Skip to main content
The TecNM Control Escolar app is planned to integrate with Supabase as its backend-as-a-service platform. This guide outlines the roadmap and planned features.
Current Status: The app uses FakeData.kt for mock data. Supabase integration is listed in “Próximos pasos” in the README.

Why Supabase?

Supabase was chosen for several reasons:
  • Open-source alternative to Firebase
  • PostgreSQL database with real-time subscriptions
  • Built-in authentication (email, OAuth, magic links)
  • Row-level security for multi-tenant data isolation
  • RESTful API and Kotlin client library
  • File storage for profile pictures and documents
Supabase provides a generous free tier perfect for student projects and MVPs.

Current State vs. Future State

Current Implementation

The app currently operates in offline mode with hardcoded data: 
// Current approach
import com.example.appcontrolescolar.data.FakeData

val student = FakeData.student
val classes = FakeData.todayClasses
val buildings = FakeData.buildings
Limitations:
  • No user authentication
  • No personalized data per student
  • No real-time schedule updates
  • No attendance tracking
  • No grades or academic history

Future Implementation

With Supabase, the app will become a full-featured cloud application: 
// Future approach
val supabase = createSupabaseClient {
    supabaseUrl = "https://your-project.supabase.co"
    supabaseKey = "your-anon-key"
}

val student = supabase.from("students")
    .select()
    .eq("control_number", currentUser.id)
    .single()

val classes = supabase.from("class_sessions")
    .select()
    .eq("student_id", student.id)
    .eq("day", getCurrentDay())
    .order("start_hour")

Planned Features

1. Authentication System

Login with TecNM credentials: 
// Email/password authentication
val user = supabase.auth.signInWith(Email) {
    email = "226W0487@tecnm.mx"
    password = "student_password"
}

// Or magic link authentication (passwordless)
supabase.auth.signInWith(OTP) {
    email = "226W0487@tecnm.mx"
    createUser = false
}
Features:
  • Student login with control number
  • Password reset via email
  • Session management
  • Role-based access (student, teacher, admin)
-- Extends Supabase auth.users
CREATE TABLE profiles (
  id UUID REFERENCES auth.users PRIMARY KEY,
  control_number TEXT UNIQUE NOT NULL,
  full_name TEXT NOT NULL,
  career TEXT NOT NULL,
  semester INTEGER NOT NULL,
  campus TEXT NOT NULL,
  created_at TIMESTAMPTZ DEFAULT NOW()
);

-- Row-level security
ALTER TABLE profiles ENABLE ROW LEVEL SECURITY;

CREATE POLICY "Students can view own profile"
  ON profiles FOR SELECT
  USING (auth.uid() = id);

2. Real Schedule Data

Fetch personalized schedule from database: 
// Get today's classes for logged-in student
val classes = supabase.from("enrollments")
    .select("""
        class_sessions(
            id,
            subject,
            teacher,
            classroom,
            day,
            start_hour,
            end_hour
        )
    """)
    .eq("student_id", currentUser.id)
    .eq("class_sessions.day", currentDay)
Features:
  • Dynamic schedule per student
  • Semester-based enrollment
  • Schedule changes reflected in real-time
  • Support for multiple campuses
CREATE TABLE class_sessions (
  id UUID PRIMARY KEY DEFAULT uuid_generate_v4(),
  subject TEXT NOT NULL,
  teacher TEXT NOT NULL,
  classroom TEXT NOT NULL,
  day TEXT NOT NULL,
  start_hour TIME NOT NULL,
  end_hour TIME NOT NULL,
  semester TEXT NOT NULL,
  campus TEXT NOT NULL
);

CREATE TABLE enrollments (
  id UUID PRIMARY KEY DEFAULT uuid_generate_v4(),
  student_id UUID REFERENCES profiles(id),
  class_session_id UUID REFERENCES class_sessions(id),
  enrolled_at TIMESTAMPTZ DEFAULT NOW(),
  UNIQUE(student_id, class_session_id)
);

-- Students can only see their enrolled classes
CREATE POLICY "Students view enrolled classes"
  ON enrollments FOR SELECT
  USING (auth.uid() = student_id);

