From 7536a1683fb5debea5451a606f15bdc1995dc573 Mon Sep 17 00:00:00 2001 From: joel Date: Wed, 17 Jan 2024 15:08:20 +0800 Subject: [PATCH 1/6] feat: initial commit --- internal/start/start.go | 23 +++++++++++++++++++ internal/utils/config.go | 11 +++++++++ .../utils/templates/init_config.test.toml | 5 ++++ internal/utils/templates/init_config.toml | 5 ++++ 4 files changed, 44 insertions(+) diff --git a/internal/start/start.go b/internal/start/start.go index 9e7623379..5c129f252 100644 --- a/internal/start/start.go +++ b/internal/start/start.go @@ -488,6 +488,29 @@ EOF "GOTRUE_SMS_VONAGE_FROM="+utils.Config.Auth.Sms.Vonage.From, ) } + if utils.Config.Auth.Hook.MFAVerificationAttempt.Enabled { + env = append( + env, + "GOTRUE_HOOK_MFA_VERIFICATION_ATTEMPT_ENABLED="+utils.Config.Auth.Hook.MFAVerificationAttempt.Enabled + "GOTRUE_HOOK_MFA_VERIFICATION_ATTEMPT_NAME="+utils.Config.Auth.Hook.MFAVerificationAttempt.Name, + ) + } + + if utils.Config.Auth.Hook.PasswordVerificationAttempt.Enabled { + env = append( + env, + "GOTRUE_HOOK_PASSWORD_VERIFICATION_ATTEMPT_ENABLED="+utils.Config.Auth.Hook.PasswordVerificationAttempt.Enabled + "GOTRUE_HOOK_PASSWORD_VERIFICATION_ATTEMPT_NAME="+utils.Config.Auth.Hook.PasswordVerificationAttempt.Name, + ) + } + + if utils.Config.Auth.Hook.PasswordVerificationAttempt.Enabled { + env = append( + env, + "GOTRUE_HOOK_CUSTOM_ACCESS_TOKEN_ENABLED="+utils.Config.Auth.Hook.PasswordVerificationAttempt.Enabled + "GOTRUE_HOOK_CUSTOM_ACCESS_TOKEN_NAME="=+utils.Config.Auth.Hook.CustomAccessToken.Name, + ) + } for name, config := range utils.Config.Auth.External { env = append( diff --git a/internal/utils/config.go b/internal/utils/config.go index 4eca0fbff..56621650f 100644 --- a/internal/utils/config.go +++ b/internal/utils/config.go @@ -347,6 +347,17 @@ type ( TestOTP map[string]string `toml:"test_otp"` } + hook struct { + MFAVerificationAttempt hookConfig `toml:"mfa_verification_attempt" mapstructure:"mfa_verification_attempt"` + PasswordVerificationAttempt hookConfig`toml:"password_verification_attempt" mapstructure:"password_verification_attempt"` + CustomAccessToken hookConfig `toml:"custom_access_token" mapstructure:"custom_access_token"` + } + + hookConfig { + Enabled bool `toml:"enabled"` + HookName string `toml:"hook_name"` + } + twilioConfig struct { Enabled bool `toml:"enabled"` AccountSid string `toml:"account_sid"` diff --git a/internal/utils/templates/init_config.test.toml b/internal/utils/templates/init_config.test.toml index f6fefffcc..25094f12b 100644 --- a/internal/utils/templates/init_config.test.toml +++ b/internal/utils/templates/init_config.test.toml @@ -110,6 +110,11 @@ template = "Your code is {{ `{{ .Code }}` }} ." [auth.sms.test_otp] 4152127777 = "123456" +[auth.hook.custom_access_token] +enabled = true +hook_name = "custom_access_token_hook" + + # Configure one of the supported SMS providers: `twilio`, `twilio_verify`, `messagebird`, `textlocal`, `vonage`. [auth.sms.twilio] enabled = true diff --git a/internal/utils/templates/init_config.toml b/internal/utils/templates/init_config.toml index b89a9fc52..d5d9a66c8 100644 --- a/internal/utils/templates/init_config.toml +++ b/internal/utils/templates/init_config.toml @@ -110,6 +110,11 @@ template = "Your code is {{ `{{ .Code }}` }} ." [auth.sms.test_otp] # 4152127777 = "123456" +[auth.hook.custom_access_token] +# enabled = true +# hook_name = "your_hook_name" + + # Configure one of the supported SMS providers: `twilio`, `twilio_verify`, `messagebird`, `textlocal`, `vonage`. [auth.sms.twilio] enabled = false From