ## Upgrade to our latest postgres image

docs/guides/run/cli-deployments.mdx

@@ -1,6 +1,6 @@
 ---
 title: CLI & CI Deployments
-description: description
+description: Learn how to deploy your Run services using the CLI
 icon: rocket-launch
 ---
 

docs/guides/run/configuration.mdx

@@ -1,6 +1,6 @@
 ---
 title: Configuration
-description: Configure
+description: Learn how to configure a Run service
 icon: gear
 ---
 
@@ -46,11 +46,11 @@ capacity=1
   </Tab>
 </Tabs>
 
-<Info>Head to [CLI & CI deployments](/run/ci) for more details on how to deploy using a configuration file.</Info>
+<Info>Head to [CLI & CI deployments](/guides/run/cli-deployments) for more details on how to deploy using a configuration file.</Info>
 
-The `name` of the service is used as an identifier and to generate URLs when exposing the service to the Internet. You can use any container image publicly available or you can push your own to the [Nhost registry](/run/registry).
+The `name` of the service is used as an identifier and to generate URLs when exposing the service to the Internet. You can use any container image publicly available or you can push your own to the [Nhost registry](/guides/run/registry).
 
 All environment variables set here are exclusive to this service and will not be shared with other services or with the Nhost stack. If you are using a configuration file secrets are supported.
 
-For more details about the `Ports` section head to [networking](/run/networking). You can also head to [resources](/run/resources) for more information about replicas, compute, and storage.
+For more details about the `Ports` section head to [networking](/guides/run/networking). You can also head to [resources](/guides/run/resources) for more information about replicas, compute, and storage.
 

docs/guides/run/getting-started.mdx

@@ -12,11 +12,11 @@ Then on `New Service`:
 
 ![click on New Service](/images/guides/run/getting_started_2.png)
 
-Now you can fill your [service configuration](/run/configuration):
+Now you can fill your [service configuration](/guides/run/configuration):
 
 ![click on New Service](/images/guides/run/getting_started_3.png)
 
-As you configure the `Ports` section you can take note of the generated URL. You can find more information about this section under [Networking](/run/networking).
+As you configure the `Ports` section you can take note of the generated URL. You can find more information about this section under [Networking](/guides/run/networking).
 
 ![copy the URL](/images/guides/run/getting_started_4.png)
 

docs/guides/run/health-checks.mdx

@@ -1,6 +1,6 @@
 ---
 title: Healthchecks
-description: description
+description: Learn how to enable healthchecks for your services 
 icon: heart-pulse
 ---
 

docs/guides/run/networking.mdx

@@ -1,6 +1,6 @@
 ---
 title: Networking
-description: descriptioon
+description: Learn how networking works with Run
 icon: network-wired
 ---
 

docs/guides/run/registry.mdx

@@ -1,6 +1,6 @@
 ---
 title: Registry
-description: registru
+description: Learn how to use a private registry for your images
 icon: box-archive
 ---
 

docs/guides/run/resources.mdx

@@ -1,6 +1,6 @@
 ---
 title: Resources
-description: description
+description: Learn about compute resources
 icon: gauge-max
 ---
 
@@ -76,7 +76,7 @@ To pause a service, simply set its number of replicas to `0`:
   <Tab title="dashboard">
 
 
-![pausing a service](/img/run/resources_3.png)
+![pausing a service](/images/guides/run/resources_3.png)
 
   </Tab>
   <Tab title="toml">

docs/guides/storage/cdn.mdx

@@ -0,0 +1,28 @@
+---
+title: CDN
+description: Serving files lightning fast
+icon: bolt
+---
+
+The [storage](/product/storage) service integrates with a CDN service to cache files and serve them close to users. This leads to faster response times and lower load on the backend service. You can read our initial [announcement](https://nhost.io/blog/launching-nhost-cdn-nhost-storage-is-now-blazing-fast) for some general information about what a CDN is and the performance gains.
+
+# Security
+
+The primary function of a CDN is to deliver cached files quickly to users without relying on the backend. While this is effective for public files, we need to handle non-public files differently to ensure that only users with proper permissions can access those files. Instead of serving the file directly, a conditional fetch is performed, including the user's Authorization header. This allows the backend service to verify the user's permissions. By conducting this conditional check, the backend service only needs to confirm to the CDN that the file can be served to the specific user, eliminating the need to serve the file itself.
+
+# Cache invalidation
+
+If a file is modified or deleted, we instruct the CDN to immediately invalidate the cached files. This is done automatically by the storage service and requires no special handling.
+
+# Maximizing HITs
+
+In CDN terminology, a HIT occurs when a file is found in the cache and can be served to the user. Conversely, a MISS happens when the file is not yet cached and requires a round trip to the backend to retrieve it before it can be served to the user.
+
+To lower response times and backend load, we want to maximize HITs as much as possible. To do that here are some notes and recommendations:
+
+1. Links with different query arguments are treated as different files, even if they all point to the same underlying file.
+2. Due to (1), if you are using the image manipulation feature, each set of options (i.e. different sizes or qualities), will be treated as different files. Having too many different combinations may increase the number of MISSes and be counterproductive.
+3. Only use presigned URLs if you really must to and reuse if possible. Due to (1) as well, each presigned URL is different, which means they are treated by the CDN as different files, even if they all point to the same file.
+4. If possible, always prefer public files
+5. Authenticated files are your second best option. You can use [nhost.storage.download](/reference/javascript/storage/download) to download private files.
+6. If you are hosting large files, don't be afraid of using the [range header](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Range). The service should be able to cache and serve partial files too.