3. QR Code Attendance

Scan QR code to register attendance: 
// After scanning QR code with class_session_id
val attendance = supabase.from("attendance")
    .insert(mapOf(
        "student_id" to currentUser.id,
        "class_session_id" to scannedClassId,
        "timestamp" to Clock.System.now(),
        "status" to "present"
    ))
Features:
  • QR code generation by teachers
  • Geofencing (must be on campus)
  • Time validation (only during class hours)
  • Attendance history
  • Attendance percentage per course
CREATE TABLE attendance (
  id UUID PRIMARY KEY DEFAULT uuid_generate_v4(),
  student_id UUID REFERENCES profiles(id),
  class_session_id UUID REFERENCES class_sessions(id),
  timestamp TIMESTAMPTZ NOT NULL DEFAULT NOW(),
  status TEXT NOT NULL CHECK (status IN ('present', 'late', 'absent')),
  location GEOGRAPHY(POINT),
  UNIQUE(student_id, class_session_id, timestamp::DATE)
);

CREATE INDEX idx_attendance_student ON attendance(student_id);
CREATE INDEX idx_attendance_class ON attendance(class_session_id);

4. Campus Map Integration

Real-time building data with geolocation: 
val buildings = supabase.from("buildings")
    .select()
    .eq("campus", "Zongolica")
    .order("name")

// Calculate distance from user's location
val userLocation = LocationServices.getFusedLocationProviderClient(context)
    .lastLocation.await()

buildings.forEach { building ->
    building.distance = calculateDistance(
        userLocation.latitude,
        userLocation.longitude,
        building.latitude,
        building.longitude
    )
}
Features:
  • GPS coordinates for each building
  • Distance calculation from user
  • Building photos and descriptions
  • Indoor navigation (future)
CREATE TABLE buildings (
  id UUID PRIMARY KEY DEFAULT uuid_generate_v4(),
  name TEXT NOT NULL,
  description TEXT,
  category TEXT NOT NULL,
  campus TEXT NOT NULL,
  latitude DECIMAL(10, 8),
  longitude DECIMAL(11, 8),
  photo_url TEXT
);

-- Public read access for buildings
CREATE POLICY "Buildings are viewable by everyone"
  ON buildings FOR SELECT
  USING (true);

5. Grades & Academic History

View grades and cumulative GPA: 
val grades = supabase.from("grades")
    .select("""
        *,
        class_sessions(subject, teacher, semester)
    """)
    .eq("student_id", currentUser.id)
    .order("semester", ascending = false)

val gpa = grades.map { it.grade }.average()
Features:
  • Per-course grades
  • Semester GPA calculation
  • Cumulative GPA tracking
  • Grade history
CREATE TABLE grades (
  id UUID PRIMARY KEY DEFAULT uuid_generate_v4(),
  student_id UUID REFERENCES profiles(id),
  class_session_id UUID REFERENCES class_sessions(id),
  grade DECIMAL(5, 2) NOT NULL CHECK (grade >= 0 AND grade <= 100),
  semester TEXT NOT NULL,
  posted_at TIMESTAMPTZ DEFAULT NOW()
);

CREATE POLICY "Students view own grades"
  ON grades FOR SELECT
  USING (auth.uid() = student_id);

Implementation Roadmap

1

Phase 1: Supabase Setup

  • Create Supabase project
  • Design database schema
  • Set up row-level security policies
  • Seed initial data (campuses, buildings, demo classes)
2

Phase 2: Authentication

  • Add Supabase Kotlin client dependency
  • Implement login screen
  • Create profile management
  • Add session persistence
3

Phase 3: Data Migration

  • Create repository layer
  • Replace FakeData with Supabase queries
  • Implement caching for offline support
  • Add loading states and error handling
4

Phase 4: New Features

  • Implement QR code scanner
  • Add attendance tracking
  • Build grades screen
  • Integrate real campus map
5

Phase 5: Real-time Updates

  • Add Supabase Realtime subscriptions
  • Push notifications for schedule changes
  • Live attendance updates
  • Real-time grade posting

Adding Supabase to the Project

When ready to begin integration:

1. Add Dependency

// app/build.gradle.kts
dependencies {
    // Existing dependencies...
    