d8be11a2e4c4adc426a00a3a3b540d7ae47877cf Mon Sep 17 00:00:00 2001 From: joel Date: Wed, 17 Jan 2024 15:25:14 +0800 Subject: [PATCH 2/6] fix: patch errors --- internal/start/start.go | 8 ++++---- internal/utils/config.go | 13 +++++++------ 2 files changed, 11 insertions(+), 10 deletions(-) diff --git a/internal/start/start.go b/internal/start/start.go index 5c129f252..95434cd3f 100644 --- a/internal/start/start.go +++ b/internal/start/start.go @@ -491,7 +491,7 @@ EOF if utils.Config.Auth.Hook.MFAVerificationAttempt.Enabled { env = append( env, - "GOTRUE_HOOK_MFA_VERIFICATION_ATTEMPT_ENABLED="+utils.Config.Auth.Hook.MFAVerificationAttempt.Enabled + "GOTRUE_HOOK_MFA_VERIFICATION_ATTEMPT_ENABLED=true", "GOTRUE_HOOK_MFA_VERIFICATION_ATTEMPT_NAME="+utils.Config.Auth.Hook.MFAVerificationAttempt.Name, ) } @@ -499,7 +499,7 @@ EOF if utils.Config.Auth.Hook.PasswordVerificationAttempt.Enabled { env = append( env, - "GOTRUE_HOOK_PASSWORD_VERIFICATION_ATTEMPT_ENABLED="+utils.Config.Auth.Hook.PasswordVerificationAttempt.Enabled + "GOTRUE_HOOK_PASSWORD_VERIFICATION_ATTEMPT_ENABLED=true", "GOTRUE_HOOK_PASSWORD_VERIFICATION_ATTEMPT_NAME="+utils.Config.Auth.Hook.PasswordVerificationAttempt.Name, ) } @@ -507,8 +507,8 @@ EOF if utils.Config.Auth.Hook.PasswordVerificationAttempt.Enabled { env = append( env, - "GOTRUE_HOOK_CUSTOM_ACCESS_TOKEN_ENABLED="+utils.Config.Auth.Hook.PasswordVerificationAttempt.Enabled - "GOTRUE_HOOK_CUSTOM_ACCESS_TOKEN_NAME="=+utils.Config.Auth.Hook.CustomAccessToken.Name, + "GOTRUE_HOOK_CUSTOM_ACCESS_TOKEN_ENABLED=true", + "GOTRUE_HOOK_CUSTOM_ACCESS_TOKEN_NAME="+utils.Config.Auth.Hook.CustomAccessToken.Name, ) } diff --git a/internal/utils/config.go b/internal/utils/config.go index 56621650f..a60eff363 100644 --- a/internal/utils/config.go +++ b/internal/utils/config.go @@ -311,6 +311,7 @@ type ( EnableRefreshTokenRotation bool `toml:"enable_refresh_token_rotation"` RefreshTokenReuseInterval uint `toml:"refresh_token_reuse_interval"` EnableManualLinking bool `toml:"enable_manual_linking"` + Hook hook `toml:"hook"` EnableSignup bool `toml:"enable_signup"` Email email `toml:"email"` @@ -348,14 +349,14 @@ type ( } hook struct { - MFAVerificationAttempt hookConfig `toml:"mfa_verification_attempt" mapstructure:"mfa_verification_attempt"` - PasswordVerificationAttempt hookConfig`toml:"password_verification_attempt" mapstructure:"password_verification_attempt"` - CustomAccessToken hookConfig `toml:"custom_access_token" mapstructure:"custom_access_token"` + MFAVerificationAttempt extensibilityPointConfig `toml:"mfa_verification_attempt" mapstructure:"mfa_verification_attempt"` + PasswordVerificationAttempt extensibilityPointConfig `toml:"password_verification_attempt" mapstructure:"password_verification_attempt"` + CustomAccessToken extensibilityPointConfig `toml:"custom_access_token" mapstructure:"custom_access_token"` } - hookConfig { - Enabled bool `toml:"enabled"` - HookName string `toml:"hook_name"` + extensibilityPointConfig struct { + Enabled bool `toml:"enabled"` + Name string `toml:"hook_name"` } twilioConfig struct { From 11b86d9e5a241d702c159ce5591af47ab31efce7 Mon Sep 17 00:00:00 2001 From: joel Date: Thu, 18 Jan 2024 15:07:36 +0800 Subject: [PATCH 3/6] feat: replace name with URI --- internal/start/start.go | 8 +++---- internal/utils/config.go | 24 +++++++++++++++++-- .../utils/templates/init_config.test.toml | 2 +- internal/utils/templates/init_config.toml | 2 +- 4 files changed, 28 insertions(+), 8 deletions(-) diff --git a/internal/start/start.go b/internal/start/start.go index 95434cd3f..b83776d9e 