docs/images/guides/auth/elevated-permissions/overview.mermaidjs

@@ -0,0 +1,24 @@
+sequenceDiagram
+    Note over User: User logins as usual
+    User->>App: I want to login, please
+    App->>Backend: /signin/...
+    Backend->>App: Session{...}
+    App->>User: Here is your session
+
+    Note over User: Actions that don't require elevated permissions work as usual
+    User->>App: I want to see my profile data
+    App->>Backend: query getProfileData { ... }
+    Backend->>App: data { ... }
+    App->>User: Here is your profile
+
+    Note over User: Action that requires elevated permissions starts here
+    User->>App: I want to change my address to X
+    App->>Backend: /elevate/webauthn
+    Backend->>App: SecurityChallenge{ ... }
+    App->>User: SecurityChallenge{ ... }
+    User->>App: SecurityChallengeResponse{ ... }
+    App->>+Backend: SecurityChallengeResponse{ ... }
+    Backend->>App: SessionWithElevatedClaim{ ... }
+    App->>Backend: mutation updateAddress { ... }
+    Backend->>App: success { ... }
+    App->>User: Your address has been changed

docs/mint.json

@@ -102,7 +102,7 @@
         "group": "AI",
         "pages": [
             "guides/ai/enabling-service",
-            "guides/ai/local_development",
+            "guides/ai/local-development",
             "guides/ai/auto-embeddings",
             "guides/ai/assistants",
             "guides/ai/dev-assistant"
@@ -111,6 +111,8 @@
     {
       "group": "Authentication",
       "pages": [
+        "guides/auth/overview",
+        "guides/auth/users",
         {
           "group": "Social Sign In",
           "icon": "at",
@@ -130,6 +132,7 @@
         "guides/auth/sign-in-magic-link",
         "guides/auth/sign-in-phone-number",
         "guides/auth/sign-in-webauthn",
+        "guides/auth/elevated-permissions",
         "guides/auth/email-templates"
       ]
     },
@@ -139,7 +142,7 @@
     },
     {
       "group": "Storage",
-      "pages": ["guides/storage/overview", "guides/storage/antivirus"]
+      "pages": ["guides/storage/overview", "guides/storage/cdn", "guides/storage/antivirus"]
     },
     {
       "group": "Functions",
@@ -193,7 +196,9 @@
                 "reference/auth/sign-up-using-email-via-fido2-webauthn-authentication",
                 "reference/auth/verfiy-fido2-webauthn-authentication-and-complete-signup",
                 "reference/auth/sign-in-using-email-via-fido2-webauthn-authentication",
-                "reference/auth/verfiy-fido2-webauthn-authentication-using-public-key-cryptography"
+                "reference/auth/verfiy-fido2-webauthn-authentication-using-public-key-cryptography",
+                "reference/auth/elevate-webauthn", 
+                "reference/auth/elevate-webauthn-verify"
               ]
             },
             {
@@ -224,7 +229,8 @@
                 "reference/auth/get-user-information",
                 "reference/auth/refresh-the-oauth-access-tokens-of-a-given-user-you-must-be-an-admin-to-perform-this-operation",
                 "reference/auth/initialize-adding-of-a-new-webauthn-security-key-device-browser",
-                "reference/auth/verfiy-adding-of-a-new-webauth-security-key-device-browser"
+                "reference/auth/verfiy-adding-of-a-new-webauth-security-key-device-browser",
+                "reference/auth/create-personal-access-token-pat"
               ]
             },
             "reference/auth/sign-out"
@@ -291,7 +297,6 @@
               "group": "Auth",
               "pages": [
                 "reference/javascript/auth/hasura-auth-client",
-                "reference/javascript/auth/add-security-key",
                 "reference/javascript/auth/change-email",
                 "reference/javascript/auth/change-password",
                 "reference/javascript/auth/create-pat",
@@ -312,19 +317,22 @@
                 "reference/javascript/auth/sign-in",
                 "reference/javascript/auth/sign-in-pat",
                 "reference/javascript/auth/sign-out",
-                "reference/javascript/auth/sign-up"
+                "reference/javascript/auth/sign-up",
+                "reference/javascript/auth/add-security-key",
+                "reference/javascript/auth/elevate-email-security-key"
               ]
             },
             {
               "group": "Storage",
               "pages": [
                 "reference/javascript/storage/hasura-storage-client",
-                "reference/javascript/storage/delete",
+                "reference/javascript/storage/upload",
+                "reference/javascript/storage/download",
                 "reference/javascript/storage/get-presigned-url",
                 "reference/javascript/storage/get-public-url",
+                "reference/javascript/storage/delete",
                 "reference/javascript/storage/set-access-token",
-                "reference/javascript/storage/set-admin-secret",
-                "reference/javascript/storage/upload"
+                "reference/javascript/storage/set-admin-secret"
               ]
             },
             {
@@ -335,6 +343,14 @@
                 "reference/javascript/graphql/set-access-token",
                 "reference/javascript/graphql/request"
               ]
+            },
+            {
+              "group": "Functions ",
+              "pages": [
+                "reference/javascript/functions/create-functions-client",
+                "reference/javascript/functions/call",
+                "reference/javascript/functions/set-access-token"
+              ]
             }
           ]
         },
@@ -371,6 +387,7 @@
             "reference/react/use-sign-out",
             "reference/react/use-sign-up-email-password",
             "reference/react/use-sign-up-email-security-key-email",
+            "reference/react/use-elevate-security-key-email",
             "reference/react/use-user-avatar-url",
             "reference/react/use-user-data",
             "reference/react/use-user-default-role",
@@ -417,6 +434,7 @@
             "reference/nextjs/use-sign-out",
             "reference/nextjs/use-sign-up-email-password",
             "reference/nextjs/use-sign-up-email-security-key-email",
+            "reference/nextjs/use-elevate-security-key-email",
             "reference/nextjs/use-user-avatar-url",
             "reference/nextjs/use-user-data",
             "reference/nextjs/use-user-default-role",
@@ -463,7 +481,11 @@
             "reference/vue/use-user-id",
             "reference/vue/use-user-is-anonymous",
             "reference/vue/use-user-locale",
-            "reference/vue/use-user-roles"
+            "reference/vue/use-user-roles",
+            "reference/vue/use-add-security-key",
+            "reference/vue/use-elevate-security-key-email",
+            "reference/vue/use-sign-in-email-security-key",
+            "reference/vue/use-sign-up-email-security-key"
           ]
         }
       ]

