Most active commenters
  • dswbx(8)

Show HN: Bknd – Firebase alternative that embeds into any React stack

(github.com)
50 points dswbx | 23 comments | 25 Mar 25 14:34 UTC | HN request time: 2.185s | source | bottom

I built bknd because I was tired of stitching together auth, file storage, and database APIs every time I started a new project. Existing solutions were either too hard to extend, too basic, or required a separate deployment.

bknd runs directly inside your frontend app — no separate backend required. It works with Next.js, Remix, Astro, React Router. It also runs standalone on Cloudflare Workers, AWS Lambda, Bun, or Node.

It supports Postgres, LibSQL (Turso), D1, SQLite and has adapter-based storage. You get instant APIs, multi-strategy auth, media handling and a built-in Admin UI.

Curious what you’d build with it, feedback welcome!

1. e12e ◴[29 Mar 25 14:47 UTC] No.43515994[source]
What does this mean?:

> bknd runs directly inside your frontend app — no separate backend required.

> It supports Postgres

How is the postgres credentials kept secret from the client?

replies(2): >>43516097 #>>43517011 #
2. abusaidm ◴[29 Mar 25 15:02 UTC] No.43516097[source]
I think the project is saying, in cases where you are deploying the Frontend with server side serving, then you can include this. Given projects like NextJS have a server side serving for react server-side-rendering and for APIs this project uses the server side to add additional services as mentioned in the post.
replies(1): >>43516659 #
3. jfengel ◴[29 Mar 25 15:09 UTC] No.43516144[source]
How do authentication and authorization work? Like Firebase?

(I haven't used a system like that. I'm intrigued by the idea of a backend that's just a database but it weirds me out not to have to write a layer that says who can read what. Exposing the database that nakedly feels super dangerous.)

replies(6): >>43516211 #>>43516219 #>>43516669 #>>43516745 #>>43516958 #>>43521599 #
4. 3np ◴[29 Mar 25 15:18 UTC] No.43516211[source]
Sources here if you ae curious: https://github.com/bknd-io/bknd/tree/main/app/src/auth

Core auth feature progress is tracked here: https://github.com/bknd-io/bknd/issues/6

5. joshuanapoli ◴[29 Mar 25 15:19 UTC] No.43516219[source]
Broken (missing) auth is pretty common with Firebase/Supabase. It's a developer mistake that could happen in any kind of back-end, but I think that traditional back-end frameworks usually have better conventions that make the mistake less likely.
6. goosejuice ◴[29 Mar 25 16:27 UTC] No.43516659{3}[source]
Yeah, the messaging isn't very clear.
replies(1): >>43516992 #
7. Kiro ◴[29 Mar 25 16:29 UTC] No.43516669[source]
Yeah, I've never understood this. I can't think of any operation where I wouldn't want some backend logic in between. Firebase rules don't cut it.
replies(1): >>43516965 #
8. CalRobert ◴[29 Mar 25 16:40 UTC] No.43516745[source]
It does.. I know postgrest is like this though
9. dswbx ◴[29 Mar 25 17:10 UTC] No.43516958[source]
Similar to Firebase it's multi-strategy based. You can use a combo of email/password or OAuth/OIDC (internally using https://github.com/panva/oauth4webapi) – currently there are 2 pre-configured (Google, Github), but it's easy to extend, so requests are welcome.

On the Authorization side, you can create roles and attach permissions to it. Those roles then get attached to users.

Claims are transported via JWT, you can configure its lifetime, secret and hashing. Currently it's stateless, meaning the token is not checked in a session store. But if there is demand, I'd prioritize adding this. I'm mainly exactly looking for feedback to prioritize next additions.

Hope this helps.

10. dswbx ◴[29 Mar 25 17:11 UTC] No.43516965{3}[source]
Since you can embed bknd into any stack, and you can hook into system events, there are plenty of options to customize authorization according to your needs.
11. dswbx ◴[29 Mar 25 17:16 UTC] No.43516992{4}[source]
Yes, I agree, but it's really hard to find the right words. How would you describe it better?

