DocsDeployment
Vercel, Supabase, Stripe webhooks, and PWA
Deployment
Surflink deploys as a standard Next.js app on Vercel, backed by Supabase and Stripe.
Vercel
- Connect your repository to Vercel (Next.js is auto-detected).
- Set all environment variables (see Environment Variables).
- Deploy.
| Setting | Value |
|---|---|
| Build command | next build |
| Output | .next |
| Install | npm install |
| Node | 20.x |
Cron jobs come from vercel.json (see Cron Jobs); set CRON_SECRET so Vercel authorizes them.
Supabase
- Create a Supabase project.
- Apply migrations in order:
supabase db push. - Create the Storage buckets manually:
raw-uploadsandsession-videos(no migration creates them). - Copy the project URL, anon key, and service-role key into your env.
- RLS enforces org-based isolation; privileged mutations are additionally authorized in route handlers.
Stripe
- Add
STRIPE_SECRET_KEY,STRIPE_WEBHOOK_SECRET, and the plan Price IDs. - Configure a webhook to
POST /api/stripe/webhook(handles platform + marketplace events). The route is in the middleware public + billing-bypass lists.
PWA
- Manifest at
public/manifest.json(theme colorvar(--accent-mint), standalone display). - Service worker at
public/sw.js(split static/runtime caches, stale-while-revalidate, network-first navigation, push handling), registered from the root layout.
Cross-origin isolation (FFmpeg)
Client-side FFmpeg compression needs SharedArrayBuffer, which requires:
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
These are not configured (next.config.mjs is empty), so compression is effectively disabled in production. Add them in next.config.mjs headers (or Vercel headers) if you need it -- note that COEP can affect loading of cross-origin assets.
Monitoring
- Vercel Analytics -- performance.
- Supabase dashboard -- DB, auth, storage.
- SurfVision/Modal dashboard -- AI job status and logs.