docs/package.json

@@ -1,11 +1,11 @@
 {
   "name": "@nhost/docs",
-  "version": "2.2.0",
+  "version": "2.6.0",
   "private": true,
   "scripts": {
     "start": "mintlify dev"
   },
   "devDependencies": {
-    "mintlify": "^4.0.112"
+    "mintlify": "^4.0.121"
   }
 }

docs/platform/compute-resources.mdx

@@ -4,7 +4,7 @@ description: "Allocate CPU and Memory to your backend infrastructure"
 icon: server
 ---
 
-Compute resources are the fundamental units that represent the processing power and memory available to your projects. The primary compute resources are vCPU and RAM. 
+Compute resources are the fundamental units that represent the processing power and memory available to your projects. The primary compute resources are vCPU and RAM.
 
 This documentation outlines the key aspects of compute resources in the context of the Nhost Cloud Platform.
 
@@ -40,7 +40,7 @@ Projects on the pro tier have a total of 2 shared vCPUs and 2 GiB of RAM spread
 
 ## Dedicated Compute
 
-For production workloads where latency is essential or consistent performance is non-negotiable, we strongly suggest the use of dedicated resources. 
+For production workloads where latency is essential or consistent performance is non-negotiable, we strongly suggest the use of dedicated resources.
 
 <Note>Compute/Dedicated resources are only available on the Pro plan</Note>
 
@@ -72,3 +72,21 @@ To setup dedicated resources for your project, you can either use the Dashboard
   </Tab>
 </Tabs>
 
+## Disk Performance
+
+Services may require a disk provisioned to store data. For instance, [postgres](/guides/database/configuring-postgres#configuration-example) comes with a disk provisioned by default and [Nhost Run](/product/run) may [too](/guides/run/resources#storage). For these cases we provisioned SSD disks with the following performance:
+
+- Baseline: 3000 IOPS
+- Baseline: 125Mbps of thoughput
+- Every 50GB: +350 IOPS and +15Mbps of throughput
+
+For example, the following disk sizes will have the following performance:
+
+| Size | IOPS | Throughput |
+| ---- | ---- | ---------- |
+| 1 | 3000| 125 |
+| 10 | 3000| 125 |
+| 49 | 3000| 125 |
+| 50 | 3350| 140 |
+| 100 | 3700 | 155 |
+| 300 | 5100 | 215 |

docs/platform/custom-domains.mdx

@@ -25,7 +25,7 @@ The following examples assume we are configuring custom domains at `*.custom-dom
   <Tab title="Config File">
     The first step is to add a CNAME record in your DNS provider for each of the services you want a custom domain for. You can find the instructions in the dashboard tab.
 
-    For Hasura, Auth, Functions, and PostgreSQL, custom domains are defined in the default `./nhost/config.toml` as follows:
+    For Hasura, Auth, and Functions, custom domains are defined in the default `./nhost/config.toml` as follows:
 
 ```toml
 [[hasura.resources.networking.ingresses]]
@@ -34,14 +34,15 @@ fqdn = ['hasura.custom-domain.com']
 [[auth.resources.networking.ingresses]]
 fqdn = ['auth.custom-domain.com']
 
-[[postgres.resources.networking.ingresses]]
-fqdn = ['postgres.custom-domain.com']
-
 [[functions.resources.networking.ingresses]]
 fqdn = ['functions.custom-domain.com']
 ```
 