    // Supabase
    implementation("io.github.jan-tennert.supabase:postgrest-kt:2.0.0")
    implementation("io.github.jan-tennert.supabase:realtime-kt:2.0.0")
    implementation("io.github.jan-tennert.supabase:storage-kt:2.0.0")
    implementation("io.github.jan-tennert.supabase:auth-kt:2.0.0")
    
    // Ktor client (required by Supabase)
    implementation("io.ktor:ktor-client-android:2.3.7")
}

2. Initialize Supabase Client

// app/src/main/java/com/example/appcontrolescolar/data/SupabaseClient.kt
package com.example.appcontrolescolar.data

import io.github.jan.supabase.createSupabaseClient
import io.github.jan.supabase.postgrest.Postgrest
import io.github.jan.supabase.auth.Auth
import io.github.jan.supabase.realtime.Realtime

object SupabaseClient {
    val client = createSupabaseClient(
        supabaseUrl = "https://your-project-ref.supabase.co",
        supabaseKey = "your-anon-key"
    ) {
        install(Postgrest)
        install(Auth)
        install(Realtime)
    }
}
Never commit your Supabase credentials to version control. Use local.properties or environment variables.

3. Create Repository Pattern

// app/src/main/java/com/example/appcontrolescolar/data/repository/StudentRepository.kt
package com.example.appcontrolescolar.data.repository

import com.example.appcontrolescolar.data.model.Student
import com.example.appcontrolescolar.data.model.ClassSession

interface StudentRepository {
    suspend fun getCurrentStudent(): Student
    suspend fun getTodayClasses(): List<ClassSession>
}

// Fake implementation (current)
class FakeStudentRepository : StudentRepository {
    override suspend fun getCurrentStudent() = FakeData.student
    override suspend fun getTodayClasses() = FakeData.todayClasses
}

// Real implementation (future)
class SupabaseStudentRepository : StudentRepository {
    override suspend fun getCurrentStudent(): Student {
        return SupabaseClient.client
            .from("profiles")
            .select()
            .eq("id", currentUserId)
            .single()
    }
    
    override suspend fun getTodayClasses(): List<ClassSession> {
        return SupabaseClient.client
            .from("enrollments")
            .select("class_sessions(*)")
            .eq("student_id", currentUserId)
    }
}

Testing Strategy

Option 1: Use Supabase StudioTest against your cloud Supabase project directly.Option 2: Self-hosted SupabaseRun Supabase locally with Docker:
# Clone Supabase
git clone --depth 1 https://github.com/supabase/supabase

# Start all services
cd supabase/docker
cp .env.example .env
docker-compose up
Then point the app to http://localhost:54321
class MockStudentRepository : StudentRepository {
    override suspend fun getCurrentStudent() = testStudent
    override suspend fun getTodayClasses() = testClasses
}

@Test
fun `ProfileScreen displays student info correctly`() {
    val mockRepo = MockStudentRepository()
    composeTestRule.setContent {
        ProfileScreen(repository = mockRepo)
    }
    
    composeTestRule.onNodeWithText("Arlyn Alfaro").assertExists()
}

Security Considerations

Critical security practices for production:
  • Enable Row-Level Security (RLS) on all tables
  • Use service role key only on backend (never in app)
  • Validate all user input server-side
  • Implement rate limiting on auth endpoints
  • Use HTTPS for all API requests (enforced by Supabase)

Row-Level Security Example

-- Students can only read their own data
CREATE POLICY "Students access own records"
  ON profiles
  FOR ALL
  USING (auth.uid() = id);

-- Students can only see their enrolled classes
CREATE POLICY "Students view enrolled classes"
  ON enrollments
  FOR SELECT
  USING (auth.uid() = student_id);

-- Students can only mark their own attendance
CREATE POLICY "Students mark own attendance"
  ON attendance
  FOR INSERT
  WITH CHECK (auth.uid() = student_id);

Resources

Supabase Docs

Official Supabase documentation

Kotlin Client

Supabase Kotlin library on GitHub

Authentication Guide

Implementing auth with Supabase

Row-Level Security

Securing your database with RLS

Next Steps

Supabase integration is a future enhancement. The current app works fully with FakeData for UI testing and development.

Fake Data Guide

Learn how test data currently works

Troubleshooting

Common issues and solutions

Build docs developers (and LLMs) love

Get started for freeTalk to us