That bknd is "embeddable" doesn't mean it has to. Backends such as Supabase or Firebase run on separate deployments. Especially for Supabase, if you want to self-host it, you run multiple services including your frontend. I tried to express that if you host your app on Vercel, CF, etc. – your backend (excluding database) can be deployed together with it.

Of course you can deploy it separately, e.g. fully on Cloudflare using Workers, D1 and R2.

replies(1): >>43537940 #
12. dswbx ◴[29 Mar 25 17:19 UTC] No.43517011[source]
bknd would be the "backend part" of your application, managing the schema, exposing REST APIs to access it, secure it, handling media uploads.

The database (postgres, libsql, d1, etc.) is hosted as usual. Fullstack frameworks like Next.js, Remix, Astro, etc. would run bknd on the server side exclusively.

But I see the issue. I should've written "inside your fullstack app" – my bad!

13. compootr ◴[29 Mar 25 17:23 UTC] No.43517031[source]
> Edge-Optimized

I frequently use pocketbase because I love its extensibility and simplicity. Is this product like pocketbase but you can edge-deploy it? (i.e more infinitely scalable?)

replies(1): >>43517092 #
14. dswbx ◴[29 Mar 25 17:30 UTC] No.43517092[source]
Yes, e.g. you can fully host it on Cloudflare using Workers, D1 and R2. There is an example in the repo and CLI starter to get started quickly (`npx bknd create -i cloudflare`)
replies(1): >>43530107 #
15. campak ◴[30 Mar 25 01:34 UTC] No.43520432[source]
Bknd is great. Thank you for creating this, Dennis!
replies(1): >>43525318 #
16. lelanthran ◴[30 Mar 25 05:28 UTC] No.43521599[source]
> (I haven't used a system like that. I'm intrigued by the idea of a backend that's just a database but it weirds me out not to have to write a layer that says who can read what. Exposing the database that nakedly feels super dangerous.)

In my (closed) product that exposes the database to the frontend, the "exposure" part has, effectively, row-level access control.[1]

[1] Also role-based using groups. I additionally mark the read-only queries as read-only and these are executed on a read-only replica.

17. aptj ◴[30 Mar 25 06:28 UTC] No.43521843[source]
Can it be used without React? Why make it React-dependent/focused? How's it better than going with synch engines, like eg. Zero? Didn't look at code, sorry, on the go now.
replies(1): >>43525361 #
18. mediumsmart ◴[30 Mar 25 12:19 UTC] No.43523548[source]
Why so complicated? A torch should suffice for a basic fire.
19. dswbx ◴[30 Mar 25 16:23 UTC] No.43525318[source]
Thanks a lot Cam! :)
20. dswbx ◴[30 Mar 25 16:28 UTC] No.43525361[source]
Yes it can, a lot of people just choose a React fullstack framework, and it integrates specifically well inside those – so it's just a focus. But it can also be deployed using Docker, Bun, Node or Cloudflare Workers. There's an integrated SDK for TypeScript, but since it's all just REST APIs, it'll work with any stack.

Not familiar with Zero, but it looks interesting, will check it out.

21. compootr ◴[31 Mar 25 02:21 UTC] No.43530107{3}[source]
cool. may try it out later!
22. goosejuice ◴[31 Mar 25 18:11 UTC] No.43537940{5}[source]
I think the language probably assumes some knowledge specific to that ecosystem, particularly the more recent trend of server rendering react.

To someone that works with more traditional server rendering frameworks like Rails and Phoenix, embedded to me implies storage will be clientside.

I'm guessing it might makesense to a frontend developer but people like me might be scratching our heads for awhile.

I'm assuming this is an alternative to using nextjs (or whatever flavor) with an orm. There's a lot of word salad in the why? that kind of suggests that. Maybe you can simply compare alternatives?