-For Run services, typically in nhost-service.toml specific to the service:
+For PostgreSQL there is nothing to configure on Nhost's side so as long as you have a CNAME properly configured it should work.
+
+<Note>To connect to your backend using your custom domains instead of the subdomain and region you will have to pass the verious service URLs to the client. You can find the relevant parameters to pass to the client in the reference documentation (i.e. [react](/reference/react/nhost-client#nhostclient))</Note>
+
+For Run services, typically in an `nhost-service.toml` specific to the service:
 
 ```toml
 name = 'my-service'

docs/platform/environment-variables.mdx

@@ -21,7 +21,7 @@ export default (req: Request, res: Response) => {
 Variables created are available to all services, including Run Services and Functions
 </Note>
 
-## Add Environment Variables
+## Adding Environment Variables
 
 <Tabs>
 <Tab title="Config">
@@ -39,3 +39,43 @@ value = "Nhost is Awesome!"
 </Tab>
 </Tabs>
 
+## System Environment Variables
+
+System environment variables are generated and managed by Nhost. The following variables are available:
+
+- `NHOST_ADMIN_SECRET`
+- `NHOST_WEBHOOK_SECRET`
+- `NHOST_SUBDOMAIN`
+- `NHOST_REGION`
+- `NHOST_HASURA_URL`
+- `NHOST_AUTH_URL`
+- `NHOST_GRAPHQL_URL`
+- `NHOST_STORAGE_URL`
+- `NHOST_FUNCTIONS_URL`
+- `NHOST_JWT_SECRET`
+
+`NHOST_ADMIN_SECRET`, `NHOST_WEBHOOK_SECRET` and `NHOST_JWT_SECRET` are populated with values from their corresponding secrets. 
+
+**Example values**:
+
+```text
+NHOST_ADMIN_SECRET={{ secrets.HASURA_GRAPHQL_ADMIN_SECRET }}
+
+NHOST_WEBHOOK_SECRET={{ secrets.NHOST_WEBHOOK_SECRET }}
+
+NHOST_SUBDOMAIN=abv123abc
+
+NHOST_REGION=eu-central-1
+
+NHOST_HASURA_URL=https://abc123abc.hasura.eu-central-1.nhost.run/console
+
+NHOST_AUTH_URL=https://abc123abc.auth.eu-central-1.nhost.run/v1
+
+NHOST_GRAPHQL_URL=https://abc123abc.graphql.eu-central-1.nhost.run/v1
+
+NHOST_STORAGE_URL=https://abc123abc.storage.eu-central-1.nhost.run/v1
+
+NHOST_FUNCTIONS_URL=https://abc123abc.functions.eu-central-1.nhost.run/v1
+
+NHOST_JWT_SECRET={"key": "{{ secrets.HASURA_GRAPHQL_JWT_SECRET }}", "type": "HS256" }
+```

docs/product/authentication.mdx

@@ -19,6 +19,8 @@ Combined with a powerful **Permission Rules** system, Nhost Auth offers everythi
   </Card>
   <Card title="Security Keys (WebAuthn)" icon="square-4" href="../guides/auth/sign-in-webauthn">
   </Card>
+  <Card title="Elevated Permissions" icon="square-5" href="../guides/auth/elevated-permissions">
+  </Card>
 </CardGroup>
 
 ### OAuth Providers

docs/product/functions.mdx

@@ -1,12 +1,14 @@
 ---
 title: Functions
-description: Server-side code that works as API endpoints 
+description: Server-side code that works as API endpoints
 icon: code
 ---
 
 Nhost Functions are server-side JavaScript or TypeScript functions that are a great option for handling things like Event Triggers for async workflows, as well as to integrate with external service providers like Stripe or Slack.
 
-<Tip>For more sophisticated use-cases and control over the runtime, use [Nhost Run](/product/run).</Tip>
+<Tip>
+  For more sophisticated use-cases and control over the runtime, use [Nhost Run](/product/run).
+</Tip>
 
 ## Hello World
 
@@ -21,7 +23,5 @@ Deploying functions is as easy as pushing your code!
 ## Additional Resources
 
 <CardGroup cols={2}>
-  <Card title="Learn how to use Functions" href="/guides/functions/getting-started">
-  </Card>
+  <Card title="Learn how to use Functions" href="/guides/functions/overview"></Card>
 </CardGroup>
-

docs/product/storage.mdx

@@ -4,13 +4,18 @@ description: Store and Serve large files
 icon: file
 ---
 
-Use Nhost Storage to store and retrieve large files such as videos, images, large documents, or any other objects. 
+Use Nhost Storage to store and retrieve large files such as videos, images, large documents, or any other objects.
 
 Nhost Storage includes a built-in image optimizer, so you can resize and compress your media files on the fly.
 
-### CDN 
-
-Serve your assets with a global CDN to reduce latency.
+<CardGroup cols={4}>
+  <Card title="Overview" icon="square-1" href="/guides/storage/overview">
+  </Card>
+  <Card title="CDN" icon="square-2" href="/guides/storage/cdn">
+  </Card>
+  <Card title="Antivirus" icon="square-3" href="/guides/storage/antivirus">
+  </Card>
+</CardGroup>
 
 
 ### Additional Resources

docs/reference/auth/create-personal-access-token-pat.mdx

@@ -0,0 +1,3 @@
+---
+openapi: post /pat
+---

docs/reference/auth/elevate-webauthn-verify.mdx

@@ -0,0 +1,4 @@
+---
+openapi: post /elevate/webauthn/verify
+sidebarTitle: Elevate Verify
+---

docs/reference/auth/elevate-webauthn.mdx

@@ -0,0 +1,4 @@
+---
+openapi: post /elevate/webauthn
+sidebarTitle: Elevate
+---

docs/reference/javascript/auth/elevate-email-security-key.mdx

@@ -0,0 +1,16 @@
+---
+title: elevateEmailSecurityKey()
+sidebarTitle: elevateEmailSecurityKey()
+---
+
+Use `nhost.auth.elevateEmailSecurityKey` to get a temporary elevated auth permissions to run sensitive operations.
+
+## Parameters
+
+---
+
+**<span className="parameter-name">email</span>** <span className="optional-status">required</span> <code>string</code>
+
+user email
+
+---

docs/reference/javascript/auth/refresh-session.mdx

@@ -9,10 +9,10 @@ Note: The Nhost client automatically refreshes the session when the user is auth
 