100644 --- a/internal/start/start.go +++ b/internal/start/start.go @@ -492,7 +492,7 @@ EOF env = append( env, "GOTRUE_HOOK_MFA_VERIFICATION_ATTEMPT_ENABLED=true", - "GOTRUE_HOOK_MFA_VERIFICATION_ATTEMPT_NAME="+utils.Config.Auth.Hook.MFAVerificationAttempt.Name, + "GOTRUE_HOOK_MFA_VERIFICATION_ATTEMPT_URI="+utils.Config.Auth.Hook.MFAVerificationAttempt.URI, ) } @@ -500,15 +500,15 @@ EOF env = append( env, "GOTRUE_HOOK_PASSWORD_VERIFICATION_ATTEMPT_ENABLED=true", - "GOTRUE_HOOK_PASSWORD_VERIFICATION_ATTEMPT_NAME="+utils.Config.Auth.Hook.PasswordVerificationAttempt.Name, + "GOTRUE_HOOK_PASSWORD_VERIFICATION_ATTEMPT_URI="+utils.Config.Auth.Hook.PasswordVerificationAttempt.URI, ) } - if utils.Config.Auth.Hook.PasswordVerificationAttempt.Enabled { + if utils.Config.Auth.Hook.CustomAccessToken.Enabled { env = append( env, "GOTRUE_HOOK_CUSTOM_ACCESS_TOKEN_ENABLED=true", - "GOTRUE_HOOK_CUSTOM_ACCESS_TOKEN_NAME="+utils.Config.Auth.Hook.CustomAccessToken.Name, + "GOTRUE_HOOK_CUSTOM_ACCESS_TOKEN_URI="+utils.Config.Auth.Hook.CustomAccessToken.URI, ) } diff --git a/internal/utils/config.go b/internal/utils/config.go index a60eff363..374f5f735 100644 --- a/internal/utils/config.go +++ b/internal/utils/config.go @@ -199,6 +199,7 @@ var Config = config{ "workos": {}, "zoom": {}, }, + Hook: hook{}, JwtExpiry: 3600, JwtSecret: defaultJwtSecret, }, @@ -311,7 +312,7 @@ type ( EnableRefreshTokenRotation bool `toml:"enable_refresh_token_rotation"` RefreshTokenReuseInterval uint `toml:"refresh_token_reuse_interval"` EnableManualLinking bool `toml:"enable_manual_linking"` - Hook hook `toml:"hook"` + Hook hook `toml:"hook" mapstructure:"hook"` EnableSignup bool `toml:"enable_signup"` Email email `toml:"email"` @@ -356,7 +357,7 @@ type ( extensibilityPointConfig struct { Enabled bool `toml:"enabled"` - Name string `toml:"hook_name"` + URI string `toml:"uri"` } twilioConfig struct { @@ -651,6 +652,25 @@ func LoadConfigFS(fsys afero.Fs) error { return err } } + + if Config.Auth.Hook.MFAVerificationAttempt.Enabled { + if Config.Auth.Hook.MFAVerificationAttempt.URI == "" { + return errors.New("Missing required field in config: auth.hook.mfa_verification_atempt.uri") + } + } + + if Config.Auth.Hook.PasswordVerificationAttempt.Enabled { + if Config.Auth.Hook.PasswordVerificationAttempt.URI == "" { + return errors.New("Missing required field in config: auth.hook.password_verification_attempt.uri") + } + } + + if Config.Auth.Hook.CustomAccessToken.Enabled { + if Config.Auth.Hook.CustomAccessToken.URI == "" { + return errors.New("Missing required field in config: auth.hook.custom_access_token.uri") + } + } + // Validate oauth config for ext, provider := range Config.Auth.External { if !provider.Enabled { diff --git a/internal/utils/templates/init_config.test.toml b/internal/utils/templates/init_config.test.toml index 25094f12b..64fea1bb6 100644 --- a/internal/utils/templates/init_config.test.toml +++ b/internal/utils/templates/init_config.test.toml @@ -112,7 +112,7 @@ template = "Your code is {{ `{{ .Code }}` }} ." [auth.hook.custom_access_token] enabled = true -hook_name = "custom_access_token_hook" +uri = "pg-functions://postgres/auth/custom-access-token-hook" # Configure one of the supported SMS providers: `twilio`, `twilio_verify`, `messagebird`, `textlocal`, `vonage`. diff --git a/internal/utils/templates/init_config.toml b/internal/utils/templates/init_config.toml index d5d9a66c8..36992c3d6 100644 --- a/internal/utils/templates/init_config.toml +++ b/internal/utils/templates/init_config.toml @@ -112,7 +112,7 @@ template = "Your code is {{ `{{ .Code }}` }} ." [auth.hook.custom_access_token] # enabled = true -# hook_name = "your_hook_name" +# uri = "pg-functions:////" # Configure one of the supported SMS providers: `twilio`, `twilio_verify`, `messagebird`, `textlocal`, `vonage`. From 7ce8bcf2d3e47f5f28fe7fa0c729ecd8f528dc11 Mon Sep 17 00:00:00 2001 From: Joel Lee Date: Fri, 19 Jan 2024 15:07:13 +0800 Subject: [PATCH 4/6] Apply suggestions from code review Co-authored-by: Han Qiao --- internal/utils/config.