fix: add validation for supabaseUrl

[maxmetcalfe]

What kind of change does this PR introduce?

This PR adds basic url validation for the supaseUrl.

What is the current behavior?

The client does not validate the supaseUrl (besides requiring it)

What is the new behavior?

The client runs simple validation on the supaseUrl.

Additional context

This will improve the experience for new Supabase users as well as help prevent the leaking of credentials to stdout/sterr (see: #1239).

[mandarini]

Hi there @maxmetcalfe! Thank you so much for this PR! Adding URL validation is a great security improvement that will help prevent accidental credential exposure (as mentioned in #1239). Really appreciate you taking the initiative on this.

The implementation looks solid! I have a few small suggestions that would make it even more robust:

Suggested improvements:

1. Trim the URL input: Consider trimming whitespace before validation to be more forgiving of user input:

   export function validateSupabaseUrl(supabaseUrl: string): URL {
     const trimmedUrl = supabaseUrl?.trim()
     
     if (!trimmedUrl) {
       throw new Error('supabaseUrl is required.')
     }
     // ... rest of validation
   }

2. Simplify the regex: The current regex /^https?:\/\/.+/i might be a bit restrictive. Consider using /^https?:\/\//i instead, since the URL constructor will handle the rest of the validation:

   if (!trimmedUrl.match(/^https?:\/\//i)) {
     throw new Error('Invalid supabaseUrl: Must be a valid HTTP or HTTPS URL.')
   }

3. Add edge case tests: Would be great to add a couple more test cases:

   // Test with leading/trailing whitespace
   expect(() => createClient('  https://xyz123.supabase.co  ', KEY)).not.toThrow()
   
   // Test with URL containing auth (should work but might want to warn in future)
   expect(() => createClient('http://user:pass@localhost:54321', KEY)).not.toThrow()

These are all minor suggestions, the core functionality is great as-is! Thanks again for your work on this! 🙏

[coveralls]

Pull Request Test Coverage Report for Build 17568478925

Warning: This coverage report may be inaccurate.

This pull request's base commit is no longer the HEAD commit of its target branch. This means it includes changes from outside the original pull request, including, potentially, unrelated coverage changes.

• For more information on this, see Tracking coverage changes with pull request builds.
• To avoid this issue with future PRs, see these Recommended CI Configurations.
• For a quick fix, rebase this PR at GitHub. Your next report should be accurate.

Details

• 11 of 11 (100.0%) changed or added relevant lines in 2 files are covered.
• No unchanged relevant lines lost coverage.
• Overall coverage decreased (-0.2%) to 95.437%

---

Totals
Change from base Build 17326492372:	-0.2%
Covered Lines:	152
Relevant Lines:	154

---

💛 - Coveralls

[maxmetcalfe]

thanks @mandarini, updated!

[mandarini]

Thank you @maxmetcalfe !