 ```ts
 // Refresh the session with the the current internal refresh token.
-nhost.auth.refreshToken()
+nhost.auth.refreshSession()
 
 // Refresh the session with an external refresh token.
-nhost.auth.refreshToken(refreshToken)
+nhost.auth.refreshSession(refreshToken)
 ```
 
 ## Parameters

docs/reference/javascript/auth/types/elevate-with-security-key-handler-result.mdx

@@ -0,0 +1,39 @@
+---
+title: ElevateWithSecurityKeyHandlerResult
+sidebarTitle: ElevateWithSecurityKeyHandlerResult
+description: No description provided.
+---
+
+# `ElevateWithSecurityKeyHandlerResult`
+
+## Parameters
+
+---
+
+**<span className="parameter-name">elevated</span>** <span className="optional-status">required</span> <code>boolean</code>
+
+---
+
+**<span className="parameter-name">isError</span>** <span className="optional-status">required</span> <code>boolean</code>
+
+**`@returns`**
+
+`true` if an error occurred
+
+**`@depreacted`**
+
+use `!isSuccess` or `!!error` instead
+
+---
+
+**<span className="parameter-name">error</span>** <span className="optional-status">required</span> <code>null &#124; [`AuthErrorPayload`](/reference/javascript/auth/types/auth-error-payload)</code>
+
+Provides details about the error
+
+---
+
+**<span className="parameter-name">isSuccess</span>** <span className="optional-status">required</span> <code>boolean</code>
+
+Returns `true` if the action is successful.
+
+---

docs/reference/javascript/functions/call.mdx

@@ -0,0 +1,70 @@
+---
+title: call()
+sidebarTitle: call()
+---
+
+Use `nhost.functions.call` to call (sending a POST request to) a serverless function. Use generic
+types to specify the expected response data, request body and error message.
+
+```ts
+await nhost.functions.call('send-welcome-email', {
+  email: 'joe@example.com',
+  name: 'Joe Doe'
+})
+```
+
+## Parameters
+
+---
+
+**<span className="parameter-name">url</span>** <span className="optional-status">required</span> <code>string</code>
+
+---
+
+**<span className="parameter-name">body</span>** <span className="optional-status">optional</span> <code>null &#124; TBody</code>
+
+---
+
+**<span className="parameter-name">config</span>** <span className="optional-status">optional</span> <code>NhostFunctionCallConfig</code>
+
+---
+
+## Examples
+
+### Without generic types
+
+```ts
+await nhost.functions.call('send-welcome-email', {
+  email: 'joe@example.com',
+  name: 'Joe Doe'
+})
+```
+
+### Using generic types
+
+```ts
+type Data = {
+  message: string
+}
+
+type Body = {
+  email: string
+  name: string
+}
+
+type ErrorMessage = {
+  details: string
+}
+
+// The function will only accept a body of type `Body`
+const { res, error } = await nhost.functions.call<Data, Body, ErrorMessage>(
+  'send-welcome-email',
+  { email: 'joe@example.com', name: 'Joe Doe' }
+)
+
+// Now the response data is typed as `Data`
+console.log(res?.data.message)
+
+// Now the error message is typed as `ErrorMessage`
+console.log(error?.message.details)
+```

docs/reference/javascript/functions/create-functions-client.mdx

@@ -0,0 +1,31 @@
+---
+title: createFunctionsClient()
+sidebarTitle: createFunctionsClient()
+---
+
+Creates a client for Functions from either a subdomain or a URL
+
+## Parameters
+
+---
+
+**<span className="parameter-name">params</span>** <span className="optional-status">required</span> [`NhostClientConstructorParams`](/reference/javascript/nhost-js/types/nhost-client-constructor-params)
+
+| Property                                                                                               | Type                                                                            | Required | Notes                                                                                                                                    |
+| :----------------------------------------------------------------------------------------------------- | :------------------------------------------------------------------------------ | :------: | :--------------------------------------------------------------------------------------------------------------------------------------- |
+| <span className="parameter-name"><span className="light-grey">params.</span>adminSecret</span>         | <code>string</code>                                                             |          | When set, the admin secret is sent as a header, `x-hasura-admin-secret`, for all requests to GraphQL, Storage, and Serverless Functions. |
+| <span className="parameter-name"><span className="light-grey">params.</span>functionsUrl</span>        | <code>string</code>                                                             |          |                                                                                                                                          |
+| <span className="parameter-name"><span className="light-grey">params.</span>storageUrl</span>          | <code>string</code>                                                             |          |                                                                                                                                          |
+| <span className="parameter-name"><span className="light-grey">params.</span>graphqlUrl</span>          | <code>string</code>                                                             |          |                                                                                                                                          |
+| <span className="parameter-name"><span className="light-grey">params.</span>authUrl</span>             | <code>string</code>                                                             |          |                                                                                                                                          |