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/internal/utils/config.go b/internal/utils/config.go index 374f5f735..ea767c9aa 100644 --- a/internal/utils/config.go +++ b/internal/utils/config.go @@ -312,7 +312,7 @@ type ( EnableRefreshTokenRotation bool `toml:"enable_refresh_token_rotation"` RefreshTokenReuseInterval uint `toml:"refresh_token_reuse_interval"` EnableManualLinking bool `toml:"enable_manual_linking"` - Hook hook `toml:"hook" mapstructure:"hook"` + Hook hook `toml:"hook"` EnableSignup bool `toml:"enable_signup"` Email email `toml:"email"` @@ -350,9 +350,9 @@ type ( } hook struct { - MFAVerificationAttempt extensibilityPointConfig `toml:"mfa_verification_attempt" mapstructure:"mfa_verification_attempt"` - PasswordVerificationAttempt extensibilityPointConfig `toml:"password_verification_attempt" mapstructure:"password_verification_attempt"` - CustomAccessToken extensibilityPointConfig `toml:"custom_access_token" mapstructure:"custom_access_token"` + MFAVerificationAttempt extensibilityPointConfig `toml:"mfa_verification_attempt"` + PasswordVerificationAttempt extensibilityPointConfig `toml:"password_verification_attempt"` + CustomAccessToken extensibilityPointConfig `toml:"custom_access_token"` } extensibilityPointConfig struct { From 652be98411a07c87dce4b724da237047178bccf1 Mon Sep 17 00:00:00 2001 From: Joel Lee Date: Fri, 19 Jan 2024 15:08:46 +0800 Subject: [PATCH 5/6] Update config.go --- internal/utils/config.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/internal/utils/config.go b/internal/utils/config.go index ea767c9aa..9ef1214b3 100644 --- a/internal/utils/config.go +++ b/internal/utils/config.go @@ -350,12 +350,12 @@ type ( } hook struct { - MFAVerificationAttempt extensibilityPointConfig `toml:"mfa_verification_attempt"` - PasswordVerificationAttempt extensibilityPointConfig `toml:"password_verification_attempt"` - CustomAccessToken extensibilityPointConfig `toml:"custom_access_token"` + MFAVerificationAttempt hookConfig `toml:"mfa_verification_attempt"` + PasswordVerificationAttempt hookConfig `toml:"password_verification_attempt"` + CustomAccessToken hookConfig `toml:"custom_access_token"` } - extensibilityPointConfig struct { + hookConfig struct { Enabled bool `toml:"enabled"` URI string `toml:"uri"` } From 5cd242739df00216218c8f2734d15ce72565bd0a Mon Sep 17 00:00:00 2001 From: Joel Lee Date: Fri, 19 Jan 2024 15:34:48 +0800 Subject: [PATCH 6/6] Update init_config.toml --- internal/utils/templates/init_config.toml | 1 + 1 file changed, 1 insertion(+) diff --git a/internal/utils/templates/init_config.toml b/internal/utils/templates/init_config.toml index 36992c3d6..fecbe2889 100644 --- a/internal/utils/templates/init_config.toml +++ b/internal/utils/templates/init_config.toml @@ -110,6 +110,7 @@ template = "Your code is {{ `{{ .Code }}` }} ." [auth.sms.test_otp] # 4152127777 = "123456" +# This hook runs before a token is issued and allows you to add additional claims based on the authentication method used. [auth.hook.custom_access_token] # enabled = true # uri = "pg-functions:////"