-
Notifications
You must be signed in to change notification settings - Fork 220
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
fix: disable image transformation and mfa by default (#2966)
* fix: disable image transformation by default * fix: disable mfa totp by default * chore: update test config * chore: disable instead of commenting out * chore: add note about pro plan * fix: remove default value for image transformation config
- Loading branch information
1 parent
baa2c23
commit 8cac0be
Showing
3 changed files
with
29 additions
and
17 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,3 +1,5 @@ | ||
# For detailed configuration reference documentation, visit: | ||
# https://supabase.com/docs/guides/local-development/cli/config | ||
# A string used to distinguish different Supabase projects on the same host. Defaults to the | ||
# working directory name when running `supabase init`. | ||
project_id = "test" | ||
|
@@ -7,7 +9,7 @@ enabled = true | |
# Port to use for the API URL. | ||
port = 54321 | ||
# Schemas to expose in your API. Tables, views and stored procedures in this schema will get API | ||
# endpoints. public and storage are always included. | ||
# endpoints. `public` and `graphql_public` schemas are included by default. | ||
schemas = ["public", "graphql_public"] | ||
# Extra schemas to add to the search_path of every request. public is always included. | ||
extra_search_path = ["public", "extensions"] | ||
|
@@ -16,6 +18,7 @@ extra_search_path = ["public", "extensions"] | |
max_rows = 1000 | ||
|
||
[api.tls] | ||
# Enable HTTPS endpoints locally using a self-signed certificate. | ||
enabled = true | ||
|
||
[db] | ||
|
@@ -43,8 +46,7 @@ max_client_conn = 100 | |
# If enabled, seeds the database after migrations during a db reset. | ||
enabled = true | ||
# Specifies an ordered list of seed files to load during db reset. | ||
# Supports glob patterns relative to supabase directory. For example: | ||
# sql_paths = ['./seeds/*.sql', '../project-src/seeds/*-load-testing.sql'] | ||
# Supports glob patterns relative to supabase directory: './seeds/*.sql' | ||
sql_paths = ['./seed.sql'] | ||
|
||
[realtime] | ||
|
@@ -72,14 +74,17 @@ port = 54324 | |
# Uncomment to expose additional ports for testing user applications that send emails. | ||
# smtp_port = 54325 | ||
# pop3_port = 54326 | ||
# admin_email = "[email protected]" | ||
# sender_name = "Admin" | ||
|
||
[storage] | ||
enabled = true | ||
# The maximum file size allowed (e.g. "5MB", "500KB"). | ||
file_size_limit = "50MiB" | ||
|
||
# Image transformation API is available to Supabase Pro plan. | ||
[storage.image_transformation] | ||
enabled = false | ||
enabled = true | ||
|
||
# Uncomment to configure local storage buckets | ||
[storage.buckets.images] | ||
|
@@ -104,6 +109,8 @@ enable_refresh_token_rotation = true | |
refresh_token_reuse_interval = 10 | ||
# Allow/disallow new user signups to your project. | ||
enable_signup = true | ||
# Allow/disallow anonymous sign-ins to your project. | ||
enable_anonymous_sign_ins = true | ||
# Allow/disallow testing manual linking of accounts | ||
enable_manual_linking = true | ||
# Passwords shorter than this value will be rejected as weak. Minimum 6, recommended 8 or more. | ||
|
@@ -120,15 +127,18 @@ enable_signup = true | |
double_confirm_changes = true | ||
# If enabled, users need to confirm their email address before signing in. | ||
enable_confirmations = false | ||
# If enabled, users will need to reauthenticate or have logged in recently to change their password. | ||
secure_password_change = true | ||
# Controls the minimum amount of time that must pass before sending another signup confirmation or password reset email. | ||
max_frequency = "1s" | ||
# Number of characters used in the email OTP. | ||
otp_length = 6 | ||
# Number of seconds before the email OTP expires. | ||
otp_expiry = 300 | ||
# Number of seconds before the email OTP expires (defaults to 1 hour). | ||
otp_expiry = 3600 | ||
|
||
# Use a production-ready SMTP server | ||
[auth.email.smtp] | ||
enabled = true | ||
host = "smtp.sendgrid.net" | ||
port = 587 | ||
user = "apikey" | ||
|
@@ -162,6 +172,7 @@ timebox = "24h" | |
# Force log out if the user has been inactive longer than the specified duration. | ||
inactivity_timeout = "8h" | ||
|
||
# This hook runs before a token is issued and allows you to add additional claims based on the authentication method used. | ||
[auth.hook.custom_access_token] | ||
enabled = true | ||
uri = "pg-functions://postgres/auth/custom-access-token-hook" | ||
|
@@ -171,7 +182,6 @@ enabled = true | |
uri = "http://host.docker.internal/functions/v1/send_sms" | ||
secrets = "env(AUTH_SEND_SMS_SECRETS)" | ||
|
||
|
||
# Configure one of the supported SMS providers: `twilio`, `twilio_verify`, `messagebird`, `textlocal`, `vonage`. | ||
[auth.sms.twilio] | ||
enabled = true | ||
|
@@ -180,6 +190,7 @@ message_service_sid = "message_service_sid" | |
# DO NOT commit your Twilio auth token to git. Use environment variable substitution instead: | ||
auth_token = "env(TWILIO_AUTH_TOKEN)" | ||
|
||
# Multi-factor-authentication is available to Supabase Pro plan. | ||
[auth.mfa] | ||
max_enrolled_factors = 10 | ||
|
||
|
@@ -188,15 +199,15 @@ max_enrolled_factors = 10 | |
enroll_enabled = true | ||
verify_enabled = true | ||
|
||
# Configure Multi-factor-authentication via Phone Messaging | ||
# Configure MFA via Phone Messaging | ||
[auth.mfa.phone] | ||
enroll_enabled = true | ||
verify_enabled = true | ||
otp_length = 6 | ||
template = "Your code is {{ `{{ .Code }}` }}" | ||
max_frequency = "5s" | ||
|
||
# Configure Multi-factor-authentication via Phone Messaging | ||
# Configure MFA via Phone Messaging | ||
[auth.mfa.web_authn] | ||
enroll_enabled = true | ||
verify_enabled = true | ||
|