+| <span className="parameter-name"><span className="light-grey">params.</span>region</span>              | <code>string</code>                                                             |          | Project region (e.g. `eu-central-1`) Project region is not required during local development (when `subdomain` is `localhost`)           |
+| <span className="parameter-name"><span className="light-grey">params.</span>subdomain</span>           | <code>string</code>                                                             |          | Project subdomain (e.g. `ieingiwnginwnfnegqwvdqwdwq`) Use `localhost` during local development                                           |
+| <span className="parameter-name"><span className="light-grey">params.</span>devTools</span>            | <code>boolean</code>                                                            |          | Activate devTools e.g. the ability to connect to the xstate inspector                                                                    |
+| <span className="parameter-name"><span className="light-grey">params.</span>autoSignIn</span>          | <code>boolean</code>                                                            |          | When set to true, will parse the url on startup to check if it contains a refresh token to start the session with                        |
+| <span className="parameter-name"><span className="light-grey">params.</span>autoRefreshToken</span>    | <code>boolean</code>                                                            |          | When set to true, will automatically refresh token before it expires                                                                     |
+| <span className="parameter-name"><span className="light-grey">params.</span>clientStorage</span>       | [`ClientStorage`](/reference/javascript/nhost-js/types/client-storage)          |          | Object where the refresh token will be persisted and read locally.                                                                       |
+| <span className="parameter-name"><span className="light-grey">params.</span>clientStorageType</span>   | [`ClientStorageType`](/reference/javascript/nhost-js/types/client-storage-type) |          | Define a way to get information about the refresh token and its exipration date.                                                         |
+| <span className="parameter-name"><span className="light-grey">params.</span>refreshIntervalTime</span> | <code>number</code>                                                             |          | Time interval until token refreshes, in seconds                                                                                          |
+| <span className="parameter-name"><span className="light-grey">params.</span>start</span>               | <code>boolean</code>                                                            |          |                                                                                                                                          |
+
+---

docs/reference/javascript/functions/nhost-functions-client.mdx

@@ -0,0 +1,13 @@
+---
+title: NhostFunctionsClient
+---
+
+# `NhostFunctionsClient`
+
+## Parameters
+
+---
+
+**<span className="parameter-name">params</span>** <span className="optional-status">required</span> <code>NhostFunctionsConstructorParams</code>
+
+---

docs/reference/javascript/functions/set-access-token.mdx

@@ -0,0 +1,18 @@
+---
+title: setAccessToken()
+sidebarTitle: setAccessToken()
+---
+
+Use `nhost.functions.setAccessToken` to a set an access token to be used in subsequent functions requests. Note that if you're signin in users with `nhost.auth.signIn()` the access token will be set automatically.
+
+```ts
+nhost.functions.setAccessToken('some-access-token')
+```
+
+## Parameters
+
+---
+
+**<span className="parameter-name">accessToken</span>** <span className="optional-status">required</span> <code>undefined &#124; string</code>
+
+---

docs/reference/javascript/storage/02-create-file-upload-machine.mdx

@@ -1,4 +0,0 @@
----
-title: createFileUploadMachine()
-sidebarTitle: createFileUploadMachine()
----

docs/reference/javascript/storage/02-create-multiple-files-upload-machine.mdx

@@ -1,4 +0,0 @@
----
-title: createMultipleFilesUploadMachine()
-sidebarTitle: createMultipleFilesUploadMachine()
----

docs/reference/javascript/storage/02-upload-file-promise.mdx

@@ -1,16 +0,0 @@
----
-title: uploadFilePromise()
-sidebarTitle: uploadFilePromise()
----
-
-## Parameters
-
----
-
-**<span className="parameter-name">params</span>** <span className="optional-status">required</span> <code>[`FileUploadConfig`](/reference/javascript/storage/types/file-upload-config) &amp; Partial&lt;StorageUploadFileParams&gt;</code>
-
----
-
-**<span className="parameter-name">interpreter</span>** <span className="optional-status">required</span> <code>ActorRefWithDeprecatedState&lt;FileUploadContext, &#123; type: "ADD", file: File, id: string, bucketId: string, name: string &#125; &#124; &#123; type: "UPLOAD", file: File, id: string, name: string, bucketId: string &#125; &amp; FileUploadConfig &#124; &#123; type: "UPLOAD_PROGRESS", progress: number, loaded: number, additions: number &#125; &#124; &#123; type: "UPLOAD_DONE", id: string, bucketId: string &#125; &#124; &#123; type: "UPLOAD_ERROR", error: StorageErrorPayload &#125; &#124; &#123; type: "CANCEL" &#125; &#124; &#123; type: "DESTROY" &#125;, &#123; value: any, context: FileUploadContext &#125;, ResolveTypegenMeta&lt;Typegen0, &#123; type: "ADD", file: File, id: string, bucketId: string, name: string &#125; &#124; &#123; type: "UPLOAD", file: File, id: string, name: string, bucketId: string &#125; &amp; FileUploadConfig &#124; &#123; type: "UPLOAD_PROGRESS", progress: number, loaded: number, additions: number &#125; &#124; &#123; type: "UPLOAD_DONE", id: string, bucketId: string &#125; &#124; &#123; type: "UPLOAD_ERROR", error: StorageErrorPayload &#125; &#124; &#123; type: "CANCEL" &#125; &#124; &#123; type: "DESTROY" &#125;, BaseActionObject, ServiceMap&gt;&gt; &#124; Interpreter&lt;FileUploadContext, any, &#123; type: "ADD", file: File, id: string, bucketId: string, name: string &#125; &#124; &#123; type: "UPLOAD", file: File, id: string, name: string, bucketId: string &#125; &amp; FileUploadConfig &#124; &#123; type: "UPLOAD_PROGRESS", progress: number, loaded: number, additions: number &#125; &#124; &#123; type: "UPLOAD_DONE", id: string, bucketId: string &#125; &#124; &#123; type: "UPLOAD_ERROR", error: StorageErrorPayload &#125; &#124; &#123; type: "CANCEL" &#125; &#124; &#123; type: "DESTROY" &#125;, &#123; value: any, context: FileUploadContext &#125;, ResolveTypegenMeta&lt;Typegen0, &#123; type: "ADD", file: File, id: string, bucketId: string, name: string &#125; &#124; &#123; type: "UPLOAD", file: File, id: string, name: string, bucketId: string &#125; &amp; FileUploadConfig &#124; &#123; type: "UPLOAD_PROGRESS", progress: number, loaded: number, additions: number &#125; &#124; &#123; type: "UPLOAD_DONE", id: string, bucketId: string &#125; &#124; &#123; type: "UPLOAD_ERROR", error: StorageErrorPayload &#125; &#124; &#123; type: "CANCEL" &#125; &#124; &#123; type: "DESTROY" &#125;, BaseActionObject, ServiceMap&gt;&gt;</code>
-
----

docs/reference/javascript/storage/02-upload-multiple-files-promise.mdx

@@ -1,16 +0,0 @@
----
-title: uploadMultipleFilesPromise()
-sidebarTitle: uploadMultipleFilesPromise()
----
-
-## Parameters
-
----
-
-**<span className="parameter-name">params</span>** <span className="optional-status">required</span> <code>[`FileUploadConfig`](/reference/javascript/storage/types/file-upload-config) &amp; [`UploadMultipleFilesActionParams`](/reference/javascript/storage/types/upload-multiple-files-action-params)</code>
-
----
-
-**<span className="parameter-name">service</span>** <span className="optional-status">required</span> <code>Interpreter&lt;MultipleFilesUploadContext, any, &#123; type: "ADD", files: AnyFileList, bucketId: string &#125; &#124; &#123; type: "UPLOAD", files: AnyFileList, bucketId: string &#125; &amp; FileUploadConfig &#124; &#123; type: "UPLOAD_PROGRESS", additions: number &#125; &#124; &#123; type: "UPLOAD_DONE" &#125; &#124; &#123; type: "UPLOAD_ERROR" &#125; &#124; &#123; type: "CANCEL" &#125; &#124; &#123; type: "REMOVE" &#125; &#124; &#123; type: "CLEAR" &#125;, &#123; value: any, context: MultipleFilesUploadContext &#125;, ResolveTypegenMeta&lt;Typegen0, &#123; type: "ADD", files: AnyFileList, bucketId: string &#125; &#124; &#123; type: "UPLOAD", files: AnyFileList, bucketId: string &#125; &amp; FileUploadConfig &#124; &#123; type: "UPLOAD_PROGRESS", additions: number &#125; &#124; &#123; type: "UPLOAD_DONE" &#125; &#124; &#123; type: "UPLOAD_ERROR" &#125; &#124; &#123; type: "CANCEL" &#125; &#124; &#123; type: "REMOVE" &#125; &#124; &#123; type: "CLEAR" &#125;, BaseActionObject, ServiceMap&gt;&gt;</code>
-
----

docs/reference/javascript/storage/download.mdx

@@ -0,0 +1,27 @@
+---
+title: download()
+sidebarTitle: download()
+---
+
+Use `nhost.storage.download` to download a file. To download a file the user must have permission to select the file in the `storage.files` table.
+
+```ts
+const { file, error } = await nhost.storage.download({ fileId: '<File-ID>' })
+```
+
+## Parameters
+
+---
+
+**<span className="parameter-name">params</span>** <span className="optional-status">required</span> [`StorageDownloadFileParams`](/reference/javascript/storage/types/storage-download-file-params)
+
+| Property                                                                                   | Type                                      | Required | Notes                                                        |
+| :----------------------------------------------------------------------------------------- | :---------------------------------------- | :------: | :----------------------------------------------------------- |
+| <span className="parameter-name"><span className="light-grey">params.</span>fileId</span>  | <code>string</code>                       |    ✔️    |                                                              |
+| <span className="parameter-name"><span className="light-grey">params.</span>blur</span>    | <code>number</code>                       |          | Image blur, between 0 and 100                                |
+| <span className="parameter-name"><span className="light-grey">params.</span>quality</span> | <code>number</code>                       |          | Image quality, between 1 and 100, 100 being the best quality |
+| <span className="parameter-name"><span className="light-grey">params.</span>height</span>  | <code>number</code>                       |          | Image height, in pixels                                      |
+| <span className="parameter-name"><span className="light-grey">params.</span>width</span>   | <code>number</code>                       |          | Image width, in pixels                                       |
+| <span className="parameter-name"><span className="light-grey">params.</span>headers</span> | <code>Record&lt;string, string&gt;</code> |          | Optional headers to be sent with the request                 |
+
+---

docs/reference/javascript/storage/types/storage-download-file-params.mdx

@@ -0,0 +1,45 @@
+---
+title: StorageDownloadFileParams
+sidebarTitle: StorageDownloadFileParams
+description: No description provided.
+---
+
+# `StorageDownloadFileParams`
+
+## Parameters
+
+---
+
+**<span className="parameter-name">fileId</span>** <span className="optional-status">required</span> <code>string</code>
+
+---
+
+**<span className="parameter-name">blur</span>** <span className="optional-status">optional</span> <code>number</code>
+
+Image blur, between 0 and 100
+
+---
+
+**<span className="parameter-name">quality</span>** <span className="optional-status">optional</span> <code>number</code>
+
+Image quality, between 1 and 100, 100 being the best quality
+
+---
+
+**<span className="parameter-name">height</span>** <span className="optional-status">optional</span> <code>number</code>
+
+Image height, in pixels
+
+---
+
+**<span className="parameter-name">width</span>** <span className="optional-status">optional</span> <code>number</code>
+
+Image width, in pixels
+
+---
+
+**<span className="parameter-name">headers</span>** <span className="optional-status">optional</span> <code>Record&lt;string, string&gt;</code>
+
+Optional headers to be sent with the request
+
+---

docs/reference/javascript/storage/types/storage-download-file-response.mdx

@@ -0,0 +1,13 @@
+---
+title: StorageDownloadFileResponse
+sidebarTitle: StorageDownloadFileResponse
+description: No description provided.
+---
+
+# `StorageDownloadFileResponse`
+
+```ts
+type StorageDownloadFileResponse =
+  | { file: Blob; error: null }
+  | { file: null; error: Error }
+```

docs/reference/nextjs/create-server-side-client.mdx

@@ -16,7 +16,7 @@ instance of `NhostClient` that is ready to use on the server side (signed in or
 
 ---
 
-**<span className="parameter-name">params</span>** <span className="optional-status">required</span> <code>string &#124; Partial&lt;Pick&lt;NhostReactClientConstructorParams, "subdomain" &#124; "region" &#124; "authUrl" &#124; "graphqlUrl" &#124; "storageUrl" &#124; "functionsUrl"&gt;&gt;</code>
+**<span className="parameter-name">params</span>** <span className="optional-status">required</span> <code>Partial&lt;Pick&lt;NhostReactClientConstructorParams, "subdomain" &#124; "region" &#124; "authUrl" &#124; "graphqlUrl" &#124; "storageUrl" &#124; "functionsUrl"&gt;&gt;</code>
 
 ---
 

docs/reference/nextjs/get-nhost-session.mdx

@@ -28,7 +28,7 @@ export const getServerSideProps: GetServerSideProps = async (context) => {
 
 ---
 
-**<span className="parameter-name">params</span>** <span className="optional-status">required</span> <code>string &#124; Partial&lt;Pick&lt;NhostReactClientConstructorParams, "subdomain" &#124; "region" &#124; "authUrl" &#124; "graphqlUrl" &#124; "storageUrl" &#124; "functionsUrl"&gt;&gt;</code>
+**<span className="parameter-name">params</span>** <span className="optional-status">required</span> <code>Partial&lt;Pick&lt;NhostReactClientConstructorParams, "subdomain" &#124; "region" &#124; "authUrl" &#124; "graphqlUrl" &#124; "storageUrl" &#124; "functionsUrl"&gt;&gt;</code>
 
 ---
 

docs/reference/nextjs/nhost-client.mdx

@@ -1,6 +1,5 @@
 ---
 title: NhostClient
-sidebarTitle: NhostClient
 description: No description provided.
 ---
 
@@ -21,7 +20,6 @@ description: No description provided.
 | <span className="parameter-name"><span className="light-grey">params.</span>authUrl</span>             | <code>string</code>  |          |                                                                                                                                          |
 | <span className="parameter-name"><span className="light-grey">params.</span>region</span>              | <code>string</code>  |          | Project region (e.g. `eu-central-1`) Project region is not required during local development (when `subdomain` is `localhost`)           |
 | <span className="parameter-name"><span className="light-grey">params.</span>subdomain</span>           | <code>string</code>  |          | Project subdomain (e.g. `ieingiwnginwnfnegqwvdqwdwq`) Use `localhost` during local development                                           |
-| <span className="parameter-name"><span className="light-grey">params.</span>backendUrl</span>          | <code>string</code>  |          | Nhost backend URL Will be deprecated in a future release. Please look at 'subdomain' and 'region' instead.                               |
 | <span className="parameter-name"><span className="light-grey">params.</span>devTools</span>            | <code>boolean</code> |          | Activate devTools e.g. the ability to connect to the xstate inspector                                                                    |
 | <span className="parameter-name"><span className="light-grey">params.</span>autoSignIn</span>          | <code>boolean</code> |          | When set to true, will parse the url on startup to check if it contains a refresh token to start the session with                        |
 | <span className="parameter-name"><span className="light-grey">params.</span>autoRefreshToken</span>    | <code>boolean</code> |          | When set to true, will automatically refresh token before it expires                                                                     |

docs/reference/nextjs/types/backend-url.mdx

@@ -1,11 +0,0 @@
----
-title: BackendUrl
-sidebarTitle: BackendUrl
-description: No description provided.
----
-
-# `BackendUrl`
-
-```ts
-type BackendUrl = () => { backendUrl: string }
-```

docs/reference/nextjs/types/nhost-next-client-constructor-params.mdx

@@ -47,13 +47,6 @@ Use `localhost` during local development
 
 ---
 
-**<span className="parameter-name">backendUrl</span>** <span className="optional-status">optional</span> <code>string</code>
-
-Nhost backend URL
-Will be deprecated in a future release. Please look at 'subdomain' and 'region' instead.
-
----
-
 **<span className="parameter-name">devTools</span>** <span className="optional-status">optional</span> <code>boolean</code>
 
 Activate devTools e.g. the ability to connect to the xstate inspector